Monday, April 30, 2007

E Gold accused of being a money laundering vehicle for financial fraudsters and child pornographers

To anyone familiar with crime on the Internet, allegations of criminals using, or manipulating E Gold are nothing new. Like wire transfers, E-Gold gives their customers the ability to transfer the value of gold, electronically. To transfer the gold's value, all anyone needs is a e-mail address, account number and password.

Because of this, the accounts can be prone to phishing, and or crimeware (malware) attacks, using keylogging software. When this happens, the phishermen clean out the account and transfer it, elsewhere. E-Gold's terms of service stipulate that once a transfer is done, it cannot be reversed.

It should be noted that Internet criminals use wire transfer services (MoneyGram, Western Union) for the same reason -- they provide a lot of anonymity.

Apparently a task force from the Department of Justice has been looking into the money laundering angle, and is charging E Gold with several federal charges.

Here is a summary of the action against E Gold from the DOJ press release:

A federal grand jury in Washington, D.C. has indicted two companies operating a digital currency business and their owners on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney for the District of Columbia Jeffrey A. Taylor announced today.

The basis of the DOJ charges are:

The indictment alleges that E Gold has been a highly favored method of payment by operators of investment scams, credit card and identity fraud, and sellers of online child pornography. The indictment alleges that the defendants conducted funds transfers on behalf of their customers, knowing that the funds involved were the proceeds of unlawful activity; namely child exploitation, credit card fraud, and wire (investment) fraud; and thereby violated federal money laundering statutes. The indictment further alleges that the defendants operated the E Gold operation without a license in the District of Columbia or any other state, or registering with the federal government, and thereby violated federal and state money transmitting laws. The indictment alleges that this conduct occurred at various times from 1999 through December 2005.

It appears a lot of different federal agencies worked on this investigation:

The case is being investigated by the U.S. Secret Service with the assistance of the IRS and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of Columbia and the Computer Crime and Intellectual Property Section of the Criminal Division. Assistance is also being provided by the Child Exploitation and Obscenity Section and the Asset Forfeiture and Money Laundering Section of the Criminal Division.

Full DOJ press release, here.

Besides allegedly being used to launder money, E Gold is often used in advance fee and auction scams, which trick people into sending their hard earned cash to fraudsters. I've written about the auction, secret shopper, romance, lottery and job variations of advance fee scams on this blog, frequently.

Like the problems with accounts being phished, or their value being drained because of crimeware, little can be done once the gold (converted to a monetary value) has been transferred.

When password details can be stolen, accounts can be taken over, also. This happens happens frequently on auction sites; when trusted accounts are compromised, then used for fraudulent purposes.

Wikipedia has an extensive article about Advance Fee (419), here.

It will be interesting to see how this plays out!

Sunday, April 29, 2007

Another former IRS employee pleads guilty to fraud

For the second time in the recent past, a former IRS employee (this time a deputy director) is guilty of committing fraud. Specifically, he helped a dishonest tax preparation service convince tax payers to claim illegal deductions, by claiming they were legal.

From the DOJ press release:

A former Internal Revenue Service (IRS) district director, pleaded guilty today to conspiring to defraud the United States through his involvement in a tax fraud scheme promoted by the Topeka, Kansas-based “Renaissance, The Tax People, Inc.,” the Justice Department and the Internal Revenue Service announced. During a hearing before U.S. District Judge Carlos Murguia in Kansas City, Kan., Jesse Ayala Cota admitted defrauding the U.S. Treasury of more than $1.3 million and to earning more than $300,000 from his participation in the scheme.

Cota, 65, of Vista, Calif., admitted in his plea agreement that from 1997 though April 2002, the conspirators, through Renaissance, operated a scheme to defraud the government and individuals by marketing a program designed to sell illegal tax deductions through false and misleading representations. His co-conspirators, Todd Eugene Strand and Daniel Joel Gleason, previously pleaded guilty to the same fraudulent scheme. Additionally, Cota admitted that during his participation in the conspiracy, those involved prepared or had others prepare false federal income tax returns resulting in a tax loss of approximately $1.3 million.

Full DOJ release, here.

I wonder what will happen to all the people that were convinced to use the illegal deductions?

Here is the post, I recently did about another former IRS type committing a different type of refund fraud:

Former IRS employee charged with a different type of refund fraud

So far as dishonest tax preparers, I covered this recently, also. A major Jackson Hewitt franchisee is under investigation for allegedly committing $70 million in tax fraud.

Of course, they should be considered innocent until proven guilty.

Saturday, April 28, 2007

While everyone sues TJX, the criminals are laughing all the way to the bank

Here is a great example of why there is so much identity theft. In Ontario, a man and his wife went right back committing identity theft, while on bail for running a payment card (debit/credit card) skimming operation. As you will see, they were by no means, small operators.

From, Jeff Mitchell reports:

Hundreds of new charges have been laid against a fraud suspect and his wife after Durham cops busted the two as they allegedly broke his bail conditions.

Police say they found evidence of widespread fraud when they searched the King City home of the man, arrested here last fall in connection with a credit and debit card skimming operation at a north Oshawa gas bar.

One fraud investigator said lists of debit and credit card numbers found in the home amounted to "an encyclopedia" of apparently stolen data.

Here is what they got caught with, while on bail for victimizing (probably) thousands of people:

During the arrest both occupants of the car were found to have counterfeit credit cards in their possession, police said. A subsequent search of their home resulted in the seizure of credit card writing equipment, 200 phoney credit cards and hundreds of pages of credit and debit card data, police said.

Police also seized the BMW, claiming it's proceeds of crime.

I guess no one figured out the BMW was paid for by theft, the first time around?

And meanwhile, lawyers and the banking industry are organizing law suits against TJX for their recent data breach.

Unless, we start making it dangerous for the criminals to commit financial crimes, the problem will keep growing!

While a lot of people focus on civil remedies, the criminals are laughing all the way to the bank. After all, they aren't being sued. AND the sad truth is that not very many of them are being caught.

The costs of litigation and fraud are both normally passed on to the consumer. Simple economics dictates that if they were not, the business would cease to exist. The fact that the banking industry (which could also be criticized for enabling some of this problem) is behind some of this litigation, bothers me!

Someone once said, "it isn't wise to throw stones when you live in a glass house."

Maybe I should do a few posts about how the banking industry makes it too easy to commit some of these crimes? For starters, we could discuss how easy it has become to counterfeit their payment devices, which is how the information is being turned into cash (what the criminals are after). We could also discuss how little they do to verify information, when issuing a credit card and all the unsolicited offers for credit (which are routinely stolen) out of the mail.

Thinking of that, I did a post about how easily criminals can manipulate this:

Ever wonder how well you are protected from credit card fraud?

