Saturday, December 17, 2005

eBay Needs to Protect Those that Line it's Pockets

The amount of fraud on auction sites has been steadily increasing and auctions are under attack by fraudsters, who use many methods to commit their financial misdeeds, or combinations thereof. Seller accounts are being taken over and users are victims of phishing scams. Counterfeit, recalled and stolen merchandise is routinely for sale AND fraudulent means of payment are being used to purchase items.

Does it seem like a "Scam Free for All?"

The BBC recently reported:

"Criminals are obtaining the secret passwords of eBay subscribers and using their sites to conduct bogus auctions for non-existent goods.

In a growing number of cases, would-be buyers on the UK's most used website are paying thousands of pounds to apparently reputable sellers after winning auctions on the site - only to find out they had been dealing with criminals."

eBay seems to prefer to blame phishing for the accounts being taken over and blames their users for falling for the scams. They are also blaming users for not having the proper security software on their systems, which leads to malicious software (mainly Keyloggers) being used to steal personal and financial information.

Amazingly enough, the report also states that it can take up to five days to shut down a site selling counterfeit goods and two months to provide information to law enforcement. This means (to me) that since these scams "rotate and mutate" every few days (often using stolen user information) that no one, or only the "stupid" are being caught. By the time (anyone who could do something) can obtain the necessary information, the criminals have moved on to a different identity and the process has to be started all over again.

For the entire story by the BBC, read eBay faces up to online fraud.

My message to the folks at eBay is that they better take a look at upgrading their "authentication systems" and hire some extra security staff. Blogs like mine and many others are trying to educate the very people, who are making them billions and they blame for allowing themselves to be scammed. eBay is no longer the only the only game out there and if they fail to protect those who line their pockets, they are likely to go elsewhere.

Here is a previous post, I did on eBay, XBox Latest Lure in Auction Scams .

Here is another post, I did (partially to educate eBay customers), The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

Strange Tales of Financial Wrongs

Doctors, Lawyers and other high income types getting paid for questionable items from FEMA, identities stolen from dead people and individuals being tricked into becoming "mules?" Here are some bizarre and odd stories being reported in the world of Fraud, Phishing and Financial Misdeeds.

The Sun Sentinel (South Florida) reports that "a FEMA (Federal Emergency Management Agency of the United States) program to reimburse applicants for generators and storm cleanup items has benefited middle- and upper-income Floridians the most and so far cost taxpayers more than $332 million for the past two hurricane seasons."

Here is a rather sad item reported in the story, which illustrates the insanity of this. "A Fort Lauderdale teen with serious medical problems had to insert catheters by candlelight when the Oct. 24 storm knocked out power. His family couldn't afford a generator."

The moral of this story is that if you are privileged and can afford to buy the "extras", the government will reimburse you for it. On the other hand, if you are poor and can't afford these "extras" you are out of luck. Although, not technically fraud if sanctioned by the government, it should be.

No wonder we have a deficit and even with the deficit, we as a society aren't helping those, who are the most deserving.

Here is the story, FEMA reimbursements mainly benefit higher income groups.

Helen Huntley of the Saint Petersburg Times reported that, "Florida's Attorney General Charlie Crist gathered law enforcement and government officials, retailers and bankers in Tampa to home in on the problem.

"I'm glad they're on the case, but that doesn't mean we can relax. It's still smart for all of us to do what we can to make sure our personal information doesn't end up in the wrong hands. Among other things, we need to be careful when we're using credit cards, which account for about a third of all Floridians' identity fraud complaints, or entering any personal information

But you may not have thought about protecting the dead, who can be easy targets because it may take weeks or months for financial institutions to find out about a death. Younger people's deaths may never be reported to credit bureaus or Social Security. Family members end up trying to straighten out the mess."

Stealing the identities of the dead is nothing new, but with Florida's large population of senior citizens, it apparently has become a major issue for them. Victimizing the dead and spouses of the "recently departed" is rather "ghoulish" and a good example of the complete lack of morals that the criminals involved in this activity have.

The Florida Attorney General's Office has a Web site ( theft) with helpful information.

For the full article with prevention tips, please read Death is no defense against ID theft.

Here is another interesting recent story being reported in New Zealand by Rob Stock.

"Don't be an ass - watch out for the mule scam.

That's the warning from police and banks as overseas internet criminals come up with new variations on their scheme.

Mule scams are a money laundering scheme in which scamsters who have stolen money from one New Zealander inveigle another into transferring it out of the country."

These scams are covered extensively by the World Privacy Forum, who also provides a lot of great information meant to inspire awareness.

Here is a recent post, I did on a similar subject, Secret Shoppers Scammed.

For the story by Rob Stock, go to: Tricky ways to lure mules.

Wednesday, December 14, 2005

Download Fake McAfee Patch and Become a Internet Fraud Victim

The culprits behind organized phishing attacks have no morals and will obviously use the good name of many an organization to dupe you into downloading cybernasties, (malicious software) on your system. Recently, they have used the names of the FBI, CIA, IRS and even Walmart in a variety of schemes, which are probably designed to steal personal, or financial information.

Here is their latest fraudulent scheme, which impersonates "McAfee." McAfee is a leading provider of security software for computer systems. The bottom line is, download the patch from this fraudulent site and become a internet fraud victim.

