Correction to This Article
A quote in the .com column in the June 8 Business section was incorrectly attributed to a speaker at a security summit in Washington. "The truth is that the average identity theft scam reads a lot more like an edition of 'Ms. Lonelyhearts' than the 'French Connection,'." should have been attributed to Paul Roberts, a senior editor who writes for Tech Watch, a blog published by InfoWorld Magazine.

Beware the Lonely Hearts Club Scam

By Leslie Walker
Thursday, June 8, 2006

Ladies, beware of men buying drinks in bars -- they may be retired drug dealers trying to recruit you into their life of cybercrime, specifically identity-theft rings.

The stories told by Richard W. Goldberg, a cybercrime prosecutor in the U.S. attorney's office for Eastern Pennsylvania, at a Cleveland Park security conference this week sounded like they were right out of a Hollywood movie.

An identity-theft ringleader, also known as the "concierge," recruits an "insider" to steal personal information from work, data that can be used to make bogus credit cards with real names and account numbers.

Often the "insider" is a lonely woman who falls in love with the concierge after he sidles up to her in a bar, orders her a drink, and discovers that she works for a bank or insurance company -- at which point he escalates his wooing. After a while, he persuades her to leak him some customer data because he's "short on cash."

"The truth is that the average identity theft scam reads a lot more like an edition of 'Ms. Lonelyhearts' than 'The French Connection,' " Goldberg said.

The concierge then turns that information into cash using various schemes. One involves giving the customer names and numbers to someone who uses machinery in his basement to churn out phony credit cards and IDs -- documents that might not fool a cop but do get past many store clerks. Or the ringleader may use the information to open new credit accounts in the names of unsuspecting victims.

Next, he rents a van in someone else's name, rounds up a bunch of drug addicts, and gives each a bogus credit card and a shopping list, Goldberg said. Dumped at a suburban mall, they make their purchases and return with hot merchandise.

Then they are driven to another mall in a nearby county, where they are sent shopping again. Purchases are kept under $200 and repeated in different counties to keep the dollar value of individual merchant losses below the radar of police agencies, Goldberg explained.

It may sound unbelievable but, over the past year, personal data thefts have become everyday news, particularly since the federal government and many states have passed laws requiring disclosure of personal data breaches. Not all cases are as sensational as the recent theft of a laptop containing personal information on 26.5 million veterans. But many clearly have the potential to create misery.

Last week, notified 243,000 customers that their personal information was on a laptop stolen from its auditor. Supermarket giant Ahold USA disclosed that a laptop missing from an airplane contained pension data on its former employees, and another laptop ripped off in New England held data on YMCA members.

And those were just in the past week.

Thanks to a steady stream of scary news stories, most of us are aware that identity thieves often use pilfered data to pose as us and steal stuff in our good names. But these aren't kids playing with stolen credit card numbers hacked off the Internet. These are criminals, no different than the ringleaders in a drug-trafficking network.

CONTINUED     1        >

© 2006 The Washington Post Company