Saturday, May 19, 2007

Secret shopping jobs are liable to cost you a lot of money!

The Secret (Mystery) Shopper scam is running full steam and victimizing people, daily. The last time, I addressed this problem was in a post, where I noticed I was getting a lot of hits from Google on this subject. Recently, a lot of people have been reading my previous posts about this scam.

Here is a basic description of the scam from my last post:


In the Secret Shopper scam, people are solicited to become "Secret Shoppers" sometimes known as "Mystery Shoppers," and go into (normally) Walmart to negotiate a bogus check. Walmart recently got into the business of cashing checks. They are then asked to wire the money using WalMart’s Money Gram services to Canada and report on the "customer service" aspects of their visits.

Once the money is wired and picked up (sometimes within minutes), there is very little that can be done to get your money back.

The letters soliciting victims (mystery shoppers) often are set up with fake telephone numbers that have fraudsters answering them.

The cardinal rule in Internet dealings is to independently verify any numbers provided, no matter how real they seem.

Please note that 800 type numbers are used, also. Sometimes the numbers are set up in the United States, but the shopper is normally instructed to wire the money to somewhere outside the country.

In several of the newer letters, which all contained high dollar counterfeit checks, the shopper is being instructed to cash the item, go and buy a nominal (low dollar) amount of merchandise, then (of course) wire most of the money back to the so-called service.

So far as what bank’s checks are being counterfeited, this seems to change daily.

Sometimes going to your own bank to verify an item isn't a good idea, either. Banks often give a customer credit for these items, and then hold their customer responsible when the item returns. Also, it's not unknown for people to get arrested when attempting to cash these items.

Numerous businesses are listed as places to shop on the recent letters I saw, but they all have one thing in common, which is they offer Money Gram or Western Union wire transfer services.

The most recent versions of the letter state to keep the nominal amount of merchandise they instruct you to purchase.

If you get one of these letters and checks, never cash it, or wire the money before making 100 percent sure the item is good. Of course, I’ve never seen one that did turn out to be good. Who would send a legitimate check worth thousands of dollars to someone they don’t know? Scams never make sense and prey on people looking to make a quick buck.

A good place to search for counterfeit cashier’s or official checks is the FDIC alerts on them, here.

If there is no alert, independently find the banking institution’s number and ask to speak with someone in their security department. Counterfeit checks often use legitimate account numbers and customer service people sometimes verify fraudulent items as legitimate.

This type of scam can be reported the Federal Trade Commission (U.S.) and to Phonebusters in Canada, although it is rare that any action will be taken to investigate an individual case.

I’m not saying not to report them, but the truth is that there is so much of this going on, no one has the resources to go after individual cases. The value in reporting them lies in providing intelligence to law enforcement, which does sometimes build cases, and goes after the culprits.

The best protection for the individual is to recognize these offers for what they are, or too good to be true.

All my previous posts mentioning this scam can be seen, here.

Thursday, May 17, 2007

Equifax hires ID Thief

These days, identity theft is being used for more than to commit financial crimes. A woman in Georgia (Tonia Leach) discovered her identity was stolen after an inquiry showed up on her credit report from a temp agency and Equifax. The still not identified impostor used the woman’s identity to obtain employment at Equifax.

When I say the impostor used the identity for more than committing financial crimes, I didn’t mean the victim wasn’t left with a lot of financial liability, as a result of this occurence.

WSBTV.com (Georgia) reports:

The woman also opened credit cards in Leach’s name. Leach even got a bill from the IRS. Leach said her life has been turned upside-down.

When the creditors call, they call me at 6, 7, 8, 9, every hour of every day. They will call you because they want their money. It was horrible, said Leach.

Equifax, one of the big three credit reporting agencies made the following statement:

We can confirm that an individual posing as Ms. Leach was employed with Equifax for less than a year, beginning in early 2006. There were no indications with the identification information that she provided or through the work history or the credit report that this was a stolen identification.

