Tuesday, February 28, 2006

eBay Claims Fraud Isn't a Major Problem

eBay and tales of fraud have been surfacing on the internet. (Computing Which?) was one of the magazines, who published one of these stories and eBay is responding to it:

Here part of their response to this article, as written in a recent E-Commerce article:

"eBay, however, said the magazine failed to distinguish between actual eBay sales and sales made outside of the eBay community by buyers and sellers who find one another on the site. The eBay user pages clearly warn against such sales, which happen outside of the protections of the community, such as the right of users to complain when a sale isn't completed or to stop payment when eBay's PayPal is used to consummate a purchase."

Here is the full response by eBay as published in the E-Commerce article:

EBay Disputes Report of Rampant Fraud

I have written numerous posts about fraud on eBay and have discovered that there are a lot of pretty upset customers, who have become victims of internet fraud.

These posts can be found by keyword "eBay" at the top of this page.

There is no doubt that eBay does work with law enforcement, but even they have even been quoted as saying that the information takes too long to get in order to be effective.

eBay and PayPal AND their customers have long been the target of phishing attacks, which lead to account takeovers and further criminal activity. The site is also used to sell a lot of counterfeit merchandise and reports abound of junk being sold via the site.

They argue that they do a lot to prevent fraud on their site, but as I have said, there are still a lot of victims being created, daily.

Perhaps, the answer is to spend a little of the money created by their growth on security, which should include a zero tolerance policy towards fraud. This should include a greater emphasis on creating awareness and apprehending those, who regularly use their business platform to commit fraud.

The very fact that the article from E-Commerce quotes them as saying their business continues to grow indicates that there is money to provide a safer environment for their customers.

If they were a normal retail operation and people were getting robbed when shopping inside their establishment, it wouldn't be long before they enhanced their security to provide a safe shopping environment. IF they failed to do this, they would suffer a loss of business AND or litigation.

Although, the four walls of the internet are slightly larger, the same principle should apply.

Sunday, February 26, 2006

Stealing Data Shouldn't be so Darned Easy

Ernst and Young, the accounting giant, can now join the growing list of companies that have lost sensitive and personal data via simple property theft.

In this breaking story by Ashlee Vance of the Register: Ernst & Young fails to disclose high-profile security breach, laptops were left unsecured and they promptly disappeared.

The Privacy Rights Clearinghouse tracks data breaches: A Chronology of Data Breaches Since the ChoicePoint Incident. If you look at the reasons, stolen computers seem to be a recurring theme.

Credant Technologies did a scary survey back in October, which stated:

"Everyone knows to guard their devices when they're traveling, but the results we found about the office were quite shocking," said Bob Heard, CREDANT Technologies CEO. "What we discovered were corporate environments that are careless and even reckless with laptops, many of which contain crucial company and personal data. And the ease with which these laptops are being stolen in the workplace is stunning."

Here is the full survey from Credant:

Survey Says ... Guard That Laptop at the Office!

Technology has made all of our lives a lot easier, however it has also exposed us to a growing crime wave. In addition to using "technology" to develop countermeasures, perhaps a little common sense should be added to the equation.

It shouldn't be so easy to commit a major breach of sensitive information!

California Continues to Lead the Fight in Terminating Identity Theft

California AND it's leaders have been instrumental in leading the way for legislation to protect it's citizens from identity theft. Interestingly enough, in a political world dictated by party ties, this effort has truly been a bipartisan effort.

SB 1386, which was the first law passed, requires disclosure of data breaches for any corporation doing business in California. This law has been credited with inspiring other laws throughout the United States and Senator Diane Feinstein is one of the sponsors of a similar bill before Congress, S 1789.

Unfortunately, this law is currently awaiting action in "committee."

This week, Governor Schwarzenegger, opened the second annual Identity Theft Summit:

02/23 - Schwarzenegger Opens Identity Theft Summit

Here is a list of California Identity Theft Laws, courtesy of the Privacy Rights Clearinghouse.

I did a previous post on Terminating Identity Theft in California, which illustrates the teamwork of California's leaders in battling this growing epidemic. Hopefully other "leaders" will follow the example and pass the necessary legislation to combat this problem on both a national and international basis.

Saturday, February 25, 2006

eBay Fraud Buster

A New Jersey Police Officer, Steve Klink, bought a pair of speakers on eBay that turned out to be junk. He turned to eBay for help and like many a unsatisfied customer turning to the auction giant, received little to none.

Taking matters into his own hands he started a website, ebayersthatsuck.com and the seller did refund his money. But it didn't stop there AND being a "civic minded" individual, Steve continued the site.

Quite simply, he realized that there were a lot of eBay victims out there and that the site might help others.

The site is interactive and members can search for eBay fraudsters and help others by publishing their own tales of eBay misdeeds.

Here is their vision in their own words:

"At Ebayers That Suck we know what it's like to get screwed at on-line auctions. Once screwed you are limited to 80 characters, basically one sentence to tell your story. At Ebayers That Suck we provide you with up to one full page of web space plus pictures to tell your tale. "

"So next time you deal with a swindler and don't want to leave negative feedback for fear of retaliation, post them here. You will get the last laugh when they are officially branded with our puke green " you suck" logo and the on-line auction world can see what a deadbeat they really are. "

In conjunction with the site, Steve has written a book, Dawn Of The eBay Deadbeats Available on Amazon.com.

There is also a link on the site, where people can sign up for class action law suit against eBay.

eBay seems to be attracting a lot of litigation and Tiffanys recently filed against them for selling counterfeit merchandise. The eBay Fraud Group is also talking about trying to get a class action law suit started.

There are a growing number of eBay customers becoming ANGRY and speaking their mind. I've written a number of posts about this, which can be found by searching this blog by keyword "eBay" at the top of the page.

eBay, who continues to make record profits better wake up and realize that it was their customer, who made them successful, or suffer the consequences.

Tuesday, February 21, 2006

Another 27,000 People's Identities are Compromised

Last year, the Privacy Rights Clearinghouse compiled a list of data breaches. The list estimates that over 53 million identities have been compromised in the recent past. Of course, this doesn't include the more recent compromises, such as the Boston Journal (202,000 compromised) and the Northern California debit card fiasco (200,000 compromised).

Here is the list of data breaches:

A Chronology of Data Breaches Since the ChoicePoint Incident

It also doesn't include another probability, which is that there are data breaches that were never detected, or not reported.

With the overall number of people compromised, 27,000 people seems small in comparison, but for every person compromised, there is a potential victim.

The Jacksonville Business Journal is reporting:

The names and social security numbers of 27,000 former and current Blue Cross and Blue Shield of Florida Inc. employees were illegally downloaded by a contract employee to his home computer, a company spokesperson said.

The FBI and U.S. Attorney's Office are conducting a joint investigation, said Lisa Acheson Luther, a spokeswoman with Blue Cross. No customer information was involved and there is no evidence the information went any further than the home computer.

Here is the full story:

Vendor downloads Blue Cross employee info

The Federal Trade Commission testified last June on Data Breaches and Identity Theft. This testimony highlighted the concerns with the number of data breaches being revealed in the past couple of years and suggested action.

In February, Senator Dianne Feinstein issued a document calling for Federal legislation:

Statement of Senator Dianne Feinstein On the Need for Federal Identity Theft Legislation

Senator Feinstein joined Senator Arlen Specter (PA), Senator Russell Feingold (WI) and Senator Patrick Leahy (VT) in sponsoring S789, which is a federal bill addressing the issue of data breaches and it's ultimate consequences, such as "identity theft." Here is a bill summary.

This bill is currently on the Senate Legislative Calendar awaiting action.

