10:26 PM

Feds Put Brakes On ID Theft Ring That Targets Home Equity Accounts

Four arrested in scheme to steal money using customers' home equity lines of credit

Federal agencies have arrested three members of an identity theft ring that stole more than $2.5 million by fraudulently accessing home equity lines of credit.

In a press release issued Monday afternoon, the U.S. Attorney's office in New Jersey confirmed that four men have been arrested in three different states, each one accused of participating in a sophisticated scheme designed to steal money from individuals' home equity lines of credit (HELOCs). Experts say such lines of credit are a new favorite for fraudsters because many contain large credit limits, but are not frequently checked by the customer.

The ring has stolen more than $2.5 million in the HELOC scheme, and another $4 million in transactions were attempted but not completed, according to court documents.

The four who were arrested -- Oludola Akinmola, Oladej Craig, Oluwajide Ogunbiyi, and Derrick Polk -- were identified in context of a larger investigation into an identity theft ring that extends across North America, the U.K., and a number of Asian countries, according to court filings. The ring has developed a wide range of methods to collect personal information -- sometimes illegally, sometimes through searches of public documents -- and to correlate that data for use in sophisticated fraud schemes, federal officials said.

"The HELOC scheme is one application of that identity theft ring," says Erez Liebermann, an assistant U.S. attorney in the District of New Jersey, who works in the Computer Hacking and IP/Commercial Crimes Unit. "Because the larger ring has been able to collect so much information, these individuals were able to develop a more sophisticated fraud scheme than we've seen" from other identity thieves, he says.

To further the fraud and to avoid detection, co-conspirators routinely traded confidential customer information, such as Social Security numbers, mothers' maiden names, and online banking passwords over e-mail; impersonated bank customers; used technology to disguise caller identification information; and changed customer address information in bank files, officials say. Proceeds from the scheme made their way to conspirators in Japan, Nigeria, Canada, and South Korea, among other countries.

HELOCs are an attractive target for criminals, because many individuals sign up for such lines of credit as a hedge against emergencies and don't ever use them, Liebermann observes. Many HELOCs involve large amounts of credit, because banks and financial insititutions generally offer lower rates on higher amounts of credit, Liebermann notes. If a customer has not used a HELOC, most banks do not send out a statement. And if a criminal can successfully break into an account and change the address to which statements are sent, that customer could go for many months without being aware that any activity is taking place.

After collecting some basic customer information via the identity theft ring, the fraudsters call banks and credit unions and pretend to be the HELOC account holders. "Through interaction with unwitting customer service representatives and loan officers, [the criminals] extract additional customer and account information by posing as legitimate account holders," the court documents say.

Then, the attackers call the bank or credit union back later, again pretending to be the account holder. Using prepaid calling cards to protect their identities, the attackers request that "a large percentage of the balance of a victim HELOC be wired to a preselected bank account controlled by the co-conspirators," according to the court filings.

If the wire request is done by fax, the victim account holder's signature is often copied from publicly filed documents available as part of mortgage and HELOC records used to verify a lien on a house, the court documents say. When banks attempt to verify the authenticity of a wire request by calling the customer at the phone number they have on file, the attackers get around this protocol by changing the default phone number in advance, or by reporting a problem to the victim's local phone company and having all the calls to that number forwarded to a number of their own choosing, the documents say.

The documents offer a number of examples of sophisticated transactions completed by the accused, most of them involving impersonating the victim in order to change contact information or to initiate unauthorized transactions. The attacks vary and do not always follow the same procedure.

Last week, the U.S. Attorney's office in the Eastern District of Virginia announced the guilty pleas of three other individuals who are accused of participating in the identity theft ring. As of last week, nine people had been arrested as part of the broader identity theft investigation, officials said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.