Monday, July 23, 2018

Bank details for sale on Google: Hackers are offering full ID including your phone number and PIN for £4....
Symbolic photo with topic online crime, data theft and piracy (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)Fraudsters are selling credit card and bank details were stolen from British consumers on hundreds of open forums accessed through Google searches.
The internet giant stands accused of fuelling the ‘prolific’ trade in private financial information.
Marketing themselves with online adverts, hackers around the globe offer stolen ID details for as little as £4, with discounts for bulk buyers.
To lure punters, the criminals openly publish online thousands of ‘freebies’ giving information about select UK-based victims.


A hacker shares his secrets to help you stay safe: We all have computers and laptops, but are we doing all we can to stop our personal information from being stolen online? We spoke to a professional ethical hacker who gives us his top tips to make sure you don't fall victim to theft. A financial hacker reveals the simple mistakes we make online  A financial hacker reveals the simple mistakes we make online (Provided by: Lovemoney)
How they grab your information 
Hackers use a myriad of methods to steal personal details, which are then sold on across the globe.
One of the most common techniques to steal information is ‘phishing’ – fooling someone into handing over their credentials.
Because people often use the same password for several sites, criminals can reuse them to break into internet banking and email accounts.
Another technique, known as ‘watering hole attacks’, involves planting a virus on a website which can grab sensitive information from every visitor’s computer.
The details are passed to the sellers who advertise it online.
a screenshot of a cell phone: Criminal trade: Hacker advertises UK bank details on Google Groups© Provided by Associated Newspapers Limited Criminal trade: Hacker advertises UK bank details on Google Groups
This can include their full names, dates of birth, bank, credit card and National Insurance numbers, email addresses and passwords, bank security questions and answers, and mother’s maiden names.
The Daily Mail tracked down several of the British victims, who described their ‘hell’ at being constantly targeted by fraudsters after having their private personal information plastered across the internet.
Many have had their credit ratings ruined after crooks emptied their accounts and repeatedly applied for credit cards, loans, store cards and mobile phone contracts in their name.
Other horrified victims were not aware that their details were being openly peddled until contacted by the Mail.
They pleaded with Google to take action to help stop the trade in their information.
Cybersecurity experts warned that our identities are now being bought and sold on a ‘monstrous’ scale – and claimed the ‘utter lack of responsibility’ by internet giants has enabled the illicit trade to flourish.
A Mail investigation also found that:
Cyber security experts have for years found stolen personal data traded on the ‘dark web’, a network of hidden websites where traders can remain anonymous. But bank details are now widely available with a Google search, using a few slang terms known to criminals. Each search produces a list of scores of online forums, with a terrifying array of hackers eager to sell stolen bank details in an enterprise known as ‘carding’.
Some tout for business on Google-run groups set up by the internet giant, supposedly for people to ‘create and participate in online forums’ with a ‘rich experience for community conversations’.
Personal information is displayed on apparently innocuous sites hijacked by hackers, including Windsor Football Club, Runner’s World and a forum for parents of children with Tourette’s syndrome.
There is no suggestion that any of these sites knew they were being used by criminals.
Using the open web is more risky for criminals but it offers a global audience which dwarfs the dark web.
Cybersecurity expert Emily Wilson, from Terbium Labs, said fraudsters were ‘brazenly’ exploiting the lax enforcement by internet giants to trade stolen identity information. She said: ‘The platforms continue to demonstrate an utter lack of responsibility for how their systems get used.’
After being contacted by the Mail, Google and Facebook removed some of the pages selling hacked bank details highlighted by our investigation and YouTube deleted more than 50 videos and channels. But a simple search revealed scores of other sites remained on all three platforms last night.