If you are interested in writing your representatives to inquire when this legislation will be taken for action, here is a link where you can find their information to do so:


It's a sad commentary that in the global sense, 27,000 people compromised is a mere drop in the bucket. HOWEVER, I have to be certain that anyone who has suffered their identity being stolen, sees it on a much more personal level AND with the number of people compromised, the question is who will be next.

Monday, February 20, 2006

Debit Cards Are the Criminal's Preferred Method of Payment

Hidden Camera on ATM

When the debit card breach hit the news involving Bank of America, Washington Mutual, Wells Fargo and Office Max, several stories referenced ATM skimming.

In the Northern California Breach, the card numbers were used in signature transactions versus PIN (Personal identification number) transactions. When ATM skimming is accomplished, the criminals steal not only the card number, but the PIN, also.

They are then able to use the card at any ATM.

Automatic teller machine (ATM) skimming is accomplished by attaching devices to existing ATM Machines, or via the use of hidden cameras/encoding devices in retailers that accept ATM transactions.

ATM skimming has been prevalent overseas for a few years, but is starting to show up in North America. Recently, skimming devices have been discovered on ATM machines in California, Oregon and Washington. This is why the two activities are probably being compared.

Awhile back, I did a post: ATM Machines That Clone Your Card. Included are some handy pictures of what a machine looks like after it has been compromised and tips on how to avoid becoming a victim.

There are similarities to both activities, but there are differences, also.
As I said earlier, the Northern California breach has consisted of the card numbers being used in "signature" transactions AND the victims are all from Northern California. Additionally, the authorities and Visa/Mastercard have confirmed the point of compromise as being a major retailer, reported as possibly being Office Max.
In the Northern California case, everything points to an entire database being hacked.

In the "ATM Skimming" cases, devices are being attached to existing ATM machines, which not only record the card numbers, but PIN numbers, also. The victims in the recent cases seem to span the entire West coast.

Interestingly enough, a few months ago, I did a post, which noted ATM skimming activity on the East coast:

Get a Quick $20.00 and GO BROKE!
One FBI source has already been quoted that this activity could be the work of Russian Organized Crime. Here is an interesting document from the California Attorney General, which although is slightly dated, describes how they operate.
The best way to avoid becoming a victim of ATM skimming is to always cover your PIN when entering it. We might not be able to control, whether or not, a major company is breached, but we can control our own actions when using an ATM.

Sunday, February 19, 2006

Cyber Criminals Love a Lack of Communication

Robert Mueller (FBI Director), while addressing the 15th Annual RSA Conference San Jose, California called for greater cooperation between business sector and law enforcement to combat cyber crime throughout the world.

In his speech Director Mueller stated:

"Cyber space has been likened to the Wild West—an open and largely unprotected frontier with seemingly limitless opportunities. Like any new frontier, there will be those who seek to stake their claims, whether by legal or illegal means. And like the outlaws of the Wild West, the outlaws of this new world operate without boundaries and without barriers. They are moving as fast and as far as the technology will take them."

Recently, I've noted that the FBI is taking a very proactive approach to what I call "borderless crime." They have accomplished this by creating strategic partnerships within the law enforcement and business communities, as well as, reaching out to the public.

BUT what about the boundaries created in the business world, which is the frequent target of this criminal activity?

In the corporate world, sharing information with the competition isn't the way companies operate. In fact, they often do anything and everything to keep their information within the boundaries of the corporation.

The corporate world needs to break down their jurisdictional boundaries in the same manner law enforcement is. The criminal element is taking advantage of the lack of communication and simply moves on to the next corporate victim, who is unaware of the threat.

We could even take this down to the individual level. All too often, individuals, who see, or have become a victim of this activity, fail to report it. Their excuse is that nothing will be done about it, or they simply don't want to take the time.

In the past couple of years, we have made tremendous strides towards this (awareness sharing), but criminal activity keeps increasing and we need to keep breaking down the boundaries.

Cyber Criminals have long thrived on a lack of communication, which inspires the most effective tool against them, "awareness." Failing to report items, or keeping what happened secret does nothing, but further their cause.

Greater cooperation between law enforcement, the corporate world and the individual will only serve the common good for ALL.

You can report crime (electronically) to the FBI by clicking on the title of this post.

Saturday, February 18, 2006

eBay's Fraud Hall of Shame

eBay's revenue continues to grow AND despite a growing number of victims, they seem to be blame everyone, but themselves. I recently wrote a post: How Much Fraud Can eBay's Customers Endure? There are some pretty good descriptions (with references) on this post about all of the various forms of fraud found on eBay.

Fraudulent forms of payment, Advance fee fraud (419) scams, phishing and account takeovers are common. Counterfeit merchandise and misleading ads abound on the site and by the time there is any response by eBay, the damage is often done.

So far as misleading ads, here is a post, I did during the Christmas Season: XBox Latest Lure in Auction Scams. People were tricked into buying the box, versus the contents by ads, which were written in a deceptive manner.

Yahoo's Group, eBayFraud is trying to do something about it. In their own words, here is what they are working towards accomplishing:

"This Group is designed to share information regarding fraud on eBay, including law enforcement, legal proceedings, reimbursement and fraud prevention. Members are welcome to post links, files, databases and messages that are relevant to this topic. You can also use the chat function for more direct communication."

I was recently contacted by them and asked to help publicize their efforts.

Here from the site is a compilation of articles about the fraud problem on eBay. Essentially, this is eBay's Fraud Hall of Shame:

Department of Homeland Security and NCSA 2006 Emerging Internet Threat List

This tidbit, is from www.staysafeonline.org:


Authorities unable to track most money lost to alleged eBay scam

On 2/9/06, Chris W. Colby of www.naplesnews.com wrote this:

Authorities are unable to track lost money to alleged eBay scam

Seeing Fakes, Angry Traders Confront Ebay

1/29/06 Katie Hafner of www.nytimes.com, wrote:


Warrants for Arrest Issued in eBay Scam Case

On 1/26/06, a press release from www.colliersheriff.org, stated:


2005 Fraud Trends: Consumers Being Hounded by Internet and Telemarketing Scams

1/19/06, NCL News, wrote:


2005 Fraud Trends: Official Report


Consumers Question eBay's Security

On 12/20/05, Martin H. Bosworth of www.consumeraffairs.com, wrote:


eBay Admits Growing Fraud Problems

On 12/16/05, Geoff Duncan of Designtechnica News, wrote:



On 3/3/05, John Yembrick of the United States Attorney General for the Southern District of Texas wrote:


Online auction scams soar, Complaints nearly double

On 2/2/05, Carolyn Said, Chronicle Staff Writer (www.SFGate.com) wrote:


AND these are but stories from the past year, or so.

Here is another telling statistic, which reveals eBay's refusal to face up to reality. When reporting the top ten scams of the year, the National Consumers League noted:

"In the fall of 2003, online giant eBay removed the link from it's site, http://www.fraud.org. As a result, the number of auction complaints reported dropped to 1/6 its previous level. Based on statistics prior to eBay's action, NCL estimates that there would have been 30,720 auction complaints in 2005, representing 71 percent of complaints."

Should eBay continue to IGNORE this problem AND fail to get in front of it, the number of victims will continue to grow.

Is Asia Becoming a Greater Target for Fraud

I've often commented about the borderless nature of crime on the internet. On the internet, crime is as far away as a click of the mouse. With the rapid growth of technology, internet crime is also spreading and creating a pool of victims in Asia.

In fact, Bangalore is becoming a center for "Information Services." Here is an earlier post, I did about that and fraud implications:

What are the Security Implications of Outsourcing

Here is evidence that one international corporate entity (Visa International) that recognizes this and is taking action.

