Identity Theft Articles & News
Scams More High-Tech and Vicious Targeting the Elderly
May 27, 2011
Prosecutors in the Atlanta metro area said three people bought a cell phone and registered it under the name “Georgia Powers,” so that’s what showed up on caller ID. Then, they started calling elderly people, convincing them that calls were coming from their longtime utility company. Their victims turned over credit card numbers and other personal information.
Ingenious, and also vicious. But running con games on the elderly is always vicious, and it’s also a growth industry.
Consumer watchdogs and prosecutors say cons are swindling the elderly out of their savings at an alarming rate. A 2009 study by the MetLife Mature Market Institute estimates that victims of elder financial fraud lose at least $2.6 billion a year.
Click here for the full story
ID Theft Ring Leads to Bank Fraud Charges
April 14, 2011
Two of 12 people indicted in a Florida identity theft and bank fraud scheme also were charged with criminal violations of the HIPAA privacy rule. The two defendants, Erica Hall and Sharelle Finnie, worked as office assistants at two medical offices in Coral Springs and Fort Lauderdale, respectively, according to the U.S. Attorney for the Southern District of Florida. They allegedly stole patient identification information, including Social Security numbers, and sold it to three other defendants in the case. If convicted of the HIPAA violations, the two defendants face a maximum term of 10 years in prison.
Identity Theft Conspiracy
The Florida case also involves an employee of the Broward County School Board who allegedly stole teachers' personal information and sold it to other defendants.
Click here for the full story
Data Thieves Target Email Addresses
April 13, 2011
In the past four months, caches of customer e-mail addresses, not
banking and credit card information, have become the key target of data
thieves. The goal: Use the legitimate e-mail addresses and the specific
companies their owners have business relationships with to get people to
buy worthless goods or to infect their PCs. The recent theft of potentially tens of millions of consumer e-mail
addresses from online marketing firm Epsilon followed a spate of similar
hacks in December, USA TODAY research shows.
Web marketing and cybersecurity experts say there are several ways
cybercriminals can make profitable use of the stolen e-mail addresses. For instance, by correlating names and e-mail addresses with information about where a
person banks and shops, criminals can more effectively bypass spam and
anti-virus filters and fine-tune phishing attacks — spoofed messages
designed to trick you into clicking on a viral attachment or poisoned
Web link. The intruder then takes full control of the victim’s PC.
Security experts says, “We’re definitely expecting any number of potential malicious actions” making use of recently stolen e-mail addresses.
Click here for the full story
Skimming scams: How to prevent crooks from stealing your money at the ATM
January 15, 2010
Thieves don't need sticky fingers anymore to take your hard-earned
cash. They're getting your ATM to spit it out for them. And they're
doing it a rate that might make hiding your loot under the mattress is
the smartest move you can make.
ATM skimming, in which crooks gain access to the PIN encoded on the
magnetic stripe of your debit or credit card and withdraw at will, is
going to be one of the top forms of fraud this year, according to a
BankInfoSecurity report published in Consumer Reports.
It was last year, too. Remember that RBS WorldPay debacle
in which hackers made off with $9 million by withdrawing from ATMs
worldwide at the same time? And, according to BankInfoSecurity's
report, officials in Maryland, Illinois and Georgia are investigating
skimming schemes that have netted at least $120,000 from consumer's
accounts.
Click here for the full story
Heartland, Visa Announce $60 Million Settlement Funds Would Reimburse Card Issuers for Breach-Related Losses
January 08, 2010
Heartland Payment Systems announced today that it will pay Visa-branded credit and debit card issuers up to $60 million to cover losses incurred from the Heartland data breach. It is the largest known settlement amount ever paid to Visa as a result of a breach, eclipsing the TJX settlement of $40.9 million in November 2007.
In a statement, Heartland and Visa say the $60 million payment
will be subject to certain conditions, including a specified level of
participation by Visa issuers. Visa says it will provide issuers
details in the coming days. The data breach involved an estimated 130
million credit and debit cards, although not all of them were Visa
branded. This settlement with Visa is far larger than Heartland's $3.6 million settlement with American Express, which was announced in December.
Visa executives say they believe issuers will benefit by participating in this settlement program "because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," according to Visa's chief enterprise risk officer, Ellen Richey. "Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa's security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system."
Click here for the full story
Heartland Hacker to be Sentenced in March
January 05, 2010
Nearly one year after the announcement of the biggest known data breach ever reported, the international hacker behind the crime pled guilty and will be sentenced in March.
