Skip to main content
Press Release

Rhode Island Woman Pleads Guilty to Phishing Scheme

For Immediate Release
U.S. Attorney's Office, District of Massachusetts

BOSTON – A Rhode Island woman pleaded guilty today to sending phishing emails to candidates for political office and others.

Diana Lebeau, 21, of Cranston, R.I., pleaded guilty to one count of attempted unauthorized access to a protected computer. U.S. District Court Magistrate Judge Jennifer C. Boal scheduled sentencing for Oct. 26, 2021. Lebeau was charged on May 27, 2021.

In or about January 2020, Lebeau sent phishing emails to approximately 22 members of the campaign staff of a candidate for political office. The emails, which purported to be from either the campaign’s managers or one of the campaign’s co-chairs, directed the recipients to put their account credentials into an attached spreadsheet, or to click a link that connected them to a Google Form that solicited the same credentials. Lebeau also sent several phishing emails to the candidate’s spouse and to others at the spouse’s workplace. The emails, which purported to be either from Microsoft’s “Security Team” or from an employee of the workplace’s technology helpdesk, requested that recipients provide account credentials or other information about their computers by adding it to attached spreadsheets or on a website that mimicked the appearance of the employer’s legitimate website.

In or about March 2020, Lebeau drafted and sent phishing emails targeting another candidate for political office. The emails, which purported to be from the candidate’s cable and internet provider, contained a false “login link” that the recipient could use to address an issue with his or her account by providing account credentials. Lebeau also impersonated this candidate in online chats with the cable and internet provider, in an attempt to reset and obtain the candidate’s account password.

Lebeau did not act with financial or political motive or to benefit any foreign government, instrumentality, or agent.

The charge of attempted access without authorization to a protected computer provides for a sentence of up to one year in prison, one year of supervised release, a fine of up to $100,000 and forfeiture. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.

Acting United States Attorney Nathaniel R. Mendell and Joseph R. Bonavolonta, Special Agent in Charge of the Federal Bureau of Investigation, Boston Division made the announcement today. Assistant U.S. Attorney Seth B. Kosto, Deputy Chief of Mendell’s Securities, Financial & Cyber Fraud Unit, is prosecuting the case. 

Updated July 27, 2021