HYDERABAD: K. Sarath Babu (55), deputy manager of Andhra Bank’s Cheque Processing Centre, was arrested by the police on Tuesday in the sensational case of withdrawing Rs. 5.1 crore by presenting a fabricated cheque.
An amount of Rs. 15 lakh was recovered from him, Hyderabad Detective Department Inspector S. Sharath Kumar, said.
A computer firm owner G.V.V.S. Vara Prasad, in whose fictitious name an account was opened with the ICICI Bank’s Vijayawada branch, was already arrested in the case.
The fabricated cheque was en-cashed by depositing it in Prasad’s account.
Prasad confessed to the investigators that Mr. Sarath Babu knew about the plan of presenting the fabricated cheque and fraudulent withdrawal of the huge sum.
Suspicions about Sarath Babu’s complicity arose as he cleared the fake cheque.
Investigation was on to ascertain if any other person was involved in the fraud. Sources said that a debt-ridden realtor approached the bank manager with the plan to make money by presenting a fabricated cheque. He offered a share in the money to be withdrawn in the fraud.
Efforts were on to nab the businessman.
Sunday, July 5, 2009
Australians warned on card fraud after $6m bust - theaustralian.news.com.au - 02 Jul 09
AUSTRALIANS have been urged to report any suspicious credit card activity after seven people were charged over a massive $6 million credit card scam using stolen personal information.
Five people in Sydney and two in Melbourne have been arrested over a scam involving the manufacture and distribution of more than 200 fraudulent credit cards a week, using personal details obtained here and overseas.
Personal information was stolen from card holders in Australia, Spain, the UK and Malaysia, then allegedly used by the syndicate to manufacture fake credit cards, Medicare cards and driver's licences in Australia.
The cards were then used by syndicate shoppers allegedly to purchase about $500,000 worth of items every week. The false driver's licences and Medicare cards acted as secondary information to back up the fake credit cards.
Yesterday police from the Identity Security Strike Team (ISST), which includes officers from the Australian Federal Police, NSW Police Force, Australian Crime Commission, NSW Crime Commission and Department of Immigration and Citizenship, arrested five men in Sydney over the $6 million fraud.
A man and a woman were also arrested in Melbourne yesterday.
AFP Assistant Commissioner Mandy Newton said the arrests were a warning to Australian card holders, because personal credit information had been stolen by methods such as skimming, which was now a global problem.
"What we are identifying is a global issue, it is not just in Australia," Ms Newton said.
"What the community needs to make sure they do, is if you see on your credit card statements purchases that were made from different location that you haven't made, you need to be very wary of that and notify your credit card group immediately so that your credit card can be cancelled."
The syndicate first came to the attention of police during a 2008 Department of Immigration investigation into a suspected illegal work racket, which uncovered evidence of the credit card fraud.
"The information obtained through that investigation identified several illegal citizens who had been arrested for shopping along the east coast using fraudulent credit cards," a Immigration Department investigator Peter Richards said.
"It's believed that these people were actually being used as the shoppers by this syndicate."
Police allege a 53-year-old man from Homebush, in Sydney's west, received credit card details from overseas and forwarded them to a 35-year-old man in the eastern Sydney suburb of Potts Point.
The Potts Point man allegedly used the data to produce fake credit cards and identity documents, and gave them back to the Homebush man.
He in turn allegedly distributed the credit cards and other documents to "supervisors", who passed them on to "shoppers".
The "shoppers" were allegedly told what to purchase with the cards and received a percentage of the value of the items eventually onsold at a discount.
The items included electronic goods, gift cards, phone cards, alcohol and stamps.
More than 1200 credit card numbers have been involved in the scam since March 2009, Ms Newton said.
"The rational behind having ... 1200 credit cards .. is to ensure a high turnover of credit cards for the purpose of shopping and reduce the likelihood of identifying them as being false," Ms Newton said.
By Adam Bennett
Five people in Sydney and two in Melbourne have been arrested over a scam involving the manufacture and distribution of more than 200 fraudulent credit cards a week, using personal details obtained here and overseas.
Personal information was stolen from card holders in Australia, Spain, the UK and Malaysia, then allegedly used by the syndicate to manufacture fake credit cards, Medicare cards and driver's licences in Australia.
The cards were then used by syndicate shoppers allegedly to purchase about $500,000 worth of items every week. The false driver's licences and Medicare cards acted as secondary information to back up the fake credit cards.
Yesterday police from the Identity Security Strike Team (ISST), which includes officers from the Australian Federal Police, NSW Police Force, Australian Crime Commission, NSW Crime Commission and Department of Immigration and Citizenship, arrested five men in Sydney over the $6 million fraud.
A man and a woman were also arrested in Melbourne yesterday.