Albert Gonzalez, 28, of Miami, pleaded guilty to conspiring to hack into the Heartland Payment Systems computer network. The hack is estimated to have impacted 130 million credit and debit cards.
Gonzalez, also known as "segvec," "soupnazi" and "j4guar17," admits guilt to two counts of conspiracy to gain unauthorized access to the payment card networks operated by Heartland Payment Systems. He also pled guilty to hacking networks of 7-Eleven, a Texas-based nationwide convenience store chain, and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.
Click here for the full story
Top 9 Breaches of 2009
December 14, 2009
The top breaches of 2009 can be described in many ways, but the first word that comes to mind is "big."
With the announcement in January of the breach that surpassed the 2005 TJX breach, Heartland Payment Systems leads all of the hacks that hit or affected the financial services industry in 2009.
Here's the chronological list of the biggest breaches of 2009, and updates in the various cases since they were first announced:
1. Heartland Payment Systems
Princeton, NJ
Date: January 20
Records Taken: 130 million credit and debit card account numbers
Click here for the full story
HSBC Reports Accidental Exposure of Customer Bankruptcy Info
December 09, 2009
An undisclosed number of HSBC customers had personal data exposed online about their bankruptcy proceedings, according to a data breach notification letter dated November 20 and sent to the New Hampshire attorney general's office. The letter was made public last week.
The bank says a bug in its imaging software - which should have redacted sensitive data about customers going through Chapter 13 bankruptcy proceedings -- ended up exposing the proof of claim forms that were filed electronically. The "bug" was discovered by HSBC Taxpayer Financial Services, Inc. on July 9, 2009. The notification letter says the information turned out to be viewable "as a result of the deficiency in the software used to save imaged documents." The exposed data included claim forms filed between May 1, 2007 and October 17, 2009.
Click here for the full story
Flagstar Bank Warns Customers of Potential Breach
December 08, 2009
A missing laptop may have caused a security breach at Flagstar Bank in Grand Rapids, MI, according to a letter the bank sent to some of its customers on Nov. 25.
The bank's letter tells customers that a laptop owned by an unidentified bank vendor was stolen and held an undisclosed number of customer social security numbers.
Click here for the full story
Restaurants Sue Vendor After ID Thefts Class Action Suit Claims Negligence Over Faulty Software
December 02, 2009
A group of seven restaurants in Louisiana and Mississippi has filed a class action lawsuit against point-of-sale vendor Radiant Systems and its distributor Computer World.
The suit claims that hundreds of customers had their identities stolen because the restaurants were sold payments terminals that were not PCI-DSS compliant.
The Atlanta-based company and its distributor are accused of negligence in widespread identity theft. The restaurants seek millions of dollars in damages from the two companies for "poor business practices and faulty software" that led to customers' identities being stolen. The restaurants include Best Western, Mel's Diner, Sammy's Grill, Crawfish Town USA, Jone's Creek Cafe, Don's Seafood and Picante's Mexican Grill.
Businesses that accept credit cards for payments are contractually obligated to use equipment and software from PCI-DSS compliant vendors. Charles Hoff, an attorney who is advising the restaurants in the lawsuit, says a special investigation by the United States Secret Service found that Computer World -- exclusive area distributor of Radiant Systems' "Aloha" POS software -- violated PCI-DSS provisions. Hoff is also general counsel for the Georgia Restaurant Association.
Click here for the full story
Hancock Fabrics Linked to Fraud in 3 States CA, WI and MO Investigators Say Recent Thefts Tied to Retailer's Transactions
November 23, 2009
Bank customers in California, Wisconsin and Missouri are reporting fraudulent ATM withdrawals that police say are tied to transactions conducted with the Hancock Fabrics retail chain.
In California, Napa Police Department spokesman Brian McGovern says 60 residents reported their cards being used by thieves. In one case, a Napa resident reported $840 in cash withdrawals. The Hancock Fabrics store on Imola Avenue in Napa was the "common thread" among the numerous people who reported credit and debit card fraud. McGovern says the store had recently replaced its point-of-sale machines.
At about the same time, as many as 70 Wisconsin victims reported suspicious ATM withdrawals from their accounts, according to Wood and Portage county law enforcement, which also ties the thefts to machines in Hancock Fabrics stores.
And in Missouri, at least 10 customers at Hancock Fabrics in the St. Louis area reported their debit card numbers and pin numbers stolen during the week of November 9.
