Thursday, June 29, 2006

And Just When We Thought the IRS Phishing Scams Were Gone for the Year

All during tax season, we saw warnings about phishing attempts using the name of the IRS. April 15th has come and gone, but the "phishermen" are still using the IRS name to lure victims.

For those unfamiliar with phishing, it normally starts with a lure - such as a refund from the IRS - in the form of an e-mail directing you to "click" on a site. The site (which is also fake) then directs you to give up all sorts of personal information, which the "phishermen" use to commit "identity theft." In more sophisticated schemes - even going on the site - can lead to all sorts of cybernasties (crimeware) being injected into your system. The crimeware allows them to track your information on a more "permanent" basis.

Phishing is on the rise and according to the APWG (Anti Phishing Working Group), May set a all-time record for phishing attempts.

Here is an interesting story from KUTV in Salt Lake City:

Tax season is over but some people are still getting notifications that they have a refund coming from the IRS. There are all types of so-called phishing schemes out there. And we found a new one today. Here is what the email looks like: Click Here.

It claims to be from the internal revenue service. It says you have a refund coming, just go to a website and fill out the refund request. And look at this: Click Here.

For the full story from KUTV: Click Here.

If you spot one of these attempts, you can forward it to the good folks at PIRT (Phishing Incident Reporting and Termination Squad) - who will take action to shut the bad guys down.

And last, but not least; you can call the IRS directly at 800-829-1040 to verify any communications, or e-mail the "suspected" phish to phishing@irs.gov. The IRS also has some pretty good information on their website on how to avoid falling for scam involving your taxes.

You can also report the activity to the APWG, which is mentioned above.

Israeli Sites Under Attack by Islamic Hackers

There has been a lot of speculation that Islamic groups use the Internet to further their political objectives. With the recent tension in the Gaza Strip, here is evidence of their capabilities as reported by Gal Mor, Ehud Kinan of YNet news:

Hundreds of websites were damaged by hackers in recent hours, following IDF activity in the Gaza Strip. The hackers are members of the Moroccan “Team Evil” group, responsible for most of the website damage in Israel in the past year. This is the largest, most concentrated attack on Israeli websites in recent years.

A Ynet investigation revealed that more than 750 Israeli websites, on a number of different domains, were hacked into and damaged in recent days. Prominent among them were the Soldier’s Treasury Bank, Bank Hapoalim (not the main page), Rambam Hospital, the Society for Culture and Housing, BMW Israel, Subaru Israel, Jump Fashion, non-profit organization “Yedid,” Kadima’s youth website, and the Globus Group ticket center. Many of these sites have not yet returned to normal.

Hackers left the message: You’re killing Palestinians, we’re killing servers.


For the full story on YNet, link here.

There is a lot of speculation of how terrorist groups might use the Internet to disrupt systems. Here are some previous posts, I've written on that matter:

Do Financial Crimes and Internet Fraud Fund Terrorism

Are Terrorists Probing Our Computer Systems?

Secret Shopper Scam Targets Walmart, Again

Back in November, I did a post on a Secret Shopper (advance fee) scam -- where people were solicited to act as Secret (Mystery) Shoppers -- and cash a large check at Walmart as part of their "paid" shopping assignment. They are then provided with a large dollar counterfeit cashiers check and instructed to cash it at Walmart. The second part of their assignment (if they get past the Walmart employee) is to wire the money to Canada via MoneyGram.

Of course, for their hard work they are instructed to keep a "generous" commission for themselves. And after the check returns, they are left with the responsibility of dealing with the consequences.

This scam seemed to die out for a few months, but is again raising it's "ugly head." I've received several reports -- by my readers and other sources -- that they are again being solicited to perform these so-called shopping assignments. The current scams seemed to be based out of Canada, which is where the original ones were based, also.

Walmart is known to take a tough stance on check fraud and makes use of local District Attorney programs as part of their "collection" efforts. This normally means -- if you fall for one of these scams and Walmart cashes the check -- failure to pay them back could mean criminal prosecution. Since the person cashing the check is responsible for the full amount cashed, the "generous commission" isn't a very good deal.

Of course, they might also call the authorities while someone is in their establishment passing a counterfeit check.

So far as the "Walmart connection," these scams all mutate and instructions to "shop" other establishments (although not seen yet) could be a future development. Only the result will remain the same, which is the person cashing the check will ultimately be held responsible. The best protection any of us have is to recognize the scam and ALWAYS remember that anything too good to be true, often IS NOT.

