Sunday, April 30, 2006

Counterfeit Goods, A Borderless Problem

Counterfeit goods are a worldwide problem. With the global economy, the companies being counterfeited are spending a lot of money to try to stop the problem. But have they been successful?

The Daily Times of Pakistan is reporting:

A long campaign to remove pirated goods from shop fronts in Asia is finally having an impact but the crackdown has also changed the nature of the problem and new outlets are flourishing. The results of police raids, a slate of new laws and increased prosecutions can be seen across the region on the back streets of Beijing, Hong Kong, Taipei, Singapore and to a lesser extent Phnom Penh and Hanoi.

To counter the authorities, black market buccaneers are shifting their goods from roadside stalls and shopping malls to the Internet. Su's team now also conducts daily patrols of Internet sites. His point was echoed by industry observers in Mumbai and Seoul, where much like Bangkok and Jakarta, it's business as usual with counterfeit products brazenly on display in the tourist precincts.

In other words, the people behind counterfeiting are very adept at mutating their method of operation and carrying on.

Link to Daily Times article, here.

Of course, we in the West can blame Asia and the third world for this activity, but if weren't for people in the West buying these goods, I doubt it would have grown into an international (worldwide) problem.

AND the companies being counterfeited probably have something to worry about. With the popularity of Internet auctions, the business of counterfeiting goods is likely to grow. Internet auctions are big business and sites, such as eBay refuse to accept blame for the actions of their members. The sale of counterfeit goods is rampant on these sites and Tiffanys and Microsoft are spending a lot of money bringing legal action to try to curb it.

Some of these companies might be contributing to the problem in another way. After all, do you think all the $100.00 tennis shoes we buy are made in North America, or Europe? Not very likely in the global economy. In the quest for cheap labor, long regarded as one of the major expenses of doing business, many of our goods are produced in the same countries that produce the counterfeits. The end result is counterfeits of about the same quality as the item being counterfeited.

I doubt there will be any significant impact on this problem until all parties involved clean up their acts. We can blame and prosecute counterfeiters in far-away lands, but as long as there is a demand and a ready means to distribute these goods, the problem isn't going away.

I recently read a book by Tim Phillips, "Knockoff," which is best analysis of the situation I've seen.

If you are interested, I would highly recommend reading it.

A Rumor of Raids Against Illegal Immigrants

Nina Bernstein of the NY Times is reporting:

False rumors of random federal immigration raids have sent panic through immigrant communities around the country this week, emptying classrooms, work sites and shopping areas and sending thousands of people into hiding.

Whatever their source or intent, the rumors have given an unintended jump-start to a nationwide boycott many groups have planned for Monday, a day on which immigrants are being urged to stay away from work and to refrain from shopping to protest legislation that would make it a felony to stay in the United States without proper papers. At the same time, some immigrant advocates fear that the scare will keep people away from public demonstrations called as an alternative to the boycott. Immigration and Customs Enforcement offices have been deluged with inquiries about reports of random raids, from pizza parlors to construction sites, said Ernestine Fobbs, a spokeswoman. Many denials, she said, have failed to stem the rumors.

Link, here.

This is a sensitive issue, on one hand, no one wants to target hard working people trying to make a better life for themselves, but on the other hand, a lot of criminal activity is related to illegal immigration.

In fact, criminals (primarily the organized type) make a lot of money smuggling humans and other things over the border.

There is also the need to secure our borders from the very real threat of terrorism.

Unfortunately, it also seems that a lot of corporations turn a blind eye to all this criminal activity, which victimizes the general public and the immigrants, themselves.

Then there is the problem of social programs going bankrupt. Part of this is fueled by the needs of people, who are here illegally and the fact that the corporations hiring illegal immigrants aren't paying their fair share of the social costs.

Tomorrow should be interesting, but the fact remains that massive reforms and actions need to be undertaken to address this problem.

Perhaps, we should give preferential treatment to those illegal immigrants, who turn in the criminals profiting from their hard work?

Recognizing those, who exhibit the qualities of a good citizen should be one of the factors considered when deciding whether, or not they are fit to become legal.

It makes a lot more sense to use our resources planning raids against criminals instead of hard working people.

We need to create a fair and just way for hardworking people to immigrate and address the root of the problem, which is criminal enterprise.

California Predicts the Top Ten Scams for 2006

Much of the legislation to curb Fraud, Phishing and Financial Misdeeds enacted worldwide can be traced to laws in California. This is probably because of the amount of fraud that the Golden State has suffered in recent times.

Based on this, it would make sense to pay attention to what California predicts when it comes to fraud.

Here is what California predicts for 2006, courtesy of the Department of Corporations:

Senior Investment Fraud. The elderly are targeted for fraud for several reasons, such as older Californians are most likely to have a nest egg, own their own home or have excellent credit-all of which the con artist will try to tap into. As seniors plan for retirement, they may fall victim to such investment schemes as oil and gas, real estate, and annuities. They should be careful when solicited by mailers, telephone, and through free lunch or dinner seminars. In the past year, DOC assisted with a Southern California district attorney's office to bring criminal charges against three perpetrators for selling promissory notes offering a 12 percent annual return and then absconding with seniors' money. The defendants were charged with 850 felony counts of senior fraud.

Mortgage Fraud. Predatory mortgage lending involves a wide array of abusive practices and usually takes place in the subprime market, targeting borrowers with weak or blemished credit records. The most common lending abuses include excessive fees, abusive prepayment penalties, loan flipping, and other shady practices. In addition, foreclosure schemes are on the rise in which the prepetrators mislead the homeowners into believing that they can save their homes in exchange for a transfer of deed and up-front fees. The perpetrator profits from these schemes by remortgaging the property or pocketing fees paid by the homeowner. DOC, as part of a California task force comprised of local district attorneys and the California Attorney General filed a judgment in 2006 against a major subprime lender to resolve predatory lending allegations against the company, which will provide consumers $295 million in restitution and require sweeping reforms of the firm's business practices.

Affinity Fraud. These scams exploit the trust and friendship that exist in groups of people who have something in common, such as religious or ethnic communities, the elderly, military servicemembers, or professional groups. The fraudsters who promote affinity scams frequently are-or pretend to be-members of the group and enlist respected community or religious leaders from within the group to unwittingly spread the word about the scheme. In 2005, DOC brought enforcement actions against perpetrators of investment scams affecting members of the African American and the Korean American communities in Southern California, and a foreign currency scheme targeted at the Chinese American community in the Bay Area.

Identity Theft/Phishing. Identity theft is a trend that is often aided by technology and is the criminal activity of stealing someone's personal information for financial gain. More often than not, it involves "phishing," where Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted Web site, when that is not the case. As more investment and banking accounts, as well as 401(k) plans, are accessible online, thieves may attempt to obtain your access codes and passwords so they can transfer all of the assets out of accounts.

