Wednesday, January 21, 2009
Heartland was initially notified by Visa/Mastercard of suspicious activity, which led to malicious software being discovered in their system. The malware in question was harvesting and (obviously) transmitting data. In the press release, they state they believe the breach has been contained. Heartland claims no merchant data, social security numbers or unencrypted PINs were compromised. They were also quick to add that their check management systems, Canadian payroll, campus solutions, micropayments operations and recently acquired Network Services and Chockstone processing platforms had not been compromised, either.
It should be noted that in previous breaches, additional items were later discovered to have been compromised as the investigation progressed.
Brian Krebs at the Washington Post interviewed Robert Baldwin, Heartland's president and chief financial officer, who stated they don't know how many transactions were compromised. In the interview, Baldwin pointed out that since the card numbers compromised didn't have address information; it would be hard for fraudsters to use them in card-not-present (e-commmerce) transactions. Most e-commerce platforms validate the address tied to the card as a security measure. I thought about this for a second and remembered that Visa/Mastercard had warned Heartland about suspicious transactions. If there were suspicious transactions, I would deduct someone is using this data to commit fraud. Besides that, I doubt anyone sophisticated enough to pull this off would go to all this trouble (and potential legal exposure) if they couldn't use the information to make money. This is another thing that might suggest additional information will be discovered as the investigation progresses.
In the interview, Baldwin declined to name any of their customers, who were compromised. Heartland processes payments for about 250,000 customers and processes about 100 million transactions per month. He also said they will not be offering identity theft protection since not enough information was stolen to commit identity theft.
On the Truston blog, Tom Fragala, aptly pointed out that this equates to four billion transactions a year. Many are speculating that this will turn out to be the largest known data breach in history. Tom's company, which offers a privacy-friendly identity theft prevention and recovery service, offers a 45 day free-trial of their services. Even after the 45 days, the prevention part of the service is free.
Tom blogs on matters like this and wrote an interesting article pointing out the consumer protection features of debit and credit cards. Please note, debit cards offer less protection. The point is that if a card owner doesn't discover the fraud in a specified time period, they can be held liable for the financial loss. It's probably a good time for everyone to pay attention to their statements, carefully.
Given the mandatory notification laws, which have been passed in almost all 50 states, this is going to equate a lot of people that have to be notified. Simply stated, it's going to be a "notification nightmare." It should be noted that shutting down all the compromised cards and notifying victims is a substantial cost in any data breach.
SC Magazine also covered the story and got a quote from Rich Mogull, founder of IT security consultancy Securosis, who pointed out there is a trend of malicious software being planted somewhere in the processing system in all the high-profile data breaches seen in recent history. TJX (94 million cards compromised), Hannaford and CardSystems (40 million cards compromised) are all being cited as examples.
According to Visa, Heartland was validated as Payment Card Industry Data Security Standard (PCI DSS) compliant on April 30, 2008. They then stated this status was being reviewed. Trustwave is Heartland's PCI assessor. Hannaford was PCI compliant at the time they were compromised, also. According to the article in SC magazine, TrustWave wouldn't return calls to comment on this.
On the Heartland site, it mentions they are a founding supporter of the Merchant Bill of Rights, which advocates for and educates merchants on fair practices when they accept payment cards. Two of the biggest heartaches for merchants accepting payment cards are the interchange fees and becoming PCI compliant, which is considered an expensive process. Interchange fees are a tariff charged by the credit card companies on every transaction and according to the critics are not very equitable. Estimates have been made in the past that they equate to $30 billion in extra fees added to the cost-of-goods sold with payment cards, yearly. Ultimately, these are costs are often passed on to the consumer.
So far as PCI compliance — which now seems to have been proven ineffective in at least two instances — the National Retail Federation has responded by going on record to challenge the card issuers on their requirements to store data. Because of the cost, a lot of merchants have been slow to adopt PCI data-security standards and the merchants who are not in compliance face fines by the payment card industry.
Storing this data is required to prevent the third headache merchants face when accepting payment cards, or what is known as chargebacks. Chargebacks are when transactions are charged back to a merchant account because of alleged fraud. The NRF contends that being forced to maintain the data to protect themselves makes it easier to compromise.
Heartland is being challenged for releasing this information during the inauguration, when it was less likely to be a hot story. Although this seems to be the case, we need to realize the stakes in data-breaches are high. In the last breach involving a card processor (CardSystems), the card-issuers stopped doing business with the company and the end-result was the company is no longer in existence. Also, it should be pointed out that Heartland wouldn't be the only company that seemed to be very cautious when disclosing the fact that their data was compromised. Once disclosed, there is little doubt that the company in question faces some extremely unfavorable public exposure.
On a closing note, data breaches continue to occur at alarming rates. All sides of the equation need to come together and figure out solutions that work. One of them might be to upgrade the plastic to chip and PIN technology, which has become the standard in other countries. Nigeria was the most recent country to mandate this technology. While this might not directly stop data breaches, it would make it a lot harder to counterfeit the plastic, which is what the criminals use to cash-out the proceeds of data breaches with.
The other problem is that credit card fraud has been made too easy to commit. Card data and the tools to produce counterfeit cards are easy to obtain and even sold in chat rooms. A lot of this technology can also be bought on (what I consider) questionable sites, including eBay. Very few of these fraudsters get caught and because of this; it appears that the activity is getting more and more organized. Historically, the cost of all this seems to have been written off as a cost of doing business. In reality, a lot of these "costs" are passed on to the consumer in the form of higher interest rates and fees.
My prediction is that with the state credit is currently in with the sour economy, coupled with the increase in criminal activity, we are getting to the point where it is going to be hard to simply write-off all the financial costs. Until we start punishing the criminals effectively for this type of activity, it is going to continue to grow and probably prosper.
Update 2/13/09: It appears that the first arrests in the Heartland Data Breach have been made in Leon County, Florida. Three men (Tony Acreus, Jeremy Frazier and Timothy Johns) were encoding numbers stolen in the breach on gift cards and using them at Walmart.
The official press release from the authorities credits Walmart for supporting the investigation.
While it's great a few people got caught -- this probably only accounts for a small amount of the stolen data. My guess is that our three fraudsters bought the numbers via anonymous sources (probably on the Internet).
Monday, January 19, 2009
On Sunday, with the inauguration less than 24 hours away, I got a hot tip that the Symantec Lab had detected another round of Obama spam with malicious intent being sent across the electronic universe. Zuftikar Ramzan announced on the Symantec Security Blog that this latest round of Obama spam uses lures with titles like "Our new president has gone," "Obama refused to be the president of the United States of America," and "There is no president in the USA anymore and Obama has gone."
Zuftikar also mentioned a link in these e-mails (removed for safety reasons) leading to a faux website that looks amazingly similar to the official Obama-Biden site. The fake site can be seen below:
This fake site attempts to exploit weaknesses in a Web browser to install malicious software without the owner's knowledge. According to Zuftikar, the page and its links all have malicious software on them. In other words, the entire site is literally a virtual booby trap.
The files are titled usa.exe, obamanew.exe, pdf.exe, statement.exe, barackblog.exe and barackspeech.exe. While the titles might be different, they lead to the same variety of malware known as the W32.Waledac. This malicious software is capable of stealing sensitive information, turning your machine into a spam-spewing zombie and leaving a back door for a hacker to gain access to it.
Political themes have been used a lot in recent times to lure people into clicking on links in spam e-mails they shouldn't have. Other common lures include the old fashioned too-good-to-be-true, security and badge-of-authority types (IRS, FBI, CIA, etc.).
With tax season upon us, expect the IRS to be a common one used in the near future.Symantec does provide removal instructions for this malware on their site, but most of us are far better off by not clicking on this type of stuff in the first place. These e-mails are sent out by the millions and the best thing to do is hit delete before opening them up.
Saturday, January 17, 2009
The security assets deployed for this event are so numerous, I had to read several mainstream news articles and press releases just to try to determine how many agencies were involved. Even after doing this, I would guess there are some that are not being publicly disclosed for good reasons.
Michael Chertoff, Homeland Security Secretary, will be on-hand himself and operating from a multi-agency command center. The command center will have representatives from 58 federal and local agencies. These representatives, who will all be in the same room, will give those involved in the event the ability to instantly communicate with each other.
The command center is live as of this writing and will remain in operation until 4:00 p.m. (Eastern Standard Time) on Wednesday. This is, of course, unless something happens and it needs to remain in operation longer.
Chertoff believes this will be the most complex security event ever mounted, but also mentioned to CNN that he is worried about the cold weather and the impact it might have on unprepared visitors. We need to remember that a lot of unfortunate things can occur when a mass of human beings gather. Unlike most of Bush's administration, Chertoff will remain on duty until after the inauguration is over.
An official press release from Secretary Chertoff, District of Columbia Mayor Adrian M. Fenty, Maryland Governor Martin O’Malley and Virginia Governor Timothy M. Kaine on the inauguration can be seen on the DHS site.
I found more information about inauguration security on the Secret Service site, which states that the FAA (Federal Aviation Administration) will be stepping up security on the air corridors around DC and the Coast Guard will patrol on the Potomac. It also mentions that the police involved will be from the Washington Metropolitan, Park and Capitol departments. If you are attending the event, or live in the area, it has a list of road closures that will be in effect during the inauguration.
The FBI is deploying lot of high-tech security devices including mobile command centers, mine-resistant ambush-protected vehicles, bomb containment vessels and bomb technician vehicles, which resemble a mobile-home.
In addition to the high-tech specialty equipment being deployed by the FBI — they will have a SWAT Team, Hazardous Materials Response Team, Bomb Technicians, an Underwater Search and Response Team and Crisis Negotiators — at the ready to handle a crisis scenario.
The military personnel — who will be mostly National Guard troops because of a law that prohibits active duty personnel from engaging in domestic law enforcement duties — will have assignments in the events, also. These include providing bomb sniffing dogs, NBC (Nuclear, Biological and Chemical) teams, transportation and communications units.
According to all of the officials involved, there is no specific threat they are worried about. Although some of the pundits are complaining that the security for this event is too intense, the proof in the pudding will be allowing them to claim they were right after it is all over. If that is the case, nothing will have happened and these measures will have accomplished their goal!
Sunday, January 11, 2009
The problem isn’t people trying to make a better life for themselves, the problem is that criminals are able to easily manipulate the security of our borders. There is even a good example in the story of how illegal immigrants are routinely victimized. In order to pay back their debt for being brought in illegally -- they were working in a sweatshop located in a middle-class residential neighborhood — producing counterfeits of designer labels.
On a side note, according to the International AntiCounterfeiting Coalition, counterfeit merchandise is a $600 billion a year problem in itself.
The story, written by Tom Jackman, of the Washington Post details an undercover investigation that starts with manipulating cigarette taxes and progresses into identity theft, mortgage fraud, money laundering, counterfeiting and even murder-for-hire.
The initial scheme with the cigarettes involved buying cigarettes in Virginia — which has a 30 cent per pack tax -- and transporting them to New York where the tax runs $4.25 a pack. Like the designer clothing being knocked-off (counterfeited), the tax stamps were counterfeited. According to an ATF agent quoted in the story, this equates to billions of dollars that have “gone missing” in tax revenue.
The identity theft and resulting crimes, such as mortgage and credit card fraud, were discovered when undercover agents were introduced to an individual selling social-security numbers and passport information obtained from Chinese nationals working in the Marianas Islands. This information was then used to establish credit and obtain identification to make the members of the gang appear to be legitimate members of our society.
The investigation also uncovered a dishonest DMV employee in Illinois, who was providing identification to members of the group. These documents were then traded in for identification from other States. In this case, the State was often Virginia. This sent shivers up my spine as I remembered that Mohammed Atta and crew used Virginia, Florida, New Jersey and California driver’s licenses' — which were obtained after they entered the country with counterfeit documents – to board the planes in what became 9-11.
In the past, I’ve written about and spoken to Suad Leija and her husband, who have been working with the government to expose a cartel that operates throughout the country providing counterfeit identification documents. They have dubbed these documents, “Paper Weapons” because they can be used to commit crimes or even achieve radical political objectives. Suad’s story has been covered in the mainstream media on a fairly regular basis. According to the conversations I've had with Suad and her husband, most of the people illegally entering the country use what are known as "feeder documents" to establish themselves. Their eventual goal is to establish an identity that appears to be as legitimate as yours or mine. Once they accomplish this, the identities can be used to establish credit and even get a mortgage.
