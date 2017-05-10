Call Center Operator and His Cousin Steal $645,000 From UK Water Supplier (bleepingcomputer.com) 10
An anonymous reader writes: "An unnamed UK-based regional water supply company lost over $645,000 in a sophisticated scam that involved social engineering, an inside man, and international bank transfers," reports BleepingComputer. According to a recently disclosed report, one of the water supplier's call center operators was taking screenshots of customer details and sending this data to his cousin in the UK. This person would trick other call center operators to reset the passwords for those accounts, add his bank account info to the account, and request a refund for previous transactions. Their operation was discovered after customers, usually small-to-medium businesses, discovered they couldn't access their accounts anymore, and also reported new bank account details. A search of the CRM logs revealed that only one call center operator had accessed those profiles, albeit he never initiated or approved refunds. When questioned, the arrogant employee signed an affidavit allowing investigators to search his home PC, thinking they would never discover anything, since he already wiped his hard drive. They did because he forgot to delete his shadow volume copies, where investigators discovered copies of emails sent to his cousin in the UK. These emails contained the screenshots of his work PC with SMB client data. In the end, the call center employee ended up helping authorities secure a conviction for his cousin.
Never do a job you can't do by yourself and have to do more than once.
I worked right besides a fraud department for a major credit card company.. it never ceases to amaze me how ingenious the scammers we're, how the first few times were completely missed by all the fraud detection, and how every single one just kept on doing the same thing over and over thinking if it works once or twice, it'll surely work 200 times...
That is selection bias. You only know about those dumb enough to get caught.
Today on the family channel, the heartwarming story of a call center operator who engineers a complicated scam and then rats out the relative who helped him. Brought to you by your friends at Hallmark. Don't forget mother's day!
How could his cousin possibly know that a lying scamming thief would also be dishonest?
From the article (because the summary sounds insane -> if MS has found a way to keep Shadow Volume copies of files after a full disk wipe, the Pentagon needs to know about this), it sounds like he was running something akin to selective cleaning (i.e. CC Cleaner). The OS and other applications remained, while personal data was removed.
If you steal near $700k you can afford a pound of thermite not just for the hard drive but for the entire computer -or- someone that actually knows what they're doing and some 'shush' money.