Another thing to consider is that merchants already bear a lot of the cost of fraud becaue of chargebacks. This is where the bank charges back the fraud to the merchant. Many merchants feel strongly that they are already bearing the brunt of paying for all the fraud because of this practice.

For more information on this subject, visit, here.

There is no doubt that the true victims of identity theft deserve compensation, but to me some of this litigation is designed (my emphasis) to pass the buck. As I stated earlier, when the buck is passed, it gets charged to the consumer (in the end), anyway.

When is someone going to start addressing the real problem? The facts are that it's too easy to commit payment card fraud, not very many criminals are getting caught, and when they are -- the consequences are pretty minimal.

Full story from (about the crooks out committing crime on bail), here.

Wednesday, April 25, 2007

President's Identity Theft Task Force issues recommendations

The Identity Theft Task Force has issued the formal recommendations they've been putting together since May, 2006. The recommendations include feedback solicited from the general public.

The final report is comprehensive -- identifying all the issues that have made identity theft and the financial crimes that result from it -- a major concern in the public eye.

The report does (slightly) downplay the problem of data-breaches, noting no significant increase in financial crimes and identity theft from them. I'm not sure, I completely agree with this, but other's could probably argue this point with me. Despite this, it does make a lot of great recommendations on how to limit our exposure to the problem.

In all fairness, it's very difficult, if not impossible, to identify the original point of compromise in an identity theft case. In most cases, the best guess rule applies. With information being sold over the Internet, the criminal using the information probably isn't sure where it came from originally, either. And even if they were to tell us, most of them can't be considered 100 percent credible.

Underground carder forums seem to be selling personal and financial information, too inexpensively. This phenomenon ties the less sophisticated identity thieves with those of a more sophisticated (organized) nature. Given this, the problem has the ability to expand, rapidly.

As there is more demand, we might see more information being used in all sorts of crimes and Internet access is growing, rapidly.

Congress considered several bills on data breaches in their last session, but failed to pass any of them. Protecting against data breaches is going to be an expensive proposition and my guess is that there is a lot of lobbying going on by the organizations that will ultimately pay for protecting the information better.

The report calls for stricter laws and more aggressive enforcement, which is something that should be taken seriously. In my opinion, a large part of the problem is that identity theft is too easy to commit, extremely profitable, and consequences are minimal, if caught.

Also called for is more cooperation of an International nature, which is going to be a key part of any resolution to what is rapidly becoming a global problem.

The full report can be seen, here.

The Task Force's homepage, which has more good information, can be seen, here.

FEMA declares they are becoming stronger after realizing how much money was wasted in the hurricane disasters!

Hope Yen at the AP has written an article based on a report by the Inspector General at Homeland Security that $3.6 billion in contracts were awarded to companies with ties to the Republican Party rather than to local companies, impacted by the Katrina/Rita hurricanes.

She quotes Senator Dorgan, who requested the audit, as saying:

"This confirms what we already knew about FEMA — there was a staggering level of incompetence, and the victims of Katrina, as well as taxpayers, are taking it on the chin," Sen. Byron Dorgan (news, bio, voting record), D-N.D., who requested the audit, said Monday.

Dorgan, who chairs the Democratic Policy Committee, said that it was ironic that the new contracts were aimed at helping small businesses in the region get back on their
feet, but instead "some very big interests got some very lucrative contracts."

"There are a lot of things wrong with this, so this report should be a warning signal to Homeland Security and FEMA," he said.

Government investigators already estimate over $1 billion in losses due to waste.

FEMA's response was:
In response, FEMA in the report disagreed that the wide price variations put taxpayers at risk. The agency contended that it was comfortable with bidders' financial viability based in part on past performance. In cases where contract prices appeared unreasonably high, those would be offset with lower payments later on subsequent work orders, FEMA officials said.

FEMA spokesman Aaron Walker said Monday that the agency welcomed the audit's findings and was working hard on improvements to better perform its duties "while being a conscientious steward of taxpayer dollars." He said that FEMA contracting officers did a "remarkable job" given their short time frame.

The audit will assist in making "the new FEMA stronger, more flexible and cost-effective," Walker said in a statement.

Full AP story with links to the Homeland Security report, here.

Both sides can argue, but one thing is apparent, which is we probably could have done a lot more for the victims with the resources we spent!

If mistakes like this ($1 billion and counting) were made at a private organization, do you think the people making them would still be employed?

Probably, not very likely! Perhaps, I could get "the Donald" to comment, but that's not very likely, either.

The political climate on wasted government money is heating up. Recently, I blogged about $2 billion, allegedly wasted by a company (recently sold off by Halliburton) called KBR:

The case of an alleged $2 billion government contract fraud/abuse in Iraq/Afghanistan

In this case, it appears that we could have better served those, who are serving US!

Sunday, April 22, 2007

Why it's become TOO easy for restaurant workers to skim payment cards

We seem to be seeing a record amount of credit/debit (payment) card fraud recently. The latest is a $3 million scheme -- where restaurant servers were recruited to steal their customer's financial information -- using portable skimming devices, which seem to be easily purchased over the Internet.

Samuel Maull of the Associated Press is reporting:

Thirteen people were indicted Friday on charges stemming from their roles in the credit card fraud, prosecutors said.

The credit card account information was stolen from customers who visited restaurants in Manhattan's Chinatown and other parts of the New York metropolitan area, as well eateries in Florida, New Hampshire, New Jersey and Connecticut.

Full AP story, courtesy of the Washington Post, here.

The Manhattan DA's site has a lot more information on this case, which reveals most of the defendants appear to have worked in Asian restaurants, were extremely organized and traveled the country buying high-end electronics.

The DA press release shows how they were turning the stolen merchandise into cash, which is the goal of most of these criminals:

THOMAS JUNG, JOON HEE KIM, JUN SHOJI, RICHARD LEE, JENG SEAK LEE, PHIL ANG, ALEX KIM and others in small groups to areas within and outside of New York State to purchase high-end electronics merchandise – such as laptop computers, Sony Play Stations, GPS navigation systems, high-end digital cameras and IPods.

PAO provided each shopper with 20 to 40 counterfeit credit cards with the expectation that each “shopper” would make fraudulent purchases in an amount that averaged $1,000 per counterfeit card. If a “shopper” was provided with 30 counterfeit credit cards, the “shopper” was expected to make $30,000 in fraudulent purchases. PAO made the travel arrangements for the “shoppers,” which included airline flights, car rentals, and hotel rooms for shopping trips in New York, New Jersey, Connecticut, Illinois, California, Oregon, Washington, Ohio,
Pennsylvania, and North Carolina.

The “shoppers,” who were paid approximately 15% of the retail value of the merchandise they bought, delivered the merchandise to PAO, who then sold the stolen goods to defendant JOHN DOE. In turn, DOE sold the goods to electronics and computer stores in Queens.

You can read the full press release, here.

