Saturday, December 31, 2005

Who is Watching Us

I found this story on Lycos by Ann Harrison about activisim in Europe directed towards having our movements recorded on video.

"BERLIN -- When the Austrian government passed a law this year allowing police to install closed-circuit surveillance cameras in public spaces without a court order, the Austrian civil liberties group Quintessenz vowed to watch the watchers.

Members of the organization worked out a way to intercept the camera images with an inexpensive, 1-GHz satellite receiver. The signal could then be descrambled using hardware designed to enhance copy-protected video as it's transferred from DVD to VHS tape.

The Quintessenz activists then began figuring out how to blind the cameras with balloons, lasers and infrared devices." For the full story read: Hackers Rebel Against Spy Cams.

Not only are there concerns with government agencies, but with all the digital cameras (including a vast array of hidden ones available over the internet), it is becoming very easy for anyone to spy on whomever they want. For anyone interested in viewing any of these products, here is a place to see them, Private Investigators Mall.

Digital cameras inside devices like telephones are also creating a privacy issue.

In December, Alex Eckelberry (CEO, Sunbelt Software) and author of the Sunbelt BLOG did a post on UK Government to track every vehicle.

His comment was "Gulp" and a quote from George Orwell:

“On each landing, opposite the lift shaft, the poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move.” —Orwell

There is a tremendous amount of privacy issues that stem from this technology, which seems available to anyone. Additionally, anyone who has actually used this technology to solve crime could tell you that the criminals and it seems (hackers) already know how to cover their tracks. This can simply be done with rudimentary disguise techniques and as stated in Ann Harrison's article (hacking methods), which leave the recordings useless.

With the technology readily available, it is also being used to assist the criminal element in their illicit endeavors. From wireless devices being attached to ATM machines, which include (hidden cameras) to clerks using their camera phones to record credit card numbers, this technology is already providing new ways to victimize the innocent.

Here is a previous post I did on skimming debit card information, ATM Machines That Clone Your Card.

I'm not questioning the fact that video technology has it's uses, but as usual, we must consider what the abuse implications of this technology. Time and time again, it seems that laws to protect the innocent, can't keep up with the rapid pace in which technology grows in the world today.

Loyal Wife Pays Bill for Husband's Sexual Addiction

Here in the West, a man caught spending too much money in "hostess bars" (roughly the same as gentleman's clubs) would probably be in a "helluva" lot of trouble with his better half. Here is a odd story from Japan, where a Keiko Kawaida's wife (Kazuo) not only didn't seem to mind her husband's behavior, but actually stole about 1 billion yen from her employer to pay for his "recreational" activities.

Yoshihito Kawami of the The Asahi Shimbun reported:

"Faced with mounting debts from her husband's visits to hostess bars, a middle-aged bank clerk allegedly cooked up an embezzlement scheme that netted almost a billion yen over the next 12 years, according to police.

Until the arrests of Keiko Kawaida, 55, in November and her husband, Kazuo Kawaida, 57, earlier this month, the couple went on a decade-long spree, making overseas trips and squandering hundreds of millions of yen at the racetrack, according to police."

For the full story by Yoshihito Kawami read Police: Clerk skims 1 billion yen to pay off husband's debts. Here is what Wikipedia has to say about Hostess Bars: Hostess bar - Wikipedia, the free encyclopedia.

Here is a well known (some consider odd) page on the internet, Sam Sloan's Home Page. Sam often writes about the virtues of his numerous Asian wives. Perhaps, I can get him to leave a comment on my blog?

Oh well, I'd better get back to the more serious task of informing the public on Fraud, Phishing and Financial Misdeeds.

Tuesday, December 27, 2005

NabloadU Steals Information Without a Keylogger

Here is an alert from the Panda Software site regarding a new Trojan (NabloadU) that is circulating. Apparently, it steals information without the use of a Keylogger, which seems to be a new development in the world of information theft.

Currently, the attacks target Spanish speakers, however as with anything new, it has the possibility of mutating into other attacks.

"12/26/05.- This new Trojan combines social engineering distribution through Messenger, and uses the techniques of spyware and phishing.Its target is online bank users in Spanish-speaking countries. Once it acquires the password, the Trojan attempts to send the email to its author.TruPrevent Technologies are able to detect and block Banker.bsx.

A new Trojan, Nabload.U, which is distributing itself through Messenger, has appeared a few hours ago. This Trojan downloads another Trojan, called Banker.bsx, which is currently the number one detected piece of malware from Panda’s ActiveScan. Its objective is to obtain the passwords of certain banks that it has stored in its code primarily from Spanish-speaking users.
The most unusual aspect of this Trojan is its ability to capture the information without the use of a traditional key logger. The user will be unaware that this is occurring. Banks that use virtual keyboards to avoid keyloggers won’t be protected from this Trojan.

Once the author has the keys, he can commit banking fraud with the accounts.

According to Luis Corrons, PandaLabs director: “This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks.”

This Trojan only captures the information from the addresses below:

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at"

For the full alert from Panda, please read: ORANGE ALERT: New Trojan that could steal online. banking passwords.

Monday, December 26, 2005

Scammers Posing as Victims?

Lately, we have seen a surge of fraudulent financial instruments circulated through the internet. Daily, there are alerts by the FDIC on counterfeit cashier checks (FDIC: Special Alerts) and other alerts on counterfeit postal money orders, counterfeit money orders in general and counterfeit Qchex items (checks mailed to your e-mail).