Here is the previous post, I wrote in November:

Secret Shoppers Scammed

If you want to report one of these scams, a good place to do so is:

Internet Crime Complaint Center (FBI)

And Canada (where most of this seems to come from) has a site of their own to report activity:

Phonebusters

Wednesday, June 28, 2006

California Issues Alert on eBay Fraud Trend

The California Office of the Attorney General is issuing a consumer alert about fraudsters - who pose as sellers on eBay (after assuming a legitimate sellers identity) - and lure them into paying for something they will never receive.
Account takeovers and identity theft are nothing new on eBay. In most instances, they are accomplished by "phishing" legitimate members of the eBay community; who are tricked into giving up their information as a result of a seemingly legitimate e-mail.
Here is the consumer alert:

Scam Artists Posing As Sellers on eBay

Consumers should be on the alert for scam artists posing as sellers on eBay, the California-based Internet auction site, who victimize bidders through bogus second chance offers. To avoid falling victim to this scam, we offer some tips and precautions below.
In the emerging fraud scheme, scam artists try to lure bidders interested in a product away from the e-Bay web site by using “My Message,” which allows seller and buyers to communicate on the auction site. Through posted messages, legitimate sellers are able to build a positive reputation from customer ratings, product reviews and favorable reports on business transactions.
Manipulating the eBay messaging system, the scam artist posing as the seller contacts bidders to announce the winning bid fell through and offers a second chance to buy the product by wiring the purchase price to the non-eBay email address provided. The scam artist is counting on consumers being tricked into a direct sale and being lured by the positive feedback seen on eBay.
However, the message is actually from a con artist who assumed the identity of the legitimate seller who already sold the item to the winning bidder. The second chance bidder who falls for this scam is left empty handed, paying for a product that will never arrive.
For the full consumer alert, link here.
Here are two resources to seek help, if you become a victim:

Attorney Generals Office Complaint Form and Federal Trade Commission Complaint Form.

These resources are only applicable in California and the United States, here is a list where you can find victim assistance worldwide:
Here are some other tips on how to avoid fraud on eBay:
Here is a post about how accounts are taken over on eBay:

Monday, June 26, 2006

Check Cashing Jobs - A Quick Way to Drain Your Bank Account and Maybe Go to Jail

I got this e-mail today inviting me to make $5,000.00 a month (minimum) working a couple of hours a day. Of course, I need to use my own bank account - which will be drained of all it's funds - when the bank discovers the transactions are fraud. If it sounds too good to be true, it probably isn't.

Recently, I wrote about how banks often clear these checks - and even sometimes verify them as good - then take your money anyway. Of course, since in most of these instances, the money has been sent (normally wired somewhere); the person who negotiated the item is left holding the bag.

Welcome to the "Check Cashing Scam," that organized fraud gangs are using to recruit people to take all the risks - while they collect all the "real money" via Western Union, or MoneyGram.

In reality, the people who do this, are being conned into laundering fraudulent transactions - mostly from auction sites - such as eBay.

Recently, we saw Australian teenagers and a Better Business Worker get caught up in this scam. Please note that the some of the Australian teenagers are facing charges - which can be another "nasty" side-effect of getting involved in this activity.

Here is an example of one of the come-on letters (note the reference to identity theft at the bottom):

Dear Jobseeker,

This offer was sent to you in response to your resume on
www.monster.com.

The job we are offering requires only two hours per day during which you will check your e-mail and go to your bank. You will be given a position of representative within our company which means that you will be a collaborator and not an actual employee. There is no experience required; only the knowledge of using an e-mail account and a bank account. It does not matter if you already have a job or not if you have two hours to spare each working day.

What is required of you in order to be eligible for this job:

- Honesty, responsibility and dedication to this new line of work;- An existing active bank account that you will use to cash money orders and checks (no information is required about your bank account);

- Access to the internet and a small amount of free time every day in order to check your e-mail twice per day (once in the morning and again in the evening).
What we offer during this job:

- Flexible working time: you chose what hours you want to work;- Working at home: you only need to check your e-mail and make trips to your bank;- Professional support via e-mail;- No selling involved no kit to buy, we will not charge you anything, and you will not handle any merchandise;

- Minimum pay: $5,500 (from commissions and a $900 monthly salary);- Commission: 10% off of every money order/check that you cash, instantly money in hand that you will deduct from the cashed amount. If you receive a check of $1,000.00 your net income is $100.00, our company supports any fees. You can receive a maximum of 3 checks/money orders per day which will earn you between $300 and $900 cash in hand each day.

If you are interested our staff will send detailed information about the contract which you must sign in order to get started. We reserve the right to keep you on probation for the first month, meaning that we will decide at the end of the first month whether you will be a permanent employee or not.

It is very important for us to know how willing you are to work for our company. Also, we are keen to know about your skills in contacting other people and above all we are looking for candidates that are ready to work and seek to self improve all the time. Our company just started this program and we need personnel loyal to our company and our program. We believe that we represent an excellent opportunity for everybody, a chance to start a new career without much knowledge but with great perspectives. Even if you are not willing to grow with our company this still remains an excellent opportunity for those who need a temporary or a secondary job.

We are confident that you will make the right decision and hope to hear from you soon.

IMPORTANT:

-You must be over 21 years old.-You need to live in U.S.A. (legal residents and immigrants can also apply) and have an active bank account.

If you meet these conditions please contact us by replying at this e-mail address to receive the contract and detailed information about this job.

