Saturday, October 07, 2006

Task Force Tackles Identity Theft in Southern California

U.S. Attorney Debra Yong Wang recently announced a series of arrests made by a previously undisclosed "identity theft task force" in Southern California.

In her own words:

"Your mail carrier, mortgage broker or even the server at your favorite restaurant may be to blame."

And there have been recent arrests to prove this:

Several servers at TGIF's, Cheesecake Factory and other restaurant chains were caught "cloning" debit and credit cards.

Mortgage brokers were caught running credit reports - and using the information to buy expensive merchandise and drugs. Of course - this was done at the expense of the people they compromised.

Postal workers stole refund checks and credit card information to sell to a pretty organized operation in Las Vegas.

At the news conference, William Atkins, of the Postal Inspectors said "I wouldn't let my credit card out of my sight."

He probably knows how easy it is for the average person to get a portable skimmer. As you will see, Inspector Atkins' advice is well-founded.

A criminal can find all the necessary hardware on eBay, see here.

And if you can't find it on eBay - a simple Google search leads to all sorts of possibilities, see here.

If you happen to notice this type of activity, Visa will pay you $1,000.00 for reporting it - if the person is convicted, here.

There ought to be laws against selling this to anyone over the Internet.

Since, I didn't have time to attend the press conference - I had to read most of this on-line. For more details, courtesy of the LA Times, link here.

(Card reader for sale on eBay)

Hillary Calls for Better Protection on Debit Card Transactions

NY1 news is reporting that Hillary Clinton is pushing a bill that would give debit-card holders the same protection as those who use credit cards.

Link, here.

We've seen a lot of activity recently, where debit cards were compromised in a variety of schemes. The article states there was 2.75 billion dollars in fraud attributed to this in the United States last year. Note that this doesn't take into account that this isn't just a problem in the United States.

Besides entire point of sale systems being hacked, ATM skimming seems to be happening at an alarming rate. Here is a post (along with pictures), illustrating how this can happen:

ATM Machines That Clone Your Card

If you are interested in learning what the differences are in protection, US PIRG has some good information, here.

Auction Fraud and the Romanian Connection

(Interesting picture courtesy of Yahoo Group, eBay_scamkillers)

A lot of Internet crime seems to either come from Romania, or is tied into nationals from that country. Yesterday, I was reading about an arrest in the Los Angeles area, where two Romanians were indicted for auction fraud involving wire transfers and identity theft.

Courtesy of U.S. Newswire:

The indictment alleges that Manolache, Salageanu and others were involved in an Internet scam that defrauded victims across the United States by holding bogus auctions on eBay, Yahoo! Auctions and The conspirators posted items for sale that were never intended to be sold, then collected money from the "successful" bidders. The victims were instructed by the online sellers to send their payment by Western Union to circumvent online payment systems. Manolache and Salageanu then went to Western Union locations in the Los Angeles area and, using false identification, collected the victims' money. None of the victims received the items they had purchased.

As part of the scheme, the online sellers often masqueraded as Hurricane Katrina relief organizations.

Newswire story, here.

It seems that a lot of the intelligence used to go after Manolache and Salageanu was compiled by the Internet Crime Complaint Center (IC3). They have a page dedicated to this (Romanian) activity, which says:

Auction fraud is the most prevalent of Internet crimes associated with Romania. The subjects have saturated the Internet auctions and offer almost every in-demand product. The subjects have also become more flexible, allowing victims to send half the funds now, and the other half when the item arrives.

Internet Crime Complaint Center page, here.

And there are private individuals, who are fed up with auction fraud originating from Romania. Yahoo group, eBay_scamkillers is one such group comprised of volunteers that actively fight the Romanian scammers.

Here is what they say about their group:

Too many people are being rejected because they fail to properly identify themselves. If we even THINK you are a Romanian, you will be rejected. Take a moment to send a note to the group owner.

We share resources, baiting techniques and, of course... war stories! It's OK to lurk here, but why not join and help us SCAM THE SCAMMERS?

If you are a whiner, please do not join this group. There are plenty of eBay anti-scam forums where people can go to cry on each others' shoulders about their misfortunes.

WE ARE PRO-ACTIVE and WE ATTACK THE SCAMMERS ON MANY FRONTS. We use every available resource to fight back and we are VERY successful.

Link, here.

At first look, the site appears to be fairly inactive, but if you are accepted (after their screening process), they contact you.

Auction fraud is one of the biggest issues in the world of Internet crime. On an interesting side note, this recent indictment also highlights that not all auction fraud occurs on eBay. A lot of the complaints on these two Romanian nationals were from and Yahoo! Auctions.

There has been a lot in the news lately about flocks of eBay users seeking "greener pastures." It will be interesting to see if "auction fraud" follows them.

Friday, October 06, 2006

Dollar Tree Hacker Nabbed - Do You Know His Friend?

Surveillance Photo Courtesy of CBS/USSS
Last summer, Dollar Tree and a lot of their customers were victimized -- when their point of sale platforms were compromised (hacked) -- and a large amount of debit-card information was stolen.
It was reported that the loss from this caper amounted to about a million dollars.
CBS reported yesterday that a Glendale man, Parkev Krmoian was arrested in this matter. His partner-in-crime (pictured above) is still at large.
The fraudulent debit-card activity occurred in Northern California, but Parkev was arrested in Southern California (Glendale).
CBS story, here.
If you happen to see, or know Parkev's friend - please notify the Sacramento Secret Service Office at 916-930-2130.

Thursday, October 05, 2006

PhishTank Joins the War on Phishing

OpenDNS has started a new antiphishing site called PhishTank. Upon becoming a registered member, one can submit a suspected site (phish) and even help verify (whether or not) the sites are actually malicious.

Phishing is behind a lot of financial crimes, normally related to identity theft.

