Saturday, April 07, 2007

buySAFE takes on the issue of counterfeit (knock off) merchandise

buySAFE bonds sellers after verifying they are reputable and honest. They also contribute their time to protecting the average person in the sometimes murky waters of e-commerce. Recently, buySAFE has been taking on the (huge) issue of counterfeit merchandise.

Consumers are protected when they buy from a merchant bearing the buySAFE seal. Not a very bad deal for the consumer! Bonding isn't free, but many merchants experience higher sales volumes after being accepted by buySAFE. Trust can drive a lot of sales! buySAFE is also a viable means for a merchant to protect their assets.

The Association of Certified Fraud Examiners noted in their last report to the nation that small businesses suffer "disproportionate fraud losses," when they are victimized by fraud. Large merchants can afford experts to deal with their fraud problems, however the cost is hiring experts can be restrictive for smaller merchants.

Of the numerous fraud issues found on auction sites, complaints about counterfeit goods rank pretty high. People buy items believing they are the "real deal," only to discover the item is a (knock-off) counterfeit.

Companies, who sell respected and trusted brands, are impacted by a loss of sales and consumer trust in their products, also. Some of them have already filed civil litigation against eBay because of the amount of knock-off (counterfeit) merchandise being sold on the site.

Even though auction sites offer seller rating systems, these ratings are often compromised when seller accounts are hijacked (taken over). eBay and PayPal (by most accounts) are recognized as the two most phished brands out there.

The intent of most of these Phishing schemes is to obtain personal/financial information to steal money (and or) take over legitimate accounts.

This can also happen when malware (crimeware) is inserted into an unprotected system and personal/financial details are stolen, normally using key logging software. Sadly enough, the criminal element has found it pretty easy to remain anonymous on auction sites, and few of them seem to get caught.

Whenever the Anti Phishing Working Group (APWG) releases a new report, both of these activities seem to set a new record that surpasses the previous one.

Recently, eBay seems to be taking the fraud problem a lot more seriously, but someone using the name of "Vladuz" is intent on proving their systems are easily compromised. A good place to keep up on the Vladuz saga is

Although a good information source, I'm not certain that bashing Meg is the solution to fraud on auction sites.

Being the largest auction site, eBay is targeted by fraud all the time because of their popularity.

Fraud has already migrated to other auction sites, but they will always target the most popular.

The reason for this is simple (and it's only business for them) - there are more victims to harvest in popular places.

The term "Vlad" was based on a Romanian historical figure, Vlad Tepes, who inspired the novel, Dracula. In recent times, the term has come to signify fraudsters from Romania, who are well established and organized in the world of auction fraud.

Besides, protecting merchants and consumers, buySAFE makes a lot of contributions to addressing fraud issues on auction sites. Most recently, Jeff Grass (buySAFE CEO) has posted a lot of educational information on his blog about the counterfeit problem, here.

Jeff also appeared on the Today show, when they did a piece on counterfeit goods.You can view a clip of the show, here.

And the Today show isn't the only place that considers buy Safe’s views on the counterfeit problem important. The French government recently included buySAFE as part of a U.S. delegation (including government experts) to discuss the problem of counterfeit goods.

The INTERNATION ANTICOUNTERFEITING COALITION (a non-profit) sums up the problem when they state:

Counterfeiting is big business.It is estimated that counterfeiting is a $600 billion a year problem. In fact, it's a problem that has grown over 10,000 percent in the past two decades, in part fueled by CONSUMER DEMAND.

The real truth is people who purchase counterfeit merchandise risk funding nefarious activities, contributing to unemployment, creating budget deficits and compromising the future of this country in the global economy.

IACC site, here.

Part of the reason the activity has grown 10,000 percent is probably due to the explosion in e-commerce, especially on auction sites.

buySAFE seems to be doing a little more than just selling a product. In fact, they seem to be exercising some corporate responsibility by educating the public on fraud trends in the rapidly growing world of e-commerce.

Consumers can become a member of their Smart Buyer's Club, which leads you to a lot of good deals (safe to buy), here. Club members accumulate points, which can be redeemed for goods, or services (listed on the site).

Anyone claiming to be a buySAFE merchant can be verified, which can be done on the site, also.

Friday, April 06, 2007

Former IRS employee charged with a different type of refund fraud

With the deadline to file our taxes almost upon us, the term refund fraud, normally is associated with filing a fraudulent tax refund. A former IRS employee, Robert Dooley has been charged a different type of refund fraud (retail). The stated losses in this case were $330,000.

Dooley allegedly stole merchandise and refunded it in nine states (he gets around), using his IRS identification to intimidate (my best guess) Home Depot employees.

Many retailers allow returns without a receipt if identification is presented. The practice of maintaining this information in data bases, which might be hacked has been a concern with privacy advocates, recently.

