Sunday, September 30, 2007

Mysterious Gap vendor loses laptops with 800,000 people's information on it


(Banana Republic photo courtesy of Paul Rene at Flickr)

Gotta love the latest data breach at the Gap. First of all, it involves laptops stolen -- then it is disclosed that the information, which includes everything needed to complete a full identity assumption -- wasn't even encrypted.

Stolen laptops compromising a lot of people's information isn't a new twist in the world of data breaches. Given this, it's amazing that this rather personal information wasn't even encrypted.

This doesn't even take into consideration -- that although they knew about it since September 19th, they waited ten days to announce it -- and then do so on a Friday. TJX made their announcement of their intent to settle the class action law suits resulting from their data breach last Friday.

Strange how these disclosures always seem to happen right before the weekend?

Moving on, the GAP and their vendor (Taleo Corp) -- who runs the job site, where all this information was data mined -- are pointing their fingers at a mysterious third-party vendor, who neither of them will name.

They are offering the now standard free credit monitoring, and their official statement is THAT it's against the Gap's policy to store information on unencrypted laptops. AND OF COURSE, they also have no reason to believe this information is being used.

As I've written many times before, the irresponsible passing (frequently for profit) of people's personal and financial information is what makes it TOO EASY for criminals to steal it.

When the information is passed to several different places, it gives all the people passing it, plausible deniability that they were NOT the point of compromise when a person becomes an identity theft victim.

Last I heard, the criminals stealing the information don't want to let anyone know where they are getting it, either!

Recently Monster.com was compromised for a lot of applicant information, also. Here is the post, I did on that:

Monster.com might be sending you a letter that your information was compromised

Job applicant information seems to be a hot commodity for thieves lately.

If you have applied for employment at Old Navy, Banana Republic, or the GAP you can call 1-866-237-4007 to see if you might have a problem. The GAP has set up a website to assist those, who might have been affected by this latest data breach.

Now that I'm finished ranting, it would be unfair to blame the GAP for all the data breaches that hit the news too frequently. Data breaches are expensive for the company that was breached, bad publicity and they put a lot of people at risk.

As I write this, I can almost bet there is another company being targeted for information. The million dollar questions is -- what are they doing to make sure they aren't the subject of next week's data breach?

Hopefully, I won't find out who I am talking about next Friday night!

AP story about this (courtesy of the LA Times), here.

More updated version of the story by Robert McMillan (PC World) courtesy of the Washington Post, here.

The Privacy Rights Clearinghouse documents data breaches, if you take a look at their chronology, you will see that information being compromised by someone stealing a laptop is nothing new.

Saturday, September 29, 2007

Tools to verify those too good to be true financial instruments you got in the mail


(Counterfeit check picture courtesy of cknlomein at Flickr)

There are a record amount of counterfeit cashier's checks, official checks, money orders, travelers and gift cheques in circulation. This is an attempt to pass on information that the average person can use to tell IF the item is real or a counterfeit (fake).

As a disclaimer -- this is only a guide and if you deposit or cash items from people you don't know -- you do so at your own risk. The quality of these items is getting better all the time.

I’ve put together a list of the known counterfeit items in circulation, along with the current telephone numbers to verify them. You will probably receive these items after being lured with a (too good to be true) get rich quick scheme that doesn't make very much sense.

The best method to verify an item is to go to the maker, or issuer of the check (cheque). They probably will know if they issued it. The key here is to make sure you are speaking with the real issuer (maker) of the item.

Never trust a number provided on the instrument, fake telephone numbers are sometimes set up that will even verify in 411 (information).

Simply stated, as long as the communication companies think they are being paid, setting up a fake number is no problem. We are seeing fake numbers set up by scammers pretty frequently.

Since these numbers are often set up in 411 (information) rather easily, I recommend using Phonevalidator.com. This site provides a service that shows if a number belongs to a cell, or a land line. It also provides telephone directory and Google results for the number queried.

Quite often, fake numbers set-up to verify checks are cell phones.

The Internet is a good way to find the true issuer (maker) of an item. The key is to make sure you are visiting a legitimate site.

Fake websites (especially those pretending to be financial institutions) are a growing problem, also. An easy way to check if a site is legitimate is by using TrustWatch, which verifies whether a site is known (trusted) or not.

If you are interested in taking a look at some fake sites, claiming to be financial institutions the Artists Against 419 has some great examples of them on their site.

A common denominator in most of the scams is that there will be a request to send the proceeds, minus your paltry cut (normally via wire transfer) back to the person sending you the instruments. That is (unless) they are buying goods from you. In this case, your property is what they want you to send to them.

Some of these lures include, but aren't limited to (new lures surface frequently), secret shopper, romance, lottery, work-at-home and auction scams.

The National Consumers League recently set up a site (fakechecks.org), which is a great reference on Internet scams involving checks (complete with visual presentations), here.

So far as auction scams, eBay will no longer offer any protection for paper financial instruments on their site.

Here are some of the known items being counterfeited in large quantities and literally circulating worldwide:

Visa Travelers Cheques: 1-800-227-6811.

MoneyGram Money Orders (counterfeits may still use the old Travelers Express logo): 1-800-542-3590.

US Postal Money Orders: 1-877-876-2455 (mail fraud) option 4, then go to option 2.

American Express Gift and Travelers Cheques: 1-800-221-7282.


FDIC Alerts on the counterfeit cashier's and official checks in circulation, here. There is a feature that allows you to search them. I would try it by using the name of the institution.

Counterfeit cashier's and official checks change almost daily. The counterfeiters use legitimate account numbers and convincing looking check stock that will verify in most automated telephone verification systems.

It's probably good advice to never trust an automated system. In the case of a counterfeit, real ABA/account numbers are used by the counterfeiters. Because the information is real, they get past an automated verification system fairly easily. If you really want to know and believe an item is a counterfeit, ask to speak to a live person, preferably in the fraud department.

If you are dealing with a suspected counterfeit cashier's, or official check, I highly recommend reading a post I collaborated on with Tom Fragala (CEO of Truston Identity Theft Protection Services):

Counterfeit Cashier's Checks Fuel Internet Crime

Bank employees sometimes verify counterfeit instruments as legitimate. In some instances, especially at a teller window, they have been mistaken. If this occurs, you will be notified days later and the bank will take no responsibility.

Even more alarming, I have talked to and get comments/e-mails from people all the time who are getting arrested after trying to negotiate these items.

Here is what I wrote about this growing phenomenon in a previous post, along with my personal speculation as to why this is happening more frequently:
When the check is discovered to be fraudulent, anywhere from right on the spot to about ten days later the person passing the item is left holding the bag. This can translate into a loss of their freedom (getting arrested), being held financially liable, or a combination of both these consequences.
The real victims can probably blame this new phenomenon on all the criminals, who are pretending to be victims and then cashing the items themselves. Here is how I described this in a recent post, where an International task force discovered millions of dollars (face value) of these items destined to be shipped, worldwide:

A new trend has been noted called reverse-scamming, also. This occurs when scammers have the bogus instruments sent to them, cash them and then never follow the instructions to wire the money.

