Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Track Down Banking Fraud

Posted by jamie on from the white-hatted-detectives dept.

An anonymous reader writes "Noticing some commonalities in the spam flooding their email in-boxes, a small group of hackers set out to track down who was responsible. Along the way they uncovered a trail that led them to an organized gang of criminals halfway around the world, and right back to some of the largest financial institutions in the US, and their customers, that became the gang's prey. See the SecurityFocus story for more details."

12 of 335 comments (clear)

  1. E-Mails by rf0 · · Score: 3, Informative

    Recently I've been seen a marked increase in things like this for PayPal as well as the main UK banks including LLoyds and Barclays. People are definitly getting more aggressive to get your details.

    Also the emails are getting "smarter" in that they look more like the place and making use of the old http://www.domain1.com@www.domain2.com which for a newbie can be very easily misread

    Rus

    --
    Cheap UK and US VPS
  2. to be a complete pedant... by BobTheLawyer · · Score: 5, Informative

    the 419 fraud isn't a Ponzi scam.

    A Ponzi scam is where you take money from new "investors" and use some of it to pay an apparently high return to your existing investors, grabbing the rest for yourself. Everybody's happy until (inevitably) you run out of new investors and the whole thing falls apart.

    The 419 fraud involves a promise to transfer $millions into the victim's bank account, for some trumped up and obviously rather dubious reason. At the last minute you ask the victim to pay a "transfer fee" of perhaps a few $1000. You then vanish with the "transfer fee", never to be heard of again.

    1. Re:to be a complete pedant... by Dunark · · Score: 3, Informative

      The 419 fraud involves a promise to transfer $millions into the victim's bank account, for some trumped up and obviously rather dubious reason. At the last minute you ask the victim to pay a "transfer fee" of perhaps a few $1000. You then vanish with the "transfer fee", never to be heard of again.

      The more skillful 419 scammers don't stop when they get the $1000. Once they have a sucker on the hook, they milk them for all they can get by inventing a series of ever-increasing "fees", "bribes", etc that must be paid to complete the deal. A woman who worked in a law office got scammed into shelling out about $2 million of her employer's money. The Secret Service estimates the total take (so far) for these scams at about a half billion dollars.

  3. Re:A fool and his money by Trolling+4+dollas · · Score: 2, Informative

    Interesting. This happened in my town. A guy was posing as a security guard at an ATM and told people that it was out of order and that if they left their deposits with him he'd take care of it for them. Apparently he got a lot of people and was never caught.

  4. Re:Yikes!!! I'm glad I RTFA by Anonymous Coward · · Score: 4, Informative

    This reminds me of the scam using unicode (if I remember right) in URLs, so what you think is www.PayPal.com is actually www.PayPal.com (can't tell the difference? That is the point, one of the a's isn't an "a" at all, it is another character in another language that just happens to look identical, but the ascii / unicode is very different, and of course takes you to a completely different site (though it ~looks~ like you're at www.PayPal.com the entire time)).

    Scary!

  5. Re:A fool and his money by IdleTime · · Score: 2, Informative
    I see you didn't bother reading the article. Not unusual since this is /. but anyway, let me quote from the article:
    According to this web-log, there were 107,274 hits on 16-Aug-2003, and 91,573 hits on 17-Aug-2003
    More than a few hundred suckers if you ask me!
    --
    If you mod me down, I *will* introduce you to my sister!
  6. Re:Cliff Stoll by Anonymous Coward · · Score: 2, Informative

    This reminds me of Cliff Stoll- an astrophysicist who moonlighted as a sysadmin at UC Berkley, and noticed a discrepancy of a cent or less in the CPU time accounting system.

    1) HE didn't notice it, it was handed to him as an assignment to0 get him poke around and get him used to the way their computers worked because he switched jobs to the computer department recently.

    2) It was 75 cents of computer time, not "a cent or less".

    3) He refered to the the hacker less than nicely for using computer time, but used some of the same tactics to catch him ("borrowing" printers and monitors from other people's desks, etc).

  7. Re:Why don't banks and credit card companies... by leabre · · Score: 2, Informative

    They do tell you. If the customer doesn't read the agreement, then thats their problem. Usually, it is a prominent warning. I've never had to "look" for it. It was always one of the first things I read.

    Thanks,
    Leabre

  8. Re:Working phone number and one response from citi by j_kenpo · · Score: 2, Informative

    No, Mr. Joseph wouldn't know if he is not part of IT or Security/Investigations, but he is correct, there has not been a breach since Adrian Lano hacked the proxy servers a few years ago (I dont have a link to a previous story on that). But the story is not fabricated, and the response e-mail the author recieved from the fraud report was legitimate (although the aol account is questionable, it is indeed legitmate, hatsu1 stands for Home Access Tech Suport Unit 1).

  9. Re:Something similar... by RevMike · · Score: 2, Informative

    If it were in the states, you're fucked. Completely. And runaway and hide or something. Reason is, the law can't use the information because it was collected without due process (warrants and stuff).

    You should have redeemed those cereal box tops for something other than a law degree. The police in the US can most certainly use the information. The restrictions on unlawful search apply only to the government. The police can't perform an illegal search, and they can't encourage a private citizen to perform a search that they could not perform. But if the private citizen made a search on his own initiative, the evidence is most certainly admissable.

    The citizen in question here may have commited crimes himself in the course of his investigation, however, so he should probably contact an attorney who can contact the authorities and work out an immunity deal.

  10. spaces in the URL are the most devious deception by labradort · · Score: 2, Informative
    I encountered a most devious URL in the spam I received last weekend. I believe these spams are timed to launch on the weekend so that law enforcement and banks can't act for 2 days. If the user name embedded in the URL contains spaces, then the URL can be constructed so that it simply looks like your bank's real domain with no tricks!
    Here is the URL I received (in one line):
    <a href="http://www.capcity.ab.ca {over 100 spaces which I can't include
    in a slashdot posting} :UserSession=2f4d0zzz899amaiioiiabv5589955&userrst ste=SecurityUpdate&StateLevel=CameFrom@10-cheapdes ign.com">http://www.capcity.ab.ca/</a>

    The 10-cheapdesign.com site is now shut down.

    The bad guys somehow have their web server set up to not URL encode the spaces as %20, so you don't see the spaces in your address bar. The real URL you are visiting, is truncated from the view of the browser's address bar. This combined with a well worded email (you can't rely on them making spelling mistakes to catch this), and a complete replica of the website, is a dangerous thing.

    On top of that, the warnings in the news and on the bank websites are inaccurate. They say not to send user names and passwords in email. That isn't how the scam works. It appears to be a safe link to your real bank site, unless you check for the presense of spaces in the URL or the SSL certificate on the login page.

  11. Complain To Citibank by RedSynapse · · Score: 2, Informative
    To me the scariest part of this article is that citibank's own "e-mail fraud reporting" services replies to people that they should forward any further occurances of email fraud to an @aol.com email address.

    Something is very wrong.

    It seems like the citibank website is designed not to give out any email addresses but here's some addresses I've found.

    I'd recommend sending a polite e-mailthe following details:

    • A link to the sercurityfocus article http://www.securityfocus.com/infocus/1745
    • State that there was an fraud attack on citibank that may have affected over 100,000 clients.
    • State that it seems likely that citibank should be able to identify which clients were affected by checking their web logs.
    • Most importantly state that there seems to be something very wrong with their e-mail fraud reporting page, which may itself be compromised, and as such could the person you are contacting forward your e-mail to the appropriate Information Security department.
    Please note that these people are not in departments related to IT or web development, so just ask them to forward your email to the appropriate person. Trust me, if enough people complain about this it will get resolved.

    citibank@shareholders-online.com, shareholderrelations@citigroup.com, investorrelations@citi.com, fixedincomeir@citigroup.com, louis.f.fortunato@citigroup.com, evelyn.kenvin@citicorp.com, mary.cosgrove@citicorp.com, joseph.g.eicheldinger@citicorp.com, valerie.kuhl@citicorp.com, mamie.chinn-hechter@citicorp.com, geoffrey.h.siedor@travelers.com, johnsonl@citigroup.com, prettoc@citigroup.com, kevin.j.heine@citigroup.com