Pages:
Author

Topic: Heads-Up: Bank Fraud Alert - page 2. (Read 7887 times)

sr. member
Activity: 350
Merit: 250
April 14, 2012, 08:21:04 PM
#27
Dwolla now offers an instant loan service for up to $500. Don't even need to rob people's bank accounts, just make a new account using their stolen information you bought for $10 on a crime forum and apply for credit. Spend $500 to get bitcoins and they won't know for a month anything is wrong.

Ohh ... I didn't even think of that, ya -- that's going to leave a mark.

It could actually go more than a month.   Dwolla doesn't do an ACH just because you didn't pay at the end of the month.  They just assess a fee.  It proably could go a couple months or more before they send collections to look into it.

Yeah I read they just debit your account the interest, then if nothing happens take forever to collect.
Their Dwolla "instant" system in Iowa which allows you instant funding to your dwolla account (no waiting 2-3 days) seems to enable fraudsters in whole new ways as well. Can't trust any online banking it can always be used for evil
sr. member
Activity: 350
Merit: 250
April 14, 2012, 08:17:31 PM
#26
I would be happy if someone will pay me back the cash bills I lost when I got drunk last night.

The identity verification is only invasion in anonymity on legitimate users, this will not stop fraud. Checked on MtGox and Paxum - they both accept photoshoped files. The bank transactions also should be made irreversible. This will protect exchanges and merchants. The losers who are unable to protect their data and computers will lose their money sooner or later anyway.

I 100% agree

So far the trust system used here and at #bitcoin-otc has almost eliminated all fraud.
The new bitcoin market MPEX is also based on this system. IDs, 2 factor auth, IP tracing is all meaningless in 2012 seems GPG auth is almost invincible as the people that use it typically don't use Windows exploitable OS, don't click on obvious side channel attacks in their email box, know what they are doing and all around a good system so far.

legendary
Activity: 1512
Merit: 1049
Death to enemies!
April 14, 2012, 07:40:58 PM
#25
I would be happy if someone will pay me back the cash bills I lost when I got drunk last night.

The identity verification is only invasion in anonymity on legitimate users, this will not stop fraud. Checked on MtGox and Paxum - they both accept photoshoped files. The bank transactions also should be made irreversible. This will protect exchanges and merchants. The losers who are unable to protect their data and computers will lose their money sooner or later anyway.
legendary
Activity: 2506
Merit: 1010
April 14, 2012, 12:32:57 AM
#24
Dwolla now offers an instant loan service for up to $500. Don't even need to rob people's bank accounts, just make a new account using their stolen information you bought for $10 on a crime forum and apply for credit. Spend $500 to get bitcoins and they won't know for a month anything is wrong.

Ohh ... I didn't even think of that, ya -- that's going to leave a mark.

It could actually go more than a month.   Dwolla doesn't do an ACH just because you didn't pay at the end of the month.  They just assess a fee.  It proably could go a couple months or more before they send collections to look into it.
sr. member
Activity: 574
Merit: 250
April 14, 2012, 12:01:00 AM
#23
That's an awful lot of Nigerian Princes and Romanian Hot Chicks answering the Dwolla security verification process with "Yes, this is Peggy..."
sr. member
Activity: 350
Merit: 250
April 13, 2012, 10:58:42 PM
#22
Correction, a couple of months ago
http://nakedsecurity.sophos.com/2012/02/14/cryptome-org-hacked-into-serving-up-blackhole-exploit-kit/

They claim 2,863 visitors at risk, probably a lot more. Usually the kit is used for side channel targeted attacks not an open net catching everybody

Dwolla now offers an instant loan service for up to $500. Don't even need to rob people's bank accounts, just make a new account using their stolen information you bought for $10 on a crime forum and apply for credit. Spend $500 to get bitcoins and they won't know for a month anything is wrong.


hero member
Activity: 770
Merit: 500
You're fat, because you dont have any pics on FB
April 13, 2012, 10:57:03 PM
#21
I still dont get why writing somewhere not for auctions works ?

