Feeds

Bank and mortgage scam nets ID crooks thousands

Why settle for just emptying an online bank account?

Seven Steps to Software Security

Scammers conned both a mortgage firm and a bank to hit an IT director for £60,000. UK police are hunting the gang responsible for the scam, and at least nine others like it, that are estimated to have netted ID fraudsters hundreds of thousands of pounds, The Times reports.

Phishing fraudsters are typically satisfied with milking money from online accounts, but the group hunted by detectives from the Dedicated Cheque and Plastic Crime Unit was more ambitious. The gang's basic modus-operandi involved hacking into individual bank accounts and ordering new credit cards which are subsequentally used to buy jewellery, electronic goods, or foreign currency.

The gang pieced together enough information about one victim, an IT director, to transfer £60,000 from his mortgage reserve account to a current account, which they later emptied to buy jewellery in Barcelona.

Instead of conventional ID fraud, where loans and credit cards are obtained under a false name, the gang specialises in taking over existing accounts.

Detective Constable Keith Harrington told The Times that the crooks use social engineering tricks to find information about victims prior to convincing a bank to issue a new card and PIN. This card is picked up at a local postal office by a crook impersonating the prospective mark, an aspect of the scam that seems to rely on knowing the victim will be away from home.

"The whole operation from start to finish takes a few days and usually by the time anyone notices the money has gone the gang will have bought the goods and sold them on," DC Harrington said.

"When we first came across it we thought it was unusual but we have found it is happening all over the country."

The unfortunate IT director came back from holiday in Thailand to discover that £60K had been moved into his current account at Barclays Bank before being spent on expensive jewellery. Investigators reckon the gang tricked bank staff into revealing where the man held his mortgage prior to using a similar ruse on the mortgage firm in order to persuade it to transfer money into his current account. The victim has been reimbursed by Barclays for losses he incurred as a result of the scam, which raises serious questions about both bank and mail security.

"It seems [the gang] told Barclays that 'I' needed a new debit card as the current one was damaged and a reminder of the PIN and then all they had to provide as identification to the Post Office was a Tesco Clubcard and a fake utility bill," the victim told The Times.

"Somehow or other they managed to convince my mortgage company to transfer the £60,000 and then used the new card to spend it. This has all been rather disconcerting, especially finding out how easy it is for people to pretend to be me and how easy it was for them to get to my post. It is not as though I am lax with my internet security," he added.

Barclays told the paper that it was inappropriate for the bank to comment during an investigation.®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.