Saturday, June 16, 2007

Will counterfeit Visa Traveler Cheques be the latest bogus financial instrument spread in Internet Scams?

(Photo courtesy of Flickr)

Counterfeit Visa Travelers Cheques -- so far seen in $500.00 denominations -- are starting to appear in different parts of the United States.

In the past few years, counterfeit U.S. Postal Money Orders, MoneyGram Money Orders, and American Express Gift Cheques have all been circulated by Internet fraud activity.

If history repeats itself, we will see counterfeit Visa Travelers Cheques show up outside the United States, also.

These instruments have been passed in a lot of work-at-home (job) scams. They are also passed in secret shopper, romance, lottery and auction scams.

These advance fee (419) type scams all have a common theme. A lure (scam) -- which plays on greed is offered to entice someone into cashing these items -- and wiring the money back to the fraudster behind the scheme.

The lure (scam) is always too good to be true and makes no sense.

Since it is against the law to pass a counterfeit financial instrument, people are sometimes arrested when they present these items. Even if they aren't arrested, they are held liable, when the fraud is discovered.

Unfortunately, banks often give credit to their customers on these items. Tellers have even told their customers the items are legitimate, which doesn't make any difference (for the customer) when they return. Of course, the bank isn't liable for any of this.

These items are also being presented to merchants. Retail criminals use them to purchase items, get the balance in cash, then refund the merchandise. Of course, if they are unable to refund the items, they will probably try to get gift cards or fence the merchandise. There is a lot of stolen merchandise being fenced (pretty easily) on Internet auction sites.

Intelligence indicates these many of these items are being printed overseas, then distributed in bulk, worldwide. Once received in bulk, they are broken down and distributed to the criminals, who then use them in the manners listed above.

Visa recommends that you do the following to verify if one of the Travelers Cheques are real:

Can you see a watermark in the cheque?

Can you see the holographic thread embedded in the cheque?

Is the customer present?

Have the cheques been countersigned in your presence?

Does the original signature match the countersignature?

Has valid identification been presented and the details recorded along with the customer name on the back of the cheques?


If you are suspicious, you can call them at 1-800-227-6811 to verify an item. This can also be done on-line, here.Visa also has a good interactive tool to identify the security features of the Visa Travelers Cheque, here.

Here are some of my previous posts on counterfeit instruments circulating via the Internet:

Counterfeit MoneyGram Money Orders being passed via Internet Scams

Counterfeit Cashier's Checks Fuel Internet Crime

American Express Gift Cheques Being Circulated in Internet Scams

Counterfeit Postal Money Orders Showing Up in IScams Again

Ohio data breach reveals how "not very secure" personal information is

I discovered a long time ago, it would be pretty hard to keep up with all the data-breaches. After all, they seem to happen with alarming frequency.

The most recent blunder, enabled by a State of Ohio security procedure, illustrates how not very secure a lot of personal information is.

Stephen Majors of the AP (courtesy of Forbes) is reporting:

A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees, a security procedure that ended up backfiring.

The names and Social Security numbers of all 64,000 Ohio state employees were stolen last weekend from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said Friday.

Interesting, a security procedure that backfired?

The AP story gives more details on this:

Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said
I guess this means that rotating employees have the ability to take this "storage device" home -- and if any of them happened to be dishonest -- it wouldn't be very hard to make a copy. Information is bought and sold by data-brokers, and criminals, alike. The reason for this is because it makes them a lot of money.

Of course, the official spin artists, aren't stating exactly what the device is. The Police report states that it's worth about $15, which isn't very expensive, and therefore probaby isn't very secure (my guess).

Governor Strickland was quoted in the article as saying:

"I don't mean to alarm people unnecessarily." "There's no reason to believe a breach of information has occurred."
Sadly enough, this might make sense -- when information is protected like this, it probably could have been copied long ago -- and no one would know any better. It wouldn't be necessary to go through all the trouble of breaking into a car to steal it.

With security like this, the information could have been compromised a long time ago.

Governor Strickland's site, which offers the "official spin" and free identity theft protection for the most recently "compromised," can be seen, here.

AP Story, here.

The Privacy Rights Clearinghouse and Attrition.org do have people, who have the time to keep up on all the data-breaches, in case anyone wants to take a detailed look at the problem.