Online Escrow Fraud. In 2005, DOC enforcement actions to crack down on online escrow fraud increased by 16 percent from 2004. Escrow services fraud involves a perpetrator proposing the use of a third-party escrow service to facilitate the exchange of money and merchandise. The buyer sends payment to a phony escrow site that closely resembles a legitimate escrow service. Or, the seller sends merchandise to the bogus buyer, and waits for the payment through the escrow site, which is never received because it is a sham.

Commodities/Foreign Currency. Consumers should take special care to protect themselves from the many types of commodities fraud. They might be selling precious metals, such as silver or gold, or foreign currency, such as Euros, Yen or Deutschmarks. Be wary of any firm that offers to sell commodities or commodity futures or options, particularly if a firm promises high profits and low risks, or claims that they have made profits for all of their customers. The commodities and futures markets are very risky, and investors can lose their entire investment very quickly. In 2005, DOC took enforcement action against a firm and sales representatives in San Diego County who were not registered with the Commodity Futures Trading Commission to sell foreign currency contracts. Investors were not aware that the promoter had been barred from the National Futures Association, the self-regulatory organization for the futures industry, and a principal had been ordered by the NASD to pay damages in two separate incidents. Oil and Gas Scams. With oil prices at record levels and continued Middle East instability, DOC is concerned about the increase in oil and gas scams that it is experiencing. Perpetrators lure investors into unsuitable or fraudulent oil and gas ventures promising quick profits on a low risk investment. A San Diego scam using five different company names touted a 90 to 95 percent probability of striking oil in oil wells and returning investors' principal investment within a few years, which some customers never received. At least seven California residents invested more than $770,000 in the scam. The perpetrators failed to disclose prior convictions of mail fraud and wire fraud and that at least seven other states had taken administrative action against the sales agents for securities fraud.

Ponzi/Pyramid Schemes. Named for swindler Charles Ponzi, the premise is simple: use money from later investors to pay early investors. Instead of investing customers' funds, the operator pays dividends to initial investors using the principal amounts invested by subsequent investors. The scheme generally falls apart when the operator flees with all of the proceeds, or when a sufficient number of new investors cannot be found to allow the continued payment of dividends. Another very old form of fraud, a pyramid scheme, promises consumers or investors large profits based primarily on recruiting others to join their program, not based on profits from any real investment or real sale of goods to the public. A product may be used to hide the pyramid structure if the company's incentive program force recruits to buy more products than they could ever sell, or the sales occur only between the people inside the pyramid structure or to new recruits joining the structure, not to consumers out in the general public.

Military Fraud. There has been heightened concern at the federal and state government levels about the financial vulnerabilities of servicemembers and their families, particularly in light of recent deployments to Iraq and Afghanistan. Money woes can be especially difficult for National Guard and Reserve soldiers, who often have to make a rapid switch from civilian to military life when they get called up. DOC created the California Troops Against Predatory Scams (TAPS) program to provide financial education and consumer protection tips, supported by an effective and timely consumer enforcement program.

Disaster and Charity Scams. Scammers will attempt to capitalize on the aftermath of Hurricane Katrina and other disasters. Be careful of investment fraud scams which claim to be trading programs that guarantee high returns, with a portion going to aid relief efforts. Others promote businesses that stand to profit from relief and rebuilding efforts. Be cautious of the influx of Web sites soliciting for charitable donations to avoid phishing and identity theft.

It never ceases to amaze me at the lack of moral fiber fraudsters have. If California is correct, they will target the elderly, charities, people's homes, their identities, their retirement savings and even the military in time of war.

Besides supporting legislation to put these people away (for a long time), the most effective tool against fraud is awareness. It is a kind thing to share awareness to protect those, who might fall into harm's way by an activity that is becoming epidemic in nature.

I would like to thank the State of California for sharing this with us all.

Press Release link, here.

Friday, April 28, 2006

Do Financial Crimes and Internet Fraud Fund Terrorism

Many of us wonder exactly how terrorism is funded. Here is a story from the AP, which might lead some to believe that financial crimes (fraud) is a source of funding.

"Five relatives of a U.S. citizen suspected of being a senior Al Qaida operative were arrested in California and Utah on charges of defrauding banks of hundreds of thousands of dollars."

"The FBI said Omar's relatives netted $327,000 from fraudulent bank loans and bad mortgages in Utah, and Bretzing said some of the money wound up in Jordan with Omar's relatives.

Omar, a 44-year-old Kuwaiti native with U.S. and Jordanian citizenship, has been indicted in Jordan with Iraq insurgent leader Abu Musab al-Zarqawi in an aborted chemical attack on the Jordanian intelligence agency."

Full story by the AP courtesy of MSNBC, here.

Of course, the FBI says the matter is still under investigation and won't speculate. Please note, I can't blame them for not doing so in an ongoing case.

BUT here is evidence that the FBI takes the ties between fraud and terrorism seriously. Here are excerpts from a speech delivered by Grant Ashley, Executive Assistant Director of the FBI to the International Association of Financial Crimes Investigators in 2004:

It has often been said that money is the root of all evil. I don't know if that's the case, but I do know that it is the root of terrorism. Terrorists rely on money to fund their training and operations. They disguise their fundraising activities as legitimate charity organizations. They resort to white-collar crime to raise money. Money laundering is no longer exclusive to sophisticated criminals, but is now routine for terrorists.

Money can also be the fruit of terrorism and crime. Today's terrorists and criminals use sophisticated business practices to achieve their goals, not unlike those of legitimate multinational corporations. Criminals today are not just stealing funds, they are stealing credit card information, social security numbers - entire identities - and selling them for profit. Those who traffic in humans, drugs, or weapons are motivated and rewarded by money.

Link to Assistant Director Ashley's speech, here.

Although it rarely makes it in the news, it appears that the FBI sees a connection between financial crimes (fraud) and terrorism.

If there are some of you out there that are leery of government sources, the Washington Post did a story on Imam Samudra, the terrorist behind the Bali Night Club bombings in Indonesia. Samudra published a book with a chapter entitled "Hacking, Why Not?"

There, Samudra urges fellow Muslim radicals to take the holy war into cyberspace by attacking U.S. computers, with the particular aim of committing credit card fraud, called "carding." The chapter then provides an outline on how to get started.

Samudra, 34, is among the most technologically savvy members of Jemaah Islamiah, an underground Islamic radical movement in Southeast Asia that is linked to al Qaida. He sought to fund the Bali attacks in part through online credit card fraud, according to Indonesian police. They said Samudra's laptop computer revealed an attempt at carding, but it was unclear whether he had succeeded.

Samudra was quoted in the article:

"It would not be America if the country were secure. It would not be America if its computer network were impenetrable," he writes at the beginning of the hacking chapter. He continues by urging fellow militants to exploit this opening: "Any man-made product contains weakness because man himself is a weak creature. So it is with the Americans, who boast they are a strong nation."

Here is a link to the story by the Washington Post.

Interestingly enough, we have seen some major hacking activity in the recent past, where large numbers of credit and debit card numbers have been compromised. There have also been a large number of data breaches, most of which seem never to have been solved.

In testimony before Congress, Dennis M. Lormel, Chief, Financial Crimes Section, FBI said:

Because most of these are never solved, we as average people can only speculate as to what the source of this activity is.

