Saturday, March 17, 2007

Copy machines could store information useful to identity thieves

With copies of tax documents being made in massive numbers as the deadline grows nearer, we have something new to worry about.

My daughter a.k.a (Quembel) passed this one on to me from the AP (courtesy of CNN):

Consumers are bombarded with warnings about identity theft. Publicized threats range from mailbox thieves and lost laptops to the higher-tech methods of e-mail scams and corporate data invasions.

Now, experts are warning that photocopiers could be a culprit as well.

That's because most digital copiers manufactured in the past five years have disk drives -- the same kind of data-storage mechanism found in computers -- to reproduce documents.

AP story, here.

I'll quote my friend "Dissent" at PogowasRight on this one - "We have met the enemy and he is us."

Auction Fraud Tops FBI's 2006 Internet Crime Report

The FBI's Internet Crime Report for 2006 has been released. It shows that 45 percent of the complaints are for auction fraud and that "old standards" like the Nigerian letter still hook victims.

In fact, according to the report, the Nigerian Letter accounted for the highest median loss ($5,100).

Other Internet crimes covered in the report are identity theft, investment fraud, cyberstalking, phishing, spoofing and spamming.

The report indicates more crimes were reported to the FBI in 2006 than in any other previous year.

While we might like to believe that Internet crime comes from afar, the report shows 61 percent of Internet fraudsters come from the United States. Other countries of origin listed were the U.K., Nigeria, Canada, Romania, and Italy.

74 percent of the victims were contacted via e-mail.

Full report, here.

The report has tips on how to avoid becoming a victim.

More tips can be viewed on the IC3 site, here.

Friday, March 16, 2007

A good argument for a federal law requiring disclosure of data breaches

An assistant professor at the University of Washington co-authored a study on data breaches (compromised personal and financial information), which reveals that the amount of compromised information out there could be a lot worse than anyone thought.

From Physorg.com:

If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic grades or medical history – will become compromised, and it’s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.
While the news media is full of stories about hackers, his survey revealed 60 percent of the breaches were due to "organizational mismanagement." The report is referring to lost (stolen) hardware, internal theft, administrative error, or accidentally exposing the information online.

According to the authors, gathering the information for this study wouldn't have been possible before state laws were passed requiring disclosure of data breaches.

Laws requiring this are only on the books in less than half of the states, nationwide.

Phys.org story, here.

Unfortunately, despite a lot of effort, no federal law has been passed, and the most current version before Congress threatens to make it easier not to report data breaches.

Here is a previous post about that subject:

Consumers Union Calls for Congress to Protect People's Personal Information

Tuesday, March 13, 2007

Civil Servants under scrutiny for credit card abuses

Senator Grassley (Iowa) is introducing legislation to counter what he calls massive abuse with government credit cards.

He is quoted on his site as saying:
Every time we open these GAO reports we find more outrageous spending. Internet gambling and a Yankees baseball game don’t seem to be appropriate uses of tax payer money. The federal agencies don’t seem to be stepping up, so our legislation helps put some common sense controls on these credit cards.

The press release covers this in more detail:

Grassley said the legislation would also stipulate that cases of fraud be referred to the U.S. Attorney for prosecution and employees that egregiously misuse or commit fraud with a government charge card be fired. The bill would also increase oversight by providing that each agency Inspector General periodically conduct risk assessments and audits to identify fraud and improper use of credit cards.

Following the devastation of Hurricane Katrina, Grassley was concerned that provision raising the limit for emergency "micro-purchases" on government credit cards from $15,000 to $250,000 was ripe for waste, fraud and abuse and successfully fought to bring the limit back down. At the time, Grassley said that wasting taxpayer money does not help the victims of Hurricane Katrina.
Does this mean that government employees can commit fraud and waste taxpayer money without being fired, or prosecuted? If this happened in the private sector, the culprits would likely be fired and (possibly) prosecuted.

The sad thing is that Senator Grassley has attempted to introduce this legislation in the last two Congresses and it was never acted upon.

So far wasted taxpayer money not helping the Katrina victims, the GAO confirmed Senator Grassley's prediction. Here is a previous post on that matter:

More Allegations of Money Wasted in Katrina

Senator Grassley's press release on this matter, here.

Of note, Senators Norm Coleman of Minn., Joe Lieberman of Connecticut, and Susan Collins of Maine are supporting Senator Grassley in this legislation. Congressman Joe Wilson has filed similar legislation in the House of Representatives on government credit card abuse.

Civil servants should be held to at least the same standard as the people they are serving!

Sunday, March 11, 2007

If you own a small business it pays to be aware of scams and exercise due diligence

Individuals and eBay warriors aren't the only people being targeted by advance fee and overpayment scams. Businesses, especially smaller ones, are now suffering losses with ever increasing frequency.

The Association of Certified Fraud Examiners noted in their last report to the nation that small businesses suffer "disproportionate fraud losses," when they become a fraud victim.

Part of the reason for this is large businesses employ people to deal with fraud. The other part of the reason is they can't afford the exposure (as well as) larger businesses can.

Report, here.

Rich Mintzer (Entrepreneur.com) did a pretty detailed article in January about how small business is targeted by fraudsters. He has some smart tips for business owners:
Smart Tip: Don’t ship any products to a buyer on a pre-paid basis unless you’ve done business with the company previously or can verify the legitimacy of its payment method.

Smart Tip: It’s better to be safe than sorry. Never send products or refunds to a first-time buyer until their check has cleared the bank.

Smart Tip: The bottom line is, if you haven’t seen a directory before and can’t verify that it’s actually distributed, you’d be wise to steer clear of any such offers.

Smart Tip: If it’s the vending machine business you’re interested in, do your own homework and contact companies you’ve done your research on. And be leery of local ads for new vendors that offer a toll-free number and a chance to make "big bucks."
Rich's tips (with more detail), here.

Michael Webster, an attorney practicing in Toronto, has an excellent site, which educates all of us on business scams:

Misleading Advertising Law (Due Diligence for Income Earning Opportunities).

A little awareness and (due diligence) can stop most fraud dead in it's tracks!