AFP Assistant Commissioner Mandy Newton said the arrests were a warning to Australian card holders, because personal credit information had been stolen by methods such as skimming, which was now a global problem.
"What we are identifying is a global issue, it is not just in Australia," Ms Newton said.
"What the community needs to make sure they do, is if you see on your credit card statements purchases that were made from different location that you haven't made, you need to be very wary of that and notify your credit card group immediately so that your credit card can be cancelled."
The syndicate first came to the attention of police during a 2008 Department of Immigration investigation into a suspected illegal work racket, which uncovered evidence of the credit card fraud.
"The information obtained through that investigation identified several illegal citizens who had been arrested for shopping along the east coast using fraudulent credit cards," a Immigration Department investigator Peter Richards said.
"It's believed that these people were actually being used as the shoppers by this syndicate."
Police allege a 53-year-old man from Homebush, in Sydney's west, received credit card details from overseas and forwarded them to a 35-year-old man in the eastern Sydney suburb of Potts Point.
The Potts Point man allegedly used the data to produce fake credit cards and identity documents, and gave them back to the Homebush man.
He in turn allegedly distributed the credit cards and other documents to "supervisors", who passed them on to "shoppers".
The "shoppers" were allegedly told what to purchase with the cards and received a percentage of the value of the items eventually onsold at a discount.
The items included electronic goods, gift cards, phone cards, alcohol and stamps.
More than 1200 credit card numbers have been involved in the scam since March 2009, Ms Newton said.
"The rational behind having ... 1200 credit cards .. is to ensure a high turnover of credit cards for the purpose of shopping and reduce the likelihood of identifying them as being false," Ms Newton said.
By Adam Bennett
Cyber cafes log out of fingerprinting plan - timesofindia.indiatimes.com 29 Jun 09
: The proposed move of police to make fingerprint system mandatory at cyber cafes in the city evoked sharp reaction from the internet cafe operators They argue that police should first crack down on unauthorised cafes.
"Making fingerprint system compulsory is not a good idea and may not be feasible. Police should first close down 1,000 unauthorised cafes operating in the city to bring down cyber crimes,'' Ashish Saboo, president of the Mumbai chapter of Association of Public ICT Tools Access Providers, said.
Additional police commissioner (crime) Deven Bharti said the police had raided unauthorised cafes whenever they received complaints. "We continue to raid such cyber cafes. Our idea behind the new plan is to keep a tab on internet users. This will help us nail the accused if a cyber crime is committed.''
There are about 500 to 800 registered cyber cafes in the city and about 1,000 are unauthorised. "Increase in the number of cyber crimes in the city prompted us to think about the idea,'' Bharti said.
The number of cyber crime cases rose from 142 in 2005 to 775 in 2008. Of the cases registered in 2008, 164 related to fake profiling, defamation and sending obscene content while two complaints pertained to the matrimonial website shadi.com.
Police have received over 155 cyber crime complaints this year.
"Police are discouraging operators by making various norms tough and driving away our business,'' Karam Shi (47), who operates a cyber cafe at Churchgate, said.
Shi said if the customers are asked to go through fingerprint system, they feel that they are being treated like criminals.
"The existing mandatory norms are enough. The customers show their photo id and their address is noted down. A log book is maintained at all the cafes. By asking more from us, the police are making our business more complicated. This would prevent entry of new operators,'' said Shi, who has been into this business for the last eight years.
"Customers do not like to go through such formalities before entering the cafes. They feel humiliated. If it continues, the number of customers visiting the cafes will certainly come down in the future,'' Saboo said.
Among the various cyber crimes, a significant number of people have fallen prey to the Nigerian letters, which lured the receivers by saying that they had inherited property worth crores in a foreign country.
Credit card frauds, sending vulgar content, identity theft, hacking and lottery scams are among other fraudulent practices which many Mumbaikars have fallen for, sources said.
"Making fingerprint system compulsory is not a good idea and may not be feasible. Police should first close down 1,000 unauthorised cafes operating in the city to bring down cyber crimes,'' Ashish Saboo, president of the Mumbai chapter of Association of Public ICT Tools Access Providers, said.
Additional police commissioner (crime) Deven Bharti said the police had raided unauthorised cafes whenever they received complaints. "We continue to raid such cyber cafes. Our idea behind the new plan is to keep a tab on internet users. This will help us nail the accused if a cyber crime is committed.''
There are about 500 to 800 registered cyber cafes in the city and about 1,000 are unauthorised. "Increase in the number of cyber crimes in the city prompted us to think about the idea,'' Bharti said.
The number of cyber crime cases rose from 142 in 2005 to 775 in 2008. Of the cases registered in 2008, 164 related to fake profiling, defamation and sending obscene content while two complaints pertained to the matrimonial website shadi.com.
Police have received over 155 cyber crime complaints this year.