In the Washington Post story, no mention of direct fraud involving a financial loss is mentioned. The intent seems to be to use the identities to establish a "seemingly" legal status and then commit other crimes. The story mentions that the group offered to help launder the illegal revenue being made from selling the cigarettes. This was done with personal and cashier’s checks, which suggests the identities were also used to open bank accounts.
These fraudulently established identities were also being used to buy real estate. Although no direct financial fraud is mentioned in the article, it wouldn’t be very hard for people doing this to get some home-equity loans, cash them out and disappear. They could do this if they were leaving the country, or simply move on to another identity and do it all over again. Given that we are in a pretty severe recession, sparked by a mortgage crisis, it again made me wonder how much of it might have been caused by fraud that we aren’t even aware of?
When the sweat shops were raided, crack pipes were found. This was probably to keep the people working in them in a state of addiction, which would assist in keeping them under the control of their keepers. Abuse of illegal immigrants is well-documented and this is probably only one of many examples going on throughout the country at this very moment. It isn’t unknown for illegal immigrants to be forced into smuggling drugs, committing financial crimes or even becoming prostitutes.
This is just one example, but a good one, of how insecure our borders really are. It also shows the more severe consequences of allowing identity theft to run rampant in our society. Now that the election is over, perhaps it’s time for our politicians to stop ignoring the problem. We are a nation of immigrants, and in the end, very few of us are against hard-working people trying to better themselves. The problem is that the way we currently approach the problem enables criminals (and potentially terrorists) to operate and profit at the expense of society.
Friday, January 09, 2009
While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.
The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.
In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.
Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.
A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.
Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.
Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.
Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.
Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.
Monday, January 05, 2009
According to a Symantec blog post, Twitter users are receiving warning messages from Twitter command and control about this matter. The blog post by Marian Meritt, the Internet Safety Guru at Symantec, gives blogger Chris Pirillo credit for breaking the story on Saturday. According to the blog post at Symantec, the messages appear to come from someone you know at Twitter with a link to a malicious website designed to steal information.
Twitter also put up a warning on their blog. It starts with a Wikipedia definition of phishing and then details how the phishing attack will come in the form of an e-mail message notifying a person they have a Twitter Direct Message. Thus far, the social engineering lures being used in the e-mail go something like this: "Hey! check out this funny blog about you..." and direct the user to click on a link to a fake website.
They also point out that if you look at the URL you'll see that it is not the same as the URL for the normal landing page for Twitter. A trick to do this (without clicking on the link) is to hover your mouse pointer over the link. If you look at the bottom left portion of your page it will display the URL the link goes to. With all the malware people can get nowadays by just visiting (driving-by) a malicious page — this is a much safer way to go about it rather instead of actually clicking on the link to find it.
Twitter blog picture showing where to look for a suspicious URL
Authentic looking phishing sites aren't hard to create. Often the hacker merely copies the pictures of a legitimate site and puts them on a compromised (hacked) site so the activity can't be traced back to them. Hackers frequently seek out sites with poor security to compromise and put up their own (malicious) site.
Also contained in the blog entry are instructions on what to do if you've been phished. Basically, they direct you to their password reset tool and a legitimate e-mail will be sent to you so you can change your password.
Interestingly enough, Twitter also reported this morning that 33 prominent Twitter-ers were hacked over the weekend. Apparently, the notables included President-elect Obama, Rick Sanchez, and Britney Spears. According to Twitter, this attack has nothing to do with the phishing expedition into their waters. Apparently, someone hacked into some of the tools their support team uses to help people with their e-mail.
They also pointed out that Mr. Obama hasn't been twittering lately due to issues with the transition.
Sunday, January 04, 2009
The first scandal in recent weeks was, of course, Illinois Governor Rod Blagojevich allegedly attempting to sell President-elect Obama's recently vacated Senate seat.
The federal grand jury is investigating how a California company, which contributed to Richardson's campaign, won a $1 million transportation contract.
Governor Richardson — who like Governor Blagojevich is not stepping down from his position as governor — has stated he is confident the investigation will reveal he acted properly in the matter. His rationale, as stated in this Washington Post article, is that the investigation could take a long time and he doesn't want to get in the way of important work that needs to be done.
President-elect Obama accepted the resignation with deep regret and cited Richardson's long history of service to the country, both at the state and the federal level.
The federal grand jury investigation in question was announced in mid-December and revolves around whether or not CDR Products was awarded a 1.4 million contract after making contributions to Richardson's political action committees. The contributions of $100,000 were made in 2004 by CDR (based in 90210, Beverly Hills, CA) shortly before they obtained the contract.
Reports indicate that this case is part of a larger one involving the FBI's investigation into "pay to play" practices involving governent bonds. In another part of this investigation, the mayor of Birmingham, Alabama, Larry Lanford, has been indicted for taking hundreds of thousands of dollars in gifts and loans that led his city into bad investments and ultimately, bankruptcy.
Al.com just reported that corruption has dominated the news in Alabama in recent history. In a telling statement, the article noted that corruption deserved top billing in 2006 and 2007, also. Alabama Governor Don Siegelman continues to try to overturn his 2006 conviction on bribery charges, and their Chancellor, Roy Johnson, plead guilty in a federal investigation of corruption in the state's two-year college system.
The sad thing is that politicians being charged and convicted of fraud are becoming too common. From a congressman allegedly getting caught with $100,000 in his freezer, to a senator allegedly accepting $250,000 in gifts from an oil company executive — I sometimes wonder if I am living in a foreign land, where we would expect this to be the status quo. Please note, there are many more examples of public figures getting caught with their hands in the cookie jar in recent history. Please note also that the incidents of alleged corruption involve leaders of different political affiliations.
As we are only days now from President-elect Obama's administration taking office, we face the worst financial crisis since the depression. Not only are we experiencing a financial crisis, but many believe our nation is severely divided; and to top it off, we are at war.
President-elect Obama has spoken out many times on the evils of special interests and lobbyists, who seem to be able to control our government's destiny. Even after Wall Street laughed all the way to the bank (for years) when the mortgage crisis was created — it seems we are being held hostage to bail them out or face even more severe financial consequences.
Change is what is needed and hopefully that is what is about to occur. On his transition website, President-elect Obama is encouraging open government and soliciting us all to write in with our own ideas. I think this a good thing and we all should do it. Our nation was founded in part because of taxation without representation and if you think about it, an argument might be made that this what we've been seeing in recent history.
During the election, I struggled a lot with how to cast my vote; my uncle (who is a huge Obama advocate) sent me a YouTube video about Obama set to John Lennon's song, Imagine. For those of us who still remember his music, Lennon had another song called Gimme Some Truth. What we need now is to imagine our leaders are there for us and to stop finding reasons to lose faith in them.
Thursday, January 01, 2009
Unfortunately — with the current state of the economy — people seem to be falling for the too good to be true scam opportunities more and more frequently.
Even though the quality of these fraudulent instruments varies, many of these counterfeit items are now produced with magnetic ink that scans. High quality check stock complete with the latest security features can be purchased in office supply stores or on the Internet. This means they scan through most of the readers in point of sale systems at businesses. When used with a real account number, which is why counterfeiting works, these items can be difficult to detect as fraudulent.
The increase in counterfeiting isn't limited to checks. Complete sets of counterfeit documentation are being presented at banks to open new accounts. A small amount of money is put into the account so funds verify on an individual check and then an area is plastered with a lot of checks. Sometimes this is done over the weekend and the funds put in to verify the checks are removed the following Monday. The identities used to pass these checks are often stolen. Since the identities and checking accounts are changed frequently to avoid detection, it's difficult to tie all the activity back to one group or person.
Frequently, people who are down-and-out are recruited to pass these items after receiving a promise for a few quick bucks. If they are caught they are normally considered "expendable" by the people behind the schemes. Sometimes, they even do this using their own identities.
It should also be noted that the groups opening fraudulent accounts and counterfeiting checks also set up phony numbers and even business addresses that get listed in 411 and on information sites fairly easily. Most people would be amazed at how easily they accomplish this because little to no verification is done by the companies listing these numbers. This is also done in a lot of the Internet-related scams and it is not uncommon for them to list a number to a financial institution that isn't real. When they set up these numbers, while the scam is active, they have people answering the lines. Often, if you listen carefully, it's pretty obvious that it is not a legitimate business and sometimes calls are forwarded to cell phones.
