Feds Put Brakes On ID Theft Ring That Targets Home Equity Accounts

Four arrested in scheme to steal money using customers' home equity lines of credit

Federal agencies have arrested three members of an identity theft ring that stole more than $2.5 million by fraudulently accessing home equity lines of credit.

In a press release issued Monday afternoon, the U.S. Attorney's office in New Jersey confirmed that four men have been arrested in three different states, each one accused of participating in a sophisticated scheme designed to steal money from individuals' home equity lines of credit (HELOCs). Experts say such lines of credit are a new favorite for fraudsters because many contain large credit limits, but are not frequently checked by the customer.

The ring has stolen more than $2.5 million in the HELOC scheme, and another $4 million in transactions were attempted but not completed, according to court documents.

The four who were arrested -- Oludola Akinmola, Oladej Craig, Oluwajide Ogunbiyi, and Derrick Polk -- were identified in context of a larger investigation into an identity theft ring that extends across North America, the U.K., and a number of Asian countries, according to court filings. The ring has developed a wide range of methods to collect personal information -- sometimes illegally, sometimes through searches of public documents -- and to correlate that data for use in sophisticated fraud schemes, federal officials said.

"The HELOC scheme is one application of that identity theft ring," says Erez Liebermann, an assistant U.S. attorney in the District of New Jersey, who works in the Computer Hacking and IP/Commercial Crimes Unit. "Because the larger ring has been able to collect so much information, these individuals were able to develop a more sophisticated fraud scheme than we've seen" from other identity thieves, he says.

To further the fraud and to avoid detection, co-conspirators routinely traded confidential customer information, such as Social Security numbers, mothers' maiden names, and online banking passwords over e-mail; impersonated bank customers; used technology to disguise caller identification information; and changed customer address information in bank files, officials say. Proceeds from the scheme made their way to conspirators in Japan, Nigeria, Canada, and South Korea, among other countries.

HELOCs are an attractive target for criminals, because many individuals sign up for such lines of credit as a hedge against emergencies and don't ever use them, Liebermann observes. Many HELOCs involve large amounts of credit, because banks and financial insititutions generally offer lower rates on higher amounts of credit, Liebermann notes. If a customer has not used a HELOC, most banks do not send out a statement. And if a criminal can successfully break into an account and change the address to which statements are sent, that customer could go for many months without being aware that any activity is taking place.

After collecting some basic customer information via the identity theft ring, the fraudsters call banks and credit unions and pretend to be the HELOC account holders. "Through interaction with unwitting customer service representatives and loan officers, [the criminals] extract additional customer and account information by posing as legitimate account holders," the court documents say.

Then, the attackers call the bank or credit union back later, again pretending to be the account holder. Using prepaid calling cards to protect their identities, the attackers request that "a large percentage of the balance of a victim HELOC be wired to a preselected bank account controlled by the co-conspirators," according to the court filings.

If the wire request is done by fax, the victim account holder's signature is often copied from publicly filed documents available as part of mortgage and HELOC records used to verify a lien on a house, the court documents say. When banks attempt to verify the authenticity of a wire request by calling the customer at the phone number they have on file, the attackers get around this protocol by changing the default phone number in advance, or by reporting a problem to the victim's local phone company and having all the calls to that number forwarded to a number of their own choosing, the documents say.

The documents offer a number of examples of sophisticated transactions completed by the accused, most of them involving impersonating the victim in order to change contact information or to initiate unauthorized transactions. The attacks vary and do not always follow the same procedure.

Last week, the U.S. Attorney's office in the Eastern District of Virginia announced the guilty pleas of three other individuals who are accused of participating in the identity theft ring. As of last week, nine people had been arrested as part of the broader identity theft investigation, officials said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of Clearswift,  4/22/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-04-25
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
PUBLISHED: 2019-04-25
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent, NIS- & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for executi...
PUBLISHED: 2019-04-25
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a nucleo.neatocloud.com:4443/vendors/neato/robots/[robot_serial]/messages Neato clou...
PUBLISHED: 2019-04-25
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. .
PUBLISHED: 2019-04-25
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.