"Police are discouraging operators by making various norms tough and driving away our business,'' Karam Shi (47), who operates a cyber cafe at Churchgate, said.
Shi said if the customers are asked to go through fingerprint system, they feel that they are being treated like criminals.
"The existing mandatory norms are enough. The customers show their photo id and their address is noted down. A log book is maintained at all the cafes. By asking more from us, the police are making our business more complicated. This would prevent entry of new operators,'' said Shi, who has been into this business for the last eight years.
"Customers do not like to go through such formalities before entering the cafes. They feel humiliated. If it continues, the number of customers visiting the cafes will certainly come down in the future,'' Saboo said.
Among the various cyber crimes, a significant number of people have fallen prey to the Nigerian letters, which lured the receivers by saying that they had inherited property worth crores in a foreign country.
Credit card frauds, sending vulgar content, identity theft, hacking and lottery scams are among other fraudulent practices which many Mumbaikars have fallen for, sources said.
Sunday, June 28, 2009
Michael Jackson's death exploited by cybercriminals - scmagazineus.com- 26 Jul 09
Always quick to capitalize on major headlines, spammers have begun sending out messages related to the deaths of Michael Jackson and Farrah Fawcett, security researchers said.
Jackson's death is being exploited by cybercriminals hoping to infect users with a troan or to trick curious spam recipients into unwittingly revealing their personal information. Shortly after Jackson's death was confirmed, the SANS Internet Storm Center predicted that spam related to the deaths of Michael Jackson and Farrah Fawcett would begin to crop up.
“With the reported death of Farrah Fawcett and Michael Jackson today, it is likely only a matter of hours before we will start seeing SPAM relating to the subject,” a SANS Internet Storm Center blog post warned. “So it may be a good idea to remind your users that mail from unknown sources should not be opened and links should not be clicked.”
And they were right -- approximately eight hours after Michael Jackson's death, spammers began sending out malicious messages, according to security firm Sophos. The first wave of spam detected by Sophos came with the subject, “Confidential===Michael Jackson.” In the message, spammers claim to know “vital information” about Jackson's death and want to share this information with the recipient. These emails do not contain any type of malicious attachment or link, Sophos said in a blog post Friday.
“It's hard to know exactly what the purpose of the campaign is, but at the very least replying to the email to ask for more information will tell the hacker that you are a ‘live' target for future spam campaigns and attacks,” Graham Cluley, Sophos' senior technology consultant told SCMagazineUS.com in an email Friday. “But it's also possible that hackers could try and bring you into their confidence and might share with you links or attachments that are designed to infect your computer.”
Sophos said that similar spam campaigns related to Farrah Fawcett's death have been propagating as well.
A different spam campaign, targeting Portuguese speaking users is offering recipients a link to supposed “images of the body” and unpublished videos of Jackson which, if downloaded, will infect users with a trojan, Carl Leonard, security research monitor at security firm Websense told SCMagazineUS.com on Friday.
“The spam email appears to offer a link to a YouTube video, but instead sends the recipient to a trojan downloader hosted on a compromised website,” Websense wrote in a blog post Friday.
Following the link contained in the email will direct users to a legitimate website for a radio broadcasting station in Australia, which has been compromised and is now hosting the malicious file, called “Michael.Jackson.videos.scr.” Attempting to download this file will cause a legitimate news website with a story about Jackson's death to open, providing a distraction for the user, Leonard said. But, unbeknownst to the user, three information-stealing components will be downloaded and installed by the malware.
The downloaded file has a low anti-virus detection rate -- detected by just five of the 41 most popular AV engines, Websense said.
Once infected, this trojan tries to steal a user's online banking credentials, Leonard said. When a user visits certain online banking websites while infected with this trojan, their username and password is sent off to other compromised servers, where malware authors can harvest the data. Also, keyloggers -- which record a user's keystrokes -- may be installed at a later date.
Researchers said attacks taking advantage of Jackson's death will continue -- and evolve.
“We can expect that the malware authors will spread their wings and send out different emails in other languages,” Leonard said.
He added that attackers will probably launch search-engine optimization attacks, in which malicious sites will appear at the top of search engine results
By Angela Moscaritolo
Jackson's death is being exploited by cybercriminals hoping to infect users with a troan or to trick curious spam recipients into unwittingly revealing their personal information. Shortly after Jackson's death was confirmed, the SANS Internet Storm Center predicted that spam related to the deaths of Michael Jackson and Farrah Fawcett would begin to crop up.
“With the reported death of Farrah Fawcett and Michael Jackson today, it is likely only a matter of hours before we will start seeing SPAM relating to the subject,” a SANS Internet Storm Center blog post warned. “So it may be a good idea to remind your users that mail from unknown sources should not be opened and links should not be clicked.”