Unfortunately, this problem is enabled by portable devices, which are too easy to obtain. A website, I found recently (called Hackers Homepage) seems to openly sell everything a wannabe card skimmer would need to do this. They even sell the high-quality card blanks - with the ability to place holograms on them - right over the Internet!

Of note, this site (which I hope is under surveillance) also sells more sophisticated skimming devices designed to be placed on point of sale systems, and advertises other devices and publications that would appear to enable a lot of different financial crimes.

A lot of this stuff can also be purchased on auction sites (like eBay) as demonstrated, here.

Perhaps, if we want to see a decrease in this activity, we need to enact laws that will control some of the technology, which makes it TOO easy for anyone to do.

This along with DIY (do it yourself) auction fraud and phishing kits, also being sold over the Internet, make it too easy for ANY criminal to commit pretty sophisticated crimes.

Throw in carder forums, which sell all the information being stolen, and there is no wonder why this has become a rapidly growing PROBLEM.

The bottom line is that easily purchased technology is making the problem worse, and the problem is spreading so rapidly, law enforcement has a hard time keeping up with it.

This IS NOT a victimless crime, just ask any of the people having their information stolen, or one of the businesses that have lost money from it. Of course, when businesses lose money, they have to raise prices, which means we are all paying for it.

To watch a pretty telling video on YouTube about how restaurant workers skim payment cards, link here.

Saturday, April 21, 2007

How much of our Social Security money is benefiting former illegal aliens in Mexico?

With predictions that Social Security might be bankrupt before many of us ever receive any benefits, money potentially being given to people not entitled to it, bothers some people.

Dr. Jerome R. Corsi ( just did a very eye-opening analysis of the problem, where he states:

Amid the U.S. government's acknowledgment of rampant document and benefit fraud, the Federal Reserve is wiring 26,000 Social Security payments every month to Mexicans south of the border.

Officials with the Federal Reserve and Social Security Administration insist payments are not going to illegal aliens but admit they cannot be certain. Meanwhile, the Department of Homeland Security has launched a new task force to address the "growing" problem of benefit fraud, including in the Social Security Administration.

I like the official statement that no payments are going to illegal aliens, but they can't be certain?It seems to me that if they were certain, they might HAVE do SOMETHING about it.

I sometimes like to examine the money trail, which is what anyone wanting to determine fraud should follow, and according to the article:

According to the Federal Reserve, in 2005 the amount of funds transferred to Mexico reached more than $30 billion, up from $16.6 billion in 2004. The remittance market to Mexico has experienced double-digit growth in recent years.

Even scarier, was what is termed a totalization agreement with Mexico, that Social Security refused to release until forced to by an advocate group for senior citizens:

As WND previously reported, after refusing to release the document for three and a half years, the Social Security Administration in January finally made public a totalization agreement that "would allow millions of illegal Mexican workers to draw billions of dollars from the U.S. Social Security Trust Fund."

The disclosure was forced by a Freedom of Information Act request filed by the TREA Senior Citizens League, a non-partisan seniors advocacy group.

This hasn't been signed into effect by President Bush, but it could be done without congressional approval.

Dr. Corsi sums up this analysis using factual data from the GAO:

In September 2003, the U.S. General Accounting Office estimated a Social Security totalization agreement with Mexico would cost $78 million in the first year and would grow to $650 billion (in constant 2002 dollars) in 2050.

The GAO admitted even this estimate was low given that the totalization agreement provides an additional incentive for millions more Mexicans to enter and work in the United States.

Dr. Corsi's highly interesting analysis (I highly recommend reading the entire article), here.

So far as the officials, who aren't certain if fraud is occurring, they might want to consider the amount of benefits fraud, recently uncovered in the Katrina and Rita hurricanes. Initially, officials seemed to be in denial (not certain) about how much of it happened there, also. After the GAO did a little digging, they seemed to find quite a bit of it - and rumor has it - they aren't finished finding all of it.

Benefit fraud is a huge problem, and it costs us all in the form of higher taxes. It also takes away from the funds available to pay honest people, who are entitled to receive them.

Here is another post, I wrote about the scope of this problem in a limited area (Southern California):

Los Angeles Grand Jury Calls Child Care Program an ATM for Thieves

The official ICE press release about the government task force looking into this problem can be seen, here.

Friday, April 20, 2007

While a nation mourns, cyber criminals are on the attack

Earlier in the week, I blogged about how cyber criminals (ghouls) would likely use the Virginia Tech disaster to line their pockets.

According to Jeremy Kirk, IDG News Service, this prediction is becoming true -- and according to experts -- fake domains are being set up at a faster rate than after the Katrina hurricane.

Even malicious software a.k.a (crimeware) is being circulated via spam e-mails, claiming to have a link to cam phone footage of the incident.

Clicking on this filth can turn your computer into a zombie (normally used in a botnet to send more spam) -- or even log your personal and financial details -- which might be later sold in a carder forum (used for identity theft).

Very interesting and sad commentary on how cyber criminals are on the attack, while a lot of people are in mourning, here.

One place, I recommend to send any of this (trash) you spot on this is to Castlecop's:

Phishing Incident Reporting and Termination Squad (PIRT)

They make sure this garbage gets reported to all the appropriate parties!

The case of an alleged $2 billion government contract fraud/abuse in Iraq/Afghanistan

A company providing services to our troops in Iraq and Afghanistan has allegedly committed $2 billion in fraud and abuse. Until recently, it was part of Halliburton (spun off after a stock swap)?

Donna Borak, of the AP (courtesy of SignOn San Diego) reports:

U.S. lawmakers on Thursday railed against defense contractor KBR Inc. for a string of fraud and contract abuses on a multibillion-dollar contract that provides food and shelter to U.S. troops in Iraq.

“I think profiteering during wartime is inexcusable,” said Sen. Byron Dorgan, D-N.D., during a Senate Armed Services Committee hearing. “We've got a very serious problem. This is the most significant waste, fraud and abuse we have ever seen in this country.”
Here are more specifics as to what occurred, quoting Senator Levin, chairman of the Senate Armed Services Committee:

Sen. Carl Levin, D-Mich., chairman of the committee, cited several examples of contract abuse, including KBR billing the federal government for millions of meals that were never delivered, overstating labor costs by 51 percent, or $30 million and wasting between $40 million and $113 million by purchasing unnecessary vehicles.

Full story from the AP, here.

The thought of a company being made independent (via a stock swap) and charges of wrongdoing being brought forth, shortly afterwards, bothered me. I decided to look a little further to see what I could find about how this occurred.

I found a site called Halliburton Watch, which did an article entitled, Halliburton bails out of Iraq, KBR and now America. The article (which alleges a lot of other wrongdoing by Halliburton) links to the press release from Halliburton about the KBR spin-off, here.

The stock swap was announced in February. Since it would be hard to skim $2 billion from a $20 billion contract (granted over 5 years) in two months, I decided to see what else I could find.