I examined this issue in a recent post on what some retailers are doing to protect themselves without data mining information (SIRAS technology), here.

Refund fraud is estimated to cost retailers $16 billion a year based on a study conducted by Dr. Richard Hollinger at the University of Florida.

In many instances, Dooley received gift cards, which retail crooks often turn into cash, using a variety of methods.

Reuters story on this matter, here.

Their article suggests that Dooley would pick up the merchandise and head directly to the return counter. This is a common way retail criminals perform a fraudulent refund.

This isn't the first time in recent history a civil service type was involved in this activity. A little over a year ago, I did a post on a former Bush advisor doing fraudulent refunds:

Former Bush Advisor Arrested on Shoplifting Allegations

And civil servants aren't the only public figures that have been caught shoplifting.

(Winona Ryder photo courtesy of Wikipedia)

Retailers and the FBI band together to fight organized crime

Communication is probably the most effective tool in fighting financial crimes, especially those of the organized sort. Financial crooks (scam artists) thrive on a lack of communication and knowledge.

The retail industry realizes this and in partnership with the FBI is launching a secure tool that businesses and law enforcement can use to communicate criminal activity with each other. A simple, but powerful principle.

Here is the information on this new tool from the NRF site:
In response to an alarming rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, in collaboration with the Federal Bureau of Investigation, have teamed up to launch the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share information through its unique web-based design. With LERPnet, retailers and law enforcement will be able to fight back against illegal activity including organized retail crime, burglaries, robberies, counterfeiting, and online auction fraud. The database will launch on April 9, 2007.

Full NRF press release, here.

More information on this tool can be seen by linking, here.

The Washington Post also did a good story covering this.

A lot of other industries and law enforcement agencies should follow this example. Developing better tools to communicate could help resolve the current epidemic, currently being seen in all types of financial crimes.

There is some evidence that the bad guys communicate with each other, regularly (carder forums). The good guys should do no less!

To close, Joe LaRocca, NRF vice president of loss prevention is saying:

“With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you.”

Wednesday, April 04, 2007

Google name used in Internet deployed Lottery Scam

If it's too good to be true, it probably isn't (especially on the Internet). A spam e-mail, I received today informed me that I've won Google's lottery and 500,000 euros.

Trusted names are used to provide a false sense of legitimacy. Since I myself am a Google fan (user), I decided to comment on this one.

When the (eventually unfortunate) winner answers one of these, they are asked to send (wire transfer is preferred) money to cover taxes and tariffs to get their prize released.

Frequently, the scammer will send a counterfeit check (normally official, or cashier type) for their intended victim (winner) to cash. Eventually, the counterfeit check is discovered and the lottery winner is left hold the bag. Besides, financial consequences, (if I am to believe people reading this blog), cashing these items can cause someone to get arrested, also.

Unfortunately, the crooks behind these scams are normally safe in another country and rarely (if ever) get caught.

For a more detailed explanation on how these scams work (the lottery variety is one mutation of them), I did a post:

Counterfeit Cashier's Checks Fuel Internet Crime

A lot of the spam deploying these scams is facilitated using botnets (groups of zombie computers) that were taken over after another unfortunate Internet user opened an attachment in a spam e-mail, they probably shouldn't have.

Here is a post, I did at the beginning of the year describing this problem (getting worse all the time):

2006 was the Year of Internet Crime - 2007 is predicted to be even worse

Here is the e-mail I received (complete with all the bad grammar and spelling mistakes). Bad grammar and spelling mistakes are common in these e-mail lures.

Another clue is always the instruction not to tell anyone they are a winner.
Subject:ISP Nomination/Email Award.
Date:Wed, 4 Apr 2007 17:53:07 +0200 (CEST)

Congratulations to you as we bring to your notice, the results of the First Category draws of E-MAIL LOTTERY organised by GOOGLE INT. We are happy to inform you that you have emerged a winner under the First Category, which is part of our promotional draws. The draws were held on 30th of March 2007 and results are being officially announced today 4th of April 2007. Participants were selected through a computer ballot system drawn from 5,500,000 email addresses of individuals and companies from Africa, America, Asia, Australia, Europe, Middle East, and Oceania as part of our International Promotions Program. Your e-mail address, attached to ticket number 675432890044/376, with serial number 2200-33 drew the lucky numbers 1-0-11-44-03-22 and consequently won in the First Category. You have therefore been awarded a lump sum pay out of One million (1,000,000.00) euros, which is the winning payout for Category A winners. This is from the total prize money from 1,500,000 euros shared among the 2 winners in this category. Your fund is now deposited with the paying Bank. In your best interest to avoid mix up of numbers and names of any kind, we request that you keep the entire details of your award strictly from public notice until the process of transferring your claims has been completed, and your funds remitted to your account. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants / non participants of this program. Please contact your claims agent immediately for due processing and remittance of your prize money to a designated account of your choice:To file for your claim, please contact the CLAIMS agent.