Another growing phenomenon is that fewer and fewer banks verify funds when businesses try to find out if a check being presented is good. In this instance, privacy laws and fear of litigation probably have enabled the problem to get worse. A lot of businesses use computerized check verification services, but when stolen identities are used, the checks pass through these systems fairly easily. Even worse, after the check is determined bad and the data goes in the system, innocent people are pegged as passing bad checks.
These checks often returned by the bank for “non-sufficient funds" because they aren't aware the account was set-up with fake information. Eventually the account is closed by the bank, but by this time the damage is done. Since banks frequently don't investigate thoroughly enough to determine the account was set up with fake (often stolen) information, it is never identified as fraud. The exception might be when the bank takes a loss, but more frequently they pass the losses to the entity cashing the check.
It's almost impossible to get anyone prosecuted criminally for non-sufficient funds/account closed cases, which means there is little fear of getting caught in this type of scam. Privacy laws also make it difficult for anyone outside the bank to investigate individual cases. In most cases, law enforcement needs a subpoena, which take time and effort to obtain. Given the resources available at most white collar crime units and the amount of fraud, it often seems like the system is ripe for manipulation by criminals.
Technology and the anonymous nature of the Internet have made check fraud grow substantially. All the necessary software/hardware needed is available right for sale at merchants that sell software and office supplies and on the Internet, itself.
There are also Web sites that appear to be dedicated to providing all the materials to commit fraud despite disclaimers that the items are for educational purposes only. One example, of one of these sites is called HackersHomePage. If you take the time to look at this site — you will see that the the items for sale on this site might enable someone to commit a lot more than simple check fraud.
Another growing phenomenon over the past several years has been the sheer number of counterfeit instruments being passed for a “too good to be true” money making scheme. These schemes, which normally don’t make sense, normally involve secret shopper job opportunities, offers to become a financial representative, auction deals and of course, winning a sweepstakes or lottery.
These scams lure people via spam e-mails, which are sent by the millions, daily. Once someone makes contact with the unknowing victim, they are shipped bogus financial instruments to cash. Along with the bogus financial instrument to be cashed there is a letter instructing the victim to wire the bulk of the money (normally over a border) back to the location of the scammer. Another twist in these money making schemes is to buy small and expensive items, normally electronics or jewelry, and ship them (again) normally overseas. A lot of eBay and Craigslist sellers get taken by these schemes.
From the botnets spewing the spam e-mails out in the millions to the counterfeit checks being sent by the parcelful all over the world, there is little doubt that some pretty organized criminals are behind this activity.
In 2007, an International Task Force monitored the mail in Africa, Europe and North America and intercepted billions of dollars worth (face-value) of counterfeit checks.
The coordination across International borders in these scams is pretty amazing. In any individual scam, the e-mail can come from one country, the checks from another and the request to wire the money to a third.
(Picture of checks intercepted in the mail)
There is also a trend where opportunists receive these items, cash them and keep all the money for themselves. If caught, they pretend to be a victim. If no attempt is made to wire the money to an exotic locale, they are probably in the scheme for their own personal gain. It isn't hard to look in just about any inbox or spam folder, reply to the right e-mail and have all kinds of bogus financial instruments shipped whatever address a person wants.
The first step to recognizing these scams is to understand how they work. Most if not all of the reasons these checks are being presented aren't going to make sense to a reasonable person. The cliche is that they are too good to be true and they normally are.
The best places for potential individual victims to learn how not to be taken are FakeChecks.org and OnlineOnGuard.gov.
A good resource for businesses and other public entities to learn about check fraud is the National Check Fraud Center.
In closing, the sour economy is probably fueling an increase in all kinds of fraud. The bottom line is that individuals and businesses are being ruined by it. When it comes to businesses, any dollar lost to fraud normally equates to a dollar off the bottom line. So far as the individuals being victimized, cashing these items can lead to being financially ruined and even arrested.
The best defense against becoming a victim is to know how these scams work. After all, very few people become victims when they know they are being ripped-off!