Article Archive - Identify Theft
Shopping at the Fraud Mall: Fictional fantasy or harsh reality?
August 2010
Richard Oliver at the The Federal Reserve Bank of Atlanta blogs in Portal and Rails, “Over the past several weeks, battered by the never-ending news of one new payments fraud scheme after another, I lapsed into a daydream in my office about a mythical Fraud Village, where fraudsters go to shop for their wares. He recounts several fantasy fraud scenarios and concludes, “the Internet has in fact become a virtual shopping mall for crooks intent on striking innocent, poorly educated, and singularly unaware business owners and consumers.”
Major Fraud Case Cracked in Wakulla County
August 2010
WCTV Florida reports two men are now behind bars – and are collectively facing 55 charges – for their alleged connection to a massive bogus credit card scheme. A Wakulla County Sheriff’s Office press release said investigators, with assistance from state and federal law enforcement agencies, captured two men who were allegedly involved in a massive scheme to defraud hundreds of victims across the United States and other jurisdictions of millions of dollars of cash through identity theft.
Holy Zeus! Popular Botnet Rules as New Exploits Come Online
July 2010
Dark Reading, a part of TechWeb, reports Trusteer and AVG have identified new botnets with different features, both built on Zeus technology. Zeus, a Trojan horse that spreads botnets quickly, can be adapted for multiple purposes. "The botnet appears to be controlling more than 100,000 infected computers, 98 percent of which are U.K. Internet users," Trusteer says. "The criminals have been harvesting all manner of potentially lucrative and revenue-producing credentials, including online account IDs, plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks, and even FTP passwords."
Mississippi Woman Pleads Guilty to Conspiring with a Police Officer to Commit Identity Theft and Fraud
Identity Theft
July 2010
The Jackson Mississippi office of the FBI announced Patricia A. Wilson, 34, of Woodville, Mississippi, pleaded guilty today in federal court in Jackson, Mississippi, to conspiring with her cousin, a Natchez Police Department police officer, to commit identity theft, credit card fraud, and bank fraud. During her plea, Wilson acknowledged that on May 23, 2009, her cousin arranged a meeting and gave Wilson a credit card, which she believed he had stolen. The police officer, who appeared to be holding a second credit card in his hand, asked Wilson to buy beer for an upcoming party he was throwing.
Can Chip-and-Pin Technology Address Payment Card Fraud in the United States?
Identity Theft
July 2010
The Federal Reserve Bank of Atlanta notes how the United States has been slow to adopt the chip-and-pin payments card technology that many other countries are already using. The FRB Atlanta suggests that the continued reliance of the United States on the magnetic-stripe standard leaves consumers here more vulnerable to fraud. In fact, the Federal Reserve Bank of Kansas City recently published a paper that looked at global security standards within the payment card industry and found that "the difference between U.S. fraud rates and those in other countries is sufficiently large."
CEO Discusses Lessons Learned from Historic Data Breach
July 2010
Tom Field at Bank Info Security interviews Heartland’s CEO Bob Carr to discuss lessons learned from historic data breach. Eighteen months ago, when the Heartland Payment Systems data breach first hit the news, Heartland CEO Bob Carr knew exactly where to turn - to Tylenol. Specifically, Carr sought counsel from the former CEO of Johnson & Johnson, manufacturer of Tylenol, to inquire what his company did to get through the 1982 disaster in which seven people died after bottles of the pain reliever were laced with poison. Tylenol went on to become a leader in tamper-resistant packaging, and Johnson & Johnson went down in business history as a model of crisis management.
The Confluence of Payments, Social Networks, and Malware: Elements of a Perfect Storm?
July 2010
The Federal Reserve Bank of Atlanta notes that social networks are beginning to compete with financial institutions and e-commerce sites as a favorite target for phishing attempts, according to a Microsoft Security Intelligence Report published in November 2009. Social networks are providing cybercriminals with a ready population of potential victims for emerging malware attacks. Similarly, cell phone applications that serve to extend the customer network reach may actually create vulnerabilities to malware attacks.
How to Respond to Vishing Attacks
July 2010
Linda McGlasson at Bank Info Security reports on a bank, and state association that share tips for incident response plan to vishing attacks. In early February, five financial institutions in four states -- Michigan, Wisconsin, Minnesota and Mississippi -- reported being hit by telephone-based phishing, or "vishing," attacks. Vishing is a form of phishing, where instead of people receiving an email trying to lure them into giving personal information, the criminal uses a phone call, either live or automated, to attack the bank or credit union customer and get critical information. Following are tips from Bill Lamb, the IT Manager at Central National Bank of Enid, and Elaine Dodd, vice president of the fraud division at the Oklahoma Bankers Association:
1. Set Procedures to Report Calls
2. Alert Customers
3. Run Down the Source
4. Notify Telecomm Carriers
5. Make Customer Education a Priority
What Every Senior Should Know About Identity Theft
July 2010
The Osceola Sentinel-Tribune reports that credit experts warn the very qualities that make some seniors feel safe - a tendency to not use credit much, operating on a cash basis and avoiding technology - make identity thieves view seniors as very appealing targets.
