On Oct. 7, the District Attorney of Queens County, N.Y., and City of New York Police announced the results of a two-year investigation that resulted in the biggest identity theft takedown in U.S. history.

The elaborate scheme, which involved five organized crime rings with ties to Europe, Asia, Africa and the Middle East, resulted in financial losses exceeding $13 million over a 16-month period.

So far, 111 individuals have been indicted, and authorities say 86 are now in custody.

The operation was dubbed “Operation Swiper.”

The criminals focused on credit card fraud, using stolen credit card numbers which they then used to create counterfeit credit and identification cards. Skimming devices were used in restaurants and on bogus websites to obtain the credit card numbers.

“The counterfeit cards were supplied to hired shoppers who were instructed to purchase high-end electronics and other merchandise, items that could easily be fenced and re-sold, usually over the Internet. Some of the shoppers also have been accused of using counterfeit cards to stay in five-star hotels and rent luxury cars during their so-called shops. In one case, a shopper allegedly commissioned a private jet to travel from New York to Florida,” BIS reports.

This is why it pays to keep careful tabs on your credit cards.

Dear Mr. Hendrik:

God bless you, sir! This grant could not have come at a better time. You see, I had a dog for many years that I truly considered my friend and I had to put her to sleep recently. This devastated me so much that I went on a bender for six weeks and woke up in the hospital missing both of my legs. I have no idea what happened, but one of the nurses said I passed out on the railroad tracks. I don’t remember, but I guess I have to believe her.

They tell me that I have been here (in hospital) for almost a month now and the bill is approaching $500,000.00, so I really need this grant and it couldn’t have come at a better time. I will be able to pay off my hospital bills and have enough left over to re-build my life, such as it has become. Perhaps with the remaining money, I will be able to afford (barely) a pair of bionic legs.

However, your letter has left me with a dilemma: I have no money to pay your processing fee. Since I am to be granted $950,000.00 USD, I can certainly afford to pay you back should you be so kind as to lend me the $560.00 processing fee. In fact, I would be happy to pay you back $1,120.00 in exchange for your generosity.

Mr. Hendrik, I truly appreciate your contacting me in my time of need and look forward to receiving your loan of the processing fee via Western Union immediately upon receipt of this email. You can well imagine how desperate I am and your benevolence at helping a fellow human being in need will certainly be rewarded in whatever afterlife you find yourself.

On 7/24/2011 3:04 PM, Mr. Franklin Hendrik wrote:

International Monetary Fund (IMF)

Independent Corrupt Practices and Other Related Offenses Commission

Wuse Zone 5, Garki

ATTN: BENEFICIARY,

Your International Monetary fund (IMF) grant  of $950,000.00 USD  has been approved by the International Monetary fund (IMF) board of directors during their last meeting. The amount to be transfered to your nominated bank account is to be carried out by one of our partner banks

owing to the fact that the International Monetary fund(IMF) does not directly remit funds into the bank account of its beneficiaries .

The last hurdle you would have to scale to have your pending funds transfer transferred to your nominated bank account is the International Monetary fund (IMF) grant processing fee of $560.00 USD.

Once this fee is paid! The necessary documents the bank will require from you will be presented to you by us to enable you have access to your $950,000 USD.

This transaction can and should be concluded within 48 or at most 72 working hours after you have made payment of the International Monetary fund (IMF) grant processing fee of $560.00 USD.

Do respond swiftly, So that we can conclude this transaction as soon as possible.

Once again congratulations on your just approved grant of $950,000.00 USD.

Regards,

Mr. Franklin Hendrik

INTERNATIONAL MONETARY FUND.

My wife got this email notice yesterday:

As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.

We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.

Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.

Stay alert to anyone who requests personal information via email. It just isn’t done by any financial institution.

Here are the top ten tips, courtesy of OnGuardOnline.gov for avoiding online scams:

Don’t send money to someone you don’t know.

