ID Theft

Schemes, Scams, Frauds.

Home Up

www.crimes-of-persuasion.com Site Directory


Identity Theft Examples Using Social Engineering and Phone Phishing Techniques


Major Thefts of Online Credit Card Info

The Federal Trade Commission estimates that nearly 10 million Americans had their identities stolen in 2003, costing consumers and businesses more than $50 billion. Unauthorized access to checking accounts through phishing is one of the fastest-growing types of identity theft. Banking experts think electronic fraud will slow the growth of e-commerce.

There is an increasing frequency of websites being hacked and security systems being compromised. Some of the more significant include the hacking into CD Universe’s Website and the stealing of three hundred and fifty thousand (350,000) credit card numbers.

More recently, furniture retailer IKEA’s website was broken into, exposing thousands of customers’ personal identifying information. The IKEA incident was followed several days later by the hacking of Western Union’s website, where the hackers left evidence of having made electronic copies of the credit and debt card information of over fifteen thousand (15,000) customers.


Give Till It Hurts

A bogus donation request which is being sent out online may result in identity theft, financial losses and the diversion of charitable gifts from the intended recipients.

The request comes in the form of an executable file virus attached to an e-mail message.

Upon execution, the user is presented with a donation request form to fill out. The e-mail appears to come from the American Red Cross, United Way and the September 11th Fund. Once the form is complete, the personal and confidential information on the form is uploaded to a non-Red Cross Web site.

The Red Cross stresses that they only accept credit card information through a secure portal on a Web site, not through an e-mail message.


Circulation of Fictitious IRS Forms and Bank Letters

Attached are samples of a fictitious document that is not a genuine IRS Form and a fraudulent letter addressed to a bank customer purporting to be from the customer's bank.

Documents like those attached are being circulated nationwide in an attempt to steal your identity and money by having you disclose personal and banking information. Accordingly, when the perpetrator of the fraud contacts your bank in person, telephonically or through electronic means, they have all the necessary customer information to appear credible.

Fake IRS form.(pdf) Fake bank letter.(pdf)

Form W-9095 - Application Form for Certificate Status / Ownership for Withholding Tax
Fax #: 1-914-470-9245
Monique Meeuws


Military Families Targets of Latest Tax Scam

Military families are the target of two new tax scams designed at robbing the families of their credit card information by promising refunds from the IRS. Mark Everson, the newly appointed IRS Commissioner, is warning taxpayers that these inquiries are not from the IRS.

In one scam, families are contacted by telephone and told they are speaking with a representative from the IRS. They are informed that because they have a family member serving in the military they are entitled to a special $4,000 tax refund. To receive the refund, the families are told they must pay a $42 fee that covers postage. The military families are then asked for a credit card number to pay for the $42 fee. There is no $4,000 tax refund available for families of members in the armed forces.

The other new scam is appearing in e-mail messages, again to military families. The message appears to have been sent by the IRS. Taxpayers are urged to follow a link to a website where they are asked to fill in personal and financial information. The website referred to in the e-mail message is not an IRS site.


Got a phone call today from a man claiming to be from the National Privacy Association. He said he was going to remove our phone number from the 92 calling lists it is now on if I would verify my savings and checking account numbers.

He said if I do not verify this information our accounts are in danger of being drained so I should just tell him my account numbers and he would fix it.

When I resisted his request he assured me that I was making a big mistake and that he already had a list there with the numbers on it but just had to verify that they were correct.

This really frightened me as I have never had a telemarketer be so insistent. They are usually polite when I say I am not interested. This man said I had requested to be removed from all lists and that since I refused to verify any information I was wasting his time.

Was I right to refuse his demands?

07/12/02


A Wholesome Name to Start With

I would like to draw your attention to a web site called counterfeitlibrary.com where people openly trade, buy, sell, advertise and discuss things such as: hacked ebay and paypal accounts, selling peoples credit information, conducting fraudulent ebay auctions, selling fake id's, selling bank accounts under fake names, etc.

All of this is done OPENLY. There are indications of people there who, through their jobs, have access to thousands of people's credit information, which they sell it for $50 or so per victim.

I have personally talked to people who have had their ebay accounts hijacked by "members" of this site. They watched helplessly as the hackers defrauded innocent buyers, and then likely used both parties information to obtain credit cards in their names, etc.

