The Chicago Daily Herald reports four men are accused in a federal indictment of conspiring to “skim” credit card information from unsuspecting customers at a Naperville restaurant. A special grand jury indictment filed this month accuses the men of using a handheld “skimming device” to obtain encoded information from the magnetic strips of credit cards used at the restaurant. According to the indictment, the restaurant manager was recruited and paid $200 to obtain personal credit card information from customers.
The United States Attorney’s Office, District of New Jersey, announced a Bulgarian native and Brooklyn, N.Y. resident admitted to a scheme to steal account information from bank customers by installing secret recording devices on ATMs in Nutley and Belleville, N.J. Viktor Kafalov, 28, pleaded guilty in Newark federal court to one count of conspiracy to commit bank fraud and one count of aggravated identity theft. Kafalov admitted that he installed skimmers and cameras on the Valley National Bank ATMs in September 2008, and that after account and identification information was obtained, it was transferred and loaded onto blank ATM cards. The newly created cards were then used to make unauthorized withdrawals from the skimmed accounts. In addition to skimming, Kafalov and his co-conspirators inserted empty deposit envelopes into ATMs to falsely inflate the funds that appeared to be available in the accounts and allow them to withdraw more money. In all, Kafalov and his co-conspirators stole information pertaining to approximately 348 accounts, and defrauded Valley National Bank of approximately $278,144.
The Credit Union Times reports a former Bank of America information technology employee in Charlotte, N.C., has been sentenced to 27 months for internal fraud. According to media reports and court documents, Rodney Caverly admitted guilt in the U.S. District Court for Western North Carolina, to one count of fraudulent access to a protected computer. His scheme , court documents say, wound up costing the bank $419,000 in both losses directly from the theft and costs to remove the corrupted software from the machines. Court documents reported that the software allowed Caverly to remove money from the machines without leaving a record. Documents relating how authorities detected the scheme remained under seal.
The Los Angeles Times reports two Orange County men facing multiple fraud and theft charges allegedly used stolen debit cards to finance a gambling spree at the Pechanga Resort and Casino in Temecula. Hung Nguyen, 32, of Stanton, and Eric Hoang, 28, of Garden Grove, used the stolen debit numbers to buy gift cards at Pechanga and then transferred the dollars to player’s cards, authorities told the Riverside Press-Enterprise. It’s not clear how much the pair gambled away, but they racked up $25,000 in jackpot winnings over several days in February, according to police warrants. Both men also face federal charges that they stole $400,000 in separate Chase Bank debit card scams dating back to last summer in Las Vegas, Los Angeles, Riverside and Orange counties, prosecutors said.
The Register reports a North Carolina man has been sentenced to three years in prison after admitting he planned to pocket as much as $200,000 by hacking into automatic teller machines. Thor Alexander Morris, 20, targeted at least 35 ATMs in the Houston area that were vulnerable to attacks that let hackers administer them, according to court documents filed in the case. Once he took control, he planned to reprogram the machines to overpay him by changing the cash denominations for $20 bills to $1 bills. He pleaded guilty to the offense in January.
Bank Info Security reports the Obama administration has proposed adoption of a federal data breach notification policy that would supersede the divergent laws now in effect in most states. The policy is a component of a comprehensive cybersecurity legislative agenda that the White House unveiled recently. The proposed policy would not apply to healthcare organizations and their business associates that already must comply with the HITECH Act breach notification rule, which has similar requirements. Otherwise, the policy would apply to for-profit and not-for-profit business entities that engage or affect interstate commerce and use, access, transmit, store, dispose of or collect sensitive personally identifiable information about more than 10,000 individuals during any 12-month period.
The ScarsdalePatch reports the Scarsdale, New York Police Department arrested two individuals, one for fraudulent credit card purchases and the other for grand larceny. Ann Marie V. Cherry, 26, of Yonkers, was charged with fourth-degree felony grand larceny and third-degree unlawful possession of personal identification. The arrest occurred after Det. Servando Rodriguez investigated a report filed by a Scarsdale resident who received fraudulent charges on his debit card. Further investigation revealed that the man had used the debit card to pay for services at a Yonkers appliance repair service where Cherry was employed. Credit card transactions, merchant documents, telephone and cell phone records revealed that Cherry had incurred the fraudulent charges.
Infosec Island reports Bank of America has been stung by an insider-coordinated breach that is responsible for as much as $10 million in funds being stolen from banking clients. A BofA employee leaked sensitive information about at least 300 clients to a criminal fraud ring, including names, bank account numbers, PINs, addresses, Social Security numbers, phone numbers, driver’s license numbers, birth dates, e-mail addresses, family names and account balances. Over at least a one year period, the crooks used that information to open new accounts, order checks, and conduct other banking transactions while hiding the activity from BofA customers by hijacking email accounts. The breach led to the arrest of about 95 suspects by the Secret Service in February, and BofA clients are only recently finding out about the heist.
Threat Post reports the last year or so has seen a series of high-profile targeted attacks against corporate and government networks, including the Aurora attack on Google and others, the intrusion at RSA and the recent attack on the Sony PlayStation Network. But a new report from Microsoft shows that attackers increasingly are going after consumers with highly refined phishing attacks based on social networks. The company’s semi-annual Security Intelligence Report, which Microsoft released Thursday, found that from the beginning of 2010 to the end of the year, phishing attacks based on social networks increased by 1200 percent. At the beginning of the year, those kinds of phishing attacks accounted for about 8.3 percent of phishing attempts and in December that number had jumped to 84.5 percent.
The San Francisco Chronicle reports a Hayward woman has been charged with numerous felony counts for allegedly running an identity-theft operation that created fake Social Security and California identification cards, checks and credit cards. Mishel Caviness, 40, was arrested Wednesday after an investigation by Oakland police and the U.S. Secret Service. A search of her apartment last week uncovered a printing operation capable of making fake checks and credit cards, police said. Also found were 900 blank credit cards, personal information belonging to as many as 1,000 people, blank checks and computers.
