Tuesday, November 07, 2006

Russian Expert Cites 99 Percent of Internet Brides are a Scam

Romance scams happen on the Internet, daily. Here is a story, which indicates that despite "Internet legends" not all of them start in Nigeria.

Mosnews (a Russian publication) reports:

All online dating sites suffer from dating scammers, 99 percent of the emails are hoaxes designed by professional Internet criminals says Elena Petrovathe founder of Russian Brides Cyber Guide, Prweb.com Website reports.

Internet criminals use sophisticated scripts and custom-built software to contact thousands of male users of Internet personals, creating fake Russian women identities and requesting money for airplane tickets.

Link, here.

Interestingly enough, they mentioned one group making a million dollars off these scams AND that in one instance involving "Russian brides," it was an American that was behind the scam.

While I was reading this story - I happened to see another one that claims that a senior Russian prosecutor claims that corruption in Russia amounts to 240 billion a year, read here.

Russian organized crime seems to have it "claws" in a lot of illicit activities - including cybercrime. The U.S. Department of Justice published a document going into great detail about it, here.

I started this post with the comment that despite "Internet legend" not all fraud originates in Nigeria. I will close with that all of it doesn't come from Russia either. In fact, according to the Anti-Phishing Working Group, there are more malicious websites "hosted" in the United States than anywhere else in the world.

Of course, I could go on and on about this - but the bottom line is that Internet criminals can come from anywhere and so can "good people," who are doing their best to fight it.

Monday, November 06, 2006

Fake You Tube Videos on MySpace - Is Zango to Blame?

Here is an interesting one - just a few days after the FTC announced a civil judgment against Zango - we see a "diversion tactic" designed to download their product.

I guess the not-so-good folks at Zango have decided to keep on with their misdeeds against Internet users.The good news is that there are "good guys and gals" watching out for the rest of us on the Internet.

Here's a warning from the "good folks" at Websense:

Websense® Security LabsTM has discovered a number of user pages on the MySpace domain which have videos that look like they are from You Tube. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on a site called "Yootube.info."

Warning: This site has adult images on it.

Link to full alert, here.

Perhaps this needs to be investigated further - and maybe instead of civil action - someone should see if any crimes can be established?

Paul - Your comment on my last post on this was almost psychic!

Link, here.

If You've Really Won the Lottery - Why Are They Asking You to Send Money?

I've written a lot about the various Advance Fee scams out there - and judging from my inbox - the lottery variation of the scam is huge.

I sometimes get four or five notifications that I've won a lottery, or sweepstakes, daily.

Last evening, I read an article written by Linda Leatherdale of the Toronto Sun about a grandmother losing a lot of her hard-earned money as a result of falling for them.

Linda Leatherdale writes:

But more than anything, she wanted to pay for a university education for her three grandchildren. So she entered the sweepstakes.

Lo and behold, a few months later she received a letter that she had won. Ecstatic, she read what she believed to be an authentic lottery letter, which asked her to send
in $25 to collect her prize.

CASH MAILED OFF

Not trusting giving out personal financial information, via cheques or credit cards, she sent cash. Then other letters arrived -- from the U.S., Australia, New Zealand and other parts of the world. Some invited her to play a new lottery, others said she'd won and to send money to collect her prize.


Toronto Sun story, here.

I've seen the lottery scams, where a high-dollar financial instrument is mailed to the "intended victim," along with instructions to wire the money back - but mailing the smaller amounts ($25 to $50) was an activity that was new to me.

With Spam software that sends these "winner notifications" by the millions - I can see, where this could be a lucrative enterprise for the fraudsters behind this.

I guess the moral of the story is to look for the behavior. I've never won the lottery (I play Mega Millions sometimes) - but if I did - I doubt anyone would be asking me to send money.

It would probably be the other way around, or they would be sending me money!

Linda's article mentions "Phonebusters" as a good resource to educate people on Internet scams. I agree and you can link to them, here.

Down here in the U.S., another good resource is the FTC, link here.

Please note that these "lottery scams" cross borders with the click of a mouse.

You can also report these scams at both of these sites, which is something I highly recommend!

Doing so might save another grandmother out there!

For another post about lottery scams and the sheer amount of spam circulating "winner notifications," link here.

