Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Feds Put Brakes On ID Theft Ring That Targets Home Equity Accounts

Four arrested in scheme to steal money using customers' home equity lines of credit

Federal agencies have arrested three members of an identity theft ring that stole more than $2.5 million by fraudulently accessing home equity lines of credit.

In a press release issued Monday afternoon, the U.S. Attorney's office in New Jersey confirmed that four men have been arrested in three different states, each one accused of participating in a sophisticated scheme designed to steal money from individuals' home equity lines of credit (HELOCs). Experts say such lines of credit are a new favorite for fraudsters because many contain large credit limits, but are not frequently checked by the customer.

The ring has stolen more than $2.5 million in the HELOC scheme, and another $4 million in transactions were attempted but not completed, according to court documents.

The four who were arrested -- Oludola Akinmola, Oladej Craig, Oluwajide Ogunbiyi, and Derrick Polk -- were identified in context of a larger investigation into an identity theft ring that extends across North America, the U.K., and a number of Asian countries, according to court filings. The ring has developed a wide range of methods to collect personal information -- sometimes illegally, sometimes through searches of public documents -- and to correlate that data for use in sophisticated fraud schemes, federal officials said.

"The HELOC scheme is one application of that identity theft ring," says Erez Liebermann, an assistant U.S. attorney in the District of New Jersey, who works in the Computer Hacking and IP/Commercial Crimes Unit. "Because the larger ring has been able to collect so much information, these individuals were able to develop a more sophisticated fraud scheme than we've seen" from other identity thieves, he says.

To further the fraud and to avoid detection, co-conspirators routinely traded confidential customer information, such as Social Security numbers, mothers' maiden names, and online banking passwords over e-mail; impersonated bank customers; used technology to disguise caller identification information; and changed customer address information in bank files, officials say. Proceeds from the scheme made their way to conspirators in Japan, Nigeria, Canada, and South Korea, among other countries.

HELOCs are an attractive target for criminals, because many individuals sign up for such lines of credit as a hedge against emergencies and don't ever use them, Liebermann observes. Many HELOCs involve large amounts of credit, because banks and financial insititutions generally offer lower rates on higher amounts of credit, Liebermann notes. If a customer has not used a HELOC, most banks do not send out a statement. And if a criminal can successfully break into an account and change the address to which statements are sent, that customer could go for many months without being aware that any activity is taking place.

After collecting some basic customer information via the identity theft ring, the fraudsters call banks and credit unions and pretend to be the HELOC account holders. "Through interaction with unwitting customer service representatives and loan officers, [the criminals] extract additional customer and account information by posing as legitimate account holders," the court documents say.

Then, the attackers call the bank or credit union back later, again pretending to be the account holder. Using prepaid calling cards to protect their identities, the attackers request that "a large percentage of the balance of a victim HELOC be wired to a preselected bank account controlled by the co-conspirators," according to the court filings.

If the wire request is done by fax, the victim account holder's signature is often copied from publicly filed documents available as part of mortgage and HELOC records used to verify a lien on a house, the court documents say. When banks attempt to verify the authenticity of a wire request by calling the customer at the phone number they have on file, the attackers get around this protocol by changing the default phone number in advance, or by reporting a problem to the victim's local phone company and having all the calls to that number forwarded to a number of their own choosing, the documents say.

The documents offer a number of examples of sophisticated transactions completed by the accused, most of them involving impersonating the victim in order to change contact information or to initiate unauthorized transactions. The attacks vary and do not always follow the same procedure.

Last week, the U.S. Attorney's office in the Eastern District of Virginia announced the guilty pleas of three other individuals who are accused of participating in the identity theft ring. As of last week, nine people had been arrested as part of the broader identity theft investigation, officials said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35519
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
CVE-2021-20204
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
CVE-2021-30473
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-32030
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
CVE-2021-22209
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.