Tuesday, September 16, 2008

Improved OnGuardOnLine Site Teaches Cyber Safety to the Average Person

One of the better places for the average person to learn about the sometimes murky waters of the Internet is free and sponsored by the Federal Trade Commission. Although OnGuardOnline.gov and AlertaEnLinea.gov, its Spanish-language counterpart have been around for awhile -- some new and exciting improvements have been made to the site with a just released Web 2.0 redesign.

The new and improved site allows users to grab and embed games and videos, search for topics on the site, take a “show of hands” poll, and have a more interactive experience while learning how to avoid becoming an Internet crime statistic.

Articles and games covering sixteen topics -- including social networking, phishing, email scams and laptop security; plenty of buttons and banners you can post on your blog or website; free publications consumers and organizations can order; and links to the OnGuard Online partners from the public and private sector.

I should add that a lot of good people from both the government and private sectors have given resources and their valuable time to assist the Federal Trade Commission with this site. Industry and government partners -- include the U.S. Department of Justice, Office of Justice Programs, Department of Homeland Security, Internal Revenue Service, United States Postal Inspection Service, Department of Commerce, Technology Administration, Securities and Exchange Commission, National Cyber Security Alliance, Anti-Phishing Working Group, i-SAFE, AARP, National Consumers League, Direct Marketing Association, WiredSafety.org, The SANS Institute, The National Association of Attorneys General, Better Business Bureau, NetFamilyNews, CompTIA, National Crime Prevention Council, Association of College Unions International, and the Latinos in Information Sciences and Technology Association.

In my opinion, this represents a valuable partnership in dealing with the ever growing problem of crime on the Internet. This also represents a very credible collaboration of resources and industry experts (my humble opinion).

There is also a lot of material that businesses and organizations can use to educate their people with. Frequently, I get approached on this subject and I will continue to recommend this site as a valuable resource. Of course, the benefits for the individual person wanting to protect themselves, or become more knowledgeable are there (free for the taking), also.

If you are one of those businesses or organizations wanting additional matertials, you can get free OnGuard Online publications. For 50 or more copies, visit ftc.gov/bulkorder. If you need less than 50 copies, call 1-877-FTC-HELP.

Monday, September 15, 2008

Virtual Kidnapping - A New Version of a Confidence Trick!

Not all the kidnappings in Mexico and the United States are real. The US Immigration and Customs division gets reports of virtual kidnappings, where the intent is to extort money, but the alleged victim is safe and sound.

The kidnappers appear to be able to find out who is traveling to Mexico and/or is coming into the US illegally. They then call a family member or loved one, claiming they have the tourist or illegal immigrant hostage and demand money for their safe return.

I happened to pick up this story on Fox News, which reported that Immigration and Customs in Phoenix gets a report about once a week of smugglers holding a hostage. Although 75 percent of them are real, about 25 percent are bogus, according to the story.

The reason the virtual scam works is probably that real cases of people being kidnapped are becoming commonplace south of the border. In April, CBS News reported that a hotline set up in Mexico City to deal with extortion cases had received 44,000 calls since December. The hotline statistics recorded were 22,851 extortion attempts avoided, 3,415 telephone numbers identified as being tied to extortionists, and 1,627 people who paid off the virtual kidnappers.

In another version of virtual kidnapping, an illegal immigrant already in the country is contacted and told that a family member is being held hostage in Mexico. It's not unknown for smugglers to hold onto a family member and extort money from illegal immigrants whom they have brought across the border. With all the real kidnapping going on, it makes sense that fake ones seem legitimate.

In April, the New York Times did another story on virtual kidnapping. In their article, they speculated that at least some of it was being done from Mexican prisons. Apparently, the guards look the other way as long as they get a cut of the action. The article also mentioned that besides virtual kidnapping, other telephone scams are rampant in Mexico, like the sweepstakes variety, a type of the infamous advance fee (419) scam.

Network World asked why this type of kidnapping is referred to as virtual. Paul McNamara wrote a interesting piece pointing out that the term "virtual" doesn't really fit in these cases. "The crime itself is horrific — beyond comprehension in its cruelty — so there's some hesitancy to complain about semantics. But this is a technology column and the underlying issue — society's tendency to blame modern-day bad deeds on technology instead of the bad-deed doers — is an important one," according to McNamara.

