Feeds

Bank and mortgage scam nets ID crooks thousands

Why settle for just emptying an online bank account?

The Essential Guide to IT Transformation

Scammers conned both a mortgage firm and a bank to hit an IT director for £60,000. UK police are hunting the gang responsible for the scam, and at least nine others like it, that are estimated to have netted ID fraudsters hundreds of thousands of pounds, The Times reports.

Phishing fraudsters are typically satisfied with milking money from online accounts, but the group hunted by detectives from the Dedicated Cheque and Plastic Crime Unit was more ambitious. The gang's basic modus-operandi involved hacking into individual bank accounts and ordering new credit cards which are subsequentally used to buy jewellery, electronic goods, or foreign currency.

The gang pieced together enough information about one victim, an IT director, to transfer £60,000 from his mortgage reserve account to a current account, which they later emptied to buy jewellery in Barcelona.

Instead of conventional ID fraud, where loans and credit cards are obtained under a false name, the gang specialises in taking over existing accounts.

Detective Constable Keith Harrington told The Times that the crooks use social engineering tricks to find information about victims prior to convincing a bank to issue a new card and PIN. This card is picked up at a local postal office by a crook impersonating the prospective mark, an aspect of the scam that seems to rely on knowing the victim will be away from home.

"The whole operation from start to finish takes a few days and usually by the time anyone notices the money has gone the gang will have bought the goods and sold them on," DC Harrington said.

"When we first came across it we thought it was unusual but we have found it is happening all over the country."

The unfortunate IT director came back from holiday in Thailand to discover that £60K had been moved into his current account at Barclays Bank before being spent on expensive jewellery. Investigators reckon the gang tricked bank staff into revealing where the man held his mortgage prior to using a similar ruse on the mortgage firm in order to persuade it to transfer money into his current account. The victim has been reimbursed by Barclays for losses he incurred as a result of the scam, which raises serious questions about both bank and mail security.

"It seems [the gang] told Barclays that 'I' needed a new debit card as the current one was damaged and a reminder of the PIN and then all they had to provide as identification to the Post Office was a Tesco Clubcard and a fake utility bill," the victim told The Times.

"Somehow or other they managed to convince my mortgage company to transfer the £60,000 and then used the new card to spend it. This has all been rather disconcerting, especially finding out how easy it is for people to pretend to be me and how easy it was for them to get to my post. It is not as though I am lax with my internet security," he added.

Barclays told the paper that it was inappropriate for the bank to comment during an investigation.®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Canada's boffins need A WHOLE YEAR to recover from China hack attack
'State-sponsored actor' breached National Research Council network
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.