New York – The latest technological wrinkle – a card that lets the user change the number that appears on caller ID – helped a sophisticated band of thieves rip off more than 6,000 unsuspecting credit card holders of more than $15 million, authorities said Thursday.
Subscribe to our Daily Roundup Email
The credit card and identity theft scam started in Queens and includes 35 suspects, including 32 Nigerian nationals, most of whom live in the city, according to Police Commissioner Ray Kelly and Queens District Attorney Richard Brown.
The scam, though, is anything but local.
Some of the victims live in Canada, and many of the stolen credit cards were sold overseas, in Japan, Dubai, Italy, India and several other countries, authorities said.
The suspects have been charged with enterprise corruption and a number of other offenses, including criminal possession of stolen property and of a forged instrument, grand larceny and conspiracy. They face up to 25 years in jail if convicted.
Key to pulling off the scam, authorities say, is the spoof card, which Brown calls “the equivalent to a burglar having the key to your house or apartment.”
These cards, which can be found on the Internet, allow the owner to display any telephone number when placing a call.
As a result, those with caller ID don’t know the true identity of the caller, and the suspects were able to activate stolen credit cards by pretending they were calling from the victim’s home telephone.
“When you call a bank call center, if they can see what phone number you’re calling from, if it looks like they’re calling from the victim’s home phone number, it obviously puts the customer service representative at ease,” said Deputy Insp. Gregory Antonsen, head of the New York Police Department’s Identity Theft Task Force. “It allows for an [exchange], and oftentimes, the person could elicit information from the customer service representative that is more detailed than they normally give out.”
But even with the arrests, authorities admit they still don’t know a key piece of the puzzle: How did the suspects manage to have the credit cards mailed to them and not to the legitimate customers?
Once they had the cards, Kelly said, the thieves “squeezed every dime” from them, obtaining extra cards for relatives and even making minimum payments in an effort to increase the line of credit.
Brown said it was not clear if spoof cards are illegal, but that his office is working to determine that and to see if they can be regulated.
this is nothing new. this technology has been around for years. the 2 biggest sites 123spoof.com and spoofcard.com are owned by yidden in lakewood. 123 works from israel as well. but these scammers have this technology as it is easy to find online. spoofing for now is 100% legal but it will probably be made illegal soon.
Deputy Insp. Gregory Antonsen of the NYPD needs a refresher class in telephone technology.
While standard “caller ID” can be spoofed (see below), that only works when calling a, for want of a better term, “regular” recipient. When you call a 1-800 number, which is what you’d use for reaching your bank’s or credit card’s service center, they get your phone number via “Automatic Number Identification” (aka ANI).
ANI is what the internal phone network uses for its own routing and billing purposes, so it’s just about impossible for anyone to send a fake number to a business using it. In other words, you can call up your sister in law and play games with the displayed number, but if you call Chase Manhattan’s 800 number they’re going to get you.
Oh, same for trying to “block” your number by punching/dialing *67. It’ll hide you from your sister in law, but not from Chase.
Now as to the deal with spoofing… In regular phone lines, like from your home, the caller ID string is inserted by your local phone company office, and is transmitted along with the phone call. HOWEVER, in a large business with (loosely speaking) a large number of high capacity phone connections, it’s that company’s equipment that sends out the caller id. And yes, they can play games with it.
This has a legit purpose. For example, the local hospital may set up their system so that all calls from it, whether from billing or the 4th floor nurse’s station, or from the pharmacy… will all show up as the main hospital number. However, it can also be used for evil… For example, a bill collector might similarly send out the hospital’s number figuring you’ll answer…
But again, this will NOT WORK when calling the “800” number for your bank.
Dannyb is wrong. Most or all phone systems with a PRIcan send out any caller I’d that is programmed by the trunk or extension. You can even fool the bank. Nafka mina ledina is that you might not be able to be matir an aguna in the world trade center by caller I’d since it is possible to send the caller I’d via any or most pbxs with a pri?
Dannyb is wrong. Most or all phone systems with a PRIcan send out any caller I’d that is programmed by the trunk or extension. You can even fool the bank. Nafka mina ledina is that you might not be able to be matir an aguna in the world trade center by caller I’d since it is possible to send the caller I’d via any or most pbxs with a pri?
“Authorities admit they still don’t know a key piece of the puzzle: How did the suspects manage to have the credit cards mailed to them and not to the legitimate customers?”
So you say these were actually legitimate cards requested by real clients that the scammers somehow managed to divert to their own mailbox? Wow! THIS is the real chidush here, not the ID spoofing.
I agree with commenter #1 - you can’t fool a bank with a spoof card. you can’t even fool your own phone. on most ppl mobiles if you dial your own number it will take you straight to voicemail w/out password verification . try calling a mobile tel number and spoof it with the identical number- it will not take you to voicemail rather it’ll ring.
the technology isn’t that amazing- it’ll fool your friend & family but you can’t fool not much else. my company’s phone system allows us to spoof for over 6 yrs already.
does this mean that someone can call a cell phone and the caller id on the cell phone will show up as a fake #? how about texting, can this be used to send someone a fake text as well???
Mr choen. Time to move to find a REAl legal buiss. venture
why can’t people argue without resorting to calling the counter-debater names?
i’d say because they are insecure in themselves and in their argument and need extra ammunition to “win” the other guy, by trying to belittle HIM vs the logic of the argument.
Last time I spoke to my bank, eventhiugh they had my number on their caller ID, I was told to hang up the phone and they called me back on that same number which they had on file.
If you call your cell number from skype (if you setup skype to use your cell # for caller ID) you will get messages from that cell without a password (unless you set it up to ask for password when calling from your phone) In order to get the victim’s number on your skype caller ID you have to be know a code they text to that number (can be done if you borrow that phone from your boss/in law/co-worker just to receive that text and erase.
(on second thought i should probally complain to my provider about this breach of privacy)
Mr Coen,
Sooner or later spoofs will be illegal . Trust us!
thanks guys- one thing we can all agree on is that our banks & telecom service providors have failed us miserably as far as privacy goes- like I mentioned in earlier post this technology has been avail to me for years as a laymen- it came with the phone system I bought. although spoofcards came to market in last few years- a criminal who understood phone systems couldv’e done this for years- and none of our banks or service providors did a thing to prevent. class action lawsuit?
“Officially” ANI can not be spoofed but it has been in the past. I think any legit bank should be checking the ANI against the CID especially if the caller is a home user. There is no reason why a home users ANI and CID should be different.