Saturday, September 09, 2006

Jose R. Nunez - An Innocent Victim of the 9-11 Murderers

It happened almost five years ago and most of us will never forget exactly where we were at, or what we were doing on 9-11. It was a day that changed the world.

I'm here to remember the father of three daughters, Jose R. Nunez, who at age 42 was murdered by a bunch of cowards seeking their own sick "glory."

Jose was a hard working man, devoted to his family, who died because he was at the wrong place at the wrong time.

Mirelys, Marelnys and Melissa (Jose's daughters) have been forced to grow up without the father they knew and loved.

The murderers behind 9-11 and their cronies have made killing innocent people "a strategy" in their efforts to spread their malicious beliefs. Even as we hunt them down - they seem to violate the norms of war by not wearing uniforms and hiding behind innocent civilians.

We need to recognize them for what they really are - or dangerous criminals.

Jose was a real person and loved by real people. For them, nothing is going to replace Jose as the father, husband and friend he actually was.

God bless our brother, Jose. May we never forget his sacrifice, or the real suffering imposed on his loved ones.

The blogosphere (2996) of us are remembering the people - who have their lives on 9-11. If you would like to read more, link here.

Friday, September 08, 2006

Chase Throws Away Credit Information on 2.6 Million Circuit City Customers

With all recent concern about data breaches, here is a scary press release:

Chase Card Services today announced that it is notifying 2.6 million current and former Circuit City credit card account holders that computer tapes containing their personal information were mistakenly identified as trash and thrown out. Working closely with federal and local law enforcement, Chase conducted a thorough investigation and believes that the tapes, contained within a locked box, were compacted, destroyed and are buried in a landfill where the trash was taken.

Chase has been monitoring all of the affected accounts and has not identified any misuse of personal information connected to this occurrence. No other Chase accounts are involved in this incident.

Press release, here.

Chase isn't releasing the details of the "thorough investigation" that points to the tapes being "mistakenly" thrown away in a land fill. If you read closely, they "believe" the tapes were thrown away.

The press release also states that Chase is monitoring activity on the accounts and nothing has happened, but doesn't say exactly what personal information was compromised. If it was the standard information credit card companies keep, it could be used a lot of other places besides Circuit City.

In a lot of cases, identity theft victims have their information used to open numerous lines of credit.

To me, after reading this closely, this means that they aren't positive what happened to the tapes and we have 2.6 million potential identity theft victims running around.

The Federal Trade Commission (FTC) has information on what to do if you are at risk, or have already become a victim, here.

Thursday, September 07, 2006

TSA Bungles and Exposes Employee Information

Data breaches are being reported too frequently - and all too often - they involve government agencies:

Thomas Frank, of USA TODAY is reporting:

The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud.

The error, acknowledged in letters the TSA mailed in late August to each of the former employees, is the latest in a series of data breaches that may have exposed workers in both private and government jobs to identity thieves.

"Making a mistake like this is abominable," said Beth Givens, director of the Privacy Rights Clearinghouse, an advocate for consumer privacy. "You've got an agency whose mission is security."

The TSA is part of the Homeland Security Department. Its 55,000 employees primarily run airport security.

Full story, here.

The Privacy Rights Clearinghouse maintains a record of data breaches, here.

They also have an interesting newsletter on current federal legislation concerning this subject - which many don't think is the best solution - here.

Counterfeit Cashier's Checks Fuel Internet Crime

Tom Fragala - Truston Identity Theft Blog - and I were talking about how counterfeit cashier's checks have become a long-term problem in the world of Internet crime.

It's often difficult to verify that a check is counterfeit. They often use valid account numbers, which verify (easily) in the computerized telephone systems that most banks use today. Quite simply, unless the bank or the account owner is aware of that their account is being counterfeited - the item will appear to be legitimate.

Furthermore -- a lot of banks have taken the stance in recent years -- that they will not verify whether a check is good, or not. It's getting harder all the time to verify checks with banks.

The lottery, auction, work-at-home (check cashing), romance, advance fee (419) and secret shopper scams all have a common theme -- they often use counterfeit cashiers checks to lure victims into negotiating the item and wiring the money off to some far-away location.

The fraudsters often request that you use Western Union, or MoneyGram to wire money to them. They are also known to use wire transfers services offered by banks. Once the money is picked up (normally very quickly in scams), the sender has very little, or no recourse.

The golden rule is to never wire money to people you don't know, or only know from the Internet.

To understand why Internet fraudsters prefer counterfeiting these instruments, one can refer to the legal definition of a cashier's check (courtesy of Wikipedia):

Under Article 3 of the Uniform Commercial Code, a cashier's check is effective as a note of the bank. Also, according to Regulation CC (Reg CC) of the Federal Reserve, cashier's checks are recognized as "guaranteed funds" and amounts under $5000 are not subject to deposit holds, except under certain circumstances.

To the person receiving the item, they appear as if they are guaranteed by the bank and if the check is under $5,000.00 - there is no hold on the funds. The fraudsters know this and it will normally be 7-10 days before their victim discovers that anything is wrong.

There was a recent story circulating in the press about a "seemingly cautious gentleman," who decided to have his bank examine the item before he went forward with an auction deal. The bank told him the item was good (twice) and he deposited it. Several days later, while reviewing his online statement, he discovered that this wasn't the case and the bank had withdrawn the funds.