Saturday, November 04, 2006

More and More - The Jefferson Scandal Does Appear to be a Nigerian Fraud


In late May, I did a post about the Jefferson scandal - where money was discovered in a freezer - that was allegedly "earmarked" for the Vice President of Nigeria, Abubakar Atiku.

At the time, Vice President Atiku stated "that Jefferson was name dropping and obviously committing a 419 (Nigerian Penal Code for Advance Fee) scam."

For anyone that is unfamiliar with advance fee (419):

"Nigeria is one of main sources for all sorts of Advance fee fraud (419) fraud scams. The Advance Fee scam is where a ruse is used to get a victim to part with their money (nowadays normally via wire-transfer) in anticipation of riches (or sometimes love) to come. The best known is the "Nigerian Letter," but the activity has mutated into romance, lottery, auction, check cashing, work at home and reshipping scams."

I also wondered in the post, whether or not, the EFCC (Economic Financial Crimes Commission) would investigate further. Apparently, they did with assistance from the FBI.

Brian Ross of ABC news is reporting:

Acting on information provided by the FBI, Nigerian fraud investigators have now indicted Vice President Atiku Abubakar on 14 counts of corruption, involving tens of millions of dollars allegedly diverted from government accounts.

According to Nuhu Ribadu, head of a new anti-corruption squad created by Nigeria's president, $23 million of the diverted money is still missing. Ribadu said $6.7 million of the missing funds has been traced to a U.S. company tied to Congressman Jefferson's family.

Link to Brian Ross story, here.

Meanwhile both Congressman Jefferson and Vice-President Atiku still deny everything and Mr. Jefferson -- who is running for re-election -- has yet to be charged.

In the original AP story, two of Jefferson's associates have been found guilty of bribery and admitted giving Jefferson other money to bribe African officials. The story also reports some pretty "damning" statements Jefferson made while being taped without his knowledge.

I wonder if and when he (Jefferson) will be charged - $90,000.00 in a freezer is a little hard to explain - even if it is a drop in the bucket when compared to the 6.7 million alleged by the Nigerian investigation.

The EFCC site has a lot of coverage (from a Nigerian perspective) on Mr. Atiku's woes.

Sadly enough - Congressman Jefferson is leading in the polls:

Congressman Jefferson Race Gets National Eyes And New Orleans Ayes

Of note - Jefferson has lost the support of the Louisiana Democratic Party, which seems a wise move on their part.

Nigerian fraud is legendary on the Internet - and the EFCC has had a lot of success in "taking a bite" out of it. Here is a picture of Nuhu Ribadhu, who is in charge of the EFCC and managed the Nigerian part of this investigation:



Since most fraud today has a global reach, some might argue the EFCC is stopping people from being victimized, worldwide.

You can view Mr. Ribadhu's biography, here.

FTC Smacks Zango with Civil Judgment

Paul Young "Digging a little Deeper" inspired my original post on Zango. Having had my now (Mac Techie) daughter download Kazaa a few years back - I "ran away" (fast) whenever I spotted Zango while surfing.

Now the FTC has responded (undoubtedly to massive complaints) and smacked Zango with a civil judgment.

From the FTC news release:

Zango, Inc., formerly known as 180solutions, Inc., one of the world's largest distributors of adware, and two principals have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future downloads of Zango's adware without consumers' consent, requires Zango to provide a way for consumers to remove the adware, and requires them to give up $3 million in ill-gotten gains.

"Consumers' computers belong to them, and they shouldn't have to accept any content they don't want," said Lydia Parnes, Director of the FTC's Bureau of Consumer Protection. "If consumers choose to receive pop-up ads, so be it. But it violates federal law to secretly install software that forces consumers to get pop-ups that disrupt their computer use."

FTC release, here.

To complain about issues like this to the FTC, link here.

Starbucks Joins the "Data Breach Hall of Shame" by Compromising 60,000 "Partners" (Employees)

According to the Privacy Rights Clearinghouse -- which tracks data breaches where personal and financial information was compromised -- 97,148,596 million people have had their personal information exposed since February 2005.

Now Starbucks has joined their list by compromising their "own." Four laptops have mysteriously "gone missing" from their corporate headquarters - two of them contained the information of 60,000 "partners" (employees).

My question is - what was on the other two?

In keeping with keeping these breaches as quiet as possible, it's being reported that Starbucks has been looking for the missing laptops since September.

And of course, the official spin from Valerie O'Neil, their spokesperson is, "The company has not received any reports that anyone's personal information has been compromised."

Ms. O'Neil, there might be a reason for this - Thomas Harkins - who was operations director for MasterCard International's fraud division for about twenty years (now COO of the security firm Edentify) told TopTech news:

"There's so many stolen identities in criminals' hands that (identity theft) could easily rise 20 times." "The criminals are still trying to figure out what to do with all the data."

Since "good identities" fetch a measly $10.00 (estimate) each in these carder forums, the "insider" - who is more than likely responsible for this - could make quite a bit of money for their misdeed.

Ms. O'Neil also stated that we don't have to worry about any secret recipe's being on the stolen laptops. Please note the news account stated she "chuckled" when saying this.

Does this mean that Starbucks values their recipes more than their employees? Would they leave recipes "unattended" on outdated laptops gathering dust in a closet?

Missing laptops are a common theme in data breaches and with all the previously reported breaches, the entire affair bespeaks a lack of "common sense" when it comes to security.

After all - most of these breaches we read about could have been avoided - with a little "common sense."

So far as the victims of all this - the employees compromised - the FTC has a lot of good information on what you should do to protect yourself, here.

To read the press version of this story from the AP (courtesy of the Washington Post), click on the title of this post.

Friday, November 03, 2006

FBI is Going After the Carder Forums

There have been a LOT of us (who have been frustrated and amazed) at the carder forums that openly provide a marketplace for "stolen" personal and financial information on the Internet.

Today on Pogowasright.org, I was led to an article by Brian Krebs of the Washington Post - which had (in my opinion) some great news.

Brian is reporting:

"The FBI is cracking down on an international identity theft operation that involves the trading of social security numbers; the sale of stolen credit card account information; and phishing, the practice of using e-mail to trick consumers into handing over personal information, authorities said yesterday."

"Called Operation Cardkeeper, the investigation has brought about the arrests of more than a dozen people in the United States and other countries who are members of online communities that specialize in "carding," the trafficking of stolen identities and credit card and bank account information."

Let's hope that this operation is a BIG success and more arrests are forthcoming!

Brian's report, here.

These Internet crooks have victimized a lot of people and would have no qualms about stealing your grandmother's hard earned money.

Of note, the FBI can be credited (in my humble opinion) with developing the right strategy to address a worldwide problem that reaches across borders. Here's a post, I did about this:

Does Teamwork Make Sense in the Age of Compliance

U.K. Security Experts Predict a Nasty Trend in Identity Theft

I've never completely trusted statistics - especially those quoting how many people have had their identities stolen. For one, I've never seen a worldwide estimate and with the global reach of the Internet - identity theft and cybercrime have become a "borderless" activity.

Another problem is that businesses are frequently reluctant to fully disclose breaches and many victims never report the crimes, or give up in the "frustrating process" of trying to find somewhere to report it.

Nonetheless some of the trends are scary and security experts in the United Kingdom are predicting we haven't seen the worst of it yet.

Veronique De Freitas of WebUser is reporting:

Experts have warned of a dramatic increase in online ID theft across the UK. Organised criminal gangs are using the internet to steal computer users' identities, which can be worth more than £85,000, a new study has revealed.

Identity theft experts Garlik claim that ID theft will be worth £4bn by 2010 and will affect 200,000 internet users every year, doubling the amount it currently affects.
Veronique's story, here.

I've seen other stories that "downplay" the amount of organized crime and use of technology involved in credit card fraud and identity theft, but according to Garlik:

“Our study shows organised criminals are responsible for 75 per cent of credit card fraud and are rapidly moving into identity theft. These 'identity brokers' harvest data from online sources and use the information to manufacture and steal identities for criminal misuse,” said Tom Ilube, CEO of Garlik.

CEO Steals His Employee's Identities

Here's a pretty bizarre story - the CEO of "Compulinx" used the identities of his employees to open fraudulent credit accounts.

Chris Gonsalves of VARBusiness reports:

"Federal law enforcement officials Tuesday arrested the well-known CEO of White Plains, N.Y.-based MSP provider Compulinx on charges of stealing the identities of his employees in order to secure fraudulent loans, lines of credit and credit cards, according to an eight-count indictment unsealed by the U.S. Attorney's office in White Plains."