Click here for the full story
Former Ala. bank manager pleads guilty
November 21, 2009
MOBILE, Ala. (AP) - A former RBC Bank manager in Mobile has
pleaded guilty to bank fraud and aggravated identity theft and
admitted that she shuffled nearly $1 million among customers’
accounts.
Anita Fincher served as manager of a branch on Airport
Boulevard. Under sentencing guidelines, she faces almost four years
in prison for fraud and an additional two years for identity theft.
Click here for the full story
ATM Fraud: New Skimming Scheme Hits Banks
November 16, 2009
Tenn. Incidents Part of Growing International Wave
A series of skimming crimes that hit the Nashville, TN area recently is but one of many ATM fraud schemes preying upon financial institutions and their customers.
Nashville police reported last week that they were investigating an ATM card skimming scheme where at least 600 individuals were potential victims. Investigators say five Bank of America ATMs were hit, as well as an unknown number of US Bank machines. A total of 60 people had fraudulent withdrawals from their accounts for anywhere between $100 to $5,000 dollars. Investigators suspect that the skimming schemers have now moved on to other cities.
The problem is not isolated to Nashville, says Terrie Ipson, fraud expert at Diebold, an ATM manufacturer. "No one vendor or ATM type is more susceptible over another," Ipson says, "so everyone needs to be aware of this threat."
Click here for the full story
Man Indicted for Web Name Theft
November 16, 2009
TRENTON, N.J. (WPIX) -
A New Jersey man - accused of pilfering an Internet domain name for a
Miami-based company and then proceeding to sell it to a professional
basketball player for six digits - was indicted Monday on theft charges.
Daniel Gonclaves, 25, was indicted on charges of theft by unlawful
taking, theft by deception, computer theft, identity theft and
falsifying records after he sold the name for more than $100,000,
authorities said.
Click here for the full story
Win a Championship, Lose Sensitive Data
November 12, 2009
Some fans participating in last week’s ticker-tape parade for the New York Yankees threw caution — and a few Social Security numbers — to the wind.
In lieu of ticker tape, many people threw shredded documents from their office windows — and some unshredded ones as well, some local reporters discovered.
The New York Daily News reported Saturday that an employee of the stock trading firm Alan Sarroff LLC hurled several paychecks from the 17th story of his office building. The company would not identify the worker, but described him as an “overenthusiastic” fan who did not realize he had thrown out confidential information. The paychecks had names, addresses, and Social Security numbers.
Separately, Fox News reported Friday that its own reporters found unshredded forms bearing medical and financial data that they described as “the perfect tools for identity theft.”
Fox speculated that most of the information it found was from an insurance company with offices in downtown Manhattan, where the parade took place. Fox said it was contacting the people whose information it had found.
Click here for the full story
Phila. residents charged in ID theft ring that involved PNC, Wachovia and other banks
October 21, 2009
Five Philadelphia residents were indicted Wednesday and charged with running an identity theft ring that involved 24 others in attempts to obtain more than $1 million from the bank accounts of their victims, federal prosecutors said.
According to the indictment, between Sept.1, 2005, and Nov. 30, 2008, Miguel Bell, Christopher Russell, Kareem Russell, Michael Merin, and Tamika Brown obtained names, dates of births, addresses, Social Security numbers, and bank account numbers of customers of Citizens Bank, PNC Bank, Wachovia Bank, M&T Bank, Provident Bank, Sun Trust Bank, Commerce Bank, and Sovereign Bank. The information was used to impersonate those customers and cash fraudulent checks and make fraudulent withdrawals against the victims’ bank accounts.
The indictment alleges that defendant Bell, identified as the ringleader, and Merin, recruited bank employees to provide them with customers’ personal information and account numbers. According to the indictment, Bell sometimes accomplished this by initiating a romantic relationship with the information holders, who included bank workers and an insurance company employee.
Click here for the full story
Crime ring broken in massive fraud bust
October 07, 2009
BROOKLYN (WABC) -- Authorities say they've taken down a New York-based criminal ring that specialized in credit card, real estate and auto insurance scams. The tentacles allegedly reached all the way to Russia and the Ukraine.
The Secret Service also investigated the case, which resulted in 13 indictments and the seizure of luxury cars, including a Bentley, Mercedes and Land Rover. Among other things, prosecutors say the criminals bought credit card numbers from Web sites based in other countries. Then they made fake cards used for purchases at U.S. stores.