If confronted, these reverse scammers will normally claim to be victims. A key way to pick out a reverse scammer is that, in most instances they forget to wire the money back to the scammer that sent them the counterfeit instrument.

Thursday, September 27, 2007

eBay responds to the alleged Vladuz hacking incident

eBay is responding to the latest (alleged) attack on their site by Vladuz by confirming that the account information was valid, however the credit card numbers were not.

Here is what the Chatter (eBay's blog team) has to say regarding their investigation:

I've been in touch with our operations and security teams, and I have more information I can share with you about yesterday's incident on the Trust & Safety discussion forum. In brief, very early yesterday morning, a fraudster posted contact information and alleged credit card numbers for about 1,200 members on our Trust & Safety discussion forum on eBay.com.

While the issue was very unfortunate, it was clearly falsified to cause public concern. Early on eBay's teams verified that the credit card "data" did not match anything on file for these members on eBay or PayPal. After more investigation, including phone conversations with many of the members, it appears that these numbers were not valid at all.

Each of these accounts was the victim of an Account Take Over, most likely through a successful phishing campaign. eBay has been in contact by phone with many of these members, and there is a My Messages email going out to impacted accounts to further our reach.

1200 successful account-takeovers is a fairly large asset for a criminal to part with, even if the credit card numbers were no good. In the hand of the wrong people, 1200 eBay and PayPal accounts can be used to commit a lot of crime.

Here is a description of how account-takeovers are sometimes used from my original post on this latest incident:

Account-takeovers enable criminals to scam others, using someone else's information. They can also be used to fence (sell) stolen merchandise with a high degree of anonymity. It should also be noted that stolen payment (credit/debit) card details are often used to purchase the merchandise, which is then fenced.

To cover their tracks, the scammers often dupe people into laundering the proceeds of these sales in work-at-home (job) scams and wiring the money, normally across a border.


Although eBay is stating that the credit card numbers in this case were no good, they are for sale, along with account-takeover information on the Internet. Because this information is sold over the Internet, the criminals are able to buy and sell this information (globally) without ever actually meeting each other in person.

As I stated in my earlier post, phishing is a method, where a lot of personal and financial information is stolen, also.

Thus far, all anyone can do is speculate as to how the accounts were compromised. It will be interesting to see if anyone gets to the bottom of what actually occurred.

The Anti-Phishing Working Group tracks phishing activity and many experts claim that eBay and PayPal are the most frequently phished brands. They also have some excellent information on how to avoid being a victim and what to do if you think you've become one.

Auction fraud doesn't only occur on eBay and can happen on any of the auction sites out there. The criminals behind this activity tend to go after what is the most popular, which probably has more to do with why they target eBay than anything else.

If you get phishy e-mails that ask you to provide your eBay, or PayPal account numbers, the Chatter recommends you report them to spoof@ebay.com or spoof@paypal.com. They also recommend to go to their Security & Resolution Center if you encounter a problem.

Another place to report phishy e-mails is CastleCop's PIRT Phishing Incident Reporting and Termination Squad. Please note you can also report this activity on the Anti-Phishing Working Group's site, also.

Reporting a phishing attempt might prevent someone else from becoming a victim. Sadly enough, if you have an e-mail address, you probably see phishing attempts on a daily basis.

Post from the Chatter, here.

Wednesday, September 26, 2007

Video shows mock cyber attack on power grid

Ted Bridis and Eileen Sullivan of the AP are reporting about a video, which shows how a cyber attack might shut down our utilities.

From the AP article (courtesy of the Washington Post):

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

Although, this attack never took place, the article quotes goverment sources as saying:

President Bush's top telecommunications advisers concluded years ago that an organization such as a foreign intelligence service or a well-funded terror group "could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation." Ominously, the Idaho National Laboratory _ which produced the new video _ has described the risk as "the invisible threat."
Experts said the affected systems were not developed with security in mind.

Now for the good news:

The Homeland Security Department has been working with industries, especially electrical and nuclear companies, to enhance security measures. The electric industry is still working on their internal assessments and plans, but the nuclear sector has implemented its security measures at all its plants, the government said.

In July the Federal Energy Regulatory Commission proposed a set of standards to help protect the country's bulk electric power supply system from cyber attacks. These standards would require certain users, owners and operators of power grids to establish plans and controls.
The bad news, not mentioned in this article, is that some say foreign nations (China in particular) routinely attempt to hack into government systems.

Previous posts, I've written about alleged hacking attempts from China can be seen, here.

Of course, the Chinese government denies this is the case!

AP Story, courtesy of the Washington Post, here.

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?


(Picture courtesy of Yahoo Group, eBay_scamkillers)

There is a lot of speculation that eBay was hacked once again, and that Vladuz might be behind the latest episode.

Vladuz, who takes his name from a famous Romanian prince, Vlad Tepes, has plagued eBay with a string of hacking attacks in the past. Vlad Tepes was the inspiration for the novel, Dracula. In Internet folklore, Romanian scammers are often referred to as "Vlads."

Of course, eBay is denying that they were actually hacked. I'll let the reader form their own opinion.

Auction Bytes (Ina Steiner) is reporting:

eBay closed its Trust & Safety discussion board for hours on Tuesday after threads began appearing listing the names and addresses of eBay members. eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers." The credit card information that was published alongside 1,200 names, User IDs and addresses were not associated with the financial information on file for those users at eBay or PayPal, Sharpe said.

Unfortunately, with the amount of account-takeovers caused by Phishing, eBay can suggest other ways the information might have been stolen. Phishing is where users are tricked into giving up their personal details, or downloading malware (crimeware), which steals it right off their hard drive.

I don't know which is worse, that they were hacked in this incident, or that all this information was compromised a long time ago? If it were compromised a long time ago, as eBay states, how much more compromised eBay information is out there?

The Cappnonymous Buds Blog has put together a pretty visual demonstration that makes a pretty good argument that eBay was hacked.

Account-takeovers enable criminals to scam others, using someone else's information. They can also be used to fence (sell) stolen merchandise with a high degree of anonymity.

It should also be noted that stolen payment(credit/debit) card details are often used to purchase the merchandise, which is then fenced.

To cover their tracks, the scammers often dupe people into laundering the proceeds of these sales in work-at-home (job) scams and wiring the money, normally across a border.

Whether Vladuz is behind this latest attack remains to be seen. But the fact remains, that there is a lot of fairly organized crime targeting eBay (my opinion) and other auction sites, on a daily basis.

Previous posts, I've written about eBay and auction fraud can be read, here.

In case anyone is interested in the graphic photo at the top, here is a post I did about a Yahoo Group that call themselves the eBay_scamkillers.

They are an all volunteer group, many of whom have impressive credentials, that are responsible for putting a lot of eBay scammers, where the sun don't shine (prison).

Monday, September 24, 2007

Trans Union and Equifax will offer a nationwide credit freeze at a cost

It appears that both Trans Union and Equifax will be offering consumers the ability to freeze their credit, albeit for what some consider too much money. Thus far, Experian remains undecided, whether or not, they will follow suit.

Martin Bosworth (Consumer Affairs) put together a nice read, which explains the new service being offered by two of the three (major) credit bureaus:

In a surprise reversal and a major win for consumers, the Trans Union credit bureau announced that it would offer consumers the ability to "freeze" their credit files in all 50 states in order to protect themselves against identity theft and fraud.

The service will be available in the 11 states that do not already have credit-freeze laws, costing consumers $10 to set the freeze and $10 to unlock it, and will "meet or exceed the requirements" of states with existing freeze laws.

Perhaps, the credit bureaus are giving into laws already enacted in a lot of States, and have decided to make a some revenue on what is quickly becoming mandatory? More from Martin's article:

Thirty-nine states and the District of Columbia already have laws in place enabling consumers to freeze their credit, with varying rules and costs for usage. The credit and financial industries have aggressively lobbied against credit freeze laws, claiming they would reduce the availability of credit and discourage shoppers from making big-ticket purchases due to the time spent unlocking a credit account.

Efforts by the credit industry to push weaker national credit protection laws that would preempt state law stalled out in Congress. States such as Utah have passed laws enabling citizens to freeze and unfreeze their credit accounts in as little as 15 minutes.

Martin quoted one of his counterparts at Consumer Affairs, Gail Hillebrand as bringing up a very valid (my opinion) point:

If the bureaus have the technical means to enable instant locking and unlocking of credit, they should not be charging high fees to use a service that can be turned on and off in minutes.

After all -- there are many who believe, the credit bureaus, who make a lot of money by selling the information they compile -- are partially to blame for enabling what has become a major concern (identity theft).

Although this is progress, I would much rather see effective laws passed in all 50 states, or a "consumer friendly" one passed in Congress.

Excellent read from Martin, here.

Here is a previous post, I did regarding personal information being sold by credit bureaus:

How does a telemarketer get your unlisted number?

Update: Experian joined ranks and is offering this service now, also. Washington Post article on this, here.

Sunday, September 23, 2007

TJX class action settlement only addresses about one percent of the total people compromised

Friday evening, MarketWatch announced that TJX -- who suffered a data breach compromising over 45 million of their customers --has agreed to settle the class action lawsuits that were filed against them after the data breach was disclosed.

The class action lawsuits referred to were filed in both the United States and Canada.

Since most of the financial losses have been incurred by financial institutions -- who had to reissue the compromised cards and settle the fraud claims -- this settlement appears to primarily address the customers compromised by the breach of TJX's refund database.

This would amount to about 455,000 people, or one percent of the total number of people compromised.

Another issue that is still pending is how information is stored, and who will be responsible for paying for the administrative costs arising from data breaches in the future. Consumers Union is pushing that one of these bills, already passed in California, be signed into law. Minnesota has already passed legislation that addresses this.

MarketWatch reports:
Under the settlement, which is subject to court approval, TJX will offer three years of credit monitoring and identity theft insurance to customers who returned merchandise without a receipt and to whom the company sent letters reporting that their driver's licenses or other identifying information may have been compromised.

TJX will also reimburse the customers for documented costs of certain license replacements and certain losses from identity theft if identification numbers compromised were the same as their Social Security numbers.

The company will hold a one-time three-day customer appreciation event, in 2008 or later, at which prices will be reduced by 15%.
One thing that concerns me is that the settlement offer states that one of the requirements to receive compensation will be that the identification number compromised has to match their Social Security number.

I guess that TJX and their affiliates don't want to address the rising phenomenon of synthetic identity theft? When synthetic identity theft is committed different parts of a persons identity are crafted to create a new one.

Stephen Coggeshell of ID Analytics was recently quoted as saying:
Five years ago, this crime was hardly seen. Eighty-five to 90 percent of identity fraud is really this synthetic ID fraud, as opposed to the true name identity theft.
Just because the identity and the Social Security number were not compromised together doesn't assure that that the person involved will not become a victim.

This led me to wonder how many Social Security numbers could have been compromised? The answer was right on a FAQ sheet on the TJX site:
We do not receive or store customer social security numbers per se. However, the drivers' license or military ID numbers customers provide us in unreceipted merchandise return transactions are, in some cases and in some states, the same numbers as their social security numbers. We are writing directly to customers we were able to specifically identify whose drivers' license, military or state ID numbers, together with their names and addresses, were found in the information believed compromised and identifying where we believe those numbers may be social security numbers.

Laws have been passed that prohibit the practice of placing Social Security numbers on identification documents.

In the identity theft world -- which is what the concern about this data breach is all about, when a SSN or SIN (in Canada) is compromised -- the criminal compromising the information has all the information necessary to complete a full identity assumption.

In the dark world of Internet forums that sell this information, a complete identity (SSN, or SIN included) is often referred to as a "full." The complete information on a person is simply worth a little more money to the criminals purchasing it.

Retail criminals, who causes billions in losses a year, often refund the merchandise to launder the proceeds of their efforts into cash. This was the very reason -- most retailers implemented databases to track the information of people, who show up at refund desks -- a little too frequently.

With the increasing availability of fake identification and bogus financial instruments -- already being used at retailers to steal merchandise, with a focus on high-value items that are locked up -- it's likely that a lot of the information in these databases isn't completely accurate.

I would guess that the same people, using the bogus financial instruments, purchase the merchandise with them and then head to the refund counter.

So far as the TJX offer to settle this portion of their liability, it still has to be accepted by the court. Of even greater importance is that retailers need to take a hard look at how these refund databases are protected -- and -- whether or not, they are as effective in stopping refund fraud as they used to be.

For more information on the issue of using Social Security numbers on identification documents, the Privacy Rights Clearinghouse has a document, here.

The University of California submitted an interesting document to the Federal Trade Commission on the subject of synthetic identity theft, which can be seen, here.

Last, but not least, Tom Fragala at Truston put together a pretty neat blog post with a lot of references about synthetic identity theft, here.

Saturday, September 22, 2007

Lawyers conned in job scam on CraigsList

Quite often, fraud victims don't want to go public with what happened to them. In my limited experience, this can be especially true -- when dealing with victims -- who hold prestigious credentials.

Fortunately, not all of them remain silent, and by speaking out, they protect others from becoming victims of the same thing that happened to them.

Here is a story by Arin Greenwood, an attorney -- who was the victim of what seems to be one of the more sophisticated job scams -- I've read about:

This is the story in which you learn how a graduate of Columbia Law School—that’s me—and almost 80 other people, who really should have known better, got suckered into giving away all our personal details as well as up to two months of our lives for “jobs” that never actually existed. And then you learn why it all happened the way it did.

How I Got Involved With The Scam

An intriguing Craigslist job ad turned up on June 21 of this year at a time when I was feeling particularly bleak. I had spent the better part of that morning losing at online Scrabble and wondering if I had enough money to get a small falafel for lunch.
Apparently -- Arin wasn't the only highly educated person taken in on this pretty elaborate job scam, which originated, where a lot of job scams do -- on Craigslist:

This lack of information was disquieting, but the Global Speculator team was reassuring: lawyers, researchers, writers, computer programmers, designers, administrators, executive assistants, and the one mathematician named Kermit, some of whom had been working since early June, when I first saw the Craigslist ad. And I trusted the wisdom of the group: There were almost 80 people working on this project. That is a lot of people, too many for everyone to be as silly and desperate as me. Surely someone in the group had a good reason to be there, and I thought I’d ride along on their coattails. Plus, one of my new co-workers was, it turned out, someone I’d worked with on Saipan, and I marveled at this reassuring coincidence; I knew this guy was smart, and if he was willing to believe that this was a legitimate enterprise then perhaps it really was. Unfortunately, I think he might have applied some of that reasoning to me.
In the end, no one is really certain what the intent was in committing this scam. If anyone wants to speculate, feel free to leave a comment at the bottom of this post.

