Search This Blog

Showing posts with label Fraudster. Show all posts

Fraudsters Resorting to 'Synthetic Identity Fraud to Commit Financial Crimes


Identity theft is still a common tactic for hackers to damage the credit score. To steal even more and avoid discovery, an increasing number of fraudsters are turning to "synthetic identity fraud," which includes constructing spoof personalities to deceive financial institutions.

Michael Timoney, VP of Secure Payments at the Federal Reserve Bank of Boston stated, “This is growing. It’s got big numbers tied to $20 billion(Opens in a new window) plus (in losses), and we’re not really seeing a drop in it. Due to the pandemic, the numbers have gotten even higher."

Timoney described how the threat exploits a critical vulnerability in the US banking system at the RSA conference in San Francisco: when a customer applies for a credit card or a loan, many businesses do not always verify their identification. Timoney defined synthetic identity fraud as the use of multiple pieces of personally identifiable information to create a totally new person. 

He added, “It’s different from traditional identity theft because if someone stole my identity they would be acting in my name. I would go into my bank account and see my money is gone or I’d try to log into my account but I’d be locked out.” 

“Because of data breaches, there is so much information out there for sale. In other cases, the crooks will alter or make up the Social Security number and address data entirely, hoping the companies won't catch on. Once you apply for credit with your brand new identity, there is no credit file out there for you, but one gets created immediately. So right off the bat, you now have a credit file associated with this synthetic. So it sort of validates the identity. Now you got an identity and it has a credit record."  

The hacker will then strive to improve the credit rating of the spoof identity in order to secure larger loans or credit card limits before bailing without ever paying the lending agency. He added that the fraudster will settle their charges and request further credit. 

According to Timoney, the scammers have also been using the fraudulent personas to seek for unemployment benefits and obtain loans from the Paycheck Protection Program, which began during the pandemic to assist businesses in paying their employees. 

How to stop synthetic identity fraud?

To combat synthetic identity fraud, the United States is developing (Opens in a new window) the Electronic Consent Based Social Security Number Verification Service, which can determine whether a Social Security number matches one of these on record. However, Timoney stated that the system will only be offered to financial institutions and will not be open to other industries that provide credit to clients. 

In response, Timoney emphasized that it is critical for businesses to be on the lookout for warning indicators linked with synthetic identity fraud. This might include inconsistencies in the applicant's background. For example, consider a person who is 60 years old but has never had a credit history while having lived in the United States their whole life or an 18-year-old with a credit score of at least 800. 

Another method for detecting synthetic identity theft is to see if a loan application has any confirmed family members. One should be looking at a lot more than just the name, address, and Social Security number.

Delhi Police: Nigerian Arrested for Scamming People by Hacking Mobile Phones


The Intelligence Fusion and Strategic Op (IFSO) unit of Delhi Police uncovered a syndicate that was hacking into people's mobile devices and WhatsApp accounts using custom-made malware. 

According to sources, the syndicate's leader recently hacked a senior bureaucrat's WhatsApp account, prompting a full-fledged inquiry. The mastermind of the module, identified as Chimelum Emmanuel Aniwetalu alias Maurice from Nigeria, has been arrested, according to DCP (IFSO) KPS Malhotra. His associate has also been found, and operations are underway to capture him. The syndicate was operating in Delhi and Bangalore. 

DCP Malhotra stated, “The syndicate was sending malware through WhatsApp and thereby accessing call logs, SMSs and contacts and control of the targeted WhatsApp account. After hacking the account, they would pose as the original WhatsApp account holder and communicate with the contact list thereby further hacking into more contacts.” 

“We had received a complaint that a person’s mobile phone was hacked by some unknown persons. Taking over the control of the WhatsApp of the complainant, they started demanding money from the contact list of the complainant by sending various distress messages. The accused had also provided a bank account to the contacts of the complainant for transferring the money."

An FIR was filed at IFSO, and an investigation team comprised of ACP Raman Lamba and inspectors Vijay Gahlawat and Bhanu Pratap was constituted. A technical investigation including IP address analysis (IP-DR) and human intelligence resulted in the recognition of one of the accused, who was caught during a raid. He was captured with a laptop and 15 phones. 

According to the investigation of the confiscated laptop, the gang utilised apps to create and distribute multiple malicious URLs. The accused had delivered malware disguised as an application to the victim's devices. 

DCP Malhotra further stated, “The accused created a dedicated application for each victim which when downloaded and installed on the victim’s phone, sent contacts, call logs and SMSs on the accused’s server.” 

During interrogation and forensic investigation of the devices, it was discovered that the accused employed a variety of methods, the most notable of which was impersonating a girl and befriending males on numerous social media sites. Once trust was established, the gang would give a link allowing him or her to join a group of like-minded peers. 

The DCP further added, once a person clicked on that link, he or she lost control of their social media profiles. Following that, the gang used social media accounts to acquire money. 

Mastermind Maurice was discovered overstaying in the nation despite the fact that his tourist visa had expired in 2018. The investigation also showed that he was scamming individuals under the pretext of selling herbal seeds online. He also befriended elderly men by impersonating ladies from other nations. 

According to police, the man fabricated paperwork claiming to be an UN-approved asylum seeker. A separate case has been opened at the Mohan Garden police station in this matter. The house owner, who rented his property to the foreigner, has also been arrested. 

“Delhi Police appeals to people for being cautious while communicating on social media and avoid clicking on any random web link or URL sent on any social media platform,” the DCP cautioned.