Don’t respond to messages that ask for your personal or financial information.

Don’t play a foreign lottery.

Keep in mind that wiring money is like sending cash: once it’s gone, you can’t get it back.

Don’t agree to deposit a check from someone you don’t know and then wire money back.

Read your bills and monthly statements regularly—on paper and online.

In the wake of a natural disaster or another crisis, give to established charities rather than one that seems to have sprung up overnight.

Talk to your doctor before buying health products or signing up for medical treatments.

When considering an investment, remember that there’s no such thing as a sure thing.

Know where an offer comes from and who you’re dealing with.

I’ve been saying these same things all along, but I will continue to repeat them for as long as I need to.

The report provides a “state of the union” of the cybercrime black market in light of its ongoing rapid evolution. The black market has traditionally centered on selling stolen bank and credit card details but diversified its business model in 2010, now selling a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and other valuable data.

Here’s a taste of some of the topics the report covers:

• Average prices for the array of personal data and goods now sold on the black market. For example, PandaLabs found that card cloning machines run typically anywhere from $200-1,000 and fake ATM machines from $3,500 depending on the model;
• What drives up the price of personal information. PandaLabs found that prices are higher for online accounts that have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds;
• How cybercriminals employ modern marketing tactics to run their “businesses”: For example, operators will often offer free ‘trial’ access to stolen bank or credit card details, as well as money back guarantees and free exchanges.

But how is the money made? Certainly, it’s not completely by outright theft of funds from bank accounts, payment processors and identity theft. Sure, we hear about those things in the news all the time, but they are usually perpetrated by some individual or group at the end of a long chain of transactions that have more to do with trading in stolen data or the botnets that steal the data.

There is an excellent paper that gives great insight into the value of trading in such things: The International Computer Science Institute’s “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants”, published in October 2007 as part of the proceedings of ACM Computer and Communication Security Conference (ACM CCS), Alexandria, Virginia.

The most common behavior in the market is the posting of want and sales ads for illicit digital goods and services. Goods range from compromised machines to mass email lists for spamming. Services range from electronically transferring funds out of bank accounts to spamming and phishing for hire… The goods and services advertised are sold to miscreants who perform various forms of e-crime including financial fraud, phishing, and spamming. For example, a miscreant, intent on phishing, can enter the market and buy the goods necessary to launch a targeted phishing campaign…

For example, here are some actual postings the researchers got from the channels:

i have boa wells and barclays bank logins….
have hacked hosts, mail lists, php mailer send to all inbox
i need 1 mastercard i give 1 linux hacked root
i have verified paypal accounts with good balance…and i can cashout paypals

They also noted posting of samples of sensitive information that act as advertisements of sorts, similar to the “free sample” marketing model:

Name: Phil Phished
Address: 100 Scammed Lane, Pittsburgh, PA
Phone: 555-687-5309
Card Number: 4123 4567 8901 2345
Exp: 10/09 CVV: 123
SSN: 123-45-6789

CHECKING 123-456-XXXX $51,337.31
SAVINGS 987-654-XXXX $75,299.64

People ask me every day (particularly on Skype in reference to the latest Skype phishing attempts), “Why do people do this?” Now, rather than explaining it to them, I’ll just point them to this post. And you can do the same.

Skype Phishing Attempts and Account Hacking – Part 1

Skype Phishing Attempts and Account Hacking – Part 2

The first thing you have to learn here is to NEVER CLICK on any links sent to you in email, chats, Skype, whatever until and unless you have verified their source and authenticity. The link above is obviously fake to those of us in the know, but to a normal user, it looks like it came from Skype.

The second thing you have to learn is how to recognize these bogus links. The casual observer will see www.skype.com in what looks like the right place. It would be, except for the single slash in front of it. The web server treats anything after the “/” as a directory. What you have here is the real URL, http://miw.host.sk, pointing to a directory called www.skype.com which contains a fake Skype login page. You can ignore the /?id=79826&lc=us. It doesn’t matter to anyone but the hacker. If you fall for this ruse, they get your password. This is typical of most phishing attempts.