He makes a very good point: scams designed to part people from their hard-earned money didn't start with the computer age. Confidence tricks have been around for a long time and virtual kidnapping is merely that, a confidence trick. A good example is what is known as the Spanish Prisoner letter, where someone was tricked into thinking they were securing the release of a wealthy individual (who couldn't reveal their own identity) from prison in return for future compensation. This particular scam dates back to well over 100 years ago.

The Internet is full of too-good-to-be-true scams, which use greed to lure victims. Besides greed, fear is another lure scammers use. We see this on the Internet in threatening letters allegedly from government agencies, or even in what is known as the hit-man scam. In the hit-man scam, a person is intimidated into paying someone off to remove a contract that has supposedly been taken out on their life.

Scams using the telephone are becoming more and more common as well, dubbed "vishing." Here the telephone is used to perform confidence tricks of all sorts, and/or to steal personal and financial information later used in identity theft schemes.

This doesn't take away from the fact that a lot of people are victimized because of the not very secure situation we have on our border. It often seems that the criminals are more in control than the authorities, and besides confidence tricks, we see an overabundance of crimes that threaten public safety and, some say, our national security.

Until we take the control of the border away from criminals, we are going to continue seeing a lot of people victimized.

Friday, September 12, 2008

Will Ike Spike Another Round of Price Gouging?

With Hurricane Ike headed for South Texas -- some are predicting that greedy businesses will gouge people by charging unfair prices for necessary goods and services.

Yesterday, the Texas AAA issued a press release encouraging people to report any suspected gouging. They noted in past disasters hotels, gas stations and convenience stores have been caught taking advantage of other people's unfortunate situation during a disaster. Goods that frequently have their prices artificially raised include gas, drinking water, batteries and food.

The Texas AAA recommends that if you think you have been gouged to keep your receipts and file a report with the Texas Attorney General. The Texas Attorney General has already warned that gougers will be prosecuted to the fullest extent of the law. Reports can be filed by telephone at 1-800-252-8011.

While Texas is the obvious place price gouging might occur, concerns are already being raised in other States about this. News4Jax.com in Florida, WTHR.com in Indiana and WIS10 in South Carolina are all running stories on gas gouging. There is even concern in Canada that Hurricane Ike will spark a round of gouging up there.

Most of these articles recommend contacting your state's Attorney General if you have concerns about gouging. Reports can also be filed with the Department of Energy.

Besides filing a report, there are resources to ensure you are getting the most out of your hard-earned money in your area. GasBuddy.com is a online means of finding the best prices in both the United States and Canada. In Canada, there is an interesting tool from the CCPA (Canadian Centre for Policy Alternatives) where you can see how much you are being gouged.

As a disclaimer, there are some who will argue that any suspected gouging is merely the result of natural events. Please note the people that argue this will probably be affiliated in some manner with Big Oil. Of course, other's might argue Big Oil has been gouging everybody for a long time. Of course, there is an argument that financial types have been playing around with the prices via speculation, also.

Sadly enough, despite a lot of frustration by the general public, Congress took off on vacation without addressing the public outcry on this issue. I'm not sure how much good reporting price gouging will do, but if enough people do, perhaps all the politicians crying foul about this issue will finally do something about it?

In my opinion, thus far, we've seen a lot of words but little action on this subject!

Wednesday, September 10, 2008

Are Street Gangs using Check Fraud to Fund Themselves?

We keep hearing how white collar crime is becoming more organized. A recent story in Arizona shows how traditional gangsters are getting involved in white collar crime.

In 2006, Postal Investigators investigating checks being stolen from the mail tied the activity into one of the more violent street gangs operating in the Hermosa Park area of Phoenix. This led to one of the biggest street gang cases of the year.

Yesterday, Phoenix police and FBI agents began serving warrants on the gangsters involved in this activity. 102 were indicted in this operation. By the end of the day, they had 38 of them in custody. The arrests are being hailed as crippling the gang in the Hermosa Park area.

Of course, this doesn't mean that this gang wasn't involved in more traditional activity. Also confiscated in the arrests were "24 weapons, 18 cars and trucks, 43 pounds of marijuana and cocaine and Ecstasy," according to the story in the azcentral.com about this. In another story on this by ABC15.com, officials commented that several of the people arrested were connected to violent crimes in the area.

