Tax refund fraud increasing identity theft
A wave of refund tax fraud is fueling demand for stolen IDs. A year ago I wrote about how one set of Florida-based scamsters had tricked the Internal Revenue Service out of $12.1 million worth of refunds using the stolen names and Social Security numbers of 5,108 dead people–likely taken from the Social Security Death Index. But that, as they say, is yesterday’s news. The IRS told Congress during recent hearings that it has set up a new computer screen to flag fraud relating to the tax returns of recently deceased taxpayers and Internet genealogy sites like Rootsweb.com have limited free access to the death index. So it appears there’s some progress, at least, on that front.
Meanwhile, the fraudsters are collecting lists of living identity theft victims, either by planting employees in jobs with access to personal data or corrupting employees who already have such jobs. Former federal prosecutor Latour “L.T.” Lafferty, head of the white collar and corporate compliance practice at Florida’s Fowler White Boggs, reports that he has been hired in the past year by two local employers to investigate employee theft of information. In one case, he found, an employee had used her smart phone to take pictures of records. (The iPhone takes such good pictures that you can actually take a picture of your W-2 with it, and have the information entered into Intuit’s TurboTax app.) “The old identity theft,’’ Laferty observes, “was `may we send you a fake email and find out if you’re dumb enough to give me a Social Security number’ or going through your trash.’’ The new trend, he says, is for employees to steal names and numbers in bulk and then use TurboTax or other software to file large numbers of refund claims. (If they get in a bogus 1040 before the real, live taxpayer, or smartly pick the identity of an American who doesn’t have to file, they may be able to get thousands of dollars back.)
Man emails identities of 228,435 people to himself
A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.
Christopher Lykes Jr., 36, of Swansea, South Carolina was charged with five counts of violating the confidentiality of the state's Medically Indigent Assistance Act and another count of disclosing confidential information, according to paperwork from South Carolina Law Enforcement uncovered by the newspaper.
Lykes, a former employee of the South Carolina Department of Health and Human Services (SCDHHS), transferred the personal information of 228,435 South Carolinians to his personal Yahoo! e-mail account from January 31 to April 2.
Russian hackers take lead in cybercrime
Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics and are thus responsible for 36% of the estimated total of $12.5 billion earned globally by cybercriminals in 2011, Russian security analyst firm Group-IB said in a report published on Tuesday.
In the report, Group-IB differentiates between cybercriminals living in Russia and Russian-speaking cybercriminals, who include citizens of the countries of the former Soviet Union and other countries. In the 28-page report the researchers estimate that the total share of the Russian cybercrime market alone doubled to $2.3 billion, while the whole Russian-speaking segment of the global cybercrime market also almost doubled, to $4.5 billion. The researchers noted that the Russian-speaking segment of the global cybercrime market traditionally encompasses twice the amount of the Russian segment.
The Group-IB analysts highlighted general trends in the development of online crimes in 2011. The market was embraced by traditional organized crime groups that are trying to control the entire theft process, which led to the merging of two criminal worlds and a refocusing of the Russian mafia's traditional emphasis on crimes such as drug and arms trafficking to cybercrimes, according to the report. This could lead to "an explosive increase of attacks" on the financial sector, the researchers warned. Online banking fraud is one of the fastest growing segments of cybercrime, with a big increase in 2011, Group-IB said.
Tacoma woman sentenced for ID theft
A Tacoma woman who victimized more than a dozen visitors to Mount Rainier National Park, was sentenced to two years in prison, three years of supervised release and $7,034 in restitution for conspiracy and aggravated identity theft.
U.S. Attorney Jenny A. Durkan said 25-year-old Pamela Williams and co-defendant Matthew Mortinson broke into vehicles parked at various trailheads, stealing computers, credit cards and other valuables.
Man found with 38 credit cards convicted of ID theft
A man who pleaded guilty in January to aggravated identity theft and credit card fraud was sentenced Monday to 75 months in federal prison, the U.S. attorney’s office said.
Sharif John Reid, 37, of League City, also must pay $157,501 in restitution related to his attempts to purchase Apple iPads and iPhones at the Memorial City Apple store on Aug. 7.
He was accused of using unauthorized credit card numbers to buy $200,000 in Apple products in Louisiana and Texas.
Authorities found 38 credit cards in Reid’s possession that were stolen or obtained by Reid with the intent to defraud, the U.S. attorney’s office said in a statement.
Identity thieves filing phony tax returns
The Indiana Attorney General’s Office announced today it has received more tax-related identity theft complaints this year than in all of 2011.
Indiana Attorney General Greg Zoeller said 20 Indiana taxpayers have filed complaints so far, because they believe their personal information or their children’s information was used to file fake tax returns and claim refunds. In some cases, Social Security numbers were stolen to obtain employment and as a result the victims are seen as not having reported all their income on their returns.
“Identity theft knows no season, but as Hoosiers file their taxes it provides a unique opportunity for thieves to use names and Social Security numbers to claim significant refunds,” Zoeller said. “These complaints underscore the need for all consumers to be proactive in guarding their personal information whether online, at home or on their person.”
In 2011, the office received 19 tax-related identity theft complaints with only two of those submitted during the three-month period leading up to April. Zoeller said the spike in numbers could be because the Internal Revenue Service (IRS) is doing a better job of finding suspicious activity earlier and reporting it to taxpayers.
Visa Drops Global Payments Following Data Breach
Visa has dropped Global Payments from its list of companies that are deemed compliant with security policies following a data breach that may have compromised as many as 1.5 million Visa and MasterCard accounts.
Visa’s decision to drop Global Payments from its registry of service providers that meet the credit card company’s data security standards came April 1, two days after the breach became public. During a conference call April 2 to discuss the situation, Global Payments CEO Paul Garcia talked about Visa’s move, and reportedly said he expects his company to be returned to the list after it comes back into compliance with the Visa policies. However, Garcia didn’t say when that may be.
Officials with Visa and MasterCard announced last week that data from credit card accounts was stolen following a data breach at a third-party processor, and stressed that their own servers had not been compromised. The credit card companies initially did not say which transaction processing company was attacked, but it soon leaked out that it was Global Payments.
Mail carrier convicted in massive identity fraud case
A jury in federal district court returned a guilty verdict late yesterday against OPEOLUWA ADIGUN, age unknown, and CHUKWUKA ONYEKABA a/k/a Gabriel Onyekaba, 34, both of Marietta, Georgia on charges of stealing the identities of more than 85 individuals in the Atlanta area and opening credit cards, loans, and bank accounts in their names. ADIGUN was also convicted of immigration, social security, and passport fraud.
United States Attorney Sally Quillian Yates said of the case, “Identity theft is a growing problem that destroys the lives of innocent citizens, resulting in years of victimization as they try to clear their good names and credit of the damage done by the criminals. These defendants ran a sophisticated identity theft scheme that included opening multiple accounts in victims’ names, moving the criminal proceeds among different banks in victim names, using fake identifications, and buying ordinary gift cards with stolen credit cards to conceal the source of the proceeds. The jury’s verdict brings some measure of justice to the many victims of these two defendants’ crimes.”
According to Paul Bowman, Area Special Agent in Charge of the United States Postal Service, Office of Inspector General, “Opeoluwa Adigun reflects just a very small percentage of employees who failed to uphold the trust and integrity placed in them. The U.S. Postal Service, Office of Inspector General takes these cases very serious and investigates them to the fullest extent of the law.”
“The U.S. Postal Inspection Service is pleased with the jury’s verdict. Identity theft continues to plague the American public. As long as thieves target the U.S. Mail, Postal Inspectors will continue to target those responsible,” said Keith Morris, Postal Inspector in Charge of the Atlanta Division.
