Tag: identity theft

Hawaii couple who gained attention for posing in KGB uniforms convicted of stealing identities of dead babies

[ad_1]

A jury has convicted a Hawaii couple of conspiracy, passport fraud and identity theft for stealing identities and living for decades under the names of dead babies. The couple initially made headlines after prosecutors found photos of them wearing KGB uniforms and alleged they said things “consistent with espionage.”

Jurors deliberated for about two hours before reaching guilty verdicts Monday, according to court records.

This combination of undated photos provided by the United States District Court District of Hawaii shows Walter Glenn Primose, left, also known as Bobby Edward Fort, and his wife Gwynn Darle Morrison, aka Julie Lyn Montague.

/ AP

The judge presiding over the trial in U.S. District Court in Honolulu referred to the couple by their preferred names of Bobby Fort and Julie Montague. The couple had argued in court that their actions did not harm anyone.

At the start of the trial, Assistant U.S. Attorney Tom Muehleck said the real Bobby Fort has been dead for more than 50 years. The baby had “a bad cough” and lived 3 months, Muehleck said.

One of the witnesses who testified was Tonda Montague Ferguson, who said she was in the eighth grade when her mother gave birth to her sister, Julie Montague, in 1968. But the infant had birth defects and died about three weeks later, Ferguson said.

The two babies were buried in Texas cemeteries 15 miles (24 kilometers) apart, Muehleck said.

Prosecutors said the couple’s real names are Walter Glenn Primrose and Gwynn Darle Morrison.

They had attended the same Texas high school and a classmate who had been in touch with them afterward remembered they stayed with him for a while and said they planned to change their identities because of substantial debt, Muehleck said.

The husband even used his fake identity, which made him 12 years younger, to join the Coast Guard, the prosecutor said.

When they’re sentenced in March, they face maximum 10-year prison terms for charges of making false statements in the application and use of a passport. They face up to five years for conspiracy charges and mandatory two-year consecutive terms for aggravated identity theft.

According to a criminal complaint obtained by Hawaii News Now, Primrose was allegedly issued a total of five U.S. passports under the identity of Bobby Fort. Morrison was issued a total of three U.S. passports under the name of Julie Montague, the complaint says.

The case gained attention soon after their arrests last year because prosecutors suggested it was about more than just identity theft. Early on, prosecutors introduced Polaroids of the couple wearing jackets that appear to be authentic KGB uniforms. Investigators also found an invisible ink kit, documents with coded language and maps showing military bases.

This combination of undated photos provided by the United States District Court District of Hawaii shows Walter Glenn Primose, left, also known as Bobby Edward Fort, and his wife Gwynn Darle Morrison, also known as Julie Lyn Montague, purportedly in KGB uniforms.

/ AP

Lawyers for the couple said they wore the same jacket once for fun and prosecutors later backed away from any Russian spy intrigue.

“She is not a spy,” Morrison’s attorney Megan Kau told Hawaii News Now last year.

Trending News

[ad_2]

Source link

November 1, 2023
Jury finds Hawaii couple guilty for stealing identities of dead babies

[ad_1]

A jury has convicted a Hawaii couple of conspiracy, passport fraud and identity theft for stealing identities and living for decades under the names of dead babies

ByJENNIFER SINCO KELLEHER Associated Press

October 31, 2023, 2:53 PM

FILE – This combination of undated photos provided by the United States District Court District of Hawaii shows Walter Glenn Primose, left, also known as Bobby Edward Fort, and his wife Gwynn Darle Morrison, aka Julie Lyn Montague. A jury has convicted the Hawaii couple of conspiracy, passport fraud and identity theft during a trial over allegations of that they lived for decades using names of dead babies. According to court records, jurors deliberated for about two hours before reaching guilty verdicts Monday, Oct. 30, 2023. (United States District Court District of Hawaii via AP, File)

The Associated Press

HONOLULU — A jury has convicted a Hawaii couple of conspiracy, passport fraud and identity theft for stealing identities and living for decades under the names of dead babies.

Jurors deliberated for about two hours before reaching guilty verdicts Monday, according to court records.

The judge presiding over the trial in U.S. District Court in Honolulu referred to the couple by their preferred names of Bobby Fort and Julie Montague. The couple had argued in court that their actions did not harm anyone.

At the start of the trial, Assistant U.S. Attorney Tom Muehleck said the real Bobby Fort has been dead for more than 50 years. The baby had “a bad cough” and lived 3 months, Muehleck said.

One of the witnesses who testified was Tonda Montague Ferguson, who said she was in the eighth grade when her mother gave birth to her sister, Julie Montague, in 1968. But the infant had birth defects and died about three weeks later, Ferguson said.

The two babies were buried in Texas cemeteries 15 miles (24 kilometers) apart, Muehleck said.

They had attended the same Texas high school and a classmate who had been in touch with them afterward remembered they stayed with him for a while and said they planned to change their identities because of substantial debt, Muehleck said.

The husband even used his fake identity, which made him 12 years younger, to join the Coast Guard, the prosecutor said.

When they’re sentenced in March, they face maximum 10-year prison terms for charges of making false statements in the application and use of a passport. They face up to five years for conspiracy charges and mandatory two-year consecutive terms for aggravated identity theft.

The case gained attention soon after their arrests last year because prosecutors suggested it was about more than just identity theft. Early on, prosecutors introduced Polaroids of the couple wearing wearing jackets that appear to be authentic KGB uniforms. Lawyers for the couple said they wore the same jacket once for fun and prosecutors later backed away from any Russian spy intrigue.

[ad_2]

Source link

October 31, 2023
Help Protect Your Identity for a Year With This $25 Subscription to Norton 360 and LifeLock Identity Advisor | Entrepreneur

[ad_1]

Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

You might have already noticed your spam folder growing once you became an entrepreneur, but the cyber attacks against business owners certainly don’t stop there. One report by LifeLock Identity Advisor found that small business owners are disproportionately targeted by cybercriminals.

If you want to help guard your internet use and your identity, try Norton 360 and LifeLock Identity Advisor. Through October 15, you can get a one-year subscription for only $24.99.

Protect your privacy.

Norton 360 gives you access to multiple versatile cybersecurity tools. If you want to cover your tracks online, use the secure VPN, which has a strict no-log policy. The antivirus included with your subscription helps protect against spyware, phishing, and more. And if you get a virus Norton 360 can’t remove, you get your money back.

The antivirus included with this subscription helps protect actionst virus, spyware, phishing, and ransomware, but it also comes with a promise. If your computer gets a virus Norton can’t remove, you get your money back (restrictions apply).

LifeLock Identity Advisor is a well-known brand in identity theft protection, and they even give you access to personal identity protection tools like Dark Web Monitoring. This service scans the dark web for your personal information and notifies you immediately if any turns up.

Help guard your identity and your computer.

You won’t find this deal or this price anywhere else.

Get a one-year subscription to Norton 360 Standard 2-Device with LifeLock Identity Advisor for just $24.99 (reg. $109) until October 15 at 11:59 p.m. Pacific. No coupon needed.

Prices subject to change.

[ad_2]

Entrepreneur Store

Source link

October 15, 2023
Data breach at MGM Resorts expected to cost casino giant $100 million

[ad_1]

NEW YORK — The data breach last month that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million, the Las Vegas-based company said.

The incident, which was detected on Sept. 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.

MGM said that reservations and casino floors in Las Vegas and other states were affected as customers shared stories on social media about not being able to make credit card transactions, obtain money from cash machines or enter hotel rooms. The company announced the end its 10-day computer shutdown on Sept. 20.

The incident bore all the hallmarks of an extortionary ransomware attack, which MGM has not confirmed. If so, it could be the costliest ransomware attack on record, said Brett Callow of the cybersecurity firm Emsisoft. In 2019, the Norwegian aluminum manufacturer Norsk Hydro suffered $70 million in losses after refusing to pay ransomware criminals.

