Thursday, December 11, 2008

Identity Thefts Help Crooks Rob Banks by Phone

A new federal indictment in New Jersey demonstrates how anyone can rob a bank by telephone.

On November 24, 2008, the U.S. Attorney for the state of New Jersey announced the arrest of multiple defendants “charged with engaging in an international conspiracy to deplete millions of dollars from U.S. victims’ home equity lines of credit (HELOC) using personal information obtained through identity theft and unauthorized computer access.” Those named in the case are alleged to have stolen financial account information and funds by calling the bank and impersonating real customers from institutions such as Citibank, JPMorganChase, Wachovia, Washington Mutual, Bank of America, Navy Federal Credit Union, Pentagon Federal Credit Union, U.S. Senate Federal Credit Union, the State Department Federal Credit Union, and dozens of other financial institutions. Those indicted are estimated to have successfully stolen more than $2.5 million from innocent customers of banks and credit unions, and have unsuccessfully attempted to steal approximately $4 million more.

According to the New Jersey U.S. Attorney’s Office, the defendants “routinely traded confidential customer information such as Social Security numbers, mother’s maiden names, and online banking passwords over e-mail; impersonated bank customers through a process known as “social engineering”; used technology to disguise caller identification information; and changed customer address information in bank files. Proceeds from the scheme, which currently exceed at least approximately $2.5 million, made their way to conspirators in Japan, Nigeria, Canada, South Korea, among other countries.”

“The facts as alleged by the U.S. Attorney unfortunately demonstrate that the warnings in my repeated testimonies before the United States Congress over the last decade have come true,” said InsideIDTheft.info editor Rob Douglas. “Americans’ financial accounts are not being protected by the financial industry. Anyone can rob a bank by phone.”

Mr. Douglas, an expert on the use of social engineering and “pretext” phone calls designed to steal financial account information and funds by phone, has repeatedly warned of the threat posed to the financial services industry by social engineering and pretext calling. Douglas is also an expert on the use of Caller ID Spoofing, also allegedly used in the NJ case. His testimonies – both state and federal – have resulted in a number of laws being passed. Yet, Douglas notes that the majority of banks are still easy picking for identity criminals and there is not enough being done by the financial services industry to protect the security of Americans’ funds.”

InsideIDTheft.info advises all Americans to do the following to protect financial accounts:

1) Never provide account information in reply to an email or phone call purporting to be from your bank. Reputable banks will never ask you to provide information by phone or email.

2) Use alphanumeric passwords and PINS for both telephone and web account access. Never use mother’s maiden name or other biographical data.

3) Monitor all financial accounts on a weekly basis to spot fraudulent transactions.