These counterfeit instruments are often (as you will see maybe not always) used to commit Advance fee fraud, where the goal is to get someone to wire money (normally overseas) after cashing one of these instruments. There are many versions of these scams and victims are harvested off of job, dating, auction and lottery sites.

Thus far, it seems that law enforcement has had little success in prosecuting these advance fee crimes because the people passing the fraud checks are considered victims and since the money is wired to some faraway locale, the senders are also hard to go after.

While there are millions of victims out there, we are starting to see the criminal element take advantage of a general apathy in prosecuting these crimes by posing as victims.

Here is a story out of Montana from the AP (Man admits depositing bad check), where a man opened an account with one of these checks, drained it and never wired the money back to Nigeria. In this story, the culprit admitted, he felt it was a scam and didn't really think the bank would honor the check.

I doubt if he communicated his concerns to the bank!

The key to spotting these counter-scams is that no wire transfer takes place. Even when a wire transfer takes place, the person passing these items is sometimes getting money for something they sold in addition to (normally) a "little extra" for negotiating the item. Another key-factor indicating collusion is when the passer suffers no personal financial liability for doing so. Many of these items are passed at institutions that cash checks for a fee, which include grocery stores and even Walmart.

These institutions often bear the initial and often final costs of accepting the item when the passer tells their collection department that they no longer have any of the money. Of course, maybe they are just claiming to no longer have the money?

I've recently seen evidence (sent to me by readers) in the form of e-mail correspondence that advance fee scammers are directing people to these establishments, partially because the banks are becoming wiser and these businesses often offer wire transfer services, also.

When these people collect a substantial amount of money, plus a "tip" and then claim they can't pay it back without being able to show money being wired; serious consideration should be given towards further investigation.

This is especially true in the case of auction scams. In most cases, the advance fee scammer isn't interested in the money and only the cash, which is wired to them. In theory, the auctioneer (who never sent the merchandise and cashed the check) could very well be laughing all the way to the bank. Some of these counter-scammers could doing this over and over again and if they are confronted, they cry "victim."

After all, most of the auction sites flash a warning about this type of scam when people are posting to sell something. It make one wonder how many people could be posing as a victim out there?

This leads me to believe that although we must protect the victims, we also need to take a hard line on those attempting to take financial advantage of the situation. The bottom line is that pretending to be a victim, or even attempting to pass an item that one suspects to be fraud makes the person making the fraud claim as guilty as the person, who sent it to them.

What is needed is more through screening of fraud claims, making it mandatory to produce evidence that money was wired and in cases (where the passer suffered no personal financial liability) that everything makes sense and they never received any financial gain from it. There should also be mandatory reporting of these incidents from which data bases could be created that would identify "repetitive victims." One of the reasons this activity continues to grow is the continuing lack of reporting and investigation when it occurs. In the long run, failure to get aggressive on this matter will only inspire more of it, which makes all of us victims.

Saturday, December 24, 2005

The Human Side of Fraud on the Internet

Ian Katz Business Writer for the Florida Sun Sentinel had this rather sad story of an individual victim of Advance fee fraud (419) that occurred on a dating site.

"For Gerri Tennenbaum, it was a "vulnerable moment" when she trusted someone she thought of as a friend. Now, the victim of an elaborate counterfeiting scheme, she might be out $9,200, her rental apartment and any hope of getting Hanukkah gifts for her two children. A divorced schoolteacher struggling to raise her 9- and 12-year-old boys -- both of whom are mildly autistic -- Tennenbaum was feeling frazzled in early November by eight days without electricity after Hurricane Wilma."

Another lonely and vulnerable victim harvested off a dating site by a cyber criminal in Nigeria, who was duped into cashing counterfeit money orders and wiring the money (Western Union) to Nigeria.

For the full story, please read; Chatroom 'friend' takes all mother has using online money-order scheme.

It is the individual in these crimes that suffers the most. The best defense against the cyberscum (cowards), who hide behind a keyboard and do this is to make people aware.

Here is a previous post, I did on Criminal Activity on Dating Sites.

The Economic and Financial Crimes Commission (EFCC) (Nigeria) goes after this type of activity in Nigeria and recently actually paid back some money to a few victims.

Romance Scam 419 Yahoo Group (US) is a good resource on dating scams and they are known to scam the scammers. Of course, if you are confronted with internet fraud, it is always best to report it to the authorities. In the U.S. you can do so at the Internet Crime Complaint Center (FBI).

As parting thought tonight, Merry Christmas and Happy Hannukkah. Protect the good people out there by passing the word to those who are unaware of the dangers that lurk on the internet.

Friday, December 23, 2005

How Safe Are We Really?

Millions of identities are stolen every year via data intrusions, organized malware attacks in the form of SPAM and even by simple "dumpster diving." There is no doubt a lot of this is organized by international criminal gangs, who seem to lack any morals and actively target the innocent and sometimes the most vulnerable members of society.

Here is an example of a recent prosecution, which illustrates how far reaching some of this activity is compliments of the U.S. State Department.

"A Guinean man convicted in February of operating a worldwide visa-fraud ring is going to prison for 10 years, the U.S. Immigration and Customs Enforcement (ICE) Agency announced December 21.

Abdulaziz Bah was sentenced at a U.S. District Court in Cedar Rapids, Iowa, as a result of his conviction on charges of possession of fraudulent documents and conspiracy to defraud the U.S. government.