“While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored,” MGM CEO Bill Hornbuckle said in a Thursday letter to customers. “We also believe that this attack is contained.”

Hornbuckle added that no customer bank account numbers or payment card information was compromised in the incident. But hackers stole other personal information, including names, contact information, driver’s license numbers, Social Security numbers and passport numbers belonging to some customers who did business with MGM prior to March of 2019, he said.

MGM has no evidence that the hackers and criminals have used the data to commit account fraud or identity theft, Hornbuckel said, noting the company will also reach out to impacted consumers via email and offer free identity protection and credit monitoring services.

“We regret this outcome and sincerely apologize to those impacted,” he added.

In a filing with the Securities and Exchange Commission, MGM said it believes that September’s data breach will have a negative impact on its third-quarter financial results, particularly in Las Vegas — but minimal impact in the fourth quarter and operational results for the year.

In addition to the estimated $100 million loss on adjusted property earnings before interest, taxes, depreciation, amortization and rent for its Las Vegas Strip resorts and other regional operations, MGM expects to incur charges totaling less than $10 million covering one-time expenses like legal fees and technology consulting.

MGM wasn’t the only casino giant to get hit by hackers last month. Caesars Entertainment disclosed a Sept. 7 cyberattack. The Reno-based company said that its casino and online operations were not disrupted.

Caesars was widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data. According to a Thursday Wall Street Journal report, which cited a unnamed person familiar with the matter, MGM refused to pay hackers’ September ransom demand.

An MGM spokesman would neither confirm nor deny the report.

Both casino operators currently face a combined nine federal lawsuits over the cyberattacks, the Las Vegas Review-Journal reported this week.

Beyond the casino world, Clorox disclosed a cyberattack recently, saying it had identified “unauthorized activity” on some of IT systems in August. The maker of bleach and other household products said the attack has caused large-scale disruption of operations, including notable product shortages and order processing delays.

In a Wednesday announcement, Clorox said its net sales are expected to fall between 23% and 28% for the first quarter of 2024.

___

Associated Press writers Frank Bajak in Boston and Ken Ritter and Rio Yamat in Las Vegas contributed to this report.

[ad_2]

Source link

October 6, 2023
Cyberattack at MGM Resorts expected to cost casino giant $100 million

[ad_1]

NEW YORK — The data breach last month that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million, the Las Vegas-based company said.

The incident, which was detected on Sept. 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.

MGM said that reservations and casino floors in Las Vegas and other states were affected as customers shared stories on social media about not being able to make credit card transactions, obtain money from cash machines or enter hotel rooms. The company announced the end its 10-day computer shutdown on Sept. 20.

The incident bore all the hallmarks of an extortionary ransomware attack, which MGM has not confirmed. If so, it could be the costliest ransomware attack on record, said Brett Callow of the cybersecurity firm Emsisoft. In 2019, the Norwegian aluminum manufacturer Norsk Hydro suffered $70 million in losses after refusing to pay ransomware criminals.

“While we experienced disruptions at some of our properties, operations at our affected properties have returned to normal, and the vast majority of our systems have been restored,” MGM CEO Bill Hornbuckle said in a Thursday letter to customers. “We also believe that this attack is contained.”

Hornbuckle added that no customer bank account numbers or payment card information was compromised in the incident. But hackers stole other personal information, including names, contact information, driver’s license numbers, Social Security numbers and passport numbers belonging to some customers who did business with MGM prior to March of 2019, he said.

MGM has no evidence that the hackers and criminals have used the data to commit account fraud or identity theft, Hornbuckel said, noting the company will also reach out to impacted consumers via email and offer free identity protection and credit monitoring services.

“We regret this outcome and sincerely apologize to those impacted,” he added.

In a filing with the Securities and Exchange Commission, MGM said it believes that September’s data breach will have a negative impact on its third-quarter financial results, particularly in Las Vegas — but minimal impact in the fourth quarter and operational results for the year.

In addition to the estimated $100 million loss on adjusted property earnings before interest, taxes, depreciation, amortization and rent for its Las Vegas Strip resorts and other regional operations, MGM expects to incur charges totaling less than $10 million covering one-time expenses like legal fees and technology consulting.

MGM wasn’t the only casino giant to get hit by hackers last month. Caesars Entertainment disclosed a Sept. 7 cyberattack. The Reno-based company said that its casino and online operations were not disrupted.

Caesars was widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data. According to a Thursday Wall Street Journal report, which cited a unnamed person familiar with the matter, MGM refused to pay hackers’ September ransom demand.

An MGM spokesman would neither confirm nor deny the report.

Both casino operators currently face a combined nine federal lawsuits over the cyberattacks, the Las Vegas Review-Journal reported this week.

Beyond the casino world, Clorox disclosed a cyberattack recently, saying it had identified “unauthorized activity” on some of IT systems in August. The maker of bleach and other household products said the attack has caused large-scale disruption of operations, including notable product shortages and order processing delays.

In a Wednesday announcement, Clorox said its net sales are expected to fall between 23% and 28% for the first quarter of 2024.

___

Associated Press writers Frank Bajak in Boston and Ken Ritter and Rio Yamat in Las Vegas contributed to this report.

[ad_2]

Source link

October 6, 2023
Paid off your mortgage? Be careful — you’re at risk of title theft.

[ad_1]

Homeowners may be thrilled when they finally pay off their mortgage, but the accomplishment comes with risks.

Retirement Tip of the Week: Be vigilant in protecting your identity and assets, and be aware of how you could fall victim to various scams or theft associated with your home.

With title theft, thieves transfer a house deed from the rightful owner to another person’s name by using the owner’s personal information. Title theft could also take the form of using equity in a home, such as by opening a home equity line of credit, known as a HELOC, according to Quicken Loans. When a house is unoccupied, thieves could go so far as to sell or rent out the property.

Title theft isn’t particularly common, but it does happen, and it’s another reason people should protect their identity and other sensitive information. Older Americans could be at higher risk, especially if they have a lot of equity in their home. About 11,500 people reported losing more than $350 million to real-estate scams in 2021, although that figure includes fraud pertaining to real-estate advertisements and rental agreements, according to the FBI.

Homeowners should keep on top of their documents and may even want to occasionally confirm their information with their county deeds office, the FBI said. Any mail from a mortgage lender should be checked to make sure it doesn’t pertain to your specific property.

If you are a victim of title theft, open an identity-theft case with the Federal Trade Commission, alert creditors about the fraud and look over your title insurance, which protects homeowners’ rights and which mortgage companies often require home buyers to have, Quicken Loans said.

There are companies that offer title-protection services, although critics say it’s not the same as title insurance and only alerts a homeowner of a problem after it has occurred.

“Do you need this service to protect your home from property thieves? The answer is no,” the Maryland Attorney General’s office said in a consumer alert about title-protection services. “Title fraud is very rare, and hardly ever successful. If someone ever tries to transfer your deed without your permission or knowledge, like these title lock companies suggest could happen, the transfer is fraudulent and void from the outset.”

Instead, homeowners should monitor their identity and keep an eye on their credit scores, the office said.

[ad_2]

Source link

September 15, 2023
ABC News – Breaking News, Latest News and Videos

[ad_1]

An 86-year-old man accused of assuming his brother’s identity decades ago and using it to double dip on Social Security benefits has been convicted of identity theft and other charges

BANGOR, Maine — An 86-year-old man accused of assuming his brother’s identity decades ago and using it to double dip on Social Security benefits has been convicted of several charges, caught by facial recognition technology that matched the same face to two different identities, authorities say.

Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling’s death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law enforcement officials said.

A U.S. District Court jury on Friday convicted him of charges including mail fraud, Social Security fraud, passport fraud and identity theft. He faces up to 20 years in prison at sentencing, with mail fraud carrying the greatest potential penalty of all the charges.

