Caught in the Spider's Web -- online financial identity theft

September 21, 2010

Personal information may be stolen through a variety of means. Among the more common examples are

  • Hacking into financial institutions' computer systems
  • Phishing attacks. [A fraudulent email/Instant Message that directs the recipient to enter sensitive information onto an apparently trustworthy website. In fact, that website is masquerading as one that is bona fide and is controlled by the sender of the phishing message.]
  • Malware that infects victims' computers with malicious software
  • Keylogger viruses.[This virus covertly tracks the keys struck on the infected computer's keyboard.]

The goal of such criminal conduct is to illegally obtain the victim's name, address, telephone number, social security number, user names/passwords, and other identification. Recently, so-called "carding" websites have proliferated. Such sites provide criminals with online locations where they can buy/sell stolen identification and financial information.

Do You Have a Cold?

In June 2007, Belarussian nationals Dmitry M. Naskovets and Sergey Semasko created ("CallService"), a Russian language online business hosted in Lithuania and intended to assist identity thieves in exploiting stolen financial information such as credit card and debit card numbers. Among other things, CallService was designed to counteract security measures put in place by financial institutions. Such security measures typically require persons seeking to engage in financial transactions (such as account transfers or withdrawals) to verify by telephone certain information associated with the account. Businesses that accept online or telephone purchases by credit card have similar security measures. Representatives at financial institutions and businesses are supposedly trained to make sure that persons purporting over the telephone to be account holders fit the account holder's profile. For example, if an account holder is an American female, the screener is supposed to make sure that the caller speaks English and sounds like a female.

Have I Got A Nice German-Speaking Girl For You!

In exchange for a fee, Naskovets and Semasko provided through CallService the services of English- and German-speaking individuals to persons who had stolen account and biographical information. The identity thief would provide to CallService the name of the bank to be contacted; the stolen account information and biographical information; and instructions from the identity thief as to what to say or how the fraudulent transaction was to be conducted. Thereafter, Naskovets and his co-conspirators would assign an appropriate individual employed by CallService-- namely someone who was the same gender and spoke the same language as the authorized account holder. CallService's foreign language speakers would pose as the authorized account holders and would then telephone financial institutions and other businesses in order to conduct or confirm fraudulent account activity on behalf of the identity thieves. If successful, the CallService employees would successfully confirm unauthorized withdrawals or transfers from bank accounts, unblock accounts, change the address or phone number associated with an account, and engage in other fraudulent activity. After the requested call was made, Naskovets and his co-conspirators would report the results to the identity thief, who could issue further instructions, if necessary.

Over 5,400 Sold

CallService posted advertisements for its services on other websites used by identity thieves, including, which was operated by Semashko. One such advertisement noted "a special offer of an unlimited number of confirmation calls" to interested individuals, among which were listed "successful Carders (drop handlers . . . PIN cashers, etc.). . ." Other advertisements boasted that CallService had "over 2090 people working with" it and had "done over 5400 confirmation calls" to banks, referencing calls to defeat security screening procedures and confirm or conduct fraudulent transactions.

  • A Carder buys/sells/trades/exploits stolen or unlawfully obtained credit/debit card numbers and information.
  • A Drop Handler hires/manages "drops," which are addresses/individuals used by the identity thief as shipment destinations
  • A PIN Casher uses stolen credit/debit card information to withdraw cash from the victim.

Trapped in the Net

Naskovets was arrested by Czech enforcement authorities on April 15, 2010, at the request of the United States. Also on that day, in a joint operation, Belarusian law enforcement authorities arrested Semashko in Belarus; and Lithuanian law enforcement authorities seized the computers on which CallService was hosted. Belarusian authorities also arrested additional co-conspirators for related criminal conduct. In addition, the New York Office of the Federal Bureau of Investigation simultaneously seized the Website domain name pursuant to a seizure warrant issued by U.S. District Judge Lewis A. Kaplan, to whom the criminal case is also assigned.

The U.S. Indictment at charges Naskovets with one count of conspiracy to commit wire fraud, one count of conspiracy to commit access device fraud, and one count of aggravated identity theft. If convicted on all three counts, Naskovets faces a maximum sentence of 39 and one-half years in prison.

On September 20, 2010, Preet Bharara, the United States Attorney for the Southern District of New York, announced the extradition of 26-year-old Naskovets from the Czech Republic. Naskovets consented to extradition and arrived in the Southern District of New York on September 17th.

NOTE: The charges contained in the Indictment are merely accusations and Naskovets is presumed innocent unless and until proven guilty.


Follow Bill Singer on Twitter: