tag:blogger.com,1999:blog-124231592024-03-18T00:49:24.915-07:00Fraud, Phishing and Financial MisdeedsHaving worked around financial crimes for a number of years, I noticed they seemed to be on the rise.
One reason for this is technology, which grows more rapidly than laws designed to protect us from it.
Although the blog is a resource to educate people on identity theft, it also strives to educate the common person on the rapidly growing problem of crimes enabled (made too easy) by technology and the Internet.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.comBlogger973125tag:blogger.com,1999:blog-12423159.post-75907535544120401852019-02-06T09:34:00.001-08:002019-02-06T14:04:20.322-08:00Huddle House Reports Point of Sale Hacked Since August 2017<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">If you had a meal at Huddle House and used a payment card -- you might want to give the issuing financial institution a call (or review your account online) and make sure your financial health wasn't compromised! Huddle House announced that the compromise occurred from the beginning of August 2017 until "present."</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br />It always amazes me how long compromises go on without being detected. In this case, it was well in excess of a year!</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><a href="https://www.huddlehouse.com/">Huddle House</a> is a casual dining and fast food chain that operates in the southeastern United States. On 02/01/2019, they announced that their point of sale system had been hacked on the <a href="https://www.huddlehouse.com/data-protection-notification">main page</a> of their website. </span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br />Huddle House reported that the following personal details were compromised:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br />"Based on the facts known to Huddle House at this time, the malware was designed to collect certain payment card information from the magnetic stripe, including cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: "gotham ssm a" , "gotham ssm b";"><br /></span> <span style="font-family: Arial, Helvetica, sans-serif;">The page also details all the resources available to protect yourself. </span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /> Please note that some people opt for "paid services" to protect their financial resources, but you can also do it yourself for free. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /> Free credit reports are available at <a href="http://annualcreditreport.com/">AnnualCreditReport.Com</a> and the <a href="http://www.ftc.gov/">Federal Trade Commission</a> has great information on how to deal with any issue that arises from using your card at Huddle House.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: "gotham ssm a" , "gotham ssm b";"><br /></span> <span style="font-family: Arial, Helvetica, sans-serif;">In the United States, billions of dollars of payment card fraud are incurred by customers, banks, and merchants a year. The biggest losers are the merchants, but we can assume that we are all paying for it when these losses are passed down to the consumer via higher prices and fees.</span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /> Please note that there are varying estimates of the true cost of fraud. Based on years of personal experience, I have always found that large amounts of fraud loss are buried as "bad debt" because no one (normally a Collections Department or Fraud Department) spent the time to investigate the true cause of the loss. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br />The sad thing is that when this happens, fraud losses tend to go up because no one is effectively mitigating the root cause of how the money is being stolen. </span><br />
<br />Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-47172218130183885602019-02-05T08:27:00.000-08:002019-02-05T19:54:44.996-08:00Better Business Bureau Tool to Track, Report and Educate the Common Person on Scams<span style="font-family: "courier new" , "courier" , monospace;">The BBB Scam Tracker is a robust interactive tool to track fraudulent activity in throughout North America. The data I viewed from Mexico seems to be minimal at this point, although this might be because Mexico was added after the United States and Canada.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;">The site collects data from users, who were the victims of a scam, or from smart people who figured out someone was trying to scam them.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;">The tool enables the user to search potential fraudulent activity by keyword, type of scam, location, and time frame. Please note that scams are most successful when they hit a new geographical area because the "word is not out yet." Because of this, scammers frequently travel and even rotate the particular scam in order to catch innocent people/businesses off guard. Just because the particular scam is not showing up in your geographical area doesn't mean that it won't knock on your doorstep tomorrow.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;">The scam activities tracked include home repair, tree trimming, tax, advance fee, job, lottery, collection, counterfeit checks, bogus credit cards, vishing, phishing, and identity theft. There is even an "other" category to cover anything that is a previously unknown activity. New scams are hatched all the time. The main thing all scams have in common is that they are "too good to be true."</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;">The data collected is provided to the <span style="font-family: "courier new" , "courier" , monospace;"><a href="https://www.ncfta.net/">National Cyber-Forensics and Training Alliance</a>, w</span><span style="background-color: white; color: #333333;">ho in turns shares it with law enforcement, </span></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;"><a href="https://www.bbb.org/scamtracker/us/">Here is a link to the BBB Scam Tracker</a>. Scammers count on people not taking the time to report their activity (assuming they do not fall for it). Reporting it is a good deed because it protects other people.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span><span style="font-family: "courier new" , "courier" , monospace;">The BBB also has a video on YouTube on this tool, if you would like to <a href="https://www.youtube.com/watch?v=4g98syNjrK0">watch it</a>.</span>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-17285533285163048452019-02-04T08:31:00.003-08:002019-02-05T19:56:51.981-08:00Are Lyft's Earning Claims for Drivers Deceptive?<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-UiRUQIB0mI8/WXkVttl0jBI/AAAAAAAAABk/GXuCinNF1j0-Qitk-kAfXy-wKM4y6dhsQCLcBGAs/s1600/lyft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="271" src="https://3.bp.blogspot.com/-UiRUQIB0mI8/WXkVttl0jBI/AAAAAAAAABk/GXuCinNF1j0-Qitk-kAfXy-wKM4y6dhsQCLcBGAs/s1600/lyft.jpg" /></a></div>
<br />
With all the bad publicity <a href="https://www.uber.com/a/carousel-vs-1?var=uni2&exp=70612_t1&city_name=national&utm_source=AdWords_Brand&utm_campaign=search-google-brand_1_-99_us-midmarket_d_txt_acq_cpc_en-us_uber_kwd-294953166390_199350918889_40469214925_e_c_track-apr27generalupdate_restructure&cid=813647711&adg_id=40469214925&fi_id=&match=e&net=g&dev=c&dev_m=&cre=199350918889&kwid=kwd-294953166390&kw=uber&placement=&tar=&gclid=Cj0KCQjw--DLBRCNARIsAFIwR24e1kKa46y0KaSV0zG2Oub18ttW_jQa8zMHOjxHfmiVmFqo1mj6PgEaAoP9EALw_wcB&gclsrc=aw.ds&dclid=CJDy1LbLp9UCFYYHPwodpGsIBw">Uber</a> has received recently, <a href="https://www.lyft.com/">Lyft</a> is trying to position themselves with the public as a better option and a good citizen in the techie community. They claim all over the internet that a driver can make up to $35 an hour/$1500 a week, which sounds great, but is this claim too good to be true? I decided to find out!<br />
<br />
To begin my adventure, I signed up and ultimately chose to use their new "Express Drive program." where a rental car is provided for a fee. To calculate what the costs would be if I used my own vehicle, I employed a tool called MileIQ to track the amount of mileage incurred and estimate what the wear and tear on a personal vehicle would be.<br />
<br />
I then carefully read all their tutorials on how to maximize the amount of money I would make and made an appointment to pick up the vehicle via the Lyft App from <a href="https://www.hertz.com/rentacar/reservation/?gclid=Cj0KCQjw--DLBRCNARIsAFIwR264zhsSHJoMofkBvIfEpaNtiHAWXPgzuWXQ5XOa7TBqMyiQcjhIs9saAptwEALw_wcB&gclsrc=aw.ds">Hertz</a> at a local <a href="https://www.pepboys.com/">Pep Boys</a>. Please note, I tried to call this car rental center over 10 times to clarify some items and no one ever answered the telephone. After making the appointment, I received daily text messages and emails reminding me to pick up the vehicle on the time/date specified.<br />
<br />
Upon my arrival, a male wearing gym shorts and a tee shirt gruffly informed me that it was his lunch time and I would have to wait for an hour for him to return. When I told him, I had an appointment, he said the computer made a mistake and that wasn't his problem. He then got into an SUV with Lyft decals on the side and left with a male and a female. I later discovered the other two people were the <a href="https://www.hertz.com/rentacar/reservation/?gclid=CjwKCAjw2NvLBRAjEiwAF98GMaVgW6G2uUV5MCHgSDza17HZFX9ik5yXmmJWcqTCFp8257NYdywuBxoC5i0QAvD_BwE&gclsrc=aw.ds">Hertz employees</a> dedicated to the Lyft Express Drive Program.<br />
<br />
During the hour-plus he was gone, numerous drivers showed up trying to find someone because they were having issues and couldn't get anyone to answer the phone. Several of them also told me that they had made numerous calls and never got an answer.<br />
<br />
When they returned, the male in the tee shirt and shorts (who I later identified as a contract employee for Lyft) had me watch a video and directed me to the Hertz employees. One of them took me to a Mazda with approximately 75,000 miles on it to do an inspection. The car was filthy inside and out, had cigarette ashes everywhere, and had dings all around the exterior. Having just read the paperwork threatening me with a "large fine" if I smoked in the car, I voiced concern and was told that this was being documented and not to worry about it. I was then told I would be given a self-service car wash coupon to clean the car.<br />
<br />
I have rented cars many times for a week that were much newer and "clean" for about the same price when traveling on business or having service performed on one of my personal vehicles. My guess is the cars Lyft provides are originally regular Hertz rentals that did not sell on their used car lots.<br />
<br />
Lyft does claim to eat the approximately $180 plus taxes a week fee if you give 85 (partial) or 105 rides (total) in a week -- but based on my overall experience and speaking to drivers -- this is unrealistic unless you work an excessive amount of hours. Please note that you also have to maintain a 90 percent acceptance rate to get this benefit, which is explained below.<br />
<br />
We then returned to the Hertz counter and computer issues ensued causing further delay. After about three hours, I was ready to begin my "Lyft Adventure" with a filthy, smelly car and headed to the car wash. After cleaning the car myself and going home to take a shower, I was finally ready to start making money.<br />
<br />
The first thing I noticed was the <a href="http://www.jdmoyer.com/2017/01/16/lyft-and-uber-drivers-dont-know-where-theyre-going/">substandard navigation on Lyft Driver App</a> (run by GoogleMaps). Frequently, it would tell me to turn at a street/exit, I had already passed. Throughout the week, I noticed it sending me in crazy loops that made no sense considering the location of the customer. In many areas, it got street names wrong, and on more than one occasion it sent me several miles out of the way before telling me to turn around and go back to where I came from. Since the customer sees the driver going all over the place on their Lyft Customer App, this causes some frustration on their part, and they blame the driver.<br />
<br />
The next thing I noticed is how the rides are accepted. When Lyft sends you a ride request, the phone lights up and prompts you to accept it. To accept the ride, you tap on your phone and the navigation takes over. The customers are all supposed to have pictures, but many do not. Lyft's instruction is to follow their navigation and you have no idea what the ultimate destination is going to be until you are about ready to arrive. I found that sometimes, the destinations were in high crime areas, which might be a safety concern for some drivers.<br />
<br />
Another thing I noticed is that the app literally hijacks your phone and it is very difficult to use other apps after opening it up. The main screen displays the Lyft purple ball after logging on -- and on several occasions -- it logged me on again after logging out and it accepted rides. Once, this happened when the phone was being charged in another room.<br />
<br />
It also opened my contacts and pinned them to the main screen. I later discovered (hidden in the fine print) <a href="https://help.lyft.com/hc/en-us/articles/213581908-App-access-to-contacts-and-camera">that I had agreed to give them access to my contacts</a>, which they claim is to spread "Lyft Love" to everyone listed in there. Please note that a lot of malicious code does the same thing when trying to compromise a system.<br />
<br />
You are rated based on your acceptance rate and when the phone lights up there is no sound prompt. This means you have to constantly keep an eye on the phone, which is a driving distraction and could be dangerous. It also doesn't help when the app accepts rides after you think you have logged out.<br />
<br />
Failure to maintain a 90 percent acceptance rate also prevents you from hitting any offered bonuses, and can even get you <a href="https://uberpeople.net/threads/what-is-maximum-lyft-cancellation-rate-without-being-deactivated.48878/">deactivated (geek for getting fired)</a>. Based on the <a href="https://www.sitejabber.com/reviews/www.lyft.com">chatter</a> on numerous internet forums, few if any people, ever hit the parameters to achieve a bonus.<br />
<br />
The next interesting thing is their rating system. At the end of each ride, both the rider and driver rate each other from 5 to 1 (5 being the best). If a driver falls below a 4.8, they start getting messages that they are at risk of being deactivated. In the week, I drove I picked up some pretty interesting people. Many were intoxicated and some were downright scary. Some of them spilled items in the car and or left their trash in it. Often I would arrive to pick one person up and four or five people would pile in the car. Frequently these groups were intoxicated and so rowdy that it was difficult to hear the navigation. I did meet many very nice people, but you literally have no choice who you pick up if you want to maintain an acceptable rating.<br />
<br />
I even got a homeless person and a woman, who blatantly told me she was an escort using Lyft to drive her to a client. <a href="https://idrivesf.wordpress.com/2014/10/29/ten-consequences-of-driving-for-uber-and-lyft/">One or two 4 ratings will knock your overall rating down and if an intoxicated person gives you a 1, it will be pretty hard to recover</a>. In my humble opinion, this rating system is a tool used to intimidate the drivers into not saying anything to a customer when they are clearly acting in an unacceptable manner. Of course, drivers are expendable and easily replaced with fresh people responding to the "up to $35 an hour/$1500 a week come-ons."<br />
<br />
I ended the week with a 4.7 rating, which in any other arena would be "darned good," especially considering the challenging aspects faced when providing this service. Despite this, 4.7 is considered as a "needs improvement" by Lyft.<br />
<br />
On my third day, I got a "snippy e-mail" telling me I got a complaint that the car smelled of smoke. The customer related they had asthma, which made the ride difficult. Considering the condition of the car when I got it, I guess the smoke smell lingered on after I cleaned it inside and out. I promptly cleaned and washed the car again, purchasing a fairly expensive product to remove the smoke smell. I then emailed Lyft about this because I felt bad about what the customer had experienced. Prior to this, they had always answered right away, but this time they did not and despite daily follow-ups, <a href="https://uberpeople.net/threads/does-lyft-reply-to-emails.40395/">they never did</a>.<br />
<br />
<br />
Lyft does show <a href="https://help.lyft.com/hc/en-us/articles/115005461808-Power-Zones-for-drivers">power zones</a> on the navigation map, which light up in shades of red. They recommend that you go to these zones to maximize your earnings. These zones are where they claim they need drivers and are charging them higher fares (<a href="https://help.lyft.com/hc/en-us/articles/214586017-Prime-Time-for-drivers">referred to as prime time</a>). My experience with the power zones was that I would drive towards them, and they would disappear right before I got there. I also noticed that they tended to light up when I was headed home, which seemed to be a strange coincidence. On the few times, I made it to the red zone in time, I either got no business or a $3 to $6 dollar fare. The end result was a lot more gas and carbon gasses expended with no return on investment.<br />
<br />
Please note that the reason for this could be that so many drivers are on the road trying to make $35 an hour, it has caused the market to become <a href="https://uberpeople.net/threads/lyft-oversaturation.65437/">over saturated</a>. There is very little doubt that they are engaged in a price war with Uber in an attempt to gain market share and that this is cutting into the <a href="https://www.glassdoor.com/Reviews/Employee-Review-Lyft-RVW5257620.htm">amount being made by the drivers</a>.<br />
<br />
So far as making money, there were a few times I got busy, but there were also times where I would drive for up to two hours with no business. There were also many times when all I would get were $3 to $8 dollar rides at the rate of about one an hour (despite following all the revenue-enhancing tips provided by Lyft). Please note that these fares are the amount before Lyft took their 25 percent cut.<br />
<br />
When in "driver mode," the app shows your earnings and details them by the ride. The earnings being displayed are before Lyft takes their cut. This tends to make the driver think they are making more money than they actually are.<br />
<br />
Lyft advertises that they let the driver keep the tips, but few customers actually tip. I averaged about 7 percent in tips for the week.<br />
<br />
Lyft does provide insurance while you are logged into the app, but it has a $2500 deductible. Your primary insurance will probably have to take over if an accident occurs and it is possible you will be dropped by your insurance carrier if they discover you were driving for Lyft. <a href="https://www.consumeraffairs.com/news/driving-for-uber-or-lyft-check-your-insurance-coverage-041817.html">Consumer Affairs published a telling article detailing this risk and potential liability.</a><br />
<br />
Towards the end of the week, I started getting hit with numerous messages via text and email to renew my rental. These messages confused me as to what day it was due back and I reached out to Lyft Support for a clarification. Here again, despite several follow-ups, they never answered me until a day after the vehicle had already been returned. When returning the car, I asked the Lyft employees if there was a number I could call and they told me that one does not exist.<br />
<br />
Now for the money, I was able to make. Listed below is the summary provided by Lyft. The rental was prorated (normal cost is $180 a week) because I picked up the car a day into the pay cycle. It doesn't include gas cost, car washes, or my time cleaning the car because of the condition it was in. Also not included is the three hours to pick up the car, or the hour it took to return it.<br />
<br />
54 Rides and logged into the Driver App for 45h 16m 57s<br />
<br />
Ride Payments: $510.57<br />
<br />
Tips: $35<br />
<br />
Lyft Fees: -$127.72<br />
<br />
Rental Fees: -$154.28<br />
<br />
Rental Tax: -$12.86<br />
<br />
Total Earnings: $250.72<br />
<br />
I made $250.71, and after taking the $132 in gas/miscellaneous expenses out, I netted a whopping $118 for 45 hours work. <b><i>This equates to $2.62 without taking into account overtime and would have been close to the minimum wage in the '70s.</i></b> On the other hand, Lyft made $127.72 plus whatever they and Hertz made on the rental.<br />
<div class="row p-y-s ng-scope" ng-if="vm.bucketItems.rentalSummary" style="box-sizing: border-box; color: #333d47; display: flex; font-family: "gotham ssm a", "gotham ssm b", "helvetica neue", helvetica, arial, sans-serif; margin-left: -15px; margin-right: -15px; padding-bottom: 0.5rem; padding-top: 0.5rem;">
<div amount-currency="vm.bucketItems.currency" class="col-xs-12 line-items border-b-0-sm ng-isolate-scope" line-items="vm.bucketItems.rentalSummary" style="-webkit-box-flex: 0; border-bottom-width: 0px; box-sizing: border-box; flex: 0 0 100%; float: left; min-height: 1px; min-width: 0px; padding-left: 15px; padding-right: 15px; position: relative; width: 668px;">
</div>
</div>
I calculated the miles, which if recorded could be written off in taxes on a personal vehicle, but also represent wear and tear. There are tales in the forums of drivers wearing out vehicles before they were paid off. I drove 917 miles for the week, which at the federal mileage rate of 53.5 cents a mile equates to $490.60 (rounded up). Please note the federal mileage rate is an official calculation of what wear and tear represents.<br />
<br />
This amounts to 50,440 miles driven a year if the driver (who gets no vacation time) drives every week. If you subtract the $490.60 from what I made, I would have been operating at a net loss. Of course, these are all estimates, but estimates based on factual data.<br />
<br />
I wonder how many financial losses are incurred by the auto industry when a car wears out and the person can no longer afford to make the payments?<br />
<br />
Lyft advertises all over the Internet that a driver can make up to $35 an hour/$1500 a week. While this sounds like a great opportunity, the truth is a far different story, and Lyft is laughing all the way to the bank at the expense of their easily replaced drivers.<br />
<br />