"Criminals like the bunch charged here today poison our economy," Brooklyn District Attorney Charles Hynes said. "The victims are not faceless corporations, but honest, hard-working people, who see their insurance premiums and credit card fees rise because of fraud like this."
Click here for the full story
Florida man to plead guilty to credit-card data theft
August 28, 2009
(CNN) -- A Miami, Florida, man indicted earlier this month in the largest case of identity theft in U.S. history has agreed to plead guilty to 19 felony counts for his role in another massive credit-card data breach, according to a court document.
A motion filed Friday by federal prosecutors in Boston, Massachusetts, says Albert Gonzalez, 28, has agreed to serve 15 to 25 years for stealing data from more than 40 million credit cards owned by patrons of Sports Authority, OfficeMax, Barnes & Noble and other major national retailers.
The sentence is to be served concurrently with other sentences he may receive from pending identity theft cases in New Jersey and New York, the plea agreement says.
Click here for the full story
Biggest I.D. theft scheme busted - Feds
August 17, 2009
130 million credit and debit card numbers said to be stolen in five alleged corporate data breaches. Three men indicted.
NEW YORK (Reuters) -- U.S. authorities announced what they believed to be the largest hacking and identity theft case ever prosecuted on Monday in a scheme in which more than 130 million credit and debit card numbers were stolen.
Three men were indicted on charges of being responsible for five corporate data breaches in a scheme in which the card numbers were stolen from Heartland Payment Systems (HPY), 7-Eleven Inc. and Hannaford Brothers Co., federal prosecutors said in a statement.
The suspects also hacked two unidentified corporate victims, the U.S. attorney's office in New Jersey said in the statement.
Prosecutors allege Albert Gonzalez, 28, of Miami, and two unnamed Russian coconspirators targeted large corporations by scanning the list of Fortune 500 companies and exploring corporate Web sites before setting out to identify vulnerabilities.
Click here for the full story
Social Security number study raises fears
July 21, 2009
(CNN) -- A report earlier this week that a pair of academics had discovered a way to figure out a person's Social Security number based on information people commonly post online has raised new concerns about identity theft.
The Social Security Administration said the threat is minuscule. Still, the agency plans to change to a random system of assigning the numbers, replacing the current system based on the state and date where the number is assigned.
Professor Alessandro Acquisti and researcher Ralph Gross of Carnegie Mellon University said they began by studying a half-million expired Social Security numbers obtained from the "death master file" published by the Social Security Administration.
"We can use these death master file records to infer patterns" in the way numbers are assigned, said Acquisti, who then derived formulas to zero in on a range of Social Security numbers that might have been assigned to a person.
Click here for the full story
ID-Theft Ruling: Set Your Own Fraud Alerts
May 29, 2009
Companies that sell "identity-theft protection" present an alluring but questionable proposition.
For as much as about $100 per year, the main thing they do is set fraud alerts that force banks to call people before new lines of credit are opened in their names. The alerts can be useful — but people can set them themselves, for free.
Now even that function could be taken away from the ID theft-prevention services.
A federal court in California has blocked Tempe, Ariz.-based
Experian is suing LifeLock, claiming that LifeLock's automatic renewal of customers' fraud alerts — which happens every 90 days, when they expire — costs Experian millions of dollars in processing expenses.
In a ruling last week, a judge agreed with one of Experian's central arguments, which is that LifeLock isn't authorized to set alerts for consumers, and that federal law requires consumers to set alerts themselves by contacting credit bureaus directly.
Click here for the full story
Fake check scammers hunt for victims
May 28, 2009
WASHINGTON (CNN) -- Thousands of Americans learn a painful lesson in banking every day: Waiting for a check to clear and then getting access to the money from a bank doesn't mean the check has really cleared.
When Harry Smith, of New York, responded to an ad on Craigslist for an office assistant, a woman e-mailed him and said her British company was starting to sell its product in the United States, but was having trouble with dealing with checks from customers.
Smith said the woman needed someone to collect the checks and then send the money to her company. It was a commission job -- deposit the checks, wait for the funds to become available at his bank, then send cash to her, minus 10 percent for Smith.
After Smith checked out what seemed like a legitimate company on the Internet, he started receiving checks totaling several thousand dollars and deposited them in his account. When his bank released the funds, he sent cash to an address outside the country.
But after a few weeks, Smith's bank notified him the checks he had deposited had actually been returned, and that he owed the bank all the money he had withdrawn.
