Updated every Tuesday evening, circa 11 p.m. ET. Links may require registration/subscription.
Scam Trends
Scammers are targeting payday lenders, using
The Better Business Bureau has issued an alert about bogus debt collectors making threatening phone calls to people who have used payday loans, according to a Monday column in Georgia's The Augusta Chronicle written by Kevin Collins, the president and chief executive of the BBB of Central Georgia.
These scammers "have a disconcerting amount of personal information on the people they call," including Social Security numbers, driver's license numbers, home addresses and employment information, Collins wrote.
Because of this, "the BBB is concerned that this may be the result of a data breach" affecting "thousands of people," especially "those who have previously used payday loan services," he wrote.
A typical scam call claims that the victim is being sued for a debt and demands up to $1,000 be wired immediately. As an alternative, scammers also request bank or credit card account information. The callers assert that failure to wire the money or reveal other financial data would result in immediate arrest and extradition to California to stand trial, the column said.
More businesses are being targeted by online scammers, but in some cases the victims' losses have been curtailed by
Such was the case for Sign Designs Inc., an electric sign maker and installer in Modesto, Calif., that was probably infected by a malicious program that stole the password to its bank account, The Washington Post's Brian Krebs wrote in his "Security Fix" column Friday.
"What we're looking at is the bank robber of 2009," David Johnston, the owner of Sign Designs, told Krebs. "They don't use a gun, they have lots of helpers, their [profits] are huge, and the likelihood anyone will catch them seems to be extremely slim."
According to Johnston, the thieves tried to rob him of $100,000 — the daily limit his bank sets for online transfers. The scammers "took just $47 short of that amount" and transferred it to the accounts of 17 people.
Those people were money mules, who get money and then transfer it overseas to the masterminds of the scheme. In many cases, these mules don't know they are part of a scam and think they have been hired for honest work.
Johnston said that, because of this, there is a chance the mules will catch on to the scams while the money can still be recovered; in his case, Sign Designs was able to recover $30,000 to $40,000.
"All I can say is, I'm glad it's apparently hard to get reliable money mules these days, or we wouldn't have gotten any money back," he told Krebs.
One of the mules involved in the Sign Designs incident, Merian Terry of Miami, said she was ostensibly hired by a company that asked her to edit text files. After doing so for several weeks, it "promoted" her to handle money transfers and moved close to $10,000 into her account. At this point, Terry told Krebs, "the red flag went off," and she refused to wire the money to Ukraine as her "employer" had instructed.
Because Terry stood her ground, the money can be recovered, though it has not yet been moved back into Sign Designs' account, Johnston said. He also was able to recover $29,900 from a mule who gave a wrong account routing number to the scammers.
Not all identity theft schemes originate overseas; two brothers are
The brothers, Joseph H. Aughenbaugh and Todd Yurgin, are accused of using at least 44 Social Security numbers to open more than 100 credit card accounts, from which they allegedly stole $500,000, Delaware's The News Journal reported Monday.
Aughenbaugh told police he made up the Social Security numbers used to open the fraudulent credit card accounts, though prosecutors said many of the numbers belonged to children. Both brothers have been charged with mail fraud and identity theft. Yurgin, who allegedly struggled with arresting officers and kicked out the window of a police car, has also been charged with assaulting a federal agent.
Scammers for Hire
Don't have the tech chops to hack into a rival's e-mail account?
For $100 a pop, a Virginia woman, upset at learning that her married boyfriend had other girlfriends, was able to buy the passwords of e-mail accounts belonging to her boyfriend and his wife, The Washington Post reported Monday. Apparently pleased with the results she got from the e-mail hacking outsourcer, YourHackerz.com, she went on to buy the passwords of e-mail accounts used by her boyfriend's children and at least one of his other girlfriends, the article said.
The woman, Elaine Cioni, used this information to harass her boyfriend and the other people and has been sentenced to 15 months for gaining unauthorized access to computers, the article said.
YourHackerz.com and other businesses like it, such as SlickHackers.com, PirateCrackers.com and Hackmail.net, are most likely based overseas, experts say. The services can be much cheaper — the Post found one that costs just $33 and will hide the targeted person's password in the text of a scene from a Shakespeare play.
Such services are common because they are hard to shut down. Though a stolen e-mail account can be used for other malicious purposes, such as resetting a password for online banking, hacking into e-mail is only a misdemeanor under federal law.
"The feds usually don't have the resources to investigate and prosecute misdemeanors," Orin Kerr, a law professor at George Washington University, told the Post.
Another issue, according to Kerr: "It's hard to know when an account has been compromised because e-mail snooping doesn't leave a trace."
When the hackers are based overseas, bringing them to justice requires working with another country's law enforcement, and building those relationships takes a long time, the article said.
That said, the clients of these companies can be easy to prosecute. In Cioni's case, computer and financial records made it clear that she had hired YourHackerz.com and used the information to gain access to her boyfriend's e-mail account.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