<a href="https://teamster.org/news/2017/03/lyft-drivers-win-27-million-settlement-after-teamsters-seek-greater-award">The drivers receive no benefits, and many of them are making a lot less than minimum wage when all things are considered</a>. I discovered by speaking to several drivers that some of them work up to 14 hours a day/7 days a week) trying to make ends meet. I was told several times that if I wanted to make money, I would have to drive to San Francisco (4 hour round trip) and put in some long shifts.<br />
<br />
Lyft does regulate the number of hours a driver can be on the road and there are differences in some jurisdictions, but for the most part, <a href="https://help.lyft.com/hc/en-us/articles/214585717-Taking-breaks-and-time-limits-in-driver-mode">they allow 14 hours a day with at least a 6-hour break</a>. There does not appear to be any limit on how many days a driver can work in a row. Of course, they are not paying overtime since the drivers are considered to be self-contractors, either.<br />
<br />
One could make a pervasive argument that Lyft is creating a potentially dangerous situation for everyone on the road, and creating a lot of unnecessary carbon gasses in their quest for easy money and market domination.<br />
<br />
<a href="https://arstechnica.com/tech-policy/2017/03/lyft-agrees-to-pay-27-million-to-settle-driver-classification-lawsuit/">There have been recent legal efforts to have rideshare drivers classified as employees</a>. This would go a long way to creating a level playing field for the competition that is being run out of business by outfits like <a href="http://www.lyftdriverlawsuit.com/">Lyft and Uber</a>. It would also go a long way towards preventing these outfits from creating an abusive atmosphere for their drivers.<br />
<br />
The truth is their drivers provide all the fixed costs (vehicles, gas, cell phone, time etc.) and Lyft collects 25 percent of the earnings with a computer application that maintains command and control of the driver. Because they pass on their costs of doing business and are paying no benefits, it is no wonder that they have run the competition out of business. With no benefits being paid, the taxpaying public is also probably picking up the costs of providing them to their drivers.<br />
<br />
<a href="http://www.foxnews.com/auto/2017/07/23/lyft-announces-first-location-driverless-car-fleet.html">It is also no secret that both Lyft and Uber and pursuing the driverless car option</a>. Will this lead to them replacing their drivers, in the same manner, they have replaced traditional transportation outfits? The sad thing is that the drivers are providing all the fixed costs of pursuing this goal and will eventually be replaced by a machine.<br />
<br />
If most businesses were able to operate in this manner, they would probably be shut down by the government for gross violations of labor laws and essential human rights.<br />
<br />
On a closing note, here is<a href="https://www.opensecrets.org/orgs/summary.php?id=D000067782"> a list of political donations given by Lyft employees</a>. I was shocked to discover that most of the recipients claim to be social justice warriors. Recipients include Bernie Sanders, the DNC, Hillary Clinton, Kamala Harris, and Jill Stein, They also gave a $1,000,000 donation to the ACLU to fight President Trump's immigration ban. This ban essentially blocked people from countries with no functioning government from entering the country. The Obama administration was the one who designated these countries as dangerous because of a lack of effective government and ties to terrorism.<br />
<br />
Doesn't the first initial of the <a href="https://action.aclu.org/secure/protect-peoples-rights-liberties?s_src=UNW170001SEM&alt_src=UNV170001SEM&ms=gad_SEM_Google_Search-Evergreen-ACLU%20Brand_ACLU%20Name%20Terms_aclu_e_169710879007">ACLU</a> stand for American? Perhaps they and Lyft should revamp their efforts to prevent abuse to human beings in this country instead of pursuing an agenda that could be dangerous to our citizens.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-77046417029939873452019-02-01T10:20:00.002-08:002019-02-05T19:58:48.818-08:00Caller ID can Cost You $$$$<span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Fraud using the telephone is nothing new and has been around for as long as there have been telephones. After all, a telephone is merely a communication device that can be used to dupe someone into doing something they might regret later.</span><br />
<br style="background-color: white; color: #333333; font-family: georgia, serif;" />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Saying that telephone technology, which has grown rapidly in recent years, has given fraudsters a wide array of new tools. More and more frequently, these tools are used to depart common people and even large businesses from their hard-earned money.</span><br />
<br style="background-color: white; color: #333333; font-family: georgia, serif;" />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Take </span><span style="color: #999999; font-family: "georgia" , serif;"><span style="background-color: white;"><a href="https://en.wikipedia.org/wiki/Caller_ID">Caller ID</a></span></span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;"> for instance, which is marketed as a means of protecting our privacy. When I say marketed, it's normally sold to us for a fee so we can see who is calling us. The irony of the situation is that for a fee (over even for free in an app store) -- just about anyone can make the ID appear to whatever number they desire. If you have a person stored in your contacts and their number is used, the contact information stored in your phone will appear on the screen. </span><br />
<br style="background-color: white; color: #333333; font-family: georgia, serif;" />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;">The ability to spoof (fake/impersonate) Caller ID has been around for a few years. Collection agencies, private investigators, telemarketers, and even law enforcement agencies use it to get people to answer their telephone. Unfortunately, scammers and seedy telemarketers are now using this technology to trick people into buying questionable goods and services or even steal from them. </span><br />
<br />
<a href="https://www.consumer.ftc.gov/articles/0076-phone-scams" style="font-family: georgia, serif;">The FTC has a great site to educate the public on this activity and you can file a complaint with them.</a><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;">Common lures/signs of a scam to snag a victim include:</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br /></span>
<br />
<ul style="background-color: white; margin: 0px 0px 0px 2em; padding: 0px 0px 0px 2em;">
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">Your banking credentials have been compromised and they ask for financial verification to verify your identity (they often spoof the financial institution's number).</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You owe the IRS money and will go to jail if you do not pay today.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You owe for a loan and will go to jail if you do not pay today.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">That they have been monitoring your credit and you now qualify for zero interest on your credit cards. </span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You've been specially selected (for this offer).</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You'll get a free bonus if you buy our product.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You've won one of five valuable prizes.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You've won big money in a foreign lottery.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">This investment is low risk and provides a higher return than you can get anywhere else.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You have to make up your mind right away.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">An offer of a free vacation. </span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">An offer of a "too good to be true" business or investment opportunity. </span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You trust me, right?</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">You don't need to check our company with anyone.</span></span></li>
<li style="margin: 5px 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">We'll just put the shipping and handling charges on your credit card (If they get your payment card they often use it to commit additional fraud).</span></span></li>
</ul>
<div>
<span style="font-family: "georgia" , "times new roman" , serif;"><br /></span></div>
<div>
<span style="font-family: "georgia" , "times new roman" , serif;">Please note that some of these scams are telemarketing come-ons. Many are also charity scams, where no money is ever given to a real charity. It is prudent to research the validity of any charity, which can be done by visiting the <a href="https://www.charitynavigator.org/">Charity Navigator website</a>. </span></div>
<span style="font-family: "georgia" , "times new roman" , serif;"><br style="background-color: white; color: #333333;" /></span><span style="background-color: white; color: #333333; font-family: "georgia" , "times new roman" , serif;">More and more frequently, Caller ID is being used by organized (and maybe some not so organized) criminals to commit fraud. A couple of years ago,</span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;"> 62 people were arrested for operating from a <a href="https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0ahUKEwjs8aHlnN7RAhUP1WMKHQ-JAB4QFgg8MAY&url=https%3A%2F%2Fconsumerist.com%2F2016%2F10%2F27%2Ffeds-arrest-61-for-alleged-indian-call-center-scam-that-bilked-millions-from-consumers%2F&usg=AFQjCNHJSiwqSvDCk5TYXJOPVhpct5b_Fw&sig2=-om1IolcpV6vzZPqc_Y9KQ&bvm=bv.145063293,d.cGc">call center in India and impersonating IRS or ICE agents</a>. They allegedly made $75,000,000 in one year from this operation. I received several of the alleged IRS calls and they all had a Washington DC area code appearing on my telephone. With tax season here, we can probably expect to see these calls resurface again. </span><br />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;"><br /></span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Most of the calls, I have personally received or heard about involved a person with a foreign accent. I suspect a lot more of this activity comes from call centers located overseas. Unfortunately, we have all been "trained" to accept calls from people with foreign accents by corporate entities outsourcing jobs in order to save payroll dollars. </span><br />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;"><br /></span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;">The Truth in Caller ID Act was signed into law in 2010, which makes it illegal to spoof a number in order to commit fraud. Despite the law, the amount of this type of fraud seems to be on the rise. </span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Due to the fact that most of these calls originate from overseas by purchasing a local telephone number -- and then forwarding the calls -- the danger of any real consequences is extremely minimal. The other option provided is to sign up for the FTC's "Do Not Call List," but this seems to be ignored by the people making the calls. </span><br />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;"><br /></span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;">Being able to spoof a call has become too easy. A simple </span><a href="https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=free+unlimited+caller+id+spoofing" style="font-family: georgia, serif;">Google search</a><span style="background-color: white; color: #333333; font-family: "georgia" , serif;"> will reveal all kinds of "resources" available to anybody. </span><br />
<span style="background-color: white; color: #333333; font-family: "georgia" , serif;"><br /></span><span style="background-color: white; color: #333333; font-family: "georgia" , serif;">In my humble opinion, the need for additional legislation to combat this growing problem is pretty apparent. Most of us are exposed to this activity "too frequently" via easily available technology, which not only includes "spoofing," but also includes professional sounding "phone trees" backed up by "robocall dialers." Perhaps the solution is to make it illegal to sell this type of technology to "anyone." The telecom types should also be forced to aggressively to come up with robust solutions to protect their customers from a service they are charging them for.</span>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-81060748943754714362012-04-13T17:05:00.000-07:002019-02-01T10:29:52.663-08:00Identity Thieves Target Uncle SamIdentity thieves seem to like to target the government. With April 15th nearing, the news is awash with fraudsters using other people's identities to claim an earned income tax credit worth thousands of dollars. Of course, we should feel sorry for the poor people, who had their identity stolen and used to file a bogus return. After all, they will have to deal with IRS, and prove they didn't file the fraudulent paperwork.<br />
<br />
The saddest thing is that they will probably find out about it when they file a legitimate tax return, and it is denied. When this happens, they might have to prove, that they were not the person responsible for filing the faux (fake) return. In most instances, proving this will be hours of work and cost a little money.<br />
<br />
In all fairness, it is evident that the IRS is taking tax fraud much more seriously than in the past. Because of this, we are probably seeing more of it being reported. The IRS has an excellent <a href="http://www.taxpayeradvocate.irs.gov/Individuals/Identity-Theft">information page</a> on their site to assist the people being victimized. Please note that anyone paying taxes is a victim of all this, and the money being lost, adds to the ever-growing deficit.<br />
<br />
Another aspect of this fraud is that if the government can prove the refund was not negotiated for the right person, they can hold the financial institution paying out the money liable. Frequently when the fraudulent refund is received a counterfeit ID is produced to negotiate the instrument. In these cases, when the true person proves they did not file the bogus return, the loss is going to be charged right back to the financial institution that paid out the actual cash in the scheme.<br />
<br />
Another good example of a government program being targeted is the recent disclosure that hackers compromised a State of Utah Medicaid database. Given the quality of information stolen (medical), it is prime to commit tax fraud (or medical fraud) against the government.<br />
<br />
Current estimates put this data breach at 780,000 personal records compromised. It has also come to light that the data was not encrypted and that less than complex passwords were used to protect it. The Salt Lake City Tribune is also <a href="http://www.sltrib.com/sltrib/news/53892081-78/health-data-security-utah.html.csp">reporting</a> that the manner in which this information was protected might be in violation of current federal regulations. Hard to believe with the number of publicly disclosed breaches that the data was not encrypted. You would think that this would be standard by now when protecting information that criminals can steal money with?<br />
<br />
Pretty interesting that the World Privacy Forum is showing an <a href="http://www.worldprivacyforum.org/">interactive map on their site</a> showing all the known occurrences of medical identity theft in recent years. While there are differing estimates on the costs of medical fraud, there is little doubt that it costs us billions of dollars, and the costs are passed on to all of us.<br />
<br />
An <a href="http://www.computerworld.com/s/article/9225444/Most_2011_cyberattacks_were_avoidable_Verizon_says">article</a> by Jaikumar Vijayan at ComputerWorld makes a pretty good argument that most of the data breaches in 2011 were avoidable. If this is the case, it should show us that this is an ever-growing problem and that we cannot afford to let our guard down.<br />
<br />
If you think you might be a victim in the Utah breach, the State has set up a victim's assistance line at 1-855-238-3339.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com5tag:blogger.com,1999:blog-12423159.post-88977140645733420002010-07-07T04:44:00.000-07:002010-07-07T19:39:18.730-07:00Phony Collectors Want Your Credit/Debit Card InformationAbout a week ago, I was made aware of a fraud group operating from a Tampa, Florida number, who were calling people and using some pretty heavy-handed tactics to collect (steal) money. Interestingly enough, the person that let me know about this had never done business with the company being impersonated.<br /><br />Please note, there might be a reason for alarm even if you don't think you owe a debt and a collector calls. With more and more people becoming identity theft victims, a call from a collector could be the first notification a person gets that someone else is using their information. Of course, in this instance, since the calls were bogus, it was not the case. In fact, if you give these scammers any information they can use, you will likely become an identity theft victim yourself.<br /><br />The person who provided me with this information also provided me with the number she was called from. I called the number and, after a slight delay, I got a person with a Indian accent, who identified himself as "William Scott" from ACS, Inc. Leading him on, I told him my wife was always getting us into trouble by borrowing money — and that we had received a message to call them. He asked me for my wife's name and I made one up. He then told me to wait a minute, while he looked up the file. After about a minute, he said he had located the file and that she owed $500.00, and said this was a "serious legal issue we needed to get cleared up right away." He even offered to settle for $300.00, if I paid that day with a debit/credit card.<br /><br />During my conversation with William, I could hear the chatter of other calls being made. Listening carefully, I noted that all the people, "chattering" in the background seemed to have Southern Asian (probably Indian) accents. This leads me to believe that the call was being forwarded, possibly overseas. This is not hard to do and there are a lot of legitimate call centers where callers are forwarded from a local number, all over the world.<br /><br />I gave him an e-mail address so he could send me a payment authorization form and he told me to fill it out, sign it and e-mail it back to him. About an hour later. I got the form coming from an e-mail address, <a href="mailto:acscorpusa@gmail.com">acscorpusa@gmail.com</a>. It asked for personal identifiers, the card number, billing address, zip code, expiration date and CVC number. There is very little doubt in my mind if I had sent the form back to him the account I gave them would have been promptly cleaned out.<br /><br />I ran the number (813-434-4611) on a site called <a href="http://www.phonevalidator.com/default.aspx">PhoneValidator.com</a>, which tells you what company a number belongs to and if it is a cell phone or a landline. This number belongs to a PaeTec Communications in Tampa, Florida. PhoneValidator.com offers two additional tools after you run the number. One is primarily a paid search (how they make money), but they offer Google results, also. When I ran the <a href="http://www.google.com/custom?hl=en&lr=&ie=ISO-8859-1&oe=ISO-8859-1&safe=off&client=pub-9947262643867339&channel=2773160146&cof=FORID%3A1%3BGL%3A1%3BBGC%3AFFFFFF%3BT%3A%23000000%3BLC%3A%230000ff%3BVLC%3A%23663399%3BALC%3A%230000ff%3BGALT%3A%23008000%3BGFNT%3A%230000ff%3BGIMP%3A%230000ff%3BDIV%3A%23336699%3BLBGC%3A336699%3BAH%3Acenter%3B&q=813-434-4611&btnG=Search" vl_1278503038265="1">Google results</a>, it identified the same scam, I had run into. One site, <a href="http://800notes.com/Phone.aspx/1-813-434-4611">800notes.com</a>, had quite a few comments about it.<br /><br />The payment authorization letter listed a fax number of 646-786-4401. I ran that <a href="http://www.phonevalidator.com/results.aspx?p=646-786-4401">number</a> and it went to a landline in New York. Again, I ran the <a href="http://www.google.com/custom?hl=en&lr=&ie=ISO-8859-1&oe=ISO-8859-1&safe=off&client=pub-9947262643867339&channel=2773160146&cof=FORID%3A1%3BGL%3A1%3BBGC%3AFFFFFF%3BT%3A%23000000%3BLC%3A%230000ff%3BVLC%3A%23663399%3BALC%3A%230000ff%3BGALT%3A%23008000%3BGFNT%3A%230000ff%3BGIMP%3A%230000ff%3BDIV%3A%23336699%3BLBGC%3A336699%3BAH%3Acenter%3B&q=646-786-4401&btnG=Search">Google results</a>, which revealed more people getting faux collection calls. Besides the fax number on the authorization letter — designed to clean out a payment card — was another number (813-435-1963) to call them back. Although, it was another Tampa number, it went to different <a href="http://www.phonevalidator.com/results.aspx?p=813-435-1963">telecom outfit</a>. By running the Google results, lo and behold, more complaints about phony collection calls were <a href="http://whocallsme.com/Phone-Number.aspx/8134351963">found</a>, some of which stated that some pretty crude and disgusting comments were made by some of these fake collectors.<br /><br />Based on the comments I found, it appeared that this activity had been going for a long time, and the Indian accents seems to be a common theme. I did report this to the authorities — but besides getting an initial call back — I haven't heard anything from them since then.<br /><br />It is not uncommon for scammers to set up legitimate sounding numbers, either. As long as the bill gets paid, very little due diligence is conducted by telecom types to ensure a number actually belongs to what it says it does. Sometimes the numbers are paid for with stolen financial instruments, and it is not uncommon to call one back a week later and find it has been disconnected.<br /><br />I did more research on this activity and discovered that the BBB had an interesting <a href="http://www.bbb.org/cincinnati/business-reviews/collection-agencies/us-cash-advance-phony-debt-collectors-in-cincinnati-oh-90002652/">write-up</a> about similar (if not the same) fraudulent collection activity. The report lists 67 complaints they had received. Another <a href="http://www.bbb.org/us/article/widespread-harassment-from-phony-debt-collectors-raises-concerns-of-mass-data-breach-11792">write-up</a> in August of 2009 from the BBB suggested that the scammers had so much personal information about the victims — a data breach was suspected. In this case, it was reported that the people behind this had social security numbers, addresses and knew how to contact their victim's relatives. It also stated that people were being threatened with criminal prosecution, if they did not pay.