Credit Union Risk Council

$100 Million Credit-Card Fraud Ring Busted in Montreal

Dan — Mon, 14 May 2012 15:30:44 +0000

The Herald News reports 46 people were arrested in 60 raids for credit card fraud. It was a theft allegedly carried out on a massive scale, with military precision, and it repeatedly victimized the holders of debit and credit cards. Two-dozen “runners” would allegedly be on standby at different ATM machines in the wee hours of the morning, awaiting a call from a ringleader. Upon getting the green light, they would start withdrawing money simultaneously from different machines, using cloned bank cards. Police say it would only take five minutes. On just one such occasion, 79 bogus cards were allegedly used to make 203 transactions at 23 different bank machines – with the accused thieves getting away with $30,000. The RCMP says that scam was being replayed multiple times each week in the Montreal area, as it announced a series of arrests of alleged members of a $100 million debit- and credit-card scheme that had international ties. The alleged criminal group is believed to be associated with accomplices in Vancouver, as well as others operating in countries such as Australia, New Zealand, Malaysia, Tunisia and England.

Online Retailer Breached

Dan — Mon, 14 May 2012 15:29:43 +0000

CU Info Security reports banking institutions and their customers need to be aware of a new online retailer data breach. New York-based clothing and shoes retailer Opening Ceremony has reported a breach of its global online boutique that likely compromised payment card details of customers who purchased products online between Feb. 16 and March 21, 2012. Opening Ceremony CEO Carol Lim disclosed in a letter sent to affected customers that the hacker may have accessed the names, addresses, and credit card information of customers who purchased an item on their website during this period. Opening Ceremony has yet to provide details about the number of accounts exposed and exactly how the breach occurred.

IC3 Annual Report Shows 3.4 Percent Rise in Fraud Loss

Dan — Mon, 14 May 2012 15:28:47 +0000

SC Magazine reports the Internet Crime Complaint Center received more than 310,000 complaints last year, representing a 3.4 percent spike over the previous year, according to the entity’s annual report. Complainants reported more than $485 million in losses, many related to identity theft, advance-fee schemes and ruses in which victims are targeted via email by someone posing as an FBI agent. More than 14,000 people reported being conned by the latter, resulting in losses of more than $3.5 million. The IC3, a partnership of the FBI, National White Collar Crimes Center and Bureau of Justice Assistance, advised users to avoid opening unsolicited emails and to be wary of individuals who only accept cash or request payment up front. Alaska, the District of Columbia and New Jersey were the source of the most complaints on a per-capita basis.

Trojans Make Up 80 Percent of All New Malware

Dan — Mon, 14 May 2012 15:27:41 +0000

Dark Reading reports if it’s malware, it’s more than likely a Trojan. New data found that four out of five new malware samples are Trojan programs, and there were 6 million new pieces of malware created in the first quarter of this year alone. Last year, Trojans represented about 73 percent of all malware, according to PandaLab’s Quarterly Report for Q1. Worms were the second-most common form of malware in the first quarter of this year at 9.3 percent, followed by viruses at 6.43 percent, adware at 2.89 percent, and other malware at 0.6 percent. Worldwide, the average number of infected PCs is 35.51 percent, a drop of 3 percent since 2011. China is home to the most infected PCs, with 54.1 percent of its desktops infected, followed by Thailand (47.2 percent) and Turkey (42.8 percent). European nations tend to have the fewest infected machines, with Sweden as the cleanest, with less than 20 percent infected computers. Japan has less than 30 percent of its computers infected.

Credit Card Fraud Case: $1.5 million, 38,000 People; On Appeal

Dan — Mon, 14 May 2012 15:26:21 +0000

The Christian Science Monitor reports a Canadian man convicted in what witnesses called one of the largest credit card fraud schemes in US history, is taking his case to the 8th U.S. Circuit Court of Appeals. Adekunle Adetiloye pleaded guilty earlier to mail fraud and was sentenced to 18 years in prison. Authorities say he stole the identities of about 38,000 people and bilked companies out of about $1.5 million. The 8th Circuit has appointed University of North Dakota law professor Steven Morrison to represent the defendant in the appeal. Adetiloye claimed in an appeal to the district court that his sentence was unfair because he was labeled the leader of the conspiracy. He says he was a mid-level player in the operation.

Workers at Wrigley Field Accused of Stealing Card Info

Dan — Mon, 07 May 2012 15:23:09 +0000

The Rockford Register Star reports six former employees at Wrigley Field and several Chicago restaurants are accused of stealing customers’ credit card information and using it to rack up thousands of dollars in charges. One of the establishments, the RL Restaurant, is on Chicago’s famed Magnificent Mile and is run by Ralph Lauren. The six suspects are accused of using a small credit card reader to swipe customers’ cards and then make counterfeit ones. Illinois Attorney General Lisa Madigan’s office says the group made purchases of more than $200,000 from the victims’ banking and credit card accounts.

Georgia Man Admits Role in $1.3 Million Phishing Fraud Scheme

Dan — Mon, 07 May 2012 15:22:23 +0000

7th Space Interactive reports that Waya Nwaki admitted his role in an Internet fraud ring that stole more than $1.3 million after “phishing” confidential account information from Internet users. The ring employed “phishing” attacks, which use fraudulent web pages that mimic the legitimate web pages of e-commerce companies such as banks and payroll processors. Unwitting customers of those companies visit the fake web pages and provide confidential personal and financial information-dates of birth, Social Security numbers, mothers’ maiden names, and online account user names and passwords. These stolen identifiers are then used to make unauthorized withdrawals from victims’ accounts.

Survey Finds Secure Sites Not So Secure

Dan — Mon, 07 May 2012 15:21:18 +0000

Threat Post reports a new project that was set up to monitor the quality and strength of the SSL implementations on top sites across the Internet, found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set up by the Trustworthy Internet Movement, looks at several components of each site’s SSL implementation to determine how secure the site actually is. The project looks at how each site is configured, which versions of the TLS and SSL protocols the site supports, whether the site is vulnerable to the BEAST or insecure renegotiation attacks and other factors. The data that the SSL Pulse project has gathered thus far shows that the vast majority of the 200,000 sites the project is surveying, needs some serious help in fixing their SSL implementations.

Global Breach: Did it Start in 2011?

Dan — Mon, 07 May 2012 15:20:08 +0000

Bank Info Security reports evidence is mounting that Global Payments Inc. may have been breached months earlier than initially reported. One affected card issuer said Visa issued an updated alert about the breach on April 26, noting that the window for compromise could date back to June 7, 2011. Another card issuer says the window of compromise, as provided by Visa, dates back to June 11. Both issuers asked to remain anonymous. Previously, Visa’s alerts indicated the breach occurred sometime between Jan. 21, 2012, and Feb. 25, 2012. But Global says it notified the affected card brands of the breach in early March, as soon as internal systems detected a compromise

Walmart Gift Card Scam Targets Smartphone Users

Dan — Mon, 07 May 2012 15:18:40 +0000

Help Net Security reports online survey scams are most often propagated through social network and sharing websites, but occasionally users are “assaulted” directly through their smartphones. Hoax-Slayer warns about a bogus offer of a free $1,000 Walmart gift card,hitting mobile phone users via a text message. Users who follow the link to the website and insert the code are redirected to another one where they are asked to complete a quiz or a survey, or to share their names and contact details in order to compete for the prize. At the end of each quiz or survey, the users are asked to enter their mobile phone numbers in order to get the results. Unfortunately for those who don’t spot the text written in very small letters below the “Submit” button, by doing so they are automatically subscribing to extremely pricey SMS services.