According to the authorities involved in this investigation, this gang is suspected of stealing more than $2 million dollars using stolen and counterfeit checks in the past couple of years.

Often legitimate checks stolen from the mail and other sources are counterfeited. Since the checks are copies of legitimate items, they often pass initial scrutiny at a financial institution.

In recent years, check fraud has exploded. Last year, an International task force monitored the mail in several countries and confiscated checks being produced overseas and mailed to several countries. Additionally, a wide array of check producing software and even the paper with anti-fraud security features can be bought in Office Supply stores and even on the Internet.

Another phenomenon that fuels check and many other types of fraud is the easy availability of counterfeit identification. The distribution and sale of counterfeit documents is also controlled by organized crime. I've written about this frequently and have spoken to Suad Leija and her husband, who have gone to considerable effort to educate the public (and the authorities) about how widespread and organized this activity is.

Suad's website, Paper Weapons has a lot of information on this subject.

Organized check fraud activity has been around for a few years. In 1996, Special Agent Keith Slotter of the FBI wrote a very telling paper on this subject. "The principal ethnic enterprises involved in illegal check fraud schemes include Nigerian, Asian (particularly Vietnamese), Russian, Armenian, and Mexican groups. The majority of the Vietnamese, Armenian, and Mexican organizations base their operations in California, especially in the Orange County, San Francisco, and Sacramento areas," according to the paper.

While the arrests in Phoenix represent a small part of the overall problem with check fraud -- it does point to the fact that organized criminals see check fraud as a lucrative income stream.

Monday, September 01, 2008

Were Internet Scammers Preparing to Exploit Hurricane Gustav?

Gustav has passed and it seems like it wasn't as bad as it could have been. One positive aspect to it all was the emergency responders, who were on top of it this time. They really did a first-class job of ensuring the public's safety and deserve to be commended for their efforts.

Unfortunately, this might not be the case with everyone who was preparing for the worst Gustav might have dished out. Cyber criminals appear to have been positioning themselves on the Internet to divert as much of the relief money as they could get away with. And although it wasn't as bad as it could have been, we might still see these crooks try to take advantage of the situation.

Gary Warner, who is a blogger and computer forensics research type, recently posted a list of names that appear as if they might used to impersonate Gustav relief efforts on his blog. Some of the potential fraud domain names listed include contributiongustav.org, donategustav.org, donationgustav.org, gustav-relief.org, gustavassistance.org, gustavattorney.com, gustavclaims.net, gustavcontribution.org, gustavhelpers.org and gustavlawsuit.com. Many more of these domains can be seen on his blog post.

Gary also pointed to interesting package deal of domain names being offered on eBay. The seller has a 94.1 percent approval rating on eBay and offers to give 10 percent of the purchase price to a charity of the buyer's choice. Additionally, he assures anyone bidding on these names that their User ID will be kept private.

eBay isn't the only e-commerce place selling these domain names, I found some on DNForum.com, also. In fact, DomainPulse.com is reporting that 100 names related to Gustav were registered in less than 48 hours.

The good folks at the SANS Internet Storm Center are also keeping an eye on this activity and have an interesting diary going on about it. They are asking that anyone with any further information about this send them a quick note so they can stay on top of the subject and hopefully report it to the federal authorities.

Whether or not these domain names will be used for fraud is purely speculative at this point. However with the Louisiana Attorney General reporting that phishing attacks using Gustav as a lure have already started, it's probably only a matter of time before some of these sites are used in an attempt to dupe the general public. It should be noted that phishing is a time-tested method used to direct unsuspecting users to fraud websites, where they are tricked out of money via social engineering schemes or can even have malicious software dropped on their operating system. Becoming a Phish normally carries the risk of identity or information theft, also.

Identity theft isn't the only reason malware is dropped on a system. Often the intent is to take over a system and turn it into a member of a botnet so it can be used as a spam spewing zombie. It's always considered wise not to click on links received in e-mails from unknown sources.

The average person can check out if a charity is legitimate by visiting the Better Business Bureau Wise Giving Alliance, Charity Navigator or the American Institute for Philanthropy.

If you happen to detect a site that appears to be fraudulent, the socially responsible thing to do is to report it to Internet Crime Complaint Center.