FTC Obtains Court Order Halting International Scheme Responsible for More Than $10 Million In Unauthorized Charges On Consumers' Credit and Debit Cards
July 2010
At the request of the Federal Trade Commission, a federal court has halted an elaborate international scheme that used identity theft to place more than $10 million in bogus charges on consumers’ credit and debit cards, pending a trial. More than a million consumers were hit with one-time charges of $10 or less, and their payments were routed through dummy corporations in the United States to bank accounts in Eastern Europe and Central Asia. The operation used expansive network of "Money Mules."
High-living Hacker Swaps Porsche for Porridge
June 2010
Robert Blincoe at The Register reports that a 21-year-old hacker was sentenced yesterday for frauds netting him a Porsche, £40,000 in cash and £30,000 in gold bullion. Alistair Peckover is serving 20 months after pleading guilty to two counts of fraud, and admitting 50 other offenses. Peckover targeted online betting sites, and also hacked individual email accounts. He exploited both BT and Google, and the companies have said they've fixed their holes. Peckover both downloaded and wrote his own scripts to remotely view and control other individuals' computers. This got him credit cards, and he opened many bank accounts, and gaming accounts with Ladbrokes and Skybet, under his victims' identities.
ZeuS Trojan Attack Spoofs IRS, Twitter, YouTube
June 2010
Krebs on Security reports criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious YouTube.com videos. All of the latest e-mails use a variety of URL shortening services. These take the user to one of dozens of identical Web pages that spoof the IRS and encourage visitors to download and review their tax statement, which is of course a powerful and stealthy password-stealing technique.
'Avalanche' Group Linked to Fraud
May 2010
Bank Info Security reports the same electronic crime syndicate behind two-thirds of the phishing attacks detected in the last half of 2009 has been linked to the recent rash of incidents targeting small and midsized businesses. "Avalanche" is the name given to the world's most prolific phishing gang and to the infrastructure it uses to host phishing sites. And this is the group that has shifted additional resources to the creation of spoof sites and spam lures that distributed the very latest, most malignant Zeus variants, says Rod Rasmussen, co-author of the global phishing study released by the Anti-Phishing Working Group.
ID Analytics Secures Identity-Based Fraud Detection Patent
May 2010
PRNewswire reports ID Analytics receives third patent from U.S. patent and trademark office for new detection system and method using historical identity records. ID Analytics received a patent for the company's system and method for fraud detection using multiple historical identity records. ID Analytics incorporates these in its ID Network, which includes more than a billion unique identity elements and receives an average daily flow of 45 million identity elements from its customers which include eight of the top ten credit card issuers, six of the top ten financial services companies and four of the top five wireless carriers.
'SMiShing' Fishes for Personal Data Over Cell Phone
May 2010
Elinor Mills at CNET reports on "SMiShing." She says that when we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites. But you don't even need to be online to get phished. A phishing attack making the rounds tries to dupe cell phone users into revealing their personal data over the phone. It uses SMS messages, which makes it a "SMiShing" attempt.
It all starts with a spam text message purporting to be from a financial institution.
US Panel Targets Online Bank Fraud
May 2010
Joseph Menn at the Financial Times reports US regulators are drafting plans to force banks to protect their customers better from a surge in online account fraud. While banks are not obliged to disclose the extent of fraud to customers or investors, figures they provided to federal examiners showed aggregate losses from computer intrusions and falsified electronic transfers of $120m in the third quarter, more than triple the level of two years ago. Overall identity fraud at banks is costing the system about $700m per quarter, according to the Federal Deposit Insurance Corporation. (Free registration)
Study: Facebook joins PayPal, eBay as popular phishing target
May 2010
Elinor Mills at CNET News reports Facebook has joined the ranks of the most popular sites targeted by phishers, according to a study released Wednesday by Kaspersky Lab. Facebook's share of the phishing attacks that occurred from January through March this year was 5.7 percent, while more than 52 percent were masquerading as PayPal, 13.3 percent targeted eBay users, and 7.8 percent were fake HSBC messages.