We will never ask you for bank name, bank account number, routing number, credit card, passwords, ssn number etc. If anyone asks for those on our behalf please do not give out this info. This is to ensure that you will not be the victim of an identity theft case.

Thank you

Sunday, June 25, 2006

28,000 Sailors Compromised. Lieutenant Cole - All is Not Secure!

It's a crying shame that when those who serve their country are at war, their personal information - which can be used to ruin financial well-being - is being compromised.

As reported by the Associated Press:

The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website.

The Navy said Friday the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the website or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.

It was information you don't want on a public Web site," Cole said. "But there was no indication it was being used for illegal purposes."

Of course - as is standard - in these cases, the official "spin" is that they have no reason to believe any of the information is being used and the Navy is not identifying the site in question.

In the Naval service, someone reports their post, they state "all is secure" when everything is in order. In this official statement, Lieutenant Cole is basically reporting that "all is secure" in this latest data-breach. I beg to differ! With the number of breaches (mostly unresolved) out there, nothing seems very secure.

Of course, 28,000 is minimal when compared to 26.5 million, which is the number of veterans recently compromised in the VA breach. In this breach, the official "spin," suggested that the stolen data was accomplished by teenagers and there was little risk that the information would be used.

And if you were to add up the number of potential victims since the Choicepoint Incident (Feb 2005) --which is when someone started keeping track of all these data breaches -- at least 88,366,461 human beings have been compromised. Please note, these are only the "known incidents" and let's face it - the current culture dictates that those compromised do not like reporting it.

If there is little risk, all the efforts to warn veterans and legislation being considered in Congress is a waste of time. We are seeing data-breaches occur - almost routinely - and personal information is being sold in chatrooms at "bargain" prices. The sheer volume of this activity suggests, there is a lot of "risk" for those, who have been compromised.

Lieutenant Cole, let me let you in on a little secret, "all is not secure," and as long as we pretend it is, the bad guys will be mocking us - while they pursue their criminal goals.

Saturday, June 24, 2006

Ron Gonzales, Another Politician Accused of Fraud

It seems that politicians getting caught with their "hands in the cookie jar" is becoming a huge problem. To add to the growing list, the Associated Press is reporting:

Mayor Ron Gonzales was booked on fraud, bribery and conspiracy charges Thursday following a grand jury probe into a secretly negotiated garbage contract that cost taxpayers more than $11 million.

Gonzales was released on a $50,000 bond after being indicted on six counts. He denied any wrongdoing and rejected calls to step down.

"At this point, Mayor Gonzales is committed to completing his term," deputy chief of staff Deborah Herron said.

Here is the report from the Associated Press, courtesy of Yahoo News.

Although Mayor Gonzales claims he received no personal benefit from this deal - a prudent person is going to wonder what his true motivation was? This deal was designed to benefit a "few" at the cost of "many."

Mayor Gonzales may join other notable public figures, such as Congressman Jefferson, Randy "Duke" Cunningham and Tom Delay in what is becoming an "exclusive" club of former political figures being accused, or convicted of fraud.

This is a sad commentary on the state of politics today.

In fact, the problem seems to be so bad that the FBI recently added a page, where the public can report fraud in government. Sadly enough - with the amount of scandals surfacing - it is probably a prudent move on their part.

Here is a previous post, I wrote on that with a link to the page:

FBI Site to Report Corrupt Civil Servants

Here is another post, I wrote on the recent scandal involving Congressman Jefferson:

Is the Latest Congressional Scandal a Nigerian Fraud

Friday, June 23, 2006

Congress Votes to Compensate Veterans for Identity Theft

Congress is voting to provide compensation for the 26.5 million veterans who have had their identities compromised.

United Press International is reporting:

"The Judiciary Committee of the U.S. House of Representatives took a step Wednesday toward compensating veterans who might be victims of identity theft because of the loss of millions of Veterans Affairs Department personnel records, CongressDaily reported Thursday."

"On a voice vote, the committee approved the legislation, clearing the way for likely House approval next week. The bill was in response to the theft of a laptop computer reportedly holding the files of 26.5 million veterans from the Maryland home of a Veteran Affairs employee."

"An Office of Veterans Identity Protection Claims would be established to process claims of veterans who might have their identities stolen by thieves who steal money or run up credit card bills, the report said."

Here is the report from United Press International.

Meanwhile, the government is having additional problems with information being stolen. As I wrote in my last post, the FTC (Federal Trade Commission) lost two laptops and it's being reported that the USDA might have had 26,000 people compromised when their computers were hacked.

Data breaches are nothing new, but perhaps now that they have "hit home," Congress will finally enact long awaited legislation to address the rash of data thefts that have occurred in recent years.

The legislation seems to have been "delayed" by special interest groups that have the intent of "watering down" the proposed legislation to the point, where many feel it wouldn't be very effective.

Here is a previous post, I wrote about this:

Congress Tries to Silence Identity Theft Initiatives

If you don't want to see the legislation "watered down," here is a link where you can write your representative and let them know how you feel.

The bottom line is that laws need to protect people and not special interests, where the motivation to "water down" legislation is purely financial.

Of course, a more "holistic" approach would probably impact this problem in a positive manner. Here are some thoughts on that:

Are We Addressing Cyber Crime from the Wrong End

FTC Loses Laptops - Compromises Information of Suspected Fraudsters

The Federal Trade Commission is reporting that one of their attorneys lost two laptops - stolen from a car - which contained sensitive information on people being targeted for investigation.

As reported from the Associated Press:

The car theft occurred about 10 days ago and managers were immediately notified.

Many of the people whose data were compromised were being investigated for possible fraud and identity theft, said Joel Winston, associate director of the FTC's Division of Privacy and Identity Theft Protection.

Here is the report from the AP, courtesy of Fox News.

There are some interesting resources from Fox on how to protect yourself from becoming a victim from what some consider is rapidly becoming an epidemic.

Fox's Identity Theft Center

Fox's Cyber Security Center

Fox's Crime Center

The AP article also lists a lot of the recent data breaches, we seem to see (far too often). Here is another resource from the Privacy Rights Organization on the almost weekly breaches. You can view their chronology, here.

The real "kicker" for me is that the FTC now plans to provide these suspected "fraudsters" with identity theft monitoring!

Here is a previous post, I wrote after the Veteran's Administration compromised 26.5 million veterans by losing a laptop:

The VA Data Breach is a Symptom of a Bigger Problem

Monday, June 19, 2006

Soccer (Football) Fans Killed by Teenagers Spoof Downloads Trojan

Websense is reporting that a spoof e-mail - which lures it's victims with the headline "Teenagers Kill Soccer Fans" - has a Trojan Horse downloader hidden in it.

Here is the alert from Websense:

Websense® Security Labs™ has reports of a new email that is spoofed as a story about a group of soccer fans that have been killed by teenagers. The email includes the subject: "soccer fans killed by 5 teens" and includes an attachment called "soccer_fans.jpg.exe".

If the attachment is run, a Trojan Horse downloader connects to a website that is hosted in the United States and was up at the time of this alert. The filename downloaded is called "dianaimag.exe". When that file runs, it attempts to disable Microsoft's Firewall and then visit another website to download code.

Both sites are hosting adult content and may have been compromised, or may part of the authoring of the malicious code.

For the alert from Websense, link here.

This is an obvious attempt to take advantage of the World Cup, which is going on right now. The funny thing is that since they used the term "soccer," the spoof will lose meaning in most of the countries where it is the most popular. I guess these criminals aren't as smart as they think they are:)

Diary of an Identity Theft Victim

I came upon an interesting series of blog posts by Julie O'Brady on her experience of becoming a statistic (one of 9 million according to the FTC) of identity theft.

Julie recounts the "trail of tears" a victim experiences - from discovery of the problem to finally clearing her financial name - and documents it in a series of posts.

In Julie's own words, here is her summary:

The months of June and July, 2005 meant that each day for me was back to Square One with my own personal investigation; i.e. doing research online, contacting every possible authority I could, and then working with the attorney general, private investigator, police detective, and finally postal inspector. I took it upon myself to prepare extensive documentation that I updated and shared with all the authorities and agencies working on the investigations.

To my knowledge, at the very least, the 2 suspects were apprehended by the senior inspector and another victim was identified and quite possibly spared the victimization of the Nigerians.The 2 suspects were college age students who had already secured fake IDs; were picking up lots of merchandise through the drop box; had been selling the merchandise on eBay and other auction sites; and then sending proceeds to the Nigerians who recruited them!

Here again - as Julie has aptly highlighted - only through a lot of "tenacity" was she finally able to get help from a postal inspector - who was able to catch two (possibly more) of the "growing army of Internet recruits" that more organized entities use to do their dirty work.

This highlights why greater efforts need to be made to go after the root sources of crime on the Internet. Since many of the recruits claim to be victims - all too often - there is no prosecution and since the "recruiters" are normally overseas, little is done from a legal standpoint.

Julie did take the time to write about this - and more importantly - didn't give up, which makes her worth of admiration. She also has put together a series of resources to help others.

For Julie's entire story, link here.

Here are some other examples, where organized entities use recruits (dupes) to commit crimes for them:

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions

Saturday, June 17, 2006

Be Wary if You are a Winner in the Coca Cola Sweepstakes

Coca Cola is constantly running marketing campaigns and the cyber-scammers of the Internet are using their name in their latest effort to defraud people.

Here is a recent warning from the good people of Sophos:

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an email scam that pretends to be notification of a lottery win from Coca Cola.

The emails, which have the subject line "COCA COLA PROMOTION", have been spammed out to internet users claiming that the recipient has won $2.5 million in a lottery held by Coca Cola earlier this month. The email recipient is told they are one of only 50 lucky winners around the world who were selected randomly after computers found their email address on internet websites.

To collect their winnings, people are told to call, phone or fax an agent who claims to be working on behalf of the soft drinks giant.

