Feeds

Bank and mortgage scam nets ID crooks thousands

Why settle for just emptying an online bank account?

Using blade systems to cut costs and sharpen efficiencies

Scammers conned both a mortgage firm and a bank to hit an IT director for £60,000. UK police are hunting the gang responsible for the scam, and at least nine others like it, that are estimated to have netted ID fraudsters hundreds of thousands of pounds, The Times reports.

Phishing fraudsters are typically satisfied with milking money from online accounts, but the group hunted by detectives from the Dedicated Cheque and Plastic Crime Unit was more ambitious. The gang's basic modus-operandi involved hacking into individual bank accounts and ordering new credit cards which are subsequentally used to buy jewellery, electronic goods, or foreign currency.

The gang pieced together enough information about one victim, an IT director, to transfer £60,000 from his mortgage reserve account to a current account, which they later emptied to buy jewellery in Barcelona.

Instead of conventional ID fraud, where loans and credit cards are obtained under a false name, the gang specialises in taking over existing accounts.

Detective Constable Keith Harrington told The Times that the crooks use social engineering tricks to find information about victims prior to convincing a bank to issue a new card and PIN. This card is picked up at a local postal office by a crook impersonating the prospective mark, an aspect of the scam that seems to rely on knowing the victim will be away from home.

"The whole operation from start to finish takes a few days and usually by the time anyone notices the money has gone the gang will have bought the goods and sold them on," DC Harrington said.

"When we first came across it we thought it was unusual but we have found it is happening all over the country."

The unfortunate IT director came back from holiday in Thailand to discover that £60K had been moved into his current account at Barclays Bank before being spent on expensive jewellery. Investigators reckon the gang tricked bank staff into revealing where the man held his mortgage prior to using a similar ruse on the mortgage firm in order to persuade it to transfer money into his current account. The victim has been reimbursed by Barclays for losses he incurred as a result of the scam, which raises serious questions about both bank and mail security.

"It seems [the gang] told Barclays that 'I' needed a new debit card as the current one was damaged and a reminder of the PIN and then all they had to provide as identification to the Post Office was a Tesco Clubcard and a fake utility bill," the victim told The Times.

"Somehow or other they managed to convince my mortgage company to transfer the £60,000 and then used the new card to spend it. This has all been rather disconcerting, especially finding out how easy it is for people to pretend to be me and how easy it was for them to get to my post. It is not as though I am lax with my internet security," he added.

Barclays told the paper that it was inappropriate for the bank to comment during an investigation.®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.