<br /><br />If you are called by a collector and you do not know anything about the debt they are talking about, you should always ask them to send you documentation proving that you owe the debt. The Federal Trade Commission (FTC) has <a href="http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre18.shtm">information on their site</a> on what your rights are and the specific laws that legitimate collection agencies have to follow. You can also file an <a href="https://www.ftccomplaintassistant.gov/">online complaint</a> (highly recommended if you suspect abuse) and even watch a video on how to do it properly. They also provide a number (1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261) if you want to speak with a live human being.<br /><br />The phenomenon of fraud by telephone is becoming more and more common. Officially dubbed "<a href="http://en.wikipedia.org/wiki/Vishing">vishing</a>," which is phishing by telephone, the people behind it spoof financial institutions to <a href="http://blogcritics.org/scitech/article/telephone-call-offering-to-lower-interest/">gather personal and financial details</a> to commit identity theft and financial crimes. Cheap long distance — enabled by <a href="http://en.wikipedia.org/wiki/Voip">VoIP</a> (Voice over Internet Protocol) — and <a href="http://fraudwar.blogspot.com/2009/06/trust-caller-id-become-crime-victim.html">caller ID spoofing </a>(which is legal) have made vishing pretty easy to accomplish.<br /><br />If you get a phone call that doesn't make sense, take a deep breath and then make sure the person calling you is legitimate before proceeding!Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com11tag:blogger.com,1999:blog-12423159.post-27836767298979332092010-01-02T19:15:00.001-08:002010-01-03T19:36:18.421-08:00Will 2010 be a Banner Year for Identity Thieves?For the past six months or so, this blog was put on hold. I could come up with a lot of excuses why it was put on hold -- such as increased workload and job responsibilities -- but I probably just needed a break from writing.<br /><br />Now that I am taking a look at getting back into blogging, it doesn't appear much has changed in the fraud arena or that the news is getting better. Of course, I probably already knew that. After all, I didn't get much of a break from all the fraud that is going on out there, I merely wasn't writing about it.<br /><br />For instance, Jay Foley at the Identity Theft Resource Center did a recent <a href="http://www.bankinfosecurity.com/articles.php?art_id=2031">interview</a> with Tom Field at Bank Info Security and is predicting some scary trends for 2010. Two of the predictions are that medical identity theft and <a href="http://fraudwar.blogspot.com/search?q=too+good+to+be+true">too good to be true scams</a> will be on the rise.<br /><br />I can attest to the too good to be true schemes being on the increase. They happen all over North America on a daily basis. Strangely enough, the scams seem to recycle themselves and use the same bogus financial instruments, over and over, again.<br /><br />"Well, first and foremost we are going to see a lot more scams. Because of the tough economic times, we are seeing a lot of scammers come out of the woodwork and try to suck you into this quick job, that quick job, here make a little extra money, and invariably what happens is you find yourself on the hook for greater debt and greater problems because you went to work with these scammers," according to Jay Foley.<br /><br />Besides this, Jay is predicting an increase in medical identity theft, which struck me as "interesting" given all the media attention on <a href="http://www.google.com/search?q=health+care+reform&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_enCA320">health care legislation</a>. Apparently, he is seeing a lot of people, who are without insurance, use some else's name and social security number to piggyback on someone else's benefits. In the article (also a podcast), Jay aptly points out that the medical industry has been plastering social security numbers on just about every document they create for years.<br /><br />It should be noted -- especially as move towards <a href="http://www.google.com/search?hl=en&rls=com.microsoft%3Aen-US&rlz=1I7GPEA_enCA320&q=digital+medical+records&aq=f&oq=&aqi=g8">digital medical records</a> -- that in the wrong hands these records can be used for more than medical identity theft. The same information can be used to commit a host of financial crimes, including scamming the government and the insurance companies. In case you missed it, the WSJ did a story on the subject, where an insider (employee) downloaded 1100 records, which were later used by his cousin to commit <a href="http://online.wsj.com/article/SB125944755514168145.html">$2.8 million in fraud</a>.<br /><br />There is no doubt that medical records have been identified as an easy place to steal information by the criminal element. The "trillion" dollar question right now is if making these records digital is going to make the problem worse? Only time will tell.<br /><br />Estimates on medicare fraud vary greatly, but some go as high as $80 billion a year. Please note this is an estimate on medical fraud in the public sector and doesn't account for the fraud directed at the private sector. The <a href="http://64.211.220.122/eweb/DynamicPage.aspx?webcode=anti_fraud_resource_centr&wpscode=TheProblemOfHCFraud">NHCAA</a> (National Healthcare Anti-Fraud Association) is a good place to see all the different aspects of this growing problem. The end result is a monetary loss that we all end up paying for, whether as a taxpayer or a consumer.<br /><br />It's pretty hard to get an accurate estimate of how much fraud occurs, we can only guess what it might be based on the known incidents. The reality is the more successful frauds are never discovered. After all, most of the people committing fraud go to great lengths to keep their activities anonymous. It is bad for business, otherwise.<br /><br />So far as industries that will be targeted, Jay predicts the payment services industry and medical industry will be the most attractive to information thieves. Is this because the payment services industry is where there is instant access to money and the medical industry has an abundance of easily accesible information to steal?<br /><br />Also predicted is that the scammers, hackers and identity thieves behind these schemes are going to be much younger. Citing the urban legend status given to <a href="http://en.wikipedia.org/wiki/Albert_Gonzalez">Albert Gonzalez</a> (28), who has now been identified as being a member of the Shadow Crew and behind the TJX, Heartland and Dave and Buster's breaches as a fueling factor. According to Jay, his group is seeing a trend where teenagers are putting up fake e-commerce sites etc. etc. to steal payment information and steal money.<br /><br />Jay also points out that most information theft is being done by insiders, or people who are given access to it. I've always said that you can have the best security systems out there -- but if you give the wrong person access -- even the best systems can be redered useless. With information being worth money, people can be recruited or even planted in organizations to steal it. While the Albert Gonzalez types make good news stories, if an organized crime group (or lone crook) wants to get in a system, it's a lot easier if they have an inside connection.<br /><br />Perhaps we need to take a step back and realize that the human being is the most important part of any security equation. Human beings are on both side of the equation, whether they are the victim or the victimizer. As long as we continue to maintain information in easily accesible places (to make money) and send it (electronically) all over the place, we are going to have a problem.<br /><br />You can read more about Jay Foley and the Identity Theft Resource Center (highly recommended), <a href="http://www.idtheftcenter.org/">here</a>.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com2tag:blogger.com,1999:blog-12423159.post-41529178457772345012009-06-28T03:22:00.000-07:002009-07-01T06:19:44.412-07:00Lucid Intelligence – A Free Way to Discover IF Your Identity Has Been Stolen!<p>Millions of personal and financial records have been compromised in recent years and the criminals involved in trading this information operate worldwide. </p><p>"A criminal might be based in Romania, using servers hosted in Russia, stealing data from people in Germany, to buy goods from an American retailer for delivery in the UK, using an Australian credit card," according to a new site called Lucid Intelligence, which seeks to level the playing field for the individual victims of these crimes.</p><p>Lucid Intelligence has set up a <a href="https://www.lucidintelligence.com/index.php">site</a> that has a user-friendly tool that allows a person to see if their personal and or financial information is in the hands of criminals. It then provides resources – that are free for the most part – a person can use to protect themselves. The Lucid Intelligence Database contains the information of over 40 million people who have already been compromised.</p><p>Although, the site freely admits they can't do anything about getting your information back, the truth is that an aware person can take measures to make the information useless (and maybe more dangerous) for criminals to use. </p><p>Some of the ways the site suggests protecting yourself is setting up a Google Alert (detailed instructions included), getting a free credit report, finding some free identity theft protection and protecting your computer. Free options of doing this are identified on the site.</p><p>All of the records in the Lucid database have already been compromised by criminals and made available on the Internet. These stolen details were found in chat rooms, bulletin boards or FTP sites, which are used as underground forums to sell stolen information. Recently, <a href="http://blogcritics.org/scitech/article/twin-reports-suggest-we-are-losing/">two major reports</a> indicated there is so much stolen information available, the law of supply and demand is causing prices to go down. This would suggest there is a glut of stolen information out there.</p><p>The information is stolen in a variety of ways. It can be stolen by hackers, who compromise a retail or banking system, dishonest employees at a wide variety of places or malicious software delivered by the botnets that "<a href="http://technorati.com/r/tag/phishing">virtually phish</a>" the digital world with billions of spam e-mails. Information can also be stolen when you pay a bill using a card or when an irresponsible employee throws it in trash. Please note, there are other ways information is stolen and I am only listing the more well-known methods.</p><p>A lot of the information in the database has been obtained by the highly skilled operators behind Lucid, who seek out and engage cyber criminals and beat them at their own game. These operators, who come from all walks of life, are volunteers and most (if not all of them) have put a few scammers behind bars.</p><p>There is little doubt that the amount of information in this database is going to grow and, whenever possible, Lucid records exactly where they discovered the information.</p><p>The information you input to do the searches is not maintained by Lucid until you request the detailed summary. There are reasons for this, which I will explain below. The site also doesn't use any cookies that are designed to track activity on a computer. From what I can see, everything associated with the site is designed to protect individual privacy and takes the necessary precautions to stop someone with malicious intent from exploiting the Lucid database itself.</p><p>If the search reveals your information has been compromised, they provide you with a limited summary. For an administrative fee – and only after your identity has been completely verified – they will provide you with all a detailed summary. The administrative fee of £10 (approximately $16.56) to get the detailed summary covers the costs of pulling the information. Included in the detailed summary is an individual risk analysis based on the information discovered. </p><p>In most cases, the limited summary, combined with the protection information, will be sufficient for most people.</p><p>In the past four years, Lucid has turned over the details of every credit card they've discovered to the “Dedicated Cheque and Credit Card Unit” in London and <a href="http://en.wikipedia.org/wiki/APACS">APACS</a>. In turn, this information is turned over to the credit card issuer. Lucid has already provided the details of several hundred thousand compromised credit cards and it is estimated they have saved more than £200,000,000 (approximately $331,250,263) from being stolen. When considering this statistic, we need to remember that the actual card details came from all over the world. </p><p>It should be noted that payment (credit/debit) cards aren't the only type of information available for sale on the Internet. Lucid attempts to report all the information they discover if there is a place to report it to. </p><p>There are good reasons that Lucid doesn't turn these credit card details over to the card issuers directly. Replacing credit cards is costly and sometimes card issuers choose to merely monitor known compromised information and then issue a new card if there is suspected fraudulent activity. By reporting it to the authorities and APACS, Lucid ensures a record is maintained should someone run into complications with an issuer after they have been victimized. Despite all the zero liability ads out there, the sad truth is that not all victims come out of these schemes without losing money (sometimes a lot).</p><p>Another thing the Lucid database might reveal is synthetic identity theft before it comes back to haunt a person. Credit reports don't necessarily catch all forms of identity theft. Sometimes different parts of people's identities are used to forge a synthetic one. In these instances, because a lot of the information doesn't match, the credit bureaus don't pick it up.</p><p>Other examples where a credit bureau might not reveal identity theft are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and when it is used to commit crimes of other than a financial nature.</p><p>Another thing to consider is that since not all compromised information is used or used right away, the risk is there, but it will not show up on a credit report.</p><p>The people behind Lucid are also active in dealing with advance fee fraud (419) and the different varieties of this are covered on the site, also.</p><p>Last but not least, if you need further information they have a way to <a href="https://www.lucidintelligence.com/contactus.php">contact</a> a member of the group.</p><p>The site is largely the work of Colin Holder, a retired Detective Sergeant from the United Kingdom, who is considered one of the leading experts in the world on advance fee fraud and identity theft. This isn't the first Web site Colin has set up, either. In 2001, he set up the <a href="http://www.met.police.uk/fraudalert">Metropolitan Police Fraud Alert site</a> and came up with the idea that later became the <a href="http://www.c6-intelligence.com/">"KYC" and "Money Laundering" compliance database</a>. His full biography, which is both impressive and extensive, can be found on the <a title="Lucid Intelligence" href="https://www.lucidintelligence.com/index.php">site</a>.</p>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com3tag:blogger.com,1999:blog-12423159.post-20272723300916178682009-06-14T06:47:00.000-07:002009-06-15T16:54:15.906-07:00Are Anti-Aging Products Containing Resveratrol Scamming Innocent People?Getting old happens to the best of us – and ever since Juan Ponce de Leon went to Florida in 1512 on a quest to find the fountain of youth – many have searched for a miracle that would stop, slow or reverse the aging process.<br /><br />The marketing of Resveratrol is the latest chapter in this saga and has inspired some greedy and not very honest entities to hawk Resveratrol products over the Internet they claim are "guaranteed." The only guarantee with some of these products is that the person buying them might end up spending a lot of money for nothing.<br /><br />The sad truth is that there are companies selling Resveratrol supplements that appear to be using deceptive marketing practices. If you see a come-on for Resveratrol, I would carefully consider, whether or not, it appears a little too be too good to be true and follow the principle of "caveat emptor" (buyer beware). Of course, it always pays to read the “fine print” (as you will see below), also.<br /><br />Please note, I'm not here to dispute the possible health benefits of Resvervatrol or recommend if people should use it. The research on it is pretty exciting and I truly hope the results are positive.<br /><br />There is research showing that <a href="http://en.wikipedia.org/wiki/Resveratrol">Resveratrol</a> has the ability to cure diseases caused by aging and increase life spans. 60 Minutes, Oprah and many other media sources have done stories on it – but although it is being studied seriously – it still hasn’t been approved by the FDA.<br /><br />Unfortunately, seeming credible evidence is often twisted by greedy people with the intent of making a quick buck, who make it appear they are legitimate when they are not.<br /><br />Horror stories are starting to pop in Internet forums from ordinary people – who buy Resveratrol and end up paying a lot more than they should have. Even worse, they might end up buying something that isn’t really Resveratrol. A lot of supplements are hawked via spam advertising, where the source might be slightly questionable. The latest estimates are that over 90 percent of all e-mail is spam. Spam is known to contain a lot of deceptive and outright criminal come-ons.<br /><br />Of course, spam advertising isn't the only venue where Resveratrol is being marketed. Dr. Oz has talked about Resveratrol on Oprah and the <a href="http://www.oprah.com/article/health/20090305-tows-oz-calorie-restriction/10">article</a> on this from Oprah.com has put in a <a href="http://www.oprah.com/article/health/nutrition/20090105_orig_acai">disclaimer</a> that Harpo productions is pursuing companies that are claiming an affiliation with Dr. Oz or Oprah. I even found an <a href="http://drosresveratrol.com/?t202kw=resveratrol&t202c=3235062384&t202t=s&t202p=">ad page</a> from a "Dr. Os" (note the spelling difference), which is hawking Resveratrol. The page has a YouTube video with the real Dr. Oz talking about Resveratrol. Didn't go so far as to confirm it, but I would be careful about buying anything on this site, which offers up to two free bottles of Resveratrol.<br /><br />Sadly enough the Oprah.com article – with the disclaimer – is buried by all the other sites using Dr. Oz and other assorted mainstream media stories about Resveratrol. If you want to see what I am talking about, a simple <a href="http://search.yahoo.com/search;_ylt=Ar2QDdeXIkKxFr8nImSEEpumN3wV?p=resveratrol&fr=att-portal-s&toggle=1&cop=&ei=UTF-8">search</a> for "Resveratrol" pulls up an amazing amount of Internet marketing selling Resveratrol. Some of the advertising has "warnings" that Resveratrol products might be harmful to someone's health or a scam. Most of these ads lead to the product the advertiser putting out the warning is selling.<br /><br />The sheer volume of advertising on Resveratrol makes it hard for the average person to determine what is legitimate and what is not.<br /><br />Besides the disclaimer being made by Oprah, there is some interesting <a title="Oprah Reservatrol Comments" href="http://www.oprah.com/community/message/1076909;jsessionid=ac11087930d54ed7f4c1b79345e2b504da3b2e7cf3be.e38KbxqSbxiNe34Ke0#1076909">buzz</a> on her forums about a product called "Resveratrol Ultra.". Many of the people leaving comments on these forums have had their credit cards repetitively charged after signing up for a free trial of this particular product. The true cost is $87.13 for the free trial (if you don’t immediately return it) and they keep shipping you their product and charging you this amount, monthly.<br /><br />I went to the <a href="http://www.resveratrolultra.com/offer/resveratrolultralp2/?t=1&mid=122&subid=18389-1390460">Resveratrol Ultra site</a> and it has a YouTube clip of the 60 minutes story. One thing I noticed is there is a disclaimer on the site, which states:<br /><br /><blockquote>The 15 day Free Trial offer is designed to display the quality and effectiveness of Resveratrol Ultra. This gives you the opportunity to try this remarkable program for FREE (just pay shipping and handling) so you can come to a decision for yourself if this is the right product for you.<br /><br />We want you to be pleased with our products. If it is not all you expected it to be, or you're unsatisfied in any way just return the unused portion 15 days from the date that the product was originally shipped to you for a refund. We are committed to providing superior products and service to our customers. If you are not completely satisfied, contact us and we will make it right for you. Guaranteed!</blockquote>If you read the complaints this seems to allow them to start charging you $87.13 a month starting with the free offer unless you return the product in 15 days. Based on the comments in Oprah's forum and on a personal conversation I had with a victim -- good luck getting any cooperation from Resveratrol Ultra in getting a refund once this happens. Other complaints state it is even hard to get them to stop billing you $87.13 a month.<br /><br />Of course, Oprah.com isn't the only place where the public is crying foul about a company selling a Resveratrol product. <a href="http://www.complaintsboard.com/complaints/reseveratrol-ultra-c202546.html">Complaintboard.com</a> is warning people about Resveratrol complaints and there are also <a href="http://www.youtube.com/watch?v=QuxeefmhDdU">YouTube videos</a> about the subject.<br /><br />I did a search on mainstream drug store sites and found Resveratrol for about $7 to $12 a bottle. This seems to be a more sensible way to go than paying almost $100 a bottle if you choose to try Resveratrol before the FDA approves it. These places won’t keep charging your credit card, over and over again, either.<br /><br />If anyone reading this has a complaint, the best place to report it would be the Federal Trade Commission. You can do so right on their <a href="https://www.ftccomplaintassistant.gov/">site</a>. I ran a search on the FTC site and so far there is nothing about Resveratrol companies, but if enough people complain to them, perhaps there will be.<br /><br />Posting complaints in Internet forums is an honorable thing to do – but my guess is that if the FTC gets enough complaints they will look into it and go after the people doing it – a lot more, effectively!<br /><br />To close this post, I would like to reach out to all the mainstream sources which have covered Resveratrol. Their stories are being used to market these products. It sure would be nice if they took the time to cover this aspect of the story more effectively. The few warnings out there about this are easily buried by all the people selling Resveratrol!<br /><br />My inspiration to write this post came from a Nurse Carol, who spent a career working in Public Health and holds a Master's Degree. She fell for the free trial part of this and has gone through hours of pain and suffering trying to get her money back. Despite cancelling the product after realizing what it was all about, her credit card is still be billed by Resveratrol Ultra as I write this. Although Nurse Carol isn’t a celebrity like Doctor Oz, I can guarantee she recommends that anyone considering using Resveratrol exercise caution before handing over a method of payment.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com8tag:blogger.com,1999:blog-12423159.post-26358736027483594562009-06-08T07:01:00.000-07:002009-06-08T09:59:08.550-07:00Trust Caller ID, Become a Crime Victim!Fraud using the telephone is nothing new; it's probably been around as long as there have been telephones. After all, a telephone is merely a communication device and can be used to dupe someone into doing something they shouldn't have.<br /><br />Saying that, telephone technology, which has grown rapidly in recent years, has given fraudsters a wide array of new tools to use to depart common people and even large businesses from their hard-earned money.<br /><br />Take <a href="http://technorati.com/tag/caller-id">caller ID</a> for instance, which is marketed as a means of protecting our privacy. When I say marketed, it's normally sold for a fee so we can see who is calling us. The irony of the situation is that for a fee, just about anyone can make the caller ID appear to whatever number they desire.<br /><br />The ability to spoof (fake/impersonate) caller ID has been around for a few years. Collection agencies, private investigators and even law enforcement agencies use it to get people to answer their telephone. In these instances, they are normally paying the telecom company for the service. I guess this means the people selling caller ID and the ability to spoof it are making money on both sides of the fence.<br /><br />While some might argue the semi-legitimate (?) uses are deceptive in themselves, I'm far more concerned when criminals or malicious beings use it to further one of their schemes.<br /><br />For instance, caller ID spoofing has been used to dispatch a SWAT team to an unsuspecting person's house, and a Pennsylvania man made obscene phone calls to women and made the caller ID appear as if they were coming from within the house. It has also subjected a lot of people to abusive return phone calls when their number was spoofed and angry consumers wanted to complain.<br /><br />Of even greater concern is when caller ID spoofing is used by "stalkers." In January, Alexis A. Moore did a very well researched <a href="http://alexisamoore.blogspot.com/2009/01/truth-in-caller-id-act-of-2007-impact.html">post</a> on her blog about this subject. Moore is a "crime victim advocate and expert in cyber stalking, identity theft, traditional stalking, domestic violence and privacy protection," according to her profile on Blogspot.<br /><br />Before I move forward, please note that it seems to have worked on a 911 dispatch system. In this case, law enforcement – who is known to spoof their numbers – is being victimized by the same technology they use to cloak calls themselves. Please note that if anyone should be able to legally spoof calls, it’s probably law enforcement. Nonetheless, it is ironic.<br /><br />More and more frequently, caller ID is being used by organized (and maybe some not so organized) criminals to commit fraud.<br /><br />Last month, spoofing caller ID was reported to be used as a tool by an international credit card fraud ring that was broken up by the NYPD and the <a href="http://queensda.org/newpressreleases/2009/may/operation%20plastic%20pipeline_05_2009_ind.pdf">Queens District Attorney's office</a>. The ring was using an easily purchased portable spoofing tool, known as a Spoof Card. Spoof Cards can be bought by anyone who has the money to buy them, right over the Internet! Besides spoofing a number, the cards can be used to disguise a person's voice and gender.<br /><br />The ring, which was described as stretching from New York to Nigeria, obtained cards and activated them using a number they spoofed as legitimately belonging to the intended recipient of the card. Please note, most banks require you to activate a card from a known number when you receive it in the mail. I wonder how many of these same banks are using caller ID spoofing technology in their collections departments.<br /><br />While the methods used by this group included counterfeiting, mail theft, taking over accounts and fraud applications to get the cards, using a Spoof Card was obviously a pretty successful tool used in furthering the fraud scheme. The victims were from all over North America and the cards were used worldwide. According to the authorities, the financial impact of this activity was estimated at $12 million in the past year alone.<br /><br />While devices like Spoof Card are an issue, the problem doesn't stop there. Semi-legitimate (?) marketing firms, such as Voice Touch, Inc. and Network Foundations LLC – ones that the FTC <a title="FTC Press Release" href="http://ftc.gov/opa/2009/06/robocall.shtm">shut down</a> last month – were using robocalls with spoofed caller IDs. Of course, there were a lot of complaints that these warranties they were selling (provided by Transcontinental Warranty, Inc.) were virtually useless if you tried to use them, too.<br /><br />Spoofing caller ID has led to a rash of vishing (phishing by telephone scams), also. Last year in November, I <a href="http://fraudwar.blogspot.com/2008/11/telephone-call-offering-to-lower.html">wrote</a> about a call I was getting offering to lower my interest rate. The calls in question were robo-generated and the intent was to get you give up your credit card numbers to a scammer. As of this month, I received another one of these calls. Besides this particular scam, there have been numerous reports of financial institutions having their telephone numbers spoofed in vishing schemes.<br /><br />Of course, Spoof Card isn't the only spoofing service out there. Some services offer software programs that can be used to spoof calls over a Web interface. One even calls itself <a href="http://www.phonegangster.com/?gclid=CJ_88bLA-JoCFRwpawodyGFDdQ">PhoneGangster.com</a>.<br /><br />The services that allow it to be done over a Web interface enable the activity to be performed on a much larger scale. A simple <a href="http://technorati.com/tag/google">Google</a> search for "caller ID spoofing" brings up all kinds of <a href="http://www.google.com/search?hl=en&q=caller+id+spoofing&btnG=Search&aq=f&oq=&aqi=g10">Adsense ads</a> selling a wide range of caller ID spoofing services. Of course, I shouldn't single out Google or Adsense; my guess is that any search on most commercial browsers will net the same type of advertising.<br /><br />With <a href="http://technorati.com/tag/VoIP">VoIP</a> technology in full vogue and services like Skype, the fraudulent use of caller id spoofing services now can feasibly be done across borders. This will make it much more difficult for law enforcement agencies to investigate and prosecute these cases.<br /><br />In 2007, two bills were sent to the Senate to address caller ID spoofing. Neither was voted on and as a result no effective law has been put into place to address this issue. This year, <a href="http://billnelson.senate.gov/">Senator Bill Nelson</a> (FL) and three co-sponsors introduced another bill (S.30) dubbed "The Truth in Caller ID Act."<br /><br />In my humble opinion, the need for this legislation is pretty apparent. Laws are designed to protect people and it there are too many good reasons people need to be protected from caller ID spoofing!<br /><br />The right place to file a complaint about something like this is the Federal Trade Commission. To file a complaint in English or Spanish, visit the FTC’s online <a href="https://www.ftccomplaintassistant.gov/">Complaint Assistant</a> or call 1-877-FTC-HELP (1-877-382-4357). There is also a link on the page to file a complaint on an overseas entity.<br /><br />You can also <a href="http://www.usa.gov/Contact/Elected.shtml">write</a> your representatives (elected officials) and encourage them to make 2009 the year that they finally pass some legislation on this issue.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com3tag:blogger.com,1999:blog-12423159.post-82012720456096522402009-05-31T07:14:00.000-07:002009-06-03T06:19:25.840-07:00A Call for Action in Addressing Cyber SecurityOn Friday, President Obama addressed the nation on the importance of securing cyberspace and the reasons why it could be a danger to both our economy and national security. He also used the term, "weapons of mass disruption" and announced that he will appoint a cyber security czar.<br /><br />The speech highlighted a <a href="http://www.whitehouse.gov/CyberReview/">60-day study</a> conducted at his direction, designed to take a look at how vulnerable we are to cyber attacks that could drastically change the whole way we exist.<br /><br />Is this a far cry from reality? Perhaps not; if you can take command and control of the computer that controls something we use, you can do pretty much anything you want with it. This might be anything from a banking system to the system that controls an electrical grid or a sophisticated weapon. If you really think about, computers control just about everything nowadays.<br /><br />As I was considering this, it reminded me that there are already millions of computers where some hacker has gained command and control of and formed into a botnet (essentially a supercomputer). All it took to do this was a little social engineering to trick someone into downloading some malicious code on a machine. While some of us might write this off as stupid people doing stupid things, people have even been tricked into doing this at government agencies and Fortune 500 companies. Trust me, not all the people who fall for some of this stuff are stupid. Social engineering is known to cause people to do things they normally would not!<br /><br />While it takes a little technical sophistication to write malicious code, a person doesn't necessarily have to be a technical whiz to get their hands on it. They can buy it right on the Internet, complete with a do-it-yourself (DIY) kit to execute their intended misdeed. While most of the "misdeeds" seen in the wild have a financial intent, the intent is dictated by the person committing the act. In other words, the intent might be different depending on the person who is executing the deed.<br /><br />Also mentioned, both in the <a href="http://www.whitehouse.gov/asset.aspx?AssetId=1732">report</a> and in the speech, was cyber-warfare. For years now, the <a href="http://fraudwar.blogspot.com/2007/11/us-china-commission-report-reveals.html">Chinese</a> have been accused of hacking into government systems, although they always deny it. Also mentioned was an actual use of cyber warfare, or the Russian attack on Georgia that happened in the not very distant past.<br /><br />Please note that botnets, which I mentioned above, were used to <a href="http://fraudwar.blogspot.com/2008/08/cyber-warfare-from-theory-to-reality.html">cripple</a> the Georgian infrastructure. The zombie computers used in these botnets didn't come out of Russia, either. Some of them were traced right back to this country. In the current environment, you don't need to be in a physical location to take command and control; it might happen from anywhere.<br /><br />The report also mentions attacking electrical grids and that the CIA has intelligence that this has already occurred in other countries. Just last month, the Wall Street Journal issued an <a href="http://online.wsj.com/article/SB123914805204099085.html">article</a> stating that Russian and Chinese hackers had mapped the U.S. power grid and left behind software that in theory could be used to attack our electrical grid. The article quoted unnamed officials from within the government. This set off a flurry of articles and in the end, most of the <a href="http://www.schneier.com/blog/archives/2009/04/us_power_grid_h.html">experts</a> concluded that the threat, although real, wasn’t as bad as it was hyped up to be. Nonetheless, hacking certain utilities, such as electricity, water, and sewage could cause a lot of serious problems and there is evidence it has been accomplished in other countries.<br /><br />While cyber warfare is an ominous subject, the report points out that we have already seen some pretty major events when financial systems were successfully attacked. Examples given were the TJX data breach (45 million payment cards compromised) and the more recent WorldPay payment card breach where a 30 minute exploit netted nine million dollars. This <a href="http://fraudwar.blogspot.com/2009/02/9-million-electronic-robbery-at-rbs.html">highly coordinated scheme</a> took place all over the United States, Montreal, Moscow, and Hong Kong in a very short time-frame.<br /><br />There is tangible evidence that so much personal and financial information has been stolen that the laws of supply and demand are driving prices down. Interestingly enough, a lot of this information is traded right over the Internet in anonymous forums using hard to trace forms of payment.<br /><br />Two recent reports point to this. Symantec released a pretty interesting <a href="http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf">report</a> on the underground economy and shortly afterwards, Verizon issued another report on the state of personal and financial information being stolen. The Verizon <a href="http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf">report</a>, pointed out that the 285 million "known" records stolen in 2008 amounted to more than what was recorded in the previous three years. The Symantec report, which breaks down the going prices for information noted that the practice of spoofing (impersonating) financial institutions to steal information grew from 10 percent in 2007 to 29 percent in 2008. The Symantec report stated that 90 percent of the attacks being launched via botnets were designed to steal information and that the number of infected computers had grown 31 percent in 2008 over 2007, also.<br /><br />Also cited in the report and in the speech was an estimated $1 trillion dollar loss per year in intellectual property. In recent years, the FBI has been busy catching <a href="http://fraudwar.blogspot.com/2008/07/dod-analyst-convicted-for-selling.html">numerous people</a> stealing technology secrets and exporting them out of the country. This brings up another variable in the problem or if a person is given access to a system it is relatively easy to compromise it.<br /><br />Recently, it was even disclosed that computers in Congress were <a href="http://www.nationaljournal.com/njmagazine/cs_20081220_6787.php">hacked</a>. It appears that even government intellectual property is being targeted.<br /><br />When it comes to intellectual property theft, often we do not know what the motive is. Again, the intent is largely dictated by the end user. If you wanted to see a real world example, you might take a look at software piracy. The Business Software Alliance puts <a href="http://www.bsa.org/country.aspx?sc_lang=en">worldwide losses</a> at over $50 billion, yearly. If you were to look at counterfeiting in general – which can involve the theft of intellectual property – the International Anticounterfeiting Coalition estimates the losses at <a href="http://www.iacc.org/counterfeiting/counterfeiting.php">$200 to $250 billion</a> just in the U.S., every year.<br /><br />The report, which is posted on <a href="http://www.whitehouse.gov/">WhiteHouse.gov</a>, also addresses the growing problem of privacy in the digital world. Personal and financial information is worth a lot of money to businesses and criminals alike. Unfortunately, because of this, a lot of people are leery of putting in controls that might make it harder to profit from information. Because of this, a lot of people’s personal and financial information has gone missing.<br /><br />The American Library Association, the Cato Institute, the Center for Democracy and Technology, Carnegie Mellon University, Consumer Action, the Center on National Security Studies, Cornell University, the Electronic Frontier Foundation, the Electronic Privacy Information Center, George Washington University, Harvard University, Indiana University, Johns Hopkins University, OMB Watch, Ohio State University, the National Security Archive, the University of California-San Diego and the American Civil Liberties Union were all consulted in the initial 60-day report.<br /><br />While the report isn't clear on how privacy will be dealt with, it nonetheless is calling out that a problem exists. The problem is too much information being stored in too many not very well secured places.<br /><br />For a real example here, one could refer to the <a href="http://datalossdb.org/">DATALOSSdb Open Security Foundation</a>, which tries to document all the known data breaches. The problem is getting worse all the time, and although some might argue that greater transparency is the reason for this, there are probably many more unknown data breaches that occur out there. After all, it’s unlikely that the hackers or other criminals stealing the information are going to come right out and tell us where they are getting it from. From a business perspective, it isn’t in their best interests.<br /><br />The real casualties in this part of it are the individual victims, who suffer a lot when their information is used after it stolen. With the sheer amount of victims out there, some could argue we are facing an identity crisis.<br /><br />To add to the problem, technology is now also being used to produce high-quality counterfeit documents and financial instruments in places, such as garages. This makes the information being stolen all the more dangerous, or easy to abuse.<br /><br />Another thing the report addresses is the need for education and that laws need to catch up to the technology we are using. An interesting section at the end of the report highlights the history of modern communication technology. There is little doubt that as technology grows at a rapid pace; it is hard for the legal community to keep up with it.<br /><br />In the end, in my humble opinion, the study is the first step in a positive direction. We have already seen too many examples of the abuse of technology, which has a lot of potential for good, too! The problem is how to deal with those who abuse it. The good news is that a large part of solution can be achieved by using a little more common sense and the clean slate approach (mentioned in the report) will go a long way towards making this a viable effort. In the end, a responsible balance is the key, and this is what it seems the report seems to be calling for.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-38784291616124686062009-05-30T04:22:00.000-07:002009-05-31T06:09:05.131-07:00Charity Scams Busted Nationwide<p>Most Americans embrace the philosophy of helping others in their time of need. In every disaster -- whether it is in this country or anywhere in the world -- Americans are there to help those who need a helping hand. Unfortunately, there are those who take advantage of this, which has led to an ever-growing problem with charity fraud.</p><p>One of the more popular charity causes is to support the public service organizations, which are on the front lines of protecting the rest of us. Sadly enough, charity fraudsters are impersonating organizations that raise money to support fire fighters, policemen, and members of the armed forces.</p><p>Often, the line between an outright scam and the deceptive marketing of charitable causes is a little blurry. There are a lot of services-for-profit that market charitable causes for a cut of the proceeds. Unfortunately, some of them get too greedy when taking their cut.</p><p>To combat this growing problem, the Federal Trade Commission, along with dozens of state law enforcement officials, announced <a href="http://www.ftc.gov/opa/2009/05/phonycharity.shtm">Operation False Charity</a> on May 20th. Operation False Charity is a crackdown on fraudulent telemarketers, who claim to be gathering money on behalf of police, firefighters and veteran’s charities.</p><p>In keeping with the FTC tradition of educating the public, they are also releasing a lot of educational materials about charity fraud. They even provide a lot of these materials in <a href="http://www.ftc.gov/donaciones">Spanish</a>.<br />Warning signs of scams, and what you should do about them:</p><p>• High pressure pitches. Reject them: It’s okay to hang up.</p><p>• A “thank you” for a pledge you don't remember making. Be skeptical. Scam artists will lie to get your money.</p><p>• Requests for cash. Avoid giving cash donations.</p><p>• Charities that offer to send a courier or overnight delivery service to collect your money.</p><p>• Charities that guarantee sweepstakes winnings in exchange for a contribution.</p><p>• Charities that spring up overnight, especially those that involve current events like natural disasters, or those that claim to be for police officers, veterans, or firefighters. They probably don't have the infrastructure to get your donations to the affected area or people.</p><p>To assist the public in learning how to avoid being taken when giving money to a charitable cause, the FTC has a lot of <a href="http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt157.shtm">tips</a> to identify a potential scam. Here again, these tips are provided in <a href="http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/salt114.shtm">Spanish</a>, too.</p><p>Individuals are not the only ones targeted by charity fraudsters. Frequently businesses are targeted, also. One way businesses are targeted is by being solicited to buy advertising in publications that look like they're sponsored by nonprofit groups. Just because the publication may use words like "firefighter," "police," or "veteran" doesn't necessarily mean they are affiliated with these groups. The prudent thing is to check out any unknown charity with a site like <a href="http://www.nasconet.org/agencies">NASCO</a> (National Association of State Charity Officials), which provides resources to identify legitimate charities throughout the country.</p><p>The results are starting to come in from the efforts put forth in Operation False Charity. On Friday, Jerry Brown, the California AG, <a href="http://ag.ca.gov/newsalerts/release.php?id=1746">announced</a> they have filed eight law suits on 53 people, 17 telemarketers, and 12 charities accused of squandering millions of dollars of charity money intended to support policemen, fire fighters, and veterans. According to the announcement, the so-called agencies involved had bloated overheads and even purchased a 30-foot sail boat with the money they collected.