However, Sophos warns computer users that this is a ruse to steal personal details, and that the fraudsters behind the scam campaign can use such information to steal money from bank accounts and commit identity fraud.

For the full release by Sophos, link here.

The Internet criminal community is always mutating their scams - in this instance - we not only have a lottery scam, but potentially a ploy to commit identity theft.

The lottery scam is one of many advance-fee type scams. If you want to learn about other variations of this type of scam, here is a link.

How Big a Problem is Corporate Espionage?

I came across an interesting article by By Patrick J. Smith and Kevin Barrows of the New York Law Journal about the legal implications of corporate espionage.

In the article, Patrick Smith and Kevin Barrows write:

Stealing confidential information or valuable intellectual property no longer requires hours of surreptitious photocopying or the smuggling of overstuffed briefcases past building security. Corrupt employees need not even transfer data to a disk. Any employee with access to the Internet can copy and upload data to Web-based e-mail services with a few simple keystrokes and mouse clicks.

Among the most common acts of corporate espionage is the theft of personal data regarding individuals for the purpose of engaging in identity theft schemes. These are often inside jobs: It is estimated that as much as 50 percent of companycomputer security breaches are perpetrated by insiders.


The theft of confidential information is by no means limited to identity theft schemes. Organizations are also at risk of having their current employees paid off by others to steal valuable proprietary information and intellectual property that is then used against the organization in the marketplace. Or, perhaps a former employee steals the information prior to leaving in an effort to jump start his or her own business venture.


For the full story, link here.

Reading this made me think - with all the unresolved data breaches we've seen recently - could the true intent have been to steal inside information rather than commit "identity theft?"

Take the recent series of laptops stolen from Ernst and Young - which were stolen during audits - and contained a lot of information from numerous companies. In at least one instance cited, the laptops were stolen from a meeting room; while the auditors lunched. Not sure, but I would imagine that the building where they were taken from was at least somewhat secure.

The sad truth is since most of these data intrusions are never solved, we will probably never know.

Then there was the scandal in Israel about a year ago, where private investigators were hired to steal information via a Trojan put into various computer systems. The scandal was pretty widespread and with the "global economy" had worldwide implications.

No matter how you look at it, corporate espionage can be added to the list of reasons why it is important to protect "electronic information." As "technology" continues to grow the potential for information to be exposed to criminals, terrorists and even "corporate spies" is a very real threat.

All too often, we look to technology fixes - when in fact - no technology created to date can defeat the human mind and until we address the "social" aspects of this problem, it will continue to be a major issue.

David Napstead, The Story of a Small-Time Con Man

Normally, I write about big name fraudsters, but there are a lot of small-time crooks out there committing fraud on a daily basis. When you add up the amount of misery caused by these fraudsters, they cause a lot of suffering to hard working people. My friend, Paul Young of Prying1 wrote me about one of them, David E. Napstead.

Napstead in the past has offered nonexistent cellular services to his unsuspecting victims. Like most of the flim-flam men out there, he has phony business cards and a cell phone to conduct business.

Please note, that setting up a phony website is also becoming very common.

A recent comment on Paul's blog indicated that Napstead had been arrested after setting up a phony "debt consolidation" business and bilking those who already were suffering financial difficulties.

Pardon my "French," but what a "dirt bag!" Napstead is no "Robin Hood."

For the full story from Prying1, link here.

If you have been the victim of Mr. Napstead and the crime is yet to be reported, the Las Vegas Police Department might be interested.

Fraud come-ons from people lacking morals surround us, daily. They are found posted on telephone poles, newspaper classifieds - and of course - on the Internet. Because of the "sheer volume" of scams that exist out there (sadly enough) law enforcement lacks the resources to bring a lot of these small-time criminals to justice.

When you are dealing with an "unknown operator" of a business, it pays to do your homework before giving them one "solitary penny."

Here are some resources to do your homework:

Consumer World: Consumer Agencies

Better Business Bureau: BBB.

Quite frequently, a common mistake made (when doing your homework) is that if no information comes up (negative or positive); someone assumes the entity they are "checking out" is legitimate.

If you can find no information - whatsoever - do as Paul suggests in the theme of Prying1: "Dig a a little deeper" before giving up any of your hard earned money.

Here is a previous post - I wrote - specifically on that thought:

BBB Worker Takes Job Processing Fraudulent eBay Transactions

Thursday, June 15, 2006

Actions the Government Should Take to Protect Personal Information

Jim Kouri wrote an interesting commentary in the Conservative Voice, where he outlined the steps the government should take to protect personal information in the wake of the recent VA and Nuclear Weapons Agency breaches:

"The first key step is to develop a privacy impact assessment -- an analysis of how personal information is collected, stored, shared, and managed -- whenever information technology is used to process personal information. These assessments are required by the E-Government Act of 2002. They are a tool for agencies to fully consider the privacy implications of planned systems and data collections before implementation, when it may be easier to make critical adjustments."