This information is worth money, here is a post about how it is being sold right on the Internet:

Information Week exposes the Internet Underworld

Insider theft is nothing new, and should be a concern when protecting information. As long as information is worth a lot of money, insiders will probably be solicited for it. Here is a post, I wrote about this matter:

Why it's become TOO easy for restaurant workers to skim payment cards

Thursday, June 14, 2007

Counterfeit (knockoff) Colgate Toothpaste from South Africa is Toxic

When the FDA first reported toxic substances in off-brand toothpaste coming from China, it was bad enough. Now counterfeit Colgate toothpaste with the same toxic substance (DEG) is being imported from South Africa.

Some of this counterfeit Colgate toxic toothpaste has been found in "dollar type" stores in the United States.

Reuters is reporting:

Colgate-Palmolive Co. on Thursday said counterfeit "Colgate" toothpaste that maycontain a toxic chemical had been found in discount stores in four U.S. states.

"There are indications that this product does not contain fluoride and may containdiethylene glycol," the company said in a statement.

Colgate-Palmolive said it does not use, nor has ever used, diethylene glycol as an ingredient in its toothpaste anywhere in the world. The chemical, known as DEG and sometimes illegally used as an inexpensive sweetener and thickening agent, is commonly found in solvents and antifreeze.

The four states, where this has been found are:

New York, New Jersey, Pennsylvania and Maryland. It can be recognized because it is labeled as being manufactured in South Africa, and the company does not import toothpaste to the United States from South Africa.
Reuters story, here.

The FDA issued a press release about this issue, here.

Counterfeit merchandise is a $600 billion a year problem. Besides, financial impact, the trade can threaten our personal safety, also!

The INTERNATIONAL ANTICOUNTERFEITING COALITION website is a great resource to learn about the issue of counterfeiting. They sum up the problem on their site when they state:

It is estimated that counterfeiting is a $600 billion a year problem. In fact, it's a problem that has grown over 10,000 percent in the past two decades, in part fueled by CONSUMER DEMAND.

The real truth is people who purchase counterfeit merchandise risk funding nefarious activities, contributing to unemployment, creating budget deficits and compromising the future of this country in the global economy.

The real truth is counterfeiters are hardened criminals, exploiting consumers, businesses both large and small, inventors and artists and children laboring in sweatshops in Third World countries.

Here is the post, I did about the Chinese toothpaste that is toxic:

The new red menace, global commerce from China

FBI roasts a few Bot-Herders, which will free up to a million Zombies

Sick and tired of all the spam filling up your inbox, despite filtering technology that doesn't seem to work very well? If you are, Operation Bot Roast is a story that might catch your interest, or if you are like me, is chicken soup for the soul.

Botnets are a primary cause for the ever increasing levels of spam. Botnets are infected computers that their masters (bot-herders) turn into zombies, spewing out spam e-mails by the millions.

These bot-herders cause a lot of us, a whole lot of grief.

The FBI press release announced yesterday:

They’re called “bot-herders:” hackers who install malicious software on computers through the Internet without the owners’ knowledge. Once the software is loaded, they can control the computer remotely. And once they’ve compromised enough computers, they have a robot network or botnet.

Some botnets are huge: tens of thousands of infected computers. Or more. As a result of Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle these bot-herders, we’ve identified about 1 million computers across the country that have been compromised.
According to the press release, several people have been arrested, including three of the big-time "masters."

Full story from the FBI, here.

Also contained are a lot of useful links on protect yourself -- and of course your computer -- and what to do if you think your computer was turned into a zombie.

Bot-herders have been reported to rent out their illicit networks to organized criminals by the hour.



What your computer must feel like after being turned into a zombie (Courtesy of Wikipedia).

Wednesday, June 13, 2007

San Diego Regional Fraud Task Force releases photos of suspected ATM skimmers

Devices to skim payment card information have become a big problem, whether they are portable devices used by dishonest employees at restaurants, PIN pads replaced at merchants, or devices mounted on ATM machines.

Many of the devices used recently -- use wireless technology -- and the card details are transmitted to fraudsters, normally sitting in a vehicle with a laptop.

The San Diego Regional Fraud Task Force is hot on the trail of two suspects, photographed using some of the cloned cards. Cloned cards are counterfeit devices made with the information skimmed from legitimate (credit/debit) payment cards.

Unfortunately, most of the equipment to do this, can be purchased, legally. Some of this equipment is even being sold over the Internet. Loose controls on the sale of this technology -- enables a lot of criminal activity, makes it harder for law enforcement to investigate -- and a lot of people are being victimized by it.