</p><p>Thus far, 76 law enforcement actions against 32 fundraising companies, 22 non-profits or purported non-profits on whose behalf funds were solicited, and 31 individuals throughout the United States have been initiated as a result of Operation False Charity. Also included in this total are two FTC actions against alleged fake non-profits and the telemarketers making the calls.</p><p>If you want to learn more about how to make your donations count, you can visit the <a href="http://www.ftc.gov/charityfraud/">special site</a> the FTC has put up on this subject. Furthermore if you spot what you suspect is charity fraud, contact your <a href="http://www.naag.org/">State Attorney General</a> or <a href="http://www.consumeraction.gov/">local consumer protection agency</a>. </p><p>Other recognized places to ensure a charity is legitimate are the <a href="http://www.charitywatch.org/">American Institute of Philanthropy</a>, <a href="http://www.bbb.us/charity">Better Business Bureau Wise Giving Alliance</a> and <a href="http://www.charitynavigator.org/">CharityNavigator</a>.<br /></p><p>You also may file a complaint with the Federal Trade Commission by visiting the page on their site, or calling toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.</p>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-34368093581164722342009-05-20T04:26:00.000-07:002009-05-21T06:51:17.667-07:00Millions of Potentially Sensitive Records from the Clinton Era Gone Missing!A computer hard drive which contained huge amounts of personal and sensitive information from the Clinton administration is missing. Some of this information includes Social Security numbers, personal addresses and even scarier, Secret Service and White House operational procedures.<br /><br />Yesterday, government officials were briefed about the compromise, which was originally discovered in April. The hard drive held a terabyte of computer data that could contain millions of individual records. A terabyte of data would be enough to fill millions of books, according to this <a href="http://www.google.com/hostednews/ap/article/ALeqM5isz-JszmIiUrCRSRQVym01EVOdYAD989K4U80">article</a> published by the AP.<br /><br />The media is reporting that the personal information of one of Al Gore's three daughters was one of the millions of records gone missing – although it is not clear which daughter's information was compromised. Given the amount of information stolen, it's likely a lot of other notable as well as ordinary people have been compromised, too. According to articles I read, authorities are still trying to figure out exactly what was on the hard drive.<br /><br />The drive was lost sometime between March 2008 and April 2009 from the National Archives and Administrations in College Park, MD, which is a Washington suburb near the University of Maryland.<br /><br />The drive was left out, unsecured, in a room that is frequently left unlocked for ventilation. According to an unidentified source, a researcher who was converting the information to a digital records system left the hard drive on a shelf for an unknown period of time. When the researcher tried to resume work on the project, it was discovered to be missing.<br /><br />According to Rep. Edolphus Towns, Democrat-N.Y., chairman of the House Oversight and Government Reform Committee, they are seeking more information on the breach, and the FBI is investigating.<br /><br />The FBI will have a lot of suspects in this case. One hundred badge holders had access to the area. Additionally,the point of compromise is an area where workers, interns and even visitors pass on their way to the restroom.<br /><br />This information would normally be stored in a secure area. Thus far, officials are quick to point out that it is unknown whether the hard drive was stolen or accidentally lost, and if any sensitive security information was lost.<br /><br />At this time, either it isn't clear, or no one is saying, whether or not the data was encrypted. Encrypting data is considered a "safe and sane" security practice when dealing with data in transit and has become a <a href="http://www.ulmer.com/articlesalerts/clientalerts/Documents/02%20February%20-%20Data%20Encryption.pdf">legal requirement</a> in many situations.<br /><br />The House Oversight and Government Reform Committee have pointed to a problem with government agencies being compromised in the past. In a report released in 2006, the Committee came to the conclusion that the problem with agencies being compromised was government-wide. Other findings in the report include: agencies do not always know what was lost, physical security of data is essential and contractors are responsible for many of the breaches.<br /><br />The <a href="http://oversight.house.gov/story.asp?ID=1127">report</a> covers from 2003 to 2006 and, in light of this latest occurrence, it appears the problem still exists.<br /><br />More recently, President Obama has pointed to another problem which does have national security implications and which involves protecting cyberspace from the threats that exist today. Thus far, a <a href="http://www.whitehouse.gov/issues/homeland_security/">study</a> has been conducted, and is being reviewed. Stories in the media have pointed to a concern with cyber warfare and with hackers from foreign countries (notably China and Russia), who have been suspected of targeting government systems.<br /><br />If you are interested in learning more about Chinese hackers, there is a well written blog on the subject titled <a href="http://www.thedarkvisitor.com/">"The Dark Visitor (Information on Chinese Hacking"</a>. Another non-government source which covers data breaches in general is the <a href="http://opensecurityfoundation.org/">Open Security Foundation</a>.<br /><br />While the implications of this latest issue have yet to be determined, it is not good news from the standpoint of how easily the information was compromised. Of course, this is merely one incident, and if you follow the news, we get bad news about data compromises all the time.<br /><br />Update 5/20/09: It has now been confirmed that the missing hard drive had no encryption and a $50,000 reward is being offered for information leading to it's recovery. Source: <a href="http://news.cnet.com/8301-1009_3-10246004-83.html">CNet</a>.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-31445640845811359732009-05-17T07:57:00.000-07:002009-05-20T17:23:53.383-07:00FaceBook Hack Reveals Trend in Targeting Social NetworksAttacking social networking websites is becoming more common all the time. My guess is that they are being leveraged by criminals, who are after the vast amount of personal information people willingly put up on these sites.<br /><br />For the past couple of weeks, the ongoing attack on FaceBook has figured prominently in the media. The attack isn't much different than some of the other ones we've seen in recent years – which are to take over a user account – and then use it to trick people into falling for a scam. In this instance, a phishy link is being used to direct the effort.<br /><br />The intended victim receives a communication from someone they know (who has already been compromised), which directs them to a page that appears to be a FaceBook login. They are then prompted to put in their user name and password. If they do, their information is stolen and will be used to trick even more people into doing the same thing.<br /><br />Stealing stolen user accounts on eBay has been a problem for years. On eBay, it is a means of using an established seller's credentials to trick people into thinking they are dealing with a "trusted seller." The only difference here is that instead of selling bogus or non-existent merchandise, the intent on FaceBook is probably to trick people into giving up personal or financial information.<br /><br />This information can then be used to commit financial crimes, using the victim’s identity.<br /><br />I found some information about the FaceBook attack on Symantec's Security Response blog. Thus far, according to the research conducted on this at their lab, no computers have been infected.<br /><br />According to Marian Meritt at Symantec, the danger of giving up your FaceBook credentials might go beyond having your account compromised. She believes the hackers behind this are looking to compromise other accounts, where you might use the same credentials. I read some other articles on this and thus far this seems to be the consensus of why the attack is occurring, but no one seems to know for sure.<br /><br />Whether this is the intent, or not – the advice given in the <a href="https://forums2.symantec.com/t5/Online-Fraud/Phishing-Attacks-on-Facebook-Users-Point-to-Efforts-to-Mine/ba-p/393574#A109)">post</a> is something that should be considered when dealing with the multiple accounts a lot of us have.<br /><br />First and foremost, you should pay attention to the address in the bar at the top of your page. If it is not exactly the address of the legitimate site, you are probably being tricked into thinking that it is. For instance, www.faceboot.com is not www.facebook.com. Even better, if you spot a suspicious link, hover your mouse on it (without clicking on it) and the actual address will appear at the bottom left-hand of the page. Entering the legitimate address in your address bar is always smarter than clicking on a link, too.<br /><br />Of course, it's also wise to check out the address at the top of the page after arriving at your destination, also. You should also stop and think when something pops up instructing you to enter your user and password information.<br /><br />Also recommended is to use complex and unique passwords for each of your accounts, maintain an up-to-date browser and operating system and use updated security software from a reliable vendor.<br /><br />When purchasing security software, ensure you are not buying counterfeit software or being tricked into purchasing scareware. <a href="http://technorati.com/tag/scareware">Scareware</a> is bogus security software that normally prompts a user to run a scan of their system, which reflects all kinds of bad things going on. The problem is that the problems normally do not really exist and the protection they are selling doesn't really protect you, either.<br /><br />So far as buying counterfeit software, it normally doesn't protect you very well and it might even have some malicious code built right into the program.<br /><br />While the FaceBook attack is the flavor of the week, it’s not the only social networking site that has been targeted in the recent past. Twitter and MySpace have been the targets of recent attacks, too. SC Magazine did a recent <a href="http://www.scmagazineus.com/Scam-sites-increasingly-masquerading-as-Facebook-MySpace/article/136868/">article</a> where a security researcher from Websense was quoted as saying they have detected more than 200,000 sites impersonating the above mentioned social networking sites.<br /><br />Going beyond social networking sites, financial, auction, e-commerce are frequently attacked, too. The common denominator is sites where criminals can harvest information and turn it into money. Please note that people interested in doing a little bit of due diligence on you personally might see what you are putting up on these sites. I’ve recently seen this presented as a “best practice” when doing background checks on people.<br /><br />The key is to adopt the known best practices if you enjoy using these sites. Another wise thing to do is to be extremely thoughtful about what information you post on them and how it might be used against you.<br /><br />Anything you post on these sites can and will be used against you if the wrong person gets their hands on it. In the end, being mindful of the information you are posting on a social networking site is probably the best defense you have. After all, you never know who is looking at it!Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com4tag:blogger.com,1999:blog-12423159.post-58989971329491480902009-05-15T06:24:00.000-07:002009-05-16T11:38:32.299-07:00Craigslist Shuts Down Erotic Services Section<p>Craigslist has given in to the immense media attention regarding its "erotic services" ads and announced they are shutting the section down. In its place they are now adding an "adult" section, which appears to hawk the same type of personal adult services. </p><p>A lot of this occurred after it was discovered that a <a href="http://www.cnn.com/2009/CRIME/05/04/craigslist.hotel.assault/">killer</a> used Craigslist to stalk his victims, who were offering adult services. Since then the nasty subject of teenage prostitution on Craigslist has been covered in the mainstream press and the site has been referred to as an "online bordello."</p><p>Of course, Craiglist isn't the only place that advertises "adult services." They can be found in <a href="http://classifieds.austinchronicle.com/gyrobase/Results?section=11">newspapers</a>, alternative weekly rags, and a <a href="http://www.google.com/search?hl=en&rls=com.microsoft%3Aen-US&rlz=1I7GPEA_enCA320&q=escorts">whole slew electronic venues</a> besides Craigslist.</p><p>Craigslist announced the change on their blog and made some points in their defense. At the same time, they announced they will be charging for the ads in the new section and the proceeds will go to charity. All of the new ads will be reviewed by Craigslist employees before they are posted.</p><p>The <a href="http://blog.craigslist.org/2009/05/striking-a-new-balance/">post</a> refers to statistics that the chances of a predator abusing their forum are less likely than a predator using print ads to commit a foul deed. Also pointed out was that Craigslist has safety features built into the site that most "classified advertising" venues don't have. These include blocking, screening, telephone verification, and a community flagging system. The company also claims they cooperate (at a high level) with law enforcement and that predators can be tracked electronically back to the computer they are using. Last but not least, they point to safety tips prominently posted on all forums. These safety tips run the gamut of illegal schemes commonly found on the Internet.</p><p>Investigations are normally confidential matters, but if someone was tracking a sexual predator some of these forums could provide real-time investigative capabilities to resolve the case. They could literally track everything to a particular location given the right circumstances and cooperation by the forum and the ISP. Quite often, the frustrations voiced by those tasked with investigating internet crime are that the site and or the ISP do not cooperate as much as they should. If these sites aren't going away, then maybe the solution is to make is easier to tag the offenders?</p><p>Craigslist claims they do cooperate with investigative inquiries, but thus far no one is publishing any of these stories. It does state that law enforcement personnel provided feedback on how to design their new "adult section." Again, I'm not sure, but I imagine they couldn't claim this unless there was some truth to it; there is probably an army of lawyers monitoring this situation.</p><p>I doubt a flurry of media attention directed at Craiglist is going to solve the "people abuse" problem caused by anonymous venues. The problem will merely move from one anonymous venue to another one. The key will be the ability of the people doing the abuse to remain anonymous, or at least think they are. When sites and ISPs cooperate, it really isn't hard to track a lot of these individuals.</p><p>Since none of these sites are going away anytime soon, perhaps the best solution is to make it easier for the authorities to obtain cooperation from them when abuse is suspected or occurred, which is exactly what Craigslist is claiming to do. But Craigslist is hardly the only place where people are victimized by those with sinister intent on the Internet or via advertising in the print media. We need to begin to take a realistic look at the entire issue.</p>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-48980789977603812462009-04-28T03:02:00.000-07:002009-04-29T07:10:42.846-07:00NFCC Launches New Site to Assist Consumers in Financial Trouble<p>The National Foundation for Credit Counseling (<a href="http://www.nfcc.org/">NFCC</a>) has revamped their web site to provide consumers in financial trouble with a wide array of e-tools designed to help them solve their problems. The site also provides access to an NFCC-certified counselor to work with them on a more personal (human) level.</p><p>“It can be argued that there has never been a time when consumers needed financial tools more. And, when you need help, you want it fast. You don’t have time to waste going from site to site. You might say the NFCC is the HOV lane of the Information Highway,” said Gail Cunningham, spokesperson for the NFCC.</p><p>Sadly enough, the current economic crisis continues to <a href="http://fraudwar.blogspot.com/2009/02/ftc-site-teaches-public-how-to-avoid.html">spawn</a> a lot of too-good-to-be-true financial rescue schemes. These offers -- which frequently put the consumer in even more financial distress -- are being hawked via spam e-mails and other advertising venues at an alarming rate. The NFCC, which has been around for over fifty years, and is one place where a person can reach out for some <a href="http://www.nfcc.org/NewsRoom/presskit/files/PSI_Excerpts.pdf">legitimate help</a> without getting themselves in even more financial hot water.</p><p>The newly redesigned site has a lot of practical tools including a printable budget worksheet for tracking monthly expenses, access to financial calculators to help understand how long it will take to pay off credit card debt, what amount of mortgage debt can reasonably be sustained, or how long it’s going to take to save enough money for that special purchase. </p><p>There are also consumer tips on relevant everyday topics such as saving, credit, debt, and job loss, among others; consumer resources such as NFCC publications and videos and useful links; and videos of financial fast facts along with real life success stories, and a “Tell Us Your Story” area for consumers to voice how they’re faring in today’s economic environment.</p><p>Consumers in financial distress can reach out to a live person at the NFCC Member Agency closest to them through a secure online portal. NFCC counselors can provide assistance and advice with credit counseling, housing counseling and bankruptcy counseling and education.</p><p>On a lighter side, there is even a poll where someone can express their opinion about the current financial issues and see how they compare with the rest of the country.</p><p>The NFCC has been in the news in the past few days for striking a deal with credit issuers to help consumers facing overwhelming credit balances get out of debt. Thus far, ten of the top credit issuers have agreed to roll out two special needs repayment plans, and the NFCC hopes more will follow suit. </p><p>Last month, according to Moody's credit card index, uncollectible credit card debt surged to a 20-year high at 8.82 percent. Additionally, the Fitch Credit Card Index reported credit card delinquencies have increased 36 percent in the past six months.<br />Michelle Singletary covered this <a href="http://www.washingtonpost.com/wp-dyn/content/article/2009/04/22/AR2009042203636.html?sid=ST2009042300108&sub=AR">story</a> at the Washington Post. The NFCC also has more information on this in a <a href="http://www.debtadvice.org/newsroom/newsreleases/files09/NFCC_Call_Action.pdf">press release</a> they put out on April 15th.</p><p>The NFCC marked April as Financial Literacy Month and has launched a lot of events designed to promote financial responsibility. The newly designed site is one of them. The climax of their efforts is on April 28th when they present the National Survey Results on Consumer Financial Literacy to Congress. </p><p>Another event scheduled on April 28th will be a special MSN Message Board Event, where NFCC-certified counselors will be on-hand from 9 a.m. to 9 p.m. (Eastern Standard Time).<br />Besides providing e-tools to promote financial education, the NFCC can also be reached at 1-800-388-2227 to speak to a counselor near you. Para ayuda en Español Ilama al 1-800-682-9832.</p>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-43126706681047849882009-04-25T05:01:00.000-07:002010-03-11T19:09:23.759-08:00Scammers Exploiting MoneyGram Money Order Verification SystemIf you were scammed recently with a money order, the counterfeit might have been an instrument <a href="http://fraudwar.blogspot.com/2008/06/fraudsters-mutate-counterfeit-moneygram.html">spoofing the MoneyGram brand</a>. These <a href="http://fraudwar.blogspot.com/2007/04/counterfeit-moneygram-money-orders.html">money orders</a> have been known to appear in all the too good to be true/don’t exactly make sense come-ons being passed by spam e-mails or via a direct solicitation in a chat room.<br /><br />In case you are not familiar with all the variations of these come-ons, they include , but aren't limited to (new lures surface frequently), the <a href="http://fraudwar.blogspot.com/2006/07/according-to-google-secret-shopper.html">secret shopper</a>, <a href="http://fraudwar.blogspot.com/2006/04/postal-money-order-romance-scam.html">romance</a>, <a href="http://fraudwar.blogspot.com/2006/11/if-youve-really-won-lottery-why-are.html">lottery</a>, <a href="http://fraudwar.blogspot.com/2006/04/bbb-worker-takes-job-processing.html">work-at-home</a> and <a href="http://fraudwar.blogspot.com/2006/10/auction-fraud-and-romanian-connection.html">auction scams</a>.<br /><br />The common denominator in most of the scams is there will be a request to send the money you receive via wire transfer (if you don’t get caught), to the fraudster sending you this garbage for a small cut of the total amount. That is unless they are buying goods from you. In this case, the item you are selling is what they want.<br /><br />In the <a href="http://fraudwar.blogspot.com/2007/04/counterfeit-moneygram-money-orders.html">past</a>, a simple call to MoneyGram’s verification line (1-800-542-3490) normally was all that was needed to reveal the fact that the item was fraudulent. Unfortunately, this is no longer the case. The criminals producing these instruments are now taking advantage of a flaw in the automated verification system, which is tricking people into believing that the money orders are good.<br /><br />When a MoneyGram money order is called in for verification, the system prompts the user to enter all the particulars of the instrument, including the serial number and dollar amount. If the system doesn’t spot a discrepancy, it gives out a standard disclaimer stating there are no stops or holds on the item. If the system catches a discrepancy, it directs the caller to a live operator during their business hours.<br /><br />In recent weeks, I’ve received reports of this being exploited in two ways. In the first instance – a legitimate money order is purchased for a small amount (normally $1.00) –then is chemically washed and altered to reflect a large dollar amount. It is then passed before it registers in the verification system – and since the system doesn’t recognize the dollar amount – it gives out the standard disclaimer that tells the caller there are no stops or holds on the item. According to the people, I’ve asked, money orders do not register in the system for anywhere between 24 and 96 hours after being issued by a MoneyGram agent.<br /><br />In these instances, since the item was printed on actual paper, it contains all the known security features. These include a heat sensitive circle, which changes color when rubbed.<br /><br />A second variation of this scam has also been seen. In this variation, the instrument is a copy of a money order purchased for a small dollar amount. These will pass muster in the system as described above, but the security features will not be present. In this second version of the scam, the dates were printed to make it appear as if the item had been purchased several weeks before the legitimate item actually was. I suspect this was to trick people, who had already discovered the "washed instrument" mutation of this scam.<br /><br />When I first started getting reports on these variations of the scam, I thought it might be only targeting a limited geographical area. Normally when washing items occurs, this is the case. Since then, I've discovered this is happening throughout North America and the items are being shipped using overnight services, such as Federal Express and UPS.<br /><br />I have also had reports that these are being passed not only via online come-ons, but also by professional groups who specialize in passing counterfeit instruments.<br /><br />I went to the MoneyGram site to see if there were any warnings about this specific scam and found none. They do have a consumer protection area on their site, which refers to all the <a href="http://www.moneygram.com/MGIUS/CustomerService/ConsumerProtection/index.htm">come-ons</a> to trick people to cash these items. They also have information on how to <a href="http://www.moneygram.com/MGIUS/CustomerService/FAQs/ConsumerProductandServicesFAQs/MGIUS_EN_019907#verification">verify</a> their product in the FAQ area for customers on their site.<br /><br />The sad fact is that money order companies do not take a loss on these instruments. When the items is discovered to be a fraud – they return it to the institution who cashed it and the institution goes after (if they can find them) – the person who cashed them. With any money order, it is nearly impossible to be made whole by the issuing company, itself. In fact, many experts will tell you that accepting a money order is more risky than accepting a personal check. If you listen to the disclaimer on the verification line it tells you exactly that.<br /><br />So far as getting these instruments in too good to be true online scams – with the sour economy – I am seeing more and more people who really want to believe they have come into a financial windfall. When they fall for these scams – one thing is for certain – which are they are going to be held liable for cashing the items when the scam is discovered. This will certainly include being held financially liable, but can also mean facing criminal charges.<br /><br />So far as counterfeit MoneyGram instruments – although a lot of them seem to be out there – they are not the only items being counterfeited. U.S. Postal Money Orders have been seen frequently in the past, too. Recently, the U.S. Postal Service redesigned their product and has a <a href="http://www.moneygram.com/MGIUS/CustomerService/ConsumerProtection/index.htm">new page</a> on their site to help consumers verify their product. <a href="http://fraudwar.blogspot.com/2006/09/counterfeit-cashiers-checks-fuel.html">Counterfeit cashier's checks</a>, <a href="http://fraudwar.blogspot.com/2007/04/counterfeit-moneygram-money-orders.html">money orders</a>, <a href="http://fraudwar.blogspot.com/2006/10/american-express-gift-cheques-being.html">gift</a> and travelers cheques are also known to be frequently counterfeited and used in these types of scams.<br /><br />If you want to learn more about these scams, I recommend going to <a href="http://fakechecks.org/">fakechecks.org</a>, where you can see some highly visual demonstrations of these schemes. Another good resource on this subject – particularly if you are a victim – is <a href="http://www.fraudaid.org/">FraudAid</a>. The folks at FraudAid actually provide resources and advocate for people falling for these scams.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com14tag:blogger.com,1999:blog-12423159.post-44062949796888537912009-04-17T04:41:00.000-07:002009-04-19T09:48:48.037-07:00Twin Reports Suggest We are Losing the Cybercrime WarAccording to Symantec, malicious activity in 2008 amounted to 60 percent of all the activity they have recorded since they started keeping records. Last year, they recorded 1.6 million new malicious code signatures and blocked 245 million malware attacks from their users every month.<br /><br />Many of these attacks – when the words malware or malicious code are used – are designed to steal information (preferably financial) or take command and control of a computer. Once command and control of a computer is accomplished – it’s called a zombie and networked into a botnet. A botnet works as a super computer and is used to spam the electronic universe. Some of these spam e-mails contain even more malware, which infects more unprotected systems.<br /><br />In 2008, Symantec saw a 31 percent increase in the number of zombie computers. In 2008, Symantec observed an average of more than 75,000 active bot-infected computers each day, a 31 percent increase from 2007. Symantec's latest <a href="http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf" mce_href="http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf">report</a>, which covers January to December of 2008, suggests that 90 percent of these attacks are designed to steal information. Attacks using key loggers – which log a computer's keystrokes and send them to the criminals who installed the malicious code – grew from 72 to 76 percent of the activity observed by Symantec's security lab.<br /><br />Many of these attacks use a technique known as phishing, which is normally delivered in a spam e-mail. Phishing either tricks people into giving up their information (social engineering) or gets them to download malicious code, which makes the process automatic. Last year, Symantec detected 55,389 phishing website hosts, which is where you are sent if you click on a link in a phish-mail. Spoofed financial services companies accounted for 76 percent of these lures compared to 52 percent in 2007.<br /><br />Spam, which delivers most of this activity, continued to grow, too. This equated to 349.6 billion spam messages in 2008 compared to 119.6 billion spam messages in 2007, which is a 192 percent increase. According to the <a href="http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_report_04-2009.en-us.pdf" mce_href="http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_report_04-2009.en-us.pdf">monthly spam report</a> from Symantec, last month's spam social engineering themes included mortgage rescue, tax season, terror and scareware (fake antivirus solutions) for the much anticipated Conficker worm that was designed to hit on April Fool's Day. Please note that Conficker a.k.a. Downdaup is still a problem, but it didn't spread it's gloom and doom on April 1st to the degree it was expected to.<br /><br />Cybercriminals have always been quick to exploit the headlines and with the sour economy in the news have been targeting the financial industry. Here also, Symantec saw an increase of personal and financial information being stolen by using financial institutions as bait. In 2008, this amounted to 29 percent of the activity compared to 10 percent in 2007.<br /><br />In their latest report, Symantec leveraged information from their recent <a href="http://www.symantec.com/content/en/us/about/media/pdfs/Underground_Econ_Report.pdf" mce_href="http://www.symantec.com/content/en/us/about/media/pdfs/Underground_Econ_Report.pdf">Report on the Underground Economy</a> which points to an organized criminal community that specializes in the sale of stolen personal and financial information. They noted that the economic principle of supply and demand has come into play with this underground economy due to a glut of stolen data – causing prices to go down.<br /><br />Most of this stolen information is sold in electronic forums, such as websites and Internet Relay Chat (IRC) channels. These forums enable information to be sold worldwide and make the activity anonymous. Because the activity is anonymous, it is very difficult to investigate or shut-down. Credit cards go anywhere from less than a dollar to about $30 and bank account credentials sell for anywhere from $10 to $100. Much of the cost depends on the perceived value of information and the amount of it, which is purchased.<br /><br /><a href="http://4.bp.blogspot.com/_Y5Wj_eMCNq4/Sesb1kxgVyI/AAAAAAAAAoo/tQ7rQpv1yOg/s1600-h/Saledata.jpg"><img id="BLOGGER_PHOTO_ID_5326381591514076962" style="WIDTH: 320px; CURSOR: hand; HEIGHT: 155px" alt="" src="http://4.bp.blogspot.com/_Y5Wj_eMCNq4/Sesb1kxgVyI/AAAAAAAAAoo/tQ7rQpv1yOg/s320/Saledata.jpg" border="0" /></a><br /><br />Symantec isn't the only one releasing a report showing an alarming increase information theft. Verizon just released a report showing that 285 million information records were compromised in 2008, alone. While the Symantec report focuses more on individual attacks, the Verizon report studies the impact large scale attacks on businesses and organizations. When combined, the information in these reports is pretty revealing.<br /><br />According to the Verizon <a href="http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf" mce_href="http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf">report</a>, the 285 million records stolen are greater than what was known to be stolen in 2004 to 2007. I say "greater" because I've often speculated that the most valuable information stolen is the data no one knows has been stolen. After information is known to have been stolen, measures are taken to protect it. This makes it useless or at least a lot harder to use.<br /><br />Recently, underground services have also popped up in these underground forums, which allow information thieves to see if the information they are buying hasn't been compromised (pun intended).<br /><br />Verizon, who investigated 90 data breaches last year, noted that malware is now being designed to steal debit card and PIN information. The report also breaks down the point of compromise by industry and how the data was breached. For instance, in the past year 93 percent of the activity compromised was at financial institutions. Also cited was that most attacks were accomplished by external entities (73 percent) taking advantage of procedural flaws, but that when the breach was assisted by an insider (20 percent) more data was stolen.<br /><br />The trend towards compromising debit cards and PINS is likely because these instruments are the quickest route to obtaining cash. Obtaining cash is normally the ultimate goal of an information thief and stolen debit card information accomplishes this with a minimum of effort.<br /><br />Also covered are breaches caused by partners (32 percent), which are external entities providing services to a business. Please note these percentages add up to more than 100 percent, which means that multiple points of compromise can be attributed to any one incident in some cases.<br /><br />Both reports are an excellent read and point to the fact that there is a glut of stolen information for sale on the black market, which isn't good news. The fact that more information is being stolen than ever before – even when security procedures are ramped up on a regular basis – is not good news, either.<br /><br />Perhaps both of these reports suggest the obvious, which is we are not winning the war against cybercrime and the problem is getting worse. Historically, these losses have been written off and the cost is passed to the consumer. With the sour economy and the fact that a lot of the financial industry is already on the brink of bankruptcy, writing off these losses might no longer be a realistic solution.<br /><br />The reason criminals can easily exploit this information is that we are storing it in too many places that are too easy to access. The reason this has happened is because a lot of people are making a lot of money by using and selling this information. Making the information easy to access makes it easier to make money from it. I'm all for making money, but at what point does it prove to be irresponsible?<br /><br />No security fix is going to solve this problem without a healthy dose of common sense being infused into the scheme of things!<br /><br />After all, the economy is already in a lot of trouble because of some of same people making a lot of money, irresponsibly. My guess is we are getting to the point, where we will no longer be able to write-off the cost of being irresponsible to the consumer, as well as, the taxpaying public.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com4tag:blogger.com,1999:blog-12423159.post-48272756418017328212009-03-28T08:12:00.000-07:002009-04-02T10:12:07.209-07:00Counterfeit Documents Enable Dangerous Criminal ActivityFor the past few weeks, the news has focused on all the blood being shed on our southern border. While there is no doubt that this activity is scary and real, these gangs have to be a little more low key when they perform their day-to-day operations.<br /><br />In order to do this, they need to blend in with the rest of us. When setting up residence to operate their illegal businesses, these criminals need to appear legitimate. The way they do this is with a wide variety of counterfeit documents. These counterfeit documents enable the rest of the illegal activity to occur, which makes them a weapon that could be a lot more dangerous than an assault rifle, IED or RPG.<br /><br />Although the news media is drawing attention to this problem (yet again) because of the violence on the border, the violence and resulting concerns about border security are nothing new. Neither is the use of counterfeit documents by the criminals crossing over the border and setting up residence in the United States.<br /><br />A PBS Frontline story from 2001 illustrates the worst case scenario of this problem. It details how terrorists are specifically trained to use counterfeit documents to move across borders. The story states that using counterfeit documents is part of the security training of Al Qaeda operatives. This <a href="http://www.pbs.org/wgbh/pages/frontline/shows/trail/etc/fake.html" target="_blank">story</a> also states that the terrorists affiliate themselves with organized criminal syndicates that smuggle humans and provide counterfeit documents to accomplish this.<br /><br />If an undesirable person has documents that appear to be legitimate, it’s no problem to cross a border or set up residence in a neighborhood just about anywhere.<br /><br />Because of this, the plea bargain made with Pedro Castorena-Ibarra — who allegedly masterminded the production of high quality counterfeit documents from coast to coast — is an interesting chapter in the long running border security saga. Quite simply, these counterfeit documents enable all kinds of criminal and some say, potential terrorist activity.<br /><br />At one time, Pedro Castorena-Ibarra was considered one of <a title="Pedro Castorena ICE most wanted" href="http://www.ice.gov/pi/investigations/wanted/Pedro_Castorena.htm" target="_blank">ICE's most wanted fugitives</a>. A five year investigation uncovered his involvement in the production of millions of counterfeit documents, which were sold to anyone with the money to buy them. The plea bargain <a href="http://www.rockymountainnews.com/news/2009/feb/06/crime-boss-pleads-guilty-as-part-of-deal/" target="_blank">stipulates</a> that Castorena will testify against other people in the counterfeit documents trade. When doing the research on this, I noticed that there isn't very much public information on exactly who he is going to testify against.<br /><br />One of the problems with prosecuting Castorena came about when a lead ICE agent assigned to the case, Cory Voorhis was indicted for using a government intelligence system in an unauthorized manner. While working the Castorena case, Voorhis decided to take a look at former Denver District Attorney Bill Ritter's plea bargains with illegal immigrants.<br /><br />This information was subsequently used in an attack ad on now Governor Bill Ritter. The specific information used in the ad was about an illegal alien, who received one of these plea bargains after being accused of dealing heroin, and was allowed to plead guilty to trespassing. Voorhis discovered this same illegal immigrant had been previously arrested (but never convicted) on sex charges in California under a different name. How much do you want to bet he had access to counterfeit documents? Ritter called for an investigation and Voorhis ended up getting tried in federal court.<br /><br />Voorhis was accused of accessing information he wasn't authorized to see in a government database (NCIC), which was later found to be incorrect. The National Crime Information Center is a database maintained by the FBI that records data on crimes. It came out in the trial that he actually used the web based link to this system instead of the TECS (Treasury Enforcement Communication System) that he was accused of accessing. This came out in testimony from a government witness and was corroborated in a FBI forensic analysis of his government computer. Because of this, it was determined that Voorhis never exceeded his authorized level of access.<br /><br />Additionally, the information he accessed was in the public domain and could probably been found using other tools besides NCIC, some of which are available to anyone.<br /><br />Voorhis has maintained he was trying to force change in what he considered questionable legal proceedings. There might be a few people out there that agree that it doesn't serve the best interests of justice to allow a heroin dealer to plead guilty to a trespassing charge (?). This person wasn't here legally and we might not even know his true identity.<br /><br />Voorhis has since lost his job – and despite the outcome of the trial – was not allowed to testify in the Castorena trial. Many believe the attempt to prosecute Voorhis isn't much different than the much more public cases of Ignacio Ramos and Jose Compean.<br /><br />In a recent <a href="http://www.washingtontimes.com/news/2009/mar/22/tale-of-two-sanctuary-cities/">article</a>, former Congressman Tom Tancredo wrote about this, he points out that it seems to be more dangerous to be a federal officer charged with protecting our borders than to be one of the criminals crossing it. Please note that in the Ramos/Compean case, as well as, the Voorhis case — the immigrants involved were not here to find honest labor. Voorhis has a <a title="cory voorhis" href="http://www.corylegaldefense.com/">website</a>, which has a lot of information on this case.<br /><br />This includes a press release by Congressman Tancredo calling for ICE to give him his job back. The <a href="http://www.corylegaldefense.com/articles/art2008apr11.html">press release</a> points out that the charges against him were found to be incorrect and he was exonerated. This would lead most of us to believe that this is a reasonable request (?). If it only took two hours to acquit Voorhis, there is a pretty good case that the prosecution's evidence in this case was pretty weak (opinion). It’s ironic that the effort to prosecute Castorena was dealt a death blow when Voorhis wasn’t allowed to testify against him even though he was found innocent.<br /><br />The Voorhis site has an area, where people can <a href="http://www.corylegaldefense.com/info/donate.html" target="_blank">donate</a> to help him pay for the considerable legal costs incurred to defend himself. Of course, there might be another reason for making the deal with Castorena. In the world of plea bargains, deals are sometimes made to go after a bigger fish in the pond. Just who Castorena is going to testify against is open to speculation, but it might be against the Leija-Sanchez organization.<br /><br />The Leija-Sanchez arm of the counterfeit documents trade operated out of the Chicago area and is reputed to be tied in with the Castorena organization. The step-daughter of the boss of this organization (Manuel Leija-Sanchez) has provided a lot of evidence on the scope and wide reach of this organization to the authorities. Please note, that like the drug cartels in the news recently, this cartel has also been found to be capable of violent activity when someone gets in their way.<br /><br />Suad Leija is the step-daughter of Manuel Leija, who involved her in the counterfeit documents trade from an early age. Suad was recruited by a mysterious gentleman with obvious ties to the intelligence community, who is now her husband. The intent was to leverage the organization to identify potential terrorists, who had used their services.<br /><br />The deal fell through and Suad headed north to assist the government in identifying the scope of the operation in North America. Since then there a lot of the key players in the organization have been identified and <a href="http://www.usdoj.gov/usao/iln/pr/chicago/2007/pr0425_02.pdf" target="_blank">arrested</a>, but the case is ongoing and ICE will not comment on it in public. Saud’s stated motivation in this effort is to prevent terrorists from using these documents to commit harm against the general public.<br /><br />The Suad Leija story, which has been covered extensively in the mainstream media, is chronicled on her own site, <a href="http://www.paperweapons.net/links.html" target="_blank">Paper Weapons</a>. If you want to see how widespread the problem of counterfeit documents is, the site is a good place to start. Suad provided a lot of the information, which tied in the Castorena branch with the Leija-Sanchez organization. The ties are pointed out on her site.<br /><br />Please note that this is a very brief overview of the Suad story and if you are interested, her site covers it in great detail. The problem with counterfeit documents is a tendency to associate them with illegal immigrants trying to make a better life for themselves or teenagers sneaking into bars. The real issue is that they are sold to anyone and used by criminals who have a more sinister intent than to make a better life for themselves or sneak into a bar.