This was a complex international scheme to defeat the border security of multiple nations. This fraud was exposed by the creativity and persistence of the ICE and Postal Inspection Service, said U.S. Attorney Charles W. Larson Sr. This elaborate fraud stretched from the far reaches of West Africa to the Central Plains of America.

The scheme in which both men were participants involved creating identities for impostors so that they appeared to be permanent residents, or green card holders, of the United States. The U.S. documents produced for the scheme were primarily permanent resident cards and Social Security cards. The conspirators also obtained high-quality counterfeit passports from African countries such as Guinea, Sierra Leone and Senegal.

The conspirators then filled out visa applications and mailed them, along with the fraudulent identity documents, to foreign consular offices located within the United States. The consular offices, believing the applicants were approved U.S. legal immigrants, issued visas and mailed them to U.S. addresses, including addresses in Cedar Rapids. In addition to Iowa, these visas were also mailed to: California, Connecticut, Maryland, Minnesota, Mississippi, Missouri, New York, Texas, and Washington D.C.

The conspirators then moved the visas and related false identity documents overseas, where unknown persons assumed the identities and traveled to the target countries for entry. The false identity documents seized by ICE investigators showed the main imposters were primarily males from various African countries between 16 and 45 years old."

ICE officials maintain this is the type of activity pursued by terrorists, and breaking the fraud ring has plugged a significant hole in international security."

For the full release, please read; Worldwide Visa-Fraud Conspirator Sentenced in United States.

If this activity is pursued not only by criminals, but also by terrorists, how safe are we really?

According to the release, this is the "result of an investigation launched by local ICE agents into an international visa fraud organization that allowed scores of unknown people to illegally enter as many as 23 countries worldwide using fraudulently obtained visitor's visas."

In one part of the release, it states terrorists pursue this activity and in another it states there are still scores of "unknown people" out there that have illegally entered as many as 23 countries. Could this mean that there might be terrorists out there in the scores of "unknown people?"

When they refer to terrorists pursuing this type of activity, we do have a precedent. The September 11 hijackers held fraudulent Virginia driver's licenses, which were obtained with other fake documents.

According to a document published five years ago, Illegal Immigration, 7 million illegal immigrants were in the United States and the number was growing. In order for these people to work, they need identification. With millions of fresh identities stolen yearly by organized criminal elements, we have a potential for disaster if terrorists can easily hide themselves in this activity.

Organized criminals already control the flow of illegal immigrants across borders and in fact, we already face a lot of criminal activity (some of it barbaric) as a result of this. Illegal immigrants are already known to be used in the drug trade, for prostitution and for "slave" labor in addition to committing financial crimes.

Here is the State Department's 2005 Report on the trafficking of humans.

This indicates the seriousness of "identity theft" crisis, we are facing daily and how it might tie into other issues in the news. The potential goes beyond mere financial crimes and poor refugees trying to make a better life for themselves.

Tuesday, December 20, 2005

More Cooperation Between Canada and the United States on Internet Fraud Issues

I've often commented on internet fraud becoming borderless and that the solution to defeat it is greater cooperation and teamwork. Here is an example of greater cooperation and teamwork between the United States and Canada.

In a press release issued by the "FTC, U.S. Attorneys, the FBI, the U.S. Postal Inspection Service, Canadian consumer protection officials, and three state Attorneys General today announced a law enforcement initiative targeting spammers who are cluttering consumers’ mail boxes with millions of illegal and unwanted e-mail messages. The FTC targeted three operations, the Canadian Competition Bureau settled two cases, and the Attorneys General of Florida, North Carolina, and Texas filed complaints seeking to block the illegal spamming of three more operations. U.S. federal criminal authorities have executed search warrants as part of this initiative.

For the full press release by the FTC, please read, Cross-border Law Enforcement Team Targets Spammers.

"Copies of the complaints are available from the FTC’s Web site at and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad."

In the not so recent past, a lot of internet fraud has been traced across the border to Canada. In particular, a lot of Advance fee fraud (419) type scams. Even though this is just a start (I would like to see these partnerships expand across more borders), it is hopefully where the future on prosecuting these crimes lies.

Saturday, December 17, 2005

eBay Needs to Protect Those that Line it's Pockets

The amount of fraud on auction sites has been steadily increasing and auctions are under attack by fraudsters, who use many methods to commit their financial misdeeds, or combinations thereof. Seller accounts are being taken over and users are victims of phishing scams. Counterfeit, recalled and stolen merchandise is routinely for sale AND fraudulent means of payment are being used to purchase items.

Does it seem like a "Scam Free for All?"

The BBC recently reported:

"Criminals are obtaining the secret passwords of eBay subscribers and using their sites to conduct bogus auctions for non-existent goods.

In a growing number of cases, would-be buyers on the UK's most used website are paying thousands of pounds to apparently reputable sellers after winning auctions on the site - only to find out they had been dealing with criminals."

eBay seems to prefer to blame phishing for the accounts being taken over and blames their users for falling for the scams. They are also blaming users for not having the proper security software on their systems, which leads to malicious software (mainly Keyloggers) being used to steal personal and financial information.

Amazingly enough, the report also states that it can take up to five days to shut down a site selling counterfeit goods and two months to provide information to law enforcement. This means (to me) that since these scams "rotate and mutate" every few days (often using stolen user information) that no one, or only the "stupid" are being caught. By the time (anyone who could do something) can obtain the necessary information, the criminals have moved on to a different identity and the process has to be started all over again.

For the entire story by the BBC, read eBay faces up to online fraud.

My message to the folks at eBay is that they better take a look at upgrading their "authentication systems" and hire some extra security staff. Blogs like mine and many others are trying to educate the very people, who are making them billions and they blame for allowing themselves to be scammed. eBay is no longer the only the only game out there and if they fail to protect those who line their pockets, they are likely to go elsewhere.

Here is a previous post, I did on eBay, XBox Latest Lure in Auction Scams .

Here is another post, I did (partially to educate eBay customers), The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

Strange Tales of Financial Wrongs

Doctors, Lawyers and other high income types getting paid for questionable items from FEMA, identities stolen from dead people and individuals being tricked into becoming "mules?" Here are some bizarre and odd stories being reported in the world of Fraud, Phishing and Financial Misdeeds.

The Sun Sentinel (South Florida) reports that "a FEMA (Federal Emergency Management Agency of the United States) program to reimburse applicants for generators and storm cleanup items has benefited middle- and upper-income Floridians the most and so far cost taxpayers more than $332 million for the past two hurricane seasons."

Here is a rather sad item reported in the story, which illustrates the insanity of this. "A Fort Lauderdale teen with serious medical problems had to insert catheters by candlelight when the Oct. 24 storm knocked out power. His family couldn't afford a generator."

The moral of this story is that if you are privileged and can afford to buy the "extras", the government will reimburse you for it. On the other hand, if you are poor and can't afford these "extras" you are out of luck. Although, not technically fraud if sanctioned by the government, it should be.

No wonder we have a deficit and even with the deficit, we as a society aren't helping those, who are the most deserving.

Here is the story, FEMA reimbursements mainly benefit higher income groups.

Helen Huntley of the Saint Petersburg Times reported that, "Florida's Attorney General Charlie Crist gathered law enforcement and government officials, retailers and bankers in Tampa to home in on the problem.

"I'm glad they're on the case, but that doesn't mean we can relax. It's still smart for all of us to do what we can to make sure our personal information doesn't end up in the wrong hands. Among other things, we need to be careful when we're using credit cards, which account for about a third of all Floridians' identity fraud complaints, or entering any personal information

But you may not have thought about protecting the dead, who can be easy targets because it may take weeks or months for financial institutions to find out about a death. Younger people's deaths may never be reported to credit bureaus or Social Security. Family members end up trying to straighten out the mess."

Stealing the identities of the dead is nothing new, but with Florida's large population of senior citizens, it apparently has become a major issue for them. Victimizing the dead and spouses of the "recently departed" is rather "ghoulish" and a good example of the complete lack of morals that the criminals involved in this activity have.

The Florida Attorney General's Office has a Web site ( theft) with helpful information.

For the full article with prevention tips, please read Death is no defense against ID theft.

Here is another interesting recent story being reported in New Zealand by Rob Stock.

"Don't be an ass - watch out for the mule scam.

That's the warning from police and banks as overseas internet criminals come up with new variations on their scheme.

Mule scams are a money laundering scheme in which scamsters who have stolen money from one New Zealander inveigle another into transferring it out of the country."

These scams are covered extensively by the World Privacy Forum, who also provides a lot of great information meant to inspire awareness.

Here is a recent post, I did on a similar subject, Secret Shoppers Scammed.

For the story by Rob Stock, go to: Tricky ways to lure mules.

Wednesday, December 14, 2005

Download Fake McAfee Patch and Become a Internet Fraud Victim

The culprits behind organized phishing attacks have no morals and will obviously use the good name of many an organization to dupe you into downloading cybernasties, (malicious software) on your system. Recently, they have used the names of the FBI, CIA, IRS and even Walmart in a variety of schemes, which are probably designed to steal personal, or financial information.

Here is their latest fraudulent scheme, which impersonates "McAfee." McAfee is a leading provider of security software for computer systems. The bottom line is, download the patch from this fraudulent site and become a internet fraud victim.

"Websense Security Labs has received reports of an email scam disguised as a patch for McAfee products. Users receive a spoofed email message instructing them to click on a link to immediately download and install a patch from McAfee. This patch claims to address a virus that does noexistit. The link in the email takes users to a fraudulent website, that appears to be the legitimate McAfee security site.

The patch hosted on this page is actually a Trojan downloader.

The malicious site is hosted in the United States and was online at the time of this alert."

For the full alert, along with screen shots: Fake McAfee Patch.

Here are some useful sites, where one can download legitimate security patches, courtesy of the SANS institute.

Mac OSX:
More info: and

For Decembers issue of the SANS "Ouch" newsletter, which includes a summary of recent major phishing attacks, click on the title of this post.

Monday, December 12, 2005

Walmart's Many Woes With Fraud Issues

Walmart has certainly been making their share of headlines in the fraud world lately. Just today, the good folks at Websense reported a phishing attack using their name. As reported in the alert from Websense:

"Websense Security Labs has received reports of a new phishing attack that targets customers of Wal-Mart. Users receive an email message, written in HTML, claiming that their Wal-Mart logon account has been compromised. The message reminds users that the terms and conditions of their account require that it be under control at all times. The email message also states that the parties connected to the account have been involved in money laundering activities, illegal drugs, and various Federal Title 18 violations.

When users click the link within the email, they are directed to a fraudulent website, which is hosted in the United States and was up at the time of this alert. The fraudulent site first requests the users' logon ID for and then requests their credit card information and other personal identity specifics.

This site has hosted phishing attacks for other targets in the past. As you can see, this message was mistakenly titled "Bank of the West."

As Christmas nears we expect further ecommerce-related fraudulent activity."

