5 Sneaky Credit Card Scams

/0 Comments/in , /by

#1 Phone Fraud. The phone rings, a scammer poses as your banks fraud department. They may have your entire card number stolen from another source. They ask about a charge made and you deny the charge, but in order for the charge to be removed, they need your 3-4 digits CVV number off the front or back of the card. A variation may be they only have the last 4 digits found on a receipt or statement you threw away. They can also use the same ruse to get the full 16 digits from you.

#2 Clever Clerk. You hand your card to a sales clerk, waiter or waitress and they have a card reading wedge device that looks like this. The device may be wrapped around a band on their ankle. They bend over and make it look like they are fixing a sock, once they swipe the card through, they can make charges on your card.

#3 The Loop. You’re at an ATM that isn’t cooperating. Some nice guy injects himself into the scene to help you. During the process he watches you enter your pin. After another attempt the ATM eats your card. After you leave all upset, he pulls the card from the ATMs card slot using a loop of VHS tape he jammed inside the machine.

#4 Risky Retailer. When searching for something on the web you come across a website with a great deal. In the process of ordering they inform you a discount is available along with a free trial of another product. Thinking you just made out on the deal you take the bait. Next thing you know your card is charged every month and the company makes it very difficult to cancel the charges.

#5 Cell Snap. While buying something at a store you swipe your card through the point of sale terminal. If you are using a debit card you also need to punch your PIN into the keypad. The guy one or two people behind you filmed the entire transaction including your PIN on his mobile phone.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Why You Need to Pay Attention to Credit Card Statements

/0 Comments/in , /by

Despite what silly James Bond-esque credit card commercials may imply, credit card companies don’t really protect you to the degree you expect. If a credit card company detects irregular spending on your credit card, they may freeze your account or call to verify your identity. While these measures do help secure your card to an extent, but they cannot prevent or detect all types of credit card fraud.

The Federal Trade Commission recently filed a lawsuit describing a criminal enterprise responsible for “micro charges,” fraudulent charges ranging from 20 cents to $10, to as many as one million credit cards since approximately 2006. Because the amounts were low, most of the fraud went unnoticed by cardholders. Money mules were used to divert the funds to Eastern European countries. (“Money mules” are typically individuals who are recruited to assist in a criminal enterprise via help wanted advertisements on job placement websites. In this case, the mules believed they were applying to be financial services managers.) These mules opened numerous LLCs and bank accounts. They also set up websites with toll free numbers, creating an apparently legitimate web presence. Thanks to this facade, the websites were granted merchant status, allowing them to process credit card orders.

The victims of this scam would see the fictional merchant’s name and toll free number on their credit card statements. If they attempted to dispute a charge, the toll free numbers would go to voicemail or be disconnected. Most frustrated consumers may not bother to take the additional step of disputing a 20 cent charge with the credit card company.

The money mules involved in this scam have been located, but the true scammers have yet to be identified.

If you fail to recognize and dispute unauthorized transactions on your credit card statements, you take responsibility for the fraudulent charges. While 20 cents may not seem worth the bother, these seemingly minor charges are certainly funding criminal activity, and perhaps even terrorism. So take the time to scrutinize those charges every since month.

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses credit card fraud on NBC Boston. (Disclosures)

Hackers Play “Social Engineering Capture The Flag” At Defcon

/0 Comments/in , /by

Social engineering is a fancier, more technical form of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information. Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to identify and resist the more common attempts to trick them into letting down their guard. Criminal hackers use social engineering as a very effective tool and as part of their strategy when gathering information to piece together the parts of their scams. They often target company executives via phone and email. Once they have extracted some data from the top, accessing networks or whatever end game they had in mind is much easier.

Social engineering has always been a “person to person” confidence crime. Once the con man gains the mark’s trust, the victim begins to provide all kinds of information, or to fork over cash and credit. Trust seems to be an inherent trait we all have from birth. I suppose we would need to be able to trust one another in order to survive as an interdependent communal species, otherwise fear would prevent us from relying on others to nurture us until we are tossed out of the nest.

