You've been hacked!
Local fraud detective delves into world of old and new Internet scams
By Carla Iacovetti 10/20/2011
“Confidence cannot find a place wherein to rest in safety.” —Virgil
No one ever plans on being hacked or having his or her personal e-mail invaded, but when it happens to you, it is unsettling. A couple of months ago, I got a phone call from a friend on the East Coast, and she said, “You’ve been royally hacked! All of our e-mail contacts with our company have been hit! You need to report this to the FCC!” While that might have seemed a little dramatic, my friend was concerned for her own online security, as well as that of her clients.
The so-called hacking was far worse than I imagined. They got into my e-mail account, changed the password, changed the security questions and had all mail forwarded to a new account that was created using my account name. There was only one small alteration of my e-mail: It was ymail instead of gmail.
The drama continued with my Facebook, Twitter and LinkedIn accounts. Worse still, it was utterly impossible to contact most of these e-mail sites and popular social networking sites about this issue.
Ironically, PCWorld.com recently reported that Facebook instituted new privacy and security changes to improve privacy controls on the site. Marian Merritt, Internet safety advocate at Symantec’s Norton unit, says, “It seems to reflect some of what people have been asking for. The issues of privacy and of control over your data are a growing concern, and customers are paying more attention to them.”
Not long ago, the hacktivist group Anonymous put out warnings about its plans to destroy Facebook on Nov. 5. CNN reporter Doug Gross affirms, “Anonymous won’t be accepting your friend request.” On July 16, Anonymous posted a video on YouTube stating, “Your medium of communication you all so dearly adore will be destroyed.” Perhaps this politically motivated web-hacking threat was the initiative behind Facebook’s sudden privacy and security changes.
Darin Rich, a fraud detective at the Thousand Oaks Police Department, says there is a difference between hacking and intrusion. Intrusion, according to California Penal Code, Section 502, compromises your e-mail with the intent to gather information for a criminal cause. For example, suddenly there is an e-mail intrusion, and everyone in your address book receives a troubling e-mail. “dear _____ help. i am in Madrid and i got mugged and now i have no money. They took all my id and credit cards, and won’t let me leave hotel until I pay. i can pay you back when I get back to the u.s. im really freaked out.”
“In most of these intrusions, there is always a wire transfer to another country involved and grammatical, spelling and punctuation errors,” Rich says. They really aren’t that hard to spot, but there are those who are sucked into the scam and do respond with money. “Hacking is not really about getting money, but the purpose behind it is to change something.” Both hacking and intrusion are illegal under California Penal Code, Section 502(c), Comprehensive Computer Data Access and Fraud Act.
Detective Rich believes that most Internet-type crimes feed off greed. “One of our most popular scams right now is when a criminal group does an account takeover. Somehow they are able to get into a person’s bank account number, routing number, and then they set up a work ad online. When people respond to the ad, they then have your information.”
Internet fraud and intrusion is not something new. It has been around since the Internet became accessible to everyone, but these kinds of crimes are on the rise, especially with the sour economy. The Federal Bureau of Investigation (FBI) has an entire website devoted to Internet security (http://www.fbi.gov/scams-safety/fraud/internet_fraud). Some of the most common frauds listed on the site are telemarketing frauds, Nigerian letter fraud, identity theft, advance fee schemes, and prime bank notice frauds, to name a few. There is even a list of frauds targeted at senior citizens.
Social Internet groups aiming at the elderly are also on the rise. A typical scenario plays out something like this: “Hey grandma, it’s Julie, and I’m in trouble. I came up to Canada with friends and got into some trouble. Please don’t tell mom and dad. I need you to wire $3,000 so I can get out of jail.”
As hard as it is to believe, this actually happened here in Ventura County recently.
“An elderly man wired $3,000 to Canada for his granddaughter, and then wired another $4,000,” Rich says. “He was about to wire more money when the light went on after he called the supposed victim’s parents and discovered that she was alive and well back at college and not locked up in a jail cell in Canada. Once these groups get any amount of money, they will milk it to the hilt.”
While it seems as though no one would buy this kind of Internet plea, some do. Many of these Internet scam criminals are very skilled and calculating. They know exactly what they are doing.
In January, the FBI revealed that in excess of $150,000 was stolen from a business via unauthorized wire transfer.
This transpired after the business received an e-mail that contained embedded malware, which allowed the attacker to access the online banking information of the person who was authorized to conduct financial transactions for the company.
Malware has been around for a while, but it remains one of the biggest threats to Internet users today. Microsoft defines malware as any kind of unwanted software that is installed without your adequate consent. The term is short for “malicious software” and encompasses all viruses, worms and Trojan horses. Arstecha.com, a computer-tech website that has been around for more than a decade, states, “Malware can hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what websites you visit.” These programs also have the ability to reinstall themselves, even after they have been removed. One of the ways a computer can be infected by malware is through file-sharing programs, like Kazaa and iMesh, which often send pop-up ads on various websites that require the user to click on and install.
