Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Feds Put Brakes On ID Theft Ring That Targets Home Equity Accounts

Four arrested in scheme to steal money using customers' home equity lines of credit

Federal agencies have arrested three members of an identity theft ring that stole more than $2.5 million by fraudulently accessing home equity lines of credit.

In a press release issued Monday afternoon, the U.S. Attorney's office in New Jersey confirmed that four men have been arrested in three different states, each one accused of participating in a sophisticated scheme designed to steal money from individuals' home equity lines of credit (HELOCs). Experts say such lines of credit are a new favorite for fraudsters because many contain large credit limits, but are not frequently checked by the customer.

The ring has stolen more than $2.5 million in the HELOC scheme, and another $4 million in transactions were attempted but not completed, according to court documents.

The four who were arrested -- Oludola Akinmola, Oladej Craig, Oluwajide Ogunbiyi, and Derrick Polk -- were identified in context of a larger investigation into an identity theft ring that extends across North America, the U.K., and a number of Asian countries, according to court filings. The ring has developed a wide range of methods to collect personal information -- sometimes illegally, sometimes through searches of public documents -- and to correlate that data for use in sophisticated fraud schemes, federal officials said.

"The HELOC scheme is one application of that identity theft ring," says Erez Liebermann, an assistant U.S. attorney in the District of New Jersey, who works in the Computer Hacking and IP/Commercial Crimes Unit. "Because the larger ring has been able to collect so much information, these individuals were able to develop a more sophisticated fraud scheme than we've seen" from other identity thieves, he says.

To further the fraud and to avoid detection, co-conspirators routinely traded confidential customer information, such as Social Security numbers, mothers' maiden names, and online banking passwords over e-mail; impersonated bank customers; used technology to disguise caller identification information; and changed customer address information in bank files, officials say. Proceeds from the scheme made their way to conspirators in Japan, Nigeria, Canada, and South Korea, among other countries.

HELOCs are an attractive target for criminals, because many individuals sign up for such lines of credit as a hedge against emergencies and don't ever use them, Liebermann observes. Many HELOCs involve large amounts of credit, because banks and financial insititutions generally offer lower rates on higher amounts of credit, Liebermann notes. If a customer has not used a HELOC, most banks do not send out a statement. And if a criminal can successfully break into an account and change the address to which statements are sent, that customer could go for many months without being aware that any activity is taking place.

After collecting some basic customer information via the identity theft ring, the fraudsters call banks and credit unions and pretend to be the HELOC account holders. "Through interaction with unwitting customer service representatives and loan officers, [the criminals] extract additional customer and account information by posing as legitimate account holders," the court documents say.

Then, the attackers call the bank or credit union back later, again pretending to be the account holder. Using prepaid calling cards to protect their identities, the attackers request that "a large percentage of the balance of a victim HELOC be wired to a preselected bank account controlled by the co-conspirators," according to the court filings.

If the wire request is done by fax, the victim account holder's signature is often copied from publicly filed documents available as part of mortgage and HELOC records used to verify a lien on a house, the court documents say. When banks attempt to verify the authenticity of a wire request by calling the customer at the phone number they have on file, the attackers get around this protocol by changing the default phone number in advance, or by reporting a problem to the victim's local phone company and having all the calls to that number forwarded to a number of their own choosing, the documents say.

The documents offer a number of examples of sophisticated transactions completed by the accused, most of them involving impersonating the victim in order to change contact information or to initiate unauthorized transactions. The attacks vary and do not always follow the same procedure.

Last week, the U.S. Attorney's office in the Eastern District of Virginia announced the guilty pleas of three other individuals who are accused of participating in the identity theft ring. As of last week, nine people had been arrested as part of the broader identity theft investigation, officials said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.