After all, (Terrorist 007) Irhabi 007, the so-called Al Qaida hacker, who was spreading terrorist propaganda on the Internet used stolen credit cards to set up his ISP connections.

In testimony before Congress, Dennis M. Lormel, Chief, Financial Crimes Section, FBI stated:

Another pattern of terrorist financing involves funding of terrorist cell activities through various criminal activity. Al Qaida has been known to encourage and instruct terrorist cells in terrorist training camps in Afghanistan in ways they can fund their terrorist activities through various criminal activity. For example, Ahmed Ressam, the Algerian extremist convicted in the terrorist plot to place bombs at Los Angeles International Airport among other locations, was instructed in these camps to engage in criminal activity such as bank robberies and fraud schemes to fund his terrorist activities. As another example, investigation has identified a terrorist cell based in Spain with ties to Al Qaida that used stolen credit cards in fictitious sales scams and for numerous other purchases for the cell. They kept purchases below amount where identification would be presented. They also used stolen telephone and credit cards for communications back to Pakistan, Afghanistan, Lebanon, etc. Extensive use of false passports and travel documents were used to open bank accounts where money for the mujahadin movement was sent to and from countries such as Pakistan, Afghanistan, etc. In addition, the cell relied upon street crimes such as home burglary, car theft, and car burglary to fund their cell activities.

We live in a new and more dangerous world since the 9-11 attacks. This new world requires that we take another look at issues, such as financial crimes and illegal immigration. These issues, which were not priorities in the past, have become increasingly important in the quest to ensure our safety and security.

Unfortunately, there are too many out there, who want things to remain the same and are now exercising their political voices to prevent the necessary changes.

Perhaps, they should go out and watch "United 93" to refresh their memories of why we can no longer allow tolerate loose financial controls and allow criminals and terrorists easy access to our borders.

Using VoIP to Phish for Victims

The world of Internet fraud is a constantly mutating animal. Phishing in particular is a rapidly growing problem and the latest mutation is the use of VoIP (Voice over IP) technology.

Using VoIP technology, the phishermen are luring the innocent into giving up sensitive personal and financial information by impersonating call centers.

Robert McMillan of IDG News Service reports:

Typically phishers email their victims, trying to lure them into revealing sensitive information on bogus websites. But instead of telling victims to click on a Web link, this attack asks users to verity account information on a phony customer support number.

"Part of the danger here is just the fact that it is novel," senior research scientist with Cloudmark, Adam O'Donnell, said. "Most people are pretty comfortable calling to a phone number that they think is their bank's."

Link to story from IDG News, here.

If you happen to see one of these Phishy e-mails, you can report it to the PIRT Phishing Incident Reporting and Termination Squad. This is a new service (volunteer driven) that actively goes after and takes down phishing sites.

Here is a previous post, I did on PIRT.

Tuesday, April 25, 2006

Do It Yourself Hacker Kits

Not too long ago, you needed some technical expertise to become a Internet criminal. Think again, for about $15.00 you can buy your own do it yourself kit from Russia. This kit downloads a Trojan when someone visits the site it is installed on. It logs keystrokes, (which can give someone access to your personal and financial information), downloads additional cybernasties and opens backdoors to a compromised system.

The Trojan is even smart and can detect what browser is being used via the user agent and customize the exploit based on the browser settings.

Here is the ad, which was translated into English by Websense:

Dear Friends! We would like to offer you multi-component exploit Web-Attacker IE604, that realizes vulnerabilities in the internet browsers Internet Explorer and Mozilla Firefox. With the help of this exploit you will be able to install any programs on the local disks of visitors of your web pages. In the foundation of work of the exploit Web-Attacker IE0604, there are 7 already-known vulnerabilities in the internet browsers: Objective of the Exploit: Hidden drop of the executable from the deleted source to the local hard drive of the site visitor.

-Bypasses all security measures-Is not blocked by Firewalls [Agnitum Outpost, Zone Alarm, Sygate Personal Firewall]

-Tri-level protection -Flexible installation -Updates -Detailed Statistics

For the full alert, with screenshots, click here.

John Leyden of the Register is also covering this story.

trimMail's E-Mail Battles has an interesting story about why some of these kits are so dangerous. Here is an excerpt:

Smart computer users know that once a computer is infected by a rootkit, it's changed forever. And as Windows rootkits go, Hacker Defender is among the most dangerous. The author of Hacker Defender, holy_father, explains why he does what he does, and what you can do to detect his rootkit.

Antivirus companies sell a fake sense of security, but they do not bring real security to your computer. Antivirus just fights programs that are visible to common users. They don't care about the cause.

Do it yourself kits are becoming increasingly common and are making the Internet increasingly dangerous for the common user.

Here is a recent post, I wrote about "how to scam kits" and one that is designed for use in committing fraud on eBay.

Link, here.

Saturday, April 22, 2006

Ever wonder how well you are protected from credit card fraud?

I was reading Cary Cartter's (I'm Thinking of the "O" Word...) and came upon a link he had on his blog on why we should all buy "shredders."

By the way "O" stands for obvious.

After clicking on the link, I found to my amusement a pictorial of Rob from ripping up one of those credit card offers in the mail we all receive, tearing it up, taping it back together and then sending it in to Chase.

AND Rob didn't stop here, he changed the address on the application and used his cell phone as his contact number. Note that these are both WARNING signals of fraud.

After researching the Chase site, Rob figured he had wasted his time. They clearly mention tearing up the application as a preventative measure.

Going even further, he researched the Federal Trade Commission's site, which also recommended tearing up the documents.

BUT he didn't waste his time, after a short wait his Dad called to let him know he had mail from Chase. Inside it was a shiny new credit card, which of course, he activated with his cell phone.

Link with lot's of pictures, here. One of the pictures shows a close up of the credit card indicating this is no hoax.

Although hilarious, this little experiment shows that despite the press from financial service companies about their top notch security procedures, fraud is too EASY to commit. It seems that they are more interested in marketing their products than protecting your personal information.

They expect fraud and figure it into their profitability margin, or add into the cost of using their service. That way they can sell even more services and you end up paying for it.

Of course, they are now "marketing" identity theft products and will try to sell that to you, also.

Here is an interesting commentary from the Motley Fool on why most identity theft products are another form of "dialing for your dollars" and why many of them offer little value.

Friday, April 21, 2006

Why Illegal Immigration Benefits No One

No one faults the hard working illegal immigrant, who is trying to pursue the dream of a better life, or escape poverty. The problem is the criminal activity that goes along with the trade. There is nothing noble about drug smuggling, kidnapping, bondage, identity theft and a host of financial crimes that tie into the trade in human flesh.

Organized criminals run this business and they engage in multiple streams of income, often using the illegal aliens in their other illegal activities. Unfortunately, it seems that legitimate corporations are knowingly complicit in the activity, also.