In the article, the bank blamed "Reg CC," because they are unable to hold the funds. Not completely true, an exception can be made if they have reason to believe the item can't be collected. The item may also be sent in as a collection versus depositing it in the account.

Nonetheless, in this instance, the bank had little to no liability because the item was counterfeit.

To illustrate, the amount of this activity, the FDIC sends out alerts on counterfeit cashier's checks. If you would like to see how many alerts -- they've issued recently (scary) -- link here.

Here are some things a person can do to see if a cashier's check is fraudulent:

If someone is asking you to wire money back to them - it's more than likely a scam.

Review the security features of a cashier's check. Despite the "booming" make your own check industry, some of the items out there are pretty amateur. Wikipedia has a good reference on the security features, here.

Review recent FDIC alerts - in a lot of cases, a warning has already been issued.

Verify the check with the issuing institution. Although this isn't 100 percent effective in the case of a counterfeit, they can normally verify certain items; like the ABA/account number, payee, check number, date of issuance, authorized signer and amount.

When you call the bank, never use the number printed on the check. Quite often - phony numbers with phony employees are set up to verify these items. Get the bank's number from a website, or telephone directory. Using 411 (information) might not be the best way to verify a number. Recently, there have been phony numbers set up that verify through - and reverse - through 411.

Since, there are also a lot of phony bank sites out there, if you use the Internet, TrustWatch is a good option for a search engine. TrustWatch will show you via a "coded coloring system," whether the site is verified to be legitimate, or not.

In some instances, good cashier's checks are copied, which defeats verifying the item by telephone. Once the counterfeit item is cashed, the fraudster negotiates the good item and the counterfeit is returned. This is also seen (occasionally) with counterfeit money orders.

If you are still uncomfortable after talking to the bank - ask to speak to a supervisor, or even better - someone in the fraud department. Ask if you can fax them a copy of the item for them to look at. A good way to do this - is to tell them you have a reason to suspect fraud.

Scams that involve, counterfeit cashier's checks, always represent something that is too good to be true. If this is the case, it probably is.

Wednesday, September 06, 2006

Do It Yourself Crime Kits Victimize the Masses

It appears that phishing attempts have hit an all time record thanks to the availability of "do it yourself kits" available on the Internet.

Phishing is a leading cause of identity theft, which impacts millions of people a year.

Dinah Greek, Computeract!ve reports:

This was the warning from the Anti Phishing Working Group (APWG) , which said the kits allow non-technical criminals to start up their own online criminal empires.

All the information they need to set up phishing emails or websites infected with malware, such as Trojans, viruses and worms, is contained in the kits bought and sold online.

Full story, here.

Do it yourself (crimeware) kits aren't entirely new and have been reported before, here.

We keep hearing about the record number of phishing attempts being recorded. Unless some of these people start getting caught - we are likely to see the number continue to grow!

And the criminal "do it yourself industry" doesn't limit itself to phishing. Kits on how to scam on auction sites are also being sold (previous post), here.

Monday, September 04, 2006

The Hidden Dangers of Identity Theft

When most of us think about identity theft, we think about someone assuming debts in another person's name. While this is a huge problem, it isn't the only way identities are being used.

Illegal immigrants, criminals and even terrorists might be using stolen identities to commit a number of crimes. From obtaining a job and credit in someone else's name to ordering supplies to manufacture methamphetamine - identities are being stolen to facilitate a lot of illegal activities.

Although a little dated (2002), here is an extensive report from the GAO detailing the problem:

Identity Fraud - Prevalence and Links to Alien Illegal Activities

Even more scary - is the very real possibility that innocent people will be held accountable for other people's illegal activities.

With the record amounts of data breaches and identities being sold (routinely) over the Internet, the problem is continuing to get worse.

Here is a post, I did about why we are approaching the problem the wrong way:

Are We Addressing Cyber Crime from the Wrong End

Identity theft threatens our financial stability, privacy and national security and we can no longer afford to ignore that fact.

Sunday, September 03, 2006

The FBI Will Pay for Information on Katrina Fraud

There is no doubt that there was a lot of fraud in the hurricane disasters a year ago. The Clarion Ledger (Mississippi) is reporting that the FBI will pay for information on Katrina related fraud:

Mississippi public corruption cases are on the rise in the wake of Hurricane Katrina, and the FBI will have 10 full-time agents investigating Katrina-related fraud by December.

Authorities are encouraging the public to come forward with tips and are offering cash rewards.

"If you see something, you hear something or learn something, even if you believe it's insignificant, if that little light goes on in the back of your head, that 'boy, this just doesn't look right,' don't be afraid to call," said John Raucci, the FBI's special agent in charge in Mississippi.

He said sometimes seemingly insignificant details can crack a federal case.

Cases of fraud are increasing in south Mississippi as billions of dollars in federal funds are authorized for the recovery effort. Raucci said publicizing the reward system is one way to help combat fraud.

"I myself can authorize up to $25,000 for any information," Raucci said. "That's just me out of my budget. I can go back to headquarters with one phone call and get $100,000. There are also other types of cases where you can actually get a percentage."

Full story, here.

I'm not sure if they are running a similar program in Louisiana. There are probably a few people who deserve to caught there, also.

Of course - there are also people - who report crime because it is the right thing to do. If everybody reported it for that reason - it would go a long way towards making our world a better place to live.