As cybercrime increases, consumers need to be more careful with personal data.
The phrase “dark web” may conjure up images of some mystical, mythical place in the cyberworld.
But the dark web is very real, says Detective Jeffrey Cohen, of the Sumter County Sheriff’s Office criminal investigations division. It’s an online location, requiring special browsers to reach, where criminals sell credit card, bank account, and Social Security numbers, logins and passwords, mothers’ maiden names, dates of birth, driver’s licenses—everything a cybercriminal needs to destroy someone’s financial life.
Once criminals obtain the information they need, they can go through credit bureau files and bank and investment accounts, change your phone numbers and email addresses, clean out credit cards and create new accounts, and get personal loans in your name. These actions might slip past the victim for months depending on how closely they monitor their finances.
“After knowing the process, it’s really not hard to duplicate somebody’s financial credit cards,” Cohen says.
In the ever-changing electronic era, it’s difficult, if not impossible, to maintain privacy for personal data. People not only need to keep their personal information safe online, but with new phone and household technology, almost everything we do is tracked by one company or another.
“Whenever there’s new, legitimate technology, criminals find a way to use it to their advantage,” Cohen says.
The result is more opportunities for fraud, identity theft, credit card theft, and the theft of any other information that is stored electronically. In just the first half of 2018, for example, 945 data breaches exposed 4.5 billion records worldwide, according to Gemalto, a digital security company. Under Armour, Orbitz, Panera Bread, Macy’s, and Sears, among others, reported data breaches.
ID fraud in the United States hit an all-time high in 2017, victimizing 16.7 million consumers, and fraud losses totaled nearly $17 billion, says Javelin Strategy & Research, an advisory firm based in California.
Criminals can strike on a global scale or right at your desk. Anyone who works in an office environment has probably required the services of the “IT guy” at one time or another. Occasionally, a computer technician may ask an employee to type in a password that allows him to work on the computer remotely.
But what if someone had this same remote access to your computer at home? An ongoing trend in cybercrime is the use of a software program that enables a criminal to have constant remote access to someone’s computer without the need for a user name or password.
Detective Cohen says the software program is unknowingly downloaded when a victim purchases antivirus software from a disreputable website. Then the criminals can access the victim’s financial accounts.
They call the victim and say, “We overcharged you for the software, we’re sending you a refund.” Then they move $1,000 or some other amount from one of the victim’s accounts to another, usually a checking account. They call the victim again and say, “We put too much money into your account, hurry up and send us $1,000 to correct it.” The victim sees that there is $1,000 too much in their account, and they mail cash to the unknown criminals, never realizing it was their own money that was moved into the account.
“I would urge people to be very conscientious of what you’re downloading onto your computer, and make sure you’re getting your antivirus software from a trustworthy source,” Cohen says. “If you’re not sure, it’s best to ask a professional.”
Identity theft is prevalent everywhere, Cohen says. ID information can be compromised in a variety of ways, including gas pump skimmers, the theft and duplication of personal checks, or stolen credit cards. But a lot of personal information is simply “out there” on the internet, and criminals using phone scams can cover their tracks by creating internet-based phone numbers that may appear to be in Florida but actually could be anywhere in the country.
“A lot of times, it’s not as easy to discover how their identity was compromised in the first place, so we try to figure out where the crimes occurred and try to track it that way,” Cohen says.
That’s why it’s important for people to closely monitor their financial accounts because if they don’t know there’s been illegal activity, then they don’t know to cancel their card and they may not realize it for months. By then, their information could be sold on the dark web and criminals could run up an exorbitant bill, Cohen says.
Older people are considered top targets for cybercrime—presumably, they have more money and better credit scores than many younger people—but Cohen says that’s not necessarily true.
“Everybody has an equal opportunity to be a victim,” he says. “These scams know no boundaries for income level, race, religion, education level—nothing.”
However, both Sumter and Lake counties have generally older populations, including The Villages retirement community.
“A couple reasons why I think Villagers are targeted is they typically have more financial resources that suspects can go after, and they’re a very trusting generation,” Cohen says. “They come from a generation where your handshake or your word was your bond and that’s all you needed.”
The sheriff’s offices in Sumter and Lake educate the public and businesses about cybercrime by distributing pamphlets and crime prevention packets, providing speakers at community events, and posting alerts on social media.
For example, in November 2018, the Lake County Sheriff’s Office reported security breaches in the U.S. Postal Service’s informed delivery/visibility service, which allows customers to receive messages with images of all of their mail on the day of delivery. Hackers were obtaining this information and intercepting mail at the delivery point.
A month earlier, LCSO Lt. Michael Marden reported that a family-owned hotel was left on the hook for a refund after it was scammed in an elaborate credit card ruse. In this type of scam, a “customer” using a fake name and invalid email address and phone number charges a reservation to a stolen credit card. Later, the “customer” cancels the reservation and requests that the refund go to a different credit card because the original was lost or stolen and the account has been closed. The business agrees and issues the refund to a different card.
Days later, the business receives a charge-back and fraud complaint from the original credit card company disputing the charge. The company informs the business that the charge was made by a fraudulent third party. The business’ attempt to charge the second credit card to recoup its money is rejected because the second card is a prepaid card linked to a European bank with no traceable user information. The charge-back stands and the business is out the money for the refund it provided.
As technology changes and scams evolve, Cohen acknowledges that law enforcement may have to play catch-up when a new trick of the trade emerges for criminals. But agencies bridge the gap through networking and sharing information.
For example, the SCSO recently worked with federal agencies on an investigation of a national syndicate ring that used stolen credit cards at gas stations to fill diesel fuel into illegal fuel bladders in their vehicles, and then sold the fuel to private trucking companies. The syndicate was raking in millions of dollars a day around the country, Cohen says.
He also recently encountered a case where a credit card reader inside the store of a gas station was illegally altered. A skimmer plate that looked just like the real face of the reader had been placed on top. Usually, one guy distracts the store clerk while another guy pops the fake plate onto the machine. When customers swipe their cards, the transaction goes through normally, but their information is stored in the skimmer, which criminals pick up later.
“They’re very skilled,” Cohen says. “These criminals practice. It’s not just everyday local criminals. That’s their full-time job. They know what they’re doing.”
The detective then adds one piece of bottom-line advice:
“Don’t be scared of technology, just be cautious with it.”
10 ways to avoid cybercrime
- Freeze: A free security freeze on your accounts with the three credit reporting agencies (Experian, Equifax, and TransUnion) restricts access to your credit report and helps prevent thieves from opening new accounts in your name.
- Alerts: Set alerts to get messages whenever there is activity on your financial accounts and check the accounts weekly.
- Monitor: An identity theft monitoring service can keep an eye on credit reports, public records, and some websites. You also can check your credit reports once a year at no charge.
- Passwords: A password manager is a digital service that stores all your passwords in a secure online “vault,” creates hard-to-hack passwords, and notifies you if there’s a breach at a company with which you do business.
- Anti-social: Be careful with information you place on social media sites and set privacy settings to restrict who is able to see your information. Cybercriminals can glean information that may help them answer your personal security questions.
- Stay current: Keep antivirus software up to date and use anti-malware software.
- Look for the lock: Before entering financial information online, be sure the web address includes “https” and has a padlock icon next to it to indicate that the site is secure.
- Check the pump: To avoid card skimming at gas stations, use a fuel pump where the security strip seal is in place on the face of the pump, showing it has not been opened up.
- Jiggle it: Before swiping a credit card at a counter, make sure the face plate of the machine isn’t loose; that could indicate it’s a skimmer plate placed on top of the actual face.
- Pick a card: If you shop online, make sure you’re using legitimate websites and consider using a credit card rather than a debit card—challenging credit card transactions are much easier than challenging debit transactions.
Sources: Sumter County Sheriff’s Office, Lake County Sheriff’s Office, AARP
If you’re a victim of cybercrime
Contact your bank and other credit card issuers and close any account that was used fraudulently.
Contact all three major credit reporting bureaus and have a “fraud alert” placed on your file: Equifax, 800.525.6285; TransUnion, 800.680.7289; Experian, 888.397.3742.
Contact all creditors that provided credit or opened new accounts for the suspect.
File a complaint report with the Federal Trade Commission at ftc.gov or call 877-IDTHEFT.
File a report with the appropriate law enforcement agency if you want to prosecute the criminals and are willing to testify in court.