Jeff Landis 09/09/02


Examples

In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim’s name, but called his victim to taunt him —saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at the time —before filing for bankruptcy, also in the victim’s name.

While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. That case, and others like it, prompted Congress in 1998 to create a new federal offense for identity theft.

Your Husband the Deadbeat

Attempting to get identity information, one caller speaks to women he can reach during the daytime and states that he is phoning about "your husband’s credit card payment, which is overdue." The caller than asks the wife to confirm her husband’s Social Security number and requests other personal information.

In one instance, the women’s husband had died three years earlier and had no credit cards. Another wife reported that her husband only had one credit card, and it was not the one mentioned by the caller.

A False Sense of Security

Scammers on the Net have been setting up fake websites which profess to be the security department of your favorite web portal or auction site. They email you with a request to verify your account login and password, perhaps even your payment account or credit cards numbers.

Looking very official, complete with logos and proper sounding URL such as www.security.ebay.com or some such, they soon take over your account and make purchases on your behalf, shipping the merchandise to a different address from your own.


As If The Taxman Alone Isn't Bad Enough

03/04 - Some taxpayers in Michigan have received e-mail notices from non-Internal Revenue Service sources claiming they are being audited and must complete a questionnaire within 48 hours to avoid financial penalties, according to the Attorney General’s office.

The taxpayer is asked for his or her Social Security number, bank account numbers and other confidential information.

Taxpayers are being advised not to provide the requested information. The IRS does not conduct e-audits nor does it notify taxpayers of a pending audit by e-mail, the Attorney General’s office said.


Cold Calling Cons

03/04 - Alaska - The Anchorage Police Department is investigating a recent rash of what are believed to be fraudulent phone calls targeted at Alaska Communications Systems customers.

A spokeswoman for the Anchorage-based telecom company said hundreds of customers over the past two weeks have reported receiving phone calls from someone claiming to be an ACS representative and asking them for personal information such as credit card numbers, Social Security numbers and birth dates.

The callers, most of whom have heavy foreign accents, tell the customers they need the information so that they can save them money on their monthly phone bills, Pease said.

ACS is not making such calls, and the company's customer service reps would never ask for such personal information.

The department's fraud division began an investigation Tuesday and determined that the calls are coming from out of state, possibly from New York.


$100m computer fraudster stole identities of 30,000 Americans then bank accounts were plundered by Nigerian gangsters who bought confidential data

From James Bone in New York - timesonline.co.uk

01/05 - A BRITISH immigrant who worked on a help-desk for a New York software firm has been jailed for 14 years for his part in the largest identity theft in American history.

Philip Cummings, 35, who now lives in Cartersville, Georgia, apologised to the court for downloading passwords and credit information and selling them for $30 (£16) each to a ring of Nigerian immigrants who used them to cheat about 30,000 people out of an estimated $50 million-$100 million. The federal district court in New York received statements from around 300 victims who had seen their bank accounts emptied and fake loans taken out by the Bronx-based gang.

“I'm very, very sorry for my conduct in this case," Cummings said at the sentencing hearing on Tuesday. “I normally don't get into this kind of trouble."

Cummings, who emigrated to America when he was 15, originally faced up to 50 years in prison but agreed to a plea bargain last year on fraud and conspiracy charges.

Claiming he needs a heart transplant, he appealed for leniency. But the judge said the crime was too serious and ordered him to report to jail on March 9. Although a British citizen, he did not seek consular assistance.

District Court Judge George Daniels said the case emphasised how easy it was to wreak havoc on people’s financial and personal lives, and called the personal suffering of the victims “almost unimaginable”.

In 1999 and 2000, Cummings provided technical support on the help desk of Teledata Communications, a Long Island company that provides the software needed to run credit checks at America’s “big three”credit-history bureaux: Equifax, Experian and TransUnion.

His job allowed him access to passwords and codes that enabled him to download individual credit reports.

Cummings regularly met a friend called Linus Baptiste at Baptiste’s home in the New York suburbs. There they would use one of Baptiste’s five computers to download credit reports.

Baptiste, who has pleaded guilty and is awaiting sentencing, sold the credit reports to a ring of about 20 street criminals, composed mainly of Nigerian immigrants, who used the information to loot the bank accounts and credit cards of unsuspecting victims.

Entering his guilty plea in September, Cummings admitted that he recorded the information on to a laptop computer that he gave to Baptiste.

