Saturday, February 25, 2006

eBay Fraud Buster

A New Jersey Police Officer, Steve Klink, bought a pair of speakers on eBay that turned out to be junk. He turned to eBay for help and like many a unsatisfied customer turning to the auction giant, received little to none.

Taking matters into his own hands he started a website, and the seller did refund his money. But it didn't stop there AND being a "civic minded" individual, Steve continued the site.

Quite simply, he realized that there were a lot of eBay victims out there and that the site might help others.

The site is interactive and members can search for eBay fraudsters and help others by publishing their own tales of eBay misdeeds.

Here is their vision in their own words:

"At Ebayers That Suck we know what it's like to get screwed at on-line auctions. Once screwed you are limited to 80 characters, basically one sentence to tell your story. At Ebayers That Suck we provide you with up to one full page of web space plus pictures to tell your tale. "

"So next time you deal with a swindler and don't want to leave negative feedback for fear of retaliation, post them here. You will get the last laugh when they are officially branded with our puke green " you suck" logo and the on-line auction world can see what a deadbeat they really are. "

In conjunction with the site, Steve has written a book, Dawn Of The eBay Deadbeats Available on

There is also a link on the site, where people can sign up for class action law suit against eBay.

eBay seems to be attracting a lot of litigation and Tiffanys recently filed against them for selling counterfeit merchandise. The eBay Fraud Group is also talking about trying to get a class action law suit started.

There are a growing number of eBay customers becoming ANGRY and speaking their mind. I've written a number of posts about this, which can be found by searching this blog by keyword "eBay" at the top of the page.

eBay, who continues to make record profits better wake up and realize that it was their customer, who made them successful, or suffer the consequences.

Tuesday, February 21, 2006

Another 27,000 People's Identities are Compromised

Last year, the Privacy Rights Clearinghouse compiled a list of data breaches. The list estimates that over 53 million identities have been compromised in the recent past. Of course, this doesn't include the more recent compromises, such as the Boston Journal (202,000 compromised) and the Northern California debit card fiasco (200,000 compromised).

Here is the list of data breaches:

A Chronology of Data Breaches Since the ChoicePoint Incident

It also doesn't include another probability, which is that there are data breaches that were never detected, or not reported.

With the overall number of people compromised, 27,000 people seems small in comparison, but for every person compromised, there is a potential victim.

The Jacksonville Business Journal is reporting:

The names and social security numbers of 27,000 former and current Blue Cross and Blue Shield of Florida Inc. employees were illegally downloaded by a contract employee to his home computer, a company spokesperson said.

The FBI and U.S. Attorney's Office are conducting a joint investigation, said Lisa Acheson Luther, a spokeswoman with Blue Cross. No customer information was involved and there is no evidence the information went any further than the home computer.

Here is the full story:

Vendor downloads Blue Cross employee info

The Federal Trade Commission testified last June on Data Breaches and Identity Theft. This testimony highlighted the concerns with the number of data breaches being revealed in the past couple of years and suggested action.

In February, Senator Dianne Feinstein issued a document calling for Federal legislation:

Statement of Senator Dianne Feinstein On the Need for Federal Identity Theft Legislation

Senator Feinstein joined Senator Arlen Specter (PA), Senator Russell Feingold (WI) and Senator Patrick Leahy (VT) in sponsoring S789, which is a federal bill addressing the issue of data breaches and it's ultimate consequences, such as "identity theft." Here is a bill summary.

This bill is currently on the Senate Legislative Calendar awaiting action.

If you are interested in writing your representatives to inquire when this legislation will be taken for action, here is a link where you can find their information to do so:

It's a sad commentary that in the global sense, 27,000 people compromised is a mere drop in the bucket. HOWEVER, I have to be certain that anyone who has suffered their identity being stolen, sees it on a much more personal level AND with the number of people compromised, the question is who will be next.

Monday, February 20, 2006

Debit Cards Are the Criminal's Preferred Method of Payment

Hidden Camera on ATM

When the debit card breach hit the news involving Bank of America, Washington Mutual, Wells Fargo and Office Max, several stories referenced ATM skimming.

In the Northern California Breach, the card numbers were used in signature transactions versus PIN (Personal identification number) transactions. When ATM skimming is accomplished, the criminals steal not only the card number, but the PIN, also.

They are then able to use the card at any ATM.

Automatic teller machine (ATM) skimming is accomplished by attaching devices to existing ATM Machines, or via the use of hidden cameras/encoding devices in retailers that accept ATM transactions.

ATM skimming has been prevalent overseas for a few years, but is starting to show up in North America. Recently, skimming devices have been discovered on ATM machines in California, Oregon and Washington. This is why the two activities are probably being compared.

Awhile back, I did a post: ATM Machines That Clone Your Card. Included are some handy pictures of what a machine looks like after it has been compromised and tips on how to avoid becoming a victim.

There are similarities to both activities, but there are differences, also.
As I said earlier, the Northern California breach has consisted of the card numbers being used in "signature" transactions AND the victims are all from Northern California. Additionally, the authorities and Visa/Mastercard have confirmed the point of compromise as being a major retailer, reported as possibly being Office Max.
In the Northern California case, everything points to an entire database being hacked.

In the "ATM Skimming" cases, devices are being attached to existing ATM machines, which not only record the card numbers, but PIN numbers, also. The victims in the recent cases seem to span the entire West coast.

Interestingly enough, a few months ago, I did a post, which noted ATM skimming activity on the East coast:

Get a Quick $20.00 and GO BROKE!
One FBI source has already been quoted that this activity could be the work of Russian Organized Crime. Here is an interesting document from the California Attorney General, which although is slightly dated, describes how they operate.
The best way to avoid becoming a victim of ATM skimming is to always cover your PIN when entering it. We might not be able to control, whether or not, a major company is breached, but we can control our own actions when using an ATM.

Sunday, February 19, 2006

Cyber Criminals Love a Lack of Communication

Robert Mueller (FBI Director), while addressing the 15th Annual RSA Conference San Jose, California called for greater cooperation between business sector and law enforcement to combat cyber crime throughout the world.

In his speech Director Mueller stated:

"Cyber space has been likened to the Wild West—an open and largely unprotected frontier with seemingly limitless opportunities. Like any new frontier, there will be those who seek to stake their claims, whether by legal or illegal means. And like the outlaws of the Wild West, the outlaws of this new world operate without boundaries and without barriers. They are moving as fast and as far as the technology will take them."

Recently, I've noted that the FBI is taking a very proactive approach to what I call "borderless crime." They have accomplished this by creating strategic partnerships within the law enforcement and business communities, as well as, reaching out to the public.

BUT what about the boundaries created in the business world, which is the frequent target of this criminal activity?

In the corporate world, sharing information with the competition isn't the way companies operate. In fact, they often do anything and everything to keep their information within the boundaries of the corporation.

The corporate world needs to break down their jurisdictional boundaries in the same manner law enforcement is. The criminal element is taking advantage of the lack of communication and simply moves on to the next corporate victim, who is unaware of the threat.

We could even take this down to the individual level. All too often, individuals, who see, or have become a victim of this activity, fail to report it. Their excuse is that nothing will be done about it, or they simply don't want to take the time.

In the past couple of years, we have made tremendous strides towards this (awareness sharing), but criminal activity keeps increasing and we need to keep breaking down the boundaries.

Cyber Criminals have long thrived on a lack of communication, which inspires the most effective tool against them, "awareness." Failing to report items, or keeping what happened secret does nothing, but further their cause.

Greater cooperation between law enforcement, the corporate world and the individual will only serve the common good for ALL.

You can report crime (electronically) to the FBI by clicking on the title of this post.