Defcon is a conference for hackers of all breeds. There are good guys, bad guys, and those who are somewhere in between, plus law enforcement and government agents. All kinds of inventive people with an intuition for technology decend on Las Vegas to learn, explore, and hack. InfoWorld reports, “This year’s Defcon gathering in Las Vegas will feature a contest in which participants will compete to gather nuggets of information from unsuspecting target companies — over the telephone instead of the Internet.”

Defcon is known for its antics but it’s also an event where hackers of all flavors improve their skills. The game they are playing this year is a social engineering fun-o-rama called Social Engineering CTF, referencing the game “Capture the Flag.” “This contest will borrow elements from the convention’s traditional computer-based CTF tournaments, but with a few variations. Prior to the conference, participants will receive an email with the name and URL of a target company. Participants will be permitted to gather preliminary information about the company using Google searches and other passive techniques. Contestants are banned from contacting their target directly via email or phone, and they get points for information gathered. Competitors then use that data during the actual tournament to fuel their social engineering attack. They have twenty minutes to call unsuspecting employees at their target companies and obtain specific bits of (nonsensitive) information about the business for additional points. Participants aren’t allowed to make the target company feel at risk by pretending to represent a law enforcement agency.”

Recognize that online predators use these tactics to get what they want. They consider you, the innocent computer user, their natural prey.

So always question authority, or the appearance of authority. Don’t automatically trust or give the benefit of the doubt. When you are contacted via phone or email, or approached in person, proceed with caution. Always be suspect of external or internal communications, and consider that you could be the target of a phishing scam. Never click on links in the body of an email, and if an email prompts you to divulge a username and password, pick up the phone to verify the legitimacy of the request. The best defense is effective policies coupled with ongoing awareness training.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. (Disclosures)

Credit Card Data Breaches Cost Big Bucks

/0 Comments/in , , /by

Javelin Strategy & Research estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches.

In 2009, an estimated 39 million debit cards and 33.3 million credit cards were reissued due to data breaches, for a total of 72.2 million. An estimated 20% of those affected by the breaches had more than one card replaced. I had my MasterCard replaced twice.

Javelin’s survey shows that 26%, or one out of four U.S. consumers received a data breach notification last year from a company or agency holding their personal data, including credit and debit card or checking account information.

What is very interesting is of those notified (which is required by law in most states), 11.5% were victims of identity fraud compared with only 2.4% who weren’t notified.

I’ll say this again and then explain what I think this means. They say a consumer who has been notified that his credit or debit card number was compromised is five times more likely to become a victim of identity fraud than a person who doesn’t get such a notice.

The report’s reasoning behind this is that data breaches lead to fraud. Okay, yes, I’ll agree that data breaches do lead to fraud, and my belief is that the people who were notified simply took a closer look at their statements and recognized unauthorized charges. If they weren’t notified they are no less susceptible to fraud, they are just blissfully unaware they are paying for an identity thief’s Las Vegas bender, and the fraud goes undetected.

DigitalTransactions explains, “Data breaches are one obvious pathway to fraud, but a breach alone doesn’t mean an affected consumer will become an identity-fraud victim. Banks often give free credit-report monitoring services to customers whose data may have been compromised.”

The flaw here is that credit monitoring only makes the consumer aware of new account fraud, when a Social Security number is used to open a new account. Credit monitoring has nothing to do with credit card fraud in which an existing account is compromised. Furthermore, in my experience credit monitoring is hardly ever provided when a credit card number has been compromised. Credit monitoring doesn’t help when an existing account is taken over.

“There’s a disconnect,” Javelin tells Digital Transactions News. Consumers “should pay attention to your credit reports after you’re notified, because you’re more vulnerable.”

Yes, it’s true that if you are notified that your Social Security number has been compromised, you are more vulnerable to fraud, but not more vulnerable to fraudulent charges on an existing credit card, since the bank will replace a card that is known to have been compromised. And monitoring a credit report does nothing to prevent credit card takeover fraud.

The only way to combat credit card account takeover fraud is to pay close attention to credit card statements, while credit reports and credit monitoring are essential to prevent or detect new account fraud.