I made the same mistake when I first read that.   Written a different way:
"Even a cash deposit to your bank account could be later reversed by the bank if it is determined the depositor was defrauded.  The bank can help prevent this from occurring by making the depositor write 'Not for auctions' on the deposit receipt."

This way if the person tells the cops they got scammed, too bad -- the receipt shows they were warned and should have known better.


ok???  Huh
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
April 13, 2012, 10:44:01 PM
#20
Cryptome.org was hosting black hole exploit kit for 4 days a couple weeks ago before anybody figured it out. Who knows how many thousands of people were backdoored

Interesting
more details?
sr. member
Activity: 350
Merit: 250
April 13, 2012, 10:33:48 PM
#19
Cryptome.org was hosting black hole exploit kit for 4 days a couple weeks ago before anybody figured it out. Who knows how many thousands of people were backdoored
legendary
Activity: 2506
Merit: 1010
April 13, 2012, 10:11:44 PM
#17
I still dont get why writing somewhere not for auctions works ?

I made the same mistake when I first read that.   Written a different way:
"Even a cash deposit to your bank account could be later reversed by the bank if it is determined the depositor was defrauded.  The bank can help prevent this from occurring by making the depositor write 'Not for auctions' on the deposit receipt."

This way if the person tells the cops they got scammed, too bad -- the receipt shows they were warned and should have known better.
hero member
Activity: 770
Merit: 500
You're fat, because you dont have any pics on FB
April 13, 2012, 10:00:16 PM
#16
I still dont get why writing somewhere not for auctions works ?

Can you elaborate for retards like me ? Smiley
sr. member
Activity: 350
Merit: 250
April 13, 2012, 09:41:22 PM
#15
ike having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash.

How does that scam work?

Using phished ebay accounts. or stolen through black hole exploit kit or the other dozens of crime bots, (or just buy them by the hundreds for cheap on crime forums) make listings for crazy discount laptops or electronics and convince your mark to go to Bank of America or wherever the bitcoin exchanger has an account and make a deposit. Or make craigslist ads.

Then go make a buy order on the bitcoin site. They get cash, you run off with bitcoins.

People will go do it because the scammer is excellent at convincing them how much safer bank deposit is and how the laptop will be sold otherwise unless they go drop cash right now. When I worked @ ebay years ago every single day some variation of this scam fooled a buyer.  The bank reverses the charges because none of them respect digital currency exchanges and there will be a 60yr old guy screaming in the bank he was scammed with the cops beside him so they just refund and claw the funds back.

If the buyer has to write 'Not for auctions or craigslist' on the receipt they might think twice about what is going on. Either way the scammer will move on to somebody else's exchange not yours. Trustcash basically eliminates this too

This scam started after western union agents started preventing scams when buyers showed up to wire to Romania or somewhere. "Did you buy something on ebay? Yeah you're being scammed". Bank doesn't ask questions just takes the money.




legendary
Activity: 2506
Merit: 1010
April 13, 2012, 09:17:50 PM
#14
ike having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash.

How does that scam work?
sr. member
Activity: 350
Merit: 250
April 13, 2012, 09:12:47 PM
#13
Even a cash deposit can be frauded without taking certain measures, like having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash. If you just have a bare account taking anybody's deposits nothing to stop scammers on ebay with stolen accounts convincing people to go there and drop money thinking they are getting a cheap deal. Banks will unbelievably reverse the transaction later if the victim is loud and persistent enough. Happened to many a LR exchanger over the years

Canadian bitcoin company had ridiculous low EMT limits yet still ended up with their account seized from too many fraudulent transactions recently. Never underestimate the motivation of a scammer with access to the black hole exploit kit and a lot of time to set up accounts to do miniature frauds by the hundreds.
hero member
Activity: 868
Merit: 1008
April 13, 2012, 09:11:21 PM
#12
I wonder if this will be the last straw for Dwolla and they simply decide it's too risky to deal with bitcoin related accounts any longer (like paxum).
sr. member
Activity: 299
Merit: 250
April 13, 2012, 08:40:04 PM
#11
If you individually deal with someone, most probably a new member of this board, and sell them BTC for Dwolla you could get screwed as well.  While we already knew this, the message again is Dwolla is not cash and can be charged back.