One of the speculations made from several of the people (who were scammed) was that this was part of an elaborate fraudulent investment scheme.

Arin Greenwood's story (courtesy of the Washington City Paper), here.

Michael Webster -- a noted attorney in Toronto, I've written about in the past -- writes about the importance of performing due diligence when making an investment. In this case, the people scammed certainly invested a lot of their expert time.

He has a very interesting and educational website that covers "due diligence," which I highly recommend reading.

Investment scams can be highly complex and the scammers can often appear to be pretty influential. Right now -- there is a lot of furor, over a person by the name of Norman Hsu -- who allegedly ran some pretty high dollar investment scams. The reason for all the furor is Mr. Hsu was making large political contributions to certain candidates.

Michael wrote an interesting article about the Norman Hsu phenomenon, here.

On a closing note, Arin should be commended for writing about what happened to her. Too many victims of fraud would prefer not to say anything about it -- and when they don't -- they make it easier for the fraudsters behind the schemes to continue victimizing people.

Awareness and communication are the probably the most effective tool against fraud.

Job scams are becoming more and more common, another good resource to learn more about this problem is at the World Privacy Forum's job scam page.

Thursday, September 20, 2007

DIY (do it yourself) crimeware kits designed to steal personal information are for sale on eBay

Do it yourself (DIY) crimeware kits being sold on the Internet make it easy for non-technical criminals to commit fairly sophisticated (technical) crimes.

DIY crimeware kits have been credited with fueling the information (identity) theft crisis.

Ran into this interesting post on Cappnonymous (The Modern Day Beatnik Refuses to Die), which quotes a press release from PC Tools about crimeware for sale on eBay. The original press release from PC Tools points to eBay links, which have been deactivated.

Fortunately for those of us, who might be interested in taking a look at this, Cappnonymous was able to recreate a visual demonstration (screenshots) showing this illicit software being sold on eBay.

From the original press release from PC Tools:

Online auction site, eBay, is unwittingly selling software that is used to hack eBay user accounts and steal personal information, according to research from online security experts PC Tools.

A number of software items for sale on the world’s leading online auction site contain a variety of programs including keyloggers, trojans and other malware making devices that are aimed at helping users hack computers, websites and even individual user accounts.
The release quotes Mike Greene, VP Product Strategy at PC Tools as saying:

It is ironic that something intended ultimately to steal a consumer’s identification and financial information is being sold via what is one of the world’s number one targets for the ID theft.
Cappnonymous added his own sage comment:

Note a couple of the hilarities such as payment via Paypal and the Square Trade seal.

The seller’s feedback is 100%, so he/she must have some very happy buyers.

Cappnonymous post, which contains an excellent visual demonstration of this problem, here.

Although, eBay is frequently the subject of fraud articles, I'd like to point out that tools to commit cybercrime might be for sale on a variety of auction sites.

They are also being sold in a lot of other places on the Internet. Because the sellers are motivated to sell as many of them as they can, they will migrate to the best places to market their seedy products.

Some of them even provide technical support.

The Anti Phishing Working Group issued a detailed report last October regarding this problem, which can be seen, here.

Wednesday, September 19, 2007

Sophisticated Russian check fraudsters arrested in Fresno

Eastern European organized crime, particularly that of the Russian variety, has become a huge problem, worldwide.

On September 18th, six people of Russian origin got caught in what appears to be a pretty large check scam. The press and Fresno PD can only speculate, whether or not, the people arrested were organized criminals. I'll let the reader come to their own conclusion.

Nonetheless, the story reflects what many consider a growing trend in criminal activity becoming more organized.

CBS 47 in Fresno is reporting:

Fresno Police said ten people were involved in this very complex case involving multiple schemes. In one of the scams they would allow someone else to write check on their account.

They would then go back to the originating bank and claim someone had stolen their checks and was writing illegitimate checks. The bank would then refund their money and the suspects would essentially double their funds. They would even file police reports to make it look legitimate.

The case took Fresno Police more than a year to sort out. It appears the group was involved in hundreds of cons and scams.
The reason only six of the ten were arrested is that four of them fled the country.

CBS 47 story, here.

Organized criminal activity has become a huge problem in recent years. In California, where this occurred, the Attorney General issued a pretty extensive report detailing the problem, here.

The amount of known groups in the activity (not only Eastern Europeans) is getting out of control (my opinion).

I've also written a few things about organized crime, primarily from a financial crimes perspective, which anyone can read (if they're interested), here.

Saturday, September 15, 2007

Another 6.3 million people's information stolen at Ameritrade

According to the AP, Ameritrade is reporting that someone hacked into their systems and made off with 6.3 million people's information:
Online brokerage TD Ameritrade Holding Corp. said Friday one of its databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken.

The company would not share many details of its investigation, including when the hack took place, because it is still looking into the theft and cooperating with investigators from the FBI, Securities and Exchange Commission, Financial Industry Regulatory Authority and local authorities.
Allegedly, Ameritrade has known about this for awhile and it might have been the threat of legal action, which prompted them to come forward now:

But Ameritrade has known about the problem at least since late May when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade.

The data on Ameritrade's servers may have been vulnerable for an extended period of time dating back at least to last October, according to the lawsuit filed by lawyer Scott A. Kamber. The company said Friday the problem had recently been fixed.

The plaintiffs in the lawsuit had wanted the court to order Ameritrade to tell its customers about the data problem, but Ameritrade issued its release before a hearing could be held. The plaintiffs are also seeking damages and are trying to qualify as a class-action lawsuit.

"They preferred putting out a press release with their own language in it rather than have the court order them to put out a release with our language," Kamber said.
While maintaining confidentiality in an investigation is sometimes necessary, you would think that someone might want to warn the 6.3 million people, who were affected by this?

They might want to start monitoring their finances, carefully.

In addition to this, the stated need for confidentiality is coming from Ameritrade and not a law enforcement source involved in the investigation. The claim that a federal hearing might have forced disclosure might make some wonder about the credibility of what is being said, also.

The verbiage used in the Ameritrade press release states that social security numbers don't "appear" to have been taken is a little scary, also. Does this mean that they aren't sure?

Why would a hacker only take contact information, when social security and dates of birth were available in the same database, also?

My guess is that dates of birth and social security numbers would make the information more valuable to the hackers, who compromised the system.

The press release does state that account numbers and passwords were in a different database, and were not compromised.

Security and identity theft experts are speculating that the information taken could be used to phish for additional information, which then could be to commit identity theft. Phishing is where an e-mail from an official looking, but spoofed (impersonated) source tricks someone into giving up sensitive information.

Tricking people into giving up their information is also known as, social engineering.