The Edge Daily is reporting:

Visa Asia Pacific has uncovered and shut down 20 spoof websites to prevent cardholders from succumbing to online data theft. Here is the story regarding Visa's Asian adventure:

Visa shuts down 20 spoof, phishing websites

Here is another story regarding the same issue, but more of a warning:

Visa Remind Cardholders To Ignore E-mail Scams

Both of the articles suggest a resource for reporting phishing that is new, to me at least:


There are many, who fear the implications of internet crime in Asia. I fear it not only in Asia, but everywhere in the world. The key is protecting each other through awareness AND realizing "It's a Small World After All."

Friday, February 17, 2006

Who Really Profited in the Hurricane Disasters

In reference to this week's news about mismanagement in the Katrina disaster, the Washington Post is saying:

"The Senate as well as the White House should conclude from this story that FEMA "reform" cannot amount to mere organizational change or undue attention to the overworked question of whether the agency belongs inside DHS. The agency needs some much simpler changes, too: It could start, for example, by learning who made these terrible decisions and relieving them of their duties immediately."

Apparently, along with the rampant fraud that was going on, FEMA spent 900 million on modular homes, which by their own regulations aren't permissible for use in the area they bought them for. These homes will now be sold for pennies on the dollar and many of them have warped from sinking into the mud.

Here is the editorial from the Washington Post:

Waste, Fraud and Abuse

I did a post on the fraud in Katrina, where I stated: No Wonder We are Facing a Budget Crisis.

In this post, I estimated fraud could have been 691 million. This was based on figures cited in an article, I read.

Perhaps someone should be taking a closer look at this....specifically to see who profited from it?

Thursday, February 16, 2006

Internet Crime Predictions for 2006

2005 saw internet crime becoming more and more prevalent. Here is a press release from the National Cyber Security Alliance and the Department of Homeland Security predicting what is in store for us in 2006:

According to the 2006 Department of Homeland Security and NCSA Emerging Internet Threat List (http://www.staysafeonline.info/basics/2006threatlist.html) viruses continue to pose a threat to consumers, as malicious codes become more sophisticated and targeted towards popular activities, such as Instant Messenger and text messaging. Wireless devices, such as PDAs and cell phones are also becoming increasingly more vulnerable to hackers and viruses. Phishing continues to be an ongoing threat to consumers as they become more prevalent and sophisticated in obtaining consumers’ personal and financial information. Five online preparedness best practices are also highlighted to offer consumers the necessary tips on how to take action against cyber thieves and avoid becoming victim to Internet crime this year.

Emerging Threats for 2006:

Hackers use Instant Messaging to spread viruses and worms.

Phishing fraud becomes more prevalent and sophisticated.

Viruses attack cell phones and PDAs.

Hackers target online brokerage accounts.

Online Preparedness Practices:

Practice the core three protections – install, configure, regularly update.

Do not open unexpected emails.

Do not download attachments in unsolicited emails.

Take precautions to protect your mobile devices.

Here is a link to their Stay Safe Online site, which has a lot of relevant information on how to protect yourself from these threats.

The Anti-Phishing Working Group (APWG) just released their December Phishing Activity Trends Report, which shows an increase in activity. They reported 4,630 sites distributing crimeware in November to 7,197 in December.

Here is the definition of crimeware from Wikipedia:

"Crimeware (as distinct from spyware, adware, and malware) is designed to (through social engineering or technical stealth) perpetrate identity theft to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware."

"Crimeware can surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief. A crimeware program can also redirect a user's browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar. Furthermore, crimeware can wait for the user to log into their account at a financial institution, then drain the account behind the scenes."

Knowledge and awareness are the best defenses against internet crime. Unfortunately (all too often), internet crime goes unreported. A good place to report internet criminal activity is the Internet Crime Complaint Center (FBI).

Reporting it provides valuable intelligence (real time) to the cyber crime warriors, who are out there protecting US!

Wednesday, February 15, 2006

Office Max Denies Being Hacked in Debit Card Breach

Last week, I got a rather unfortunate letter from my bank. It informed me that they suspected fraud on my debit card, which turned out to be true.

After a little research of the available media coverage and my own shopping habits, it seemed to me that I could reasonably deduct where this all started at.

Last weekend, I had a feeling that Office Max was going to be discovered as the point of compromise and did this post: Is Office Max the Point of Compromise in the Debit Card Theft Case.

On Monday, David Lazarus of the San Francisco Chronicle reported Office Max as being the point of compromise. The Chronicle and David Lazarus have been instrumental in breaking this story despite all the "no comments" from the financial industry.

Here is the story from the Chronicle naming Office Max:

OfficeMax at center of major data-security breach with debit cards

The saga continues and Channel 5 of the San Francisco Bay area is now reporting:

"As OfficeMax denies that its computer systems were hacked and that customers' financial information was stolen, investigators are looking into the possibility that the same kinds of cyber thieves may have struck again at Sam's Club."

"But the FBI confirms it is investigating the possible theft of OfficeMax customer data that led to several major banks canceling thousands of debit cards."

On a even more ominous note, Channel 5 reported:

"The FBI fears the stolen money is going to international organized crime rings, or even funding terrorist organizations."

For the full story from CBS 5:

Sam's Club Customers' Credit Card Info Exposed

California State Sen. Jackie Speier, D-Hillsborough has already expressed concern that California's strict disclosure laws might have been violated AND now the Financial Times is reporting:

"Barney Frank, the senior Democrat on the house financial services committee, said on Wednesday he would consider legislation to require credit card companies to name the party responsible for consumer data breaches."

Here is the story from the Financial Times:

Credit card handling lapses spur regulatory effort

It's been established and reported that Visa and Mastercard admitted to knowing that the breach occurred at a retailer, but wouldn't identify which one. This lead to a lot of speculation in the press that Sam's Club (another recent breach) was the source.

Of course, based on my personal experience, I know I have never bought anything at Sam's Club.

The most recent reports are saying that the FBI is investigating to see if a tie between the two cases exist. This makes more sense to me. When I was following this story, I noticed that the recent breach seemed to be Northern California specific, while the Sam's Club case has proven to cover different geographic areas.

This isn't to say that there isn't a tie. With all the data breaches in the past couple of years, it seems to me that highly organized gangs are maliciously attacking corporations to steal information.

It's going to be interesting to see how the legal part of this comes out.

Here is a pretty good explanation of California laws by the Privacy Rights Clearinghouse:

California Identity Theft Laws

In addition to this, there is also been a civil law suit filed for the California victims of the Cardsystems (Mastercard) breach. The lawsuit alleges that consumers were not notified in a timely manner.

Here is an article from CNet regarding this:

Lawsuit seeks disclosure in credit card heist CNET News.com

Other notable "data breaches" in the recent past have been the Boston Globe, Choice Point, Wachovia Corporation, Bank of America, Time Warner and even educational institutions, such as Boston College and the University of California, Berkeley.

Office Max has the right to deny they are the source, but unless Channel 5 is mistaken, the FBI is on the case and they are looking at them.

I'm sure no one at these corporations, or institutions wished for the breach to occur. The question is, whether or not, keeping everything secret serves the public interest. When this story broke, it was because Bank of America got in front of it and addressed it. As a result, they probably took the initial heat, but as history is written, it might show they did the right thing. It's now very obvious that they were not the only financial institution, or retailer that had reason to suspect their customers might be in harm's way.

This is going to get VERY INTERESTING!

