Sunday, June 28, 2009

Lucid Intelligence – A Free Way to Discover IF Your Identity Has Been Stolen!

Millions of personal and financial records have been compromised in recent years and the criminals involved in trading this information operate worldwide.

"A criminal might be based in Romania, using servers hosted in Russia, stealing data from people in Germany, to buy goods from an American retailer for delivery in the UK, using an Australian credit card," according to a new site called Lucid Intelligence, which seeks to level the playing field for the individual victims of these crimes.

Lucid Intelligence has set up a site that has a user-friendly tool that allows a person to see if their personal and or financial information is in the hands of criminals. It then provides resources – that are free for the most part – a person can use to protect themselves. The Lucid Intelligence Database contains the information of over 40 million people who have already been compromised.

Although, the site freely admits they can't do anything about getting your information back, the truth is that an aware person can take measures to make the information useless (and maybe more dangerous) for criminals to use.

Some of the ways the site suggests protecting yourself is setting up a Google Alert (detailed instructions included), getting a free credit report, finding some free identity theft protection and protecting your computer. Free options of doing this are identified on the site.

All of the records in the Lucid database have already been compromised by criminals and made available on the Internet. These stolen details were found in chat rooms, bulletin boards or FTP sites, which are used as underground forums to sell stolen information. Recently, two major reports indicated there is so much stolen information available, the law of supply and demand is causing prices to go down. This would suggest there is a glut of stolen information out there.

The information is stolen in a variety of ways. It can be stolen by hackers, who compromise a retail or banking system, dishonest employees at a wide variety of places or malicious software delivered by the botnets that "virtually phish" the digital world with billions of spam e-mails. Information can also be stolen when you pay a bill using a card or when an irresponsible employee throws it in trash. Please note, there are other ways information is stolen and I am only listing the more well-known methods.

A lot of the information in the database has been obtained by the highly skilled operators behind Lucid, who seek out and engage cyber criminals and beat them at their own game. These operators, who come from all walks of life, are volunteers and most (if not all of them) have put a few scammers behind bars.

There is little doubt that the amount of information in this database is going to grow and, whenever possible, Lucid records exactly where they discovered the information.

The information you input to do the searches is not maintained by Lucid until you request the detailed summary. There are reasons for this, which I will explain below. The site also doesn't use any cookies that are designed to track activity on a computer. From what I can see, everything associated with the site is designed to protect individual privacy and takes the necessary precautions to stop someone with malicious intent from exploiting the Lucid database itself.

If the search reveals your information has been compromised, they provide you with a limited summary. For an administrative fee – and only after your identity has been completely verified – they will provide you with all a detailed summary. The administrative fee of £10 (approximately $16.56) to get the detailed summary covers the costs of pulling the information. Included in the detailed summary is an individual risk analysis based on the information discovered.

In most cases, the limited summary, combined with the protection information, will be sufficient for most people.

In the past four years, Lucid has turned over the details of every credit card they've discovered to the “Dedicated Cheque and Credit Card Unit” in London and APACS. In turn, this information is turned over to the credit card issuer. Lucid has already provided the details of several hundred thousand compromised credit cards and it is estimated they have saved more than £200,000,000 (approximately $331,250,263) from being stolen. When considering this statistic, we need to remember that the actual card details came from all over the world.

It should be noted that payment (credit/debit) cards aren't the only type of information available for sale on the Internet. Lucid attempts to report all the information they discover if there is a place to report it to.

There are good reasons that Lucid doesn't turn these credit card details over to the card issuers directly. Replacing credit cards is costly and sometimes card issuers choose to merely monitor known compromised information and then issue a new card if there is suspected fraudulent activity. By reporting it to the authorities and APACS, Lucid ensures a record is maintained should someone run into complications with an issuer after they have been victimized. Despite all the zero liability ads out there, the sad truth is that not all victims come out of these schemes without losing money (sometimes a lot).

