IdentityForce Logo IdentityForce Logo
Protect What Matters Most.
Romanian Hacker
Posted on March 27, 2019 by in Identity & Privacy, Personal, Scam Alerts

You’ve likely seen the news about the latest major data breaches and security incidents, but individual stories of identity theft and cybercrime rarely get the same coverage. Our Real Identity Theft blog series is committed to sharing these stories of fraud to show the impact it can have on those affected. This week’s recap focuses on how a trio of Romanian hackers infiltrated U.S. computer servers to run “vishing” and “smishing” scams on tens of thousands of American citizens.

Chances are that by now you’ve heard of phishing scams. Well vishing is short for “voice-phishing,” in which fraudsters use automated or live telephone calls pretending to be a reputable source to trick people into divulging personal or financial information. Smishing, on the other hand, is a combination of “SMS” and “phishing” where text messages are used to lure consumers into sharing passwords and other personal details.

About the Identity Thieves

In October 2011, Robert Codrut Dumitrescu (41), Teodor Laurentiu Costea (42), and Cosmin Draghici (29), all Romanian citizens based in the city of Ploiesti, began their scheme. The trio remotely compromised vulnerable computer servers in the U.S., installing automated software to deploy bulk vishing and smishing messages to capture victims’ Personally Identifiable Information (PII), including Social Security numbers and bank account information.

How the Scams Worked

In the vishing scam, account holders who answered the call were prompted with a voice recording that claimed to be from their bank. The software prompted the victim to enter their PII to move forward through the message.

The smishing scam would blast out text messages also pretending to be from a bank. The message would instruct victims to call a telephone number that the hackers hosted on a compromised Voice Over Internet Protocol (VOIP) server. Once the person called the number, interactive voice response software gave instructions to enter their PII.

Those who fell for the scams had their information captured and stored on the compromised servers, where the hackers would either use it themselves or sell it for profit on the Dark Web. Once your sensitive information is published on the Dark Web it lives on with no expiration date, and your data can be used to enact any number of identity crimes, including new finance account openings, tax fraud, and medical identity theft.

Bringing the Fraudsters to Justice

This elaborate cyber scheme was executed for more than two years, until an FBI investigation was able to trace a trail back to Romania and ultimately, the trio responsible. The three men were extradited to the U.S. on 31 counts of federal charges, including wire fraud, computer fraud and abuse, and aggravated identity theft.

At the time of their arrest, they were in possession of nearly 43,000 financial account numbers — worth an estimated $21 million in losses. Sentencing will be handed down to all three perpetrators in the summer of 2019.

Be Vigilant About Vishing

Tax season is often called “breach season” because of the volume of fraud schemes this time of year, and voice phishing scams are at an all-time high. The Federal Trade Commission (FTC) has reported a 20x spike in Social Security Administration (SSA) vishing campaigns geared to trap people into sharing their SSN — to the tune of $16.6 million last year. Perpetrators use scare tactics to trick people into thinking their bank account or Social Security Number has been compromised and will cause a delay their tax filings because it has been “locked for their protection,” to get the victim to divulge their PII. Once fraudsters have someone’s SSN information, they can use it to commit various types of identity theft, apply for government benefits, and beyond.

Just last week, a colleague of mine received a voicemail from one of these robocall schemes:

Do not fall for it! The SSA and IRS will never call or email you to request personal information or make threats.

More Real Identity Theft Stories: