17,000 San Antonio Hotel Guests CC Compromised

17,000 guests at the Emily Morgan Hotel in San Antonio had their credit-card numbers stolen and used in a 3-state shopping spree to buy farm and ranch equipment, tires, machinery, all-terrain vehicles and other goods.  Prosecutors unsealed indictments Thursday against 5 people in the largest identify-theft case ever in San Antonio history.

The suspects stole stacks of stolen credit-card receipts from a storage room at the hotel to make counterfeit credit cards.  Some of the victims — mostly tourists — didn’t realize their information was compromised until months or even years later.

The indictments charge Ruben “Hollywood” Costello; his wife, Elena Ramirez Fraga; Cody Quincy Jones; Randy Ray Flaharty; and Samuel Micha Dyer with conspiracy to commit identity theft fraud.


Stealing $10 Million, 20¢ At A Time

The US Federal Trade Commission (FTC) has stopped a $10 million international scam that was siphoning off tiny amounts of cash from more than 1 million credit and debit card holders.

The elaborate scheme allegedly used identity theft to place more than $10 million in fraudulent charges against  consumers’ cards.  Consumers were hit with one-time charges of between 20¢ to $10, and the payments were routed through fake comopanies in the US to Eastern European and Central Asia bank accounts.  The operation used an expansive network of money mules to move the money overseas.

Named as defendants are the 16 fake companies and one or more persons who are unknown to the agency at this time.  They are charged with making unauthorized charges to consumers’ credit cards in violation of Section 5 of the FTC Act.  The court ordered the defendants’ assets be frozen and for the organizations to stop operating, pending a final hearing.

They used phony company names resembling real companies, and US identity theft information to open more than 100 merchant accounts that process charges to consumers’ credit and debit card accounts.  They may have run credit checks on the identity theft victims first, to insure they were creditworthy. The accused scammers also provided each fake merchant with a virtual office address, a phone number, a home phone number for the “owner,” a web site pretending to sell products, a toll-free number consumers could call, and a real company’s tax number found on the Internet.

Most consumers either didn’t notice the charges on their bills, or didn’t seek chargebacks because of the small amounts.  Consumers who called the toll-free numbers that appeared on their bills either found them disconnected or heard recordings instructing them to leave a message.

At least 14 “money mules” were duped into responding to spam email pretending to seek a US finance manager for an international financial services company.  They were paid to form 16 dummy corporations, open bank accounts to receive the card payments, then transfer the money overseas.  They used debit cards linked to these bank accounts to set up telephone service, virtual addresses and web sites that helped deceive the card processors.    Payments were sent to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus, and Kyrgyzstan.  Most times, the money mules don’t realize they are part of a money laundering ring until their bank or law enforcement agencies contact them.  They are typically recruited, given some cover story, receive money transfers, take the money out and wire it internationally to a money drop, and the money then goes to the real criminals.


Effects of Banking Trojans on SMBs

Panda Security has released an new report, finding that while a majority of respondents are concerned about online banking fraud and identity theft in their organizations, they don’t understand how best to protect their businesses.  In addition, they have a false sense of security in terms of their expectations around bank reimbursement in the unfortunate event they fall victim to fraud.

Key Findings:

  • Small businesses continued to be a prime target for cybercriminals in 2009.
  • 66%of the 25 million malware samples collected by PandaLabs in 2009 were banker Trojans.
  • 49% of respondents use online banking to make and receive payments online.
  • 52% of respondents had little or no familiarity with banking Trojans, despite increased attacks in 2009.
  • 11% of SMBs said they have or may have been affected by online fraud or identify theft.
  • 86 % of online fraud or identity theft incidents were reported to authorities.
  • 15% of SMBs either are unsure of the status of, or do not have updated security software on all systems where online transactions are conducted in their organizations.

 The Annual Report clearly demonstrates that users who are most vulnerable to banking Trojans are those who frequently conduct online banking, with small to medium-sized businesses being at particularly high risk. These organizations, ranging in size from one to 500 employees, are attractive targets because they are less aware of the myriad threats that
exist and underprepared to protect themselves owing to more limited budgets and internal resources. Moreover, SMB accounts are particularly attractive to criminals because they have higher account balances than consumer accounts, yet lack the protections of larger enterprises. 

There were several instances in 2009 that demonstrated just how vulnerable SMBs are.  In September 2009, approximately $439,000 was stolen from German bank accounts with the aid of a sophisticated banking Trojan called URLZone.   The attackers stole banking credentials from the URLZone-infected systems, and then initiated money transfers through the victims’ computer systems by using the stolen credentials. 

More recently, hackers were able to infiltrate and steal $150,000 from a small insurance company in Michigan.  Using the widely popular Zeus Crimeware Kit, attackers hacked into the controller’s computer and initiated money transfers until the company’s bank account was depleted.  These are just two recent examples out of countless attacks that happen annually.

Panda Report

BUSTED – Rent-A-Fraudster

Wired is hot with good news today!  2 more bad guys bite the dust, this time with multi-jurisdiction tested and proven.  Good work global LEO’s!!

WANTED – for ID Theft


An arrest warrant has been issued for 31-year-old Melinda April Greene, for several identity theft allegations out of the Salt Lake City area.  Greene was indicted April 14th on five counts of bank fraud and one count of aggravated identity theft.   Police have not been able to locate Greene and are asking anyone with information as to her whereabouts to call the U.S. Postal Inspection Service hotline at 877-876-2455 or their local police department.

The indictment alleges that Greene, using the identity of a real person, cashed checks, withdrew money and made other fraudulent bank transactions, involving banks and individual victims in Sandy, West Valley City, West Jordan, and Park City.