SignOnSanDiego.com reports:

Police are warning ATM users that scammers are using high-tech devices to steal their bank account information, including debit and credit cards numbers and personal identification codes.

Police have released photos taken from surveillance video of two suspects. Anyone with information about either man is asked to call the task force at (619) 744-2534 or the U.S. Secret Service at (619) 557-5640.

The pictures of the current people of interest in this case are featured above (to the left).

I did a post with some interesting pictures of an ATM skimming device, which are pretty educational, can be seen, here.

For other articles about payment card skimming, click here.

SignOnSanDiego.com story, here.

A lot of the skimming in the United States seems to be tied into Armenian organized crime. Glendale, which is a couple of hours North of San Diego, seems to be where a lot of this activity originates.

Maybe someone should post these pictures in the Glendale area?



Skimming device discovered at a gas (petrol) station in the United Kingdom (Courtesy of Flickr). The expression on the employee's face is worth a thousand words.

Tuesday, June 12, 2007

Just what Dad doesn't need for Father's Day - a Hallmark card with a Trojan hidden inside

This isn't the first time that malicious software is being sent disguised as an e-card, but when something works, scammers often use it, time and time, again.

Mary Landesman of About.com is warning all of us:

The latest greeting card scam is once again targeting Hallmark. The bogus email claims "you have recieved a Hallmark E-Card!" The first tip-off for the security conscious should be the misspelled 'recieved' - it's I before E except after C (or when sounded like A as in neighbor and weigh). One would assume the prose experts at Hallmark would know their receive from their recieve - which, of course, they would. In any event, the message doesn't even read like a real Hallmark notice, which always identifies the sender by name and gives you an alternate link URL that you can copy and paste in lieu of blindly clicking a link. Why is this important? Because a real Hallmark URL doesn't point to an IP address followed by 'postcard.exe' - which the malicious link does.

Here is information on the particular trojan being delivered in these e-cards, but this could change tomorrow, or might have already. There is a lot of malicious software out there.


And just what does this latest greeting card scam deliver? Like most others, it dishes up a variant of the Zapchast Trojan. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command the machine. And you thought forgetting your birthday was bad.

Sounds like another method of turning a computer into a zombie, which is normally used to help spread more spam. Spam is a vehicle for most Internet scams, or at the very least, questionable products.

Spam is reaching epidemic proportions, and seems to be getting past a lot of spam filters, recently. A good place to learn about, or fight spam is spam.abuse.net.

About.com story, here.

Monday, June 11, 2007

Lifelock founder (Robert Maynard Jr.) resigns, while Fred Thompson takes heat for pitching the company

Kim Zetter from Wired News announced this today:

LifeLock co-founder Robert Maynard, Jr. has resigned from his position with the identity theft protection company following a story published in the Phoenix New Times about his past, which I wrote about last week. CEO Todd Davis left me a voicemail message this morning saying, "Even though we found no merit to any of the claims made by the New Times article . . . Robert Maynard has chosen to step down from the company so we don't allow any distractions or anyone have the ability to question the integrity of LifeLock and our service offering. . . . He is now no longer an executive or officer of the company as of this time."

Although, reading further, it appears Robert will still have something to do with the company:

Davis acknowledged that Maynard, Jr., still owns 10 percent equity in LifeLock and that he is launching a marketing company. When asked if Maynard will work as a contractor for LifeLock doing the same marketing work he was until now doing as a staff member, Davis said yes.

The article also revealed that Todd Davis, LifeLock's CEO -- who post's his own social security number all over the place, to market LifeLock's services -- recently became an identity theft statistic, himself.

Interesting read from Kim Zetter, here.

Meanwhile, Fred Thompson is taking heat for pitching Lifelock. Not sure if this is really fair. A lot of news organizations and other radio personalities from Rush Limbaugh to Howard Stern (strange combination) have pitched Lifelock in the past.

Why is everybody picking on Fred, and Fred, only?

MSNBC story, here.

To read the original post, I did on Lifelock, click here.

Sunday, June 10, 2007

We all could be at risk of losing our freedom and becoming the next Julie Amero

Julie Amero, a substitute teacher previously convicted of showing porn to students, is getting a new trial.

Given the evidence brought forward after the trial, I'm pretty shocked they didn't just drop the whole matter.