Tuesday, February 14, 2006

PayPal Customers Under Constant Attack by Phishing Fraudsters

In the past couple of months my Spam Filter has been filling up with fake e-mail from PayPal. In the month of February, I have received 24 of them, so far. Other's I seem to be receiving a lot of also are "Microsoft" security updates and "Wells Fargo On Line."

Granted, I am only a humble user of the WWW, but if I am receiving this many attempts, perhaps it is a concern.

The intention of all this e-mail is to commit phishing, where someone is duped into giving up personal AND or financial information. This information is is then used in the crime known as identity theft.

In addition to this, malware (malicious software) is often injected on a system, when these "spoofed sites" are visited.

Here is a link from PayPal, which describes the activity relevant to PayPal and it's sister company, eBay: PayPal - Protect Yourself from Fraudulent Emails.

The Anti-Phishing Working Group (APWG) is a known authority on Phishing. Besides being a wealth of information, they offer some relevant information for consumers:

How to Avoid Phishing Scams

What To Do If You've Given Out Your Personal Financial Information

Phishing is becoming a huge problem and can cause severe financial hardship. PayPal and eBay are certainly not the only organizations that are spoofed. In fact, any site dealing with people's financial information is a potential target.

With computers and internet access becoming cheaper all the time, the number of potential victims is growing daily. Knowledge and awareness are key to defeating internet crime. You can do your part by learning and then sharing this awareness with those you care about.

Sunday, February 12, 2006

No Wonder We are Facing a Budget Crisis

No wonder our government is facing a budget crisis. Programs designed to help those in need seem to be suffering from rampant fraud.

Eric Lipton of the New York Times is reporting:

"Thousands of applicants for federal emergency relief money after Hurricanes Katrina and Rita used duplicate or invalid Social Security numbers or bogus addresses, suggesting that the $2.3 billion program was a victim of extensive fraud, a Congressional auditor will report Monday."

According to FEMA, one third of the applications had information that wasn't correct. This is probably a pretty good indicator of fraud.

Hmmm...a 2.3 billion dollar program AND one third of the applications had information that wasn't correct, this translates to a potential 691 million in fraud. Of course, this is only a approximate figure.

AND this doesn't include all the charity organizations that were probably fraud victims, also. Of course, the sad truth is that fraudsters were posing as charity organizations, also.

Here is the story from the New York Times:

Auditors Find Huge Fraud in FEMA Aid

None of this should be surprising, there were a lot of reports of fraud (all across the country) on fraud in the wake of the hurricane disasters this year.

Here are some of the posts, I did at the time:

Katrina Fraud Status

Fraud Relating to Katrina in Full Swing

Katrina Fraud Far and Wide

Here is a more recent one, I did on a different subject, but indicative that our social programs are suffering from rampant fraud:

Back to Work Programs a Fraud Heaven for Scammers

If a third of the FEMA dollars and 40-50 percent of Childcare dollars in California are being paid out to fraudulent claims, there is no wonder the government is having financial difficulties.

The only solution to this mess is GREATER ACCOUNTABILITY by those administering these programs. On the other end of the spectrum, laws need to be enacted to severely punish greedy people who take advantage of disaster situations AND prosecution efforts need to meet a standard that makes the activity dangerous.

The sad things is that WE all are victims of this activity because it's our tax dollars paying for it. Americans are some of the most giving people in the world, but we need to be giving to the needy instead of supporting the greedy.

Saturday, February 11, 2006

Is Office Max the Point of Compromise in the Debit Card Theft Case

CNet is reporting that the point of compromise in the debit card case affecting Bank of America, Washington Mutual and Wells Fargo is Walmart and possibly Office Max. I hate to admit this, but last week, I received a letter from one of these banking institutions suggesting I might be a fraud victim. When I went on-line to check my account, I discovered on a certain day there were numerous unexplained transactions.

To make it more interesting, it was from a old card number that I had since long replaced. The magnetic stripe on the card in question had stopped working properly and then was cracked by a sales clerk trying to get it to work.

When speaking to the fraud department at my bank, they confirmed that the transactions were magnetically "swiped." This would lead me to deduct that my card must have been cloned.

A day, or so later I read the article written by David Lazarus of the San Francisco Chronicle saying a major office supply retailer was the point of compromise. I then realized that I might very well be one of the victims of this AND Office Max is where I frequently buy office supplies.

Please note that Wells Fargo's possible involvement isn't being reported by CNet, but was reported by the San Francisco Chronicle:

"Wells Fargo reiterated only that the bank protects customers "if we discover they are at risk for unauthorized transactions." However, multiple Wells Fargo customers told me they've received new debit cards from the bank via FedEx."

The article from the San Francisco Chronicle stated that Visa and Mastercard (who issue cards via numerous banks) as saying they warned banks last month of a breach at a retailer.

Since most retailers accept Visa and Mastercard, which are issued by a multitude of banks, in theory numerous banks could be compromised. Retailers don't discriminate as to which bank the cards were issued at. Here is the story from CNet:

Web of intrigue widens in debit-card theft case

The article also quotes the FBI as saying this case is related to one at the Golden 1 Credit Union last November, where debit cards were compromised by a skimming device at a Sacramento merchant.

Golden 1 cancels 1,300 cards when area hit by fraud

Again, I find it odd that if the point of compromise was in fact a merchant in Sacramento, that only Golden 1 cards were compromised.

Either certain cards are more friendly for cloning (counterfeiting) purposes, or there is more to this than meets the eye.

In this case and possibly the one now, there is a lot of speculation that the breach was a result of an inside job. Organized fraud gangs are known to solicit and recruit people on the inside of organizations to steal information.

So far as the Sam's club angle, I'm not sure how this might tie in. As in most of these cases, it seems as little information is released as possible.

One thing in common is that all the breaking news seems to be coming out of Northern California, which is where my card was compromised.

No one is sure why the retailer's identity is being kept a secret, but some openly suspect it's to minimize liability from California's strict disclosure laws. Here is a previous post, I did on proactive legislation in California regarding matters like this:

Terminating Identity Theft in California

For anyone, who has been violated by this, here is a link from the Privacy Rights Clearinghouse, explaining the laws and what your rights are:

California Identity Theft Laws

If suspicions are true (that the secrecy is to skirt the intention of the law), then perhaps Bank of America, who started the flurry of reports is the most honorable one on the block. After all, they took the initial steps to protect their customers AND since then it seems a lot of evidence has been uncovered that they weren't the only one's compromised.

Keeping things quiet sometimes aids law enforcement's efforts to apprehend the "bad guys," but at this point there seems to be a lot of "law enforcement and banking industry sources" making comments on this case.

Let me specify that this is all mere speculation on my part and to say otherwise wouldn't be fair. I can't even be sure my case is part of this, but when I compare it to the breaking news, the similarities are amazing.

I guess it just goes to show, we are all at risk of becoming a victim of Fraud, Phishing and Financial Misdeeds AND I plan to follow this story closely, if out of nothing more than a personal interest.

For the article from the San Francisco Chronicle, click on the title of this post.

Will Cyber-Crime Lead to Economic Disaster

One of the greatest problems we face today is technology outpacing legislation (laws) to protect consumers. There can be no doubt that the Global Economy has spawned a Global Crime Wave, inspired in part by technologies used by businesses in the quest for profit.

For the first time in ten years, the Federal Trade Commission will host hearings this fall to take a look at this.

"Federal Trade Commission Chairman Deborah Platt Majoras today announced that the agency will host hearings this fall to examine the next generation of consumer issues to emerge in the high-tech global marketplace. Speaking to the Anti-Spyware Coalition meeting sponsored by the Center for Democracy and Technology in Washington, DC, Majoras said the hearings would bring together experts from business, government, the technology sector, consumer advocates, academics, and law enforcement officials to explore the ways in which technology development and convergence and the continued globalization of commerce impact consumer protection issues."

