Feds Bust $2 Million Fraud Scam

Bank Insiders Key to Alleged ID Theft Scheme        

By Tracy Kitten, December 22, 2011

U.S. federal authorities have indicted 55 suspects for their alleged involvement in an identity-theft and financial crime ring that used insiders at banks, a non-profit institution, a high-end car dealership and a real-estate management company to steal personally identifiable information from more than 200 individuals and organizations.    
      

According to charges filed by the Manhattan District Attorney, stolen names, dates of birth, addresses, Social Security numbers and financial information were used through a variety of schemes to defraud victims and financial institutions. Between May 2010 and September 2011, the New York crime ring is accused of stealing more than $2 million from JPMorgan Chase Bank, TD Bank, Citibank, Discover and American Express. The charges include conspiracy to commit grand larceny, grand larceny, criminal possession of stolen property, identity theft and criminal possession of a forged instrument.

The 18-month investigation, which relied on court-ordered eavesdropping, physical surveillance, computer forensics and analysis of credit card, banking and phone records, remains open.

"Today's indictment reveals another tool of organized identity thieves - insiders who betray their employers and prey on clients," said Manhattan District Attorney Cyrus R. Vance in a statement about the case. "These insiders used their positions to gain access to client data, and then sold that data to make money for themselves and their accomplices."

To read the entire article, click here: http://www.bankinfosecurity.com/articles.php?art_id=4350&rf=2011-12-22-eb&elq=2089d9f1275c4a69a721677f9c7f3d06&elqCampaignId=1034

Zeus Variant Can Defeat Two-Factor Authentication

By Tracy Kitten, December 2, 2011

The Federal Bureau of Investigation has issued a warning about a new Zeus malware attack targeting commercial bank accounts, ultimately leading to incidents of corporate account takeover. The Zeus variant used: a malware called Gameover, which the FBI says is able to defeat several forms of dual-factor authentication.

To protect themselves, the FBI suggests consumers and businesses pay attention to suspicious e-mails. In the case of the Gameover attacks, e-mails purporting to come from NACHA-The Electronic Payments Association contained malicious links. NACHA does not traditionally send e-mails directly to businesses or consumers. Receipt of a direct e-mail from an organization such as NACHA should raise a red flag.

But according to the FBI's Denver Cyber Squad, it's not just phishy emails and dual-factor get-arounds that have made the Gameover attacks forces to be reckoned with. As it turns out, the fraudsters behind this scheme combined a number of tactics, including the use of money mules and denial of service attacks, to con businesses and banks out of funds.

To read the entire article, click here: http://ffiec.bankinfosecurity.com/articles.php?art_id=4295&rf=2011-12-02-eb&elq=5209da99abcc4e7b8fa7af3303c5ca23&elqCampaignId=904