Going to Senator Levin's site, I found a press release, clearly indicating that the alleged fraudulent activity occurred well before February.

After stating that KBR (formerly Halliburton) should be considered innocent until proven guilty, there seems to be a lot of substance to these charges, researched by government auditors. It will be interesting to see how this plays out, and fraud in time of war (if proven), should be dealt with severely!

Thursday, April 19, 2007

Not answering a Privacy Notice gives the sender permission to sell your personal/financial information

Recently, I did a post on the difficulties a blogger had after receiving a privacy notice from one of his financial institutions (American Express) and trying to "opt-out" (let them know he didn't want his personal and financial information sold).

In reality, most of the privacy notices, we receive are saying "if you don't respond to me, you are giving us permission to sell your personal and financial information."

These privacy notices (hard to distinguish from junk mail) come about from a law passed in 2001 to protect consumers from having their information sold (just about anywhere). This personal information is often put at risk because it wasn't protected, properly.

The Privacy Rights Clearinghouse has a lot of information on this subject and why the version of the law that was passed isn't as consumer friendly as it sounds. Here is what they had to say:

When this law was debated in Congress, consumer advocates argued unsuccessfully for an "opt-in" provision. This stronger standard would have prevented the sharing or sale of your customer data unless you affirmatively consented. Unfortunately, the opt-in standard did not prevail. That is why we emphasize in Fact Sheet 24 that the burden is on you to protect your financial privacy.

They do have an EXTREMELY informative page on the site, which gives a lot of information on the law and how you can protect your information, here.

They also have another page with a lot of information on how to opt-out from having a lot of different companies sell your personal details.

If you are like me and have a "time challenged" life style, there is one place everyone should opt-out from having their information sold, or the credit bureaus. Credit bureaus, collect and gather all our personal and financial information, and make a LOT of money, selling it.

In a lot of instances, they were the ones, who sold it in the first place.

You can do this, by going, here.

The Federal Trade Commission also offers information to consumers on this subject.

Since most of these laws were passed by Congress prior to data breaches being tracked, perhaps the time is right to make a few changes to the law.

In case any of them are interested, the Privacy Rights Clearinghouse, has also been maintaining a very telling chronology of why something should be done, here.

As of this post, 153,558,451 voters and potential voters have been compromised, according to the chronology (which freely admits it isn't 100 percent accurate). The stated reason that it is impossible to be accurate is because in many instances, the total number of people compromised couldn't be determined.

It's normally pretty hard to get the data thieves to comment on how much information they got in any particular breach!

Wednesday, April 18, 2007

Are Charity Fraudsters (Phishermen and Pharmers) preparing to exploit the Virginia Tech Disaster?

Internet criminals use disasters to get nice people to donate their hard-earned money to them, personally. Recent examples where this occurred have been the Katrina hurricane, Tsunami disaster and London bombings.

According to the Sans Internet Storm Center, we can probably expect the same activity to occur in the wake of the Virginia Tech Disaster.

Here is what they are reporting in their Handler's Diary:
There has been a flurry of domain registrations related to the Virginia Tech tragedy, as reported by GoDaddy and other registrars. While some of these are undoubtedly well-intentioned organizations joining in the outpouring of support for the friends and family of the victims, others are likely to be opportunists who want to cash in on the suffering of others.

Be on the lookout for a rash of spam & phishing coming from these leeches. If you receive a plea for donations, check the organization out closely before opening up your e-gold, Paypal, Visa or other account or providing any personal information. In some cases the phishers may use voice, fax, email and websites to dupe generous and thoughtful victims into disclosing valuable information.
Full diary post (with potential domains being grabbed), here.

As the SANS post aptly points out, giving out any personal, or financial information to one of these fraudsters (leeches) can have more consequences than giving your money away to the wrong place (identity theft).

Here are some investigative (due diligence) resources someone might take advantage of to make sure they are donating their money to a worthy cause:

Better Business Bureau Wise Giving Alliance

Charity Navigator

American Institute for Philanthropy

The Federal Trade Commission (FTC) has some information on how to make sure your money goes to the cause you intend it for, here. Also contained on this page is where you can report fraudulent activity to them, which is highly recommended.

Tuesday, April 17, 2007

Counterfeit MoneyGram Money Orders being passed via Internet Scams

Recently, MoneyGram removed the Travelers Express name from their money order product. The new version is branded simply as MoneyGram, printed in Spanish (Espanol) in addition to English.

The old version with the Travelers Express name have been counterfeited and circulated via Internet scams for a couple of years. A lot of them had Walmart's logo printed on them. We've seen similar counterfeit American Express Gift Cheques and Postal Money Orders in recent years, also. Some of these items are still in circulation, including the older Travelers Express version.

The newer version (MoneyGram) printed in both Spanish and English are now being counterfeited and being circulated via Internet scams. The one I saw was accompanied by a letter from Walmart Financial Services.

Like other counterfeit financial instruments, we'll probably see these circulated via romance, auction, job, secret shopper and lottery scams. The common theme is that the scammer will always request that you send a portion of the money back to them (wire transfer is the preferred method).

In the case of auction scams, they may be used to buy expensive merchandise.

Cashing these items will leave you at a minimum, financially liable. I've also been told by readers that people are sometimes getting arrested for passing them!

The new version (recently seen) have receipts attached to them. Money Order companies often attach receipts to their products as a security feature. These receipts are used to obtain refunds, if a money order is lost, or stolen.

The counterfeiters have probably added this feature to instill a false sense of security.

Like their predecessors, these counterfeit Money Orders are (normally) easy identified by calling in and verifying their authenticity.

MoneyGram has an automated system to do this, which can be accessed by calling 1-800-542-3590. Live customer service help is available during normal business hours.

MoneyGram also has a page with a lot of relevant information on how to SAFELY negotiate these items, here.

Since this is something new, if anyone would like to help get the word out, please leave a comment on this post, or drop me a line at

Monday, April 16, 2007

Social Security employee causing $2.5 million in credit card fraud reveals how easily information is stolen from within

Recently, I blogged about a former IRS employee, who committed $330,000 of retail refund fraud (basically shoplifting) in nine states. This morning, I read about a former Social Security Administration employee, who caused an alleged $2.5 million in credit card fraud by providing detailed information on victims to an external identity thief.

Sharon Gaudin at Information Week writes:

The indictment alleges that Batiste conspired with her cohort Craig Harris and others by agreeing to access the Social Security Administration's computer system to run search queries for Harris.

Harris, a 50-year-old Los Angeles resident, pleaded guilty in September to conspiracy and unlawful possession of a means of identification. Harris, who faces a maximum sentence of 10 years in prison, is scheduled to be sentenced on July 17.

The government contends that Harris would give Batiste some identifying piece of information about someone -- either a name or Social Security number -- and Batiste would then query the government system to pull up enough other identifying information to put the person's identity at risk.