To view the full alert, along with screen shots go to: WSLabs, Phishing Alert: Wal-Mart.

Recently, a credit card breach was traced to the gas stations at Sam's Club, which is owned by Walmart. Here is the story as reported by Syracruse's own NewsChannel 9 WSYR - Sam's Club Credit Card Breach.

Here is a story by the Tampa Tribune about some who had a less than pleasant check cashing experience with them: Wal-Mart Accused Of Racism.

Of course, Fraud, Phishing and Financial Misdeeds ran this post about counterfeit Travelers Express Money Orders: Counterfeit (MoneyGram) Travelers Express Money Orders. Another woe for Walmart, as many of the counterfeit items bear their logo.

Walmart is the largest retailer in the world and because of this they are probably targeted by the fraudster community. For this, I feel sorry for them; however in the case of them being accused of racism, the actions of their employees bear scrutiny. Investigative actions need to be based upon facts and not determined by the way someone looks.

Perhaps, there is something to be said about Karma.

Sunday, December 11, 2005

$100 Million Dollar Fraud Stopped Dead in it's Tracks

Lately, the news in the fraud arena hasn't been very positive. This next story is "Chicken Soup for the Soul." Here is a breaking story by Judy Nichols of the Arizona Republic involving PBI (Prime Bank Instrument Fraud) and a tip that led to stopping $100 million in fraud.

According to the article, this scam "involves attracting investors to a fund that would tap into a supposedly secret market for the world's prime banks, a market in which billions are said to trade daily for huge, guaranteed profits. In one subset of PBI fraud, designed to also put financial institutions at risk, the scammers quickly move the money from one financial institution to another, from bank to brokerage house, in this country and overseas, all the while telling weird stories about its origin and leaving fishy documents in their wake."

Cameron Holmes, head of the financial remedies section at the Arizona Attorney General's Office received a tip involving $100 million being moved around the world, allegedly backed by a gold mine worth $152 billion.

The total amount of gold mined in Arizona since statehood represents less than $8 billion.

Holmes moved quickly and issued subpoenas to several financial institutions and after interviewing employees was able to track the money and freeze it.

The victims in this can be both the investors, who fall for this scam, as well as the financial institutions, who can be held liable for it when they are charged with not exercising "reasonable care" or due diligence on all the transactions associated with it.

This is certainly an interesting case and Cameron Holmes and the Arizona Attorney General's office should be commended for acting so quickly and effectively. All too often (in more sophisticated scams) by the time they are reacted to, the money is long gone and the victims are left holding the proverbial bag.

For the full story in the Arizona Republic, go to: Fast work in Arizona halts fraud, freezes $100. million.

Here are some tips, I found in a DOJ document on PBI Fraud, January 6, 2000 Mr. Joshua R. Hochberg United States Department of Justice Chief, Fraud Section P.O. Box 28188 :

Don't expect to get rich quick.

Don't assume that your on-line computer service polices its investment bulletin

Don't buy thinly-traded, little known stocks strictly on the basis of on-line hype.

Don't act on the advice of a person who hides his or her identity.

Don't get suckered by claims about "inside information" including pending news releases, contract announcements and products.

Don't assume that just because someone says that they have checked something
out that they have actually done so.

Call your state or provincial securities agency when you suspect a scam.

As with most fraud of a financial nature, much of this is easily spread through the internet. Like all the various scams this one starts with the premise of "something that is too good to be true." The best remedy in these scams is awareness is to "let the buyer beware."

Saturday, December 10, 2005

Should We Consider Nazis Potential Terrorists?

The Sober Worm, which was attached to phony e-mails from the FBI and CIA is making a comeback. According to the Washington Post-"The junk traffic generated by Sober has bogged down e-mail systems at some of the nation's largest Internet service providers. For several days last week, subscribers of Microsoft Corp.'s Hotmail and MSN e-mail services experienced long delays in receiving new messages as the company struggled to filter out Sober-generated traffic."

The article also reports that the Sober Worm is the most extensive attack to date and has generated twice the number of quarantined e-mails as the Mydoom Worm (it's closest competitor) did. For the full story by the Washington Post, please read, Sober.X worm makes return.

Meanwhile, "iDefense, cyber security intelligence provider and VeriSign company (Nasdaq: VRSN), reports that the next planned attack of 2005's most prolific e-mail worm family, Sober, is scheduled to start on Jan. 5, 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the founding of the Nazi party. Additionally, the attack could have a significantly detrimental effect on Internet traffic, as e-mail servers are flooded with politically motivated spam e-mails from potentially tens of millions of e-mail addresses.

In addition to the Nazi party anniversary, the Jan. 5 trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day, Jan. 6. In the past, VeriSign iDefense Security Intelligence Services has seen mass distribution of propaganda timed with political events to increase the worm's notoriety, and help to further circulate it.

In another interesting story this week, the FBI (Louis Reigel, Assistant Director, Cybercrime) is reassuring the public that they believe the originator(s) of the Sober Worm will be caught and that he isn't aware of any major risk by cyberattack from terrorists. Here is the press release on the FBI website, FBI Exec on Cyber Crime.

Meanwhile, Valerie McNiven (who advises the U.S. Treasury in cybercrime) made the statement that the profits from cybercrime have exceeded those of the drug trade. Here is CNet's version of the story, Cybercrime yields more cash than drugs. I hear that other experts are disputing this, but then again, hows does one come to an exact figure? Pretty sure, the people involved in these criminal enterprises don't publish their financial portfolios and make every attempt to conceal where the money is coming from.

