Feeds

Identity Thefts from the Rich and Famous

How can you be a trainee dish washer?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A trainee dish washer has been arrested in New York after allegedly using the Internet to defraud millions from US celebrities and millionaires.

According to the New York Post, which broke the story, Abraham Abdallah allegedly used Internet access at a local library and copies of Forbes magazine to steal the identities of 200 celebrities so that he could run up bills in their names online.

The 32 year-old is suspected of stealing millions of dollars from celebrities including Steven Spielberg, George Soros, former presidential candidate Ross Perot and Oracle boss Larry Ellison.

During the six months of the fraud he allegedly set up an elaborate network of post office boxes, Web-enabled cell phones and online voice mail services so that he could fool banks and avoid detection. He also used couriers to pick up goods and throw police off the scent.

The fraud was reportedly only discovered when an email request to transfer $10 million from the bank account of the founder of CRM magnate Thomas Siebel raised eyebrows at his bank, Merrill Lynch.

This tip-off allowed investigators to trace the electronic trail of fraudulent activities, which was far wider than anyone first suspected, and eventually enabled them to set up a trap at a drop off point for goods, where Abdallah was arrested.

The New York Post quotes unnamed sources who said that after Abdallah's arrest, police recovered a dog-eared copy of Forbes' "Richest People in America" list on which home addresses, cell phone and Social Security numbers, account numbers and balances - and even mothers' maiden names, were neatly jotted down.

Police are also said to have recovered notebooks and ledgers, counterfeit corporate papers, and rubber stamps.

It is believed Abdallah used the Forbes' article to draw up a list of victims about whom he subsequently obtained confidential financial information, by writing to credit reference agencies on forged corporate letterheads, bearing the names of brokerage houses.

This confidential data was allegedly enough for him to impersonate celebrities and gain access to their credit cards and other accounts at brokerage houses and investment banks.

"He's the best I ever faced," Detective Michael Fabozzi of the NYPD's Computer Investigation and Technology Unit, told the New York Post

Abdallah is charged with criminal possession of forged devices, stolen property and criminal impersonation, in a case has been taken over by federal investigators. He denies the charges.

The case is one examples so far of identity theft, which as explained in an earlier article we published about the subject (by Kevin Mitnick), is set to become a much more serious problem.

Victims pay to ensure against risk

So far the response of those in charge of managing debt risk to identity theft has being to encourage consumers to buy products that allow people to monitor what is happening to their finances more immediately.

For example, credit reference agency Equifax has introduced products like Credit Watch and Credit Profile which are allow consumers to monitor their credit standing online.

Dave Mooney, a spokesman for Equifax, said through Credit Watch US consumers (though not those in the UK) would be able to get email notification when there are changes to their credit file, rather than hearing about problems from debt collection agencies trying to recover unpaid bills. It is also rolling out products that give consumers their credit scores.

Insurance firm PromiseMark estimates identity theft affects 700,000 people annually and costs $4bn, in response to which it has introduced what it bills as a Hacker and Identity Theft Protection Plan.

This service provides fraud resolution services to hacker and identity theft victims to assist in the recovery of credit and financial losses from their online and offline accounts.

Placing the onus on consumers to protect themselves from identity theft can only be part of the solution, and merchants need to take more responsibility about tackling the issue. After all it is financial institutions, and credit reference agencies, to are responsible for extending fraudulent lines of credit in the first place. Is it too much to ask that they invest to improve their systems? ®

External links

New York Post article
PromiseMark
Equifax

Related stories

Stomp the identity thieves
Hacking credit cards is preposterously easy

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.