LS,
     Not just Dwolla - One exchange that accepts Chase QuickPay also seems to be affected.

Keyur

legendary
Activity: 1386
Merit: 1004
April 13, 2012, 08:11:27 PM
#10
So as a heads up....

If you individually deal with someone, most probably a new member of this board, and sell them BTC for Dwolla you could get screwed as well.  While we already knew this, the message again is Dwolla is not cash and can be charged back.

It is unlikely (but possible) that a fraudster buying a physical item with Dwolla would do this because the physical address would be the address of the bank account holder, not the fraudster so the fraudster would get nothing.
member
Activity: 84
Merit: 10
April 13, 2012, 07:43:38 PM
#9
Hi everyone,
          A couple of days ago we noticed some suspicious transfers to CampBX, and reported those to our bank as well as Dwolla.  After talking to bank fraud investigators today, seems like there is a well orchestrated, large-scale bank fraud underway.  This includes very convincing fake passports and utility bills used to open bank accounts and Dwolla accounts, and transferring money to Bitcoin companies.  Bank customers who have been hacked are spread all over geographically: MA, CA, TN, NYC, and WI.

         The old-fashioned practice of processing bank+Dwolla transactions manually mostly saved CampBX: We have lost $2.6K and prevented a loss of $9.8K so far.  I don't have email IDs for newer exchanges so sending out this open heads-up on the forum.  I believe BitInstant does manual processing, so their damage may be limited, but exchanges like Mt.Gox that do automatic processing of Dwolla may be at higher risk.  (Unless the fraudsters are selling their coins on Mt.Gox - in that case they will make a nice profit).

Keyur


So, in talking to the bank investigator, did you get the impression that theft was the operation? I ask because it looks rather like a money laundering set up, and that's been a big feature of bitcoin for some time now, IMO it may possibly be what bitcoin is best used for.

I mostly observe the speculative side, and it seems to me that there has been a lot of ping-pong volume lately with price movement staying in a fairly narrow range. I'm unconvinced that the volume is related to any success bitcoin may be having as an above-ground payment system.
 
Money laundering is costly and lucrative. Back in the 1990s just about every life insurance company in the world was involved in laundering South American drug money via something called single premium life. To the point, customers were willing to surrender 50% or more of their premium spent on an SPL policy to the insurance company for the cleansing benefit they provided. Entities like Cayman Islands banks and such couldn't handle the volume of money involved, hence the involvement of the insurers.

So, this could be pretty significant in impact. Bitcoin stands on a three-legged stool, contraband trade, speculation, and money laundering. Pull out one of those legs and flows could change significantly.
legendary
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
April 13, 2012, 07:35:50 PM
#8
Just in last couple of hours we received several thousand dollars more from what seems like compromised accounts.  

Ok, Keyur is using "accounts", which is plural.

Someone stole the identity of a US citizen, opened up a bank account.

Use that account to verify Dwolla, (Since they have fake ID's and access to the account) and in small amounts used the exchanges to buy Bitcoin.

Once the account owner realized (Weeks later!) that funds were being taken account of their account, they call the bank and claim fraud.

Ok, Yankee is using "account", which is singular.

(Most of the compromised accounts were trusts, or lawyer accounts which are rarely checked...ironically)

Plural.

Oh ... so is Yankee bringing in stuff from last July into this conversation or is that referring to today's activity?

Stephen,

Unfortunately, we get 4-5 compromised accounts every month.

If it happend today, I would not be getting notification from Dwolla until Monday.

I changed my text to plural, not sure why you focused on my grammar rather then my text

It's a constant problem thats not going to end, unless we leave Dwolla, there is nothing we can do  Sad
Pages:
Jump to: