Saturday, June 17, 2006

Be Wary if You are a Winner in the Coca Cola Sweepstakes

Coca Cola is constantly running marketing campaigns and the cyber-scammers of the Internet are using their name in their latest effort to defraud people.

Here is a recent warning from the good people of Sophos:

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an email scam that pretends to be notification of a lottery win from Coca Cola.

The emails, which have the subject line "COCA COLA PROMOTION", have been spammed out to internet users claiming that the recipient has won $2.5 million in a lottery held by Coca Cola earlier this month. The email recipient is told they are one of only 50 lucky winners around the world who were selected randomly after computers found their email address on internet websites.

To collect their winnings, people are told to call, phone or fax an agent who claims to be working on behalf of the soft drinks giant.

However, Sophos warns computer users that this is a ruse to steal personal details, and that the fraudsters behind the scam campaign can use such information to steal money from bank accounts and commit identity fraud.

For the full release by Sophos, link here.

The Internet criminal community is always mutating their scams - in this instance - we not only have a lottery scam, but potentially a ploy to commit identity theft.

The lottery scam is one of many advance-fee type scams. If you want to learn about other variations of this type of scam, here is a link.

How Big a Problem is Corporate Espionage?

I came across an interesting article by By Patrick J. Smith and Kevin Barrows of the New York Law Journal about the legal implications of corporate espionage.

In the article, Patrick Smith and Kevin Barrows write:

Stealing confidential information or valuable intellectual property no longer requires hours of surreptitious photocopying or the smuggling of overstuffed briefcases past building security. Corrupt employees need not even transfer data to a disk. Any employee with access to the Internet can copy and upload data to Web-based e-mail services with a few simple keystrokes and mouse clicks.

Among the most common acts of corporate espionage is the theft of personal data regarding individuals for the purpose of engaging in identity theft schemes. These are often inside jobs: It is estimated that as much as 50 percent of companycomputer security breaches are perpetrated by insiders.


The theft of confidential information is by no means limited to identity theft schemes. Organizations are also at risk of having their current employees paid off by others to steal valuable proprietary information and intellectual property that is then used against the organization in the marketplace. Or, perhaps a former employee steals the information prior to leaving in an effort to jump start his or her own business venture.


For the full story, link here.

Reading this made me think - with all the unresolved data breaches we've seen recently - could the true intent have been to steal inside information rather than commit "identity theft?"

Take the recent series of laptops stolen from Ernst and Young - which were stolen during audits - and contained a lot of information from numerous companies. In at least one instance cited, the laptops were stolen from a meeting room; while the auditors lunched. Not sure, but I would imagine that the building where they were taken from was at least somewhat secure.

The sad truth is since most of these data intrusions are never solved, we will probably never know.

Then there was the scandal in Israel about a year ago, where private investigators were hired to steal information via a Trojan put into various computer systems. The scandal was pretty widespread and with the "global economy" had worldwide implications.

No matter how you look at it, corporate espionage can be added to the list of reasons why it is important to protect "electronic information." As "technology" continues to grow the potential for information to be exposed to criminals, terrorists and even "corporate spies" is a very real threat.

All too often, we look to technology fixes - when in fact - no technology created to date can defeat the human mind and until we address the "social" aspects of this problem, it will continue to be a major issue.

David Napstead, The Story of a Small-Time Con Man

Normally, I write about big name fraudsters, but there are a lot of small-time crooks out there committing fraud on a daily basis. When you add up the amount of misery caused by these fraudsters, they cause a lot of suffering to hard working people. My friend, Paul Young of Prying1 wrote me about one of them, David E. Napstead.

Napstead in the past has offered nonexistent cellular services to his unsuspecting victims. Like most of the flim-flam men out there, he has phony business cards and a cell phone to conduct business.

Please note, that setting up a phony website is also becoming very common.

A recent comment on Paul's blog indicated that Napstead had been arrested after setting up a phony "debt consolidation" business and bilking those who already were suffering financial difficulties.

Pardon my "French," but what a "dirt bag!" Napstead is no "Robin Hood."

For the full story from Prying1, link here.

If you have been the victim of Mr. Napstead and the crime is yet to be reported, the Las Vegas Police Department might be interested.

Fraud come-ons from people lacking morals surround us, daily. They are found posted on telephone poles, newspaper classifieds - and of course - on the Internet. Because of the "sheer volume" of scams that exist out there (sadly enough) law enforcement lacks the resources to bring a lot of these small-time criminals to justice.

When you are dealing with an "unknown operator" of a business, it pays to do your homework before giving them one "solitary penny."

Here are some resources to do your homework:

Consumer World: Consumer Agencies

Better Business Bureau: BBB.

Quite frequently, a common mistake made (when doing your homework) is that if no information comes up (negative or positive); someone assumes the entity they are "checking out" is legitimate.

If you can find no information - whatsoever - do as Paul suggests in the theme of Prying1: "Dig a a little deeper" before giving up any of your hard earned money.

Here is a previous post - I wrote - specifically on that thought:

BBB Worker Takes Job Processing Fraudulent eBay Transactions

Thursday, June 15, 2006

Actions the Government Should Take to Protect Personal Information

Jim Kouri wrote an interesting commentary in the Conservative Voice, where he outlined the steps the government should take to protect personal information in the wake of the recent VA and Nuclear Weapons Agency breaches:

"The first key step is to develop a privacy impact assessment -- an analysis of how personal information is collected, stored, shared, and managed -- whenever information technology is used to process personal information. These assessments are required by the E-Government Act of 2002. They are a tool for agencies to fully consider the privacy implications of planned systems and data collections before implementation, when it may be easier to make critical adjustments."

"The second key step is to ensure that a robust information security program is in place, as required by the Federal Information Security Management Act of 2002 (FISMA). Such a program includes periodic risk assessments; security awareness training; security policies, procedures, and practices, as well as tests of their effectiveness; and procedures for addressing deficiencies and for detecting, reporting, and responding to security incidents."

For Jim Kouri's full commentary, link here.

Right now there is a lot of emphasis on the government's mishandling of personal information, but in reality the private sector has been responsible for most of the breaches incurred thus far.

According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.

Maybe now that the government plans to show some leadership on this issue, the private sector will follow suit.

Here is a previous post, I did on this matter:

The VA Data Breach is a Symptom of a Bigger Problem

Monday, June 12, 2006

Are Terrorists Probing Our Computer Systems?

I read a pretty alarming article by Barton Gellman of the Washington Post, stating that terrorists might already be planning cyber-attacks:

"Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad."

"Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities."

The article also reports another issue, which is a big problem:

"New public-private partnerships are helping, but the government case remains a tough sell. Alan Paller, director of research at the SANS Institute in Bethesda, said not even banks and brokerages, considered the most security-conscious businesses, tell the government when their systems are attacked. Sources said the government did not learn crucial details about September's Nimda worm, which caused an estimated $ 530 million in damage, until the stricken companies began firing their security executives."

"Experts said public companies worry about the loss of customer confidence and the legal liability to shareholders or security vendors when they report flaws."

For the full story, link here.

If the observations in this article are accurate, we can no longer afford to "keep the lid" on cyber-attacks in the interest of protecting bottom lines. Being worried about consumer confidence and legal liability should take second place to the safety and welfare of all concerned.

Here are some previous posts, I written on this subject:

Mounties Lack Resources to Fight Organized Crime and Cite Ties to Terrorism

Do Financial Crimes and Internet Fraud Fund Terrorism

Fraudster Writes a Bad Check to Post Bail

A Sacramento man - who got caught writing a lot of back checks and doing some on-line banking fraud - wrote a bad check to bail himself out. Although, the bail bondsman was savvy enough to catch the fraud on the first check for $3,200.00, he accepted another one for $9,800.00 and bailed the fraudster out.

Of course, the second one was bad, also.

Nonetheless, the fraudster is being sentenced and is facing up to ten years in prison.

There was no information how they got this guy into court, or if they had to send the "bounty hunter" out to ensure he appeared.

There was also no comment as to whether the bail bondsman was able to collect on the second check.

For the full story from KCRA.com, link here.

When accepting any large check, the only way to verify it is good is to contact the actual owner of the account. It's also a pretty good idea to make sure, the writer is the actual person; especially when dealing with an identity thief.

It isn't uncommon for some of these crooks to set-up a fraudulent telephone number so when the item is verified, it appears to be legitimate.