Terrorists, organized criminals and now possibly Neo-Nazis seem to be in the mix and according to the FBI, all is well. To my knowledge, the CIA hasn't commented, but they normally don't, at least to the general public. My question is should we Neo-Nazis consider Terrorists?

If Neo Nazis might be terrorists, Sober is the most prolific attack to date and the person(s) behind it are openly mocking both the CIA and FBI (among others) by impersonating them, I fear everything isn't is as well as is being stated.

Terrorism, according to Wikipedia, is the unconventional use of violence for political gain. It is a strategy of using coordinated attacks that fall outside the laws of war commonly understood to represent the bounds of conventional warfare (see also unconventional warfare).

"Terrorist attacks" are usually characterized as "indiscriminate," "targeting of civilians," or executed "with disregard" for human life. The term "terrorism" is often used to assert that the political violence of an enemy is immoral, wanton, and unjustified.

According to definition of terrorism typically used by states, academics, counter-terrorism experts, and non-governmental organizations, "terrorists" are actors who don't belong to any recognized armed forces, or who don't adhere to their rules, and who are therefore regarded as "rogue actors".

Could Neo Nazis be the culprits behind the Sober Worm? To meet the definition of terrorisim (above) there needs to be violence. Sending out malware doesn't meet this standard. On the other hand, Neo Nazis have been associated with violence and often preach it against anyone, who doesn't subscribe to their warped ideals. All one would have to remember is the horror their forefathers (Nazis) unleashed upon the world during the Holocaust.

All things considered, Neo Nazis could be terrorists and probably are capable of committing terrorist acts. According to CourtTV, Timothy McVeigh: The Oklahoma Bomber was a fan of: "The Turner Diaries written by former American Nazi Party honcho William L. Pierce, under the pen name Andrew Macdonald. Its hero responds to gun control by making a truck bomb and blowing up the Washington FBI Building."

According to an article in Wikipedia: "Some investigators contend that Timothy McVeigh and his accomplice Terry Nichols had ties to Islamic terrorism through Ramzi Yousef, a militant who planned the 1993 WTC Bombing, and through a series of meetings with Islamic terror group Abu Sayyaf members in the Philippines. Others suggest he had ties to a radical Christian Identity group call Elohim City near Muldrow, Oklahoma."

I'm certain not everyone will agree with me, but cyber attacks seem to be steadily increasing in scope and technological sophistication. There is mounting evidence that organized criminals, terrorists and now Neo Nazis are using computer technology to further their political and financial agendas. In my humble opinion, we can no longer afford to ignore a problem that threatens the entire world.

Whether we call them fanatics, terrorists, or common criminals, these people threaten the well being of society at large and in the end, our freedom. The time to decide we won't tolerate this is now!

Thursday, December 08, 2005

Seventy Percent of the Population Unable to Recognize a Phishing Scam

Twenty five percent of us will receive a phishing attack aimed at stealing our identity and or financial information every month, according to the AOL/National Cyber Security Alliance (NCSA) Online Safety Study. Also discovered in this survey is that about seventy percent of us, who receive these phishing e-mails won't be able to identify them as a scam.

According to my friends at Wikipedia, "phishing is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords."

The activity is also becoming more sophisticated and these e-mails often inject malware (malicious software) on systems, which can automatically capture personal information via Keyloggers. Keyloggers automatically record "keystrokes" (including passwords, account information etc.) and sends them back to the cyber criminal responsible for putting the software on someone's system.

For those of us, who are unfamiliar with phishing scams, which are getting more sophisticated all the time, a great place to learn how to protect yourself is Stay Safe Online, or the National Cyber Security Alliance.

Phishing designed to steal personal information is a rapidly growing enterprise and with internet access and computers becoming more readily available (cheaper), there are a growing number of victims. Nine million people in the United States fall victim to having their identities stolen (every year) according to the government!

There is also a lot of information on this blog designed to provide resources (often free) on how to avoid becoming a victim of internet scams. Phishing is a subject, I have covered extensively and the blog can be "searched" by "keyword" at the top.

Another great resource to learn about the dangers of identity theft and what to do if one becomes a victim is the Federal Trade Commission: ID Theft website, courtesy of the FTC.

With the holiday season upon us, it is traditional to share goodwill. If seventy percent of us are unaware of the potential dangers of phishing, take a moment and help educate someone you care about. Think about it, if everyone in the world did this, we would protect the innocent and deal a severe blow against the immoral cyberscum, who ruin people's lives for their own gain.

Wednesday, December 07, 2005

Russian Gang Members Busted at Circuit City

In my last post, High Tech Theft Not the Only Loss Category Rising, I discussed a retail theft survey, which deducted that an increase in shoplifting losses was attributable to organized gang activity. I noted that the loss categories mentioned in the press release from the survey failed to include fraud (check and credit) and e-commerce fraud. These are also areas that seemed to be consistently targeted by organized activity and have the ability to impact the profitability of the retail industry.

Here is an interesting story from WOOD TV in Grand Rapids Michigan, which shows how organized activity is impacting retailers in other ways besides shoplifting.

WOOD TV reported, "It appears the suspects were hitting stores across the state, particularly Circuit City and Best Buy. The Muskegon County prosecutor tells 24 Hour News 8 two men were arrested with more than $10,000 worth of electronics in their possession after providing stolen identification at a local home electronics store."