I recommend checking your credit card and bank statements every day, or at least once a week, from a secure PC.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on MSNBC. (Disclosures)

5 Tips to Credit Card Identity Theft Prevention

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

In a recent article in Computer World, Tom Patterson CSO of Magtek, with his Glamor Shot photo, provides “5 counter-fraud tips you’ve never been told”. Anything a consumer can do to reduce their risk for account takeover, they should exercise. While in most cases the consumer isn’t responsible for the losses, as long as you refute the fraud in a specified time frame, and it’s your duty as a citizen to do so. Studies show much of the terrorists funding is coming from card fraud. Card fraud is a breach of national security.

Tip#1 Stare down your waiter, waitress, gas station attendant or anyone who you hand your card. Or at least stare at the card in process. You want to see where that card is going and how it’s being used. The idea here is to make sure the card isn’t being “skimmed” with a skimmer. This is good advice when it’s possible. Most waiters, gas station attendants walk away with the card. This really only works at a POS where the clerk never leaves the terminal. What you should see is the clerk swiping the card through a PC/register based fixed keyboard or terminal. If you see them swipe the card in a handheld skimmer or something on their body, like attached to a  belt or ankle that’s a redflag.

Tip#2 Shield your pin. This is absolutely necessary at any POS or ATM. The public nature of these devices makes it very easy for someone to shoulder surf and grab your pin. A cell phone video cam over your shoulder, a video camera from 50 feet away, binoculars or even a hidden camera attached the to face of the ATM can all compromise your pin. See here as explained in this video I did on ExtraTV demonstrating how I bought an ATM off Craigslist and rolled it all over Boston.

Tip#3 Change your card number. With millions of card numbers hacked over the last few years, chances are yours was compromised. I for one have had 3 changes of credit cards due to card issuers being proactive and sending me a new card whether I liked it or not. Tom suggests voluntarily changing your credit card number every few months. While this is an extra layer of protection, it’s not at all practical and I doubt even Tom does it. I have numerous EFT’s set up with my cards and changing the number means changing them as well. It’s enough of a burden to change it all when the banks issue a new card. But a nice idea if you have the time.

Tip#4 Check your credit card statements every day. This is an extra layer of protection that requires savant like attention. You check your email every day so checking your credit card statements every day is do-able right? Every week is sufficient. Even every 2 weeks is OK. Just make sure to check with your bank to determine what their cutoff date is to refute unauthorized withdrawals. For most credit cards it’s 60 days. For most banks it can be under 30 days. This is the most important tip of all.

Tip#5 Authenticate the card. Or the card holder. Today this is out of the hands of the consumer. There are a number of new technologies that if banks/retailers/industry adopt to identify the actual card/user at the POS or even online then most, if not all of the card fraud problems will be solved. There is a race going on right now to see who gets there first. In the next 1-5 years we may see new cards being issued such as “chip and pin” which are standard in Europe. Or no new cards at all but changes in the system that the card holder is unaware of, or a 2 card system that requires a second swipe of another authenticating card the hacker doesn’t have access to. There are also readily available technologies that will allow the turning on/off of your card with your own preset spend limits too. We will see how this all plays out.

 

Robert Siciliano identity theft speaker discussing credit card fraud on CNBC

10 Tips to Secure Online Holiday Shopping

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

UK officials shut down an amazing 1200 online retailers who scammed millions from unsuspecting shoppers. Most of the sites originated from identity thieves in Asia who tricked victims into believing they were legitimate sites.  Victims then lost money by entered their credit card data, sending checks or giving up banking details.

The sites sold high end designer items from Tiffany & Co, Ugg and jewelry. In some cases the victims actually received the items, but were counterfeit. Like Mom said, if it’s too good to be true it probably is. Of course nobody running the fake sites has been caught.

Criminals set up fake websites and then go through the same process legitimate eTailers do in regards to search engine optimization, search engine marketing and online advertising via adwords. They use key words to boost their rankings on Internet searches to show up along side legitimate sites. These same processes are also being used to infect unsuspecting users with malware.

Many victims who end up on scam sites generally get there via phish emails with offers for high end products for little money.