Gonzalez’s benefits were previously investigated by the Social Security Administration in 2010 for potential fraud and his benefits were upheld.

A new investigation was launched in 2020 after facial identification software indicated Gonzalez’s face was on two state identification cards.

The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials, or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office.

“When fraud is detected, the fraudulent transactions are investigated and referred for administrative and/or criminal proceedings. That is what happened with this case,” she said.

When confronted, Gonzalez claimed that he took on his deceased brother’s identity at the direction of the Air Force’s Office of Special Investigations while participating in an undercover operation in the 1960s, according to court documents. He later admitted to faking his death under his own identity and continued with his brother’s identity, the documents indicated.

Gonzalez remains free on bail. A sentencing date has not yet been set.

His lawyer didn’t immediately reply to an email from The Associated Press seeking comment.

[ad_2]

Source link

August 22, 2023
White House holds first-ever summit on the ransomware crisis plaguing the nation’s public schools

[ad_1]

The White House on Tuesday held its first-ever cybersecurity “summit” on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports.

“If we want to safeguard our children’s futures we must protect their personal data,” first lady Jill Biden, who is a teacher, told the gathering. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”

At least 48 districts have been hit by ransomware attacks this year — already three more than in all of 2022, according to the cybersecurity firm Emsisoft. All but 10 had data stolen, the firm reported. Typically, Russian-speaking foreign-based gangs steal the data — sometimes including the Social Security numbers and financial data of district staff — before activating network-encrypting malware then threaten to dump it online unless paid in cryptocurrency.

“Last school year, schools in Arizona, California, Washington, Massachusetts, West Virginia, Minnesota, New Hampshire and Michigan were all victims of major cyber attacks,” the deputy national security advisor for cyber, Anne Neuberger, told the summit.

An October 2022 report from the Government Accountability Office, a federal watchdog agency, found that more than 1.2 million students were affected in 2020 alone — with lost learning ranging from three days to three weeks. Nearly one in three U.S. districts had been breached by the end of 2021, according to a survey by the Center for Internet Security, a federally funded nonprofit.

“Do not underestimate the ruthlessness of those who would do us harm,” said Homeland Security Secretary Alejandro Mayorkas during the summit, noting that even reports on suicide attempts have been dumped online by criminal extortionists and urging educators to avail themselves of federal resources already available.

Education tech experts praised the Biden administration for the consciousness-raising but lamented that limited federal funds currently exist for them to tackle a scourge that cash-strapped school districts have been ill-equipped to defend effectively.

Among measures announced at the summit: The Cybersecurity and Infrastructure Security Agency will step up tailored security assessments for the K-12 sector while technology providers, including Amazon Web Services, Google and Cloudflare, are offering grants and other support.

A pilot proposed by Federal Communications Commission Chair Jessica Rosenworcel — yet to be voted on by the agency — would make $200 million available over three years to strengthen cyber defense in schools and libraries.

“That’s a drop in the bucket,” said Keith Krueger, CEO of the nonprofit Consortium for School Networking. School districts wrote the FCC last fall asking that it commit much more — Krueger said some $1 billion could be made available annually from its E-Rate program, which has helped expand broadband internet to schools and libraries across the country since 1997.

He said he was nevertheless heartened that the White House, Departments of Education and Homeland Security and the FCC recognize that the ransomware attacks plaguing the nation’s 1,300 public school districts are “a five-alarm fire.”

The lasting legacy of school ransomware attacks is not in school closures, multimillion-dollar recovery costs, or even soaring cyber insurance premiums. It is the trauma for staff, students and parents from the online exposure of private records — which the AP detailed in a report published last month, focusing on data theft by far-flung criminals from two districts: Minneapolis and the Los Angeles Unified School District.

Superintendent Alberto Carvalho of the Los Angeles district, the nation’s second-largest, recounted for summit attendees lessons learned and best practices for mitigating the impact of extortionist ransomware attacks.

For starters, he said, “We don’t negotiate with terrorists. We did not pay the ransom.” Carvalho noted how the FBI told him that paying ransoms doesn’t guarantee the stolen data won’t eventually find its way onto dark web forums where hackers hawk it for use in ID theft, fraud and other crimes.

While other ransomware targets have fortified and segmented networks, encrypting data and mandating multi-factor authentication, school systems have reacted more slowly.

A big reason has been the unwillingness of school districts to fund full-time cybersecurity staff. In its 2023 annual survey, the Consortium for School Networking found that just 16% of districts have full-time network security staff, down from 21% last year.

Cybersecurity spending by districts is also meager. Just 24% of districts spend more than one-tenth of their IT budget on cybersecurity defense, the survey found, while nearly half spent 2% or less.

—- This story has been corrected to show the CEO’s surname is Krueger, not Kroeger.

[ad_2]

Source link

August 8, 2023
Colorado fugitive captured in Florida was leading posh lifestyle and flaunting his wealth

[ad_1]

A career fraudster who escaped from a federal prison in Colorado nearly five years ago was captured this week while moving into a $1.5 million house near the ocean on Florida’s Gold Coast, federal officials said Friday.

Federal marshals arrested Alan Todd May, 58, at the house in Fort Lauderdale on Tuesday while movers unloaded a U-Haul truck. He was wearing a Rolex watch at the time of the arrest, and drove a high-end Mercedes, according to investigators who had been surveilling him.

It was an anonymous tipster who led authorities to May — who was living under the name “Jacob Turner” — after spotting a published photo of him at a posh fundraiser. The photo, which showed him wearing a pink shirt, pink blazer and pink-tinted glasses, was published on the website of the Palm Beach Daily News.

This fugitive wasn’t exactly keeping a low profile.

May “was living a lavish lifestyle where he was flaunting his wealth in high society down in south Florida,” Katrina Crouse, chief deputy U.S. marshal for Colorado, said in a phone interview Friday.

May — who has a string of convictions going back to 1983 for bad checks, credit card abuse, theft and fraud — was in custody in Florida awaiting extradition to Colorado. An email was sent to his federal public defender seeking comment.

The U.S. Marshals Service had been looking for May since December 2018, when he allegedly stole a U.S. Bureau of Prisons truck and escaped from a federal lockup in Englewood, Colorado. At the time, he was serving a 20-year prison sentence for mail fraud over a $7 million Ponzi scheme in which prosecutors said he used the proceeds for “extravagant personal expenses,” including houses, cars and plane tickets.

While in federal custody, May managed to steal another $700,000 by filing fraudulent documents and pilfering unclaimed oil and gas royalties that were owed to several companies, according to a June 2022 indictment charging him with mail and wire fraud.

By then, May had already been on the loose for 3 1/2 years, and the trail to catch him had long since gone cold.

He is one of dozens of people who’ve escaped from federal prisons in the U.S. over the last few years. The federal Bureau of Prisons has struggled with security at federal prisons across the country, with some prisons having such lax security that doors are left unlocked, security cameras are broken and officials sometimes don’t notice an inmate is missing for hours.

May himself had a head start of 24 to 48 hours before the U.S. Marshals Service was put on the case, giving him a clear advantage, Crouse said.

After May was indicted in the oil-and-gas scheme last year, the marshals service renewed its push to find him, asking for the public’s help and posting a $5,000 reward. Tips then came in from California, Wisconsin, Michigan, Texas and Florida.

Investigators’ big break came on July 25, when the tipster recognized May in the newspaper photo and alerted the marshals. May had attended a fundraiser for a Palm Beach area suicide hotline group, posing for one of hundreds of photos taken at the event.

Investigators tracked May to a penthouse apartment in Palm Beach. On Tuesday, they followed May’s partner in a U-Haul moving truck from Palm Beach almost 50 miles (80 kilometers) to the couple’s new address in Fort Lauderdale, where May was arrested without incident.