For the full press release by the FTC:

FTC to Host Global Marketplace Hearings

Federal Trade Commission Chairman Deborah Platt Majoras made this announcement to the Anti-Spyware Coalition. In their own words, here is their primary goal:

"The Anti-Spyware Coalition (ASC) is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies."

A lot of groups, such as the Anti-Spyware Coalition are taking a stance on this problem. This is probably a response to the rapidly multiplying number of victims in the world today. In fact, the FTC itself says there are 9 million victims in the United States every year and if this is a world wide problem, I would hate to estimate the impact on a global basis.

Spyware is often confused with adware and to some, closely related to malware. I found another term recently (scumware), which is a good description of any software installed without the consumer's consent to market products, or steal their personal and financial information.

The problem is that there seems to be a fine line between legitimate business use and outright criminal applications of these technologies.

No wonder, we are facing a world wide identity theft crisis, where phishing no longer refers to a recreational activity.

I could go on and on about other potential problems, such as Terrorists getting in on the cyber-crime bandwagon, but the answer is clear. These issues need to be addressed and the longer we wait to address them could cause economic problems.

If the problem continues, it will continue to wear down on consumer confidence. The confidence of the consumer is a key economic indicator and shouldn't be taken lightly.

A lot of this links in this post are courtesy of Wikipedia. You can go to their page by clicking on the title of this post.

Friday, February 10, 2006

Adobe Latest Name Being Used in Phishing Attacks

Phishers love names we trust. Adobe is their latest target. Here is an alert from the people at Websense:

"Websense® Security Labs™ has received reports of a new phishing attack, using the brand name of Adobe Systems Incorporated. Users receive a spoofed email that provides a link to the phishing website, which is designed to mimic the Adobe online store. Users are given the option to buy and download Adobe products at substantially discounted rates. The site has links to awards hosted locally, which supposedly prove its veracity. When checking out, the user is prompted for credit card information."

"This phishing site is hosted in China and was up at the time of this alert."

For the alert from Websense, which contains a screenshot of the spoofed Adobe site, go to: Adobe.

Bank of America Debit Card Breach Grows to 200,000 and BofA Isn't Alone

The Bank of America debit card breach seems to be growing. Estimates are now that 200,000 customers have been affected AND it goes further than just Bank of America. There is evidence that Washington Mutual and Wells Fargo customers have been compromised, also.

Although, the banks aren't commenting, David Lazarus of the San Francisco Chronicle writes:

"But well-placed sources within the banking and credit card industries now tell me that the company in question is a leading retailer in the office-supply business."

Allegedly, the retailer in question knew of the breach last month.

There is also speculation that California's disclosure laws might have been violated by the retailer:

"It's unclear at this point whether the retailer violated state law by not directly notifying customers of the breach, instead allowing customers to be ambiguously alerted by their banks."

"State Sen. Jackie Speier, D-Hillsborough, a leading privacy advocate in Sacramento, said the spirit, if not the letter, of the law appears to have been violated."

For the full story by David Lazarus:

Security breach fallout reaches 200,000 debit card holders

For anyone, who has been violated by this, here is a link from the Privacy Rights Clearinghouse, explaining the laws and what your rights are:

California Identity Theft Laws

A fellow blogger (travis) left a comment on my post, Boston Globe Hands Out 202,000 Credit Card Numbers about a federal bill modeled after California's proactive legislation:

"Since the S.1789 bill is in the Judiciary Committee, it doesn't look like it will get much attention from those guys for a while. Here's the bill summary. There have been no hearings yet."

These laws are designed to protect all of us. Hopefully, the federal bill will move a little quicker and California's laws will be enforced to the letter of the law.

I highly recommend letting your opinion be known by contacting your elected representatives.

Thursday, February 09, 2006

Phishing for a Lonely Heart

Romance Scams are not new on the internet. In the past, they have become a variation of Advance fee fraud (419) activity. The typical ploy was to establish e-mail/IM contact with a victim and get them to send money.

Now, it seems, the stakes are getting higher. Valentines Day could bring on a surge of phishing attacks designed to install malware (malicious software) on computer systems. The end-result of many of these attacks is personal and financial information being stolen and used to commit identity theft .

Here is a warning from Michael Carr of Purdue University, courtesy of TMCNet:

Electronic Valentine cards promising sweet nothings may instead infect loved ones' computers with a nasty surprise from a cyber scam artist, according to a Purdue University computer security expert.

"An e-mail or instant message from a 'secret admirer' on Valentine's Day may be specifically designed to pique your curiosity," says Michael Carr, Purdue's chief information security officer. "It's human nature and exactly what the bad guy is counting on."

According to the article, and Mr. Carr, here are items to be wary of:

- Not clicking on links or attachments unless they are part of an expected e-mail or instant message from a reliable, known source.

- Protecting your computer with current anti-virus software and manufacturer-recommended system patches.

- Checking the authenticity of a questionable message by contacting the sender via telephone or another messaging technique.

Sometimes dangerous e-mails can even arrive having been forwarded by or appearing to have been forwarded by people known by the recipient. Carr says even these messages also need to be evaluated and confirmed by a phone call to the sender.

"If you continue to have doubts about the e-mail or instant message, just delete the message," Carr says. "It is not worth the risk of being a victim."

"Information Technology at Purdue, also known as ITaP, provides free- of-charge computer security advice, including how to identify spam and phishing scams, on the Web at http://www.purdue.edu/SecurePurdue.

Here is the full story by TMCNet:

Expert: Electronic Valentine Cards Present Cyber Security Risk

Here is a previous post, I did on Romance Scams:

Criminal Activity on Dating Sites

A lot of these scammers lurk on dating sites and there is a Yahoo Group, Romance Scam 419 Yahoo Group (US) that is (in my opinion) the best resource out to learn how to avoid being a victim, or go to if you have become one. The members of this group support victims and actively go about scamming the scammers.

Here is what they do, in their own words:

"Welcome to the group Romancescams. Please feel free to tell us your story whether it is your own personal story or that of someone you know. This group provides a safe haven for all, free of criticism and judgment. Our goal is to educate by getting the word out to as many people as possible. Check out our photo, link, database, and file pages when you get the opportunity."

I highly recommend you find the opportunity to visit them and educate yourself. The group and it's members truly give a lot of themselves to help others, which is a noble cause. They also get quite a bit of revenge on the immoral people, who take advantage of other's feelings.

Wednesday, February 08, 2006

NCL Releases the Top Ten Internet Scams of 2005

The National Consumers League has released their 2005 Fraud Trends: Consumers Being Hounded by Internet and Telemarketing Scams.

The "Top Ten" internet scams were:

Auction items never delivered or misrepresented, the average loss was $1,155 and this category accounted for 42 percent of all the complaints.

General merchandise never delivered or misrepresented, the average loss was $2,258 and this category accounted for 30 percent of the complaints.

Nigerian money offers. False promises of riches if consumers pay to transfer money to their bank accounts, the average loss was $6,937 and this category accounted for 8 percent of the complaints.

Fake checks sent for goods or services and victim is told to wire back money, the average loss was $4,361 and this category accounted for 6 percent of the complaints.

Lotteries/lottery clubs. Requests for payment to claim lottery winnings or get help to win, often foreign lotteries the average loss was $2,919 and this accounted for 4 percent of the complaints.

Phishing, fraudulent e-mails asking for personal information, the average loss was $612 and this accounted for 2 percent of the complaints.