Answering online ads may be dangerous to your bank account
The scams and potential for Internet swindles are endless. At the onset of Hurricane Irene, the FBI warned people about the possibility of fraudulent e-mails and websites claiming to be conducting charitable relief efforts. Disasters like this are a perfect opportunity for criminal groups to take advantage of concerned citizens online. The FBI illuminates, “Disasters prompt individuals with criminal intent to solicit contributions purportedly for a charitable organization or a good cause.”
Unfortunately, Craigslist is also commonly used for criminal activity.
“There are hundreds of investigations surrounding job posts that are connected with criminal Internet groups,” says Rich. This is how it plays out: A girl advertises on Craigslist that she is a model offering her services, and one of these groups contacts her. The job is a $30,000-gig. They hire her and send her a check for $30,000; $8,000 of it will be her payment for services rendered. She is told to deposit the check into her bank account and then send the remaining $22,000 to a different wire transfer address, which will undoubtedly be out of the country. In the meantime, the $30,000 check bounces, because it is a fictitious check from a “victim” (third-party) account. This girl is out a job and out a lot of money!
“Sadly, this girl is civilly responsible for the $30,000 check” Rich says. “We have hundreds of these types of investigations. Some banks will stay strong and say, ‘You deposited this, and you owe us the money,’ ” For a bank to drop the liability, 95 percent of the time the victim will have to file a criminal report, and then the bank will always ask for the police report number.
While $30,000 is a heck of a lot of money to the average person, for the most part, the FBI will not do anything about these kinds of crimes. It is concerned with $1.2 million account takeover cases.
According to a recent survey posted on PCWorld.com, “Women are significantly more likely than men to fall for Internet scams.” In six out of seven tests, it reported that women in the “supposedly tech-savvy 25-34 age group” are particularly vulnerable. Even some of the rich and famous have been hit. TMZ.com reported that celebrities such as Jessica Alba, Selena Gomez, Christina Aguilera, Scarlett Johansson, Catherine Zeta Jones and Miley Cyrus (to name a few) were targeted by a ring of hackers. The FBI worked with Vanessa Hudgens trying to determine how her Gmail account was compromised.
Credit card fraud is also alive and well on the Internet. Once a criminal gets a hold of your credit profile, he or she can go online, hook up with a company that is offering online credit cards (there are plenty of them) and the spending begins! The majority of the time, these crooks have the merchandise delivered to a drop location (like a vacant house). Using FedEx is very easy. They go online and track the delivery time, and park at the vacant house. When the delivery truck pulls up, they sign for the merchandise and say, “Oh, wow, what great timing. I just got home.” After the truck leaves, they pull away with the merchandise!
Another popular scam over the last three years involves Internet dating. People eagerly get on a site and begin to speak with a potential relationship candidate; photos are exchanged, and love is in the air.
“Often times, the woman on the other side of this email/photo exchange is probably not a woman but a man looking to take your money,” says Rich. “I need $1,200 for a plane ticket from Russia. I really, really want to meet you, but I don’t have the money. Can you wire me the money for the ticket?” The man happily obliges and never hears from the so-called lady again. Once the wire goes overseas, the likelihood of any investigation happening is slim, and this guy is out $1,200.
“Online job applications that are not confirmed in a responsible manner are usually an attempt to get personal information and involuntary assistance to complete a financially criminal act,” Rich continues. For example, there are a lot of freelance job opportunities online today. It is a very good idea to question and confirm location and the name of a company before randomly accepting a check.
Think before you click
The age-old saying “Knowledge is power” is certainly applicable. In a world that is technology-driven, it is imperative that we understand the risks and the facts surrounding Internet use. It is like looking both ways before crossing a street. “The majority of sites out there are secure, but use common sense and use the Internet responsibly,” says Rich. “Only use well-known secure websites, because the scams go on and on. Be very leery of any financial institution that asks you to change your password.”
Every financial institution has been hit. These criminals are crafty. They will use a logo and create a website that looks just like the actual financial institution, so the average online user will never know. “Bank fraud investigators are quick to respond and very good at this,” he said. “However, 100,000 accounts might be tampered with before the scam gets shut down. Identity theft and Internet fraud are the No. 1 fastest-growing crimes in the nation and the world right now.”
Do not just trust a site. Do a bit of investigating. If you get an odd e-mail from a friend or family member saying that he or she has been mugged in Madrid, make some phone calls. The majority of Internet crimes would not occur if the victim confirmed the information from a secondary source.