Here is a previous post, I did on bad checks:

Don't Trust a Bank to Tell You Whether a Check is Good, or Not

Sunday, June 11, 2006

When Someone Rips You Off - Take Action!

Consumers are ripped off daily, especially when hiring independent specialists from the "service industry."

Eric Larsen (Ashbury Press) wrote an interesting article on what to do before you buy - and maybe more importantly - how to effectively file a consumer complaint. Here is a quote from the article:

"New Jersey has one of the strongest consumer protection agencies in the nation, said Kimberly S. Ricketts, who was appointed director of the state division by former Gov. Richard J. Codey one year ago."

"The division has full enforcement authority over New Jersey's Consumer Fraud Act and can levy fines up to $10,000 for first offenses and $20,000 for subsequent offenses by businesses. "While dealing with consumer complaints is certainly at the core of our mission, we want to educate consumers before they have a complaint," Ricketts said."

Ricketts said the top five complaints the division receives are, in order: 1. home improvement contractors; 2. autos; 3. banking, financial and investment complaints; 4. home furnishings and appliances; 5. hometown businesses such as health clubs, movers, travel agencies and employment agencies.

Here is how to effectively practice the art of "Caveat Emptor," or let the buyer beware:

How To: File a Consumer Complaint

The biggest problem out there is too many people don't report this type of activity. Although this article is specific to New Jersey - most States have an agency that is responsible for this. Not reporting these frauds only means that you will never have a chance of getting satisfaction and that someone else will probably get "ripped-off."

I recently had a relative ripped-off for a considerable amount of money in a home improvement scam. Although, we were both novices in the "consumer fraud world" - the two of us put our heads together and filed with some local agencies. Even though the "contractor" had disappeared (3,000 miles away), he was arrested - transported cross-country in a prison bus - and charged criminally. In the end, my relative, was made financially "whole" and got a lot of satisfaction out of knowing he had prevailed and put this gentleman "out-of-business."

Interestingly enough, this fine fellow ripped off a lot of people and amazingly enough - most of them gave up and wrote it off as a "loss." In this case, many of the people concerned - were upper middle-class and well educated. The sad fact is that most of them didn't know where to begin and gave up.

In case you need a resource, here is a good one. It lists resources within the United States and all over the world, where one can seek help and take action:

Consumer World: Consumer Agencies

Nigerian Scam Humor - At Least We Can Chuckle While They "Chop Our Dollars."

If a scammer from Nigeria offers you a bogus payment for your eBay auction item - failure to ship the merchandise to him might bring action from law enforcement authorities.

Apparently, this actually happened as reported by the Register:

"Just thought I had to share this one with you - a scammer won an ebay auction and then sent me a fake paypal receipt to try and get me to send the goods to Nigeria; I ignored them, obviously...but now they've got the police onto me!"

No one was arrested, but this does make for an amusing story. I suppose in the "electronic age," where we register our complaints to a "computer," it was a matter of time before this happened.
For the full story, link here.

Of course in a land, where popular music paints the 419 artists as heroes, it's no wonder we are seeing this. Osofia, a Nigerian musician, had a recent hit called "I Go Chop Your Dollar," which is a parody of the 419 (Advance Fee Scam).

For the video, click here.

The anti 419 folks are known to have a sense of humor, also. Here is a link to the Ebola Monkey Man and Artists Against 419. Sadly enough, it seems that there are a lot of people fed up with the fraud coming from Nigeria (and elsewhere) and trying to do something about it.

And in the recent bribery scandal rocking Congress in the United States- Nigerian Vice President Abubakar Atiku (who was the alleged intended recipient of the bribe) released a statement through a staff-member - accusing Congressman William Jefferson of Louisiana of being a 419er.

Innocent, or guilty - Vice President Atiku obviously has a pretty good sense of humor. I guess time will tell (and the court system), who is joking and who is telling the truth?

Maybe we can get Osofia and Congressman Jefferson on Saturday Night Live to do a parody? Winona Ryder's appearance during her shoplifting trial was immensely popular.

Here is an alternative view of Nigerian Fraud:

419 From the Other Side of the Fence

For more on the alleged 419 scam involving a Congressman:

Is the Latest Congressional Scandal a Nigerian Fraud