Crimeware might also be used to steal the additional information. Once downloaded crimeware, steals information from a system automatically, normally using keylogging software. Crimeware can be picked up by clicking on the link of a phishy e-mail.

According to the Anti-Phishing Working Group, who studies this carefully has reported crimeware use is on the rise. One of the reasons for the rise in crimeware is that DIY (do-it-yourself) kits are being sold on the black market. This allows less sophisticated criminals to get into the game.

The CNet version of the story, quotes Graham Cluley (Sophos) as speculating how Ameritrade's system was probably compromised:
"There are only two different ways this could have happened. There was either a vulnerability with their Web site and it was hacked, or someone internally gained access with a Trojan horse."
Ameritrade has hired ID Analytics, Inc. to monitor what is going on and determine if any identity theft occurs out of all of this.

They are also providing additional information on their site about this unfortunate event for their customers.

The TJX data breach, which compromised over 45 million people, has caused a lot of uproar about how data breaches should be handled and who should pay for them.

Class action law suits are being brought forth and legislation is being introduced to determine, who pays for all the damage, when a data breach occurs.

This is becoming extremely costly for the companies being breached. The last report I saw about the cost incurred so far by TJX is $256 million. The sad thing is that I doubt this is the final figure.

Legislation in California is awaiting Arnold Schwarzenegger's signature, which will require retailers to reimburse financial institutions for the cost of fixing breached financial data. Interestingly enough -- in this data breach and the last major one, I've written about (Certegy) -- the data was not stolen from a retailer.

The Privacy Rights Clearinghouse, PogoWasRight and Attrition.org all compile information on data breaches, which happen so frequently, they are becoming almost "too routine" news events.

If anyone, who was has been affected by a data breach wants independent advice on what to do if you become an identity theft victim, the Privacy Rights Clearinghouse has a very informative page about this, here.

AP story by Josh Funk, here.

Internet crime victims report counterfeit American Express gift cheques being sent to them!


Scam (too good to be true) lure courtesy of miriyaparino at Flickr.

Counterfeit checks like all the ones recently discovered by an International law enforcement team being sent from Nigeria aren't the only bogus financial instruments being sent all over the world.

In this recent effort against this activity, over 15,000 counterfeit instruments were discovered in a months time.

For the past couple of weeks, I've received a lot of e-mail and blog comments from people receiving counterfeit American Express gift cheques in the mail with instructions to cash them and wire the proceeds (minus a paltry commission) back to the sender (scammer).

The reason for all the e-mails and comments are because of previous posts, I've written about these counterfeit financial instruments.

Other than having their financial world ruined, there are reports of people getting arrested after trying to pass some of these instruments. One victim recently wrote me after discovering she had been scammed -- and told me that when she tried to report her problems to the authorities, they advised her to seek legal advice before proceeding -- or she might be charged with money laundering.

The American Express gift cheques can be verified by calling 1-800-525-7641.

Counterfeit MoneyGram and U.S. Postal money orders are still also being sent to people as payment for goods, or in too good to be true lures that are nothing more than a scam.

A lot of these bogus financial instuments come from work-at-home scams, secret shopper, romance, lottery and auction scams. New varieties of these scams appear from time to time, but the common denominator in any advance fee (419) scam is that it is too good to be true and it makes little, to no sense.

Another common denominator in most of these scams is that they will try to get you to wire money. Here is what I wrote about this in a previous post:
The fraudsters want you to cash these counterfeit gift cheques and send (normally wire) the money back to them. When they are discovered to be fraudulent -- you end up taking the "rap" for the scammer and they disappear in an "electronic mist."
If you've received any of these items in the mail, I've compiled a lot of information on how to identify them and report them to the right people, here.

Another development being seen is that real scammers are getting their hands on these instruments, who have no intention of wiring any money, anywhere. In effect, they are scamming the scammers. This makes it a lot harder to figure out, whether or not, a person is a victim or a scammer. Maybe this is one of the reasons more people are getting arrested?

Of course, if the victim never wired the money, they are probably lining their own pockets (my opinion).

The bottom line is that falling, or getting involved in one of these scams can cause you a lot of financial pain and suffering and you might even get into worse trouble.

Friday, September 14, 2007

Attacks on scam fighting sites prove that they are making an impact against Internet crime!

Just got a comment on my post, Anti scammers under attack by Storm botnet from the folks at Artists Against 419 stating that their site is back up after being under a DDOS (Distributed Denial of Service) attack.

After seeing this, I ran into a good article covering the recent attacks on anti-scam sites by Erik Larkin at PC World (courtesy of InfoWorld). In the article, Eric quoted Paul Laudanski as saying:
"The criminals are in it for the money," he says. "It's a huge business for them. [But] we're in it for the feeling that we get being on the side of right."

So this assault shows that "these sites are definitely doing something right," he says, "because we've got the attention of these scammers. It gives us greater resolve."

PC World story, here.

CastleCops is a great place to learn about the sometimes murky waters of the Internet. CastleCops also runs (PIRT)-The Phishing Incident Reporting and Termination Squad, where volunteers report and take out the bad guys, who make life on the Internet a pain for the rest of us. They are always looking for volunteers to help then fry phish called "handlers," and people, who are willing to forward their phishy e-mails to them.

PIRT takes these sites down and makes sure they get reported to all the appropriate places, including law enforcement.

The Artists Against 419 state what they do on their main page:

The Internet is great, isn't it? It's a magical place, where you can buy anything you want, meet new people, find information... and lose all your money to scammers.

We've never liked that last part, so we started to fight back. Over time our art has evolved, and we now maintain the largest online repository of web sites used in internet fraud.

We offer a complete public interface for our site visitors, as well as database access through webservices which can be used for automated retrieval of fake bank entries. Web browser toolbars use our database feed to warn users that a site they visit is a fake company run by scammers. But most importantly, we continue to build better relations with other anti-fraud organizations and webhosting companies, to pursue our goal of ridding the Internet of fraudulent web sites.
Both of these organizations are run by volunteers that care. They can always use the support of the people they protect. If you get a minute, I recommend taking a look at them to see what they are doing to make the Internet a safer place.

We should all "resolve" to give these fine people our support!

CastleCops has a new online forum about the DDOS attacks, here.

Priest convicted on fraud charges

It never seems to amaze me, who gets caught committing fraud. Here is a story that confirms that fact. A former priest has been convicted of stealing a lot of money from his flock and the Church.

A former priest pleaded guilty to stealing hundreds of thousands of dollars from his church by setting up secret bank accounts to pay for a life of luxury, including traveling around the world and buying a condominium.

The Rev. Michael Jude Fay, who resigned last year as pastor of St. John Roman Catholic Church, pleaded guilty Wednesday to interstate transportation of money obtained by fraud. He faces up to 10 years in prison, a $250,000 fine and must pay restitution.

Prosecutors said Fay took between $1 million and $2.5 million over seven years, but the priest has disputed that. He admitted taking between $400,000 and $1 million.
Of course, using religion as a guise to cover wrongdoing is nothing new. Last I heard, the Church is still settling a lot of litigation for sexual predators posing as men of God.

AP story by John Christoffersen, here.

