Oh dear, check this out...."14 Arrested for Credit Card, Phishing Scams"

Cyber Diva · Senior Member

Oh dear, check this out...."14 Arrested for Credit Card, Phishing Scams"

Cyber Diva · Senior Member

RE: Oh dear, check this out...."14 Arrested for Credit Card, Phishing Scams"

Cyber Diva · Senior Member

03 November 2006

cyberfraud gang nabbed in international operation. FBI has now reported the arrest of 16 hackers and carders in the US and Poland. Operation Cardkeeper focused both on those who stole private financial data and those who purchased it to commit fraud.

Following two major crackdowns on cyberfraudsters in recent months in Spain and South Africa, the FBI has now reported the arrest of 16 hackers and carders in the US and Poland. Operation Cardkeeper focused both on those who stole private financial data and those who purchased it to commit fraud.

The FBI raided addresses in New York, Texas, Tennessee, Nebraska, Georgia and Ohio, with arrests being made in Atlanta and Columbus. In all, three people are likely to face charges in the US. The remaining arrests were made in Poland, where thirteen people were arrested with help from the US authorities. Another eastern European country, Romania, also featured in the investigation, as several people were questioned there about their involvement in the ID theft ring. It is believed that one man in Poland was the leader of the group. He gained illegal access to servers, which then were used by others to host phishing sites. The main meeting points for these cyberfraudsters were several major online carding forums, where credit card and ID information is bought and sold.

The FBI says its investigation focused on a 2004 attack on a "major financial institution", which, according to Wired, may have been the US Bank. Those involved in the cyberfraud ring in the US were usually low-end users who simply cashed stolen cards or used stolen identities to arrange new credit cards. They also worked as money mules, sending large sums via money transfer mechanisms such as Western Union to their eastern European partners in crime, keeping a cut of the profit to themselves.

The arrests, announced by the FBI, are the latest step in a fight that is becoming increasingly important for the general public, as more and more people become victims to electronic crime. US authorities have promised before to do more to prevent ID theft and cyberfraud, and international collaboration, as seen in this case, is key to stopping this new breed of criminals. "Cybercriminals will no longer be able to hide behind borders to conduct their illicit business. This need for global cooperation was reinforced by James E. Finch, assistant director of the FBI's Cyber Division, who in a statement said: "Cybercriminals will no longer be able to hide behind borders to conduct their illicit business. There will be no safe haven for cybercrime."

source : www.viruslist.com

Cyber Diva · Senior Member

The criminals used compromised credit cards to buy large numbers of electrical goods that they then sold on eBay, the online auction site.

16-02-2007
Identity crisis
The highly lucrative theft of personal and corporate identities is becoming an international criminal activity.
Identity theft is a growing, global menace. The use of stolen personal information to fraudulently order goods or obtain credit is the fastest growing crime in the US, according to the Federal Bureau of Investigation. In the UK, four out of 10 people say they have fallen victim to identity theft. Banks and credit card companies often reimburse defrauded customers, but the personal inconvenience of getting cards cancelled and reissued is enormous. And it can be harder to apply for legitimate loans or credit in future. But identity theft is not only a pain for private individuals. Companies are, increasingly, finding that their identities are being stolen or that, in more sophisticated cases, they are being cleverly impersonated. Corporate identity theft happens when fraudsters steal the identity of a legitimate company and then trade under its credit and name. It can affect companies through assets being stolen and bank accounts emptied by fraudsters trading on the companys creditworthiness, for example.

Highlighted

In an increasingly globalised business environment, the crime often has an international dimension, regardless of where the target company is based. In one typical case highlighted by police in the UK, for example, companies in France, Spain, Germany, Portugal and Austria received orders for computer parts and spares from a UK business called PC Specialist. Those that checked the companys background would have found that it had a good credit rating and trading history. The orders asked the goods to be delivered to an address in London, with invoices sent to the companys head office, which was in a different part of the country. The orders carried the official PC Specialist logo, and logos from National Westminster and Halifax banks. But they were fraudulent. PC Specialist was a legitimate company, but criminals had stolen its identity. Such corporate identity theft is one of the fastest growing risks businesses face and will cost UK companies £700m a year by 2020, an increase of 1,300 percent on current levels, according to leading commercial insurer Royal & SunAlliance (R&SA). The insurer says that large businesses with over 250 employees will pick up the biggest share of costs. The sectors most likely to be affected are communications, banking, finance and insurance. Companies are increasingly being affected by corporate identity theft and many are worried about the risks of fraudsters stealing their company identity, as this could lead to a loss of competitive advantage or public confidence, says Jon Woodman, director of risk solutions at R&SA.