"The second key step is to ensure that a robust information security program is in place, as required by the Federal Information Security Management Act of 2002 (FISMA). Such a program includes periodic risk assessments; security awareness training; security policies, procedures, and practices, as well as tests of their effectiveness; and procedures for addressing deficiencies and for detecting, reporting, and responding to security incidents."

For Jim Kouri's full commentary, link here.

Right now there is a lot of emphasis on the government's mishandling of personal information, but in reality the private sector has been responsible for most of the breaches incurred thus far.

According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.

Maybe now that the government plans to show some leadership on this issue, the private sector will follow suit.

Here is a previous post, I did on this matter:

The VA Data Breach is a Symptom of a Bigger Problem

Monday, June 12, 2006

Are Terrorists Probing Our Computer Systems?

I read a pretty alarming article by Barton Gellman of the Washington Post, stating that terrorists might already be planning cyber-attacks:

"Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad."

"Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities."

The article also reports another issue, which is a big problem:

"New public-private partnerships are helping, but the government case remains a tough sell. Alan Paller, director of research at the SANS Institute in Bethesda, said not even banks and brokerages, considered the most security-conscious businesses, tell the government when their systems are attacked. Sources said the government did not learn crucial details about September's Nimda worm, which caused an estimated $ 530 million in damage, until the stricken companies began firing their security executives."

"Experts said public companies worry about the loss of customer confidence and the legal liability to shareholders or security vendors when they report flaws."

For the full story, link here.

If the observations in this article are accurate, we can no longer afford to "keep the lid" on cyber-attacks in the interest of protecting bottom lines. Being worried about consumer confidence and legal liability should take second place to the safety and welfare of all concerned.

Here are some previous posts, I written on this subject:

Mounties Lack Resources to Fight Organized Crime and Cite Ties to Terrorism

Do Financial Crimes and Internet Fraud Fund Terrorism

Fraudster Writes a Bad Check to Post Bail

A Sacramento man - who got caught writing a lot of back checks and doing some on-line banking fraud - wrote a bad check to bail himself out. Although, the bail bondsman was savvy enough to catch the fraud on the first check for $3,200.00, he accepted another one for $9,800.00 and bailed the fraudster out.

Of course, the second one was bad, also.

Nonetheless, the fraudster is being sentenced and is facing up to ten years in prison.

There was no information how they got this guy into court, or if they had to send the "bounty hunter" out to ensure he appeared.

There was also no comment as to whether the bail bondsman was able to collect on the second check.

For the full story from KCRA.com, link here.

When accepting any large check, the only way to verify it is good is to contact the actual owner of the account. It's also a pretty good idea to make sure, the writer is the actual person; especially when dealing with an identity thief.

It isn't uncommon for some of these crooks to set-up a fraudulent telephone number so when the item is verified, it appears to be legitimate.

Here is a previous post, I did on bad checks:

Don't Trust a Bank to Tell You Whether a Check is Good, or Not

Sunday, June 11, 2006

When Someone Rips You Off - Take Action!

Consumers are ripped off daily, especially when hiring independent specialists from the "service industry."

Eric Larsen (Ashbury Press) wrote an interesting article on what to do before you buy - and maybe more importantly - how to effectively file a consumer complaint. Here is a quote from the article:

"New Jersey has one of the strongest consumer protection agencies in the nation, said Kimberly S. Ricketts, who was appointed director of the state division by former Gov. Richard J. Codey one year ago."

"The division has full enforcement authority over New Jersey's Consumer Fraud Act and can levy fines up to $10,000 for first offenses and $20,000 for subsequent offenses by businesses. "While dealing with consumer complaints is certainly at the core of our mission, we want to educate consumers before they have a complaint," Ricketts said."

Ricketts said the top five complaints the division receives are, in order: 1. home improvement contractors; 2. autos; 3. banking, financial and investment complaints; 4. home furnishings and appliances; 5. hometown businesses such as health clubs, movers, travel agencies and employment agencies.

Here is how to effectively practice the art of "Caveat Emptor," or let the buyer beware:

How To: File a Consumer Complaint

The biggest problem out there is too many people don't report this type of activity. Although this article is specific to New Jersey - most States have an agency that is responsible for this. Not reporting these frauds only means that you will never have a chance of getting satisfaction and that someone else will probably get "ripped-off."

I recently had a relative ripped-off for a considerable amount of money in a home improvement scam. Although, we were both novices in the "consumer fraud world" - the two of us put our heads together and filed with some local agencies. Even though the "contractor" had disappeared (3,000 miles away), he was arrested - transported cross-country in a prison bus - and charged criminally. In the end, my relative, was made financially "whole" and got a lot of satisfaction out of knowing he had prevailed and put this gentleman "out-of-business."

Interestingly enough, this fine fellow ripped off a lot of people and amazingly enough - most of them gave up and wrote it off as a "loss." In this case, many of the people concerned - were upper middle-class and well educated. The sad fact is that most of them didn't know where to begin and gave up.

In case you need a resource, here is a good one. It lists resources within the United States and all over the world, where one can seek help and take action:

Consumer World: Consumer Agencies

Nigerian Scam Humor - At Least We Can Chuckle While They "Chop Our Dollars."