The third thing you have to learn is that you absolutely MUST NOT use the same password for everything. If the hacker gets your password and is able to find out where you bank or find other sites that you log into, they will try that password out. In fact, the first place they are going to go is your PayPal account and heaven forbid if they know your PayPal email address!

You have two tools at your disposal to help combat this menace: OpenDNS and their excellent service, PhishTank. (I’ll do a separate post on PhishTank next week.) OpenDNS Basic is a free service that gives you all this:

• Reliable DNS Infrastructure
• Web Content Filtering
• Phishing Protection
• Basic Customization
• Typo Correction

Head on over there, sign up for the free account and learn how to set it up on your system. Once you have it set up, you’ll get a message like this if you try to visit a phishing site:

This is actually working with PhishTank to determine whether it’s a known phishing site. I’ll tell you how to join the community and help report phishing sites in a future post. Also, look for a video or two on how to configure OpenDNS and how to recover a hacked Skype account.

Congratulation!!! You have been selected to participate in a paid Consumer Research Program. As one of the people selected to represent our firm; you will be acting as a Customer service Evaluator of selected Companies in your area.

There’s a check enclosed along with a “Customer Service Evaluation Form“. In this case, the check was for $1,895.00 made payable to a family member. Looks real and probably is real check security paper. The check is shown above. You can see a full-size version here.

It’s completely bogus. That should be obvious from the start. Misspelled words, improper capitalization, and using a semicolon as a comma just screams “I no speak English.” The supposed contact person, Mr. Chris Nelson, is later referred to in this manner: “. . . you contact Mr. Chris for activation.” Again, another mistake.

Further along in the letter are “instructions” on what to do: “CASH WITHDRAWAL $1,645 Your survey payment is $250; keep that in your account.” If you look at the letter, you’ll see $1,435.00 listed as “SURVEY FOR WESTERN UNION Receipt required.” Presumably, “Mr. Chris” is going to explain to you where you’re supposed to wire that money.

So, if you fall for this scam, assuming you have sufficient money in the bank to make the cash withdrawal before the check clears, you’ll wire $1,435 plus wire fees to someone and you’ll go shopping as instructed with the rest, thinking you just made an easy $250. A few days later, the “check” bounces and the bank debits your account. You’ve just been robbed.

I spoke with my banker about this earlier today and she told me that I would be surprised at how many people fall for these things. She sees them all the time. Of course, I’m not the least bit surprised.

Thank heaven my family member called me first.

Subject: Account Pending Suspension

Dear Citibank client,

You account may have been used by a third party.  For your
protection, we decided to suspend access to it.

To  remove the suspension, please confirm your identity
with us.

To do this, please download and complete the attached
html form.

We are sorry for the inconvenience, but your security
is our primary concern. 

Kind Regards,

Customer Service

Copyright © 2010 Citibank

If you take the bait, here’s the page you get:

Obviously, this isn’t a Citibank site, but I’ll bet some people have fallen for it. I’ll also bet their bank accounts have smaller balances than they should have!

Important Information About Your [bank name] Account

Dear [My Name],

One of the most important ways we can help our customers manage their money in a safe and secure environment is by providing detailed account information on a timely basis.

Because your account referenced above is classified as dormant–no deposits or withdrawals for 36 months–we are letting you know that there has recently been activity on the account. If you are aware of this activity, no action is required.

We suggest that you first check with other signers on the account to verify whether they have accessed the account. However, if they have not and you believe the activity to be unauthorized, please contact us immediately at [800 phone number], so that we may investigate this activity and take appropriate action.

Below is a summary of the activity:

[details of the transaction]

If you have questions or need additional information [etc., etc., etc.]

This was for a DEPOSIT!

I have a warm, fuzzy feeling now.