And they were right -- approximately eight hours after Michael Jackson's death, spammers began sending out malicious messages, according to security firm Sophos. The first wave of spam detected by Sophos came with the subject, “Confidential===Michael Jackson.” In the message, spammers claim to know “vital information” about Jackson's death and want to share this information with the recipient. These emails do not contain any type of malicious attachment or link, Sophos said in a blog post Friday.
“It's hard to know exactly what the purpose of the campaign is, but at the very least replying to the email to ask for more information will tell the hacker that you are a ‘live' target for future spam campaigns and attacks,” Graham Cluley, Sophos' senior technology consultant told SCMagazineUS.com in an email Friday. “But it's also possible that hackers could try and bring you into their confidence and might share with you links or attachments that are designed to infect your computer.”
Sophos said that similar spam campaigns related to Farrah Fawcett's death have been propagating as well.
A different spam campaign, targeting Portuguese speaking users is offering recipients a link to supposed “images of the body” and unpublished videos of Jackson which, if downloaded, will infect users with a trojan, Carl Leonard, security research monitor at security firm Websense told SCMagazineUS.com on Friday.
“The spam email appears to offer a link to a YouTube video, but instead sends the recipient to a trojan downloader hosted on a compromised website,” Websense wrote in a blog post Friday.
Following the link contained in the email will direct users to a legitimate website for a radio broadcasting station in Australia, which has been compromised and is now hosting the malicious file, called “Michael.Jackson.videos.scr.” Attempting to download this file will cause a legitimate news website with a story about Jackson's death to open, providing a distraction for the user, Leonard said. But, unbeknownst to the user, three information-stealing components will be downloaded and installed by the malware.
The downloaded file has a low anti-virus detection rate -- detected by just five of the 41 most popular AV engines, Websense said.
Once infected, this trojan tries to steal a user's online banking credentials, Leonard said. When a user visits certain online banking websites while infected with this trojan, their username and password is sent off to other compromised servers, where malware authors can harvest the data. Also, keyloggers -- which record a user's keystrokes -- may be installed at a later date.
Researchers said attacks taking advantage of Jackson's death will continue -- and evolve.
“We can expect that the malware authors will spread their wings and send out different emails in other languages,” Leonard said.
He added that attackers will probably launch search-engine optimization attacks, in which malicious sites will appear at the top of search engine results
By Angela Moscaritolo
China remains spam haven due to 'bulletproof' hosting - networkworld.com - 26 Jun 2009
Chinese hosting companies and registrars sometimes ignore complaints, which perpetuates fraud and spam
An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.
Gary Warner, director of research in computer forensics in the university's computer and information sciences department, wrote on his blog that it is well past the time to declare a spam crisis in China.
The university reviewed millions of spam messages seen throughout this year from its Spam Data Mine, which analyzes junk mail for threats. In those messages were links to hundreds of thousands of Web sites.
A total of 69,117 unique domains hosted those Web sites. Seventy percent -- or 48,552 -- hosted Web sites that ended in ".cn," the country-code top level domain for China. Again, about 70 percent of Web sites were located on computers within China.
"It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse."
Typically when scammy Web sites are detected, security companies will send a complaint to a hosting company, which may also act as a registrar, or seller of domain names. The site is typically taken offline.
However, some companies in China and elsewhere offer so-called "bulletproof" hosting, where Web sites are allowed to stay online or spam operations can continue unabated.
China is also attractive because of its low costs. A domain name can be bought for as little as $0.15, which allows scammers to acquire lots of domain names on the cheap. Domain names cost much more in the U.S., where some of the money goes to fighting abuse and spam, Warner wrote. But the low revenue stream in China is likely hampering the creation of programs to stop abuse.
"More than half of all spam either uses domain names registered in China, is sent from computers in China or uses computers in China to host their Web pages," Warner wrote.
Warner gives some network operations and registrars the benefit of the doubt, writing that they may have not yet developed effective ways to handle complaints and knock cybercriminals off their systems.
Others, however, ignore complaints, such as in the case of a hosting provider that was instrumental in keeping alive the Waledac botnet, known for sending out worm-ridden spam. Warner wrote that complaints have been sent in English and Chinese to no response.
"I truly believe that the Chinese government would not willingly tolerate this horrible situation," Warner wrote. "My only answer is that it must not have been properly brought to their attention so far."
By Jeremy Kirk
An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.
Gary Warner, director of research in computer forensics in the university's computer and information sciences department, wrote on his blog that it is well past the time to declare a spam crisis in China.
The university reviewed millions of spam messages seen throughout this year from its Spam Data Mine, which analyzes junk mail for threats. In those messages were links to hundreds of thousands of Web sites.
A total of 69,117 unique domains hosted those Web sites. Seventy percent -- or 48,552 -- hosted Web sites that ended in ".cn," the country-code top level domain for China. Again, about 70 percent of Web sites were located on computers within China.