If a scammer from Nigeria offers you a bogus payment for your eBay auction item - failure to ship the merchandise to him might bring action from law enforcement authorities.

Apparently, this actually happened as reported by the Register:

"Just thought I had to share this one with you - a scammer won an ebay auction and then sent me a fake paypal receipt to try and get me to send the goods to Nigeria; I ignored them, obviously...but now they've got the police onto me!"

No one was arrested, but this does make for an amusing story. I suppose in the "electronic age," where we register our complaints to a "computer," it was a matter of time before this happened.
For the full story, link here.

Of course in a land, where popular music paints the 419 artists as heroes, it's no wonder we are seeing this. Osofia, a Nigerian musician, had a recent hit called "I Go Chop Your Dollar," which is a parody of the 419 (Advance Fee Scam).

For the video, click here.

The anti 419 folks are known to have a sense of humor, also. Here is a link to the Ebola Monkey Man and Artists Against 419. Sadly enough, it seems that there are a lot of people fed up with the fraud coming from Nigeria (and elsewhere) and trying to do something about it.

And in the recent bribery scandal rocking Congress in the United States- Nigerian Vice President Abubakar Atiku (who was the alleged intended recipient of the bribe) released a statement through a staff-member - accusing Congressman William Jefferson of Louisiana of being a 419er.

Innocent, or guilty - Vice President Atiku obviously has a pretty good sense of humor. I guess time will tell (and the court system), who is joking and who is telling the truth?

Maybe we can get Osofia and Congressman Jefferson on Saturday Night Live to do a parody? Winona Ryder's appearance during her shoplifting trial was immensely popular.

Here is an alternative view of Nigerian Fraud:

419 From the Other Side of the Fence

For more on the alleged 419 scam involving a Congressman:

Is the Latest Congressional Scandal a Nigerian Fraud

Saturday, June 10, 2006

Cyber-Scammers Use "Sucker Lists" to Target Victims

The Internet is full of scam lures involving winning the lottery. The most notorious are those where cons send you a check, tell you to cash it for taxes and tariffs and wire the money back to them so your "winnings" can be released to you. But after you wire the money to them, they fade into the "electronic mist" of the Internet and someone notifies you that the check you just cashed was a fraud.

Unfortunately, the "lottery lure" seems to be so lucrative that I get a spam e-mail just about every day saying I won a vast fortune.

Of course, there are dozens of so-called "legitimate" and often downright "illegitimate" sites out there promising you "inside information" on how to win the lottery. Rumor has it that some of them employ various forms of spyware and even malware to record your personal information, which is then used for other (often) unscrupulous purposes.

If you don't understand how spyware and malware works, I recommend taking the time to educate yourself.

Spybot is a free program use can use to protect yourself from a lot of these nasty programs. Of course, employing anti-virus protection (updated) and even a "firewall" is highly recommended, also. Alex Eckelberry - who is the CEO of Sunbelt Software - does a great blog on computer security - which is a great place to learn about crimeware and how to avoid it.

In a recent article from the "Lottery Post," some of these "Lotto Operators" were scamming senior citizens using information obtained from what they refer to as "sucker lists." Although, I made mention of how information is stolen via technology above - all too often - it is also simply handed over by the future victim in the hopes of "winning the lottery."

As reported in the Lottery Post:

"Using so-called "sucker lists" - lists of consumers who had been defrauded by telemarketers in the past - the defendants called elderly consumers with offers to sell "likely winning lottery numbers" when, in fact, the real purpose was to gain authorization to electronically debit the consumer's checking account."

"The scam began when seniors received telemarketing calls falsely telling them they had been "selected to receive the most likely winning combinations of the Lottery." The caller claimed that the company's "scientific formula" provided the most likely winning lottery combinations."

Of course, the seniors targeted in this ended up having a lot of money charged to their credit cards for "useless" information.

For the full story by the Lottery Post, link here.

If you have been a victim of a telemarketing scam, the best place to report it is the Federal Trade Commission.

Friday, June 09, 2006

On the WWW, A Prudent Soul Holds On To Their Wallet!

I read this post from Paul Young of Prying1 (Digging a little Deeper) and it says it all - "See a Pop Up? Hold On To Your Wallet."

Paul writes:

"Had a popup appear suddenly as I was surfing Blog Explosion. Earlier I was surfing for funny videos to download and that might have been when I got the cookie. Anyway. Here I am zigzagging through Cyber Space when I'm accosted by a window that claims I can make money simply by filling in my name and email address. Such a deal. They didn't even demand I use my real name. Is this a great country or what?

"Well I right-clicked on the window and clicked on properties to find out who they were before I'd take a chance on giving them a phony name and junk email address. This is how I discovered 'ReferralWare'. I have no problem with people throwing money at me as these folks proposed. Especially for free. BUTTTT!!! - I have a major defect in my emotional well being. I'm a skeptic... - I thought I would perform one more test. What I call the Company Name/Scam Google Test."