A case like PC Specialist relies on a few faked logos, but in more advanced identity frauds the criminals will actually change the target companys registered details. In the UK, these are held at Companies House, a government agency. Of the 500,000 documents filed here each month, only about 50 are identified as false, but the Metropolitan Police estimate that each false filing can result in a £1m fraud. The trick appears to be gaining control of a company and its assets as far as third parties are concerned, says Ian Manson of Digita, an accountancy software firm. A Digita report on identity theft, called Keeping the Record Straight, highlights some examples. In one case, fraudsters stole a companys identity and used it to sell off an office block that it owned in Moscow. The true owners only found out it was no longer in their possession when they were barred from entering it, says Mr Manson. In another case, the proprietor of a family owned business found that its registered office had been changed from the address where it had been for over 100 years. To add an extra veneer of fraudulent credibility, the criminals had even stolen the companys nameplate from the front of its building.

Credible

Other frauds include setting up bogus companies, falsely manufacturing accounts and even stealing the identity of auditors to ensure that these accounts appear to be credible. Mr Manson says that nine audit firms have had their details appropriated to legitimise a false set of accounts over the last nine months. Another 100 sets of accounts have been set up using completely fictitious auditor details over the same period, he adds. Prosecutors have scored some limited wins against identity fraudsters. In one recent case a disgraced Russian bank chief was jailed for six years after being found guilty of running an international identity theft gang. The sophisticated operation saw tens of thousands of British, American and Spanish account holders defrauded out of millions of pounds. Police believe the internet-based scam lasted a decade. The criminals used compromised credit cards to buy large numbers of electrical goods that they then sold on eBay, the online auction site. They also used the money for gambling on sports and to set up fake merchant accounts. They created large numbers of false documents and even a bogus legal firm to help generate numerous fictitious identities. Hundreds of bank accounts were then opened in those names for the huge amounts of illicit cash flooding in. At the heart of the scam was Anton Dolgov, the former head of the ill-fated Moscow City Bank, which collapsed in 1994 with debts of up to $120m. As the general manager of the operation, he is thought to have a huge fortune stashed in secret Russian bank accounts waiting for him when he finally emerges from prison, according to press reports. Mr Dolgov admitted conspiracies to defraud, to obtain services by deception, to acquire and use and possess criminal property. The FBI is also trying to crack down on international identity theft. It recently targeted one operation that involved the trading of social security numbers, the sale of stolen credit card account information, and phishing, the practice of using email to trick consumers into handing over personal information. The Washington Post reported that an investigation called Operation Cardkeeper had led to the arrests of more than a dozen people in the US and other countries, all of whom are alleged members of online communities that specialize in carding, the trafficking of stolen identities and credit card and bank account information. We are sharing evidence and using sophisticated techniques like never before, said James Finch, assistant director of the FBIs Cyber Division. Cyber criminals will no longer be able to hide behind borders to conduct their illicit business.

Mutually approved

Combating corporate identity fraud is more difficult. In the UK, Companies House the official repository for corporate documents has created an online filing scheme, called PROOF, where only mutually approved documents are registered. It has also launched a monitoring service that lets a company know each time a change of record has been made. There has also been a legislative crackdown. Under a new Companies Act it is an offence for a person to knowingly or recklessly deliver or cause to be delivered (to Companies House) a document that is misleading, false or deceptive in a material particular. Those convicted face up to two years imprisonment, or a fine, or both. If every company were to opt in to the PROOF scheme tomorrow, and of course guard their company authentication codes as carefully as they guard their bank account PIN numbers, then the phenomenon of company hijacking would almost certainly disappear overnight, says Mr Manson. But fraudsters are innovative people, and other identity frauds might prove harder to guard against. City of London police warned recently of a new identity con that exploits the international nature of business. Here, criminals are hi-jacking corporate identities with a view to compromising their bank accounts and transferring money overseas. These attacks have been aimed at foreign-based companies, which usually have a representative office in the UK, and have existing accounts with a UK bank. The intended victim will also usually have a faxed indemnity arrangement in place with the bank. Popular targets have been foreign airlines, banking institutions and even embassies. The fraud works like this. The criminals contact the relationship manager at the UK bank, purporting to be the genuine client and informing them that they are changing their contact details, usually giving the excuse that a temporary move of office is necessary due to refurbishment. They will then give the relationship manager their new telephone and fax number, and occasionally an email address. These telephone numbers are generally arranged in advance, via the internet, and are able to be diverted to mobiles and fax to e-mail facilities. The criminals will then ask for confirmation from the bank, acknowledging the new details, and this will provide them with a headed, signed fax from the bank, which they can copy and manipulate for future use against the intended victim.

