A new variety of identity theft scam was discovered in Grand Forks, N.D. involving bogus parking tickets. Computer hackers were able to develop a technique that allowed them to convince a number of shoppers that they had been issued actual parking tickets. These fake parking tickets were placed on the vehicle’s windshields and contained a message that indicated a parking violation had occurred. The motorists were then instructed to visit a website that would outline the details of the “violation” along with illustrating photos.
However, once the victim visited the website they were instructed to download a software toolbar that turned out to be a Trojan Horse virus designed to install a malware program. The malware program then indicated fake security flaws which suggested the installation of fake anti-virus software. In addition, malware can also take control of a computer, degrade an operating system and potentially report personal information back to its programmers.
Various pop-ups were also noted, once the malware installation took place. Since then, both the security file and the malware file download have been recorded by McAfee and other legitimate software companies.
This particular software attack is notable for its use of actual physical documentation in addition to its online threat. In this case, fake parking tickets had played a part in potential cyber-theft. Any instance of malware installation, that proves successful, can indicate another means of continued criminal online activity. This online activity can also include identity theft in cases where the fake violations are paid using one’s credit card or any bank-related information.
Those who perpetrate online identity scams are continually coming up with new ideas when it comes to committing fraud. However, the merging of virtual and physical worlds with objects that point to infected websites is a relatively unexplored realm, at this point. It can only be speculated how often we will see this approach repeated in the future.
In 2016, a 23-yer old Brooklyn resident was charged with using stolen credit cards to make payments for 53 New York City parking tickets. The payment amounts of the tickets totalled over $4,700 according to New York City’s Department of Investigation. The scammer told his victims that he could get parking ticket fines reduced for a payment of up to $780. Charges against the scammer included identity theft, intent to fraud and grand larceny.
Investigators say that the best way to avoid identity theft scams, involving parking tickets, is to pay the tickets immediately. Rather than going to a website which requires that you give credit card or banking information, visit the address located on the ticket. This way, verification can be made regarding the authenticity of the issued violation document. Trying to get the ticket reduced, without the services of an attorney, is unwise and in most cases illegal.
The use of fake parking tickets is not the only recent development in the world of cyber-theft, which uses real world items. In December, it was reported that hackers had stolen $9 million in a single day from RBS Worldpay. The coordinated attack occurred in 49 cities at ATMs located in Moscow, New York, Montreal, Hong Kong and Chicago. The money was acquired from stolen RBS customer worker’s salaries issued through their payroll card accounts.
RBS is a company that other businesses use to issue their salaries directly through payroll card accounts, as opposed to issuing company checks. Employees are issued debit cards which will allow them to withdraw salaries directly at local ATMs. In addition, RBS stated that the criminals may have also compromised 1.1 million customer Social Security numbers. It’s been speculated, that in many cases, cloned physical payroll cards were used at the ATMs.
An even larger identity theft scam was conducted over a period of time that involved Heartland Payment Systems. Heartland is known for servicing 175,000 merchants and processing 100 million transactions involving payment cards. Little information was revealed regarding the attack other than:
• There was a security breach at Heartland Payment Systems.
• They don’t know who the responsible parties are.
• Heartland wasn’t aware of the breach until they were informed by MasterCard and VISA of various fraudulent charges being made.
• Heartland believes that the security breach has been closed.
• Heartland Payment Systems believes that no Social Security numbers, phone numbers, addresses or PIN’s were involved in the security breach. So, there should be little risk of identity theft. This, of course is still to be determined.
• As of May of 2009, the breach had cost Heartland Payment Systems $12.6 million.