"It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse."
Typically when scammy Web sites are detected, security companies will send a complaint to a hosting company, which may also act as a registrar, or seller of domain names. The site is typically taken offline.
However, some companies in China and elsewhere offer so-called "bulletproof" hosting, where Web sites are allowed to stay online or spam operations can continue unabated.
China is also attractive because of its low costs. A domain name can be bought for as little as $0.15, which allows scammers to acquire lots of domain names on the cheap. Domain names cost much more in the U.S., where some of the money goes to fighting abuse and spam, Warner wrote. But the low revenue stream in China is likely hampering the creation of programs to stop abuse.
"More than half of all spam either uses domain names registered in China, is sent from computers in China or uses computers in China to host their Web pages," Warner wrote.
Warner gives some network operations and registrars the benefit of the doubt, writing that they may have not yet developed effective ways to handle complaints and knock cybercriminals off their systems.
Others, however, ignore complaints, such as in the case of a hosting provider that was instrumental in keeping alive the Waledac botnet, known for sending out worm-ridden spam. Warner wrote that complaints have been sent in English and Chinese to no response.
"I truly believe that the Chinese government would not willingly tolerate this horrible situation," Warner wrote. "My only answer is that it must not have been properly brought to their attention so far."
By Jeremy Kirk
Wednesday, June 24, 2009
Thieves Snatch Billions in Credit Card Fraud - abcnews - 03 Jun 2009
For years, crimes have followed the same age old mantra: wrong place at the wrong time. For someone to commit a crime against someone else, they had to be physically in the same area. But that's no longer the case; it's now easier than ever to be victim of a crime, particularly identity theft, without even realizing it.
Identity thieves snatch tens of billions dollars a year through credit card fraud, either outright, or by selling your card information to other crooks across the globe. The perpetrators come from a loosely organized international underworld working beyond the reach of the law and without limits.
"They can sit in an apartment in Kiev ... and steal your identity and you're going to be in a world of hurt," said Dan Clements, founder of Card Cops, a company that has been tracking hackers who buy and sell people's identities. "They blatantly ... trade credit cards. They trade social security numbers. They trade debit card pin numbers."
Card Cops has been tracking hackers' activity for a decade. Crooks from all over the world meet in Internet chat rooms, in what almost looks like an underground stock market.
"Credit cards are commodity items," Clements said. "They can go for as little as $2 or $3 for a regular credit card. If you have a platinum card, it may be for $10 or $20. It's big business. They make a lot of money. There are people here that claim to make $20,000 to $30,000 a month selling these resources in these chat rooms."
The chat rooms operate like a commodity floor, where information is openly traded, and the hackers who carry out identity theft usually live in another part of the world.
"It's a global market," Clements said. "It's like a bazaar where you can buy anything at any time."
The Card Cops should know: They entered the business of protecting consumers and merchants from identity theft because many of them were scammed themselves when they worked together at another Internet company.
To help understand how fast a thief can siphon money from an account, ABC News experimentally opened a Visa account. It only took 15 minutes before a hacker got hungry.
"We had a hit from a retailer in Massachusetts," said Clements. The culprit used the credit card number to buy Dominos Pizza. "So there is your charge for $39.76. It looks like some kid might have found the card in this chat room and decided to buy his buddies pizzas."
According to Dominos, the hacker used the Internet to order delivery to an address in Mass.
Taking control of a credit card number is one thing, but what's really devastating is when crooks have all of your financial information. Once they have a full profile, they can open up new accounts entirely under a different name.
Hackers sometimes post peoples' financial information online, for free, to prove to fellow hackers that they've got the goods: viable financial information for sale.
"So we have a person, Dean in Michigan. His social security number. His driver's license. DOB. Mother's maiden name," said Clements. "In the room and so all 300 of these hackers have it all in real time."
"This guy Dean is going to be hurting the rest of his life. His identity is completely exposed," he said.
Identity Theft: How Thieves Do It
So how do the thieves do it? Phishing is still the number one threat, where crooks send e-mails that look like they're from your bank and ask for all your financial information.
"These people who have never been on the Internet go, 'Oh, that's my bank,'" said Clements. "They fill it out, they hit submit and it goes to the hacker's e-mail address. Then they have all this person's info... A lot of people fall for it."
Crooks often get people's pins through a technique called shoulder surfing.
"When you use your card in a retailer and you put in your pin number, there are cameras all over looking at you putting in that pin number," Clements said. "And many times the clerk will take your transaction and look at your Visa or MasterCard number and they'll rewind the video tape and they'll see you put in your pin number."
And if there aren't any convenient cameras they can check, the bad guys often install their own.
Also, even if your credit card is in your wallet, it doesn't mean it's safe. Thieves can buy card cloning machines right on the Internet.