“I’d like to recognize and thank the anonymous tipster for the information they provided that directly led to the arrest of this unorthodox fugitive,” District of Colorado U.S. Marshal Kirk Taylor said in a written statement.

With May finally back in custody, investigators have turned their attention to whether he had help. They are looking into the source of his apparent riches, and whether he victimized anyone else while on the run.

“This guy is very, very good at fooling people,” Crouse said. “So how he was living high on the hog, we’re not 100% sure yet.”

A message was left for the suicide hotline group seeking information about May’s attendance at the fundraiser. The man who was pictured with May in the photo declined comment Friday when reached by The Associated Press.

A LinkedIn page associated with May said that “Jacob Turner” — his alias — was a “certified mediator” in Palm Beach. May, it turned out, had completed a class on mediation while in prison.

“You can’t make this stuff up,” Crouse said.

___

Associated Press writer Michael Balsamo in Washington contributed to this story.

[ad_2]

Source link

August 4, 2023
In

[ad_1]

Washington — A sophisticated cybercrime marketplace that sold the “digital fingerprints” of breached computer systems was toppled on Tuesday after more than 100 alleged users were arrested in a coordinated international seizure operation, the Justice Department and FBI announced Wednesday.

Genesis Market — a darknet site that sold data containing login credentials for bank accounts, social media passwords and IP addresses from identity theft and data breach victims — sold 80 million sets of identifying information from more than 1.5 compromised million computers, according to investigators.

Dubbed “Operation Cookie Monster” — a nod to the identifying data known as “cookies” collected on individual computers — the international law enforcement action spearheaded by the FBI and European partners resulted in the arrest of nearly 120 suspected users of the illegal exchange and the seizure of Genesis’ domain. In all, 15 countries including the United Kingdom and Australia joined the operation.

Some suspects were arrested in the United States, according to senior law enforcement officials, and the investigation is ongoing.

In the more than five years since its inception, Genesis acted as one of the most prolific initial access brokers of stolen information, allegedly selling data that was later used by ransomware attackers to gain access to computer networks in the U.S. and around the world. The stolen data that the marketplace advertised for sale included credentials related to the financial sector, critical infrastructure and all levels of government, the Justice Department said.

Users in nearly every country in the world could essentially shop online for the type of personal information they wanted to buy. Genesis’ website made it easy to search, based on location or account type. Operating on an invitation-only status, senior law enforcement officials said Genesis sold bots that essentially acted as a “subscription” service to access compromised systems, at times updating the log-in credentials as victims changed their passwords. This ensured continued access to the targeted systems.

“We aren’t just going after administrators or taking the sight down. We are going after the users,” the officials said in announcing the Gensis takedown.

The Genesis seizure is the latest in recent operations by U.S. investigators and their partners across the globe to target bad actors on the internet. Last month, the FBI arrested the founder of BreachForums, one of the world’s largest exchanges for cybercriminals to buy, sell, and trade hacked or stolen data, including bank accounts and special security numbers. And in January, the FBI and international law enforcement partners toppled a ransomware group after more than a year of spying on the cybercriminals from inside the network. The criminal enterprise, known as Hive, targeted more than 1,500 institutions in over 80 countries since June 2021, amassing over $100 million from its victims.

“Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice,” Attorney General Merrick Garland said in a written statement Wednesday.

Federal investigators advise potential victims of Gensis’ sale of personal data to visit HaveIBeenPwned.com, a free service that determines whether their information was compromised in the scheme and, if necessary, changes their login credentials.

Trending News

[ad_2]

Source link

April 5, 2023
2 escape jail and go to IHOP, where patrons report them

[ad_1]

Authorities say two inmates in a Virginia jail used primitive tools to create a hole in the wall of their cell and escape and were found hours later at an IHOP restaurant nearby

NEWPORT NEWS, Va. — Two inmates in a Virginia jail used primitively made tools to create a hole in the wall of their cell and escape, only to be found hours later at an IHOP restaurant nearby, a sheriff said.

Authorities discovered the two men, ages 37 and 43, missing from their cell in the Newport News jail annex during a routine head count Monday evening, according to a statement from the Newport News Sheriff’s Office.

A preliminary investigation found the men exploited a weakness in the jail’s construction design and used tools made from a toothbrush and a metal object to access rebars between the walls — and then used the rebar to further their escape, the statement said. After escaping their cell, they scaled a containment wall around the jail.

Authorities had asked for the public’s help to find the men, and they were taken into custody again early Tuesday at an IHOP in Hampton when other patrons called police.

“It reinforces what we always say, ‘See something, say something,’” Sheriff Gabe Morgan said.

The sheriff’s office said it is investigating to help prevent further escapes.

One man, who lives in Hampton, had been in custody on charges including contempt of court and probation violations.

Another, a Gloucester resident, was being held on charges including credit card fraud, forgery, grand larceny and probation violation.

Charges related to the escape are pending, the sheriff said.

[ad_2]

Source link

March 22, 2023
Health data breach hitting Congress ‘could be extraordinary’

[ad_1]

WASHINGTON — House leaders say the impact of a hack of health insurance marketplace used by members of Congress “could be extraordinary,” exposing sensitive personal data of lawmakers, their employees and families.

DC Health Link, which runs the exchange, said an unspecified number of customers were affected and it was notifying them and working with law enforcement to quantify the damage. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.

Some 11,000 of the exchange’s more than 100,000 participants work in the House and Senate or are relatives.

In a letter to the exchange’s director posted on Twitter, House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries said the breach “significantly increase the risk that Members, staff and their families will experience identity theft, financial crimes, and physical threats.”

They said the FBI had informed them that it was able to purchase the stolen data on the dark web, where it was offered for sale for an unspecified amount Monday on a hacker forum popular with cybercriminals.

The FBI said in a brief statement Wednesday evening it said it was aware of the incident and was assisting.

In the letter, McCarthy and Jeffries said “the individuals selling the information appear unaware of the high-level sensitivity of the confidential information in their possession, and its relation to Members of Congress” but that would change as media reports publicized the breach.

They said the FBI had not yet determined the extent of the breach but that thousands of House members, employees and their families have enrolled in health insurance through DC Health Link since 2014. “The size and scope of impacted House customers could be extraordinary.”

It was not clear whether and how the FBI could guarantee that copies of the stolen data are not circulating in the cybercrime underworld.

In the sale offer, a broker on the online crime forum claimed to have records on 170,000 DC Health Link customers and said they were stolen Monday. Reached on Wednesday via encrypted chat, the broker said they were acting on behalf of a seller known as “thekilob.”

By Thursday, the offer and sample stolen data posted to the forum had been removed. The data listed Social Security numbers, addresses, names of employers, phone numbers, emails and addresses for a dozen DC Link participants. The AP reached one by phone on Wednesday evening.

“Oh my God,” the man said when informed the information was public. All 12 people listed work for the same company or are family members.

In an email to all Senate email account holders on Wednesday, the sergeant at arms recommended that anyone registered on the health insurance exchange freeze their credit to prevent identity theft.

An email sent out by the office of the Chief Administrative Office of the House on behalf of McCarthy and Jeffries called the breach “egregious” and urged members to use credit and identity theft monitoring resources.

In an emailed statement on Wednesday, Rep. Joe Morelle of New York said House leadership was informed by Capitol Police that DC Health Link “suffered an extraordinarily large data breach of enrollee information” that posed a “great risk” to members, employees and their family members. He said the FBI was still determining the “cause, size, and scope of the data breach.”

The hack follows several recent breaches affecting U.S. agencies. Hackers broke into a U.S. Marshals Service computer system and activated ransomware on Feb. 17 after stealing personally identifiable data about agency employees and targets of investigations.

An FBI computer system was recently breached at the bureau’s New York field office, CNN reported in mid-February. Asked about that intrusion, the FBI issued a statement calling it “an isolated incident that has been contained.” It declined further comment, including when it occurred and whether ransomware was involved.

