Author: admin

Legal Steps to Recover Your Stolen Money

This is a series of steps for attempting to recover money stolen by fraudsters. It has been created by Barrister  Gideon Roseman following his skirmish with fraudsters. You can read about that at fightback.ninja/amateur-detective-recovers-stolen-money/

  1. Immediately phone your bank and ask to speak with the fraud team

Explain what has happened and demand they immediately contact the fraudster’s bank, i.e.  the bank you transferred your money to.

  1. Immediately contact a solicitor or barrister who can accept instructions directly from members of the public (or alternatively you can attempt to do this yourself). Ask them to immediately make an application to freeze the fraudster’s bank account and any other bank account that the fraudster has with their bank. The application should include a request for an order that the fraudster’s bank provides the following information:
  • all contact details (mobile phone, home phone, email address, residential address etc.) for all signatories to the fraudster’s bank account and any other bank account held in the fraudster’s name or any other signatory to this bank account that is held at the bank
  • all bank statements for the fraudster’s bank account and any other bank account to which the fraudster or any other signatory has with the bank in question for a period of 6 months; and
  • the current balance of all bank accounts with the bank that is in the fraudster’s or any other signatory’s name.
  1. Once you get hold of the court order, this will need to be immediately emailed to the fraudster’s banks’ ‘court orders’ team who can process it. You can ask your bank for this email address.
  2. As soon as you receive the information from the fraudster’s bank, consider the following points:

(i) has your money been transferred or paid to any recognisable company you can contact, such as a known retailer

(ii) if you can identify a company that has received your money, you can then contact this company, explain what has happened and request they either cancel the transaction made by the fraudster or request them to hold onto the money they have received and

(iii) has the money been transferred to other bank accounts.

  1. If your money has been transferred out of the fraudster’s bank account and into another bank account, you have the option of returning to court and making an application for the information set out above and repeating the process set out above.
  2. When you have received the fraudster’s bank account statements, try to work out the dates and times of the transfers out of their accounts. Your bank will be under a duty to contact the fraudster’s bankers, who will then freeze the fraudster’s account.

If your bank has failed to act within a reasonable period of time after you have notified them of the fraud, which has enabled the fraudster to transfer your money without a trace, it is likely that your bank will have breached their duty and will have to compensate you.

Good luck.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Equifax Data Breach

The personal data of up to 44 million British consumers was feared stolen by hackers in a massive cyber attack on Equifax.

The information commissioner said it was investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data is held by the company.

Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas.

The Information Commissioner’s Office has urged Equifax to alert affected UK customers as soon as possible, and said it will work with the relevant overseas authorities on behalf of British citizens.

Equifax admitted hackers had exposed the personal data of 143 million customers in the US, which was stolen between mid-May and July this year due to a vulnerability on its website. The hack was not made public until recently.

The stolen information includes names, social security numbers, dates of birth, addresses and, in some instances, driver’s license details. It is also thought that around 209,000 credit card numbers were stolen.

Equifax said: “limited personal information” from British and Canadian residents had been compromised.

A spokesman for BT said: “We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

Equifax chief executive Richard Smith said in a statement “I apologise to consumers and our business customers for the concern and frustration this causes.”

How to check if you are affected – go online to https://trustedidpremier.com/eligibility/eligibility.html and type in your last name and last 6 digits of your social security number and it should tell you if you have been affected by the data breach.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Journalist Turns Anonymised Data into Profiles

A journalist and a data scientist secured anonymised browsing data for three million users. They created a fake marketing company to get the data and were able to de-anonymised much of it i.e. they could identify the users.

Anonymised data means the names have been removed along with supposedly anything that makes it possible to identify the individuals.

How is that Possible?

There are various techniques that can be used to identify people in the data, such as:-

  1. Anyone who visits their own Twitter analytics page will have a URL in their browsing record which contains their Twitter username. Find that URL, and you’ve linked the anonymous data to an actual person.
  2. A similar trick works for German social networking site Xing.

For other users, a more statistical approach can be used to de-anonymise the data. For instance, just 10 URLs can be enough to uniquely identify someone. For instance, how few people there are at your company, with your bank, your hobby, your preferred newspaper and your mobile phone provider. By creating “fingerprints” from the data, it’s possible to compare it to other, more public, sources of what URLs people have visited, such as social media accounts, or public YouTube playlists.

Eckert, a journalist, worked up with data scientist Andreas Dewes to acquire personal user data and see what they could get from it. They created a fake marketing company, complete with its own website, a LinkedIn page for its chief executive, and even a careers site.

The pair presented their findings at the Def Con hacking conference in Las Vegas

They made the site full of pictures and marketing buzzwords, claiming to have developed a machine-learning algorithm which would be able to market more effectively to people, but only if it was trained with a large amount of data. Then they asked companies for anonymised data to try on their system.

The data they were eventually given came, for free, from a data broker, which was willing to let them test their hypothetical AI advertising platform.

Another discovery through the data collection occurred via Google Translate, which stores the text of every query put through it in the URL. From this, the researchers were able to uncover operational details about a German cybercrime investigation, since the detective involved was translating requests for assistance to foreign police forces.

Where did all of the data come from?  A number of browser plugins collect data, Google Translate collects data and various websites collect this data.

It is supposed to be anonymised when passed on to ensure no-one can identify the individuals, but this clearly is not true.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Amateur Detective Recovers Stolen Money

Gideon Roseman was scammed out of a lot of money. He had builders working on his home and fraudsters hacked in to the builder’s email system. They sent a message to Roseman purporting to the builder asking for a down payment to start work. Roseman paid £20,400 to what he though was the account of his builder.

The next day his wife Esther found an email from the builder warning his customers that his email had been hacked and Roseman realised his payment had gone to the hackers.

The builder had checked his emails and found messages to a number of customers demanding payment to a bank account he did not recognise.

Roseman said  “I wasn’t filled with optimism when I spoke to my bank, so I felt as though the only way I would get my money back is to take things into my own hands.”. He is a barrister so had a head start over most of us in dealing with the legal system.

He travelled to London the High Court to apply for the fraudster’s bank account to be frozen.

The judge agreed it appeared he had been the victim of fraud and granted the order.

Mr Roseman then contacted Santander’s court orders department and it froze the account.

He soon received another email from the fraudster asking for more money to “cover the VAT” on the work.

Mr Roseman played along and managed to obtain the sort codes and details of another two accounts — one at Barclays and another at Santander.

He then returned to the High Court to get these accounts frozen and the judge again approved his application.

The court ordered Barclays and Santander to release all contact details and bank statements for the frozen accounts and using these, Mr Roseman tracked down £5,655 in several Santander accounts connected to the fraudster and the bank agreed to return the money.

He also noticed the scammer had transferred around £5,000 to a haulage firm which repaid his money.

The bank accounts also revealed £9,150 was transferred out of the fraudster’s account more than 24 hours after Mr Roseman first reported the incident to Barclays.

Barclays denied any delay but later agreed to pay the remaining £9,150.

It added £200 compensation. This left £395 outstanding, which the builder took off his bill.

Mr Roseman said “Hopefully, I’ve shown that despite what the banks might say, it is possible to track down cash after it’s disappeared and get the money back.”

“My advice to scam victims is to act immediately. Call your bank, gather evidence and instruct a solicitor to get to court as quickly as you can to freeze the accounts.”

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.