Friday, March 02, 2007

Bank's Telephone ID Spoofed in Vishing Scam

People in Jefferson City, Missouri are receiving fraudulent telephone calls soliciting their personal and banking information. Even worse, their caller ID reflects that the call is coming from a bank.

A new term (vishing) is being used to describe this kind of fraudulent activity. Scams over the telephone are nothing new, but many experts believe that VoIP technology is making the problem worse.

Michelle Brooks, of the News Tribune is reporting:

More than 1,000 people in the Jefferson City area received a prerecorded phone message Wednesday that sought customer information and claimed to be from “Central Trust Bank”- a name Central Bank does not go by - and, in fact, showed Central Bank's customer service line on caller ID systems.

News Tribune story, here.

Besides stealing from people, a Washington Post story shows how this technology can be used by stalkers and criminals, who are potentially violent (stalkers).

This technology is a favorite of collection and telemarketing types to get people to answer their telephones. Some of the people marketing this technology, claim their intent is to protect privacy.

Of course, some of us believe, that this technology is violating a lot of people's privacy.

One of the most scary examples of this is They sell a calling card that not only spoofs the number being called from, but gives their customers the ability to change their voice. The calls are also recorded (accessible by calling a 800 number).

Besides this company, there are many others, that are hawking Caller-ID spoofing. Collection agencies and telemarketing types use the technology to trick people into answering their telephones.

The FTC (Federal Trade Commission) seems to be taking a look at this problem, a list of their press releases on this matter can be viewed, here.

The FCC (Federal Communications Commission) also has a lot of information about the problem on their site, here.

If you are mad about someone doing this to you, the FCC has a complaint form, here.

Isn't it a shame that we constantly see so-called legitimate businesses profiting from technology that victimizes the general population?

Congress needs to work with the FCC and the FTC to pass a law against this abuse!

Thursday, March 01, 2007

Internet Spammers fail to keep CastleCops down

CastleCops, the all volunteer site dedicated to fighting phishing, fraud and dastardly deeds on the Internet is back in action. The site had been under a massive DDos attack for the past couple of weeks.

Paul Laudanski (CastleCops founder) announced the sites return to action via an e-mail to the community tonight.

Brian Krebbs (Washington Post) did an interesting post about the attack on his blog, where he quoted Robin Laudanski (Paul's better half and co-founder) as saying:

"I take [the attacks] as a compliment because if we weren't putting a dent in the bad guys' pocketbooks, we wouldn't be getting attacked," Laudanski said. "It means we're being a pain, and that we're doing something right."

It appears the criminals behind this attack can't keep the good folks at CastleCops down!

Robin also said that this has brought about a lot of support from the security community to rally and support the site.

CastleCops is a great place to learn about and report Internet scams.

They also run the PIRT Phishing Incident Reporting and Termination Squad, where anyone can report phishy e-mails. Last I heard, they are looking for handlers, also.

If you are looking for a good place to help take back the Internet from criminals, CastleCops is a great place to give your support to.

You can see all the information about the attack, here.

Wednesday, February 28, 2007

Could the arrests in the Stop and Shop data breach indicate a tie to Armenian Mobsters?

( Photo courtesy of Stop & Shop and the Rhode Island Police)

Stop & Shop has recently been in the news because of a data breach, involving compromised debit and credit card information. The data breach was traced to PIN pads that had been mysteriously replaced.

To read my original post on the Stop & Shop data-breach, link here.

Monday night, Stop & Shop employees spotted four individuals attempting to remove PIN pads at one of their stores. Police were notified, store video was shared with them, and four arrests were eventually made.

After the disclosure, Stop & Shop bolted down the PIN pads at all their stores. Some believe this helped slow the crooks down long enough to be noticed.

Despite this, some alert employees certainly deserve some recognition.

The Rhode Island police published some of the video stills of the suspects in action, here.

Ray Henry of the AP is reporting:

The men were arrested Monday night while attempting to switch keypads at a store in Coventry, police said. A store security officer called police after employees noticed one suspect trying to remove a keypad while two others were seeking to distract workers.