There was no indication the DC Health breach was ransomware-related.

___

Bajak reported from Boston.

[ad_2]

Source link

March 9, 2023
Congress members warned of significant health data breach

[ad_1]

WASHINGTON — Members of the House and Senate were informed Wednesday that hackers may have gained access to their sensitive personal data in a breach of a Washington, D.C., health insurance marketplace. Employees of the lawmakers and their families were also affected.

DC Health Link confirmed that data on an unspecified number of customers was affected and said it was notifying them and working with law enforcement. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.

The FBI said it was aware of the incident and was assisting the investigation.

A broker on an online crime forum claimed to have records on 170,000 DC Health Link customers and was offering them for sale for an unspecified amount. The broker claimed they were stolen Monday. Reached by The Associated Press on an encrypted chat site, the broker did no say whether the data had been purchased and said they could not provide additional data to back the claim. They said they were acting on behalf of the seller, who they identified as “thekilob.”

Sample stolen data was posted on the site for a dozen apparent customers. It included Social Security numbers, addresses, names of employers, phone numbers, emails and addresses. The AP reached one of the dozen by dialing a listed number.

“Oh my God,” the man said when informed the information was public. All 12 people listed work for the same company or are family members.

In an email to all Senate email account holders, the sergeant at arms said it was informed that the stolen data included full names of the insured and family members. An email sent out by the office of the Chief Administrative Office of the House on behalf of House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries called the breach “egregious” and promised to provide updates. It urged members to use credit and identity theft monitoring resources.

The Senate email recommended that anyone registered on the health insurance exchange freeze their credit to prevent identity theft.

In an emailed statement, Rep. Joe Morelle of New York said House leadership was informed by Capitol Police that DC Health Link “suffered an extraordinarily large data breach of enrollee information” that posed a “great risk” to members, employees and their family members. “At this time the cause, size, and scope of the data breach impacting the DC Health Link still needs to be determined by the FBI,” Morelle said.

The hack follows several recent breaches affecting U.S. agencies. Hackers broke into a U.S. Marshals Service computer system and activated ransomware on Feb. 17 after stealing personally identifiable data about agency employees and targets of investigations.

An FBI computer system was recently breached at the bureau’s New York field office, CNN reported in mid-February. Asked about that intrusion, the FBI issued a statement calling it “an isolated incident that has been contained.” It declined further comment, including when it occurred and whether ransomware was involved.

There was no indication the Health breach was ransomware-related.

___

AP Technology Writer Frank Bajak in Boston contributed to this report.

[ad_2]

Source link

March 8, 2023
How to make your credit cards less vulnerable to fraud

[ad_1]

Last year, one of my family’s credit cards was used to rack up hundreds of dollars in bogus charges at Apple.com. Another card was compromised four times in a row, as thieves repeatedly charged merchandise and Uber rides.

We ultimately got our money back, but repeated credit card fraud can be frustrating and disheartening. Dealing with the aftermath taught me to prize security over convenience, and to change some bad habits that made me an easier target.

Clock is ticking on reporting fraud

Under the Fair Credit Billing Act, consumers have 60 days after bogus charges show up on a statement to report them to the credit card issuer to avoid most liability, said attorney Amy Loftsgordon, legal editor at Nolo, a self-help legal site. (The law limits a consumer’s liability to $50 per series of unauthorized uses, but most issuers waive that, Loftsgordon said.)

So my heart sank when I realized that the fraud on our Apple.com account had started at least six months earlier.

I’d noticed that the Apple.com charges had been ticking up, but assumed my husband was buying more audiobooks and my daughter was downloading more games. I’d grouse at them occasionally; they would proclaim innocence and the charges would continue.

Finally, the thief went too far and charged over $300 in a single month. I contacted Apple and discovered our card had been used to purchase dating apps and virtual phone numbers, which were likely being used to scam other people. The electronic receipts for these purchases were sent to an email address I didn’t recognize.

A new card didn’t stop the fraud

The kicker: The thief was using a credit card number that had already been reported as compromised. Normally, credit card issuers will deny new charges on a compromised number. But according to the card issuer, the thief started their crime spree during the few days that my replacement card was in the mail. Since we already made regular purchases at Apple.com, the card issuer assumed the charges using the old card were legit and allowed them to go through “as a courtesy” — month after month. (I was assured that this sequence of events “is extremely rare and hardly ever happens.”)

An Apple customer service representative deleted the most recent month’s charges and the issuer removed the rest — even those well past the 60-day mark.

My takeaways: Sites where you make multiple purchases each month need to be monitored carefully for bogus transactions. Compare what your credit card statement says you’ve charged with your purchase history on the site. You may have to search online for how to find that history — Apple certainly doesn’t make it easy or intuitive to find your charges. And if you find fraud, report it, even if it’s beyond the 60-day deadline.

Don’t store card info on browsers, websites

It’s still not clear why my other card was repeatedly compromised. I’d no sooner get a replacement card than I would receive a text from the issuer asking about another suspicious transaction.

I removed the card from the browsers and websites where it had been stored. We may like the convenience of not having to type in our credit card numbers, but every place we store our cards is another place where they can be stolen, said security expert Avivah Litan, a distinguished vice president analyst with research firm Gartner Inc.

The mobile app for this card allowed me to see many of the places where my card was saved. But the list wasn’t complete. After the fourth hack, a phone rep said my card was stored at Airbnb, Walmart.com and Uber — three places that didn’t show up in my app and that I hadn’t authorized. The rep disconnected the card from those accounts. In the future, I’ll call in to report fraud so I can ask for this review rather than merely responding to a text warning or going online. I also learned that I could “lock” my card in the mobile app to prevent unauthorized use. Unlocking it when I want to make a charge just takes a few seconds. I wish more issuers offered this feature.

At the issuer’s suggestion, I ran antivirus and anti-malware software (my devices were clean) and changed the passwords on my email accounts as well as my financial accounts, in case a thief had broken into those. I already had two-factor authentication, which requires a code and a password to sign in, on my financial and email accounts. I added it to my most-used retail sites as well.

I’ve also started using a mobile payment system wherever possible. These systems — which include Apple Pay, Google Pay and Samsung Pay — create a “token” that’s transmitted to merchants so that your credit card number is never exposed or stored. Similarly, some credit card issuers will provide virtual numbers that you can use instead of your real account number when making purchases online.

I don’t imagine all this will make me fraud-proof, because that’s impossible. I’m just trying to make the thieves work a little harder next time.

This column was provided to The Associated Press by the personal finance website NerdWallet. Liz Weston is a columnist at NerdWallet, a certified financial planner and author of “Your Credit Score.”

Trending News

[ad_2]

Source link

February 20, 2023
How to Protect Your Business and Personal Bank Accounts
[ad_1]

Opinions expressed by Entrepreneur contributors are their own.
In 2021, Americans lost approximately $5.8 billion from identity theft. There were 2.8 million consumer identity theft incidents reported, which means there could have been much more. Of that, $2.3 billion were from imposter scams, and $392 million were from consumer online shopping. For businesses, 47% of all businesses had one form or another of fraud affect them. According to the FBI, in 2020, scams cost U.S. businesses over $1.8 billion. And since 2020, fraud cases are up by over 70%.

If you’re not alarmed by this info, you should be.

The hard truth is that even though many companies you deal with will try to keep your personal and business information private and inaccessible to these criminals, it ultimately comes down to you being fully aware of the various types of identity theft there are, and most importantly, how to prevent it from happening. If you take the stance that this is someone else’s responsibility, you’re placing yourself and your business at high risk simply by having the wrong attitude!

So, here is some great info that you can take action on for both your business and personal protection:

Related: How to Prevent Identity Theft in Today’s Digital World

1. What is identity theft?

The below definitions come straight from the Bureau of Justice Statistics website: The definition of personal identity theft includes three general types of incidents:
- unauthorized use or attempted use of an existing account
- unauthorized use or attempted use of personal information to open a new account
- misuse of personal information for a fraudulent purpose.
The definition of business identity theft (also known as corporate identity theft) is:
- The illegal impersonation of a business.
In that broad description of business fraud, it includes any type of business structure that has an Employee Identification Number (EIN), also known as a Tax Identification Number (TIN) — meaning that this can range from a sole proprietor making peanuts to a large C-corp generating millions.

2. Various types of identity theft

There are many ways that people can get your business/personal information. Here are the most common:
- Online: This is what most folks think of when they think of identity theft. This involves crimeware, which is considered malicious software used to steal personal information. We usually call these things worms. The most common types include phishing, spyware and Trojan horses through emails. And the best way to prevent this from happening is to avoid unsecured networks, such as those found in airports, coffee shops, etc. Delete any emails that seem suspicious. Another idea is to keep your spyware protection software on your computer systems as up-to-date as possible.
- Offline: This is almost 90% of how all fraud starts! Let’s call this one “old school.” This is when you receive calls or emails that request your business and/or personal information. Scammers will impersonate any number of companies, like banks, insurance and even IRS agents! The scammers will always say that you owe them money for one reason or another (by the way, did you know that your bank will never call and say you owe them money? Nor will the IRS). What’s the best way to fight this type of fraud? First, never give out your business or personal information to any company, no matter how legitimate the phone call or email seems. Second, simply hang up if it’s a phone call and/or do not reply to any email — just hit delete.
- Large-scale identity theft: This is when a hacker gets past a firewall at a company like Target and can then access your account numbers, credit card and/or debit card numbers along with PIN numbers. In this type of instance, there isn’t much you or I can do to prevent this type of breach from happening. What we can do is be prepared for a rapid reaction. This type of theft will make national news, so if you hear of this happening, respond immediately by changing your all usernames and passwords and canceling and then ordering new debit and credit cards.
- Internal employee identity theft: This is when you have employees with access to vital banking and account information. They may wire or Zelle funds to themselves or anyone. They can steal checks from your office and write those checks to themselves or others. They can also sell this information to people for cash if they choose to. The reality is that if you have provided this employee with access to your bank account, then the banks cannot do much since you allowed someone access. Therefore, the bank is not at fault, and while they will do what they can to help and get some money back, they are not responsible, you are. The good news is that the court system can do something about this situation. The only way to prevent this is either by doing all your banking yourself, and/or being REALLY picky about who gets access and to what information.
Related: Make Your Businesses Invulnerable to Corporate Identity Theft

3. Examples of business identity theft
- Bogus social media accounts: Check your social media accounts, and see if there are any Facebook pages, Instagram pages or other social media sites you use that are pretending to be your business.
- Bogus websites: Naïve customers are directed to these sham websites through search engines, various social media ad campaigns or phishing email scams.
- Phishing emails: These fake emails are sent by scammers to employees and usually have a type of spyware attached to them that will activate once you click on a link.
- Bogus tax information: Scammers use stolen business information to file fraudulent tax returns in order to attempt to receive a refund.
- Ransom of your trademark: Criminals steal your business name/logo and register it as an official trademark of their own. Then, after they wreak havoc, they’ll actually demand a ransom to release the trademark!
- Bogus invoices: You’ll get this from a scammer pretending to be your vendor asking for money. It will look legit as it will have the logo, etc. on it.
4. How to prevent personal and business identity theft:

There are many, many ways to help prevent identity theft. Here is a short list to get you started:
- Shred any and all statements: Credit cards, bank, mortgage, etc. Better yet, set up auto-pay and use online statements instead.
- NEVER provide personal/business info over the phone: Never do this unless you made the call and can identify the person/company.
- Software protection: Consider getting some type of protection onto your personal and business computer.
- Get identity theft protection: Think of companies like LifeLock.
- Don’t keep your SS card in your wallet/purse: Maybe even consider this for ALL your credit and debit cards?
- Create longer passwords: If you can get 10-15 digits in there, with a mix of letters, numbers and special characters, then you have a good one.
- Check your credit reports: Be sure to check your credit reports at least monthly if not more often. You can get them from the actual credit companies, not the knockoffs.
- Be wise about shopping online: Practice common sense here. Use sites like Amazon and not some unknown site.
- Be wise about social media: Maybe only send friend requests to folks you actually know, and give a double-check on an account that looks weird or off in some way.
- Unsecure networks: Stay away from places like coffee shops that have Wi-Fi but are not secure.
- Healthy skepticism: When someone is contacting you by email or phone, be VERY sure of who they are before clicking any links or providing any info.
Pro Tip: Ninety percent of fraud is still initiated by receiving a phone call, NOT from someone mysteriously accessing your bank account. I help customers each week with fraud, and the truth is that the fraud happened because they GAVE a fraudster the username and password over the phone. Every. Single. Time. Just be smart, folks.

Related: How to Protect Yourself and Your Business From Fraud
[ad_2]

John Kyle

Source link
February 13, 2023
NYC public employees among 19 accused of pandemic aid fraud

[ad_1]

NEW YORK — Nineteen people including 17 New York City and New York state public employees were charged in a federal complaint unsealed Wednesday with submitting fraudulent applications for funds intended to help small businesses survive the coronavirus pandemic.

The accused, including employees of New York City’s police department, correction department and public school system, listed themselves as owners of businesses that in some cases did not exist in their applications for funds through the Small Business Administration’s Economic Injury Disaster Loan program and Paycheck Protection Program, federal prosecutors in Manhattan said.

The defendants collectively stole more than $1.5 million from the SBA and financial institutions that issued SBA-guaranteed loans, prosecutors said.

One defendant, a school paraprofessional, claimed in her loan application that she owned a hair and nail salon with 45 employees and $500,000 in annual revenue, according to the complaint. Bank records showed that the defendant in fact had no significant source of income other than her Department of Education salary, investigators said.

The paraprofessional received $150,000 from the Economic Injury Disaster Loan program and spent the money on a trip to Las Vegas and purchases at Louis Vuitton, Macy’s and other retailers, according to the complaint.

“Scheming to steal Government funds intended to help small businesses weather a national emergency is offensive,” U.S. Attorney Damian Williams said in a news release. “And, as public employees, these folks should have known better. This Office will continue to prosecute those who use fraud to line their pockets with taxpayer money.”

The defendants were charged with wire fraud, and nine were also charged with conspiracy to commit wire fraud. One defendant was charged with aggravated identity theft. Information on their attorneys wasn’t immediately available.

Auditors say the speed with which federal emergency loan programs were set up in the early months of the COVID-19 pandemic in 2020 left the programs vulnerable to fraud, though millions of legitimate businesses benefited from the programs.

“There’s no doubt they’ve had a positive impact. However, the management of these programs needs to be dramatically improved,” U.S. Comptroller General Gene L. Dodaro said last year.

[ad_2]

Source link

November 30, 2022
Here’s How Your Business Can Stop Fraud in Its Tracks

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

For some businesses, fraud is nothing more than an accepted expense casually factored into the company’s bottom line. But for those who understand the true threat, fraud is a risk that must be prevented and stopped at all costs. We’ve become so accustomed to fraud’s existence that it now, unfortunately, seems like a fact of life. It doesn’t have to be this way, but preventing fraud requires a paradigm shift. It requires knowing your customer (KYC) and adopting practices that many companies have shied away from for years. Fraud will keep increasing until the business world embraces prevention from the first stages of customer interaction.

Fraud is a business problem

The internet has made fraud easy. Covid-19 made it even easier, with more businesses moving their workflows to digital platforms. Unfortunately, without a subsequent improvement in security practices, this digitalization exponentially increased the attack surface area for fraudsters worldwide who won’t hesitate to seize the advantage. According to LexisNexis, there was a 19.8% increase in fraud costs from 2019 to 2022.