Advance-fee loans, loans promised with upfront fee, the average loss was $1,426 and this accounted for 1 percent of the complaints.

Internet Access Services, cost of internet access and other services misrepresented or never provided, the average loss was $1262 and this accounted for 1 percent of the complaints.

Information/adult services. Cost and terms of services not disclosed or misrepresented, the average loss was $504 and this accounted for 1 percent of the complaints.

Work-at-Home Plans. Kits sold on false promises of big profits from working at home, the average loss was $1,785 and this accounted for 1 percent of the complaints.

Although, these statistics are based on complaints made to the National Consumer League, they doubled over the past year (scary).

Wire transfers through non-banking institutions, such as Western Union and MoneyGram were the favorite venue for the fraudsters to have their money sent to them.

Here is an interesting statistic from the survey about eBay. I'm starting to think they deserve an award for ignoring the massive problems fraud has created for their customers:

* In the fall of 2003, online giant eBay removed the link from its Web site to fraud.org. As a result, the number of auction complaints reported to NCL’s fraud center dropped to 1/6 its previous level. Based on statistics prior to eBay’s action, NCL estimates that there would have been 30,720 auction complaints in 2005, representing 71 percent of complaints.

If you are interested in more information regarding eBay, put in keyword "eBay" in the search box at the top of the page.

The National Consumer's League and it's sister site National Fraud Information Center provide a lot of great information on how to avoid being a fraud victim. There are also other relevant (social awareness) resources on the National Consumer League's site. I highly recommend both of them.

You can go directly to the site for the National Consumer League by clicking on the title of this post.

Tuesday, February 07, 2006

Sales Tax Fraud

I was reading an article about an undercover investigation done by a consumer reporter on Sales Tax Fraud. Then it occurred to me, I see this all the time; especially at small independent retailers and restaurants.

If you don't receive a register receipt (not the one from the debit/credit card machine), the business you are patronizing is likely "skimming" the proceeds and under reporting the amount they receive.

These proceeds (which are in addition to the cost of what you are buying) go right into their pockets.

This occurs when nothing is rung (entered) into the register and the cash is put in the drawer. Another sure fire sign of "Sales Tax Fraud" is the employee using a calculator to figure out the total.

Here is the story:

"It can happen every time you buy something, and it's costing our state a staggering amount of money.

KIRO 7 Consumer Investigator Wayne Havrelly went undercover to expose a problem that's hurting all of us.

There's a secret underground economy operating in our state, and you're the one paying for it.

If you bought something today with cash, there's a good chance the tax you paid didn't go where it's supposed to. The tax bandits made sure of that.

Registers ring millions of times a day in Washington state, but our consumer investigation has revealed the money and tax we pay isn't always recorded."

To read about the entire investigation:

Sales Tax Fraud Could Cost State Millions

This is a local story in Washington State. If Washington is losing millions to this, I wonder how much we are losing nationwide?

I keep reading how local governments are running out of money all over the country. This mean that (we), who are honest end up paying more for essential government services.

If you spot this you should report it to your local State authorities. In the long run, you could reduce your taxes and help your community get the money it deserves.

Trust me, these businesses are using the services I mention and they are doing it for free, plus a profit.

I tried to find information on how to report this sort of fraud in all fifty states and there are a lot of sites, but none that where you can do it nationwide. I would recommend doing a search for keyword "Department of Revenue" if you see somethng you would like to report.

Of course, my favorite resource for reporting tax scams is Quatloos. Here is a form they have to report scams:

Quatloos! Fraud Report Form

Consumer Investigator Wayne Havrelly inspired me to reflect on this AND I see it happening all the time.

The Dirty Dozen Tax Scams

Tax Season is here and along with it many different types of fraud. In almost all instances, the people responsible are stealing from the government, but there are also those out there recruiting fresh victims daily to become unknowing accomplices to their crimes.

The slogan the IRS uses, which is one I subscribe to myself is "If it's too good to be true, it isn't."

Here is some advice from the experts at the IRS on the different types of scams they are seeing:

The Dirty Dozen

The IRS urges people to avoid these common schemes:

Trust Misuse.

Unscrupulous promoters for years have urged taxpayers to transfer assets into trusts. They promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes. However, some trusts do not deliver the promised tax benefits, and the IRS is actively examining these arrangements. More than two dozen injunctions have been obtained against promoters since 2001, and numerous promoters and their clients have been prosecuted. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering into a trust.

Frivolous Arguments.

Promoters have been known to make the following outlandish claims: that the Sixteenth Amendment concerning congressional power to lay and collect income taxes was never ratified; that wages are not income; that filing a return and paying taxes are merely voluntary; and that being required to file Form 1040 violates the Fifth Amendment right against self-incrimination or the Fourth Amendment right to privacy. Don’t believe these or other similar claims. Such arguments are false and have been thrown out of court. While taxpayers have the right to contest their tax liabilities in court, no one has the right to disobey the law.

Return Preparer Fraud.

Dishonest return preparers can cause many headaches for taxpayers who fall victim to their ploys. Such preparers derive financial gain by skimming a portion of their clients’ refunds and charging inflated fees for return preparation services. They attract new clients by promising large refunds. Taxpayers should choose carefully when hiring a tax preparer. As the saying goes, if it sounds too good to be true, it probably is. No matter who prepares the return, the taxpayer is ultimately responsible for its accuracy. Since 2002, the courts have issued injunctions ordering dozens of individuals to cease preparing returns, and the Department of Justice has filed complaints against dozens of others, which are pending in court.

Credit Counseling Agencies.

Taxpayers should be careful with credit counseling organizations that claim they can fix credit ratings, push debt payment agreements or charge high fees, monthly service charges or mandatory “contributions” that may add to debt. The IRS Tax Exempt and Government Entities Division has made auditing credit counseling organizations a priority because some of these tax-exempt organizations, which are intended to provide education to low-income customers with debt problems, are charging debtors large fees, while providing little or no counseling.

"Claim of Right" Doctrine.

In this scheme, a taxpayer files a return and attempts to take a deduction equal to the entire amount of his or her wages. The promoter advises the taxpayer to label the deduction as “a necessary expense for the production of income” or “compensation for personal services actually rendered.” This so-called deduction is based on a misinterpretation of the Internal Revenue Code and has no basis in law.

“No Gain” Deduction.

Similar to “Claim of Right,” filers attempt to eliminate their entire adjusted gross income (AGI) by deducting it on Schedule A. The filer lists his or her AGI under the Schedule A section labeled “Other Miscellaneous Deductions” and attaches a statement to the return, referring to court documents and including the words “No Gain Realized.”

Corporation Sole.

Since September 2004, the Department of Justice has obtained six injunctions against promoters of this scheme and filed complaints against 11 others. Participants apply for incorporation under the pretext of being a “bishop” or “overseer” of a one-person, phony religious organization or society with the idea that this entitles the individual to exemption from federal income taxes as a nonprofit, religious organization. When used as intended, Corporation Sole statutes enable religious leaders to separate themselves legally from the control and ownership of church assets. But the rules have been twisted at seminars where taxpayers are charged fees of $1,000 or more and incorrectly told that Corporation Sole laws provide a “legal” way to escape paying federal income taxes, child support and other personal debts.

Identity Theft.

