Feeds

Bank and mortgage scam nets ID crooks thousands

Why settle for just emptying an online bank account?

High performance access to file storage

Scammers conned both a mortgage firm and a bank to hit an IT director for £60,000. UK police are hunting the gang responsible for the scam, and at least nine others like it, that are estimated to have netted ID fraudsters hundreds of thousands of pounds, The Times reports.

Phishing fraudsters are typically satisfied with milking money from online accounts, but the group hunted by detectives from the Dedicated Cheque and Plastic Crime Unit was more ambitious. The gang's basic modus-operandi involved hacking into individual bank accounts and ordering new credit cards which are subsequentally used to buy jewellery, electronic goods, or foreign currency.

The gang pieced together enough information about one victim, an IT director, to transfer £60,000 from his mortgage reserve account to a current account, which they later emptied to buy jewellery in Barcelona.

Instead of conventional ID fraud, where loans and credit cards are obtained under a false name, the gang specialises in taking over existing accounts.

Detective Constable Keith Harrington told The Times that the crooks use social engineering tricks to find information about victims prior to convincing a bank to issue a new card and PIN. This card is picked up at a local postal office by a crook impersonating the prospective mark, an aspect of the scam that seems to rely on knowing the victim will be away from home.

"The whole operation from start to finish takes a few days and usually by the time anyone notices the money has gone the gang will have bought the goods and sold them on," DC Harrington said.

"When we first came across it we thought it was unusual but we have found it is happening all over the country."

The unfortunate IT director came back from holiday in Thailand to discover that £60K had been moved into his current account at Barclays Bank before being spent on expensive jewellery. Investigators reckon the gang tricked bank staff into revealing where the man held his mortgage prior to using a similar ruse on the mortgage firm in order to persuade it to transfer money into his current account. The victim has been reimbursed by Barclays for losses he incurred as a result of the scam, which raises serious questions about both bank and mail security.

"It seems [the gang] told Barclays that 'I' needed a new debit card as the current one was damaged and a reminder of the PIN and then all they had to provide as identification to the Post Office was a Tesco Clubcard and a fake utility bill," the victim told The Times.

"Somehow or other they managed to convince my mortgage company to transfer the £60,000 and then used the new card to spend it. This has all been rather disconcerting, especially finding out how easy it is for people to pretend to be me and how easy it was for them to get to my post. It is not as though I am lax with my internet security," he added.

Barclays told the paper that it was inappropriate for the bank to comment during an investigation.®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.