Mr.Windy Smith.Cable Trust AgencyEmail:
addresses and telephone numbers removed)
Academias53,11269 Athens

You are advised to contact the agents by Email address.

NOTE: For easy reference and identification, find below your reference and Batch numbers.

Remember to quote these numbers in every one of your
correspondence with your claims agent.
NO: 33/904/G3K. Congratulations once again from all our staff and thank you for
being part of our promotions program.

Sincerely Yours,

Nelson Beilean.


Is tax fraud being enabled by too many dishonest preparers?

In February, I wrote about fraudulent tax returns being filed using forged W-2s.

Another story recently surfaced from the SF Bay area, where Jackson Hewitt preparers were complaining this seasonal type of fraud is getting out of control.

Kate Williamson (Examiner) wrote:

If successful, the fraud allows tax cheats to receive thousands of dollars, either from the federal government or from companies making tax refund anticipation loans. It is sometimes coupled with identity theft, which can create problems for law-abiding citizens when they go to file their own taxes.
Kate Williamson article, here.

Interestingly enough, Jackson Hewitt preparers were quoted for this story and in another story - a lot of Jackson Hewitt franchises are being taken to task by the Justice Department for (allegedly) committing tax fraud, themselves.

The AP (courtesy of CNN) is reporting:

The franchises were either totally or partially owned by Farrukh Sohail, the Justice Department said, and involved "a pervasive and massive series of tax-fraud schemes," according to court filings.

Sohail and other defendants "created, directed, fostered, and maintained a business environment" at the Jackson Hewitt franchises "in which fraudulent tax return preparation is encouraged and flourishes," according to court documents.

Employees were encouraged to ignore telltale signs of fraudulent information and to file claims even when it was obvious customers were using fake W-2 forms or false

A sample of returns prepared by franchises connected to Sohail found 31 percent contained false information such as phony earned income tax credit claims, bogus deductions and fraudulent W-2 forms.
AP story, here.

Dishonest tax preparers and people using forged W-2 forms is nothing new. In the past couple of years, there were even stories about this being done by prisoners. W-2 blanks are easily purchased at office supply stores, or over the Internet.

This phenomenon is probably being enabled by large payouts for what is known as the earned income tax credit and a huge business in refund anticipation loans. Refund anticipation loans often carry a triple digit interest rate, when considering the term (normally less than a month).

The AP article states that the dishonest franchises cost the government $70 million and this represents about 2 percent of Jackson Hewitt's business.

Some believe, the huge business in refund anticipation loans, has been inspired by the large dollar refunds lower income people get based on the earned income tax credit.

Currently, our tax gap (yearly difference between what is taken in and paid out) is 354 billion, according to the AP article.

Maybe, we need a better way to verify that W-2s are legitimate?

We can all help the IRS if we suspect tax fraud by reporting it, here.

Someone is going to say, we spend too much time going after the poor (people filing for earned income tax credits). Before they do, I would like to point out that in the instance cited, the Justice Department seems to be going after an "enabler" (Jackson Hewitt).

With our resources coming up $354 billion short every year, we can't afford to keep looking the other way on issues, such as these. The result will be more taxes to pay for needed government services.

Another problem is that a lot of the criminals doing this are using other people's information (identity theft). A lot of people are filing their taxes - only to discover someone else has already gotten a refund using their name.

From what I hear, this can be pretty hard and (painful) to clean up, once it occurs.

Of course, this isn't the only type of tax fraud being committed. A great place to learn all about the various schemes is, which can be read by linking, here.

Tuesday, April 03, 2007

Will law suits stop Spam Kings?

Spam is a vehicle for a lot of deceptive (false) advertising and financial crimes when phishing schemes are deployed using them.

Here is an announcement that MySpace is going after a Sanford Wallace (described as a spam king) with a civil action.

From the Business wire release:
MySpace announced today that it filed suit against Sanford Wallace for violations of state and federal laws including the CAN-SPAM Act and California's anti-spam and anti-phishing statutes. The suit, filed in United States District Court in Los Angeles on Friday, seeks a permanent injunction barring Wallace and his affiliated companies from the MySpace site in addition to unspecified monetary damages.

Full release, with other MySpace actions (commendable), here.

With each release of their statistics, the Anti Phishing Working Group seems to report that phishing and spam are breaking new records.

It would be nice to see governments (which manage law enforcement resources) take some of these cases for investigation and (if warranted) file criminal charges, also.

I'm not sure if forcing spam kings to pay fines is a very effective deterrent. They are liable to view it as a "cost of doing business." Perhaps if a few of them lost their freedom, the statistics (growing all the time) might start to go down.

Statistics are numbers, but they relate to real people being victimized by this activity.