When arrested, the alleged low level Russian gang members were in possession of $10,000.00 worth of merchandise and there are ties to numerous other thefts from Best Buy and Circuit City.

In this scam, high-end electronic merchandise would be ordered over the internet using fraudulent credit cards. Individuals would then appear at the stores to pick up the merchandise using fake identification.

I'm assuming that when arrested they merely had the merchandise from one haul. According to the local authorities the merchandise was going to be shipped overseas to Holland. WOOD TV also reported, there were other indicators that this is a very organized operation.

"Authorities confiscated a global positioning device to help navigate fast getaways and map out the next hit.

Authorities believe the two men are part of a sophisticated Russian organized crime ring after discovering high-tech items and cell phones in their van. The high-tech devices are capable of altering magnetic strips on credit cards.

The phone was ringing throughout our proceedings from a variety of individuals speaking Russian, also with code names including Godfather.

The investigation is now spreading to other sites after authorities traced stolen credit cards "including Illinois, Indiana, Arizona, Colorado," Tague says. "So we're certainly seeing contacts throughout the country in terms of ID theft and contacts with this organization."

For the full story from WOOD TV go to: Nationwide identity theft ring busted in Muskegon. County.

It would be pretty hard to shoplift a van full of big screen televisions.

My recommendation to those implementing security strategy for the retail industry is that while they need to continue to monitor employee theft, shoplifting, vendor theft and administrative errors; ignoring the increases in fraud fueled by technology and the internet could be deadly to the profitability of the industry as a whole.

For my previous post regarding the retail survey, click on the title of this one.

High Tech Theft Not the Only Loss Category Rising

Internet Fraud has been increasing substantially, however more old-fashioned means of theft, such as "shoplifting" seem to be on the rise, also.

A press release from ADT Security Services reports that a survey conducted by Richard Hollinger Ph.D (University of Florida) is showing increases in theft from retailers.

Here is a comment from ADT on the survey, "Rex Gillette, vice president of retail national accounts for ADT, said the survey shows retailers are spending more to combat retail theft." ADT, who sponsored the grant to conduct this study, is one the major vendors that provides technology based solutions to combat retail theft.

The survey states that although employee theft is down, it is still the number one retail theft category. Other categories mentioned in the survey include, "shoplifting, vendor fraud and administrative error -- cost the nation's retailers close to $31 billion last year."

According to the survey, the increase in shoplifting activity is due to organized gang activity. To quote the survey, "Hollinger attributed the increase to a new form of shoplifting called organized retail crime, which involves shoplifting gangs working as a team to steal large quantities of merchandise quickly."

I was involved in taking a look at this new phenomenon about ten years ago for a major retailer and organized shoplifting gangs were pretty prevalent then. If it was prevalent ten years ago, either the activity has substantially increased, or organized activity isn't as new as some might think.

The press release on the survey doesn't seem to mention losses in fraud categories, such as check and credit, nor does it seem to address mention in the e-commerce sector. The e-commerce sector is growing rapidly and many traditional retailers are becoming heavily involved in it. There is no doubt that money lost in these categories impact retailers, also.

I have been unable to view this survey. There was some mention of fraud in the last one, although it was only covered briefly. Nonetheless, the press release for this one fails to mention it at all and with the increases in crime fueled by technology, it seems logical the financial impact on retailers should be going up.

Although, I'm sure the survey is based on statistical analysis, there are difficulties in assigning dollar lost to theft (by category) in the retail industry. Most retailers conduct physical inventory once, or twice a year. It is extremely difficult six months to a year later to determine how inventory disappeared and it would be interesting to see how the survey assigned the dollar amounts to a specific loss category.

So far as measuring the amount of money lost in the fraud categories, many companies only measure known fraud (verified). The rest of the monetary amount is sometimes buried in another accounting category, which is known as "bad debt." For instance, a fraudster opens a credit account with a dead person's identification (or someone who is never reached by a collections department), charges the account to it's maximum potential and then disappears. Because the activity was unable to be verified as fraud, it is written off as bad debt. This problem can be extended to all types of financial fraud categories. The amount of fraud buried on credit reports and company accounts classified as "bad debt" cannot be accurately calculated and is probably substantial.

I have no doubt (given current theft trends) that this activity is on the rise. Retail theft, whether high, or low tech impacts us all (via higher prices) and any analysis of how to prevent it is valuable. The retail industry is taking these problems seriously and attempting to deal with them because of the negative effect it has on their overall profitability.

On a personal level, I am a advocate of a more holistic approach to fighting losses that are prevalent in the world of business. In my opinion, there is an opportunity for loss prevention, computer security and fraud experts to combine forces against organized activity in general.

In fact, I highly suspect that many of the organized gangs are involved in all of the categories mentioned and don't discriminate on types of activity. They simply go where they can steal the most money.

For the full press release, go to: Annual Retail Security Survey Shows Shoplifting on the Rise.

I have written other posts on organized criminal activity, should anyone be interested:

The Consolidation of Organized Criminal Activity
Organized Fraud Gangs
Fraud Gangs Plant Insiders

Monday, December 05, 2005

Malicious Code Used to Redirect Banking Customers to Fraud Sites

Here is an interesting, but scary scam being reported by the good folks at Websense. Malicious code is being put on systems that appends to the "Window hosts file" and redirects users from their financial institution to a phishing site where their log information is stolen.