Stephanie Reitz of the AP is reporting (courtesy of the Washington Post):

The computer was sent to a state laboratory after the trial, and the judge said Wednesday that those findings may contradict evidence presented by the state computer expert.

"The jury may have relied, at least in part, on that faulty information," said Judge Hillary B. Strackbein, who granted the request for a new trial.

Amero has adamantly denied clicking on pornographic Web sites that appeared on her classroom's computer screen in October 2004 while she was teaching seventh-graders at Kelly Middle School in Norwich.

Not very long after her conviction, I did a post on this quoting a lot of computer security experts, such as Alex Eckelberry from Sunbelt Software. Alex and other experts in the field contend the computer in question was old, lacked firewall protection, and that spyware and adware caused the porn infestation.

Their contentions made sense to me, or should to anyone -- who has accidentially clicked on one of these sites and gone into "pop up" hell.

Illegal porn is a big problem on the Internet - very few people get caught - and it's rumored to be controlled by organized crime. The Gambino crime family has allegedly made millions of it.

Recently, I blogged about British citizens, who were wrongfully accused of viewing child pornography after their credit cards numbers were stolen. This was part of an International case, involving people, worldwide.

Those responsible for investigating crimes involving computers, and the Internet are going to have to exercise a little more "due diligence" in their investigations. Spyware, adware and identity theft (to cite a few things) are making the waters a little more murky than they used to be.

Spyware and adware are used by a lot of businesses to market products. As a matter of fact, it sometimes amazes me, just WHO is using it; considering some of the privacy concerns associated with it.

The sad thing is that if you really think about it, a lot of us could be in danger of being accused of something we didn't do. Recently, we've seen a lot of stories about identity theft victims, who like Julie, went through a lot of pain and suffering for a crime they didn't commit.

This is the very reason, we need to take a hard look at what enables this activity, or makes it too easy to accomplish.

The other thing I'll add, as a closing note -- is that we live in a society --where OJ Simpson beat a murder rap because of reasonable doubt. It's pretty sad that with all the reasonable doubt revealed in this case, Julie Amero has to face another trial to prove her innocence.

AP story (courtesy of the Washington Post), here.

Previous post from Fraud, Phishing and Financial Misdeeds, here.

The Phishermen keep using the IRS name to hook Phish (Identity Theft Victims)

Phishing has become a huge problem. Criminals (phishermen) spoof (impersonate) a brand or organization that people trust to trick people into giving up their personal, or financial information. The information is then used to steal money.

In the more sophisticated attempts, malware (crimeware) is dropped on a system that logs keystrokes, gathering even more personal information, without the computer owner's knowledge, or consent.


The phishermen have been spoofing the IRS so frequently, the IRS set up a dedicated e-mail address to report activity. The address is phishing@irs.gov (follow the instructions).


The most recent version is a spam e-mail intended to scare a person into thinking they are being investigated. Here is what the IRS site is reporting:


The e-mail purporting to be from IRS Criminal Investigation falsely states that the person is under a criminal probe for submitting a false tax return to the California Franchise Tax Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them. The IRS warned people that the e-mail link and attachment is a Trojan Horse that can take over the person’s computer hard drive and allow someone to have remote access to the computer.


Trojan horses are often a gateway to install malware -- sometimes referred to as crimeware -- which often includes keylogging software. The bottom line is that once installed on a computer, they have the ability to steal personal and financial details, from afar, without any additional assistance from you.


All the terms out there get confusing to non-technical people, there are some now saying, we should group some of the terms together and call it "grayware?" Another term to group some of this terminology together is "badware."


Similar technology is used for advertising and marketing purposes by legitimate businesses, also. This is often referred to as spyware and adware. The one thing they all have in common is that they are often a nuisance.


The key is to NOT even open the spam e-mails enticing you to click on their links. The best practice is to delete them. These e-mails are generated by the millions, perhaps billions by now, using automated software and botnets (other people's computers that have been taken over).


Spam filters designed to stop them from getting in your inbox, seem like they are getting less effective, recently.


Botnet owners are known to rent out their networks to other criminals for this purpose.


Sadly enough, the IRS name has been being spoofed a lot lately. Here is the extent of it:


Since the establishment of the mail box last year, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by TIGTA have identified host sites in at least 27 different countries, as well as in the United States.

The phishermen often impersonate financial institutions, eBay, PayPal, or government agencies; such as the FBI and Interpol.


The latest alert from the IRS can be seen, here.