Arutyun Shatarevyan, 20, Mikael Stepanian, 28, Gevork Baltadjian, 20, and Arman Ter-Esayan, 22, were arrested and charged with conspiracy, computer theft and fraud. They were scheduled to be arraigned Tuesday afternoon in Kent County District Court.
Data breaches have become a huge issue, with new reports surfacing (it seems) every week. Over 100 million Americans have had their information compromised since 2005, according to the Privacy Rights Clearinghouse, which has maintained a chronology of these occurrences.

AP story, here.

Interestingly enough, the arrested individuals are from California. Judging by their surnames, they are of Armenian descent. This brings to mind a previous breach, where two fraudsters were charged after a data breach at Dollar Tree - they were also from California and have Armenian surnames.

Parkev Krmoian was arrested in the Dollar Tree episode and (at the time), a picture of his friend was being circulated (who was still at large), here.

Armenian organized crime is a big problem in Glendale (where Krimoian was from), and they are known to be involved in "lucrative white collar crimes," such as credit-card fraud. Glendale and Hollywood in Southern California has the largest Armenian population outside of Armenia.

If you are interested in learning more about Armenian organized crime, has a nice little write-up, here.

Placing skimming devices in public places is a growing phenomenon, Tom Fragala (MyTruston) did a great post on this (with video), here.

The video is pretty amazing!

Sunday, February 25, 2007

MyTruston, a privacy friendly identity theft prevention/recovery service based on trust

Tom Fragala, CEO of MyTruston (Identity Theft Prevention and Recovery Services) has created a service for identity theft victims, where they don't have to put all their personal information (which was used to steal money) on another database.

This makes a lot of sense, when databases seem to be compromised, weekly. The Privacy Rights Clearinghouse has ample evidence supporting this in their chronology of data breaches, here.

The concept behind MyTruston is that preventing identity theft should be free. People only have to pay (if and when) they become a victim, and only do so, while in the recovery process.

In a recent conversation with Tom, I asked him what would happen if someone suspended the service, and changed their mind, later. He told me that the system would retain all their information, and they could start all over (as if they never left). Since identity theft can (raise it's ugly head over and over again) when new fraudulent accounts are opened, this is a pretty customer friendly feature.

Most of the current identity theft services count on a person paying for them over a long period of time, whether they use it, or not. In fact, these services are probably betting on making a lot of money from people, who never use them.

Additionally, with most of these services, you aren't covered unless you've paid the up-front premiums.

With MyTruston, the prevention part is free, and if you need to recover; you'll spend a lot less money and do it the right way (the first time). For $19.99 a month, that's a pretty fair deal.

There must be a lot of people not buying some of the current services on the market. Out of 205 million active credit customers, less than 5 percent subscribe to a service. This tells me that a lot of people aren't buying some of the services out there, but still might benefit from one.

Studies indicate that 1 in 5 of us has been a victim of identity theft in the past five years. People need to be able to go somewhere, they can both trust and takes care of the problem at a reasonable price.

MyTruston delivers this, and the service was designed by someone (Tom Fragala), who had a personal experience with identity theft. Many of the key principles behind the service, were based on his experience (as well as) more than a 1000 hours helping other victims.

The service is easy to use (I tested it myself) and it walked me through each recovery step. A person can stop in the process anywhere, and it automatically reminds you where you left off.

Tom is currently working on developing protection for more sophisticated forms of identity theft, and plans to roll them out in the near future. These forms of identity theft, which sometimes aren't very apparent, have been the subject of a lot of speculation, recently.

Identity theft is a problem that isn't going to disappear very soon.

Given current trends, Thomas Harkin (former director of Mastercards fraud division) recently predicted the problem could grow as much as 20 times in a USA Today article. One of the reasons for this is only an estimated 6 out of a 100 criminals stealing people's identities ever get convicted.

You can take a look at MyTruston, here.

Tom is also a fellow blogger, and covers this subject (identity theft) on his blog. I read and link to what he says, frequently.