Wednesday, December 07, 2005

Russian Gang Members Busted at Circuit City

In my last post, High Tech Theft Not the Only Loss Category Rising, I discussed a retail theft survey, which deducted that an increase in shoplifting losses was attributable to organized gang activity. I noted that the loss categories mentioned in the press release from the survey failed to include fraud (check and credit) and e-commerce fraud. These are also areas that seemed to be consistently targeted by organized activity and have the ability to impact the profitability of the retail industry.

Here is an interesting story from WOOD TV in Grand Rapids Michigan, which shows how organized activity is impacting retailers in other ways besides shoplifting.

WOOD TV reported, "It appears the suspects were hitting stores across the state, particularly Circuit City and Best Buy. The Muskegon County prosecutor tells 24 Hour News 8 two men were arrested with more than $10,000 worth of electronics in their possession after providing stolen identification at a local home electronics store."

When arrested, the alleged low level Russian gang members were in possession of $10,000.00 worth of merchandise and there are ties to numerous other thefts from Best Buy and Circuit City.

In this scam, high-end electronic merchandise would be ordered over the internet using fraudulent credit cards. Individuals would then appear at the stores to pick up the merchandise using fake identification.

I'm assuming that when arrested they merely had the merchandise from one haul. According to the local authorities the merchandise was going to be shipped overseas to Holland. WOOD TV also reported, there were other indicators that this is a very organized operation.

"Authorities confiscated a global positioning device to help navigate fast getaways and map out the next hit.

Authorities believe the two men are part of a sophisticated Russian organized crime ring after discovering high-tech items and cell phones in their van. The high-tech devices are capable of altering magnetic strips on credit cards.

The phone was ringing throughout our proceedings from a variety of individuals speaking Russian, also with code names including Godfather.

The investigation is now spreading to other sites after authorities traced stolen credit cards "including Illinois, Indiana, Arizona, Colorado," Tague says. "So we're certainly seeing contacts throughout the country in terms of ID theft and contacts with this organization."

For the full story from WOOD TV go to: Nationwide identity theft ring busted in Muskegon. County.

It would be pretty hard to shoplift a van full of big screen televisions.

My recommendation to those implementing security strategy for the retail industry is that while they need to continue to monitor employee theft, shoplifting, vendor theft and administrative errors; ignoring the increases in fraud fueled by technology and the internet could be deadly to the profitability of the industry as a whole.

For my previous post regarding the retail survey, click on the title of this one.

High Tech Theft Not the Only Loss Category Rising

Internet Fraud has been increasing substantially, however more old-fashioned means of theft, such as "shoplifting" seem to be on the rise, also.

A press release from ADT Security Services reports that a survey conducted by Richard Hollinger Ph.D (University of Florida) is showing increases in theft from retailers.

Here is a comment from ADT on the survey, "Rex Gillette, vice president of retail national accounts for ADT, said the survey shows retailers are spending more to combat retail theft." ADT, who sponsored the grant to conduct this study, is one the major vendors that provides technology based solutions to combat retail theft.

The survey states that although employee theft is down, it is still the number one retail theft category. Other categories mentioned in the survey include, "shoplifting, vendor fraud and administrative error -- cost the nation's retailers close to $31 billion last year."

According to the survey, the increase in shoplifting activity is due to organized gang activity. To quote the survey, "Hollinger attributed the increase to a new form of shoplifting called organized retail crime, which involves shoplifting gangs working as a team to steal large quantities of merchandise quickly."

I was involved in taking a look at this new phenomenon about ten years ago for a major retailer and organized shoplifting gangs were pretty prevalent then. If it was prevalent ten years ago, either the activity has substantially increased, or organized activity isn't as new as some might think.

The press release on the survey doesn't seem to mention losses in fraud categories, such as check and credit, nor does it seem to address mention in the e-commerce sector. The e-commerce sector is growing rapidly and many traditional retailers are becoming heavily involved in it. There is no doubt that money lost in these categories impact retailers, also.