Advertisement
A Facebook spokesman said: ‘We do not allow people to promote fraudulent activity on Facebook. We have removed the page brought to our attention by the Daily Mail and are conducting a wider investigation into the matter.
‘This has already resulted in the removal of several similar groups and accounts. We urge people to use our reporting tools to flag content they suspect may be illegal or violate our standards so that we can take swift action.’
A Google spokesman said: ‘When we receive reports of pages that distribute personal data to facilitate identity theft or fraud, we remove these from search – full stop.’
It said any fraudulent apps found on the Google Play store would be removed, and anyone can request the removal of pages from Google Search, which will then be assessed based on company policies. 
Why me? It was just like being stalked 
Rosemarie Sergeant demanded Google take action to end her ‘two-year hell’, which began when fraudsters posted all her bank and personal details online.
The nurse, who is currently on a career break as she raises her four children, said she felt like she was being ‘stalked’ and has been reduced to tears after repeatedly being targeted by scammers.
Her details come up on the top-ranked page after a Google search using the most common slang term used by the fraudsters. Masquerading as an innocent forum about poker, it is actually used by criminals to tout stolen details.
a man in a red shirt: Reduced to tears: Mrs Sergeant says that Google owes her an apology© Provided by Associated Newspapers Limited Reduced to tears: Mrs Sergeant says that Google owes her an apology
The site publicly displays Mrs Sergeant’s full name, date of birth, address, phone number, mother’s maiden name, credit card number, expiration date, security number, bank account number and sort code. Criminals have used the details to arrange loans worth up to £10,000, set up multiple bank cards, direct debits and fashion catalogue accounts.
But when she applied for a new account it was rejected because the fraud has destroyed her credit rating. She has also had money wired from her account all over the world from places she has never visited.
Mrs Sergeant, from Swindon, said: ‘It’s terrible. It is like being stalked. I have had occasions when I have burst into tears over this. I have thought, “why me? why are they targeting me. I did not do anything”.
‘The whole thing has left me feeling hopeless. I don’t know how and why these people are targeting me.’
She said Google owed her an apology for allowing websites displaying her details to come up top on searches.
‘They must have a programme that can identify when someone puts this online and automatically blocks it from search results. I mean, who voluntarily puts their bank details online?’
Her complaints to the police have fallen on deaf ears because they told her that each fraud is not significant enough to investigate. She first started spotting fraudulent behaviour involving her personal information in late 2016 and since then it has never stopped.
‘I’ve changed my passwords, my email address, but it does not seem to make any difference,’ she said. Three bank cards were also recently delivered to her address bearing her name for various banks.
‘I assume they are trying to get access to my details again,’ she explained.
Recently two catalogue accounts from fashion retailers were opened in her name. She added: ‘Amigo also wrote to me about a loan I had supposedly applied for totalling £1,500 but said it could go up to £10,000 if I needed.’
Mrs Sergeant said she has to keep a track of her account to spot fraud. ‘When you keep getting letters through your door saying you owe this amount when you don’t it is worrying and then you have the hassle of ringing up and getting it cancelled,’ she said. ‘This is a serious issue. It needs to be dealt with.’
So far, her losses have always been refunded as she has managed to alert the bank or it has been stopped. But she said: ‘It’s a total nightmare. It never stops. I cannot believe that Google, with their billions of pounds, could not introduce software to stop this if they wanted to.’
An Amigo spokesman said: ‘No loan was approved or paid out in Ms Sergeant’s case as our fraud checks worked. We go above and beyond and are effective in our efforts to eliminate fraud.’
They targeted me 17 times in a month with bogus loans 
Jennifer Holloway was shocked after being told by the Mail that her information was being shared on a Facebook fraudster’s page.
She says she has no idea how her bank details, email address, date of birth, mother’s maiden name, national insurance number, and password got leaked onto the site which sells stolen bank information.
The 32-year-old, from Leeds, said: ‘That is what is terrifying.
‘It has also completely taken me by surprise because I thought Facebook had put measures in place to stop that happening.’
But it explained why she has been targeted numerous times by scammers trying to gain credit using her details. Last November she was targeted 17 separate times for bogus credit card or loan applications, each with a different company. The customer service team manager keeps a file full of correspondence from the companies, the police and fraud investigators.
a close up of a piece of paper: Shocked: Miss Holloway was unaware her details were online until the Mail told her© Provided by Associated Newspapers Limited Shocked: Miss Holloway was unaware her details were online until the Mail told her
She has contacted Action Fraud and the police, but is dissatisfied with their response.
‘Action Fraud is not there to help out the Ordinary Joe,’ she said. ‘Once you have given over your details you never hear from them again. You get no feedback and see no justice.It’s all been a bit of a nightmare.
‘What makes me cross is that I work hard to protect our identity and I always check ID, only pay using a secure lock or on PayPal and no longer use contactless.’
Meanwhile, a businessman told of his frustrations after a hacker calling himself ‘jabber’ touted his details on a Google forum.
The 31-year-old only found out his Natwest bank details, address and date of birth had been stolen two years ago when a ‘Redirect Your Mail’ card from the Royal Mail was posted through his letter box.
The hacking victim, who did not wish to be named, said: ‘I cancelled that and then the next thing 12 or 14 letters arrived in my name applying for loans.
‘It was scary and I felt vulnerable. I contacted the bank and then called the police.’
The businessman said: ‘I’m angry at the hackers but I’m also frustrated with Google for not doing more to stamp out this trade. They should be keeping their house in order but what can I do about it?’
I felt naked and violated - Google needs to take responsibility for this  
A company director said he felt ‘naked and violated’ when he found out his details were for sale on Google.
His credit card number, address, phone number and mother’s maiden name were all on the site.
The 53-year-old from Staffordshire, who asked to be identified as Andy, only found out when contacted by the Daily Mail.
‘I couldn’t believe it,’ he said. ‘I felt worried, I felt violated – naked, that everything about me was there for anyone to see.’ He said he then spent hours trying to find a way to contact Google to get them to take the site down but couldn’t. Andy has also contacted Crimestoppers but says he has heard nothing back. In the meantime, he has cancelled his card and changed his passwords.
Google logo (Photo by Murat Kaynak/Anadolu Agency/Getty Images)© Getty Google logo (Photo by Murat Kaynak/Anadolu Agency/Getty Images)
‘Google needs to take responsibility for this. I am quite savvy and could not find any way to report this,’ he said.
Andy feels he may have unwittingly given away his details to criminals after falling victim to a phishing email, where a user is tricked into entering personal details. ‘I think it was an email which I thought was from Apple. They said they were taking some money out of my account, and I had to take action to stop it. It looked very realistic.’
In yet another troubling case, a 45-year-old academic called Michelle first discovered her details had been stolen when she noticed someone had tried to set up a standing order from her current account for a gym membership two years ago. Since then fraudsters have tried dozens of times to take out credit in her name.
Her Worcester address, work email address and its password were posted on a site easily found via a Google search. Her mobile phone number and mother’s maiden name were also published, as well as her bank account number, sort code and credit card number with its expiry date and even the security number on the back. Michelle, 45, an academic who works at the University of Birmingham, said: ‘I don’t know how they got hold of my details. It’s terrifying really.’
Have you had your details stolen? Email: investigations@dailymail.co.uk


https://www.msn.com/en-gb/money/technology/bank-details-for-sale-on-google-hackers-are-offering-full-id-including-your-phone-number-and-pin-for-£4/ar-BBKYg2f?ocid=spartandhp

No comments:

Post a Comment