Click here for the full story
Don't Let ID Thieves Hijack Your Job Hunt
May 19, 2009
Let's say you've been job hunting for months now, and applied to so
many employers you're starting to lose track of them all. One day you
get a call from someone in HR at a well-known company. He found your
resume on an online job board, thinks it's very impressive, and is
looking forward to meeting you, he says. To set up the interview, he
asks for your home address, date of birth and Social Security number.
Odds
are, you give him the information, even if it seems a bit strange.
After all, this person could end up offering you a job, and you don't
want to seem difficult to work with. And odds are, you'll never hear
from him again, or the company he claimed to represent -- but, within a
day or two, he'll have opened half a dozen credit cards in your name,
maxed them out, and created an enormous mess it could take you years to
straighten out
Click here for the full story
False Security: 'Scareware' Spreads
April 15, 2009
Computer experts report a surge in fraudulent antivirus programs. Incidents of
scareware infections, as the rogue antivirus software is known, rose 48 percent
in the second half of 2008, according to a new report by Microsoft Corp. The
Anti-Phishing Working Group said the number of scareware programs rose
three-fold from July to December 2008. Dave Marcus, director of security
research and communications at McAfee Inc.'s McAfee Avert Labs, expects those
figures to increase this year because they are so lucrative. Scareware
infiltrates computers when a user visiting legitimate Web sites is redirected to
unrelated sites that offer to sell antivirus software. The scam begins when a
phony scan of the user's computer identifies a malware infection and the user is
instructed to download antivirus software to correct the problem for a fee of
about $50. A user's Web browser and operating system are also subject to
infection if they are not secure and up-to-date.
Click here for the full story
Computer Attackers Target Popular Sites In Quest For Profit
April 14, 2009
According to a study by the security vendor Symantec, the number of new types of
malware rose 265 percent between 2007 and 2008. Many of these new types of
malware are being used by hackers to break into legitimate Web sites through
flaws in their underlying code. For example, the microblogging site Twitter was
recently hit by a worm that took advantage of a cross-site scripting flaw to
infect users' profile pages and send out short messages that contained a link to
a competing site. The antivirus firm F-Secure said that the motive of the attack
was to steal Twitter users and get them to join the competing site,
StalkDaily.com. Other new types of malware are being used to commit fraud and
theft, says Dean Turner with Symantec's global intelligence network unit. For
instance, the Conficker worm displays pop-ups and warnings on infected computers
to try to convince victims to pay $49.95 for fake antivirus software. Meanwhile,
cybercriminals are still using phishing attacks and data-theft Trojans in an
effort to try to steal victims' online banking log-in information.
Click here for the full story
Fake Antivirus Software on the Rise
April 08, 2009
Microsoft is reporting that cyber criminals are increasingly using fake
antivirus software to steal information. An analysis of computers that received
automated updates from Microsoft in the second half of last year found that fake
antivirus software was on hundreds of millions of machines. George
Stathakopoulos, Microsoft's general manager for product security, said a large
number of people likely downloaded fake antivirus software over the last several
weeks when the media was focusing a great deal of attention on the Conficker
computer virus. "People who read about that stuff will be worried so they will
go and search for more information including products that will protect them,"
he said. Microsoft says that computer users can protect themselves from the
threat posed by antivirus software by only downloading applications from
companies they know.
Click here for the full story
Overlooked Data Leaks
March 25, 2009
Although many companies have taken a number of steps to protect their
proprietary data, such as installing firewalls, intrusion detection systems, and
multi-factor authentication products, they have been unable to completely
prevent information from being stolen, writes consultant John Mallery. One
reason why data is still vulnerable even at companies that have implemented
strong cybersecurity measures is that employees have a number of seemingly
innocent devices and tools they can use to take information. Among those devices
are USB flash drives and other types of portable media. These devices can be
dangerous because they can store thousands of files and can be used to copy
files to almost any computer. In addition, MP3 music players and digital cameras
also can be used to copy data from a corporate network. Online data storage
services also can also be dangerous, because like USB drives they can also be
used to store data that can be accessed from anywhere. An added danger is that
some of these services allow users to share files with anyone. Finally,
employees can use instant messaging applications, Web-based email services, and
blogs to leak confidential corporate data. The best way to stop employees from
using these or any other methods for leaking confidential information is to
implement a multi-layered security strategy that includes security technologies
as well as efforts to create a culture in which employees see the value of
protecting corporate data and are punished for failing to do so.
Click here for the full story