"That's what they call track two information or dump information," Clements said. "That's what goes in the magnetic stripe right on the back of the credit card. All you do is take this information and encode it into the back of the magnetic stripe of the credit card and then you can go shopping."
Clements say that typically, identity thieves in chat rooms tend to be Eastern Europeans, Russians, and people from Bulgaria or Romania.
"Typically the hacker is ... stereotyped [as] a young introverted, early 20's male. They're always near a keyboard. In fact, a keyboard is near and dear to their entire life," he said. "He might have a job during the day and at night he might come here and surf and make some extra money. Because if he can make an extra $1,000 or $2,000 in Kiev or in a third world country, that's a lot of money."
And according to Clements, ego often plays a big role in the lives of hackers.
"They like to try and compromise things, to break into things," he said. "To prove they can do it."
Law enforcement can do little to protect you from these crimes.
There is no DNA. There is no blood. There is no knife. There are no guns. So it's very hard to prove who committed the crimes here," Clements said.
How to Protect Yourself
Identity protection is largely left up to the consumer. Clements advises consumers to never give out their financial information, on the phone or online, unless they initiated the contact.
"We recommend if you shop online like we all do that when you're at anniversary on your credit card -- in other words when it expires -- you get a new account number from your credit card issuer," he said. "Not a new account, but just get the new number, because that way you're fresh."
Besides inactivating old account numbers, Clements also recommends choosing a new ATM pin number every six months.
Refreshing your card and account numbers is one way for consumers to stay ahead of crooks in the fast-paced business of identity theft.
"It's a sophisticated business," Clements said. "The criminals are getting smarter."
By ELISABETH LEAMY
Identity thieves snatch tens of billions dollars a year through credit card fraud, either outright, or by selling your card information to other crooks across the globe. The perpetrators come from a loosely organized international underworld working beyond the reach of the law and without limits.
"They can sit in an apartment in Kiev ... and steal your identity and you're going to be in a world of hurt," said Dan Clements, founder of Card Cops, a company that has been tracking hackers who buy and sell people's identities. "They blatantly ... trade credit cards. They trade social security numbers. They trade debit card pin numbers."
Card Cops has been tracking hackers' activity for a decade. Crooks from all over the world meet in Internet chat rooms, in what almost looks like an underground stock market.
"Credit cards are commodity items," Clements said. "They can go for as little as $2 or $3 for a regular credit card. If you have a platinum card, it may be for $10 or $20. It's big business. They make a lot of money. There are people here that claim to make $20,000 to $30,000 a month selling these resources in these chat rooms."
The chat rooms operate like a commodity floor, where information is openly traded, and the hackers who carry out identity theft usually live in another part of the world.
"It's a global market," Clements said. "It's like a bazaar where you can buy anything at any time."
The Card Cops should know: They entered the business of protecting consumers and merchants from identity theft because many of them were scammed themselves when they worked together at another Internet company.
To help understand how fast a thief can siphon money from an account, ABC News experimentally opened a Visa account. It only took 15 minutes before a hacker got hungry.
"We had a hit from a retailer in Massachusetts," said Clements. The culprit used the credit card number to buy Dominos Pizza. "So there is your charge for $39.76. It looks like some kid might have found the card in this chat room and decided to buy his buddies pizzas."
According to Dominos, the hacker used the Internet to order delivery to an address in Mass.
Taking control of a credit card number is one thing, but what's really devastating is when crooks have all of your financial information. Once they have a full profile, they can open up new accounts entirely under a different name.
Hackers sometimes post peoples' financial information online, for free, to prove to fellow hackers that they've got the goods: viable financial information for sale.
"So we have a person, Dean in Michigan. His social security number. His driver's license. DOB. Mother's maiden name," said Clements. "In the room and so all 300 of these hackers have it all in real time."
"This guy Dean is going to be hurting the rest of his life. His identity is completely exposed," he said.
Identity Theft: How Thieves Do It
So how do the thieves do it? Phishing is still the number one threat, where crooks send e-mails that look like they're from your bank and ask for all your financial information.
"These people who have never been on the Internet go, 'Oh, that's my bank,'" said Clements. "They fill it out, they hit submit and it goes to the hacker's e-mail address. Then they have all this person's info... A lot of people fall for it."
Crooks often get people's pins through a technique called shoulder surfing.
"When you use your card in a retailer and you put in your pin number, there are cameras all over looking at you putting in that pin number," Clements said. "And many times the clerk will take your transaction and look at your Visa or MasterCard number and they'll rewind the video tape and they'll see you put in your pin number."
And if there aren't any convenient cameras they can check, the bad guys often install their own.
Also, even if your credit card is in your wallet, it doesn't mean it's safe. Thieves can buy card cloning machines right on the Internet.
