A hacker faces 10 years in prison after stealing $700,000 (£413,000) via phishing emails.
Sergiu Daniel Popa duped 7,000 web users after sending hoax emails from financial services firms such as PayPal and Citibank. After following links to bogus websites, Popa's victims were then tricked into revealing their PIN codes, names, addresses and bank account and credit card numbers.
The 22-year old Romanian was also thought to have been offering phishing kits for sale with instructions on how to counterfeit credit cards. Popa was extradited to the US from Spain in June this year and now faces a prison sentence and a $500,000 (£300,000) fine.
"The authorities have done a great job in pursuing this case and forcing Popa to face his day in court," said Graham Cluley, senior technology consultant at Sophos. "Sadly though, there are still plenty of other criminals taking advantage of innocent internet users and stealing identities from the unwary."