Here is a quote in a recent story from the New York Times:

Saying the hiring by companies nationwide of millions of undocumented workers is often a form of organized crime, Mr. Chertoff, a former federal prosecutor, said the government will now attempt to combat the practice with techniques similar to those used to try to shut down the mob.

"We target those organizations, we use intelligence to define the scope of the organization, and then we use all of the tools we have whether it's criminal enforcement or the immigration laws to make sure we come down as hard as possible and break the back of those organizations," Mr. Chertoff said during a news conference at the headquarters of Homeland Security's Immigration and Customs Enforcement Division.

IFCO Systems North America, the subject of the recent raid was also found to be supporting the identity theft crisis:

Company supervisors knowingly hired illegal immigrants, provided them with housing and transportation to and from work, and even reimbursed one undercover agent for the cost of obtaining fraudulent identity documents, Homeland Security Department officials said.

An examination of the company's payroll of 5,800 employees found that just over half of them had Social Security numbers that were either invalid, belong to a dead person or did not match up with names on file, investigators said.

Link to article, here.

There have been a lot of updates to this story. The LA Times is quoting a federal agent as saying the illegal immigrants were working in unsafe conditions.

"There was a lot of drilling, cutting, dismantling of old pallets, pneumatic nail guns, power saws. Most of these guys were working in jeans, tennis shoes, short-sleeve shirts; some had sawdust in their hair," he said. "No legal facility would let workers work in those conditions."

There is nothing honorable about this trade and it is shameful that certain seemingly legitimate corporations are in collusion with organized criminal activity. Substandard working conditions and the host of crimes that go along with this trade victimize everyone (including the illegal immigrant) so the few (primarily criminals) can reap enormous profits.

So far as the other criminal and potential terrorist activity that goes along with unsecured borders, here is a link to a previous post I wrote.

Thursday, April 20, 2006

Package Deals to Commit eBay Fraud

Gone are the days where committing fraud took knowledge, or technical expertise. Personal, financial and "how to scam" kits are all easily purchased in IRC (Internet Relay Chat) chatrooms.

AuctionBytes (Ina Steiner) is reporting:

"According to an "eBay scam kit" obtained by AuctionBytes, women are easy marks on eBay. The kit, marketed as "eBay: Women Dough v1.8," contained everything a scammer needs to set up auctions on eBay to sell items they don't own and don't intend to fulfill to "customers."

"The eBay Women Dough scam kit contained three prepackaged high-end auctions targeting U.S. female buyers. The kit included descriptions and photos to include in the eBay auctions with detailed advice on how to list, handle customer service and accept payments."

These kits even contain detailed instructions on how to bypass eBay controls and dupe the potential victim into using unprotected wire transfer services, such as Western Union and MoneyGram.

Full story, here.

Please note that AuctionByte's article also quoted a Washington Post Article on IRC chatrooms written by Brian Krebbs. This article covers the full spectrum of information that is bought and sold in these chatrooms and paints a pretty realistic picture of the activity.

Here is something, I thought was interesting from the article:

"Marcus Sachs, a former cyber-security adviser to the White House who now directs the Bethesda, Md.-based SANS Internet Storm Center, said that if the information posted by the IRC channel operators is legitimate, then they are likely working with people on the inside at the major credit card issuers. But Sachs said he suspects that by "verifying" credit card information posted by other chat room members, those running the IRC channels are more interested in scamming the phishers."

Full story, here.

I guess we now know where all the stolen information from the record amount of data breaches is going. It's being sold on the Internet.

Here is a previous post, I wrote on that subject (data breaches):

Information Breaches, the Human Factor

Tuesday, April 18, 2006

Profiting at the Expense of the Poor, Electronically

Recently, I was in San Francisco and made a small purchase for about $5.00. While waiting in line, I watched the customer before me use one of the new EBT cards. EBT (Electronic Benefit Transfer) cards have replaced checks and food stamps for that segment of the population receiving government assistance.

The clerk behind the counter asked me whether I wanted to use credit, or debit and I said credit (I hate those pesky ATM fees). Much to my surprise, he put it through as a debit and handed me the PIN pad. I noticed that the amount (taking into consideration sales tax) had increased by $2.00.

When I confronted him, he claimed his command of English wasn't very good. Of course, I demanded a refund (out of principle) and left the store. Interestingly enough, he refunded my money in cash and declined to give me a receipt (which didn't exist).

The reason there was no receipt is that he used a calculator to figure the amount of the purchase. Please note, there was a cash register right in front of him. The only receipt available was from his handy debit card processor, which only accounts for the total dollar amount taken and doesn't break down the transaction.

Pretty handy and makes me suspect he was also skimming sales tax proceeds, which pay for needed government services.

The gentleman with the EBT card was standing near my car so I asked him about the fees. He told me that he gets charged wherever he goes. I mentioned that larger retailers don't charge to use the cards and he informed me that they were too far away and he didn't have a way to get there.

I started to think about it and what amazed me is that someone had just tried to charge me a 40 percent surcharge for using my debit card. Then I reflected on the plight of that poor individual using his EBT card. What was a minor inconvenience to me (I got in my car and drove to a reputable retailer) is something that he is forced to deal on a daily basis.

EBT cards were heralded as a means to reduce fraud and ensure that our tax dollars reached the poor. If they are being charged outrageous fees every time they use the card, it seems to me that this new system isn't helping the poor. Besides paying higher prices at inner city markets, they are getting dinged for a fee every time they use their card.

Alameda County (near San Francisco) has an interesting web page on how people on assistance can avoid surcharges. Please note that it is illegal to add a surcharge on the "food stamp" portion of the card.

A lot of this information is good stuff, but it is unlikely that poor people in inner cities are going to find the places that don't charge the extra fees easy to get to.

Small retailers aren't the only ones profiting from all of this. In fact, most states allow a legal surcharge to administer the cards. This means that certain financial institutions are profiting from processing the transactions. One example of this is Citibank, who contracts nationally to administer EBT. I wonder how profitable this is to their bottom line? At the .53 cents a transaction quoted on the Missouri Poverty at Issue site, it must make a lot of money for them.

Granted, most of this is based on a personal observation, but to me it doesn't seem fair. In fact, it reeks of "welfare reform" gone bad. I wonder how much of our tax money was spent thinking up this program and how many pockets it's lining?

The sad thing is that it probably takes money away from those, who need it the most.

Of course, this happened in California, where welfare reform has been criticized for other abuses. Here is a post, I wrote on that:

Back to Work Programs a Fraud Heaven for Scammers

Sunday, April 16, 2006

Postal Money Order Romance Scam

Altered Money Orders have been around for a long time. Before new technology made counterfeiting money orders pretty easy, it was a common method of committing fraud.

Criminals buy a large number of them for a small amount, normally $1.00. The $1.00 money orders are then altered, using chemicals, and a much higher dollar amount is put on them.

Because financial institutions are fairly aware of this activity AND the "getting caught" factor is a risk, they find creative ways to get a less knowledgeable person to take the risks and send them the rewards.

These "less knowledgeable" people frequently suffer the consequences, or take the RAP for them, also.