"Websense Security Labs has received reports of an email scam disguised as a patch for McAfee products. Users receive a spoofed email message instructing them to click on a link to immediately download and install a patch from McAfee. This patch claims to address a virus that does noexistit. The link in the email takes users to a fraudulent website, that appears to be the legitimate McAfee security site.

The patch hosted on this page is actually a Trojan downloader.

The malicious site is hosted in the United States and was online at the time of this alert."

For the full alert, along with screen shots: Fake McAfee Patch.

Here are some useful sites, where one can download legitimate security patches, courtesy of the SANS institute.

Mac OSX:
More info: and

For Decembers issue of the SANS "Ouch" newsletter, which includes a summary of recent major phishing attacks, click on the title of this post.

Monday, December 12, 2005

Walmart's Many Woes With Fraud Issues

Walmart has certainly been making their share of headlines in the fraud world lately. Just today, the good folks at Websense reported a phishing attack using their name. As reported in the alert from Websense:

"Websense Security Labs has received reports of a new phishing attack that targets customers of Wal-Mart. Users receive an email message, written in HTML, claiming that their Wal-Mart logon account has been compromised. The message reminds users that the terms and conditions of their account require that it be under control at all times. The email message also states that the parties connected to the account have been involved in money laundering activities, illegal drugs, and various Federal Title 18 violations.

When users click the link within the email, they are directed to a fraudulent website, which is hosted in the United States and was up at the time of this alert. The fraudulent site first requests the users' logon ID for and then requests their credit card information and other personal identity specifics.

This site has hosted phishing attacks for other targets in the past. As you can see, this message was mistakenly titled "Bank of the West."

As Christmas nears we expect further ecommerce-related fraudulent activity."

To view the full alert, along with screen shots go to: WSLabs, Phishing Alert: Wal-Mart.

Recently, a credit card breach was traced to the gas stations at Sam's Club, which is owned by Walmart. Here is the story as reported by Syracruse's own NewsChannel 9 WSYR - Sam's Club Credit Card Breach.

Here is a story by the Tampa Tribune about some who had a less than pleasant check cashing experience with them: Wal-Mart Accused Of Racism.

Of course, Fraud, Phishing and Financial Misdeeds ran this post about counterfeit Travelers Express Money Orders: Counterfeit (MoneyGram) Travelers Express Money Orders. Another woe for Walmart, as many of the counterfeit items bear their logo.

Walmart is the largest retailer in the world and because of this they are probably targeted by the fraudster community. For this, I feel sorry for them; however in the case of them being accused of racism, the actions of their employees bear scrutiny. Investigative actions need to be based upon facts and not determined by the way someone looks.

Perhaps, there is something to be said about Karma.

Sunday, December 11, 2005

$100 Million Dollar Fraud Stopped Dead in it's Tracks

Lately, the news in the fraud arena hasn't been very positive. This next story is "Chicken Soup for the Soul." Here is a breaking story by Judy Nichols of the Arizona Republic involving PBI (Prime Bank Instrument Fraud) and a tip that led to stopping $100 million in fraud.

According to the article, this scam "involves attracting investors to a fund that would tap into a supposedly secret market for the world's prime banks, a market in which billions are said to trade daily for huge, guaranteed profits. In one subset of PBI fraud, designed to also put financial institutions at risk, the scammers quickly move the money from one financial institution to another, from bank to brokerage house, in this country and overseas, all the while telling weird stories about its origin and leaving fishy documents in their wake."

Cameron Holmes, head of the financial remedies section at the Arizona Attorney General's Office received a tip involving $100 million being moved around the world, allegedly backed by a gold mine worth $152 billion.

The total amount of gold mined in Arizona since statehood represents less than $8 billion.

Holmes moved quickly and issued subpoenas to several financial institutions and after interviewing employees was able to track the money and freeze it.

The victims in this can be both the investors, who fall for this scam, as well as the financial institutions, who can be held liable for it when they are charged with not exercising "reasonable care" or due diligence on all the transactions associated with it.

This is certainly an interesting case and Cameron Holmes and the Arizona Attorney General's office should be commended for acting so quickly and effectively. All too often (in more sophisticated scams) by the time they are reacted to, the money is long gone and the victims are left holding the proverbial bag.

For the full story in the Arizona Republic, go to: Fast work in Arizona halts fraud, freezes $100. million.

Here are some tips, I found in a DOJ document on PBI Fraud, January 6, 2000 Mr. Joshua R. Hochberg United States Department of Justice Chief, Fraud Section P.O. Box 28188 :

Don't expect to get rich quick.

Don't assume that your on-line computer service polices its investment bulletin

Don't buy thinly-traded, little known stocks strictly on the basis of on-line hype.

Don't act on the advice of a person who hides his or her identity.

Don't get suckered by claims about "inside information" including pending news releases, contract announcements and products.

Don't assume that just because someone says that they have checked something
out that they have actually done so.

Call your state or provincial securities agency when you suspect a scam.

As with most fraud of a financial nature, much of this is easily spread through the internet. Like all the various scams this one starts with the premise of "something that is too good to be true." The best remedy in these scams is awareness is to "let the buyer beware."