Another thing the Lucid database might reveal is synthetic identity theft before it comes back to haunt a person. Credit reports don't necessarily catch all forms of identity theft. Sometimes different parts of people's identities are used to forge a synthetic one. In these instances, because a lot of the information doesn't match, the credit bureaus don't pick it up.

Other examples where a credit bureau might not reveal identity theft are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and when it is used to commit crimes of other than a financial nature.

Another thing to consider is that since not all compromised information is used or used right away, the risk is there, but it will not show up on a credit report.

The people behind Lucid are also active in dealing with advance fee fraud (419) and the different varieties of this are covered on the site, also.

Last but not least, if you need further information they have a way to contact a member of the group.

The site is largely the work of Colin Holder, a retired Detective Sergeant from the United Kingdom, who is considered one of the leading experts in the world on advance fee fraud and identity theft. This isn't the first Web site Colin has set up, either. In 2001, he set up the Metropolitan Police Fraud Alert site and came up with the idea that later became the "KYC" and "Money Laundering" compliance database. His full biography, which is both impressive and extensive, can be found on the site.

Sunday, June 14, 2009

Are Anti-Aging Products Containing Resveratrol Scamming Innocent People?

Getting old happens to the best of us – and ever since Juan Ponce de Leon went to Florida in 1512 on a quest to find the fountain of youth – many have searched for a miracle that would stop, slow or reverse the aging process.

The marketing of Resveratrol is the latest chapter in this saga and has inspired some greedy and not very honest entities to hawk Resveratrol products over the Internet they claim are "guaranteed." The only guarantee with some of these products is that the person buying them might end up spending a lot of money for nothing.

The sad truth is that there are companies selling Resveratrol supplements that appear to be using deceptive marketing practices. If you see a come-on for Resveratrol, I would carefully consider, whether or not, it appears a little too be too good to be true and follow the principle of "caveat emptor" (buyer beware). Of course, it always pays to read the “fine print” (as you will see below), also.

Please note, I'm not here to dispute the possible health benefits of Resvervatrol or recommend if people should use it. The research on it is pretty exciting and I truly hope the results are positive.

There is research showing that Resveratrol has the ability to cure diseases caused by aging and increase life spans. 60 Minutes, Oprah and many other media sources have done stories on it – but although it is being studied seriously – it still hasn’t been approved by the FDA.

Unfortunately, seeming credible evidence is often twisted by greedy people with the intent of making a quick buck, who make it appear they are legitimate when they are not.

Horror stories are starting to pop in Internet forums from ordinary people – who buy Resveratrol and end up paying a lot more than they should have. Even worse, they might end up buying something that isn’t really Resveratrol. A lot of supplements are hawked via spam advertising, where the source might be slightly questionable. The latest estimates are that over 90 percent of all e-mail is spam. Spam is known to contain a lot of deceptive and outright criminal come-ons.

Of course, spam advertising isn't the only venue where Resveratrol is being marketed. Dr. Oz has talked about Resveratrol on Oprah and the article on this from Oprah.com has put in a disclaimer that Harpo productions is pursuing companies that are claiming an affiliation with Dr. Oz or Oprah. I even found an ad page from a "Dr. Os" (note the spelling difference), which is hawking Resveratrol. The page has a YouTube video with the real Dr. Oz talking about Resveratrol. Didn't go so far as to confirm it, but I would be careful about buying anything on this site, which offers up to two free bottles of Resveratrol.

Sadly enough the Oprah.com article – with the disclaimer – is buried by all the other sites using Dr. Oz and other assorted mainstream media stories about Resveratrol. If you want to see what I am talking about, a simple search for "Resveratrol" pulls up an amazing amount of Internet marketing selling Resveratrol. Some of the advertising has "warnings" that Resveratrol products might be harmful to someone's health or a scam. Most of these ads lead to the product the advertiser putting out the warning is selling.

The sheer volume of advertising on Resveratrol makes it hard for the average person to determine what is legitimate and what is not.

Besides the disclaimer being made by Oprah, there is some interesting buzz on her forums about a product called "Resveratrol Ultra.". Many of the people leaving comments on these forums have had their credit cards repetitively charged after signing up for a free trial of this particular product. The true cost is $87.13 for the free trial (if you don’t immediately return it) and they keep shipping you their product and charging you this amount, monthly.

I went to the Resveratrol Ultra site and it has a YouTube clip of the 60 minutes story. One thing I noticed is there is a disclaimer on the site, which states:

The 15 day Free Trial offer is designed to display the quality and effectiveness of Resveratrol Ultra. This gives you the opportunity to try this remarkable program for FREE (just pay shipping and handling) so you can come to a decision for yourself if this is the right product for you.

We want you to be pleased with our products. If it is not all you expected it to be, or you're unsatisfied in any way just return the unused portion 15 days from the date that the product was originally shipped to you for a refund. We are committed to providing superior products and service to our customers. If you are not completely satisfied, contact us and we will make it right for you. Guaranteed!
If you read the complaints this seems to allow them to start charging you $87.13 a month starting with the free offer unless you return the product in 15 days. Based on the comments in Oprah's forum and on a personal conversation I had with a victim -- good luck getting any cooperation from Resveratrol Ultra in getting a refund once this happens. Other complaints state it is even hard to get them to stop billing you $87.13 a month.

Of course, Oprah.com isn't the only place where the public is crying foul about a company selling a Resveratrol product. Complaintboard.com is warning people about Resveratrol complaints and there are also YouTube videos about the subject.

I did a search on mainstream drug store sites and found Resveratrol for about $7 to $12 a bottle. This seems to be a more sensible way to go than paying almost $100 a bottle if you choose to try Resveratrol before the FDA approves it. These places won’t keep charging your credit card, over and over again, either.

If anyone reading this has a complaint, the best place to report it would be the Federal Trade Commission. You can do so right on their site. I ran a search on the FTC site and so far there is nothing about Resveratrol companies, but if enough people complain to them, perhaps there will be.

Posting complaints in Internet forums is an honorable thing to do – but my guess is that if the FTC gets enough complaints they will look into it and go after the people doing it – a lot more, effectively!

To close this post, I would like to reach out to all the mainstream sources which have covered Resveratrol. Their stories are being used to market these products. It sure would be nice if they took the time to cover this aspect of the story more effectively. The few warnings out there about this are easily buried by all the people selling Resveratrol!

My inspiration to write this post came from a Nurse Carol, who spent a career working in Public Health and holds a Master's Degree. She fell for the free trial part of this and has gone through hours of pain and suffering trying to get her money back. Despite cancelling the product after realizing what it was all about, her credit card is still be billed by Resveratrol Ultra as I write this. Although Nurse Carol isn’t a celebrity like Doctor Oz, I can guarantee she recommends that anyone considering using Resveratrol exercise caution before handing over a method of payment.

Monday, June 08, 2009

Trust Caller ID, Become a Crime Victim!

Fraud using the telephone is nothing new; it's probably been around as long as there have been telephones. After all, a telephone is merely a communication device and can be used to dupe someone into doing something they shouldn't have.

Saying that, telephone technology, which has grown rapidly in recent years, has given fraudsters a wide array of new tools to use to depart common people and even large businesses from their hard-earned money.

Take caller ID for instance, which is marketed as a means of protecting our privacy. When I say marketed, it's normally sold for a fee so we can see who is calling us. The irony of the situation is that for a fee, just about anyone can make the caller ID appear to whatever number they desire.

The ability to spoof (fake/impersonate) caller ID has been around for a few years. Collection agencies, private investigators and even law enforcement agencies use it to get people to answer their telephone. In these instances, they are normally paying the telecom company for the service. I guess this means the people selling caller ID and the ability to spoof it are making money on both sides of the fence.

While some might argue the semi-legitimate (?) uses are deceptive in themselves, I'm far more concerned when criminals or malicious beings use it to further one of their schemes.

For instance, caller ID spoofing has been used to dispatch a SWAT team to an unsuspecting person's house, and a Pennsylvania man made obscene phone calls to women and made the caller ID appear as if they were coming from within the house. It has also subjected a lot of people to abusive return phone calls when their number was spoofed and angry consumers wanted to complain.

Of even greater concern is when caller ID spoofing is used by "stalkers." In January, Alexis A. Moore did a very well researched post on her blog about this subject. Moore is a "crime victim advocate and expert in cyber stalking, identity theft, traditional stalking, domestic violence and privacy protection," according to her profile on Blogspot.

Before I move forward, please note that it seems to have worked on a 911 dispatch system. In this case, law enforcement – who is known to spoof their numbers – is being victimized by the same technology they use to cloak calls themselves. Please note that if anyone should be able to legally spoof calls, it’s probably law enforcement. Nonetheless, it is ironic.

More and more frequently, caller ID is being used by organized (and maybe some not so organized) criminals to commit fraud.

Last month, spoofing caller ID was reported to be used as a tool by an international credit card fraud ring that was broken up by the NYPD and the Queens District Attorney's office. The ring was using an easily purchased portable spoofing tool, known as a Spoof Card. Spoof Cards can be bought by anyone who has the money to buy them, right over the Internet! Besides spoofing a number, the cards can be used to disguise a person's voice and gender.

The ring, which was described as stretching from New York to Nigeria, obtained cards and activated them using a number they spoofed as legitimately belonging to the intended recipient of the card. Please note, most banks require you to activate a card from a known number when you receive it in the mail. I wonder how many of these same banks are using caller ID spoofing technology in their collections departments.

While the methods used by this group included counterfeiting, mail theft, taking over accounts and fraud applications to get the cards, using a Spoof Card was obviously a pretty successful tool used in furthering the fraud scheme. The victims were from all over North America and the cards were used worldwide. According to the authorities, the financial impact of this activity was estimated at $12 million in the past year alone.

While devices like Spoof Card are an issue, the problem doesn't stop there. Semi-legitimate (?) marketing firms, such as Voice Touch, Inc. and Network Foundations LLC – ones that the FTC shut down last month – were using robocalls with spoofed caller IDs. Of course, there were a lot of complaints that these warranties they were selling (provided by Transcontinental Warranty, Inc.) were virtually useless if you tried to use them, too.

Spoofing caller ID has led to a rash of vishing (phishing by telephone scams), also. Last year in November, I wrote about a call I was getting offering to lower my interest rate. The calls in question were robo-generated and the intent was to get you give up your credit card numbers to a scammer. As of this month, I received another one of these calls. Besides this particular scam, there have been numerous reports of financial institutions having their telephone numbers spoofed in vishing schemes.

Of course, Spoof Card isn't the only spoofing service out there. Some services offer software programs that can be used to spoof calls over a Web interface. One even calls itself PhoneGangster.com.

The services that allow it to be done over a Web interface enable the activity to be performed on a much larger scale. A simple Google search for "caller ID spoofing" brings up all kinds of Adsense ads selling a wide range of caller ID spoofing services. Of course, I shouldn't single out Google or Adsense; my guess is that any search on most commercial browsers will net the same type of advertising.

With VoIP technology in full vogue and services like Skype, the fraudulent use of caller id spoofing services now can feasibly be done across borders. This will make it much more difficult for law enforcement agencies to investigate and prosecute these cases.

In 2007, two bills were sent to the Senate to address caller ID spoofing. Neither was voted on and as a result no effective law has been put into place to address this issue. This year, Senator Bill Nelson (FL) and three co-sponsors introduced another bill (S.30) dubbed "The Truth in Caller ID Act."

In my humble opinion, the need for this legislation is pretty apparent. Laws are designed to protect people and it there are too many good reasons people need to be protected from caller ID spoofing!

The right place to file a complaint about something like this is the Federal Trade Commission. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). There is also a link on the page to file a complaint on an overseas entity.

You can also write your representatives (elected officials) and encourage them to make 2009 the year that they finally pass some legislation on this issue.