Information Week article, here.

According to the article, the arrest was the result of the work of the Economic Crimes Task Force, which includes both federal and local assets in Southern California.

Last October, I wrote about a task force in Southern California responsible for catching a lot of insider related (employee) identity theft. My post is still up, but the link to the LA Times article is now down and nothing else can be found about it on Google.

I suppose insider problems aren't as newsworthy as large scale data-breaches, involving highly skilled hackers. The reason for this might be that they are embarrassing to the organization involved, and they don't help sell expensive (computer related) security fixes.

In fact, a trusted insider, can normally get past all the above referenced security fixes, simply because they have access.

And if you think about it, retail, restaurant and clerical employees have access to a lot of information. It's a lot easier to bribe, or even place a person inside an organization to steal information than hack it from the outside.

Trust me, it's going on in the business (and it appears) civil service worlds, daily.

Perhaps, all the experts, should take a closer look at this problem and how to control it.

Here's a previous post, I wrote on this subject, where the Secret Service is doing this:

Secret Service is Studying the Problem from Within

LA County has a hot line to report government employees committing fraud. The information to contact it can be found, here.

The FBI has also set up a place, where anyone can report public corruption, here.

A lot of large companies have a dedicated hot line to report internal problems, or you can ask to speak to someone in their security department. Smaller businesses normally don't have these resources, but most owners would be highly interested if someone working for them was stealing.

It's not good for business!

In some instances (not all), there are financial incentives for reporting insider dishonesty.

If you are worried about safety issues, I always recommending doing this, anonymously.

Sunday, April 15, 2007

Mexican Drug gangs post execution videos on YouTube

It used to be that organized drug gangs wanted to keep a low profile. No more, like their jihadist role models, they are using the Internet to spread their twisted message of death and destruction.

Manuel Roig-Franzia did an extremely informative article about this for the Washington Post, where he wrote:

Bloody bodies -- slumped at steering wheels, stacked in pickup trucks, crumpled on sidewalks -- clog nearly every frame of the music video that shook Mexico's criminal underworld.

Posted on YouTube and countless Mexican Web sites last year, the video opens with blaring horns and accordions. Valentín Elizalde, a singer known as the "Golden Rooster," croons over images of an open-mouthed shooting victim. "I'm singing this song to all my enemies," he belts out.
Washington Post story, here.

Recently, these drug gangsters posted a video on YouTube of one of their rivals being decapitated.

Of course, the money to do all of this is obtained by sending their wares (narcotics) across our Southern border.

While everyone debates the illegal immigration issue, we have something (far more sinister) to worry about. In fact, the sheer number of illegal people crossing (perceived by many of us to be harmless) probably enables a lot of (not so harmless) people to cross, also.

There is no doubt, many of the illegal immigrants are innocent souls -- but as long as we allow criminals to control our borders -- we aren't doing a very good job of protecting our own citizens.

The step daughter of one of the gang leaders (Jefes) producing counterfeit documents, Suad Leija, has a message about this to all of us, which can be read, here.

Counterfeit documents are one of the factors that enable this problem (not very secure borders) to pose a danger to us all.

Saturday, April 14, 2007

Oprah's name spoofed in sweepstakes scam

At about the same time, Oprah did a show on Internet scams, the Illinois Attorney General (Lisa Madigan) issued (another) alert about scammers using Oprah's name to instill (trust) in the garbage they send.

Although, Oprah has run some sweepstakes recently, this one is a scam!

From Attorney General Madigan's press release:

According to Harpo Productions, Inc., which produces The Oprah Winfrey Show, several legitimate sweepstakes were held in the summer of 2006 through but all winners were previously notified. Harpo Productions, Inc. has not sent any letters in 2007 announcing additional winners for this sweepstakes. The sweepstakes letters being mailed to consumers have a check enclosed that is made payable to the letter recipient. The checks look real but are actually counterfeit. Consumers should disregard these letters and should not attempt to cash the checks.

The letters and checks are props in an especially devastating form of consumer fraud—conning check recipients into believing the checks are real, convincing recipients to deposit the checks into their banks, and even persuading the recipients to wire their own money to the con artists.

Full release, here.

Oprah covered this (and a lot of other scams) on her show yesterday, which can be seen on her site, here.

She also mentions this and another scam involving tickets to see her show on her site, here.

Tom Fragala (MyTruston) and I collaborated on a post about counterfeit checks being used in a variety of I-Scams a few months ago:

Counterfeit Cashier's Checks Fuel Internet Crime

Oprah's name is being used because of her immense popularity, which is a common theme in a lot of this activity. Popular brands, disasters and even government agencies are used in same manner, also!

Friday, April 13, 2007

Symantec's Family Resource Web Site

Symantec has launched a new web page designed to educate children (and their parents) about how to avoid the (sometimes) murky waters of the Internet.

The goal of the page is to (in their own words):

Our goal is to help parents provide guidance to their children who are using the Internet . We want you to keep your children and your computer safe online, and help you make sure your children are good cybercitizens. With your direction and supervision, the Internet can be a positive, safe place for your child to research, learn, communicate, and socialize.

The page can be viewed, here.

Symantec has also hired someone to administer this effort (Marian), who writes columns to support the page.

You can even submit a question to her, here.

The page has links to other sites on this important subject, also:

iKeep Safe

Web Wise Kids

National Cyber Security Alliance

Taking the time to educate our children, as well as ourselves, on how to safely use the Internet is an important effort!

Thursday, April 12, 2007

Sage Predictions on the State of Cyber Crime from McAfee

According to McAfee, cyber crime is growing and as soon as the good guys (white hats) close one loophole, the bad guys (black hats) exploit another.

Unfortunately, technology grows faster than laws and security fixes. Criminals, who are becoming increasingly organized, realize and exploit this fact, frequently.

The report confirms predictions that exploiting VoIP and mobile devices will become more common.

Vishing will probably become more dangerous than phishing - it adds a more personal (voice) touch to tricking people into giving up their personal details. VoIP (cheap long distance) is one of the reasons for this. Since caller-id spoofing is easily available and legal, it makes sense that a lot of people are going to fall victim to vishing attacks.

Also covered is the growth in music and software privacy. Billions of dollars are being lost in both these areas - systems are now being sold with pirated software already installed on them.

To me, this shows how organized, the activity is becoming!

The report also covers RFID technology (quickly becoming commonplace) and how easily it can be exploited. Despite warnings from a lot of concerned experts, we seem to be implementing this technology at a foolish pace (my emphasis).

McAfee deserves recognition for having the courage (there is a lot of money behind RFID technology) to point out the dangers behind this highly profitable, but dangerous (my emphasis), technology.

Enough ranting for the moment, I highly recommend reading the full report, which can be viewed, here.

Wednesday, April 11, 2007

Warning if you don't open (and respond) to snail mail from American Express, they will sell your personal information!