While altered money orders (not just the Postal variety) have been around for quite some time, convicts seem to have a new way of getting them cashed.

They place ads in the personal section seeking pen pals. Once they have gained the confidence of the person, they trick them into cashing the altered instruments and sending the money back to them.

The Postal Inspection Service warns:

Be aware of the telltale signs of this unusual scheme. If you begin to write letters to a prisoner who is attempting to cultivate you for his mail fraud scheme, he will slowly attempt to gain your trust and confidence. If you are a single woman, he may even send you love letters and handsome photos, and promise to marry you upon his release. Male prisoners posing as women try to lure men into the scheme as well.

While confessing their love for you, he will also admit that he is serving a prison term for a tax violation or other non-violent offense. But he will say his prison term is almost up, and he's looking forward to starting a new life together with you when he is freed.

Eventually, he will ask you to cash one or more postal or other money orders for him, claiming that he needs the money to pay attorney fees or court fines. Where does he get each high-value money order (often as much as $700)? He will obtain them from an accomplice outside the prison who buys them in small denominations (often only $1) and then smuggles them inside the prison, where inmates alter them to reflect higher values.

When you assist your pen pal by cashing any such money order--and sometimes there are many of them totaling thousands of dollars--you are told to send the money to a "friend" of the prisoner, whom you're told is helping with his legal defense. Of course, this friend is the outside accomplice. You will be told first to deposit the money orders in your personal bank account for temporary "safe-keeping" and then to pay out the funds to the outside accomplice.

Shortly after sending the money, you will receive a cruel "Dear Jane or John" letter asking you to understand that your pen pal only did what he or she "had to do" to survive, and now that he's out, the relationship is over. But he's not out. He's still in prison. And what's even worse, he now has your money, because the bank will charge your account for the phony money orders you deposited. Since the U.S. Postal Service routinely compares all of its cashed postal money orders with the original money order receipts, all altered postal money orders will ultimately be discovered.

Under current law, the person who cashes, or deposits and then withdraws, an altered money order is responsible for its total value--in this case, the altered value. Therefore, shortly after you pay out the temporarily held funds from your bank account, your bank will notify you that you must pay the difference between the issued amount and the raised amount. For example, if you cash a $1 money order that has been altered to $700, you will end up being charged $699 of your own money.

Link to bulletin, here.

Although convicted criminals committing crime from behind bars makes a good news story, they might not be the only group involved in this type of activity.

Nigerian fraudsters are also known to be involved in Romance scams. Of course, there are other places the scam originates besides Nigeria, also.

Altered Money Orders don't only come from the prison system, either.

The U.S. Department of Justice reported:
At trial, the national money order fraud coordinator for the U.S. Postal Service testified that document fraud rings operating in West Africa, are known to be involved in altering U.S. Postal Money Orders and shipping them back into the U.S. to be cashed.
Link, here.

Counterfeit money orders might be more common in a lot of Internet scams, but altered money orders are still being produced and successfully used.

If you happen to receive any of these altered money orders, they can be reported to the Postal Inspectors, here.

Saturday, April 15, 2006

25 Ways to Avoid Auction Fraud From a Seller's Perspective

Auction sites grow more popular all the time. Because of their popularity, they seem to attract all kinds of undesirable individuals, who are intent on making a profit at other's expense.

Here is a story I found on that was originally written by a "seller" himself (J. Foley of After reading his 25 tips, I realized this was valuable information for anyone considering doing business on auction sites on how to avoid fraud.

Here are his 25 tips:

1. Stock photos and descriptions, Because they don't have the item they are "selling", some fraudsters use a stock photograph of the item. And they will probably use the manufacturer's product description too. So, stock photos and no original description might be a sign. Search for other auctions by the same seller, and see if they are brazen enough to advertise the same item more than once.

2. A price too good to be true often isn't true, A fraudster wants your money quickly, so you may find they offer to close their auction early with you as the "winner" having bid a price which you know to be somewhat of a bargain. Why would anyone close their auction early if the price hadn't reached market levels? I'll give you one guess.

3. High value or high volume, newly registered sellers, Although the vast majority of new sellers are genuine and honest, be cautious of buying from people selling high value items in bulk, very early on in their eBay career. This pattern isn't quite normal. Think back to your own first sales. You would have been tentative, and probably have tried single, low value items initially. So, a new seller fitting this profile may be someone who has perhaps been previously suspended and has registered another ID.

4. 1 day listings, Although 1 day listing are used by genuine sellers who have more than one item or who want a quick sale, unfortunately this duration is attractive to fraudsters too. They sometimes use a 1 day auction duration to gain a quick sale before their actions can be reported and acted upon. So, be extra wary on auctions with 1 day listing.

5. Invitations to trade off-eBay, This is a classic ploy of fraudsters. Having made some kind of contact with you, or you with them, they will invite you to purchase or to sell off eBay i.e. without using eBay's auction services. The attraction here to the fraudster is that they can drive the transaction along the lines they prefer, whether that be escrow, PayPal etc. Another reason why trading off eBay is not a good idea is that you have to keep your own formal records of the transaction, and you forfeit any cover from eBay buyer protection and PayPal buyer protection. Plus, and this might be a minor point, but you will not be able to leave feedback to let others know your experience with this seller/buyer.

6. Payment methods with no recourse, Fraudsters prefer to chose payment methods in which the buyer has no protection, like wire transfers where the buyer has no way of tracing where the money is going. Western Union Money Transfers and BidPay are favourites and should be totally avoided. Postal orders are similar although they are a popular payment method among the genuine sellers as they require no clearance time. Bank transfers and cheques can only provide the possibility of your bank investigating the details of the account the money was transferred into. For the best protection use Paypal and fund with a Credit Card. Note there are limits on eBay and PayPal protection, and you should make yourself aware of what these are.

7. Unusual sales pattern, If your seller's feedback indicates that they normally deal in collectables, DVDs or other specific items, be suspicious that they are suddenly listing laptops, plasma TVs or other high value items. The change may indicate that this seller's account has been hijacked.

8. Bad english gives you a pointer, Some fraudsters operate from abroad but pretend to be in UK or USA. As they aren't particularly adept at the english language they might use a translation tool like Babelfish to create their emails to you. So, watch out for emails that are not good english. In itself, it doesn't prove anything, there are plenty of genuine eBay sellers for whom english is not their first language. But it might add to further evidence you have.

9. Location Location Location, In the case of lazy fraudsters you might find their locations don't match up. By that I mean the auction says the goods are in the UK, but the seller's ID details show their location to be, say, Ukraine. This is not a good sign. Often in these cases if you contact these sellers you will receive an excuse as to why the item is not in the UK, and therefore can't be collected in person. In short, if an auction says the item is in the UK and the seller says that it is not, I would avoid the auction. And don't forget to cross check with their PayPal account, and see in which country this resides.

10. Ask questions, Always, always ask your seller a question. Any question. Their response, if you receive one, will help you judge how genuine the seller is. Beware auctions that carry a message asking you to contact the seller via a given email address as opposed to via the 'Ask seller a question' link. This could be an account hijacker trying to prevent buyers from 'Asking the seller a question'. They want to stop this from happening because such questions could be routed to the real account owner.