It pays to be choosy when it comes to disclosing personal information. Identity thieves have used stolen personal data to access financial accounts, run up charges on credit cards and apply for new loans. The IRS is aware of several identity theft scams involving taxes. In one case, fraudsters sent bank customers fictitious correspondence and IRS forms in an attempt to trick them into disclosing their personal financial data. In another, abusive tax preparers used clients’ Social Security numbers and other information to file false tax returns without the clients’ knowledge. Sometimes scammers pose as the IRS itself. Last year the IRS shut down a scheme in which perpetrators used e-mail to announce to unsuspecting taxpayers that they were “under audit” and could set matters right by divulging sensitive financial information on an official-looking Web site. Taxpayers should note the IRS does not use e-mail to contact them about issues related to their accounts. If taxpayers have any doubt whether a contact from the IRS is authentic, they can call 1-800-829-1040 to confirm it.

Abuse of Charitable Organizations and Deductions.

The IRS has observed an increase in the use of tax-exempt organizations to improperly shield income or assets from taxation. This can occur, for example, when a taxpayer moves assets or income to a tax-exempt supporting organization or donor-advised fund but maintains control over the assets or income, thereby obtaining a tax deduction without transferring a commensurate benefit to charity. A “contribution” of a historic facade easement to a tax-exempt conservation organization is another example. In many cases, local historic preservation laws already prohibit alteration of the home’s facade, making the contributed easement superfluous. Even if the facade could be altered, the deduction claimed for the easement contribution may far exceed the easement’s impact on the value of the property.

Offshore Transactions.

Despite a crackdown on the practice by the IRS and state tax agencies, individuals continue to try to avoid U.S. taxes by illegally hiding income in offshore bank and brokerage accounts or using offshore credit cards, wire transfers, foreign trusts, employee leasing schemes, private annuities or life insurance to do so. The IRS, along with the tax agencies of U.S. states and possessions, continues to aggressively pursue taxpayers and promoters involved in such abusive transactions.

Zero Return.

Promoters instruct taxpayers to enter all zeros on their federal income tax filings. In a twist on this scheme, filers enter zero income, report their withholding and then write “nunc pro tunc”–– Latin for “now for then”––on the return.

Employment Tax Evasion.

The IRS has seen a number of illegal schemes that instruct employers not to withhold federal income tax or other employment taxes from wages paid to their employees. Such advice is based on an incorrect interpretation of Section 861 and other parts of the tax law and has been refuted in court. Recent cases have resulted in criminal convictions, and the courts have issued injunctions against more than a dozen persons ordering them to stop promoting the scheme. Employer participants can also be held responsible for back payments of employment taxes, plus penalties and interest. It is worth noting that employees who have nothing withheld from their wages are still responsible for payment of their personal taxes.

Here is how you can report suspected activity:

Where Do You Report Suspected Tax Fraud Activity?
If you suspect or know of a company or person who is not complying with the tax laws, you can report their activity by phone, mail or your local IRS walk-in office.

Tax Shelter Hotline
The IRS Office of Tax Shelter Analysis serves as a clearinghouse for information about potentially improper tax shelter activity. You can submit information by mail, telephone, fax, or e-mail.

Referral Form for Reporting Abusive Tax Promotions and/or Promoters
(PDF 182K)The form helps document the information necessary to report an abusive tax avoidance scheme. The form can be mailed or faxed to the IRS.

Report Abusive CPAs, Attorneys or Enrolled Agents
Special e-mail address to report actions by unscrupulous tax professionals to the IRS Office of Professional Responsibility.

There aren't the only scams out there, if you are interested in learning more, go to:

Tax Fraud Alerts

No one likes paying taxes, but they are necessary to fund our way of life. When tax fraud is committed, the long term effect is that the honest taxpayer ends up paying more to cover for the government revenue lost to fraud.

That's not fair to the honest majority!

Perhaps educating ourselves and reporting suspected fraudulent activity would decrease the amount of taxes we pay in the future? After all, most politicians (especially at election time) don't like raising taxes.

Many of the social programs administered by the government are facing a lot of financial strain and I sometimes wonder how much of this is due to fraud?

Here is a site, Quatloos that covers of variety of scams, but has a lot of information on tax fraud.

Sunday, February 05, 2006

What are the Security Implications of Pay Per Mail

Here is an interesting thought, Pay Per Mail. Yahoo and AOL will now offer a service (where for a fee) businesses can ensure their marketing e-mails bypass Spam filters.

Spam e-mail is often the delivery device of malware (malicious software), which is used for fraudulent activity on the internet. Experts agree that this activity is now being done by highly organized criminal enterprises. Many of these enterprises are probably capable of paying the fee, or using some sort of deception to have their Spam sent.

eBay accounts are now routinely taken over and used as vehicles for fraud. Will some of these Pay Per Mail accounts be taken over, also?

Here is one of the stories from the AP, courtesy of the San Francisco Chronicle:

Yahoo, AOL Plan Fee for Bypassing Filters

It's too early to speculate what the potential for abuse is. BUT I wonder how Yahoo and AOL will verify that the customers agreed to receive the mail (as they state) and that the businesses are legitimate?

Daily, we see major corporations and financial institutions being spoofed on the internet. Add in some Spam and people become victims of phishing, which leads to identities and financial information being stolen. If criminals are able to use this new service to their advantage, who will suffer from this?

The Spamhaus Project already has evidence the ISPs profit from Spam. Here is a recent article they did on this:

Should ISPs Be Profiting From Knowingly Hosting Spam Gangs?

This concept is probably too new to say anything for certain, but at first look, it bothers this writer.

The Spamhaus Project is a leader in the detection of Spam and other cyber-nasties, I like to refer to as scumware. If you would like a more technical perspective, I highly recommend their website, which can be viewed by clicking on the title of this post.

Back to Work Programs a Fraud Heaven for Scammers

We've all heard of Welfare Reform. Here are some examples of how it isn't saving the working public (who pay taxes) much money. In fact for those committing fraud, it appears to be pretty lucrative. According to reports, they may be taking in up to $5,000.00 a month without paying taxes.

Many of the people on this program, also qualify for AFDC (Aid to families with dependent children), the Food Stamp Program and possibly other free benefits.

In California alone, as reported by Troy Anderson of the Los Angeles Daily News, fraud and abuse are costing the taxpayers about 1.5 billion a year. Although this figure is being disputed by secondary sources, fraud isn't successful unless it goes undetected.

The end result from the law enforcement sources quoted is a belief that 40-50 percent of what is paid out is probably fraud.

Is it possible that some of these people have more spending power than say a "blue collar" family, who is paying for it in their taxes? Speaking of taxes, a lot of these people will qualify for
the Earned income tax credit, which can net them a few more thousand in spending power.

Here is a scary fact from the article that bespeaks a better than a "blue collar" lifestyle:

"In one case, prosecutors say a Lancaster resident conspired with relatives and friends to invent phony employment and child-care records and fraudulently obtain $345,719.

"The scam is increasingly popular in Los Angeles County, where investigators have opened more than 800 cases involving child-care fraud.

"Right now, this is the fraud du jour," said James Baker, assistant head deputy district attorney in the Welfare Fraud Division. "This is where the big money is now."

"The scam typically involves welfare-to-work recipients who fabricate employers or exaggerate work hours in order to qualify for taxpayer-financed child care. Then they split the money with friends and relatives who claim to be caring for the children, prosecutors said."

"Under reforms of the 1990s, welfare recipients qualify for government-paid child care -- usually $500 to $1,000 a month per child -- while they are looking for work or, after finding jobs, are making the transition into the work force."

For the full story by Troy Anderson, read:

Fraud eats away at funds earmarked for child care

The Welfare-to-work program is administered by the Federal Government. If there is 1.5 billion of fraud being committed in California, I would hate to estimate what the nationwide bill for all of this is. Furthermore, if in California, half of what is being paid out is a result of fraud, it's time to take a serious look at what is going on.