I get snail (mostly junk) mail from credit issuers, daily. Being concerned about identity theft and my personal privacy, I try to shred all of them. But am I doing the right thing? As you will see, some of them probably hope I never do.

Here is what happened to someone, who is a lot more diligent than I am (he actually opens the mail). Christoper Null (ATT/Yahoo Tech blogger) got his most recent privacy notice from American Express, which informed him if he didn't want all of his personal and financial information sold, he needed to opt-out with them.

They gave him two methods to do so, snail mail and a 1-800 number. Chris selected the 1-800 number and here is what happened:

I call (800-297-8378 if you want to try it for yourself). I get a recording welcoming me American Express and notifying me that the call could be recorded... thenabruptly says: "The computer system needed to answer your questions is not available." And it hangs up.

Now I understand computers go down, but that was five days ago, and I'm still getting the recording. Will it ever come back online or is it all a scam? The paranoid side of me believes that there is no computer connected to this 800 number, and that it's designed to trick me into forgetting about the entire matter and being too lazy to fill out the paperwork so I'll remain opted in.

According to several comments on his post, the 1-800 was down for quite awhile.

He later (being the saavy tech guy he is) tried to go to their webstite to opt-out and was only able to opt out from electronic, not snail communication.

Very REVEALING post from Chris, here.

It is pretty scary that credit card companies require us to opt-out, and if we don't, they sell our information to, anyone and everyone. After all, selling information, is highly profitable.

The Personal Finance Blog did a post about how much personal information is worth (retail-value), here.

The post is about a year old, and the prices might vary, depending on who is selling it.

I guess the finance industry has found a way to get around recent privacy concerns, and they do it under the guise of a privacy notice!

It's no wonder there is so much identity theft!

Tuesday, April 10, 2007

Blog exposes risk in reporting ID Theft

(Screenshot courtesy of the In Security Blog)

I'm surprised no one has called this one out before. John Sharp, author of the In Security Blog writes:

Those of you who follow my blog know that I'm worried about the increasing sophistication of keyloggers. Which is why, when I went on the FTC site this morning, I was a little shocked to discover that the format of the FTC ID Theft Complaint Form presents a veritable gift to keyloggers.

Full post from the In Security Blog (great read), here. There are also some great tips on how to avoid becoming a crimeware victim on the PR release on this from Authenium (John's company), here.
John's concerns are well founded. The Anti Phishing Working Group, which tracks phishing, malware and crimeware (normally keylogger variants) shows their use increasing, monthly.
Keyloggers (once on a system) record keystrokes, sending them back to the person, who covertly placed the software on the system. Criminals often install (drop) these cybernasties using spam e-mails, which lure people to click on their links.
The information, the criminals intend to log (steal) is personal and financial, which is then used to steal money.

(Chart courtesy of Websense and the APWG)

Sadly enough, keylogging software has so-called legitimate uses and can be legally purchased by anyone. One of the legitimate (so-called) uses is to spy on other people (invade their privacy).

Just about anyone can buy this wonderful technology right on the Internet, which can bee seen, here. Perhaps if it wasn't so easily available, the problem wouldn't keep getting worse?

The FTC does a lot of good in their battle to fight identity theft. You can get a lot of good information about how not to become a victim by visiting their page on it, here.

Once a computer has been compromised with crimeware (keylogging software), anything entered on it can be logged (exposed). Even if the site you are sending the information to is "secure," your computer IS NOT!

The Internet is full of sites requesting your personal details, the bottom line is to make sure your system is secure, or if it IS NOT - avoid sending personal or financial details, anywhere.

Monday, April 09, 2007

Fake e-mail claiming U.S. has attacked Iran contains Trojan

If you receive a e-mail that Iran has been toasted by a U.S. strike, be careful of clicking on the attachment. Doing so, might toast your computer system.

John McDonald posted this information on the Symantec blog:

Over the weekend Security Response received samples of the latest variants of Trojan.Peacomm and W32.Mixor doing the rounds. The social engineering trick employed this time is in appealing to people's sense of fear as well as natural curiosity of a possible Middle East war involving the United States, Iran and Israel.

Subjects include "USA Just Have Started World War III" / "Missle Strike: The USA kills more then 20000 Iranian citizens" / "Israel Just Have Started World War III" / "USA Missile Strike: Iran War just have started". From the sample emails that we have seen to date, the actual email body is blank, and the attached files have various names such as "video.exe", "movie.exe", "click here.exe", "clickme.exe", "readme.exe" and "read more.exe".
More on this on the Symantec blog, here.

An unprotected computer might be turned into a zombie, which becomes part of a botnet (used to harass the rest of us with lots of more spam) if one of these attachments is clicked on.

Spam is often used to facilitate financial crimes, such as identity theft.

It pays be to EXTREMELY careful before clicking on any (unknown) attachments received via e-mail.

Are we being gouged with hot gas?

Gas prices seem to keep going up, too frequently. According to ABC, buying gas could even be more expensive than what we see posted at the pump:
Consumers are feeling the pain at the pump, as gas prices have risen for nine straight weeks.

Now lawsuits around the country claim drivers are being ripped off in a gas gouge they can't even see.

There are at least nine lawsuits pending that claim some gas stations are padding their profits by selling warm gasoline.

According to the article, the cost impact of this might be:

An investigation by the Kansas City Star newspaper found that American drivers may overpay $2.3 billion a year, with drivers in warm states like California hit the hardest.

ABC News story, here.

Of course, the industry (petroleum) is arguing these statistics.

You can e-report suspected gas gouging to the DOE (Department of Energy) by linking, here.

DOE states that:

All complaints registered with the Department of Energy will be collated and transmitted to the Federal Trade Commission, U.S. Department of Justice and individual State Attorneys General for investigation and prosecution where appropriate.
Unfortunately, no one has ever been able to prove the oil companies were gouging consumers.

Still, the way they raise prices doesn't make a lot of sense to a layman like myself?

Meanwhile Reuters is reporting:

Occidental Petroleum's (OXY) chairman and chief executive took in more than $400 million in compensation last year, the company said in a filing, one of the biggest single-year payouts in U.S. corporate history.

Reuters story (courtesy of USA Today), here.

Saturday, April 07, 2007

buySAFE takes on the issue of counterfeit (knock off) merchandise

buySAFE bonds sellers after verifying they are reputable and honest. They also contribute their time to protecting the average person in the sometimes murky waters of e-commerce. Recently, buySAFE has been taking on the (huge) issue of counterfeit merchandise.

Consumers are protected when they buy from a merchant bearing the buySAFE seal. Not a very bad deal for the consumer! Bonding isn't free, but many merchants experience higher sales volumes after being accepted by buySAFE. Trust can drive a lot of sales! buySAFE is also a viable means for a merchant to protect their assets.

The Association of Certified Fraud Examiners noted in their last report to the nation that small businesses suffer "disproportionate fraud losses," when they are victimized by fraud. Large merchants can afford experts to deal with their fraud problems, however the cost is hiring experts can be restrictive for smaller merchants.

Of the numerous fraud issues found on auction sites, complaints about counterfeit goods rank pretty high. People buy items believing they are the "real deal," only to discover the item is a (knock-off) counterfeit.

Companies, who sell respected and trusted brands, are impacted by a loss of sales and consumer trust in their products, also. Some of them have already filed civil litigation against eBay because of the amount of knock-off (counterfeit) merchandise being sold on the site.

Even though auction sites offer seller rating systems, these ratings are often compromised when seller accounts are hijacked (taken over). eBay and PayPal (by most accounts) are recognized as the two most phished brands out there.

The intent of most of these Phishing schemes is to obtain personal/financial information to steal money (and or) take over legitimate accounts.

This can also happen when malware (crimeware) is inserted into an unprotected system and personal/financial details are stolen, normally using key logging software. Sadly enough, the criminal element has found it pretty easy to remain anonymous on auction sites, and few of them seem to get caught.

Whenever the Anti Phishing Working Group (APWG) releases a new report, both of these activities seem to set a new record that surpasses the previous one.

Recently, eBay seems to be taking the fraud problem a lot more seriously, but someone using the name of "Vladuz" is intent on proving their systems are easily compromised. A good place to keep up on the Vladuz saga is

Although a good information source, I'm not certain that bashing Meg is the solution to fraud on auction sites.

Being the largest auction site, eBay is targeted by fraud all the time because of their popularity.

Fraud has already migrated to other auction sites, but they will always target the most popular.

The reason for this is simple (and it's only business for them) - there are more victims to harvest in popular places.

The term "Vlad" was based on a Romanian historical figure, Vlad Tepes, who inspired the novel, Dracula. In recent times, the term has come to signify fraudsters from Romania, who are well established and organized in the world of auction fraud.

Besides, protecting merchants and consumers, buySAFE makes a lot of contributions to addressing fraud issues on auction sites. Most recently, Jeff Grass (buySAFE CEO) has posted a lot of educational information on his blog about the counterfeit problem, here.

Jeff also appeared on the Today show, when they did a piece on counterfeit goods.You can view a clip of the show, here.

And the Today show isn't the only place that considers buy Safe’s views on the counterfeit problem important. The French government recently included buySAFE as part of a U.S. delegation (including government experts) to discuss the problem of counterfeit goods.

The INTERNATION ANTICOUNTERFEITING COALITION (a non-profit) sums up the problem when they state:

Counterfeiting is big business.It is estimated that counterfeiting is a $600 billion a year problem. In fact, it's a problem that has grown over 10,000 percent in the past two decades, in part fueled by CONSUMER DEMAND.

The real truth is people who purchase counterfeit merchandise risk funding nefarious activities, contributing to unemployment, creating budget deficits and compromising the future of this country in the global economy.

IACC site, here.

Part of the reason the activity has grown 10,000 percent is probably due to the explosion in e-commerce, especially on auction sites.

buySAFE seems to be doing a little more than just selling a product. In fact, they seem to be exercising some corporate responsibility by educating the public on fraud trends in the rapidly growing world of e-commerce.

Consumers can become a member of their Smart Buyer's Club, which leads you to a lot of good deals (safe to buy), here. Club members accumulate points, which can be redeemed for goods, or services (listed on the site).

Anyone claiming to be a buySAFE merchant can be verified, which can be done on the site, also.

Friday, April 06, 2007

Former IRS employee charged with a different type of refund fraud

With the deadline to file our taxes almost upon us, the term refund fraud, normally is associated with filing a fraudulent tax refund. A former IRS employee, Robert Dooley has been charged a different type of refund fraud (retail). The stated losses in this case were $330,000.

Dooley allegedly stole merchandise and refunded it in nine states (he gets around), using his IRS identification to intimidate (my best guess) Home Depot employees.

Many retailers allow returns without a receipt if identification is presented. The practice of maintaining this information in data bases, which might be hacked has been a concern with privacy advocates, recently.

I examined this issue in a recent post on what some retailers are doing to protect themselves without data mining information (SIRAS technology), here.

Refund fraud is estimated to cost retailers $16 billion a year based on a study conducted by Dr. Richard Hollinger at the University of Florida.

In many instances, Dooley received gift cards, which retail crooks often turn into cash, using a variety of methods.

Reuters story on this matter, here.

Their article suggests that Dooley would pick up the merchandise and head directly to the return counter. This is a common way retail criminals perform a fraudulent refund.

This isn't the first time in recent history a civil service type was involved in this activity. A little over a year ago, I did a post on a former Bush advisor doing fraudulent refunds:

Former Bush Advisor Arrested on Shoplifting Allegations

And civil servants aren't the only public figures that have been caught shoplifting.

(Winona Ryder photo courtesy of Wikipedia)

Retailers and the FBI band together to fight organized crime

Communication is probably the most effective tool in fighting financial crimes, especially those of the organized sort. Financial crooks (scam artists) thrive on a lack of communication and knowledge.

The retail industry realizes this and in partnership with the FBI is launching a secure tool that businesses and law enforcement can use to communicate criminal activity with each other. A simple, but powerful principle.

Here is the information on this new tool from the NRF site:
In response to an alarming rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, in collaboration with the Federal Bureau of Investigation, have teamed up to launch the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share information through its unique web-based design. With LERPnet, retailers and law enforcement will be able to fight back against illegal activity including organized retail crime, burglaries, robberies, counterfeiting, and online auction fraud. The database will launch on April 9, 2007.

Full NRF press release, here.

More information on this tool can be seen by linking, here.

The Washington Post also did a good story covering this.

A lot of other industries and law enforcement agencies should follow this example. Developing better tools to communicate could help resolve the current epidemic, currently being seen in all types of financial crimes.

There is some evidence that the bad guys communicate with each other, regularly (carder forums). The good guys should do no less!

To close, Joe LaRocca, NRF vice president of loss prevention is saying:

“With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you.”

Wednesday, April 04, 2007

Google name used in Internet deployed Lottery Scam

If it's too good to be true, it probably isn't (especially on the Internet). A spam e-mail, I received today informed me that I've won Google's lottery and 500,000 euros.

Trusted names are used to provide a false sense of legitimacy. Since I myself am a Google fan (user), I decided to comment on this one.

When the (eventually unfortunate) winner answers one of these, they are asked to send (wire transfer is preferred) money to cover taxes and tariffs to get their prize released.

Frequently, the scammer will send a counterfeit check (normally official, or cashier type) for their intended victim (winner) to cash. Eventually, the counterfeit check is discovered and the lottery winner is left hold the bag. Besides, financial consequences, (if I am to believe people reading this blog), cashing these items can cause someone to get arrested, also.

Unfortunately, the crooks behind these scams are normally safe in another country and rarely (if ever) get caught.

For a more detailed explanation on how these scams work (the lottery variety is one mutation of them), I did a post:

Counterfeit Cashier's Checks Fuel Internet Crime

A lot of the spam deploying these scams is facilitated using botnets (groups of zombie computers) that were taken over after another unfortunate Internet user opened an attachment in a spam e-mail, they probably shouldn't have.

Here is a post, I did at the beginning of the year describing this problem (getting worse all the time):

2006 was the Year of Internet Crime - 2007 is predicted to be even worse

Here is the e-mail I received (complete with all the bad grammar and spelling mistakes). Bad grammar and spelling mistakes are common in these e-mail lures.

Another clue is always the instruction not to tell anyone they are a winner.
Subject:ISP Nomination/Email Award.
Date:Wed, 4 Apr 2007 17:53:07 +0200 (CEST)

Congratulations to you as we bring to your notice, the results of the First Category draws of E-MAIL LOTTERY organised by GOOGLE INT. We are happy to inform you that you have emerged a winner under the First Category, which is part of our promotional draws. The draws were held on 30th of March 2007 and results are being officially announced today 4th of April 2007. Participants were selected through a computer ballot system drawn from 5,500,000 email addresses of individuals and companies from Africa, America, Asia, Australia, Europe, Middle East, and Oceania as part of our International Promotions Program. Your e-mail address, attached to ticket number 675432890044/376, with serial number 2200-33 drew the lucky numbers 1-0-11-44-03-22 and consequently won in the First Category. You have therefore been awarded a lump sum pay out of One million (1,000,000.00) euros, which is the winning payout for Category A winners. This is from the total prize money from 1,500,000 euros shared among the 2 winners in this category. Your fund is now deposited with the paying Bank. In your best interest to avoid mix up of numbers and names of any kind, we request that you keep the entire details of your award strictly from public notice until the process of transferring your claims has been completed, and your funds remitted to your account. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants / non participants of this program. Please contact your claims agent immediately for due processing and remittance of your prize money to a designated account of your choice:To file for your claim, please contact the CLAIMS agent.

Mr.Windy Smith.Cable Trust AgencyEmail:
addresses and telephone numbers removed)
Academias53,11269 Athens

You are advised to contact the agents by Email address.

NOTE: For easy reference and identification, find below your reference and Batch numbers.

Remember to quote these numbers in every one of your
correspondence with your claims agent.
NO: 33/904/G3K. Congratulations once again from all our staff and thank you for
being part of our promotions program.

Sincerely Yours,

Nelson Beilean.


Is tax fraud being enabled by too many dishonest preparers?

In February, I wrote about fraudulent tax returns being filed using forged W-2s.

Another story recently surfaced from the SF Bay area, where Jackson Hewitt preparers were complaining this seasonal type of fraud is getting out of control.

Kate Williamson (Examiner) wrote:

If successful, the fraud allows tax cheats to receive thousands of dollars, either from the federal government or from companies making tax refund anticipation loans. It is sometimes coupled with identity theft, which can create problems for law-abiding citizens when they go to file their own taxes.
Kate Williamson article, here.

Interestingly enough, Jackson Hewitt preparers were quoted for this story and in another story - a lot of Jackson Hewitt franchises are being taken to task by the Justice Department for (allegedly) committing tax fraud, themselves.

The AP (courtesy of CNN) is reporting:

The franchises were either totally or partially owned by Farrukh Sohail, the Justice Department said, and involved "a pervasive and massive series of tax-fraud schemes," according to court filings.

Sohail and other defendants "created, directed, fostered, and maintained a business environment" at the Jackson Hewitt franchises "in which fraudulent tax return preparation is encouraged and flourishes," according to court documents.

Employees were encouraged to ignore telltale signs of fraudulent information and to file claims even when it was obvious customers were using fake W-2 forms or false

A sample of returns prepared by franchises connected to Sohail found 31 percent contained false information such as phony earned income tax credit claims, bogus deductions and fraudulent W-2 forms.
AP story, here.

Dishonest tax preparers and people using forged W-2 forms is nothing new. In the past couple of years, there were even stories about this being done by prisoners. W-2 blanks are easily purchased at office supply stores, or over the Internet.

This phenomenon is probably being enabled by large payouts for what is known as the earned income tax credit and a huge business in refund anticipation loans. Refund anticipation loans often carry a triple digit interest rate, when considering the term (normally less than a month).

The AP article states that the dishonest franchises cost the government $70 million and this represents about 2 percent of Jackson Hewitt's business.

Some believe, the huge business in refund anticipation loans, has been inspired by the large dollar refunds lower income people get based on the earned income tax credit.

Currently, our tax gap (yearly difference between what is taken in and paid out) is 354 billion, according to the AP article.

Maybe, we need a better way to verify that W-2s are legitimate?

We can all help the IRS if we suspect tax fraud by reporting it, here.

Someone is going to say, we spend too much time going after the poor (people filing for earned income tax credits). Before they do, I would like to point out that in the instance cited, the Justice Department seems to be going after an "enabler" (Jackson Hewitt).

With our resources coming up $354 billion short every year, we can't afford to keep looking the other way on issues, such as these. The result will be more taxes to pay for needed government services.

Another problem is that a lot of the criminals doing this are using other people's information (identity theft). A lot of people are filing their taxes - only to discover someone else has already gotten a refund using their name.

From what I hear, this can be pretty hard and (painful) to clean up, once it occurs.

Of course, this isn't the only type of tax fraud being committed. A great place to learn all about the various schemes is, which can be read by linking, here.

Tuesday, April 03, 2007

Will law suits stop Spam Kings?

Spam is a vehicle for a lot of deceptive (false) advertising and financial crimes when phishing schemes are deployed using them.

Here is an announcement that MySpace is going after a Sanford Wallace (described as a spam king) with a civil action.

From the Business wire release:
MySpace announced today that it filed suit against Sanford Wallace for violations of state and federal laws including the CAN-SPAM Act and California's anti-spam and anti-phishing statutes. The suit, filed in United States District Court in Los Angeles on Friday, seeks a permanent injunction barring Wallace and his affiliated companies from the MySpace site in addition to unspecified monetary damages.

Full release, with other MySpace actions (commendable), here.

With each release of their statistics, the Anti Phishing Working Group seems to report that phishing and spam are breaking new records.

It would be nice to see governments (which manage law enforcement resources) take some of these cases for investigation and (if warranted) file criminal charges, also.

I'm not sure if forcing spam kings to pay fines is a very effective deterrent. They are liable to view it as a "cost of doing business." Perhaps if a few of them lost their freedom, the statistics (growing all the time) might start to go down.

Statistics are numbers, but they relate to real people being victimized by this activity.