Saturday, September 02, 2006

CastleCops PIRT Reports New Version of eBay Phishing

Castle Cops, PIRT-Phishing Incident Reporting and Termination Squad is reporting a new type of phishing attempt with an eBay lure:

CastleCops PIRT has received a new email which tries to get people's full personal information including name, age, location, telephone numbers, gender and marital status on the offer of getting paid to work from home online for a company called "eBay Small Business Limited". Its business is in "manufacturing and selling textiles and fabrics". The email tries to goad you into giving up your personal information with the promise of making easily $300 to $1,000 per week simply by collecting payments on behalf of the Company (all for 3-7 hours per week).

Link, here.

Besides a new type of phishing attempt - this could turn into what is termed a "check cashing scam." In a "check cashing, or job scam," a person is recruited to handle "accounts receivables," which are in reality tied into fraudulent transactions.

The new employee's job is to negotiate transactions sent to them, and wire the money to a far-away locale. The fraudsters (in most instances) instruct the "new employee" to use Western Union, or MoneyGram, which aren't protected by the FDIC.

The transactions are normally "account takeovers" on eBay - also caused by phishing. In an "account takeover" a legitimate eBay user gives up their information as a result of a "phishy e-mail." The Phishermen then take over their account and sell items, which are paid for, but (normally) never received.

Towards the end of the fraud cycle, the fraudsters might also get their employee to negotiate (cash) totally bogus financial instruments. Of course, when the bottom falls out of this, the fraudsters can then steal the identity of the employee involved - having gathered all the information to do so via the employment process.

For the person - who falls for this - although they get the generous commission at first - they are likely going to be hounded for a long time by collection agencies and in some cases, law enforcement.

Believe it, or not - a Better Business Bureau employee fell for this scam. Here is the post, I did on that:

BBB Worker Takes Job Processing Fraudulent eBay Transactions

By the way, PIRT is a great place to "take a bite out of phishing." You can report suspected "phishy e-mails" to them by forwarding them to After verifying the "phish," they make sure it gets to all the right people!

Friday, September 01, 2006

Accounting Firm Causes 5th Data Breach for Wells Fargo in Three Years

Here we go again - an "auditing firm" has caused Wells Fargo their fifth data breach in three years.

Here is a bit from the article just released from Computer World:

This time the letters are going to an undisclosed number of employees whose personal information was contained in a computer and a hard disk stolen from the trunk of a locked vehicle belonging to an employee of an auditing firm retained by Wells Fargo.

Julia Tunis, a bank spokeswoman, did not say when the equipment was stolen. But she said the bank had started sending out letters to all the affected employees yesterday.

Link to Computer World article, here.

We seem to have a lot of these data breaches occur - courtesy of auditing firms. Here is a previous post, I did about a well known auditing firm exposing a lot of personal information:

Stealing Data Shouldn't be so Darned Easy

With all the auditing (compliance) going on that causes data breaches - it makes me wonder if someone doesn't need to audit the auditors!

If You Sell Your Cell Phone - Your Personal Information is at Stake

Recently, I did a post about identity crooks obtaining "personal information" from discarded computers. Here is a press release from Trust Digital about how the same thing can occur with with some of the new "handy-dandy" cell phones out there:

Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 mobile devices purchased through eBay for the project, including a smartphone sold by an employee of a major corporation. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material.

The information was retained in the flash memory of the devices because of users’ failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.

The analysis highlighted the vulnerability of individuals and organizations that fail to secure the data on their smartphones and PDAs. Loss or theft of the devices could lead to embarrassment, major breaches of corporate security, or even blackmail.

Full press release, here.

Although eBay was cited as being used in the test - we should consider that cell phones can be purchased, discarded, or even stolen in a lot of places.

Trust Digital recommends enabling the "password function" on your phone and "hard wiping" Treos and RIM devices.

Of course, they recommend their services, also.

I recommend being extremely aware of what you keep on easily "transportable" devices and if you must have sensitive information on them - be very careful.

How to Deal with Phishing - A Major Cause of Identity Theft

There has been a lot of publicity about the IRS being phished. Phishing is a ploy to steal people's personal information, which is then used to commit identity theft.