I have been unable to view this survey. There was some mention of fraud in the last one, although it was only covered briefly. Nonetheless, the press release for this one fails to mention it at all and with the increases in crime fueled by technology, it seems logical the financial impact on retailers should be going up.

Although, I'm sure the survey is based on statistical analysis, there are difficulties in assigning dollar lost to theft (by category) in the retail industry. Most retailers conduct physical inventory once, or twice a year. It is extremely difficult six months to a year later to determine how inventory disappeared and it would be interesting to see how the survey assigned the dollar amounts to a specific loss category.

So far as measuring the amount of money lost in the fraud categories, many companies only measure known fraud (verified). The rest of the monetary amount is sometimes buried in another accounting category, which is known as "bad debt." For instance, a fraudster opens a credit account with a dead person's identification (or someone who is never reached by a collections department), charges the account to it's maximum potential and then disappears. Because the activity was unable to be verified as fraud, it is written off as bad debt. This problem can be extended to all types of financial fraud categories. The amount of fraud buried on credit reports and company accounts classified as "bad debt" cannot be accurately calculated and is probably substantial.

I have no doubt (given current theft trends) that this activity is on the rise. Retail theft, whether high, or low tech impacts us all (via higher prices) and any analysis of how to prevent it is valuable. The retail industry is taking these problems seriously and attempting to deal with them because of the negative effect it has on their overall profitability.

On a personal level, I am a advocate of a more holistic approach to fighting losses that are prevalent in the world of business. In my opinion, there is an opportunity for loss prevention, computer security and fraud experts to combine forces against organized activity in general.

In fact, I highly suspect that many of the organized gangs are involved in all of the categories mentioned and don't discriminate on types of activity. They simply go where they can steal the most money.

For the full press release, go to: Annual Retail Security Survey Shows Shoplifting on the Rise.

I have written other posts on organized criminal activity, should anyone be interested:

The Consolidation of Organized Criminal Activity
Organized Fraud Gangs
Fraud Gangs Plant Insiders

Monday, December 05, 2005

Malicious Code Used to Redirect Banking Customers to Fraud Sites

Here is an interesting, but scary scam being reported by the good folks at Websense. Malicious code is being put on systems that appends to the "Window hosts file" and redirects users from their financial institution to a phishing site where their log information is stolen.

"Websense® Security Labs™ has observed an increase in phishing attacks that use modifications to the Windows hosts file to deceive users. Various exploits and social engineering tricks are used to execute malicious code that appends several entries to the Windows hosts file. These entries redirect traffic from the legitimate web addresses of several banks to the IP address of a phishing site created by the attacker. The next time the user attempts to visit one of the targeted banks, they are instead redirected to arrive at a phishing site. However, the web address shown in the browser's address bar appears to be the correct address. The logon information of the unsuspecting user is captured, as they attempt to access the site.

The example shown below targets four banks: HSBC Brazil, Banco Itau, Banco Banespa, and Bradesco. The phishing sites used in this attack are hosted in California and were online at the time of this alert."

For the full alert, along with screen shots, please read, Traffic Redirection on the Websense home page.

The alert isn't specific how the malicious code is being executed, but my guess would be via e-mail attachments. This is a new (pretty scary) twist, especially if the web address appears to be correct. Watching web addresses is a basic for those of us, who are on the look out for phishing scams. I plan to follow this carefully and will publish any additional information as it becomes available.

Until then, this is a testament to keeping your protection software up to date!

Sunday, December 04, 2005

XBox Latest Lure in Auction Scams

When anything is hot, such as Microsoft's new XBox, it is best to "let the buyer beware." Todd Bishop of the Seattle Post-Intelligencer is reporting is auction customers on eBay are being tricked into buying empty boxes that once contained the XBox and even pictures of the XBox.

According to the article:

"Capitalizing on shortages of Microsoft's new video-game console, several people have attracted bids as high as $600 or more on eBay this week by offering Xbox 360 boxes -- just empty boxes -- in ways that made it seem, without reading closely, that the items for sale were actually consoles.