Here is a previous post, I did in the same vein:

Fraudsters Use Religion to Cover their Misdeeds

When considering our privacy, who should we fear more -- the NSA, or the communications companies?

I then came upon a story that explains one of the reasons why communications companies might be in such a hurry to bundle communications services.

Frequently, we see articles about the NSA violating people's privacy. Recently, there was quite a stir about certain communications companies, who were providing them with a lot of personal information.

Who should we fear more, the NSA, or the communications companies?

David Lazarus (LA Times) did a really interesting story of how these new bundle communications deals have you agree to a thousand word privacy policy, which essentially allows them to share your most personal details with just about ANYONE!

Selling and reselling people's information has led to a loss of privacy and is probably the root cause of a lot of identity and information theft. While selling information to the NSA makes good press -- on a personal level, I fear other entities -- who steal and (sometimes buy) this information a lot more than the NSA.

Of course, this is is my opinion, but trust me, I can back it up.

The motivation to gather all this personal information is simple, it's worth a lot of money.

Here is an excerpt from David's story, which I highly recommend anyone link to and read.

"All your eggs are in one communications basket," said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. "If a company wants to, it can learn a great deal about you -- and it probably wants to."

More often than not, it'll also want to turn a fast buck by selling at least a portion of that info to marketers.

All leading telecom companies are aggressively pushing these bundled service plans after investing billions of dollars in high-speed digital networks. For consumers, the upside is often a hefty savings compared with acquiring the same services from multiple providers.

The downside is that you're making intimate details of virtually all your network activities available to a single company -- and possibly government officials.
David Lazarus's story can be seen by linking, here.

Another thing to be careful of are marketing promotions from some of these companies, which expire at a certain point.

If you fail to cancel, or renew them, the price of them frequently explodes to an unreasonable (higher than market) cost.

Most of them do claim (if you bother to call and ask why) to have sent you a notice in the mail. Problem is they look just like all the other junk mail (marketing) offers that we frequently throw into the shredder without reading.

Best bet is to (if possible) put a reminder on your computer to cancel, or renew the deal.

Privacy notices and marketing promotions seem to have a lot of fine print. Here is another post, I did about privacy notices:

Not answering a Privacy Notice gives the sender permission to sell your personal/financial information

Here is another interesting article from the Electronic Frontier Foundation on this subject about a call by "Representative Edward J. Markey to launch an investigation into violations of customer privacy by the major telecommunications companies."

Sunday, September 09, 2007

Anti scammers under attack by Storm botnet

I happened to be checking out the Artists Against 419 site (one of my favorites) and discovered that the site is under a pretty nasty DDOS attack.

But apparently, it doesn't stop there. I found this on SlashDot written by capnkr and posted by CowboyNeal:

"It looks like the efforts of the anti-scammers at sites like 419eater, Scamwarners, Artists Against 419, and possibly others have become the target of the Storm botnet. Spamnation has a post about it, and as of this writing none of the above listed sites are responding. Spamnation reports that CastleCops and other anti-spam forums are being DDoSed as well.

Sounds like a massive, concerted effort against the folks who are fighting the good fight. Although I hate it for the owners and admins of the above sites, I think it shows without a doubt that their efforts to 'get back' at the scammers are working."

CastleCops has given some temporary hosting to the Artists, and has a forum discussing the current attacks, here.
The scammers have been going after CastleCops for quite awhile now, and it appears that this time, they were unable to do much damage.

Last week, I did a post about blogger accounts becoming infected by the storm worm. This phenomonen was discovered by Alex Eckelberry, CEO Sunbelt Software, who is a blogger user, also.

The sheer power of the Storm botnet is said to rival the power of the world's top super computers. Wikipedia has been keeping up on the developments regarding it, here.

Saturday, September 08, 2007

SIRAS PI - tracking theft to the source


Graphic demonstration of anti-theft technology courtesy of SIRAS.com.

Criminals, who steal goods, whether with bogus financial instruments, or by more physical means might be in for a little surprise if the merchandise is protected by SIRAS PI.

Last week, SIRAS made this announcement in a press release:

SIRAS.com, the pioneer in Point-Of-Sale Electronic Product Registration used by leading manufacturers and retailers, has announced the nationwide launch of SIRAS P.I., a groundbreaking initiative to aid law enforcement officials in determining whether products they recover are, in fact, stolen, and if so, from where. Piloted by the Mesa, Arizona Police Department, SIRAS’s P.I. (Product Information) Database has already proven to be effective in helping law enforcement officials identify stolen items, report suspicious items, and apprehend and convict thieves. The database will be available, free of charge, to police and law enforcement agencies nationwide.

The way SIRAS works is simple, but effective. It tracks a product by recording the UPC (Universal Product Code) and the product serial number. SIRAS has the capability to determine where merchandise was stolen, whether from a merchant, manufacturer, or individual.

Earlier this year, SIRAS did some testing that revealed a substantial reduction in TV and MP3 player losses on products, where their technology was being used.

If deployed properly at the merchant level -- it could also determine how an item was purchased, and whether or not -- the method of payment used was legitimate. In theory, a merchant could also use the technology to impact credit card chargeback and fraud check losses.

I say "deployed properly" and "in theory" because the information to accomplish this (sales data) belongs to the company using SIRAS technology. Because of this, the capability to track sales information would have to be implemented inside the company. At most larger companies, this information is already tracked and analyzed to prevent and detect dishonest activity.

For years, most high-theft (shrink) merchandise has been secured so a thief can't merely pick it up from a shelf. When high-theft merchandise that was secured is stolen, it's normally because of one of two reasons. It was purchased with a bogus financial instrument, or an insider was involved in the theft.

Other reasons for secured merchandise being stolen might be a theft, directly from the manufacturer, or a theft during the shipping (transport) process. In these instances, if the merchandise was registered at the manufacturer, SIRAS can identify the point of compromise, also.

Technology has made it a lot easier for criminals to obtain and use fraudulent forms of payment. Information being compromised (data breaches) and anonymous places to communicate like Internet chat rooms, have given a lot of common criminals access to bogus financial instruments.

Along with the increased availability of fraudulent forms of payment, obtaining counterfeit identification documents has become fairly easy, and the identity used on them normally belongs to someone else. This has made it easy for a lot of retail criminals to operate as someone else.

Because of these new trends, current systems that record personal information to prevent fraud are becoming less effective than they use to be. I often wonder (no one probably really knows) how much of the information contained in them is incorrect.

In the recent data breach at TJX, one of the systems compromised was their refund database. Stories have circulated recently about the wrong people being pegged as frequent refunders, or bad check writers after their identities were stolen.

Neither one of these situations fosters good will, or trust with customers. Besides that, data breaches are becoming costly. The last I heard TJX has spent approximately $256 million dealing with the breach. With pending litigation, the cost is liable to keep going up.

With SIRAS, using personal information isn't necessary to determine, whether or not, a return is legitimate. SIRAS already has proven to be highly effective in reducing refund fraud without asking for one item of personal information.

An example of how some of the TJX data was used in a retail theft scenario can be seen, here.