OpenDNS plans to make the data collected from this effort free for developers interested in building anti-phishing applications.

Besides collecting data at PhishTank, other sources will be used, such as Support Intelligence, Team Cymru and CastleCops.

CastleCops and Sunbelt Software run the PIRT (Phishing Incident Reporting and Termination Squad) , which I have blogged about before.

It's great to see this type of teamwork in the IT world. Despite all efforts, the phishing problem keeps growing and "do it yourself phishing kits" (openly sold on the Internet) have made this type of criminal activity too easy to do.

Hopefully, law enforcement is going take advantage of this data. Prevention and awareness will stop a lot of phishing, but sending some of the phishermen to jail sends a strong message, also.

If you are interested in assisting the community at PhishTank, link here.

Wednesday, October 04, 2006

Insiders are a Threat to Securing our Borders

We plan to spend billions of dollars securing our border. Here is a scary story from USA Today about how insiders are circumventing the controls already in place:

Consider: On the California border, at least nine immigration officers have been arrested or sentenced on corruption-related charges in the past 12 months. One of those convicted of smuggling in illegal immigrants turned out to be an illegal immigrant himself, who had used a fake birth certificate to get hired by the Border Patrol.

On the Texas border, at least 10 officers have been charged or sentenced in corruption schemes over the past year, including four Border Patrol agents — all assigned to the same highway checkpoint — who admitted taking money to let both drugs and migrants pass.

The numbers are a snapshot, but the picture is clear.

USA Today story, here.

Of course - this is nothing new - the easiest way to get past any security system is to have an inside connection.

Perhaps, the Secret Service is right on target with their study on the "insider problem."

And as long as border insecurity is profitable to the criminal element - I fear there will be plenty of financial resources to recruit - or plant - dishonest people within organizations to do their bidding.

Sunday, October 01, 2006

Are Your Personal Financial Details being Outsourced by the Outsourcers?

In their quest for cheap labor - many companies now outsource services to Bangalore (India). But have these companies performed their "due diligence" about how well their customer's personal information is being protected? It appears, at least in some instances, they haven't.

Jon Ungoed-Thomas and Roger Waite of the Sunday Times report:

CREDIT card data, along with passport and driving license numbers, are being stolen from call centres in India and sold to the highest bidder, an investigation has found.

Middlemen are offering bulk packages of tens of thousands of credit card numbers for sale. They even have access to taped telephone conversations in which British customers disclose sensitive security information to call centre staff.

Link to Sunday Times story, here.

During their investigation, one of these middlemen offered a database with 200,000 people's credit card information. He also had passport numbers, drivers license numbers, personal banking details and another 8,000 people's (personal details) from a mobile phone company.

With chatrooms and websites selling this type of information - my speculation is that it could end up being used just about anywhere in the world.

The Associated Press did an interesting piece about this last month, here.

And I'm not only going to blame outsourcing to India - the lack of "due diligence" in protecting people's personal information is a global problem fueled by the quest for profit.

There's nothing wrong with making a profit, but it isn't fair to do so at the expense of other people.

The problem is that most of these companies consider identity theft a cost of doing business and pass the costs on to their customers as a whole. My question is with entire databases being sold and "laundered" through the Internet, how is anyone going to figure out where the information originally came from?

If this problem continues to grow - we are all going to end up paying for it!

It's unlikely if any of the companies scattering the information all over the world are going to admit they were the original point of compromise.

Yellow Page Scams

Recently, someone told me about a scam involving Yellow Pages invoices sent to businesses. I decided to do a little research on it and found a great press release on this from the Postal Inspectors.

In their own words:

The fraudulent Yellow Pages promotion usually begins with a promoter mailing your company a copy--or a cut-out original--of the advertisement you placed in your local telephone company's current yellow pages. The ad is accompanied by an invoice whose design implies it is being sent by the telephone company. The promoter wants to deceive you into thinking that if you pay the invoice you are authorizing your local phone company to print the same ad in the next edition of its yellow pages. What you receive is either nothing, your ad in only a few copies of a cheaply prepared directory, or your ad in a directory that is distributed not nearly as widely as the phone company's yellow pages.

Here is what they recommend to avoid this scam:

  • Call the phone company and ask if it sent the solicitation.
  • If the solicitation was not sent by the telephone company and is deceptive in any way, do not deal with the promoter.
  • If you have never heard of the promoter or publication but are interested in placing an ad, talk to the promoter and ask questions of concern; if any of the answers are unsatisfactory, do not deal with the promoter.
  • Call your local Better Business Bureau or Chamber of Commerce for any information they may have on the promoter.
  • Do not place an ad in the directory if you are not certain with whom you are dealing and do not have commitments you feel you can rely on as to date of publication and area of distribution.
  • Be suspicious if the invoice includes a threat that your yellow pages listing will be deleted if you do not pay immediately.

*If you are a large company - where local managers might approve something like this - ensure you educate the people working for you know about this type of scam. I would make sure your accounts payable people are AWARE, also!

Full release, here.

Report activity like this to the Postal Inspectors, here.

Sunbelt Blog Shows How the Greeting Card Scam Works

Alex Eckelberry at the Sunbelt Blog did a post on the greeting card scam. In this scam, an e-mail is sent to the intended victim telling them they have received a card. If an unwary person clicks on the link - malware is inserted into their computer system.

Please note that the malware (crimeware) being installed (Haxdoor) is capable of stealing passwords, which can be used to commit identity theft. Alex put a pretty informative link on his post, which gives the "411" on it (along with pics).

Sunbelt post, here.

Alex's blog is a great resource to keep up on what the (malicious) hackers are up to and how to avoid becoming one of their victims.

The moral of this story is to never download anything unless you are POSITIVE, who sent it to you!