ID Theft Scam Run from Prison
Six-Year Scheme Targeted Elderly AccountholdersCustomers of Bank of America, Citibank and the former Washington Mutual Bank were taken for $8 million, after their accounts were compromised as part of an intricate identity theft and bank fraud scheme that was run for nearly six years from a California prison.
See Also: Free Cybersecurity Awareness Kit
Federal authorities say members of the Armenian Power gang worked from behind bars with street gangs and bribed bank employees to steal personally identifiable information - including signatures, telephone numbers, prior addresses and property documents - about elderly accountholders to impersonate them and take over their accounts. Defendants used the stolen information to change accountholder phone numbers and addresses in an effort to conceal their crime. Those changes put control of accounts into the hands of criminals.
The multimillion-dollar fraud losses were suffered by the victims and the affected institutions, according to the Federal Bureau of Investigation.
Now, two ring leaders accused of organizing the scheme have been sentenced to 25 years each in federal prison, even while already serving time for other crimes.
Neal O'Farrell, executive director of The Identity Theft Council, a grassroots group that works with local banking institutions and law enforcement to help victims of identify theft, says the scheme was the quintessential inside job.
"The architects of the crime were behind prison walls and their accomplices inside trusted institutions," O'Farrell says. "This is always a very hard crime to stop. Even if the banks had systems in place to detect unusual activity on certain accounts, insiders can often work around these systems - akin to a prison guard turning off the electric fence."
Ring Leaders
Angus Brown, better known by his street name "Homicide," who is described in court records as a "career criminal and identity thief," and Arman Sharopetrosian, better known as "Horse" and a member of the Armenian Power criminal enterprise, were both serving separate sentences when they orchestrated the ID theft scheme. Brown, who authorities say had numerous prior convictions, was actually serving time for a different ID theft crime. Sharopetrosian was serving a 10-year sentence for shooting at an occupied vehicle and carrying a concealed weapon.
The two managed to conceal their scheme by communicating in code with gang members on the outside through phone conversations. Both men were convicted earlier this year by a California federal court of leading the ID theft ring from Avenal State Prison.
Brown pleaded guilty in December 2011 to conspiracy to commit bank fraud conspiracy, bank fraud, and 17 counts of aggravated ID theft. In March, Sharopetrosian was found guilty of one count of bank fraud conspiracy, four counts of bank fraud, and seven counts of aggravated ID fraud. He also was named in a racketeering indictment returned by a federal grand jury in Los Angeles that targeted the Armenian Power gang. Sharopetrosian awaits a trial in that case.
"It's not new to hear about criminals operating sophisticated identity-theft scams from behind prison walls, and in many cases in prison as a result of previous identity-theft convictions," O'Farrell says.
Twenty other defendants named in the 2011 indictment also have been convicted. While some await sentencing, those that have been sentenced received prison time of up to 51 months, the FBI says.
The ID Theft Scheme
According to court records and evidence presented at Sharopetrosian's trial last spring, bank-account information, primarily from elderly victims, was used to fraudulently transfer funds, forge checks and deposit high-dollar checks into accounts set up with those stolen accountholders' identities. Bank employees were bribed to target individual bank accounts and steal confidential personal and financial information.
Alphonse Pascual, who focuses in security, risk and fraud at Javelin Strategy & Research, says anti-money-laundering and fraud-analytics teams at these larger institutions should have been able to detect suspicious actively, even with insider involvement, if the amounts were significant. "Illicit transfers and checks in smaller amounts, under $10,000, with victim accounts from different branches," he says, however, "would not have generated any significant red flags."
"With smaller institutions, an insider could limit or suppress SAR [suspicious activity report] filings or bypass any manual processes for high-risk transactions, such as confirming the item's validity with the client directly, which could significantly extend the life of such a scheme," he adds.
Federal prosecutors said older victims were targeted by the bribed employees, as elderly accountholders would be less likely to identify suspicious or fraudulent activity because of less frequent online-banking use and account-balance checks. In court documents, prosecutors wrote defendants' "express purpose was to target bank customers with large-value accounts who were not proficient in checking up on their accounts via the Internet" and that they "sought to use that information to plunder the victims' life savings."
The case was investigated by members of the Eurasian Organized Crime Task Force, which includes the FBI, the U.S. Secret Service, U.S. Immigration and Customs Enforcement's Homeland Security Investigations, the Los Angeles Police Department, the Glendale, Calif., Police Department, the Burbank, Calif., Police Department, the Orange County, Calif., Sheriff's Department, and the Los Angeles County Sheriff's Department.
Recommendations for Banks and CUs
Pascual says older consumers, those over the age of 65, also are less likely to sign up for fraud alerts sent via mobile SMS/text messages and e-mail. That makes them more attractive targets, he says. "They are less likely to become aware of such activity until they manually check their balance, receive a paper statement, or visit their bank," Pascual says.
Consumers with high-dollar accounts, as the FBI notes, also are often the most-targeted, O'Farrell says. "It suggests that customers with high-value accounts should always be encouraged, for security reasons, to stick or switch to online banking and use all the security and alert tools available to them," he says.
But the banking institutions affected in this scheme could have down more to help consumers detect the fraud, Pascual says.
"High-dollar transactions that are outside the normal behavior of the accountholder should automatically prompt the delivery of a fraud alert," he says. "This should not be a matter of opt-in, nor should it be able to be overridden, if it is score-based. In such a situation, it may have helped ensure these elderly consumers' piece of mind, along with the affected FI's bottom line."