The recent indictment of a couple of Russian scammers provided an intriguing but troubling glimpse into the global network of criminal enterprises that have emerged to serve the growing global industry of identity theft.
It's long been known that stealing identities is pretty easy. But as banks and other businesses add new layers of security to defeat thieves, exploiting these stolen identities and turning them into cash has become more challenging.
That and other challenges have spawned an entire criminal industry focused not on identity theft and cybercrime, but providing support networks and services to these criminals.
For example, identity thieves often succeed because of the anonymity of the internet and never having to come into contact with the banks they're trying to heist. So, many banks have introduced rules that require bank employees to actually speak to any customers who want to conduct certain transactions like authorizing the electronic transfer of large sums of money to other accounts.
Seeing an opportunity to solve a problem and serve a "customer" need, in 2007 a couple of Russian entrepreneurs set up a business offering to "rent" real voices to identity thieves in need of convincing callers who could speak to a bank employee, provide their personal (stolen information) and authorize the transaction.
According to a story in the Huffington Post, this is generally how it worked:
- The thieves would agree a fee with the criminal call service, called, believe it or not, CallService, and provide the stolen information to the callers along with specific instructions about what they wanted to do with the targeted account.
- The callers, usually speaking in perfect English, German and whatever other language was required, would then call the target bank posing as the victim, provide the necessary personal and identification information, and once they had been cleared by the bank employee, they would then follow the instructions provided by the thieves. And that could be anything from changing the password or the victim's mailing address, to requesting the bank to transfer money from the victim's account to an account controlled by the thieves.
According to the thieves own website, they had made more than 5,000 of these calls by the time they were arrested.
So what's next? Maybe banks will require that certain high risk transactions can only be completed after a personal visit to the bank by the customer. If that’s the case, I wonder what my clone will look like.