Rhode Island Woman Charged with Phishing Scheme


U.S. Attorney’s Office
District of Massachusetts

BOSTON – A Rhode Island woman was charged today with sending phishing emails to candidates for political office and others.

Diana Lebeau, 21, of Cranston, R.I., was charged in an Information with attempted unauthorized access to a protected computer. Lebeau will make an initial appearance in federal court in Boston on a later date.

According to the charging document, in or about January 2020, Lebeau sent phishing emails to approximately 22 members of the campaign staff of a candidate for political office. The emails, which purported to be from either the campaign’s managers or one of the campaign’s co-chairs, directed the recipients to put their account credentials into an attached spreadsheet, or to click a link that connected them to a Google Form that solicited the same credentials. Lebeau also allegedly sent several phishing emails to the candidate’s spouse and to others at the spouse’s workplace. The emails, which purported to be either from Microsoft’s “Security Team” or from an employee of the workplace’s technology helpdesk, requested that recipients provide account credentials or other information about their computers by adding it to attached spreadsheets or on a website that mimicked the appearance of the employer’s legitimate website.

In or about March 2020, Lebeau allegedly drafted and sent phishing emails targeting another candidate for political office. The emails, which purported to be from the candidate’s cable and internet provider, contained a false “login link” that the recipient could use to address an issue with his or her account by providing account credentials. Lebeau also impersonated this candidate in online chats with the cable and internet provider, in an attempt to reset and obtain the candidate’s account password.

According to the charging document, Lebeau did not act with financial or political motive or to benefit any foreign government, instrumentality, or agent.

The charge of access without authorization to a protected computer provides for a sentence of up to one year in prison, one year of supervised release, a fine of up to $100,000 and forfeiture. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.

Acting United States Attorney Nathaniel R. Mendell and Joseph R. Bonavolonta, Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division made the announcement today. Assistant U.S. Attorney Seth B. Kosto, Deputy Chief of Mendell’s Securities, Financial & Cyber Fraud Unit, is prosecuting the case. 

The details contained in the charging document are allegations. The defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

Cyber Crime

USAO – Massachusetts

Leave a Reply

scroll to top