11. "eBay can vouch for me" email, A warning about a relatively new tactic used by fraudsters. If you are proving hard to land as a buyer/seller, they may claim they can get eBay to email you proof of their validity so that you can trust them. eBay, of course, will NEVER do this. The email sent out, however authentic looking, is fake and is designed to get you to part with your money or your goods. This applies equally to Square Trade and PayPal. They will never email you certifying the genuineness of anyone.

12.A PayPal warning, There are fraudsters who use stolen PayPal accounts to accept payments. To lower the possibility of this, check your seller's location as shown in eBay, and then see if it is one of PayPal's permitted countries by clicking here: If PayPal don't offer their service in the country that the seller resides, be very wary.

13. Passwords, Never have the same password on your eBay and PayPal accounts. Or indeed on any other financial or personal site. Change your passwords every 30-60 days on both eBay and PayPal.

14. Pointers in feedback, Try to read the positive feedback as well as the negative. Read the way your seller responds to negative feedback as this will often give you an idea of how the seller will react if something goes badly wrong. If the seller is offering high value goods, be wary if their feedback has been built up quickly from low value purchases. Also, if the overall rating is good, but there are a disproportionate number of negatives in recent days/weeks, this might indicate the account has been taken over. Finally, be aware that feedback is not the guarantee it once was. Feedback can easily be manufactured. Also, if the user ID has been hijacked, you'll be reading the feedback of the original account owner, not the person with whom you're currently dealing!

15. Credit Card payment, For high value items, or for amounts of money you can't afford to lose, make sure you pay by credit card which has online fraud protection. This will give you some recourse if the seller is fraudulent. In this context, paying via PayPal is not the same. PayPal does have a buyer protection scheme, but there are criteria which the eBay auction has to satisfy in order to qualify. Even if the transaction qualifies, PayPal's standard protection currently has a maximum value of $1,000. Note that payment by debit card provides zero protection.

16. Address and Telephone check, Use the Ask the seller a question link, and request they email you with their address and telephone number. Any reputable seller will give you their address and telephone number. When you get the number, call it, and see if you get through to the genuine seller.

17. Keystroke capturing virus, This is a computer virus which you inadvertently download onto your PC. It's task is to capture the keystrokes you make, and to send them to the virus placer. The fraudster then uses pattern recognition software to identify and extract personal information, like username, password, credit card numbers etc. To avoid this happening to you, it is wise to have good, up-to-date virus, firewall and spyware checking software on your PC.

18. Shill bidding, Shill bidding is where people work in cahoots to inflate the bidding on an item. A seller has a "partner" who makes bids on the seller's items with a view to bumping up the bid price. They have no intention of buying the item. Fortunately, shill bidders and their associated seller can be stupid. The shill bidder will usually makes bids on other items from the same seller. Here's how to check to see if shill bidding is a feature of a particular seller. First, look at the seller's closed auctions over the last 30 days. If most of the closed auctions have no bids, it is unlikely the seller has shill bidders working with them. If all of the closed auctions have bids, take a look at the bid history. See if the same bidder appears in the list of bidders, usually with aggressive bidding and normally at the start of the auction. If so, you may have uncovered a shill operation, so avoid that seller's auctions.

19. Keep your transaction information, Keep your own record of the transaction when you're buying. Don't just rely on eBay. You want a record of the seller's identification, the item description, emails sent and received, plus the time, date and price of your bid.

20. "I noticed your bid...." , Never deal with anyone who contacts you after seeing your bid on another auction. They will say something like, "I saw you bidding on that digital camera. I have the same model available for sale. I don't have time to list it on eBay. It has more accessories than the one you lost out on. You can have it for xyz." If you bite, they'll probably take you down the fake escrow route. Also, if you entertain this proposition, you're operating outside of eBay and therefore have no auction protection whatsoever.

21. Changed eBay ID, Never deal with anyone who has a changed ID icon next to their name. This icon menas they've changed their ID in the last 30 days. Few legitimate people change their eBay ID. When was the last time you changed yours? There's a 1% chance that an ID change is genuine, but 99% that it is fraudulent. Why take the risk?

22. Changed email address mid-stream, If a seller or buyer changes their email address on you in the middle of a transaction, stop dealing with them. It is likely their previous email account was closed down due to some irregularity - such as a previous victim reported them. If you think about it, why would any genuine buyer or seller change their email address whilst corresponding on a transaction they wish to conclude expeditiously?

23. Complications, Never get involved in any transaction where the seller/buyer tries to introduce a third person into the financial arrangements. They might ask you to pay xyz, who will then pay the seller, and you will receive a discount or commission for your co-operation. Such proposals are always fraudulent. They prey on greed. Don't be tempted.

24. Time is of the essence, This is a scam which is has more potential for success than traditional phishing attacks, as it is time sensitive. The fraudster searches for high value auctions that have just ended. The bid history for an auction contains hyperlinks to each bidder. The fraudster checks to see if the winning bidder is selling any items of their own. If so, they go to that auction and embed a request for payment from the first auction within a question for seller. This works because winning bidders are expecting request for payment shortly after an auction ends. A variation of this is to offer a bidder a "second chance". This time the "Ask the seller a question" email pretends that the real winner has backed out, and offers the item at a lower price. The buyer, believing the story, is lured into paying to whom they believe is a genuine seller. Many eBayers have heard of the second chance system, but have no experience of it. This unfamiliarity coupled with the fact that a few weeks might have passed, makes this an effective method for fraudsters. The moral of this story is never get involved in any transaction which arrives in your inbox via the Ask the Seller a Question feature.

25. eBay IDs, Never us your email address as your eBay ID, or part of your eBay ID. Fraudsters have software which monitors internet traffic looking for information such as this. If your eBay ID and email address are the same, it is simple for a fraudster to plausibly communicate with other eBay members in your name.

Perhaps an experienced seller, such as Mr. Foley and his expertise in the auction world can help those, who are new and unfamiliar to the dangers lurking on auction sites.

I written many posts on auction fraud. Here is my most recent one with links to some others:

Phishy E-Mails from eBay/PayPal are at a Record High

Does Teamwork Make Sense in the Age of Compliance

The Age of Compliance is rapidly coming into vogue. Inspired by the need to deal with terrorist organizations and an ever increasing rise in financial crimes, governments and private organizations are tightening down their procedures.

Traditionally, the business approach to controlling exposure has been segmented into different areas. In most organizations this would include the finance, legal, corporate security and IT departments.

But let's face it, compliance/security costs money and the entities that ensure this don't bring in money to the bottom line. They do prevent losses to the bottom line, but when they do their jobs, exposure is prevented and there is nothing tangible that can be measured.

DataMonitor (Norkom Technologies) recently did some interesting research, which might reflect a means to be more effective and reduce the cost of compliance.