Link to Chris' story, here.

Apparently Terrence D. Chalk (the CEO in question) and Damon T. Chalk (CEO's #1 nephew) are now facing federal charges and a substantial amount of prison time, if convicted.

This is a "sad way" to finance a business. Fortunately, for the employees "victimized," the FBI was watching.

Thursday, November 02, 2006

This Christmas - Hold on to your Receipts if You Want a Refund!

The retail industry is sending out a subtle message to the public - hold on to your receipts if you want a "problem free" refund this upcoming Christmas season!

Michele Chandler of the Mercury News is reporting:

Retailers stand to lose $3.5 billion from returns fraud during the holidays this year, according to a survey released today by the National Retail Foundation.

Criminals are increasingly taking advantage of the holiday bustle and retailers' return policies to get cash for stolen merchandise or return items for a refund after they've been used, according to the first survey on returns fraud by the industry group.

For the year, retailers could lose a total of $9.6 billion because of the practice.
Link to Mercury article, here.

I do firmly believe this is a "BIG" problem, but what isn't mentioned in these surveys and news articles is that a lot of refund fraud comes from within, or is the result of an "inside job."

Quite simply - one of the easiest ways for a dishonest employee to steal cash is to do a fraudulent refund and pocket the proceeds. That way a "cash shortage" doesn't show up in their till.

Another recent concern is the amount of personal information to issue these refunds. Storing all this information could create the risk of data breaches - and as I have written before - the insiders and professionals routinely use "other people's information" to get past all these security procedures.

Bottom line is the "message is clear from the retail industry" -- honest people better hold on to their receipts if they expect to get a refund.

I'm glad the industry is protecting themselves and hope they are taking measures to protect the customers who aren't stealing by using good judgment and protecting all the information they are maintaining in databases.

I also hope this will allow them to focus their security resources on "insiders," who might be a big part of the problem. Whenever people steal, the cost is passed on to all of us.

As for my recommendation - hold on to your receipts and be careful of what information you give out that gets stored in data bases!

On a lighter note, it might surprise you who is behind retail refund fraud, here is a previous post on someone, who surprised a lot of people:

Former Bush Advisor Arrested on Shoplifting Allegations

Wednesday, November 01, 2006

Does Microsoft's Approach to Addressing Counterfeiting Make More Sense?

A lot of companies out there are suing eBay for the sale of their counterfeit goods on the site. Microsoft is taking a different approach and going after the guilty parties involved, personally.

TechWeb did an interesting article with the specifics of Microsoft's latest legal actions, here.

In reality counterfeits are being sold on numerous auction sites, flea markets and even retail outlets. The Arizona Republic recently reported about how counterfeits are being smuggled across the border in massive amounts.

Interestingly enough, they mentioned "pirated software" being sold right on the streets:

Outside Computer Plaza, an electronics bazaar downtown, street hawkers carry binders full of pirated software. They will even help install the software on laptops. Adobe Photoshop, which costs $650 in the United States, can be bought outside Computer Plaza for 40 pesos, or $4.


Link to Arizona Republic story, here.

Getting off subject - this article mentions counterfeit "quality label" scotch being sold. I wonder if anyone has ever been poisoned, or gotten sick from consuming counterfeit goods?

Counterfeiting costs the economy and private companies billions and might cost consumers, also.

The sad truth is that although some people buy counterfeit merchandise (knowingly) - some of it looks so much like the real thing - there are a lot of people, who might actually believe they are getting the genuine product.

There is no telling what can come "bundled" in a counterfeit software package. Malware and crimeware could easily be installed in a system in this manner, along with other "problematic" software applications.

So just as one might get sick from drinking "counterfeit scotch," a computer could come down with a "nasty" virus from installing counterfeit software.

And there is something more personal to worry about -- if crimeware was to be installed in this manner -- the end result of this illness might very well be a person's financial resources and something more important, their identity.

So far as the Microsoft approach to attacking counterfeiting - it is far more realistic in my opinion (going after the source) - and (perhaps) spending financial resources doing this will be a service not only to Microsoft, but the public-at-large, also!