The common approach: Acknowledging that the item was merely a box, but surrounding that disclosure with so many pictures and descriptions of the real console and accessories that someone merely skimming the listings might not notice."

For the full story by Todd Bishop go to, Xbox bidders warned to beware Phony auctions are offering the box -- no console, just the box.

In a recent post, I did I wrote, "Many of us will use an increasingly popular method of shopping, which are auction sites. A lot of people have become victims on these sites and e-Bay is the largest player. I prefer the warning information on CraigsList. Craig Newmark (allegedly himself) put this together, "cashier check & wire transfer scams and avoid recalled items. Craigslist gets 3 billion page views a month and although they do charge for certain things (rarely), most of it is free. Furthermore, Craigs provides not only an auction site, but a lot of resources to help people, which again are mostly free."

To read this post, which I put together as a "best practices" resource to avoid fraud during the holiday season, go to, The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

The bottom line is that auction sites, although immensely popular, have attracted a lot of fraud and many a person has become a victim. With more and more people gaining access to the internet, we can expect a this to be a growing trend. These scams always start with, "something that is too good to be true" and the best defense is to "let the buyer beware."

I've received a lot of information on auction scams via readers. If you happen to see something new, please feel free to drop me a line at TedRichardson9925@SBCGlobal.net.

You can also read more on auction fraud by searching keyword "auction fraud" in the search box at the top of this page.

Friday, December 02, 2005

The Fourth Quarter

In a lot of games, the fourth quarter can be critical. In the business world, the fourth quarter is so critical that it can dictate the financial stability, or ruin of many businesses. Quite simply, the holiday season, (fourth quarter) is when businesses either make their yearly goals, or don't. To add to this pressure, the level of fraudulent activity increases, having the potential to directly impact the success of the season, whether referring to a entire organization, or an individual human being.

There are some alarming trends to consider this year and in the future.

This time of year has always been known for increases in fraud, but increasingly it seems to becoming more and more "internet based" and organized. I've written about this in the past. Yesterday, I read an interesting article by Jack Germain entitled, The Real-Life Internet Sopranos that illustrates this growing danger.

In his well researched article, which quotes a lot of security experts, he writes, "Welcome to the age of the Internet gangster. Gone are the days when young computer nerds sat alone in their rooms figuring out how to break in to their schools' computer systems to change grades. Also fading into nostalgia are the times when hackers teamed up with small-time hoods to pull off credit-card scams that victimized local banks.

The days of spammers, phishers, and identity thieves -- the typical culprits of today's online crime stories -- are upon us. These criminals have created their own syndicates to invade your computers and crack your company's network security."

In fact, it seems that internet crime is becoming more profitable than the narcotics trade, Cybercrime yields more cash than drugs: expert - Yahoo! News. In this article by Souhail Karam, he quoted an advisor on cybercrime to the U.S. Treasury Department, Valerie McGiven; "No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy."

"Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion."

A glaring example of the increase in potential risks is the IRS phishing attack that surfaced this week, following recent phishing attacks from the FBI and CIA that went worldwide (Fake IRS E-Mail Scam Goes Phishing). There is even mounting evidence that national security is being compromised by rogue governments, which I wrote about it my last post, US Military Hacked, Sober Worm Goes Worldwide, What Next? The cyberscum element, which I prefer to refer to them as, seems to be getting bolder and even mocking government institutions.

To a simple person, like me, who is merely an observer in the big picture, it does seem like the fourth quarter of a crucial game where my team is losing. Trusted government entities are being mocked and the criminal element is becoming more organized, taking advantage of weak laws and the far reaches of the internet. Until those who are in power start to realize the global magnitude of this problem and allocate sufficient resources to battle it, I'm afraid we will continue to see this problem grow.

Of course now is not the time to give up hope and the key is to continue to raise awareness and prevent the common person (all of us) from becoming another statistic in the growing number of victims from internet crime. Knowledge is key and awareness can defeat most of the scams that seem to face us, daily.