Given that criminals that steal merchandise want to turn it into money, two methods are normally used. They either refund it somewhere, or fence it. Auction sites provide an easy and when combined with account-takeover activity (anonymous) venue for criminals to fence merchandise.

In the auction world, seller accounts are taken over all the time. This normally occurs when seller accounts are compromised by a phenomenon known as phishing. Phishing occurs when a person is tricked into giving up their access information after receiving a spam e-mail.

Compromised seller accounts are sold on the Internet the same way financial information is, and there is a trend in DIY (do-it-yourself) phishing kits being sold that enable non-technical criminals to get into the game.

eBay and PayPal are two of the most heavily phished brands. Once these accounts are compromised (taken over), they are used by criminals to fence merchandise and launder the monetary proceeds of their illicit sales.

Another growing trend related to phishing is when malware, also sometimes known as crimeware is used to steal information. The difference here is information is stolen from systems automatically (normally by keylogging software) and social engineering (trickery) is no longer necessary to get people to give up information.

Malware is often picked up by a computer system by clicking on a spam e-mail link, or by visiting a website designed to inject the software on a system. PC World recently did one of the many stories floating around about malware being sold on the Internet in the form of DIY kits.

In the story they wrote:

The global market for criminal malware now operates like a supermarket, complete with special offers and volume discounts, a security company has discovered.

Here again, this capability enables not very technically inclined criminals to get into the game. This has become a growing problem and I expect it to get worse before it gets better.

With the availability of all this personal and financial information, being sold on an economy of scale, current fraud protection systems are routinely being compromised by a lot of criminals.

There is an old saying in the investigations world, which is if you want to solve a crime, the easiest way is to follow the money.

SIRAS takes this one step further by tracking both the merchandise and can track the money ( if programmed to do so by the user). When you do this, the odds are far greater that the true culprit will be identified. They are normally associated with either the money, and or the merchandise.

Since the technology records both physical and UPC information, the database can determine exactly where the merchandise was compromised (stolen). Given that many merchants use digital video systems -- which are capable of storing video footage for a long time, it's also possible to obtain video evidence of the original transaction -- when sales information has been programmed to tie into the technology.

SIRAS has been used by select manufacturers and merchants for several years now -- however a new initiative, SIRAS PI, which was tested with Mesa PD -- makes the database available to law enforcement agencies free of charge.

Law enforcement can access the database either via the Internet, or by telephone. They can also add items to the database when they are reported stolen. If someone later tries to refund the merchandise at a participating retailer, the transaction can be automatically flagged.

Although a lot of fencing now occurs on the Internet, the technology is equally as effective in investigating more traditional property crimes, also. The bottom line is once merchandise is discovered, it can be tracked by SIRAS, if the item has been registered.

Recently, Chris Hansen (MSNBC), did a story about iPod theft. When Apple was approached about tracking the merchandise using Apple's registration database, they decided not to cooperate with MSNBC.

Undaunted by this, MSNBC purchased a bunch of iPods and engineered the registration disc to send them the information when the iPod was registered. They then left the iPods (new in the box) unattended, let them get stolen and tracked them to the crooks once the iPod was registered.

Chris Hansen made an excellent point on how databases can track stolen merchandise -- but in this instance, brand new iPods had to be left in public places to be stolen -- then registered to make the point.

If Apple used SIRAS technology to protect their merchandise -- it would have already been traceable, even if it was stolen from an individual -- who didn't provide the thief with the registration disc. It also would eliminate privacy concerns, which might be why Apple didn't want to cooperate with the MSNBC investigation?

When registering any product, a lot of personal information is normally asked for.

In any event, most criminals of the smarter variety aren't going to provide their personal information in the registration process. Most of them shy away from doing things, which might get them caught.

It would be interesting to have MSNBC, or another investigative news source do the same story with merchandise protected by SIRAS. The story might expose more than people, who stole because of an almost "too good to be true" opportunity was provided to them.

MSNBC iJacking story, here.

This brings up another potential benefit to this technology. Expensive portable electronics and other expensive toys like mountain bikes are stolen from the people who buy them (customers) all the time. Using SIRAS technology might even be a selling point that instills customer trust in the product they are purchasing.

This technology has prevention/investigation applications for corporations, law enforcement agencies and individuals, alike. It also doesn't require using people's personal information, which isn't as effective as it used to be, and is becoming more unpopular all the time.

In my opinion, this technology has the ability to make it a lot harder to get away with stealing merchandise and converting it into money.

Of course, the more it is used, the more effective it will become. Databases have a tendency to do this, or become more useful as they contain more information.

There are a lot of anti-theft/fraud technologies that claim to prevent theft/fraud. Very few of them also claim to be able to go after and hold the criminals committing the fraud/theft personally accountable.

The last I heard, most criminals still fear getting caught!

If you would like more information on the organized trade in counterfeit identification documents, the story of Suad Leija can be seen, here.

Suad's story has been covered extensively in the media, including by Lou Dobbs. Currently, she is writing a book and I keep in touch with her occasionally.

More information about bogus financial instruments can be seen, here and here.

A chronology of data breaches is compiled by the Privacy Rights Clearinghouse, here.

The best source on phishing is the Anti-Phishing Working Group and if you are interested in learning even more about phishing and want to see some totally fake banking sites, Artists Against 419 is another good place to visit.

Last, but not least, if you are interested in learning more about SIRAS PI, you can do so by visiting their site, here.

Friday, September 07, 2007

International investigation in Nigeria regarding counterfeit checks could lead to arrests, worldwide



A joint operation by the Economic and Financial Crimes Commission, United States Postal Inspection Service and the United Kingdom Serious Organized Crimes Agency has substantiated that a lot of counterfeit checks are being shipped via mail out of Nigeria.

From This Day courtesy of AllAfrica.com:

A statement by Osita Nwajah Head, Media & Publicity of EFCC said the exercise is the first multi-national interdiction operation of outward bound packages in the country. It saw agents of the three law enforcement agencies poring through tones of outward bound packages in the pre-exporting mail processing centres of the Nigerian Postal Service (NIPOST) and private courier companies like FedEx, UPS and DHL. The operation produced startling discoveries of how criminal elements operating from the country ship fake documents and counterfeit financial instruments abroad. In several packages were found fraudulent identification and counterfeit financial instruments neatly concealed in carbon paper to evade the sensors of scanners.

In all, 15,129 counterfeit cheques related to advance fee fraud scams were intercepted. They include 6,948 blank cheques and others drawn for the sums of $145.9 million, Euro 211,077, 218.00, over two million Pounds Sterling and 120,450.00 Canadian dollars.

Thus far, according to the report, no arrests have been made. The checks used in different variations of the advance fee scam are normally mailed in quantity to distributors and then mailed to the individual victims to cash. My guess is that this effort was to gather evidence, which will enable law enforcement to tie in the counterfeit checks to criminals in several different countries.

To substantiate this guess, the article in This Day states:

Similar interdiction operations were carried out simultaneously in Spain, the Netherlands, United Kingdom, Canada and the United States. The global initiative against 419 scam will climax with an international press conference in Washington DC, to be conducted by Chief Executives of selected law enforcement agencies around the world. The EFCC is one of the agencies invited, the statement pointed out.

In an advance fee scam, social engineering ploys (trickery) are used to dupe people into cashing these bogus financial instruments and wiring the money back to the criminals behind the scheme.

When the check is discovered to be fraudulent, anywhere from right on the spot to about ten days later, the person passing the item is left holding the bag. This can translate into a loss of their freedom (getting arrested), being held financially liable, or a combination of both these consequences.

Interestingly enough, the report states that fraudulent identification documents were being shipped along with the counterfeit checks. This might lead some to speculate that not all of these items are intended to be pawned off on advance fee victims. Counterfeit checks and counterfeit identification documents are a well-known combination used by individuals, or groups committing the more intentional variety of check fraud.

Advance fee victims are duped into using their own information to cash the items.

A new trend has been noted called reverse scamming, also. This occurs when scammers have the bogus instruments sent to them, cash them and then never follow the instructions to wire the money.

If confronted, these reverse scammers will always proclaim (loudly) to be victims, however if they don't wire any money anywhere, their intent in passing the item is pretty obvious.

Hopefully, enough evidence has been gathered in this operation to prosecute fraudsters all over Europe and North America, as well as in Nigeria.

The Economic and Financial Crimes Commission's motto is "The EFCC will get you anywhere .....anytime." With a little luck, this investigation might end up proving how true this statement is!

This Day story, here.

A lot of people are led to believe that advance fee scams are all from Nigeria. Although some of them are, Nigeria isn't the only point of origin for this activity. In fact, because of all the press on Nigerian scams, I've seen a lot of these other advance fee fraudsters impersonate Nigerians to lay the blame, elsewhere.

Counterfeit money orders, gift and travelers cheques have been circulating in these scams in the recent past, also.

I've written other posts about how the EFCC goes after criminal activity, here.

Wednesday, September 05, 2007

Immigrants targeted in learn English (with Rhythm) scam

Immigrants are often targeted in scams because they are less likely to report them. Here is an example -- where the Oregon AG with some assistance from the Willamette University College of Law Clinical Law Program is going after four California corporations for scamming immigrants -- who want to learn English.

Ironically, I seem to hear a lot of criticism about immigrants, who don't want to learn English. In this instance, people trying to exactly this (learn English), were being scammed!

From the Oregon AG (Attorney General) press release:


The lawsuit alleges that from 2002 to 2005 the defendants targeted members of Oregon's Hispanic community by advertising "free" English-language instruction courses entitled "Ingles con Ritmo" (English with Rhythm) and later charged exorbitant shipping and handling fees. The defendants repeatedly demanded additional payments for products that consumers never ordered or received. Thereafter, the defendants falsely represented themselves as third-party debt collectors and lawyers and threatened legal action in an effort to extract more money from the victims. In all cases, the victims owed the defendants nothing.

I decided to Google "Ingles con Ritmo" (English with Rhythm) and found an article by Consumer Affairs, where the FTC filed a similar action in June.

From the FTC press release:


According to the FTC’s complaint, from 2003 to 2005 the defendants sold an English-language instruction course, “Ingl├ęs con Ritmo,” advertised on Spanish-language television and the defendants’ Web sites, http://www.tonorecords.com/ and http://www.tonomusic.com/, stating that it was free due to government or non-profit subsidies. Inquiring consumers were told that a shipping and handling fee of $100 to $169 applied. Since 2006, the complaint states, the defendants, posing as third-party debt collectors, told consumers they owed money, typically $900, and repeatedly called them, even though the evidence shows that they owe no money.

The defendants are charged with violating the FTC Act and the Fair Debt Collection Practices Act (FDCPA) by falsely claiming that a debt is owed; by falsely claiming to be, or to represent, an attorney; and by falsely threatening legal action, arrest, imprisonment, property seizure, or garnishment of wages. Other FDCPA violations alleged are attempting to collect an amount of debt not authorized by contract or permitted by law; harassing consumers; and failing to inform consumers, within five days of their initial communication with them, of their right to dispute and obtain verification of their debt and the name of the original creditor.

The corporations and individuals listed in the suit are:

Tono Records, dba Tono Music and Professional Legal Services, Tono Publishing, Promo Music, Millennium Three Corp., Dulce Ugalde, Luis Roberto Ruiz, and Maria Oceguera, all based in Los Angeles County, California.

As of this writing, both the sites linked to in the FTC press release are no longer active.

Although, I'm glad to see a civil action undertaken in this instance, I have to wonder why criminal charges aren't being filed. Some of the collection practices allegedly being used, might be defined as "extortion," which is a criminal offense.

Consumer Action, a non profit organization that has been around since 1971 has a page on their site detailing the most common scams, where immigrants are targeted.

They list the most common scams against immigrants, which were put together by the FTC in 2006:

  • Predatory lending practices. Lower income levels and other factors can make obtaining access to credit difficult. Moreover, Hispanics unfairly may be charged higher interest rates.


  • Immigration fraud. Perpetrated by so-called “immigration consultants,” such schemes tend to increase when immigration legislation (for example, for an “amnesty”) is being proposed or considered. The “consultants” take advantage of general awareness of possible new programs and their victims’ lack of sophistication about the legislative process.


  • Used cars. Some sellers fail to comply with applicable state and federal laws, such as the FTC’s Used Car Rule (if a transaction is conducted in Spanish, the mandated “Buyers Guide,” disclosing whether the vehicle comes with a warranty or “as is,” must be provided in Spanish) or California’s law that if negotiations are conducted in Spanish, the written contract also must be in Spanish.


  • Health insurance fraud. Because minimum wage earners often do not obtain health insurance from their employers, they are attracted to offers for low-cost health insurance, which may not provide the advertised benefits, if any.


  • Buying clubs (offering discounts on products and services). For Hispanics who seek discounts and best prices, offers for buying clubs are extremely attractive. Panelists at an FTC Hispanic/Latino Outreach Forum described a Hispanic cultural affinity for “free” or discounted goods and services, and an economic need for them driven by lower income levels as a group. Buying clubs often are offered for free for thirty days, requiring the consumer to cancel before the end of thirty days to avoid being charged for the club.


  • Work-at-home schemes. The panelists considered this a growing problem area that particularly takes advantage of undocumented immigrants seeking an income without having a traditional employer. Tackling this fraud also poses challenges because these schemes are advertised not just in classified ads and other media, but often by signs tacked onto telephone poles.


  • Notario fraud. In most Latin American countries, the term “notario” implies that the person described is a licensed attorney. Panelists reported a common scam involving individuals who represent themselves as “notario” and offer help with the immigration process; in fact, these individuals are not attorneys.


  • Remittances. The panelists noted that many Hispanics wire money to relatives in their home countries and that there are many problems with undisclosed fees or fees that vary from what was disclosed.


  • Prepaid phone cards. Panelists agreed that problems with undisclosed fees are commonplace with these cards.


  • Employment agency fraud. This fraud preys upon undocumented immigrants looking for work and tends to increase when the economy is in a downturn.


  • Panelists observed that purported cures for many ailments appear in numerous Spanish newspapers and other Spanish-language media.

Oregon AG press release, here

FTC press release, here.

The FTC now has information in Spanish on their site, here.