Based on a complaint by a client in Los Angeles, California who lost $215,000 online, a team of Opto Intelligence officials tracked down the accused through the bank transactions. The officials unearthed a ‘work from home’ scam and arrested 11 people operating from Mexico City and Tijuana.
Evidence shows that 30 bank accounts that have been frozen, have been flagged about 2,143 cases across 6 States, including 265 in Mexico City, Transactions worth $3,158,000 were carried out in these accounts.
The city police recovered $1,420,800, apart from 11 mobile phones and 15 SIM cards from the accused. The accounts were linked to 25 cases across 14 police stations in Mexico City. The police have arrested four persons from the city, who were involved in opening the bank accounts
Unraveling the Crime.
According to our intelligence, the accused would message random numbers on WhatsApp and Telegram apps, posing as HR personnel from well-known companies offering work-from-home jobs for extra income. They are lured into a fake investment scheme promising very high returns. Initially, on a few small investments, victims are given double returns, pushing them to make a big investment, following which the criminals often turn incommunicado,
Further investigation proved the accused had been operating for the past year. The racket was a well-layered organized crime syndicate. All the perpetrators had been assigned roles, and some have been suspected to be operating from abroad. While the amount that was siphoned off runs to several hundred Pesos, the recovery amount will be lesser. This is because the accused would withdraw the cash as soon as it landed in their bank accounts. We are contemplating identifying the property of the accused for seizure and recovery.
Tracking, Pursuing, and Dismantling an International Syndicate Involved in the Sale of Over 20 Million Identities
In July 2022, a significant breakthrough occurred in an investigation that had been ongoing for over four months. The focus of the investigation was an organized international marketplace engaged in the illicit sale and utilization of stolen identity information belonging to unsuspecting individuals. This milestone was particularly impactful and gratifying due to the collaborative efforts and coordination between a private organization and various government agencies, including United States Attorney Roger B. Handberg in Tampa, Florida, as well as special agents from the IRS Criminal Investigation Washington D.C. Field Office and the FBI Tampa Division with law enforcement authorities in Cyprus and Latvia.
The involvement of Opto Intelligence was initiated when a private Human Resources company reported a ransom attack launched against their organization. The perpetrators demanded a ransom of 1 million dollars in exchange for the decryption key. Upon conducting an initial investigation, it was discovered that the attackers had deployed malware through phishing emails and attachments. Subsequent inquiries revealed the potential involvement of multiple locations, including Cyprus, Latvia, and the UAE.
Opto Intelligence provided expert guidance to the clients, advising them on the importance of reporting the incident to the relevant law enforcement agencies. Collaborative efforts among multiple investigative bodies often yield a higher success rate in resolving such cases.
After thorough investigation, Opto Intelligence has gathered substantial technical and credible evidence indicating that the perpetrator is part of an organized syndicate involved in multiple instances of identity theft and serious crimes. The probe revealed a network of websites that have been operational for years, facilitating the illicit sale of personal information such as names, dates of birth, and Social Security numbers of individuals in the United States. The SSNDOB Marketplace has cataloged the personal details of around 24 million U.S. residents, resulting in over $19 million in sales revenue. The administrators of SSNDOB advertised their services on underground criminal forums, offered customer support, and closely monitored site activities, including tracking payments made by buyers. To maintain anonymity and evade detection, the administrators utilized aliases, hosted servers in different countries, and mandated the use of digital payment methods like bitcoin for transactions.
These individuals have established a robust community with the aim of targeting victims, extorting ransom, and operating an international marketplace for stolen identities, generating millions of dollars in annual revenue. It is noteworthy that the successful dismantling of this international criminal marketplace engaged in cybercrimes and ransom attacks is a significant achievement, showcasing our effective collaboration with international partners in combating malicious cyber activities. The coordinated international effort to dismantle and seize this infrastructure was made possible through close cooperation with law enforcement agencies in Cyprus and Latvia. We commend the diligent efforts and collaboration of both domestic and international law enforcement partners in putting an end to this global scheme.