"Traditionally financial service providers have viewed...Financial crime and compliance as separate disciplines, explained Paul Kerley, CEO of Norkom Technologies, continuing:

"But within an increasingly tight-margined industry there is a strong desire to pursue a single investment stream to both reduce criminal losses and drive down the cost of compliance. This is now achievable since single technology platforms are now emerging that can detect crime, investigate it and compile the management information required to fulfill the regulator's requirements."

Teamwork is a powerful tool and with the rapidly changing face of the business world this makes perfect sense. In fact, anyone involved in compliance knows the exposure increases daily and that the bad guys (terrorists and criminals) use the ever changing face of technology to further their sordid goals.

Organized criminals and terrorists are also combining "job disciplines" and many experts suspect that they recruit experts from the financial, IT and legal sectors. In the case of the Eastern European Groups, they also employ former security and intelligence experts.

Terrorists are doing the same thing.

Phil Williams, Professor of International Security Studies, University of Pittsburgh highlighted this in a paper a few years ago when he wrote:

"Many governments, businesses, and individuals around the world are just beginning to learn how to make best use of the latest information technologies. But organized criminal enterprises have already discovered these technologies as new opportunities for exploitation and illegal profits."

In his paper, Professor Williams also wrote:

"Criminal organizations and drug traffickers have increasingly hired financial specialists to conduct their money laundering transactions. This adds an extra layer of insulation while utilizing legal and financial experts knowledgeable about financial transactions and the availability of safe havens in offshore financial jurisdictions."

"Similarly, organized crime does not need to develop technical expertise about the Internet. It can hire those in the hacking community who do have the expertise, ensuring through a mixture of rewards and threats that they carry out their assigned tasks effectively and efficiently."

So far as the Terrorists, their use of technology and financial expertise is well documented.

Recently, the FBI and other law enforcement organizations have recognized the need for greater teamwork between experts from the law enforcement and business worlds.

Based on the signs of the times, consolidation of resources within companies not only will cut costs, but it will probably also make their efforts more effective. In fact, it makes perfect sense, at least to me.

For an article about this by, click on the title of this post.

Thursday, April 13, 2006

BBB Worker Takes Job Processing Fraudulent eBay Transactions

A Better Business Bureau worker was recently involved in eBay fraud by taking a part-time (work-at-home job) processing account receivables for criminals from Eastern Europe. According to her, she even checked them out before accepting the job and found nothing that would suggest a scam.

The job was to process payments (primarily from eBay transactions) and wire the money to her employers.

These scams, known as check-cashing schemes solicit people to process fraudulent financial instruments and wire the money to a far-away locale. Their employers normally prefer the use of Western Union, or Money Gram, which offer little to no protection once the money is sent.

News clip from in Denver, here.

There is also another version of the work-at-home scam, which entails receiving the stolen merchandise and then reshipping it.

In work-at-home (check cashing) schemes, the worker is normally instructed to set up an account (using their information and good credit) to process the financial instruments. Quite often, they are held financially responsible after the financial instruments are discovered fraudulent and they have wired the money.

No matter what the scam entails, the fraudsters always prefer "unprotected" methods of wiring money. I would highly recommend NEVER wiring money to someone you don't know, or haven't done a lot of business with for a LONG TIME.

To add to the confusion many auction fraud victims buy merchandise from seemingly highly rated sellers when their account is taken over. Account takeovers are normally accomplished via phishing, where a legitimate account holder is duped into giving up their account information.

Phishy e-mails from eBay and PayPal are circulating the internet at a record rate.

Interesting that the BBB worker was savvy enough to do a little "due diligence" on the scam company, which revealed nothing. When I looked at their site, I found two articles that describe activity very similiar to this.

Work-at-Home Schemes

Work-At-Home-Schemes Now Peddled On-Line

I wasn't able to find an article on the BBB regarding "check cashing schemes," but in reality this scam is nothing more than a "mutation" of the "work at home" scheme.

I'd offer to write it for them, but after writing this post, I doubt they will solicit my services.

It's becoming quite common for organized gangs to set up fraudulent businesses as a front for the various scams out there. They are often complete with office space, telephones and even web sites.

I guess the moral of the story is that when a business has no verifiable track record a prudent person should dig a little deeper? I stole that one from my friend Paul, who writes prying1.

Let's face it, processing proceeds from auctions using your own account and wiring the money to Eastern Europe seems a little risky. At least to me, it does.

Sunday, April 09, 2006

Phishy E-Mails from eBay/PayPal are at a Record High

Phishy e-mails claiming to be from eBay and PayPal seem to be coming into my inbox and bulk mail at record rates. My spam filter used to catch most of them, but now many of them are making their way past it.

Normally, the intent of these e-mails is to steal personal and financial information. Quite often, the information is also used to "take over" legitimate sites and sell bogus, or nonexistent merchandise.

Please note that fraud on auctions isn't exclusive to eBay and PayPal. In fact, the auction business is booming and many new auction sites are being launched. I have no doubt the "Phishermen" will target all of them. Phishing is becoming extremely organized and highly profitable for criminals and they intentionally target whatever is popular, or sells.

I sometimes wonder if they don't hire "marketing experts?"

Here is something, I read this morning from Ina Steiner at Auction Bytes:

PayPal Director of Corporate Communications Amanda Pires said spoofing is an issue PayPal takes very seriously. She could not reveal exact details about what PayPal was doing to fight phishing, but claimed the company is leading the industry with innovative technology and resources dedicated to fighting spoof. "PayPal and eBay employ a dedicated team that focuses just on the spoof issue. Additionally, every second of every day and on every single transaction, PayPal applies its advanced proprietary fraud detection techniques and tools to detect fraudulent activity."

According to Rich Miller, an analyst with Netcraft Ltd., a company that provides security services related to phishing (, eBay and PayPal are two of the most frequently targeted companies for phishing schemes. Miller said the best way for such companies to communicate with users is through dedicated message areas users access after they log-in to the company's site. He said the next best advice for users to avoid becoming victims of phishing schemes is to refrain from clicking on links in emails that lead to log-in pages.

Miller said phishing emails create a sense of urgency. In the early days, typos were often a sign of a phishing email, he said, but phishers have cleaned up their spelling over the years. "Phishers will test social engineering tricks," he said. "If it works, they put the additional effort into refining it. They will spend time to make it look legitimate. The people doing it are professionals."

Full story, here.

The best way to defeat the Phishermen is through awareness and by the aware reporting attempts they spot.

The Phishing Incident Reporting and Termination Squad (PIRT) is one place the "aware" can report these scams. The Anti-Phishing Working Group is another place to report "phishy e-mails" and is also a great place to become more aware.

There is also a lot of other fraudulent schemes on auction sites besides "phishing." Unfortunately, in order to be safe doing business on them, becoming aware of all of them is probably a wise idea. Here are some previous posts, I've done relevant to the other schemes:

eBay Fraud from a Personal Standpoint

Counterfeit Travelers Express (MoneyGram) Money Orders Showing Up ...

eBay Fraud Buster

Hard Drives for Nigeria

XBox Latest Lure in Auction Scams

Saturday, April 08, 2006

The Identity Thief's Identity Can be Amazing

Identity theft can affect anyone and sometimes it's surprising, who the culprits turn out to be.