Fraud costs are a real problem for businesses. Of course, individuals bear the cost of fraud as well, but companies see a significant impact on their bottom line. Each $1 of fraud, according to the same LexisNexis study, costs eCommerce merchants in America an actual $3.75 once the response is all said and done. All told, fraudsters were able to steal about $28 billion in 2021 alone through identity fraud. Our current economic downturn means fraudsters will be more, not less, bold in their attacks.

Clearly, fraud is more than a pesky issue. Not only does it cost both businesses and customers vast amounts of money, but it can also lead to significant damage to a brand. Businesses risk losing customers’ trust if they don’t appear to be tackling the issue and keeping their customers safe. This problem is incumbent upon companies to solve. However, it’s not as hard as we might think.

Related: Why Verifying User Identities Is a Good Thing For Your Customers and Your Business

Most fraud starts (and ends) with identity

Most scams start at account creation, where a fraudster impersonates a real person or creates a fake persona to carry out fraudulent activity. KYC has historically consisted of methods like human-based document verification, SSN, knowledge-based authentication (KBA), as well as other database information to identify a person is who they are claiming to be by what they know about the individual. This might have worked 20 years ago, but the traditional methods we have been accustomed to are not cutting it anymore. Too much personal information is available online, and fraudsters can usually find the answers to security questions through data dumps or trolling a victim’s social media. Luckily, the solution already exists, using widely-accepted tools and stopping identity fraud at the source — account creation.

Strong KYC practices at onboarding have often been avoided because of the misconception that they create too much friction for users. Truthfully, the tools are in place to make this a frictionless transaction. All the customer needs to do at the onset is capture their government-issued ID and then take a selfie. Such a small step can significantly reduce problems later on by creating an environment where fraud is prevented from the outset. It also sets the stage for frictionless continued fraud prevention using the selfie biometric for ongoing re-authentication.

The secret behind strong, ongoing KYC

Strong onboarding practices create a highly effective and streamlined re-authentication process for subsequent transactions with a customer. As the customer continues to interact with a business, it can use advanced analytics to build a baseline of behavior to assess risk levels dynamically. All the customer sees is the occasional request for a selfie, which then is compared with multiple other data points to verify a person’s identity.

Another term for this practice is multi-factor authentication (MFA). That’s lazily been construed as “security measures” like SMS-based one-time passcodes. Unfortunately, while such added security measures are standard in business, they’re among the easiest MFA methods to break — a thief can intercept an SMS-based code for as little as $16.

That doesn’t mean MFA needs to be completely thrown out. The concept is based in fact: The most secure identity verification consists of a combination of something you are, something you know and something you have. The hardest to spoof is something you are: biometrics. These include fingerprints, facial scans, voice recognition and retina scans (among many others). Today’s modern biometrics proofing is quickly approaching 100% accuracy.

Incorporating these security measures also creates much stronger assurances for the company, since friendly fraud is a big problem. With facial recognition integrated into the account management process, companies now have time-stamped, verified proof that a person did make that purchase. With some simple tweaks to identity verification, businesses could save over $48 billion per year in fraudulent chargebacks.

Related: The Technologies Consumers Can Use to Combat Fraud

Active monitoring — the key to continued success

The journey doesn’t stop at biometrics, though. A robust orchestration layer is needed to organize the tiny pieces of data spread across the internet into a comprehensive picture of each unique customer. This behind-the-scenes work can help monitor the KYC fundamentals to vet for fraud continuously.

Orchestration and active monitoring also help keep the good customers while weeding out (or even preventing from the start) the customers you’d rather not do business with. Using a trusted vendor to execute these third-party identity verification actions, on top of the original and ongoing verification methods maintained in-house, helps businesses with underwriting. You can also assess risk in real-time; if a customer is usually in California but trying to sign in from Russia, you’re better able to catch the fraud and stop it in its tracks.

Related: The Solution to Preventing Identity Theft in an Increasingly Digital World

Simple KBA methods alone can’t keep up with advanced identity fraud techniques. Unfortunately, many companies equate better identity proofing with a worsened customer experience, but in reality, fraud prevention can enhance interactions and even streamline workflows for businesses and customers alike. Businesses can have their cake and eat it, too, by incorporating better identity verification from the start of the customer’s journey, along with biometric-based MFA and continuous, active monitoring. Our customers deserve it, and it will take a big bite out of the global identity fraud game.

[ad_2]

Clayton Roth

Source link

November 30, 2022
Gaetz friend says lighter sentence deserved for cooperation

[ad_1]

ORLANDO, Fla. — A former Florida tax collector whose arrest led to a federal investigation of U.S. Rep. Matt Gaetz learns this week how much prison time he gets on charges of sex trafficking a minor and identity theft, but not before trying to persuade a judge that his cooperation in several probes should lighten his sentence.

Former Seminole County Tax Collector Joel Greenberg had faced a prison sentence of between 21 and 27 years under federal sentencing guidelines, but prosecutors asked a judge to substantially reduce any sentence of incarceration. During a court hearing Wednesday, U.S. District Judge Gregory Presnell calculated that the reduction would put prison time at between 9 1/4 and 11 years. The judge will make a final sentencing decision Thursday.

Greenberg pleaded guilty to six federal crimes, including sex trafficking of a minor, identity theft, stalking, wire fraud and conspiracy to bribe a public official. Prosecutors said he had paid at least one underage girl to have sex with him and other men.

His attorney, Fritz Scheller, told the judge that the jurist has the discretion to reduce the prison time even further. But the judge during Wednesday’s hearing appeared disinclined to follow that advice and seemed ready to add more time since he said he didn’t think the sentencing guidelines worked appropriately in Greenberg’s case. Greenberg was in the courtroom during the hearing.

“I have, I think, considerable discretion to deal with this anomaly,” Presnell said.

Scheller told the judge that Greenberg had assisted in the probes of two dozen individuals, including eight people being investigated for sex crimes. Greenberg’s cooperation had led to four federal indictments and two new indictments were expected in the coming months, said Scheller, without elaborating on which type of cases the new indictments involved.

“It’s clear that his cooperation has been useful,” said Scheller, noting that Greenberg had given testimony to prosecutors on 15 occasions.

The minor in the sex crimes case was almost an adult and had advertised as being over age 18 in her escort profile on the website “Seeking Arrangements,” which facilitates “sugar daddy” relationships, Scheller said in court papers.

“Greenberg appreciates the seriousness of his crimes. Based on such a recognition, he has been trying to make amends through cooperation and the payment of restitution,” Scheller said. “He has provided significant substantial assistance to the government in the areas of public corruption, election fraud, wire fraud, and sex trafficking.”

The judge should also take into consideration Greenberg’s struggles with mental illness, starting with an attention-deficit disorder diagnosis at age 7 and panic attacks, depressive and anxiety disorders as an adult. At the time he committed the crimes, he was suffering from bipolar disorder with symptoms of mania, which affected his judgment and impulse control, Scheller said.

Both prosecutors and Greenberg’s defense attorney filed documents under seal and out of the public eye, saying they were part of ongoing investigations being conducted by federal authorities in Florida and Washington, as well as state investigators.

Greenberg’s cooperation could play a role in the ongoing probe into Gaetz, who is being investigated over whether he paid a 17-year-old for sex. Gaetz has denied the allegations and previously said they were part of an extortion plot. Gaetz, a Republican, represents a large part of the Florida Panhandle. No charges have been brought against the congressman.

Greenberg has been linked to a number of other Florida politicians and their associates. So far, none of them has been implicated by name in the sex trafficking probe.

In his sentencing memo asking for leniency, Scheller noted that other potential co-conspirators that Greenberg has named, “including public figures,” haven’t yet faced criminal charges. If prosecutors want to use Greenberg as an example to deter crime, then those others should face justice too, he said.