Equifax also claims, the impostor didn’t have access to sensitive information, but the article doesn’t say exactly what she did, or if there was any sensitive information accessible where she worked?

After all, this person seems very adept at stealing information and it’s possible, she could have found ways to steal it, using other people’s access. Access codes and passwords are frequently compromised by dishonest employees, who intend to steal, or commit other misdeeds.

If you are interested in how easy it is to get all the documents necessary to pose as someone else, I did a post about Suad Leija, who has shared a lot of information on this subject:

Paper weapons (counterfeit documents) enable more serious crimes than illegal immigration and identity theft

With the amount of stolen identities, backed up by easily available counterfeit documents, we can expect to see more people obtaining employment using someone else's information.

Most identity theft experts recommend you check your credit report at least once a year. It's a good idea to pay attention to what inquiries have been made and be wary if you don't recognize, who has been making inquiries into your credit.

Tom Fragala at MyTruston, who is a fellow blogger, provides an easy to use method to check to see if you are a victim of identity theft. Checking to see if you are a victim is always free and you only pay if you choose to use his recovery services. The recovery services are cheaper than anything I've seen out there, thus far.

MyTruston is also "privacy friendly," which means you don't have to give up your personal information to be stored in someone else's database. Identities are stolen from databases, pretty frequently.

You can link to MyTruston, here.

WSBTV.com story, here.

Wednesday, May 16, 2007

Fake e-commerce sites steal personal and financial details

Not all the financial information being stolen comes from data breaches at large corporations. Quite often, it is inadvertantly given away by the victim, when they are tricked into doing so.

If you see a website selling goods for prices that are too good to be true, it might be a ploy to steal your payment card details, or they are probably selling counterfeit merchandise.

Dinah Greek, of Computeract!ve did a great piece of investigative journalisim, exposing one of these sites.


Police are investigating what could turn out to be a massive scam, which has drained thousands of pounds from people's bank and credit card accounts.

Computeractive and fraud specialist Early Warning have discovered that debit and credit cards used to pay for goods such as iPods and Nintendo Wii consoles from www.instant-av.co.uk have been used fraudulently elsewhere.


Once an unwary person had given up their payment (credit/debit) card details, they often received another call stating that the original card didn’t work and were asked for another card.

This, of course, resulted in both cards being compromised.

The authorities in the United Kingdom are investigating (based on Dinah’s information), but when a fake site is posted on the Internet, the victims might be anywhere in the world!

This site didn’t have a secure sockets layer (SSL) certificate, which encrypts the transaction; however just because a site has a SSL icon doesn’t mean it’s secure.

Internet criminals sometimes fake these certificates, as discussed on Bruce Schneier’s blog, here.

Another way to spot questionable sites is to use TrustWatch, which tells you if a site has been verified as legitimate, using a color coding system. Of course, nothing is certain on the Internet and legitimate sites are sometimes hacked and taken over. Nonetheless, it's a pretty good tool that I use myself.

Dinah Greek's story, here.

Tuesday, May 15, 2007

Eurasian organized crime loots public coffers

Well placed government sources claim that the government loses $300 billion a year in healthcare fraud - with about half of this figure being stolen from immigrant gangs - many of whom hail from the former Soviet Union.

Troy Anderson of the LA Daily News reports on one small part of the overall problem:

Lana Michael and her husband collected welfare benefits in 2003, claiming they earned less than $24,000.

But authorities say Michael, the former office manager of a job-training center for immigrant welfare recipients, also owned a liquor store and recycling business.

And, authorities say, she drove a $76,000 luxury car, shopped at Neiman Marcus and Saks Fifth Avenue and had $147,980 stashed in her bedroom dresser.

Lana Michael is also known as Svetlana Djangarian was part of an elaborate scheme, where welfare to work checks were issued from the inside and cashed using fake ID. Fraudulent tax returns were also filed.

Daily news story, here.

No wonder programs designed to help the less fortunate are in trouble!