Phishing attempts disguise themselves as government agencies, financial institutions, charitable organizations AND (too frequently), eBay or PayPal.

Here is an obvious phish, I got just this morning:

Date: Thu, 31 Aug 2006 20:01:26 -0500
Subject: Tax Information - - (Code 7624-6263)
From: ""

Account : Number : 7624

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $191,40. Please submit the tax refund request and allow us 5-7 days in orders to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records of applying after the deadline.

To access the form for your tax refund, please (link removed).


Internal Revenue Service

Note that this appears to be sent from "", which is obviously a "spoofed" e-mail address.

Here is the web address - which I removed above:

An easy way to get the web address is to "hover" your mouse over the "click here" and read what comes up on the bottom of the screen. You can also copy it (if you want) by "left clicking" on your mouse and clicking on the "copy shortcut" bar.

Here is the web address of the real IRS site:

Not a good match and obviously a phish.

*Please note that unless you and your "system" are "bulletproof" never click, or go to a phishing site. There is a possibility that by doing so you might "unknowingly" download malware, which can also lead to "identity theft."

Never fear, there are great places - with "bulletproof" protection - that will take care of it for you.

If you get a phishy e-mail - you can turn it into "fried phish" by sending it to the good folks at PIRT-Phishing Incident Reporting and Termination Squad. They have a module to report "suspected phishing activity," or you can forward the "suspected phish" to

PIRT is a joint venture by CastleCops and Sunbelt Software - and they will report it to the right people, including law enforcement.

The IRS also has a dedicated e-mail address to report IRS phishing attempts,

Reporting the Phishermen is a kind thing - this foul activity causes people a lot of pain and suffering.

Wednesday, August 30, 2006

ATT Hacked and Loses 19,000 Customer Records

There is a report that hackers got into ATT's DSL Store over the weekend and made off with 19,000 customer records.

Tom Young from wrote:

Hackers have obtained the credit card details of almost 19,000 online shoppers from telecoms giant AT&T.

The US company says it has notified shoppers at its online store of the security breach, which affected people buying high-speed DSL internet items.

Full story, here.

Another story from (Scott M. Fulton, III) TG Daily reports:

The company admits that records for customers purchasing DSL service and equipment online through AT&T were swiped sometime over the weekend, though a company spokesperson told the San Jose Mercury-News today that no incidents of unauthorized credit card use had yet been reported by customers.

Story, here.

In a lot of data breaches, the companies affected have been slow to admit anything. In this instance, it appears that ATT is doing so and making an effort to notify it's customers.

Covering up data breaches to avoid "bad publicity" erodes consumer confidence in the company breached. Maybe some companies are finally realizing this?

Sometimes the best way to solve a problem is to attack it, head-on!

Sunday, August 27, 2006

Spam E-Mail from Anti Child Porn Agency (Impersonator) Harbors a Trojan

Last week, the mainstream media was reporting how porn users were being targeted by phishy e-mails. Here is another (recent) example of where the threat of being labeled as a "child porn user" is being used as a "hook" to trick people into downloading a malicious Trojan on their system:

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a Trojan horse that has been spammed out in an email claiming to come from an organization fighting child pornography on the web.

The emails claim that the recipient's email address has been found in a child porn database discovered by the Association of Sites Advocating Child Protection (ASACP), but really contain a Trojan horse.

The Troj/Agent-CPK Trojan horse has been spammed out in the email messages, with the subject line "CP investigation was started."

Link to Sophos alert, here.

For a previous alert from Sophos in March about "child porn" being used as a lure, link here.

If you want to learn about how to fight child porn, the "International Centre for Missing & Exploited Children" is a great place to learn how to protect our young from this vicious crime.

Ted Becomes Ed

When I started this blog, I decided to use a "ghost name". Of course, I explained to this to anyone I made personal contact with.

After some reflection and talking to a lot of friends - both personal and the many I've made by writing this blog - I've decided to start using my real name.

Therefore, from today, Ted goes back to being "plain old Ed."