“Unfortunately, at the time of Greenberg’s sentencing, many of these individuals have not been held to account,” Scheller said.

———

Follow Mike Schneider on Twitter: @MikeSchneiderAP

[ad_2]

Source link

November 30, 2022
5 Ways Facial Biometrics Can Help Your Business

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

Using a person’s face to authenticate themselves is something that humans have been doing for hundreds of thousands of years. New technological advancements have transformed how we interact with one another, and businesses especially are capitalizing on these advancements to verify identity. Those previous pillars of in-person and digital verification, like knowledge-based authentication (KBA), are no longer adequate protection against fraud.

Why? Just as technology advances, so does fraud. Facial biometric technology has become the foundation that businesses and consumers rely on to verify their identities. In this article, we will provide the top five reasons facial biometrics can help your business.

Related: The Importance of Having Accurate Facial Recognition

1. It’s highly accurate and can stop fraud

Facial biometrics offer businesses a high degree of confidence that the customer is a legitimate user and is who they claim to be. The authentication process is streamlined in a way that passwords and traditional two-factor authentication (2FA) never could be — all users need to do is look at their device or any other camera to prove their identity.

In addition to being highly difficult for fraudsters to compromise due to the accuracy of facial recognition technology, the leading algorithms also now produce near-zero bias, performing far better than manual human review. In fact, in one recent study of facial recognition algorithms, NIST found the technology could identify passengers boarding an airplane at an accuracy rate of 99.5%. Furthermore, this success rate (for the top facial recognition algorithms) was the same regardless of demographics, meaning race or gender had no meaningful impact on accuracy.

This level of accuracy can significantly impact a business’s ability to combat a variety of types of fraud. For example, companies can have much more confidence at account creation that the user is real through identity confirmation (as long as they match the selfie with liveness detection and an authentic government-issued ID). It can also prevent account takeover fraud; SMS-based 2FA is notoriously easy to intercept, and modern algorithms are getting ever-better at weeding out sophisticated 3D masks or similar facial spoofing hacks.

2. It’s easy for users

Facial biometrics are also effortless for users to adopt. Customers are easily turned off by clunky authentication measures like KBA, particularly if they’re required multiple times during a transaction. It’s much simpler to look at your camera and take a selfie instead of inputting a password or receiving a text message.

Facial biometrics is also gaining wider and wider acceptance among the general population. As concerns about privacy and accuracy are addressed and corrected, this technology will continue to gain widespread acceptance. While using any biometrics method is better than not using it at all, there is a reason why all of our devices have moved to facial biometrics for unlocking: Simply put, it’s easier for the user. Businesses can take advantage of this growing acceptance and make the user experience simpler and more secure with one step, leading to happier customers.

Related: How Biometric Solutions Are Shaping Workplace Security

3. It provides strong underwriting

More and more businesses are adopting heavy underwriting practices to combat fraud and meet regulatory requirements. Friendly fraud is a high cost to modern businesses. Unfortunately, fraudsters may attempt to claim a legitimate purchase occurred, a subscription was renewed or an account change was made fraudulently and request a chargeback to their payment. Merchants overwhelmingly bear the burden of this fraud when they can’t prove identity, but facial recognition can reduce its occurrence significantly.

Just like having an eyewitness at the scene of the crime, facial biometrics provides businesses with a time-stamped, verified image of a person making a transaction. When someone attempts to dispute a charge, that company has irrefutable proof that the person did, in fact, make the purchase. This is also important for meeting regulatory requirements and even protecting businesses from fines and lawsuits. It also provides solid evidence in the case of any future audits on a customer’s account or purchase history.

4. It can reduce operational costs

Facial biometrics can reduce operational costs by removing the need for current labor-intensive security checks that are used to confirm a customer’s identity for suspicious purchases, wire transfers or account changes. This includes texting or emailing a client as well as even calling them to ensure they are the ones behind the event. These customer service costs can quickly add up, not to mention the fact that you’re increasing the opportunities for your users to experience poor customer service as well as opening your business up to fraud via man-in-the-middle attacks.

In addition, the number of analysts needed to review, monitor and even rectify transactions has swelled. The 2022 LexisNexis True Cost of Fraud Study has now calculated that for every $1 in fraud losses, it actually costs the business $3.75 due to an increase in fraud volume, new digital payment methods and the high cost of replacing and redistributing goods.

Facial biometrics render all of this unnecessary. Companies can eliminate substantial operational costs and save time and resources for their fraud teams simply by pairing a quick selfie with liveness detection. You can be sure with a high degree of certainty that the individual is who they say they are, and your team can stop wasting time analyzing transactions or unlocking accounts.

Related: Complete Guide to Understanding Facial Biometrics: Should You Be Scared?

5. It’s device agnostic

Finally, facial biometrics can be implemented without concern for customer devices because it’s device agnostic. As long as a device has a camera, it can perform the necessary functions for facial authentication. There’s no requirement for fingerprint scanners or microphones in loud, busy areas; these cameras are small, inexpensive and can be installed at any kiosk where such transactions occur. Furthermore, even cheap cameras can offer accurate facial recognition with modern algorithms. It also helps that almost everyone carries a high-quality camera in their pockets via their mobile device.

People use facial recognition to identify others every day. It’s been a strange century, where our move to digital rapidly outpaced the technology to keep using faces. However, we’re quickly moving past that limitation, and facial biometrics are a reliable gateway for businesses to verify their customers’ identities. It’s time to make the move, and companies that are able to implement facial authentication fully will reap the rewards.

[ad_2]

Clayton Roth

Source link

November 28, 2022
REDi Launches Fraudforum.org

[ad_1]

Online community for the exchange of information between fraud mitigation specialists at community banks and credit unions

Press Release
–

Oct 4, 2022

BIRMINGHAM, Ala., October 4, 2022 (Newswire.com)
–
REDi announced the general availability of fraudforum.org today. The site is an exclusive forum for community bank and credit union professionals engaged in card fraud detection and mitigation.

The private forum provides a secure environment for financial crime professionals to ask questions, get answers, and share information on topics such as vendor selection, fraud trends, and emerging threats, with the goal of reducing risk across their portfolios.

“Fraud Forum started as an email group where a few of us would exchange ideas and information on the topic of card fraud,” said Fraud Forum founding member and Director of Card Payments at Alabama ONE Credit Union Jackie Davidson. “It came up in a discussion with the team at REDi and they offered to support the initiative by creating the site and opening it to professionals nationwide.”

“REDi helped launch the site in late 2021 with a small group of test users to validate the concept and assess the value of providing a platform for collaboration,” said VP of Business Development, Aaron Blevins. “Given the positive results, we are ready to offer what we believe is an invaluable resource to help combat fraud in the banking and credit union community.”

Professionals interested in joining Fraud Forum can apply at www.fraudforum.org.

About REDI

REDi provides debit, credit, and prepaid card fraud prevention software solutions that enable automation for key functions and reduce operating risk for more than 100 financial institutions across the United States.

About Alabama ONE

Alabama ONE Credit Union, based in Tuscaloosa, Alabama, was chartered in 1951 as the TRW Federal Credit Union. Today, Alabama ONE is a $980+ million-dollar, full-service financial institution currently with 18 branches serving more than 75,000 Members throughout Tuscaloosa, Montgomery, Mobile, Jefferson and 18 other counties, as well as the employees, trustees, retirees, family members and members of the 23 Alabama rural electric cooperatives. Alabama ONE is now a statewide franchise reaching 57 of the 67 counties in Alabama. Alabama ONE provides a unique offering of consumer and business-related products, as well as wealth management and an in-house insurance agency. Alabama ONE is dedicated to giving Members the resources they need to build the strong financial future they deserve.

Source: REDi

[ad_2]

Source link

October 4, 2022