  1. It’s easy enough to avoid spoofed websites where phishing is the gateway. Common sense says any time you receive an offer via an email automatically be suspect. The same goes with offers via tweets and messages received in any social media. Scammers are committing social media identity theft every day.
  2. If you aren’t familiar with the eTailer don’t even bother clicking the links, especially if it’s a too good to be true offer.
  3. If it’s a known site sending the email and you decide to click links, make sure the address you end up at is in fact the actual domain of the eTailer. Beware of cybersquatting and typosquatting which may look like the domain of the legitimate eTailer.
  4. When placing an order always look for HttpS is the address bar signifying it’s a secure page. Scammer generally won’t take the time to set up secure sites. Note the closed padlock in your browser to back up the HttpS.
  5. Beware of emails coming for eBay scammers. I’m getting 10 a day. The fact is it’s difficult to tell a real from a fake. If you are seeking deals on eBay go right to the site and don’t bother responding to emails. If there is a deal you see in an email search it on eBay.
  6. Whenever you decide to make an eBay purchase look at the eBayers history. eBay is set up on the honor system and if the eBayer is an established seller with great feedback then they should be legitimate.
  7. Don’t worry about credit card fraud. But do pay close attention to your statements. Check them every two weeks online and refute unauthorized charges within 2 billing cycles, otherwise you will pay for an identity thieves gifts.
  8. Don’t use a debit-card online. If your debit card is compromised thats money out of your bank account. Credit cards have more protection and less liability.
  9. Avoid paying by check online/Mailorder. In person is OK. But to an unfamiliar virtual site is not. Once the money is taken from your account and you don’t receive the goods, you are going to have a difficult if not impossible task of getting it back. Use a uniball gel pen that prevents check-washing.
  10. Do business with those you know like and trust. I for one am guilty of buying from eTailers who have the best deals. But I only buy low ticket items from them, generally under $50.00. It’s best to buy high ticket items from eTailers that also have a brick and mortar locations.

Robert Siciliano identity theft speaker discussing holiday scams on Foxes Mike and Juliet Show

Obama; Cybersecurity and Identity Theft Protection Starts at Home

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful and not particularly secure. It is powerful enough to bring people together, to educating, inform, and make life easier. But it’s also used to hurt, scam, and debilitate in so many ways.

The Pentagon’s computer systems are probed 360 million times per day, and one prominent power company has acknowledged that its networks see up to 70,000 scans per day. Every single day, utilities, banks, retailers and just about every computer network are faced with attacks. Many of these hacks are insignificant. Many are conducted with intent to commit crimes such as espionage, financial data theft, or the destruction of crucial information. The criminal hackers could be cyber-terrorists attempting to destroy the U.S. or its economy, malcontents simply wreaking havoc for its own sake, or opportunists looking for a profit.

The U.S. is a prime target for a number of reasons. The most obvious is that we’ve made mistakes that have many in the world hating us. Then there’s our financial system, which offers instant credit to anyone with a Social Security number. And of course, credit card security is an oxymoron, since anyone can use any credit card at any time. We have a bullseye on us and we put it there.

“Weapons of Mass Disruption” are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
  • Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

National Protect Your Identity Week Facilitates Identity Theft Protection and Education

/0 Comments/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

A recent National Foundation for Credit Counseling (NFCC) survey conducted by Harris Interactive(R) revealed that 45 percent of all U.S. adults, roughly 101 million people, would feel at most risk for identity theft when making a purchase with a credit card that requires the card to be temporarily taken out of their sight, for example, at a restaurant.

By contrast, consumers are least fearful of falling victim to identity theft when using their credit card to make a purchase in person, for instance at a store. Only 21 percent of U.S. adults listed this as a concern, suggesting that consumers are comfortable as long as they can keep an eye on their card.

In an effort to provide consumers with identity theft education and protection, the NFCC announces its second annual National Protect Your Identity Week (PYIW), October 17-24. Joining the NFCC as a full partner this year is the Council of Better Business Bureaus (CBBB), combining the strength of two well-respected nonprofits behind this initiative.

A number of national organizations are also putting their weight behind this initiative, joining the NFCC and CBBB as Supporting PYIW Coalition Members. This Coalition includes: the American Bankers Association Education Foundation, AFSA Education Foundation, Consumer Action, Consumer Federation of America, Credit Union National Association, Federal Trade Commission, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Council of LaRaza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriff’s Association, Office of the Comptroller of the Currency, and the National Association of Triads. MSN Money is once again the national online media sponsor.