For the full "read" (highly recommended) and the results of Paul's experiment, link here.

Normally, I try to add some additional resources -- but since I like this one so much -- it's best left in it's original state.

Prying1 takes a "common sense" approach to dealing with life's woes and it is a site that I frequent on a regular basis.

So far as this (probably semi-legal scam), always remember "If it seems to good to be true, it probably isn't."

Sunday, June 04, 2006

Don't Trust a Bank to Tell You Whether a Check is Good, or Not

Just because someone at the bank tells you a check is good, it might not be the case. Here is a story written by Caroline Mayer of the Washington Post -- where someone selling a car on a auction site received a check for more than the amount of the purchase -- and was asked to wire the extra money back to the buyer.

The seller was suspicious and asked a teller at his bank (twice) to verify the check and was told it was good. Here is what happened next as Caroline Mayer reports:


"Four days later, as he reviewed his account online, he discovered the check was not good. Even worse, the bank was demanding that he repay the $5,000."

"Had I made the deposit and not tried to make sure it was legitimate, I should have full obligation to make good on it," said Schaefer, 34, a facilities manager in Brattleboro, Vt. "But I checked with the bank twice, and now I find out they have no accountability."

"Schaefer is one of thousands of consumers who have been victimized by an increasingly common check scam that relies on the vagaries of the banking system to take advantage of unsuspecting consumers."

"Federal rules require banks to release funds from a consumer's deposit quickly, usually within one to five business days, depending on the kind of check. However, it can take weeks before a bank discovers a check is fraudulent."

Full story, link here.

This is a typical advance fee scam, where counterfeit checks, or money orders are used to dupe a seller.

So far, as the bank involved, I would recommend that they do a little "fraud awareness training" with their tellers to protect their customers from getting ripped off. Counterfeit checks often use good account numbers, which can be deceptive.

In my experience, the best way to verify a check is to contact the issuer of the item. If the check is counterfeit, or a forgery, laws in most areas allow it to be charged back for a year, or more.

And that is a long time to wait!

Cyber Gangs Luring Children to Launder Money

In Australia, a Triad (Chinese Organized Crime Gang) with ties to Malaysia and Russia recruited children to launder money, stolen as a result of "phishing" schemes. Teenagers and a few "20 something" types were recruited to receive the stolen funds in their own bank accounts. They would then turn over the money (minus a commission) to low level members of the gang, who would wire the money overseas.

Unfortunately, it appears from the article I read in the Sydney Herald by Frank Walker that no one at the higher echelons of the gang was apprehended.

For the full story from the Sydney Herald, link here.

Please note that the Australian authorities are prosecuting the individuals involved.

Criminal gangs involved in cyber-crime recruit people to launder the money from financial crimes all the time, and it doesn't only happen in Australia. In fact, evidence shows it is a worldwide issue that is getting worse all the time.

I recently wrote a post about a BBB (Better Business Bureau) employee, who was recruited to do pretty much the same thing:

BBB Worker Takes Job Processing Fraudulent eBay Transactions

Cyber crooks recruit people in chat rooms and even surf jobs sites like Monster.com looking for what they consider "dupes" to take all the "risks" for them. It appears (from this story) that they aren't above using our children to commit their "foul deeds."

Before accepting any job offers from an unknown source on the Internet, it's smart to do your homework. This is especially true, if you are asked to use your own financial resources to negotiate any financial transaction. Furthermore, if any of the above factors "ring true" and you are asked to "wire" money run away from the deal as fast as you can.

Here is a pretty good resource to educate yourself (and others) on Job Scams:

World Privacy Forum

Thursday, June 01, 2006

Phishermen are Trolling MySpace for Victims

If your children use MySpace - or you use it yourself - here is a warning from Websense:

"Websense® Security Labs™ has discovered a phishing attack that attempts to steal the account information of MySpace.com users. A hyperlink is first delivered to victims via AOL Instant Messenger. Users who follow this link are taken to a fraudulent website that spoofs the MySpace.com login page. This page captures their MySpace account information and then forwards the user to the actual MySpace.com website."

"The fraudulent site also sets a cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits."

The phishing site is located in California and was up at the time of this alert.

For the full alert, along with a screen shot of the phishing site, link here.

MySpace is a hugely popular site (and when anything becomes popular) it attracts what I refer to as the cyber-scum element.

Here is an interesting article from MSNBC and Rob Stafford. If you are a user of MySpace, or care about someone who is a user, this is a great resource with information on how to navigate the waters of MySpace safely.

Why parents must mind MySpace - Dateline NBC - MSNBC.com

While I'm not sure what the intention is in "phishing" the waters at MySpace, a smart person is extremely careful before giving out any personal information on the Internet!

Here is a recent post, I wrote about how these "Internet Child Abusers" are going to be targeted through their financial transactions:

Catching Child Predators by following the Money Trail

In case anyone is unfamiliar with Phishing, here is a place to start learning:

Internet Crimes are On the Rise and Deadlier than Ever