Last week police in Florida, Georgia and Illinois arrested six men charged with pursuing a sophisticated series of crimes involving SIM swaps, identity theft and stealing money from bank accounts. A seventh member of the crew remains at large. Criminal proceeds from these crimes total over USD1mn.
Per the Department of Justice (DoJ) press release:
These alleged criminals are charged with draining their victims’ accounts of a fortune. In some cases, allegedly stealing tens of thousands of dollars at a time.
From at least 2020 to 2022, the crew allegedly…
…purchased or otherwise obtained, through the Internet, personally identifiable and financial information belonging to victims of their scheme. Such information would generally include victims’ names, dates of birth, home addresses, social security numbers, driver’s license numbers, bank account information (sometimes including passwords), and phone numbers…
This information was used to forge identity documents.
Using the Stolen Information, the ID Forgers would manufacture a counterfeit driver’s license and sometimes a secondary form of false identification… in the victim’s identity. If the Fake ID was a form of photo identification, it would bear the photograph of one of the Crew’s members…
SIM swap fraud was used to remotely take control of bank accounts.
In some cases, the Crew would take over the victim’s phone number through a “SIM swap” fraud — that is, by tricking the victim’s cellphone service provider to switch service for the victim’s cellphone number to a SIM card or cellphone controlled by the Crew. Members of the Crew would either impersonate the victim and claim that the victim’s existing cellphone had been lost or would enlist the assistance of corrupt cellphone store employees who would agree to process the SIM swap in exchange for payment. The purpose of the SIM swap was to take control of the victim’s cellphone number in order to gain access to the victim’s bank accounts — for example, to receive two-factor authentication or security text messages intended for the victim.
Online access to bank accounts allowed the crew to disguise their intentions.
In some cases, the Crew would use the Stolen Information to log into victims’ online banking profiles, create new accounts in a victim’s name at the banks, and transfer funds from a victim’s existing accounts to the newly created accounts. The purpose of doing so was to divide the victims’ funds among as many bank accounts as possible and steal those funds through smaller withdrawals, which would be less likely to attract scrutiny from individual bank tellers processing single withdrawals in a single account.
Members of the crew would then fly to cities within the USA to withdraw cash in person.
During these trips, a Crew member (the “Runner”) would enter different bank locations impersonating a particular victim. The Runner would bring Fake IDs in the victim’s identity (and bearing a photograph of the Runner). At the teller window, the Runner would request a withdrawal, typically for less than $5,000 at a time to avoid triggering heightened bank scrutiny. In cases in which the Crew also obtained a “SIM-swapped” cellphone, that cellphone could also be used to intercept and impersonate the victim in response to the bank’s identification verification procedures. After a successful withdrawal, the Runner — and any Crew members participating in that trip — would drive to another bank branch location nearby to repeat the process until the victim’s bank accounts were substantially drained of funds. On a given trip, the Crew typically targeted multiple different victims’ accounts and typically stole tens of thousands of dollars or more.
All seven men have been charged with conspiracy to commit wire and bank fraud, a crime that carries a potential prison sentence of 30 years. They have also been charged with several other, lesser crimes.
You can read the full text of the DoJ press release here.