<br /><br />No matter where you stand on the illegal immigrant issue, the fact that the trade is controlled by criminals often leaves those with dreams of a better life open to a wide-array of abuse. This includes being enslaved and forced to commit crimes by the people, who bring them over the border.<br /><br />Another common misconception is that these documents are being sold exclusively to our Hispanic neighbors to the south. The truth is they are being sold to anyone with the money to buy them. Our southern border has become the preferred route for anyone who wants to illegally enter the United States. All the resources needed to gain entry (illegally) seem to be readily available there.<br /><br />On Friday, Sara Carter released an <a href="http://www.washingtontimes.com/news/2009/mar/27/hezbollah-uses-mexican-drug-routes-into-us/" target="_blank">article</a> in the Washington Times about the ties between the drug cartels on the border and Hezbollah joining forces to smuggle drugs and humans into the country. Although not mentioned in the story, these people obviously would need documents to set up shop once they cross the border. In fact, in theory at least, they might use them to cross the border.<br /><br />Because, I found the story interesting, I made contact with Suad Leija’s husband, who told me that he gave this information to Carter a few years ago and pointed out that Lou Dobbs has also <a href="http://premium.cnn.com/TRANSCRIPTS/0610/29/ldt.01.html" target="_blank">covered</a> aspects of this story. Both Carter and Dobbs have covered the Suad story, and interviewed her, personally.<br /><br />During this conversation, he told me that the specific information given was about an operation he proposed called “Tag.” Tag predated his involvement in the Leija-Sanchez operation and was designed to set up a means to provide documents to people illegally entering the country and then "chip" them so that specific targets could be tracked.<br /><br />The original intent of the Leija-Sanchez operation was to get the cartel to cooperate in identifying and monitoring potential terrorists coming into the United States, illegally. Tag might have become part of this operation, if it had ever taken place, according to Suad's husband.<br /><br />He told me the Hezbollah connection was nothing new and confirmed it comes out of the tri-border area in Paraguay, which hosts a large Islamic population. The residents in this area emigrated from Lebanon primarily in the aftermath of 1948 Arab-Israeli and the 1985 Lebanese civil wars.<br /><br />He also mentioned that, according to Suad, the Islamic immigrants were paying $5,000 each to be brought across the border when the Leija-Sanchez organization was involved. Complete sets of counterfeit documents were included in the deal.<br /><br />Parts of this story have surfaced before; MSBC did a <a href="http://www.msnbc.msn.com/id/17874369/" target="_blank">story</a> on the tri-border area of Paraguay and the Hezbollah connection. This story covers the terrorist financing aspect and potential threat to the United States. Michelle Malkin also did a <a title="Michelle Malkin blog" href="http://michellemalkin.com/2008/03/24/terrorists-crossing-our-borders/" target="_blank">post</a> on her blog mentioning that FBI director Robert Mueller mentioned Hezbollah members crossing the border in testimony before Congress in 2006. She also mentions Mueller referring to terrorists assuming Hispanic identities and crossing the border, while in Texas in 2007. In October of last year, the Los Angeles Times did a story about Hezbollah laundering the proceeds of Colombian Drug Money. The <a href="http://seattletimes.nwsource.com/html/nationworld/2008309259_drugring25.html" target="_blank">story</a> mentions that the cocaine being sold was going to the United States and other destinations.<br /><br />Carter, who covers the border situation on a regular basis, has also done stories on the Mexican military crossing the border in support of drug smugglers and even firing shots at U.S. law enforcement. In one of the stories about this, which I saw on <a href="http://www.youtube.com/watch?v=J4vMv9AaEAU">YouTube</a>, Carter stated she got some of this information for the harder working illegal immigrant types. She mentioned that they hide from these groups in order to avoid being victimized by them.<br /><br />Maybe these hard working illegal types are trying to tell us something?<br /><br />Even more ominous, was President Obama's recent revelation that Al Qaeda was <a href="http://www.google.com/hostednews/afp/article/ALeqM5jBs_MR2HFabpaowjNKkGDWHomWvw">planning attacks on U.S. soil</a> from their hideouts in the tribal belt in Pakistan. If this is true, the first thing these terrorists will need when they enter our country are counterfeit documents so they can blend in with the rest of us.<br /><br />If you take a look at any aspect of the insecure situation on our border, counterfeit documents are more than likely involved in one way or another.<br /><br />After all, it is a known fact that the last time a terrorist attack was carried out on U.S. soil; it was accomplished by individuals who used fake documents to enter the country to commit their dirty deeds on 9-11-2001.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com3tag:blogger.com,1999:blog-12423159.post-37615524316926701122009-03-22T07:57:00.000-07:002009-03-24T06:09:19.540-07:00Symantec Indian Call Center Employee Selling Credit Card Details (Shocking)!A <a href="http://news.bbc.co.uk/2/hi/uk_news/7953401.stm" target="_blank">story</a> of an undercover investigation by the BBC shows how dishonest employees at call centers — who collect plastic payment card details on clients — might be making a little extra pocket change by selling them.<br /><br />The focus of the BBC story is centered on an Indian call center employee for Symantec Security Corporation stealing payment card information. It is also centered on UK customers, which is understandable given it is the BBC, but the reality is that information is stolen then sold from countries all over the world.<br /><br />Payment card details are handled by telephone at call centers in a lot of places and the calls come from all over, too. A lot of companies have different tiers (levels of personnel) handling calls, depending on the difficulty or nature of the call. At a lot of major companies, these tiers are located in different centers, which are in different countries. Any call might start in one country and, given the nature of the call, it could be transferred to another center located in another country. Given this, payment card information can be sent and then illicitly recorded over a fairly wide geographical area.<br /><br />Besides that, dishonest employees are caught on a regular basis in a lot of different places. They don't all necessarily reside in India and call centers there are not the only place payment card information can be compromised. In fact, payment card information can be compromised anywhere (not just call centers) where they are used at a point of sale.<br /><br />Information crooks are recruited and some think even planted anywhere financial information can be stolen. Even if they are not, payment card details are being bartered in forums on the Internet. It probably wouldn't be very hard to find a place to sell credit/debit card information when all it takes to do it is a click of a mouse.<br /><br />The BBC story, which aired on video, chronicles an investigative effort by their reporters on the streets of Delhi. In the <a href="http://news.bbc.co.uk/2/hi/south_asia/7954139.stm" target="_blank">segment</a>, it shows reporters making contact with the underground broker, who offers them payment card details from "all over the world" for $10-$12, each. It then shows a buy being made and money changing hands.<br /><br />When the information was checked, it revealed that only one in seven card numbers were actually usable. They were able to trace some of the good numbers to a call center handling Symantec (Norton) products. The story stated that there has only been one successful prosecution in India for this type of crime and that it netted a non-custodial sentence. It also stated that the laws regarding the protection of data are not as stringent as they are in some places. The story mentions that Symantec's official comment was that it was an isolated incident and that the employee was removed.<br /><br />Since one to seven card details turned out to be real, I guess we can assume the underground broker wasn't being completely honest. I've also seen reports of credit card details being sold for a lot less and you don't have to travel to India to find them.<br /><br />In November, Symantec — the point of compromise in the story — issued a report on the underground economy, which focused on this very subject. "Credit cards are also typically sold in bulk, with lot sizes from as few as 50 credit cards to as many as 2,000. Common bulk amounts and rates observed by Symantec during this reporting period were 50 credit cards for $40 ($0.80 each), 200 credit cards for $150 ($0.75 each), and 2,000 credit cards for $200 ($0.10 each)," according to the report.<br /><br />If this report is anywhere near accurate and the BBC was buying card details at $10-$12 each — if only one to seven was good in the Delhi exchange — the BBC was getting ripped off!<br /><br />According to the <a href="http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_underground_economy_report_11-2008-14525717.en-us.pdf" target="_blank">68-page report</a> by Symantec, these details can be bought anywhere that has an Internet connection. Counterfeit instruments (ready to use) are often sent through the mail, too. The information is sold via IRC (Internet relay chat) channels in forums designed to market stolen financial information. Although credit/debit card details seem to dominate the scene, a lot of other information is sold that can be used to commit financial crimes and identity theft in these forums, too.<br /><br />If you don't want to believe the Symantec report, the FBI took down one of these forums not very long ago. This forum known as <a href="http://www.fbi.gov/page2/oct08/darkmarket_102008.html" target="_blank">Dark Market</a> was responsible for about $70 million in fraud, worldwide. My best guess is that the information in the report is pretty accurate.<br /><br />Although dishonest insiders are the cause of a portion of it, we should remember that hackers breaking into business systems, phishing, malicious software and even the trash can be sources of stolen information. The places targeted for information can be merchants, restaurants, goverment organizations, charity organizations, universities, medical facilities or anywhere payment card information is used at a point of sale.<br /><br />Keeping up with all the points of compromise is difficult, but one place that attempts to is the <a href="http://datalossdb.org/" target="_blank">DataLossDB</a> site. Please note that the unknown data breaches are the most lucrative for the criminals behind this activity. Once a breach is discovered, measures are enacted to disable the stolen data.<br /><br />It can be extremely difficult, if not impossible, to identify the point of compromise in most individual cases. The reason for this is there are too many different places where information might have been stolen from.<br /><br />Maybe that's the problem, or we are storing and transmitting too much information all over the place? Since everyone is making money by transmitting information, I doubt this practice is going to stop anytime soon. So far as outsourcing, I doubt this is going to stop in the near term, either. Companies save a lot of payroll by outsourcing jobs. Payroll is a big expense for corporations and cutting payroll seems to be in vogue these days.<br /><br />Nothing is going to change until laws are passed that force everyone making money from this information start doing the right things. This includes laws that prohibit people from being irresponsible (my opinion) to laws that punch the criminals stealing the information where it hurts.<br /><br />Until then, the rest of us will have to batten down the hatches and weather the storm. I highly recommend making sure your information is protected as well as it can be (there are no guarantees) by protecting your own electronic transmissions. Monitoring financial activity — from your financial statements to information on your credit report and the Internet — is a good idea, too. Of course, while doing this, you need to ensure your electronic transmissions are protected by a reliable vendor and that you aren't paying for protection that you <a title="FTC Warns FreeCreditReport.com is not Free" href="http://fraudwar.blogspot.com/2009/03/ftc-warns-freecreditreportcom-is-not.html" target="_blank">could</a> get for <a href="http://blogcritics.org/archives/2009/03/18/224306.php">free</a>. Sadly enough, everyone claiming they can protect you isn't necessarily being completely honest, either.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com7tag:blogger.com,1999:blog-12423159.post-27553989606845715292009-03-15T18:37:00.000-07:002009-03-19T07:28:48.726-07:00FTC Warns FreeCreditReport.com is NOT FREEIdentity theft is a serious subject, and according to recent reports, it's a growing problem. Because identity theft is out of control (personal opinion) and has victimized a lot of people, it's spawned a cottage industry that sells protection at a price. Critics, including the FTC, believe a lot of these identity theft companies are selling services that are supposed to be free.<br /><br />If you've watched TV in the past year, you've probably seen the ads for FreeCreditReport.com. These ads have urban minstrels (guitar dudes) singing about the woes of people who have had their identities stolen or made poor credit choices. The idea is to get you to go to FreeCreditReport.com, which isn't exactly free. If you read the fine print when you sign up at this site for your free credit report, you are actually authorizing them to bill your credit/debit card $14.95 a month for eternity. This ads up to $179.40 a year.<br /><br />That doesn't exactly sound like it's free, does it? You can cancel within the first seven days, but given their immense advertising budget, it appears not very many people do or seem to have a <a href="http://www.ftc.gov/opa/2005/08/consumerinfo.shtm" target="_blank">problem cancelling</a> the service. Even worse, a lot of people who signed up for their service probably aren't even aware that they could have actually gotten their credit report for free elsewhere.<br /><br />Under federal law, anyone is entitled to get their credit report for free. To bring attention to this, the <a href="http://www.ftc.gov/" target="_blank">FTC</a> (Federal Trade Commission) has launched an <a href="http://www.ftc.gov/freereports" target="_blank">awareness campaign</a> entitled "FTC Releases Humorous Videos with a Serious Message About AnnualCreditReport.com."<br /><br />AnnualCreditReport.com is the only source authorized to give out free credit reports under federal law. The law, which is part of the Fair Credit Reporting Act, guarantees anyone access to a free credit report from each of the big three credit reporting agencies — Experian, Equifax, and TransUnion — every twelve months.<br /><br />The reason for this campaign was the large volume of complaints from consumers, who thought they were getting something for free, but were not. The FTC is warning the public not to be fooled by TV ads, e-mail offers, or ads on the Internet.<br /><br />Please note that little to nothing is done to make sure these ads and or spam messages offering protection are legitimate. These ads and spam e-mails might actually come from fraudsters. Answering one of them might lead to a person having their identity stolen.<br /><br />There are other reasons not to hand over your personal information to the wrong organization. We live in a world where hackers and identity thieves breach databases with an alarming frequency. If you are handing over personal information to one of these companies, they might be maintaining it in a database where it could be stolen. Also, there is no guarantee that your personal information isn't going to be stolen by a dishonest insider. Because information is often outsourced and electronically transmitted all over the world, a lot of people can end up having access to it. All it takes is one dishonest person to decide to steal it and sell it to someone else.<br /><br />Information is worth a lot of money, and besides dishonest insiders, data brokers and the credit bureaus sell it all the time for marketing purposes. Having information in too many places is a common denominator in a lot of people who become an identity theft victim.<br /><br />AnnualCreditReport.com is the only place to get a free credit report authorized by the government. I would trust my information with them a lot more than some of the places I see advertising identity theft protection.<br /><br />Free reports can be requested online, by phone or by mail. To get your free credit report online go to <a href="http://www.annualcreditreport.com/" target="_blank">AnnualCreditReport.com</a>, call 1-877-322-8228, or fill out the <a href="https://www.annualcreditreport.com/cra/requestformfinal.pdf">Annual Credit Report Request form</a> and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. You have the option of requesting all three reports at once or you can order one report at a time. A lot of users of this service order one every few months to monitor their credit on a more frequent basis without having to pay for it.<br /><br />If you see items on your report that are inaccurate, the FTC provides a tutorial on their site on <a href="http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre21.pdf" target="_blank">how to dispute credit errors</a>. If you think you have become an identity theft statistic, you may need to place a fraud alert on your credit report, close compromised accounts, file a complaint with the FTC, or file a police report. A tutorial is also provided to help consumers do this on FTC’s <a href="http://www.ftc.gov/idtheft" target="_blank">identity theft Web site</a>.<br /><br />Besides the FTC site on identity theft, I recommend the <a href="http://www.idtheftcenter.org/" target="_blank">Identity Theft Resource Center</a> and the <a href="http://www.privacyrights.org/identity.htm" target="_blank">Privacy Rights Clearinghouse</a> as excellent free resources to learn how to prevent identity theft and recover from it.<br /><br />If you think you've been tricked to paying for a credit report, the FTC is asking that you let them know about it by filing a <a href="https://www.ftccomplaintassistant.gov/">complaint</a>. Additionally, if you receive any spam e-mails offering free credit reports, the FTC asks that you send them to <a href="mailto:spam@uce.gov">spam@uce.gov</a>.<br /><br />Spam e-mails offering free credit reports can be phishing attempts, which are designed to trick you into giving up your personal information. They can also contain malicious software, which will steal all the information off your computer, automatically. Either way, answering one or even clicking on a link in one can make you an identity theft victim.<br /><br />Credit reports don't necessarily catch all forms of identity theft. Sometimes different parts of people's identities are used to forge a synthetic one. This phenomenon has been dubbed synthetic identity theft. Quite often, because a lot of the information doesn't match, the credit bureaus don't pick it up.<br /><br />Other examples where a credit bureau might not reveal identity theft are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and when it is used to commit crimes of other than a financial nature.<br /><br />In the recent past, this has been discovered by many during tax season, when they get a bill for taxes that an identity thief never paid to the government. A lot of experts recommend that you watch your yearly Social Security statement carefully because of this. Identities are stolen to file fraudulent tax returns or used to obtain employment.<br /><br />As a bonus, I am going to include what I consider an interesting <a href="http://www.criminaljusticeusa.com/blog/2009/who-knows-what-about-you-25-free-tools-to-find-out/" target="_blank">post</a> from Kelly Sonora over on the e-Justice blog. In this post, Kelly provides 25 tools that can be used to monitor information about yourself, see what is being said about your business, search for information about yourself and find public records that relate to your personal information. A prudent person can even set up alerts on some of these tools so they are automatically notified of any new information.<br /><br />Please note, Kelly's blog post is not sanctioned by the FTC, but nonetheless, I think it's a neat set of tools that a lot of people might find useful.<br /><br />As a final bonus — here is a parody (courtesy of the FTC) warning us all the the guitar dude's free credit report isn't free:<br /><br /><br /><embed pluginspage="http://www.macromedia.com/go/getflashplayer" src=" http://www.ftc.gov/bcp/edu/multimedia/video/credit/acr/annual-credit-report-restaurant.swf" width="425" height="355" type="application/x-shockwave-flash" wmode="'transparent'" quality="high"></embed>Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com1tag:blogger.com,1999:blog-12423159.post-90551837364445131682009-03-14T18:53:00.000-07:002009-03-17T11:22:47.952-07:00Downadup/Conficker Worm Disables Computer SecurityIf you were a hacker or a e-scam artist with malicious intent, would it be valuable to disable a machine's security system? Most of them find it relatively easy to take command and control of unprotected machines, but fully patched and protected machines pose more of a challenge.<br /><br />Since late last year, hackers have developed a new tool that attacks protected machines, known as the Downadup/Conficker worm. This worm is being called a complex piece of malicious code that is able jump network hurdles, hide in the shadows and even defend itself against security measures, according to a <a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf" target="_blank">recent report</a> by Symantec.<br /><br />Symantec has documented its blog posts on this subject in this report, which are available on their site. They also have a <a href="https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/252">blog post</a> by Ben Nahorney that attempts to put this complex threat into terms that can be understood by the general public.<br /><br />Just this month, Symantec identified the third version of Downadup/Conficker, which has an even more powerful punch designed to take down computer security systems. This version has been dubbed the <a href="https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/249">W32.Downadup.C</a> variant and is still under analysis. The <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2009-030614-5852-99" target="_blank">payload</a> from W32.Downadup.C is set is to be triggered on April 1st, and if it is, the damage from it could be huge. SC Magazine aptly summed this up in an <a href="http://www.scmagazineus.com/No-joke--Conficker-worm-set-to-explode-on-April-Fools-Day/article/128808/" target="_blank">article</a> called, "No Joke — Conficker Worm set to explode on April Fool's Day."<br /><br />Since Downadup/Conficker has the ability to replicate itself — even on USB drives and network shares — by cracking passwords, it can spread like wildfire and wreak havoc on systems.<br />The report concludes that this is only the beginning of the Downadup/Conficker threat. If you take the time to read through the report, it shows how this malware is evolving and changing to avoid attempts to stop the spread of it.<br /><br />It is being reported that Downadup Conficker has enabled one of the largest botnets to be formed on the Internet because of the number of systems that aren't protected from it. Of course, it appears that once infected, the worm itself might prevent the patches from be downloaded on a machine.<br /><br />Botnets generate all the <a href="http://fraudwar.blogspot.com/2009/02/spammers-love-to-hurt-internet-users.html" target="_blank">spam</a> we see in our in boxes and are the vehicle of most fraud, phishing and financial misdeeds seen on the Internet. They consist of infected computers that have been taken over and form a super computer capable of spreading a lot of garbage. Of course, becoming infected can also mean that all your personal and financial information will be data-mined and used by less than honest people to steal money or commit other types of crimes.<br /><br />Information can be stolen to commit espionage or even provide a fake identities, which are then used to support other more serious criminal activity. Although a lot of espionage is industrial, it is on record already that Downadup/Conficker infected computers at the U.K. Ministry of Defence and the Houston Municipal Courts which suggest a more sinister intent than merely committing financial crimes.<br /><br />Since the beginning of the year, there are different estimates of how many computers are infected, but all them seem to agree it's somewhere around nine million.<br /><br />Microsoft has announced a $250,000 reward for information leading to the arrest of the authors of this code. It has also announced an industry-wide coalition to fix the threat that Downadup/Conficker poses. Included in this coalition are ICANN, NeuStar, Symantec, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Verisign, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.<br /><br />Microsoft also provides <a href="http://www.microsoft.com/conficker" target="_blank">information</a> on patches and the latest developments on Conficker/Downadup on its site. It also has another page where you can <a href="http://www.microsoft.com/protect" target="_blank">learn more</a> about these types of threats and how to stay safe online.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-59599452826342978542009-03-14T18:26:00.000-07:002009-03-14T18:35:25.056-07:00Don't Bail Out a Scam ArtistRecently, I've noticed all kinds of ads and spam e-mails promising to deliver a bail out of one kind or another. While we're finally going to see a few average people bailed out, most of these ads and spam e-mails have one purpose and one purpose only — to provide a revenue stream to a scam artist.<br /><br />On March 4th, the FTC issued a <a title="FTC Warns Consumers About Economic Stimulus Scams" href="http://ftc.gov/opa/2009/03/stimulusscam.shtm" target="_blank">warning</a> that consumers might get stung by one of these bail out schemes and that these scams are showing up in many different forms.<br /><br />A lot of these scams claim they can assist someone in qualifying for a bail out and all you need to do is to provide them with a little information or a small payment (preferably using a plastic instrument) to reap a too-good-to-be return on your investment. Plastic is quickly becoming the preferred payment option of criminals and <a title="Marketers of Dietary Supplements and Devices Agree to Pay $3 Million to Settle FTC Charges of Deceptive Advertising" href="http://ftc.gov/opa/2009/03/roex.shtm" target="_blank">semi-legitimate marketing gurus</a>, alike.<br /><br />Common <a href="http://fraudwar.blogspot.com/2009/02/spammers-love-to-hurt-internet-users.html" target="_blank">spam e-mail</a> messages ask for your banking information so the money can be direct deposited into a bank account. In most of these scams, the exact opposite occurs, or the money in the account is stolen. There are also a lot of spoofed spam e-mails that appear to come directly from a government agency, which ask you to verify that you qualify for a payment by providing them with personal/financial information. If responded to, they either clean out your financial resources or use your good name to steal from a financial institution.<br /><br />The <a href="http://www.fbi.gov/cyberinvest/escams.htm" target="_blank">FBI</a>, IRS and <a href="http://www.bizop.ca/blog2/due-diligence/federal-reserve-board-advance.html" target="_blank">Federal Reserve</a> have recently reported their names being spoofed (impersonated) in a variety of spam e-mails designed to scam people of their hard-earned resources. Of course, a lot of the e-mails and e-ads use the names of Barack Obama and Joe Biden to make their come-on appear more legitimate, too.<br /><br />Some of these e-mails contain links, which lead to websites that download all kinds of <a href="http://fraudwar.blogspot.com/2009/02/rsa-report-reveals-increase-in-cyber.html" target="_blank">malicious software</a> and spyware on a machine. Normally, the intent in these instances is to steal personal information or take command and control over a machine.<br /><br />Not all these come-ons come in spam e-mails, either. Much to my dismay, I did a search on the word "Stimulus" and <a href="http://www.google.com/search?hl=en&q=stimulus&btnG=Search" target="_blank">found</a> several ads offering a questionable bail out. After doing this, I went to my local coffee house and picked up some of available free magazines and found questionable bail-out offers in them, also.<br /><br />When it comes to advertising dollars, those accepting the money aren't required to perform any due diligence on what is being <a href="http://search.yahoo.com/search;_ylt=Apmi93YQH3sOGx5zeng1V9GmN3wV?p=stimulus&fr=att-portal-s&toggle=1&cop=&ei=UTF-8" target="_blank">advertised</a>.<br /><br />In some of the so-called semi-legitimate come-ons (my personal opinion), there might be a clause in small-print that allows them to charge your card a small fee over a long period of time.<br /><br />While these so-called legitimate marketing ploys are nothing new, they are being seen used in some of the pay for bail out products being hawked all over the place.<br /><br />If you've signed up for any of these deals, it might pay to review your statements, carefully. Of course, in today's world, it pays to do this on a regular basis, anyway.<br /><br />If you see any of these scams and want to complain about them, the FTC provides an <a href="https://www.ftccomplaintassistant.gov/">electronic</a> means of doing so. I've provided a link for anyone, who might be interested in doing this. You can also complain by calling 1-877-FTC-HELP (1-877-382-4357).<br /><br />Last, but not least, I'll point to a <a href="http://www.bankofobama.org/" target="_blank">site</a> called the Bank of Obama (Because Everybody Deserves a Bail Out). On this site — which appears to be somewhat of a parody — you can send your friends an imaginary check. At least this site delivers what it claims to — an imaginary check.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com0tag:blogger.com,1999:blog-12423159.post-47214809488361481722009-02-27T03:44:00.000-08:002009-03-14T17:57:55.890-07:00FTC Site Teaches Public How to Avoid Bad DealsMarch 1st through the 7th is Consumer Awareness Week. This year, the Federal Trade Commission (along with an army of partners) are providing a user-friendly set of free e-tools designed to help the average "Joe or Jolene" safely navigate the murky waters they face in the current <a href="http://technorati.com/tag/economy" target="_blank">economic environment</a>.<br /><br />Besides teaching us how to make the most of our financial resources, the tools also teach how to avoid the underground army of not very honest people who are spreading <a href="http://fraudwar.blogspot.com/2009/02/increase-in-scams-attributed-to-economy.html" target="_blank">more</a> economic doom and gloom with too-good-to-be-true schemes designed to take advantage of the grim economic situation.<br /><br />The <a href="http://www.consumer.gov/ncpw/">Web site</a> for the 11th annual National Consumer Protection Week is now up and running. Launched by the Federal Trade Commission and its NCPW (National Consumer Protection Week) Steering Committee <a title="blocked::http://www.consumer.gov/ncpw/about.html" href="http://www.consumer.gov/ncpw/about.html" target="_blank" rel="nofollow">partners</a>, the site gives people free <a title="blocked::http://www.consumer.gov/ncpw/consumer.html" href="http://www.consumer.gov/ncpw/consumer.html" target="_blank" rel="nofollow">tools</a> to make smart business decisions in today’s economy. The <a title="blocked::http://www.consumer.gov/ncpw/" href="http://www.consumer.gov/ncpw/" target="_blank" rel="nofollow">information</a> on the site is designed to help the average person get the most value for their <a title="blocked::http://www.consumer.gov/ncpw/consumer-money.html" href="http://www.consumer.gov/ncpw/consumer-money.html" target="_blank" rel="nofollow">money</a>, whether they are trying to improve their <a title="blocked::http://www.consumer.gov/ncpw/consumer-credit.html" href="http://www.consumer.gov/ncpw/consumer-credit.html" target="_blank" rel="nofollow">credit</a> history, tell the difference between a <a title="blocked::http://www.consumer.gov/ncpw/consumer-fraud.html" href="http://www.consumer.gov/ncpw/consumer-fraud.html" target="_blank" rel="nofollow">real deal</a> and a rip-off, or protect their <a title="blocked::http://www.consumer.gov/ncpw/consumer-mortgages.html" href="http://www.consumer.gov/ncpw/consumer-mortgages.html" target="_blank" rel="nofollow">mortgage</a> from foreclosure or foreclosure rescue scams. It explains their rights under various laws and tells how to file a complaint or seek assistance from the appropriate government agency.<br /><a href="http://www.consumer.gov/ncpw" target="_blank"></a><br />According to the Federal Trade Commission, scam artists, fraudsters, hackers and flim flam artists follow the headlines and use the current economic downturn to part people from their hard-earned (and ever-dwindling) financial resources. The NCPW Web site has tools (educational resources) to teach people how to recognize a ripoff, sniff out a scam and ensure they are getting value for their dollar in today's marketplace.<br /><br />The site has tips on a wide range of topics from partner organizations. These tips include from how to get a free credit report to how to spot a telemarketing scam and how to deal with debt to how to deter and detect identity theft and from how to avoid home and auto repair scams. Also included is detailed information on how to file a complaint with the appropriate agency if you do run into an issue.<br /><br />Of course, on a personal level, I always recommend <a href="https://www.ftccomplaintassistant.gov/">reporting them</a> if you spot a problem and are able to avoid becoming a statistic, also. This can prevent a less educated person from becoming a victim and is a good deed.<br /><br /><a href="http://www.consumer.gov/ncpw"><img height="250" alt="National Consumer Protection Week" src="http://www.consumer.gov/ncpw/images/250x250.jpg" width="250" border="0" /></a><br /><br /><br />The FTC partners involved in providing this information include the AARP, the Comptroller of the Currency, the Consumer Federation of America, the Council of Better Business Bureaus, the Federal Citizen’s Information Center, the Federal Communications Commission, the Federal Deposit Insurance Corporation, the Federal Trade Commission, the National Association of Attorneys General, the National Association of Consumer Agency Administrators, the National Consumers League, the U.S. Department of the Treasury, the U.S. Postal Inspection Service, and the U.S. Postal Service.<br /><br />The FTC also just <a href="http://www.ftc.gov/opa/2009/02/2008cmpts.shtm" target="_blank">released</a> the top complaints they received in 2008. For the ninth year in a row, identity theft came in at number one. 1,223,370 complaints were received in 2008. 313,982 (26%) were related to identity theft.<br /><br />Not surprisingly, with all the <a href="http://fraudwar.blogspot.com/2009/02/are-e-commerce-merchants-at-risk-in.html" target="_blank">data breaches</a> seen recently, credit card fraud was the most common form reported. This was followed by government documents/benefits fraud at 15%, employment fraud at 15%, phone or utilities fraud at 13%, bank fraud at 11% and loan fraud at 4%.<br /><br />Other complaint categories included Third Party and Creditor Debt Collection, Shop-at-Home and Catalog Sales, Internet Services, Foreign Money Offers and <a href="http://fraudwar.blogspot.com/2009/01/fraudulent-checks-too-profitable-for.html" target="_blank">Counterfeit Check Scams</a>, Credit Bureaus, Information Furnishers and Report Users, Prizes, Sweepstakes and Lotteries, Television and Electronic Media, Banks and Lenders, Telecom Equipment and Mobile Services, Computer Equipment and Software, Business Opportunities, Employment Agencies and Work-at-Home, Internet Auction, Advance-Fee Loans and Credit Protection/Repair, Health Care, Auto Related Complaints, Travel, Vacations and Timeshare Plans, Credit Cards, Magazines and Buyers Clubs and Telephone Services.<br /><br />Please note these are statistics where people were victimized. The information on the <a href="http://www.consumer.gov/ncpw" target="_blank" rel="nofollow">NCPW site</a> is designed to keep people from becoming one (a statistic).Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com3tag:blogger.com,1999:blog-12423159.post-58748434841002885132009-02-26T04:23:00.000-08:002009-02-28T04:26:43.735-08:00Crimes Against Businesses Contribute to Job LossesOrganized retail crime costs retailers <a href="http://fraudwar.blogspot.com/2008/06/nrf-survey-shows-organized-retail-crime.html" target="_blank">billions</a> of dollars. In an era, where retailers are closing stores or going completely out of business, it's logical to assume that organized retail crime is a contributing factor to retailers shutting their doors and people losing their jobs. With the sour economy inspiring <a href="http://fraudwar.blogspot.com/2009/02/increase-in-scams-attributed-to-economy.html" target="_blank">more and more</a> theft and fraud, it is becoming more critical than ever before for companies to control their losses in their struggle to remain viable.<br /><br />When retailers lose money to theft, the end result can be (assuming they don't go bankrupt) that jobs are cut. Payroll is normally the largest and most controllable expense in any business. When businesses start to show negative earnings — like a lot of them are right now — payroll is normally the first place they look to cut when trying to avoid shutting their doors.<br /><br />In an effort to fight what experts say is a $30 billion a year organized retail crime issue, the National Retail Federation is <a href="http://www.nrf.com/modules.php?name=News&op=viewlive&sp_id=677" target="_blank">welcoming legislation</a> being introduced to give them more tools to fight this problem. Yesterday, three bills were introduced in Congress to assist retailers and law enforcement in this effort.<br /><br />The three bills introduced are "the Combating Organized Retail Crime Act of 2009, sponsored by Senate Majority Whip Richard J. <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Durbin</span>, D-Ill.; the Organized Retail Crime Act of 2009, sponsored by Representative Brad Ellsworth, D-Ind.; and the E-Fencing Enforcement Act of 2009, sponsored by House Judiciary Committee Crime, Terrorism and Homeland Security Subcommittee Chairman Bobby Scott, D-Va. The measures are similar to legislation first <a href="http://fraudwar.blogspot.com/2008/08/bills-introduced-to-combat-organized.html" target="_blank">introduced</a> last summer" according to the press release and <a href="http://www.nrf.com/modules.php?name=Media&op=showmedia&sp_id=1067" target="_blank">podcast</a> on this matter by the National Retail Federation.<br /><br />In case you are unfamiliar with "Organized Retail Crime," it involves organized retail theft activity for profit. Once the merchandise is stolen, it is fenced (sold) to get a cash value out of it. Traditionally, this merchandise was sold at flea markets/dishonest retailers, but more and more often nowadays, retail crime rings are turning to <a href="http://fraudwar.blogspot.com/2008/04/ebay-and-craigslist-praised-by.html" target="_blank">auction sites</a> to unload their stolen goods.<br /><br />The reason for this is if they sell it on an auction site, they make a lot more money than in the more traditional fencing venues. Experts believe they net 70 percent of the retail value by selling their stolen wares on an auction site versus the 30 percent of retail value they receive in more traditional fencing venues.<br /><br />Another possible factor contributing the problem is that consumers — who are operating with ever-decreasing personal budgets — are flocking to these sites to stretch their buying dollars. Without knowing it, they might be adding fuel to the fire and unknowingly buying this stolen merchandise.<br /><br />Even if the retailer can prove that merchandise on an auction site is stolen, it can be extremely difficult for them to get the site to cooperate in going after the criminals selling it. Due to a lot of red-tape imposed by these sites to release information, it requires a lot of time/effort to get the site to cooperate in an investigation. Because of this, the crooks are normally long gone before any effective investigative action is taken.<br /><br />Another phenomenon called <span class="blsp-spelling-error" id="SPELLING_ERROR_1">phishing</span> makes the activity even more anonymous/hard to track on auction sites. <span class="blsp-spelling-error" id="SPELLING_ERROR_2">Phishing</span> is where a person (user) is tricked into giving up their credentials to an account. For years, eBay and <span class="blsp-spelling-error" id="SPELLING_ERROR_3">PayPal</span> have ranked as some of the most <span class="blsp-spelling-error" id="SPELLING_ERROR_4">phished</span> brands out there. Criminals use this information to take over an account and commit fraud using someone <span class="blsp-spelling-error" id="SPELLING_ERROR_5">else's</span> selling account. When investigating auction fraud, time is of the essence, otherwise the trail is often too cold to track. The crooks use one of these accounts for a short period of time and then move on to another <span class="blsp-spelling-error" id="SPELLING_ERROR_6">phished</span> account to avoid detection.<br /><br />Organized retail crime is also taking advantage of the identity theft/financial crimes phenomenon and working with the hacking element that has been attacking the financial industry. Counterfeit payment cards (credit/debit), checks and identification are all being used to electronically boost merchandise and walk right out the store with it. In the <span class="blsp-spelling-error" id="SPELLING_ERROR_7">TJX</span> data breach — which was the largest hack of financial data to date — a group was caught using cloned payment cards to buy <a href="http://fraudwar.blogspot.com/2007/11/gift-card-due-diligence-101.html">$8 million</a> worth gift cards from <span class="blsp-spelling-error" id="SPELLING_ERROR_8">Walmart</span>. In the more recent data breach at <a href="http://fraudwar.blogspot.com/2009/01/will-heartland-become-largest-data.html">Heartland Payment Systems</a> — which looks like it might surpass <span class="blsp-spelling-error" id="SPELLING_ERROR_9">TJX</span> in the amount of data stolen — the only <a href="http://www.storefrontbacktalk.com/securityfraud/first-heartland-arrests-confirmed/">arrests</a> made thus far were a group using the stolen data to clone gift cards. Since gift cards are redeemed at retailers, this is yet another example of how the financial hackers and organized retail crime types are working together. To me, this is evidence that organized retail crime is becoming more sophisticated in their theft techniques, which will likely make this problem get even worse than it already is.<br /><br />The three bills being introduced will force auction sites to cooperate with retailers and law enforcement, define organized criminal activity as a federal offense and establish stricter sentencing guidelines for criminals convicted of organized retail crime. Too frequently, under current laws, criminals involved in this activity are treated like petty thieves and get a slap on this wrist when they are caught. Last, but not least, it will hold auction sites more accountable for the sale of stolen merchandise if it could have been prevented.<br /><br />Besides fencing, there is a lot of other fraud on auction sites that isn't necessarily tied in to fencing and victimizes auction customers/sellers, more personally. Legitimate e-commerce sellers are frequently ripped off with bogus financial instruments. Buyers are also defrauded in a wide variety of scams on these sites. Like the major retail types, who are behind this legislation, the more ordinary victims are often hung out to dry when they try to get any assistance from the auction sites. There is little doubt (my opinion) that <a href="http://fraudwar.blogspot.com/2008/02/on-ebay-buyer-better-beware.html">auction sites</a> need to clean up all the fraud that occurs on them. While they do provide value and a fun way to buy things, there have been too many innocent people victimized on them.<br /><br />While this legislation primarily focuses on fencing, it's a start in the right direction. Perhaps other groups should join in and support this legislation, which if passed, will likely set some needed legal precedents. It will also make it a little harder for the criminally inclined to operate on auction sites.<br /><br />Supporting this legislation makes a lot of sense for a lot of different reasons. These are not victimless crimes and the consequences are being felt by innocent consumers and businesses.Ed Dicksonhttp://www.blogger.com/profile/17591588411216721185noreply@blogger.com1