"Websense® Security Labs™ has observed an increase in phishing attacks that use modifications to the Windows hosts file to deceive users. Various exploits and social engineering tricks are used to execute malicious code that appends several entries to the Windows hosts file. These entries redirect traffic from the legitimate web addresses of several banks to the IP address of a phishing site created by the attacker. The next time the user attempts to visit one of the targeted banks, they are instead redirected to arrive at a phishing site. However, the web address shown in the browser's address bar appears to be the correct address. The logon information of the unsuspecting user is captured, as they attempt to access the site.

The example shown below targets four banks: HSBC Brazil, Banco Itau, Banco Banespa, and Bradesco. The phishing sites used in this attack are hosted in California and were online at the time of this alert."

For the full alert, along with screen shots, please read, Traffic Redirection on the Websense home page.

The alert isn't specific how the malicious code is being executed, but my guess would be via e-mail attachments. This is a new (pretty scary) twist, especially if the web address appears to be correct. Watching web addresses is a basic for those of us, who are on the look out for phishing scams. I plan to follow this carefully and will publish any additional information as it becomes available.

Until then, this is a testament to keeping your protection software up to date!

Sunday, December 04, 2005

XBox Latest Lure in Auction Scams

When anything is hot, such as Microsoft's new XBox, it is best to "let the buyer beware." Todd Bishop of the Seattle Post-Intelligencer is reporting is auction customers on eBay are being tricked into buying empty boxes that once contained the XBox and even pictures of the XBox.

According to the article:

"Capitalizing on shortages of Microsoft's new video-game console, several people have attracted bids as high as $600 or more on eBay this week by offering Xbox 360 boxes -- just empty boxes -- in ways that made it seem, without reading closely, that the items for sale were actually consoles.

The common approach: Acknowledging that the item was merely a box, but surrounding that disclosure with so many pictures and descriptions of the real console and accessories that someone merely skimming the listings might not notice."

For the full story by Todd Bishop go to, Xbox bidders warned to beware Phony auctions are offering the box -- no console, just the box.

In a recent post, I did I wrote, "Many of us will use an increasingly popular method of shopping, which are auction sites. A lot of people have become victims on these sites and e-Bay is the largest player. I prefer the warning information on CraigsList. Craig Newmark (allegedly himself) put this together, "cashier check & wire transfer scams and avoid recalled items. Craigslist gets 3 billion page views a month and although they do charge for certain things (rarely), most of it is free. Furthermore, Craigs provides not only an auction site, but a lot of resources to help people, which again are mostly free."

To read this post, which I put together as a "best practices" resource to avoid fraud during the holiday season, go to, The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

The bottom line is that auction sites, although immensely popular, have attracted a lot of fraud and many a person has become a victim. With more and more people gaining access to the internet, we can expect a this to be a growing trend. These scams always start with, "something that is too good to be true" and the best defense is to "let the buyer beware."

I've received a lot of information on auction scams via readers. If you happen to see something new, please feel free to drop me a line at

You can also read more on auction fraud by searching keyword "auction fraud" in the search box at the top of this page.

Friday, December 02, 2005

The Fourth Quarter

In a lot of games, the fourth quarter can be critical. In the business world, the fourth quarter is so critical that it can dictate the financial stability, or ruin of many businesses. Quite simply, the holiday season, (fourth quarter) is when businesses either make their yearly goals, or don't. To add to this pressure, the level of fraudulent activity increases, having the potential to directly impact the success of the season, whether referring to a entire organization, or an individual human being.

There are some alarming trends to consider this year and in the future.

This time of year has always been known for increases in fraud, but increasingly it seems to becoming more and more "internet based" and organized. I've written about this in the past. Yesterday, I read an interesting article by Jack Germain entitled, The Real-Life Internet Sopranos that illustrates this growing danger.

In his well researched article, which quotes a lot of security experts, he writes, "Welcome to the age of the Internet gangster. Gone are the days when young computer nerds sat alone in their rooms figuring out how to break in to their schools' computer systems to change grades. Also fading into nostalgia are the times when hackers teamed up with small-time hoods to pull off credit-card scams that victimized local banks.

The days of spammers, phishers, and identity thieves -- the typical culprits of today's online crime stories -- are upon us. These criminals have created their own syndicates to invade your computers and crack your company's network security."

In fact, it seems that internet crime is becoming more profitable than the narcotics trade, Cybercrime yields more cash than drugs: expert - Yahoo! News. In this article by Souhail Karam, he quoted an advisor on cybercrime to the U.S. Treasury Department, Valerie McGiven; "No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy."

"Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion."

A glaring example of the increase in potential risks is the IRS phishing attack that surfaced this week, following recent phishing attacks from the FBI and CIA that went worldwide (Fake IRS E-Mail Scam Goes Phishing). There is even mounting evidence that national security is being compromised by rogue governments, which I wrote about it my last post, US Military Hacked, Sober Worm Goes Worldwide, What Next? The cyberscum element, which I prefer to refer to them as, seems to be getting bolder and even mocking government institutions.

To a simple person, like me, who is merely an observer in the big picture, it does seem like the fourth quarter of a crucial game where my team is losing. Trusted government entities are being mocked and the criminal element is becoming more organized, taking advantage of weak laws and the far reaches of the internet. Until those who are in power start to realize the global magnitude of this problem and allocate sufficient resources to battle it, I'm afraid we will continue to see this problem grow.

Of course now is not the time to give up hope and the key is to continue to raise awareness and prevent the common person (all of us) from becoming another statistic in the growing number of victims from internet crime. Knowledge is key and awareness can defeat most of the scams that seem to face us, daily.