New contact details

At the same time, the criminals will also make contact with the finance director, or equivalent, of the targeted company purporting to be the relationship manager of the UK bank. They will provide the same, new telephone and fax contact numbers to the company using the excuse that the bank is experiencing computer problems or their records need updating. Again, they will request confirmation from the company acknowledging the new contact details, and a headed, signed fax will be forwarded to the criminals, which they can then use in their correspondence with the bank. Once these steps have been taken, the criminals are then effectively in control of the direct line of communication between the bank and its client. The criminals then do one of two things. They either request that a new account be opened with the UK bank and the companys existing overdraft facility be extended to this account, or they continue to forward any faxed indemnity transfer requests they receive from the victim to the bank as normal. After a short period of time, the criminals will then fax the bank a number of high-value transfer requests, from the existing or newly opened account, to recipient accounts, usually based in Japan or Pakistan, resulting in substantial losses to the victims. This kind of identity fraud requires a great deal of planning and research. It is apparent that the criminals carry out homework before making the approach to the bank and the intended victim, says a police briefing note. They usually know the management structure of the target company and will use the name of the relevant finance director or similar in their correspondence. They will also usually know the name of the relevant relationship manger at the bank, to whom they need to speak. More companies will have to adapt their fraud controls to deal with this and other kinds of identity theft, says Simon Wallace of the Centre for Economic and Business Research. We are on the cusp of a potential boom in corporate identity theft, he believes. With almost universal computer usage and internet coverage in the business environment, the potential for corporate identity theft is more significant than ever. Those willing to hack, scam and defraud will find new and technically advanced methods to open up the necessary loop holes and steal a firms identity.

Source: http://www.worldfinance.com/news/135/ARTICLE/1126/2007-02-16.html

Cyber Diva · Senior Member

This should probably go here too...

Credit Card Number STOLEN, POSSIBLY EMPLOYEE OF EBAY?

forums.ebay.com.....

abitofinsanity (0 ) View Listings | Report Mar-10-07 12:57 PST
This morning I get an email from ebay:

Dear eBay user:

As a courtesy and for your safety, eBay notifies you whenever your credit card is used for
certain activities on the site.

Once you have a credit card on file with us and the same card is used again for certain
activities on eBay, we will send this notice to let you know that the credit card has been used.

These activities include using the same credit card to:

* register an eBay account using an anonymous email domain such as Yahoo or Hotmail,
* set up a selling account,
* update the credit card information on another account that uses the same card,
* gain access the Mature Audiences category, or
* place a bid over $15,000.

If you did not use your credit card for any of the above reasons, please confirm with all
members of your household as well as friends or business associates that they have not
recently used your credit card on eBay.

If you are still unable to explain the use of your card, please report the potential unauthorized account activity to us by taking the following steps:

1. Click on the "Help" tab at the top of the eBay Home page.
2. Click on the "Contact Us" link, located on the left side of the Help Center page.
3. Select the relevant topic on the Contact Us page to report the concern to our Trust & Safety team.

** Do not reply to this email as this is a system-generated message **

At first thought, I assumed it was a scam email and I do exactly what was said, to send an email to T&S. I receive a response from ebay a few hours later:

Thank you for writing eBay in regard to the email you received.

We have recently suspended another account registered with your credit
card information. You should not receive any charges from eBay.com as a
result of this unauthorized use of your card.

If you have not already done so, we would highly recommend that you
contact your credit card company to report our findings and dispute any
charges that you have not placed. You may also want to contact your
local authorities to inform them of violations.

Should any of the parties you contact need further information regarding
activities on the site please have them contact us.

Thank you for your time.

The credit card used on the ebay selling account is my husband's and this is the only place we use this number.
We call our bank and they inform us that there is a pending authorization for GAS made today. Guess where that purchase is from? SAN JOSE,CA

We live in VIRGINIA

Now, our selling account has not been compromised, password has not been changed and we still have full access to our account. So how is it that "someone" registered a new ebay account with our credit card number and purchased gasoline in San Jose, Ca with the same credit card? We have the card on us, so it could not have been stolen anywhere.

Is it possible someone who works for ebay is stealing credit card numbers? This makes absolutely NO SENSE to us or our bank. If anyone else can make sense to this, please respond. Or if you received the same email today ( it was sent between 7-730 am EST ), please reply and take the same precautions as we did.

Cyber Diva · Senior Member

FBI warns of latest expensive Internet traps and tricks:

'Spoofing' and 'Phishing' and Stealing Identities

usgovinfo.about.com...

The FBI, Federal Trade Commission (FTC) and Earthlink have jointly issued a warning on how the growing ranks of Internet crooks are using new tricks called "phishing" and "spoofing" to steal your identity.
In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.

The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "Customer Service" type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.

"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case.

Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.

"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.

"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.

©2007 About, Inc., A part of The New York Times Company. All rights reserved.

budnonymous · Top Poster

They let that die down.

It was posted here, in a subtle manner

Another interesting thread

Cyber Diva · Senior Member

Yeah eBaY just rocks, don't they?!

Imagine leaving the country on vacation and not checking your eBaY account for a month or so, what do you think would have happened to your eBaY account while you were gone?