iPhone Scam Reveals How Digital Criminals Find Vulnerabilities

Think of the Apple iPhone, and thoughts are likely to turn to matters involving social media, selfies, family photos, mobile commerce and even payments. But news this week from the police beat reminds us not only that the iPhone remains a juicy target for thieves, but that it can also play a role in pretty brazen illegal schemes – a trend that has played out in other parts of the digital sphere as well.

According to a report from Quartz, “over the past seven years, a New York City-based fraud ring allegedly stole more than $19 million worth of iPhones by posing as cell phone subscribers to get new devices at little or no cost. The six people authorities say ran the ring would then sell the stolen phones on the black market, getting away with the scam for years.”

The scheme involved what the report called “untold numbers of customers whose accounts were used by the ring, as well as the (unnamed) carriers themselves, which typically bore the losses.”

Counterfeit Debit Cards

The work involved wasn’t the most complicated, either.

The alleged thieves reportedly used “fake IDs and counterfeit debit cards” to pose as authentic customers inside mobile phone stores. The alleged thieves then asked to upgrade to new phones on existing mobile accounts. “They would spread payments out over many months, which would come as a surprise on the actual customer’s next bill. By then, the scammers – and the devices –were already long gone.”

The alleged theft ring operated in 34 states, but it remains unclear how many phones and legitimate customers were involved or impacted.

As every reader of PYMNTS knows, fraud and cybersecurity are becoming bigger issues as the digital economy continues to evolve, and as criminals become more sophisticated and more skilled at finding vulnerabilities and updating their tactics for these web- and mobile-focused times.

Targeting Dead People

Just consider one of the ongoing trends in online fraud and security: criminals targeting dead people (or, more accurately, their survivors and estates), always a brazen act in itself, and one that has now been updated. Back in the olden days of print newspapers, bad guys would regularly read the obituaries, then craft a plan to break into houses and steal valuable items during the wake or funeral. But like most analog businesses, this criminal model has gone digital.

Today, the internet makes discovering and then executing creative ideas not much more than a mouse click away – which makes exploiting death for the purposes of identity fraud easy, too. The idea is either to siphon funds from the accounts of the deceased or to build new IDs around their personal details in order to build credit and make a bigger haul down the road.

Crypto and Diamonds

Another relatively fresh digital scam involves cryptocurrencies and diamonds.

The cryptocurrency realm may have fallen short, thus far, of its promise to transform commerce, to kill hard currency and to render central banks obsolete. But cryptos have done a great job of acting as conduits to all sorts of fraud. From ICOs that took in money (millions!) but delivered no tangible products to bitcoin that vanishes from wallets stored online, the bad guys find these digital offerings, in all their flavors, as irresistible as the speculators who buy them.

In one particular scheme, as noted in a complaint with the SEC and media reports, Argyle Coin, based in Florida, had offered investors the chance to buy into cryptocurrency backed by diamonds. Authorities have alleged that this amounted to a $30 million Ponzi scheme that was built around a cryptocurrency scam tied to diamonds. The alleged Ponzi scheme traces its genesis to May of 2014, with the initial approach by Argyle’s Jose Angel Aman to get investors to put funds in the aforementioned firm, Natural Diamonds. Those funds, he said, would in turn be invested in acquiring, refining and reselling diamonds – with 24 percent profits and return of principal within two years.

But allegedly, true to Ponzi structure, new investor funds went to pay prior investors their promised returns. The same model held true for Eagle Financial Diamond Group. And then came Argyle Coin, which in 2017 was pitched as a crypto backed by those diamonds. The investor money would develop cryptos, as the Journal reported; the risk was nonexistent because, well, diamonds.

Criminals are always on the job, and those that thrive are doing well at either finding new scams that exploit vulnerabilities in the digital world or updating tried-and-true cons for this era.