"That's what they call track two information or dump information," Clements said. "That's what goes in the magnetic stripe right on the back of the credit card. All you do is take this information and encode it into the back of the magnetic stripe of the credit card and then you can go shopping."
Clements say that typically, identity thieves in chat rooms tend to be Eastern Europeans, Russians, and people from Bulgaria or Romania.
"Typically the hacker is ... stereotyped [as] a young introverted, early 20's male. They're always near a keyboard. In fact, a keyboard is near and dear to their entire life," he said. "He might have a job during the day and at night he might come here and surf and make some extra money. Because if he can make an extra $1,000 or $2,000 in Kiev or in a third world country, that's a lot of money."
And according to Clements, ego often plays a big role in the lives of hackers.
"They like to try and compromise things, to break into things," he said. "To prove they can do it."
Law enforcement can do little to protect you from these crimes.
There is no DNA. There is no blood. There is no knife. There are no guns. So it's very hard to prove who committed the crimes here," Clements said.
How to Protect Yourself
Identity protection is largely left up to the consumer. Clements advises consumers to never give out their financial information, on the phone or online, unless they initiated the contact.
"We recommend if you shop online like we all do that when you're at anniversary on your credit card -- in other words when it expires -- you get a new account number from your credit card issuer," he said. "Not a new account, but just get the new number, because that way you're fresh."
Besides inactivating old account numbers, Clements also recommends choosing a new ATM pin number every six months.
Refreshing your card and account numbers is one way for consumers to stay ahead of crooks in the fast-paced business of identity theft.
"It's a sophisticated business," Clements said. "The criminals are getting smarter."
By ELISABETH LEAMY
Professionals allege massive Net-based employment fraud - The Hindu - 30 May 2009
Say they have been duped of sums from Rs.2 lakh to Rs.8 lakh
Firm has no landline number, Web address
Contacts were through e-mail, cellphone
--------------------------------------------------------------------------------
KOCHI: In what is said to be an Internet-based fraud, several veterinary doctors and assistants, homeopaths and an engineer, and possibly those from other professions, in Kerala have been allegedly duped of millions of rupees by a firm offering lucrative jobs in Spain.
Nine veterinary professionals, an unconfirmed number of homoeopaths and the engineer are said to have paid sums ranging from Rs.2 lakh to Rs.8 lakh to Sajeev Associates, represented in e-mail by one Sajeevan. The firm, with postal address in Kolkata, has no landline number or Web address. Sajeevan, a Malayali, had contacted the victims through the mobile phone or e-mail.
None of those who have transferred lakhs of rupees to Sajeevan’s bank accounts has met him or seen his photographs or know his whereabouts.
Though the firm has given a Kolkata address for couriering copies of certificates, the money had to be paid to Sajeevan’s accounts in Chennai branches of the State Bank of India and the HDFC and Axis banks.
The veterinary doctors and assistants told The Hindu that Sajeevan, in fact, ran his operations based in Chennai, and not in Kolkata. Discrete enquiries by the vets showed that the residential address provided at each of these banks varied and that he had pulled out money from the accounts using ATM cards, always leaving only the minimum balance in the accounts. Even the broadband Internet connection to the computer from which he sent e-mails from Chennai was in another person’s name.
The messages to the veterinarians came from two email IDs: veterinarybiodata@yahoo.com and vetarchmbspain@spainmail.com.
The latter was supposed to be from the Spanish company Vetarchmb-Spain. A causal check on the internet will show that it is created at mail.com, which specialises in personalised or occupation-based or country-wise email IDs. The messages sent from the two IDs have the same writing style and the same faulty English. A check on fraudwatchers.org, which “provides support, guidance and assistance to victims of (Internet) fraud” about the Vetarchmb job offer, had originated this answer: “Any offer of employment that is accompanied by a request for payment is 100% fraudulent. Nobody is going to offer a lucrative job via an unsolicited email. It is a scam.” An e-mail query with the Spanish embassy in Delhi said the recruitment was fraudulent.
The veterinarians told The Hindu that they had each paid between Rs.5 lakh and Rs.8 lakh in instalments over a period of eight months. They had been offered jobs with the ‘Spanish’ veterinary company called ‘Vetarchmb’ supposed to have been based at Balmes in Barcelona, Spain. S.G. Biju, trust chairman of the Institution of Homeopaths, Kerala, said his guess estimate was that roughly 100 homeopaths had been duped, though most of them preferred to keep it secret. One homeopath admitted that he had paid Rs.2.5 lakh to Sajeevan through bank transfer, Dr. Biju said. He said the Institution of Homeopath’s journal had recently carried a warning about the offer.
The vets said they had all received fliers offering jobs in Germany, Belgium, the Netherlands, Denmark and Spain. However, the offer was later narrowed down to Spain. The flier specifically said: “We are not collecting any service charges from your (candidate) side. Our service charges are paying (sic) by M/s Vetarchmb Group.Europe.”
Many pretexts
However, after the veterinarians accepted the offers, Sajeev Associates kept on asking for money on one pretext or the other. For instance, one had to pay Rs.1.5 lakh towards ‘translation’ of all the pages of all his certificates into Spanish at the rate of Rs.1,500 a page. Then, there was a payment of Rs.2.5 lakh towards medical check-up, insurance, visa stamping and flight ticket to Delhi (though the trip was put off). Again, there was a payment of Rs.1.75 lakh for bank guarantee and 2,000 euros for passport endorsement and for medical report revalidation. A special agreement fee of Rs.50,000 was the latest demand.
They were told that all the expenses would be reimbursed by the employer within 40 days of reporting for work.
By K.P.M. Basheeer
Firm has no landline number, Web address
Contacts were through e-mail, cellphone
--------------------------------------------------------------------------------
KOCHI: In what is said to be an Internet-based fraud, several veterinary doctors and assistants, homeopaths and an engineer, and possibly those from other professions, in Kerala have been allegedly duped of millions of rupees by a firm offering lucrative jobs in Spain.
Nine veterinary professionals, an unconfirmed number of homoeopaths and the engineer are said to have paid sums ranging from Rs.2 lakh to Rs.8 lakh to Sajeev Associates, represented in e-mail by one Sajeevan. The firm, with postal address in Kolkata, has no landline number or Web address. Sajeevan, a Malayali, had contacted the victims through the mobile phone or e-mail.
None of those who have transferred lakhs of rupees to Sajeevan’s bank accounts has met him or seen his photographs or know his whereabouts.
Though the firm has given a Kolkata address for couriering copies of certificates, the money had to be paid to Sajeevan’s accounts in Chennai branches of the State Bank of India and the HDFC and Axis banks.
The veterinary doctors and assistants told The Hindu that Sajeevan, in fact, ran his operations based in Chennai, and not in Kolkata. Discrete enquiries by the vets showed that the residential address provided at each of these banks varied and that he had pulled out money from the accounts using ATM cards, always leaving only the minimum balance in the accounts. Even the broadband Internet connection to the computer from which he sent e-mails from Chennai was in another person’s name.
The messages to the veterinarians came from two email IDs: veterinarybiodata@yahoo.com and vetarchmbspain@spainmail.com.
The latter was supposed to be from the Spanish company Vetarchmb-Spain. A causal check on the internet will show that it is created at mail.com, which specialises in personalised or occupation-based or country-wise email IDs. The messages sent from the two IDs have the same writing style and the same faulty English. A check on fraudwatchers.org, which “provides support, guidance and assistance to victims of (Internet) fraud” about the Vetarchmb job offer, had originated this answer: “Any offer of employment that is accompanied by a request for payment is 100% fraudulent. Nobody is going to offer a lucrative job via an unsolicited email. It is a scam.” An e-mail query with the Spanish embassy in Delhi said the recruitment was fraudulent.
The veterinarians told The Hindu that they had each paid between Rs.5 lakh and Rs.8 lakh in instalments over a period of eight months. They had been offered jobs with the ‘Spanish’ veterinary company called ‘Vetarchmb’ supposed to have been based at Balmes in Barcelona, Spain. S.G. Biju, trust chairman of the Institution of Homeopaths, Kerala, said his guess estimate was that roughly 100 homeopaths had been duped, though most of them preferred to keep it secret. One homeopath admitted that he had paid Rs.2.5 lakh to Sajeevan through bank transfer, Dr. Biju said. He said the Institution of Homeopath’s journal had recently carried a warning about the offer.
The vets said they had all received fliers offering jobs in Germany, Belgium, the Netherlands, Denmark and Spain. However, the offer was later narrowed down to Spain. The flier specifically said: “We are not collecting any service charges from your (candidate) side. Our service charges are paying (sic) by M/s Vetarchmb Group.Europe.”
Many pretexts
However, after the veterinarians accepted the offers, Sajeev Associates kept on asking for money on one pretext or the other. For instance, one had to pay Rs.1.5 lakh towards ‘translation’ of all the pages of all his certificates into Spanish at the rate of Rs.1,500 a page. Then, there was a payment of Rs.2.5 lakh towards medical check-up, insurance, visa stamping and flight ticket to Delhi (though the trip was put off). Again, there was a payment of Rs.1.75 lakh for bank guarantee and 2,000 euros for passport endorsement and for medical report revalidation. A special agreement fee of Rs.50,000 was the latest demand.
They were told that all the expenses would be reimbursed by the employer within 40 days of reporting for work.
By K.P.M. Basheeer
Subscribe to:
Posts (Atom)
