Feeds

T-Mobile and AT&T stung in $22m handset scam

Eight indicted in elaborate dealer fraud

Beginner's guide to SSL certificates

Eight people have been indicted by a Brooklyn court for running a scam that involved dealers using customer details to order handsets, in a fraud worth $22m.

The charges allege that two of the defendants, who ran cellular dealerships in New York and Florida, picked up customer details from the network's databases, then used the details to impersonate those customers and order additional handsets, as well as making insurance claims for broken handsets. Deliveries were then either redirected en route, or simply sent to the defendants' addresses.

Got Wireless operated out of Brooklyn and was authorised with AT&T as well as T-Mobile, while KP Wireless was based in West Palm Beach, Florida, and only had access to T-Mobile's customer database. But the owners of both companies are accused of lifting customer details and then posing as those customers to buy additional handsets or make insurance claims for replacements.

The group apparently then bribed delivery drivers subcontracted by FedEx and DHL to intercept the packages, while other confederates scanned the boxes as having been successfully delivered.

UPS deliveries obviously presented more of a problem as they were sent directly to addresses connected to the defendants.

When customers called up to complain about the devices appearing on their bills, the operators just wrote off the amounts, which totalled (including shipping) $22m.

Catching the miscreants took a while, and apparently is "an example of the strategic partnerships between the Secret Service, the New York State Police, and our private sector partners", according to the Special Agent-in-Charge.

Dealer fraud is a big deal for mobile operators, though all the networks have been cracking down over the last few years, and steps such as the international database of stolen handsets help a lot.

The problem here is that dealers, by necessity, have access to exactly the information needed to impersonate the customer. Therefore the customer, and the network, are both required to trust the mobile-phone shop: which might worry anyone who has visited one. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.