For instance, a man was recently arrested in San Francisco and charged with 53 counts of fraud and forgery. For months, he had been "hanging out" in Nob Hill hotels, which is where the rich and famous stay in the "City." When the authorities searched his room they found 500 names and credit card numbers, including those of Congresswoman Nancy Pelosi and a spokeperson for the FBI.

Maybe Ms. Pelosi will have a more personal perspective when she reviews federal legislation designed to protect people from these crimes. Many are saying that the legislation being proposed isn't "victim friendly."

The major complaint against this legislation is that it allows the entity compromised too much sway in determining when potential victims need to be warned and will nullify State laws requiring disclosure.

Not sure where our "Nob Hill Bandit" got the idea to use a iPod to store stolen data, but the scenario was recently used in the Harrison Ford movie "Firewall." In the movie, Harrison deftly steals a large amount of data from his bank, using a iPod to store the information. Of course (in the movie) he does it because kidnappers are holding his family and saves the day (including the stolen data) by the end of the movie.

Here is the the full story on the "Nob Hill Bandit" by United Press International.

Another story, which caught my eye this morning, especially with all the IRS phishing scams going on is where a IRS worker committed identity theft.

The Associated Press is reporting that a IRS worker in Dallas is being charged with 12 counts of fraud for using a social security number to obtain credits cards fraudulently.

Of course, the reporter was unable to reach the IRS worker's attorney for comment and the prosecutor will not comment where the defendant stole the information.

Here is the full story on the IRS employee.

Tuesday, April 04, 2006

IRS Moves to Tighten Up Disclosures that Allow Tax Preparers to Sell Your Personal Information

I've often commented that marketing is the root cause of identity theft. For years, our information has been "gathered and sold" AND a lot of the "gatherers" have done a lousy job of protecting it.

After all, we seem to read about this data being compromised every week.

Lately, we've all read about the IRS phishing attacks and how to protect ourselves. But did you know that by signing releases when you have someone do your taxes authorizes your preparer to sell your information?

Some might argue that this puts your information at as much risk as clicking on one of those "phishy" e-mails circulating around the internet. Especially when data is being breached at record rates by criminals, who normally use it to commit financial crimes in your name.

Here is an interesting analysis from USA Today:

Now, the IRS wants to change the rules, and at a hearing today in Washington, the agency is bound to get an earful. Consumer advocates have criticized the IRS for what they see as plans to loosen the rules. Major tax preparers have blasted the agency for adding what they regard as needless confusion.

Actually, the IRS is on the right track. The proposed rules would make consent more specific and clearer to taxpayers. They'd require a "warning" to consumers that once returns are disclosed, the preparer "has no control over" what third parties do with it.

That warning is a needed eye-opener for consumers, who now may give away their privacy simply by failing to read fine print:

• Disclosures are a boon to tax preparers and businesses working with them, not the taxpayer. Why should taxpayers share highly personal data to assist marketing?

• Preparers often pitch "refund anticipation loans," which allow taxpayers expecting a refund to get their money within two days. That bit of convenience comes at a high cost. A report last April by the Brookings Institution found common fees of $130 for loans that sometimes last less than two weeks. On an annualized basis, the interest can exceed 200%. The loans, Brookings found, take a significant chunk of low-income taxpayers' refund dollars - an estimated $740 million in 2003.

• In this digital age, hardly a month goes by without news of some company losing credit card or other personal data through a security breach. Disclosing tax information opens the possibility that return data could be mishandled as well.

To sum it up USA Today commented:

Better yet, if Congress has any interest in protecting its constituents rather than its campaign contributors, it might want to require that preparers stick to doing taxes, instead of turning tax time into a bazaar for selling other financial products.

Here is the full story by USA Today:

For sale: Your 1040 (

In case anyone is interested in how many data breaches have occurred in the past couple of years, here is a pretty eye-opening chronology from the Privacy Rights Clearinghouse.

Of course, my personal advice is to "Just Say No," when your tax preparer asks you to sign your "identity" away.

Sunday, April 02, 2006

If We Can't Trust Giving to the Red Cross, Who Can We Trust?

Most major organizations face a growing problem, or the fact that many of their fraud losses come from within. You would think that the Red Cross would be immune to this, but apparently not.

It seems that although disasters bring out the best in people, it also brought out some of the worst behavior imaginable.

Hurricane Katrina illustrates this. It almost seems that more money was distributed to fraudsters than to the people, who were victims. No one was immune from the Government to the Red Cross.

I recently blogged about "Who Really Profited in the Hurricane Disasters" in reference to massive amounts of money that was lost due to fraud and waste in the government effort to provide relief.

Now the Red Cross is under fire and has turned the case over to the FBI. Here is a story from the AP, courtesy of Forbes:

"The FBI is looking into allegations of theft and other wrongdoing by American Red Cross volunteers who distributed relief supplies after Hurricane Katrina. A task force probe - which includes state, local and federal authorities - began after the Red Cross conducted its own investigation and turned over information to authorities, said Jim Bernazzani, the agent in charge of the FBI's New Orleans office."

Full story, here.

My sad prediction is that in future disasters, I would imagine the public is going to be less likely to help. Perhaps (in the end) only aggressive prosecution of the guilty will bring the people's confidence back. A little diligence within some of these organizations to prevent misdeeds from their own would help, also.

It would only be justice for those, who committed fraud when people's lives were at stake.

Here are some previous posts, I've done on the hurricane disasters:

Fraud Related to FEMA

FBI Reports Fraudulent Activity on Internet Related to Hurricane ...

Katrina Fraud Far and Wide

Saturday, April 01, 2006

The Internet Community is Sick and Tired of Cyber Crime and PIRT Volunteers Are on the Offensive

I recently wrote about PIRT (Phishing Incident Reporting and Termination Squad) hosted by the fine people at Castlecops. They are now up and running AND the Phishermen better BEWARE! The intention of PIRT isn't mere scam baiting, it is to take the sites down and help bring Phishermen to justice.

They've even let me work a few of the submissions.

I might note, they have been very patient with me as I'm more of a traditional investigations type versus a IT security expert.

Here is a very inspirational comment about PIRT posted in one of their forums:

It is about time! I've been trying to wage this war privately myself by tracing the IP of the source Phishing site and then attempting to contact the Owner of the I.P. address range or the Domain Name the site is being hosted from.

The security nay-sayers who claim a grass roots effort to throw the scammers out won't be successful because 'there's no money in it' haven't got a clue.

The internet community is ready to take the web BACK, and I'll gladly be on the front lines!

Thank you SO much.

If anyone is interested, here is my original post, which has all the information if anyone is interested in joining the cause:

The Phishing Incident Reporting and Termination Squad is Looking for a Few Good Men and Women

Lets face it, Phishing is becoming epidemic and ruining both the Internet AND the trust in financial systems. It's time to restore the TRUST in both of these areas!