Don't get me wrong, we need to help those who are truly needy. BUT how much more could we help those who deserve help if half of the budget to help them wasn't being stolen by criminals? There are also the rights of those, who work hard and pay their taxes to support these social programs. It just isn't very equitable.

Speaking of social programs, it isn't hard to find reports in the news that they are over burdened and going bankrupt. The solution to this problem is greater oversight, to include aggressive prosecution of fraud and a complete review of entitlement policies and procedures.

It's not fair to make the working public pay for this sort of ABUSE!

Saturday, February 04, 2006

Graft in the Oil Industry Funds Criminals and Terrorists

For many of us gritting our teeth every time we fill up our tanks, it is merely a financial concern. The sad truth is that oil money is funding criminals, terrorists and radical governments.

Failure to take action now could cause us more than a "financial concern" when filling up our tanks.

Robert Worth and James Glanz of the New York Times recently wrote:

"Ali Allawi, Iraq's finance minister, estimated that insurgents reap 40 percent to 50 percent of all oil-smuggling profits in the country. Offering an example of how illicit oil products are kept flowing on the black market, he said that the insurgency had infiltrated senior management positions at the major northern refinery in Baiji and routinely terrorized truck drivers there. This allows the insurgents and their confederates to tap the pipeline, empty the trucks and sell the oil or gas themselves.

"It's gone beyond Nigeria levels now where it really threatens national security," Mr. Allawi said of the oil industry. "The insurgents are involved at all levels."

Here is the full story from the New York Times:

Oil Graft Fuels the Insurgency, Iraq and U.S. Say

The Christian Science Monitor also put it's view in writing on this subject:

"As the world's largest oil user, the US must reduce oil consumption so that an Iran cannot easily wield an oil card to get a nuclear weapon. Or so a Saudi Arabia cannot allow oil profits to filter to terrorists. Or so a Venezuela can't throw oil money at anti-US regimes. Or so a Russia cannot cut off petroleum exports in a strategic dispute. Or, for that matter, so a hurricane like Katrina can't create an oil price spike.

Nor should the US continue to spend billions to deploy its military in the Middle East to secure that dwindling oil patch - one reason perhaps why Bush set a goal for the US to cut 75 percent of its oil imports from the Middle East by 2025.

For the entire editorial:

For oil addicts, switch-grass gas and more (The Christian Science Monitor)

We need to free ourselves from our addiction to foreign oil. ACTING now could be crucial to our very existence. This isn't just the responsibility of our governments, but is also the responsibility of each and every one of us.

In the long term, developing new energy resources will the solution. Here is an interesting article from Missouri Families on how YOU as an individual can start impacting this problem tomorrow:

Reduce Your Gasoline Consumption and Save

There are other ways to do this in the long run, the most important of which is supporting the long term development of alternative resources. We must also become united in our efforts and support our leaders to find a new ways to combat this increasing menace.

Boston Globe Hands Out 202,000 Credit Card Numbers

We can add the Boston Globe to a growing list of corporations that have compromised people's financial information. Sadly enough, this wasn't done by a hacker, but was more of a faux-pax (social blunder). 202,000 Globe and Worcester Telegram and Gazette readers had their names and credit card numbers complete with expiration dates sent out as routing slips on the top of newspaper bundles.

In doing this, they literally handed out everything that a criminal would need to start committing credit card fraud.

Here is one of the stories about this circulating by the Boston Herald:

Fraud follows Globe goof: 3 say others used their credit cards

According to the ID Theft Center, the recent rash of data breaches have occurred in many different ways:

Lost or stolen laptops, computers or other computer storage devices.

Backup tapes lost in transit because they were not sent either electronically or with a human escort.

Hackers breaking into systems.

Employees stealing information or allowing access to information.

Information bought by a fake business.

Poor business practices- for example sending postcards with Social Security numbers on them.

Internal security failures.

Viruses, Trojan Horses and computer security loopholes.

Info tossed into dumpsters- improper disposition of information.

The Boston Globe is just another in a growing list of organizations, who have compromised the information of their customers. Others in the news recently for "data breaches" have been Choice Point, Wachovia Corporation, Bank of America, Time Warner and even educational institutions, such as Boston College and the University of California, Berkeley. Although these institutions are in fact victims themselves, many of these breaches occurred because of a lack of security and even what some would consider "stupidity."

To protect us all, there is a lot of legislation on the books and quite a bit that has been passed. Here are two posts regarding this:

Personal Data and Security Act Moves Forward

Terminating Identity Theft in California

Prudent corporations should realize that the time is NOW to take a serious look at protecting the assets of those, whom they claim are dear to their hearts, or their customers. Besides potentially being in violation of the law, "consumer confidence" is a powerful indicator of whether they will be successful in the future, or not.

A great resource to learn how to protect yourself against identity theft is the Identity Theft Resource Center. If you click on the title of this post, it will take you directly to their web site.

Wednesday, February 01, 2006

Does the NSA, or the Private Sector Have Better Information?

The NSA and the Bush Administration have been in the news a lot lately for domestic surveillance. A recent development making the news is their alleged partnership with corporate America.

MATTHEW FORDAHL, AP Technology Writer reported yesterday:

"A civil liberties group sued AT&T Inc. on Tuesday for its alleged role in helping the National Security Agency spy on the phone calls and other communications of U.S. citizens without warrants.

The class-action lawsuit, filed in U.S. District Court in San Francisco by the Electronic Frontier Foundation, seeks to stop the surveillance program that started shortly after the 2001 terrorist attacks. It also seeks billions of dollars in damages.

The EFF claims the San Antonio-based telecommunications company not only provided direct access to its network that carries voice and data but also to its massive databases of stored telephone and Internet records that are updated constantly.

"Our main goal is to stop this invasion of privacy, prevent it from occurring again and make sure AT&T and all the other carriers understand there are going to be legal and economic consequences when they fail to follow the law," said Kevin Bankston, an EFF staff attorney.

President Bush has acknowledged authorizing the super-secret NSA to eavesdrop on international phone calls and e-mails of people within U.S. borders without the approval of a court, as required by existing surveillance and wiretapping laws.

The White House has vigorously defended the program, saying the president acted legally under the constitution and a post-Sept. 11 congressional resolution that granted him broad power to fight terrorism.

Democrats and civil libertarians disagree with the program's defenders, and it has already resulted in lawsuits against the federal government and plans for congressional hearings.
In its lawsuit, the EFF claims AT&T violated U.S. law and the privacy of its customers as part of the "massive and illegal program to wiretap and data mine Americans' communications." The group said it identified AT&T through news reports and its own investigation."

For the full story: Group Sues AT&T Over Alleged Surveillance.

The ACLU seems to be active in the issue, also. Here is a scary site about how this information might be used in the private sector for marketing purposes: ACLU - Pizza.

There is a lot of disagreement on this subject. On a personal level, if terrorists and criminals are being spied on, I could care less and support the efforts to do so. The problem as I see it is when corporations use this same data for so called marketing purposes and innocent people are victimized as a result of this.

Let's face it, we are in the information age and corporations have been gathering data (some might term it spying) on all of us for quite awhile.

The NSA is using the vast amounts of information compiled on citizens for marketing purposes. With all the massive data thefts (intrusions) in the past few years, it is apparent that the criminal element is using this information too.

Perhaps, the criminal element and the NSA know something the rest of us are only starting to understand, which is some of these corporations have gathered the best databases around.

If this is true, then why blame the NSA and the Bush Administration? If we want to solve the problem, perhaps we should address the root cause.

If you would like to read the release on this directly from the Electronic Frontier Foundation, click on the title of this post.