Consumers can find PYIW educational events in their area by going to www.ProtectYourIDNow.org. Hosted by a local member of the NFCC, BBB or other Coalition Member, consumers can take advantage of identity theft workshops, onsite shredding and credit report reviews. The Web site also includes identity theft prevention tips, videos, an interactive quiz to assess your risk of identity theft, and resources for victims.

A new feature this year on www.ProtectYourIDNow.org is a blog hosted by me. I will be providing insight, information and advice for consumers each day during PYIW and then weekly on the blog throughout the year on topics relevant to identity theft. The goal is to keep the public informed and not just one, but 10 steps ahead of the bad guys.

According to the non-profit Identity Theft Resource Center and other sources, identity theft can be sub-divided into five categories:

  • Business/commercial identity theft (using another’s business name to obtain credit)
  • Criminal identity theft (posing as another when apprehended for a crime)
  • Financial identity theft (using another’s identity to obtain goods and services)
  • Identity cloning (using another’s information to assume his or her identity in daily life)
  • Medical identity theft (using another’s information to obtain medical care or drugs)

We will be discussing these and many others issues of fraud on an ongoing basis.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Credit/Debit Card Identity Theft Concerns Trump Terrorism

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

recent Unisys study found that, in the midst of the global financial crisis, American’s primary fear is credit and debit card fraud. 68% of those surveyed are extremely or very concerned about the security of their credit or debit card data, and 66% are extremely or very concerned about identity theft.

Compare that to 58% who are extremely or very concerned about terrorism and war, and 41% who fear the possibility of a serious health epidemic. If we actually had a pandemic, I’m sure the public would favor health concerns over money. But so be it.

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps when you hand it over to pay at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft, though I’ve always viewed it as simple credit card fraud.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to be protected by this $50 limit. After that, the maximum liability jumps to $500. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

3. Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.
·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

Another Identity Theft Ring Busted

/0 Comments/in , , , , , , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

The feds are getting better at busting criminals every day. Seventeen criminals, many from Eastern Europe, pilfered more than 95,000 stolen credit card numbers and $4 million worth of fraudulent transactions.

The New York Times reports the men were involved in a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

Several of the scammers — Viatcheslav Vasilyev, Vladimir Kramarenko, Egor Shevelev, Dzimitry Burak and Oleg Kovelin — were charged with corruption. Vasilyev, 33, and Kramarenko, 31, were arrested at their homes in Prague, have been extradited to Manhattan. Shevelev, 23, was arrested in Greece last year, is still awaiting extradition. Burak, 26, a citizen of Belarus and Kovelin, 28, a citizen of Moldova have not been arrested

Vasilyev and Kramarenko recruited work from home employees to advertise and sell electronics on eBay. When someone would purchase an item, the two men would pocket the buyer’s payment, give a cut to their recruit, then use a stolen credit card number to purchase the item from a retail store and send it to the buyer. In essence, they used eBay to obtain a legitimate buyer’s credit card number through a legitimate channel and didn’t actually “hack” anything. They simply set up pseudo-fake auctions that, in most cases, delivered the product, but also obtained the victim’s credit card number and then made fraudulent charges.

Burak and Shevelev were “carders” who sold stolen credit card information on a website called Dumpsmarket and, probably, in chat rooms. “Dumps” is a criminal term for stolen credit cards and “carders” are the scammers who buy and sell them. Kovelin was a criminal hacker who stole victims’ financial information via phishing emails and more than likely used the victims’ own account information against them.

Protect yourself:

  1. Check your credit card statements often, especially after using an online auction site. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Don’t just buy the lowest priced product on and auction site. Use auction sellers who have been approved my many and have a solid track record.
  3. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from a trusted source like eBay directly to their account because they have been actively engaging the fraudulent auctioneer. eBays system doesn’t recommend giving your credit card information outside their network in an email.
  4. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  5. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Identity Theft Speaker Robert Siciliano discusses a study done by McAfee on mules bilked in work-at-home scams on Fox News