How Lenders Overlook the Warning Signs of ID Theft
May 2010
Brad Stone at the New York Times reports that despite all the new fraud alert tools and increased awareness of the perils of identity theft, incidence of the crime remains at 2003 levels, with about 10 million Americans falling victim every year. ID theft experts and politicians blame the easy availability of personal data like Social Security numbers. But there may be a simpler reason for the persistence of ID theft: lenders are too willing to extend credit to just about anybody, even when there are big red flags that indicate fraud.
New Wave of Crime
May 2010
Danielle Bell at the Times Colonist, Daily News reports that for $20, your personal data could be sold several times to criminals who manufacture fake credit cards, say police, who report white-collar crimes are on the rise. Payment card fraud, identity theft and similar scams are not new but police say they have skyrocketed in recent years and ever-evolving technology may be to blame.
2010 Identity Fraud Survey Report: Identity Fraud Continues to Rise – New Accounts Fraud Drives Increase; Consumer Costs at an All-Time Low
May 2010
Javelin Strategy & Research has found that ID Fraud continued to rise in 2009, with Javelin finding there are more victims than in any period since the survey began in 2003. Driving that increase was new accounts fraud, which showed longer periods of misuse and detection and therefore more dollar losses associated with it than any other type of fraud. Meanwhile the consumer costs, the dollar amounts the victim pays on average out-of-pocket, reached an all time low.
FTC Identity Theft Resources for Your Members
March 2010
Consumers can learn how to avoid identity theft as well as what to do if their identity is stolen at the Federal Trade Commission’s “Fighting Back Against Identity Theft” web site. The FTC’s site offers links, videos and publications to help protect both consumers and businesses. The web site bills itself as “a one-stop national resource to learn about the crime of identity theft.”
What is Pharming? Is it Like Phishing?
March 2010
Computer Crime Research Center defines “pharming” and “phishing” as methods used to steal personal information from unsuspecting people over the Internet. Pharming tampers with the domain-name server system so that traffic to a Web site is secretly redirected to a different site altogether, even though the browser seems to be displaying the Web address you wanted to visit. To help avoid pharming, make sure the Web site has a valid certificate of authority, from a service like VeriSign, that matches the site's name before you enter any personal data.
Three Years Undercover with the Identity Thieves
January 2010
Network World reports on a story by Robert McMillan, IDG News Service, about an FBI undercover investigation of a hacker web site called DarkMarket. DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards.
2009 Identity Theft Statistics
January 2010
SpendOnLife.com provides a brief overview and description of each type of identity theft, based on Federal Trade Commission complaint data. The web site says ID theft can happen to anyone, and it can come in all shapes and sizes. For example, your credit card digits could be stolen and used to make online purchases; a thief could impersonate you to open up a loan in your name; a felon could commit a crime and pretend to be you when caught; or someone could use your personal information to apply for a job.
D.C. Woman Sentenced in Library of Congress Identity Fraud
July 2009
The Washington Post reports a 35-year-old Southeast Washington woman was sentenced to 2 1/2 years in federal prison for using the purloined identities of Library of Congress employees to purchases nearly $40,000 in goods. Federal prosecutors said Labiska Gibbs enlisted a relative, a Library of Congress worker, to access an internal database and give her the names, birth dates and Social Security numbers of at least 10 employees, prosecutors said. Gibbs used that information to open credit accounts at retailers, including Target and Victoria's Secret.
International Credit Card and Identity Theft Fraud Ring Dismantled
May 2009
In a press release, the Queen’s County District Attorney announced that an international forged credit card and identity theft ring based in the New York- metropolitan area and with roots in Nigeria has been successfully dismantled following the indictment this week of forty-five individuals. The ring – which was comprised of three separate identity theft and forged credit card groups that employed multiple cells – is alleged to have been responsible for stealing the credit cards and personal credit information of thousands of American and Canadian consumers, costing these individuals, as well as financial institutions and retail businesses, more than $12 million in losses over the past year alone.
Four from Providence Charged in Identity Theft, $500,000 Credit-Card Fraud
Identity Theft
May 2009
The Providence Journal reports three men and a woman used identity theft to get access to the credit-card accounts of more than 50 people at Bank of America and Citibank and then ran up more than $500,000 in bills at casinos, retail stores and car service centers, according to a federal indictment. The accused allegedly gathered identification information of the victims, which included names, birthdates, addresses and Social Security numbers. That information was then used to create false temporary drivers’ licenses in the victims’ names The indictment alleges that the men used a number of “ruses” to get duplicates of the victims’ credit cards from the two banks.
Back to Top
Article archive by topic
Card Data Breaches
Card Fraud
Network Security
Skimming
Smart Cards