“I left the computer with him and when I asked what he was doing, he said he wasn't doing it any more," he told the judge. “I didn't know the magnitude."

The first target was Ford Motor Credit Corp’s branch in Grand Rapids, Michigan, which began receiving complaints from customers. Armed with confidential information from the credit reports, the gang had been able to drain bank accounts, open lines of credit and change customers’ addresses to receive duplicate credit cards.

The ring moved on to other companies across the country. An investigation was started when a clerk at a Washington Mutual Bank in Florida noticed that the branch had been billed for 1,100 credit reports it did not order.

Barbara Cusumano, the former head of an airline anti-fraud unit, told the court she “went crazy”writing to everybody after discovering that $1,500 had been illegally charged to her credit card by someone in Florida. Florida police told her they would not investigate because her loss was less than $5,000.

Her case was investigated only when authorities realised it was part of the larger scheme. “One of the messages this sends is that if you stay under the threshold, you can do what you want,”she said.


CHINESE DISCO LOTTERY

Attention all security personnel and store managers:

Please print and share this memo with ALL mall employees.

Be on the look out for people approaching customers and offering to sell
them scratch off variety lottery tickets. This is a scam. Repeat: THIS IS
A SCAM. The lottery tickets are legitimate looking, normal sized scratch
off tickets with tan backgrounds, black and green lettering, and the words
CHINESE DISCO LOTTERY printed across the top. On the left is is a gray
area to be scratched off revealing a prize. On the right is an image of a
young Asian couple dressed in 1950's style clothing dancing beneath a disco
ball.

The tickets are almost always being offered for sale by a young nicely
dressed male and female who claim they are raising money for university
scholarships for underprivileged youths. This is NOT a legitimate lottery.
THE TICKETS ARE FAKE: Each ticket claims to be a winner of between $25.00
and $5,000.00. The back of the tickets advise the holder to mail in a copy
of their identification, along with various personal information including
checking account number and bank routing number. The tickets state this
information will be used for direct deposit of winnings. Local authorities
verify this information is being used to make withdrawals from the account,
open new accounts, as well as more in depth identity theft. They confirm
this is occurring nation wide and is well organized.

If you see any activity of this sort, please contact a member of mall
security immediately.

Ron Petlansky,
Security Director
Christiana Mall
Christiana, Delaware


Mortgage Company Insiders Sell Personal Info to Scammers

02/07 - A grand jury in Seattle has indicted six people in connection with a massive identity theft scam that used insiders at a mortgage and escrow firm to siphen around $335,000 from customers of Bellevue mortgage company, according to a statement from the U.S. Attorney for the Western District of Washington on Wednesday.

According to a recently unsealed indictment, two identity theft ring leaders: Charles Griffin and Bianca Bowler recruited a Seattle resident, Juanita Booker, who worked at a Bellevue, Washington mortgage company supply them with personal and financial information for numerous people who had applied for mortgages at company. They also roped in one Raynette Armstrong, who worked at a local escrow firm and also provided them with personal and financial information on clients of the escrow firm. That information was used to locate and tap bank accounts and create phony drivers licenses using the names and information of the victims, but bearing the photographs of the co-conspirators. Bowler and a third co-conspirator were caught with elaborate computer set-ups for manufacturing counterfeit drivers licenses when their Seattle home.

For anyone who has ever applied for a mortgage and had to fax off a big pile of tax returns, bank statements and W-2's to God Knows Who, this story is a nightmare come true.

According to the U.S. Attorney, after lifting the sensitive data, the conspirators traveled to various banks in Oregon and Washington to drain bank accounts, opened credit accounts and racked up huge charges at large stores such as Lowes, Home Depot, Best Buy, and Wal-Mart and jewelry stores such as Friedlanders and International Jewelers.

Apparently, the scheme came to light after one of the co-conspirators, who was on probation for another wire fraud scam, was paid a visit by probation officers, who discovered the elaborate fake-ID making setup.

In light of the recent hacks at TJX, etc. These kind of stories just remind us that, more often than not, low tech approaches to stealing data work perfectly fine: in this case: find a crooked insider or two, then pay them off to get the data you want.


Home ] [ Up]

 

Order a book

Crimes of Persuasionon

Home Page / Model Scams Index / © 2000-2017 /Disclaimer / Privacy Statement