“The Paulding County Sheriff's Office, the investigating officer and I are all very happy with the verdict rendered by this jury,” said Paulding County Sheriff Gary Gulledge. “It is always rewarding to see our justice system work as intended - to hold the guilty accountable and protect the innocent public from further harm. It is also satisfying to see resolution brought to the 85+ victims of the crimes committed by Opeoluwa Adigun and Chukwuka Onyekaba. This case is the perfect example of good police work, inter-agency cooperation, careful prosecuting and an intelligent jury. I commend all involved for the great work and great result.”
“This type of crime is even more egregious when it is conducted by a government employee using his or her position of trust for fraudulent purposes and financial gains,” said Brock D. Nicholson, Special Agent in Charge of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) Atlanta, “HSI will continue to vigilantly investigate any individual who engages in activities that jeopardize public safety and national security.” Nicholson oversees all HSI activities in Georgia and the Carolinas.
According to United States Attorney Yates, the charges and other information presented at trial: Between May 2006 and March 2010, ADIGUN and ONYEKABA stole mail, credit cards, and other personal information from individuals in the Atlanta area, and then opened a variety of financial accounts under the victims’ names. As part of the scheme, ADIGUN obtained a job as a mail carrier in the Hiram Post Office under the name “Mary Afolabi,” an identity she had stolen from another person from Nigeria before ADIGUN entered the United States in 2004. During ADIGUN’s time with the Hiram Post Office, over 85 victims on her mail route reported that their identities were stolen and used to open multiple financial accounts in their names.
Using the information stolen from the mail route customers, ADIGUN and ONYEKABA applied for credit cards and bank loans in their victims’ names. They deposited the fraudulent loan proceeds into bank accounts opened under yet other victims’ names and then wrote checks from those accounts to their two fraudulent businesses, GMO Auto Services in Douglasville and Gabmike Limousine Service in Smyrna. They also used the fraudulent credit cards at their businesses.
Further, ADIGUN and ONYEKABA purchased gift cards and thousands of dollars of merchandise with the fraudulent credit cards. In March 2010, law enforcement officers stopped the defendants driving a Lincoln Navigator and found dozens of American Express, Walmart, and Target gift cards that were purchased with stolen credit cards issued to individuals residing on ADIGUN’s mail route in Hiram.
ADIGUN obtained a social security card and a U.S. passport and, in March 2009, was naturalized as a U.S. citizen – all under the assumed name of “Mary Afolabi.”
After a seven day trial, the jury returned guilty verdicts on all 44 counts it considered, including conspiracy, access device or credit card fraud, aggravated identity theft, bank fraud, mail theft, immigration fraud, social security fraud, and passport fraud. The charges carry maximum sentences that range from five to 30 years in prison each, and fines of up to $1,000,000 per count. The aggravated identity theft charges require a mandatory minimum sentence of 2 years in addition to any other sentence imposed. Sentencing has not yet been scheduled before United States District Judge Richard W. Story. In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.
This case was investigated by the United States Postal Service, Office of Inspector General; United States Postal Inspection Service; United States Immigration and Customs Enforcement’s Homeland Security Investigations; United States Secret Service; Social Security Administration; Paulding County Sheriff’s Office; Douglas County Sheriff’s Office; Cobb County Sheriff’s Office; Hiram Police Department; and Cobb County Police Department.
Assistant United States Attorneys Stephen H. McClain and Shanya J. Dingle are prosecuting the case.
How to protect personal data on old devices you sell
Thinking of selling or giving away your smartphone or laptop computer? If you have a BlackBerry or an iPhone, go right ahead. But if you have an Android phone or a computer running Windows XP, you may want to hold off.
It turns out that it's almost impossible to get rid of personal information from some devices, even if you follow the manufacturer's directions for wiping the device clean.
Robert Siciliano, identity theft expert for the technology security firm McAfee, found this out in an experiment he conducted over the fall and winter. He bought 30 electronic devices from Craigslist — mostly smartphones and laptops — to see how effective people were at removing personal information from their gadgets before selling them.