Saturday, September 08, 2007

SIRAS PI - tracking theft to the source


Graphic demonstration of anti-theft technology courtesy of SIRAS.com.

Criminals, who steal goods, whether with bogus financial instruments, or by more physical means might be in for a little surprise if the merchandise is protected by SIRAS PI.

Last week, SIRAS made this announcement in a press release:

SIRAS.com, the pioneer in Point-Of-Sale Electronic Product Registration used by leading manufacturers and retailers, has announced the nationwide launch of SIRAS P.I., a groundbreaking initiative to aid law enforcement officials in determining whether products they recover are, in fact, stolen, and if so, from where. Piloted by the Mesa, Arizona Police Department, SIRAS’s P.I. (Product Information) Database has already proven to be effective in helping law enforcement officials identify stolen items, report suspicious items, and apprehend and convict thieves. The database will be available, free of charge, to police and law enforcement agencies nationwide.

The way SIRAS works is simple, but effective. It tracks a product by recording the UPC (Universal Product Code) and the product serial number. SIRAS has the capability to determine where merchandise was stolen, whether from a merchant, manufacturer, or individual.

Earlier this year, SIRAS did some testing that revealed a substantial reduction in TV and MP3 player losses on products, where their technology was being used.

If deployed properly at the merchant level -- it could also determine how an item was purchased, and whether or not -- the method of payment used was legitimate. In theory, a merchant could also use the technology to impact credit card chargeback and fraud check losses.

I say "deployed properly" and "in theory" because the information to accomplish this (sales data) belongs to the company using SIRAS technology. Because of this, the capability to track sales information would have to be implemented inside the company. At most larger companies, this information is already tracked and analyzed to prevent and detect dishonest activity.

For years, most high-theft (shrink) merchandise has been secured so a thief can't merely pick it up from a shelf. When high-theft merchandise that was secured is stolen, it's normally because of one of two reasons. It was purchased with a bogus financial instrument, or an insider was involved in the theft.

Other reasons for secured merchandise being stolen might be a theft, directly from the manufacturer, or a theft during the shipping (transport) process. In these instances, if the merchandise was registered at the manufacturer, SIRAS can identify the point of compromise, also.

Technology has made it a lot easier for criminals to obtain and use fraudulent forms of payment. Information being compromised (data breaches) and anonymous places to communicate like Internet chat rooms, have given a lot of common criminals access to bogus financial instruments.

Along with the increased availability of fraudulent forms of payment, obtaining counterfeit identification documents has become fairly easy, and the identity used on them normally belongs to someone else. This has made it easy for a lot of retail criminals to operate as someone else.

Because of these new trends, current systems that record personal information to prevent fraud are becoming less effective than they use to be. I often wonder (no one probably really knows) how much of the information contained in them is incorrect.

In the recent data breach at TJX, one of the systems compromised was their refund database. Stories have circulated recently about the wrong people being pegged as frequent refunders, or bad check writers after their identities were stolen.

Neither one of these situations fosters good will, or trust with customers. Besides that, data breaches are becoming costly. The last I heard TJX has spent approximately $256 million dealing with the breach. With pending litigation, the cost is liable to keep going up.

With SIRAS, using personal information isn't necessary to determine, whether or not, a return is legitimate. SIRAS already has proven to be highly effective in reducing refund fraud without asking for one item of personal information.

An example of how some of the TJX data was used in a retail theft scenario can be seen, here.

Given that criminals that steal merchandise want to turn it into money, two methods are normally used. They either refund it somewhere, or fence it. Auction sites provide an easy and when combined with account-takeover activity (anonymous) venue for criminals to fence merchandise.

In the auction world, seller accounts are taken over all the time. This normally occurs when seller accounts are compromised by a phenomenon known as phishing. Phishing occurs when a person is tricked into giving up their access information after receiving a spam e-mail.

Compromised seller accounts are sold on the Internet the same way financial information is, and there is a trend in DIY (do-it-yourself) phishing kits being sold that enable non-technical criminals to get into the game.

eBay and PayPal are two of the most heavily phished brands. Once these accounts are compromised (taken over), they are used by criminals to fence merchandise and launder the monetary proceeds of their illicit sales.

Another growing trend related to phishing is when malware, also sometimes known as crimeware is used to steal information. The difference here is information is stolen from systems automatically (normally by keylogging software) and social engineering (trickery) is no longer necessary to get people to give up information.

Malware is often picked up by a computer system by clicking on a spam e-mail link, or by visiting a website designed to inject the software on a system. PC World recently did one of the many stories floating around about malware being sold on the Internet in the form of DIY kits.

In the story they wrote:

The global market for criminal malware now operates like a supermarket, complete with special offers and volume discounts, a security company has discovered.

Here again, this capability enables not very technically inclined criminals to get into the game. This has become a growing problem and I expect it to get worse before it gets better.

With the availability of all this personal and financial information, being sold on an economy of scale, current fraud protection systems are routinely being compromised by a lot of criminals.

There is an old saying in the investigations world, which is if you want to solve a crime, the easiest way is to follow the money.

SIRAS takes this one step further by tracking both the merchandise and can track the money ( if programmed to do so by the user). When you do this, the odds are far greater that the true culprit will be identified. They are normally associated with either the money, and or the merchandise.

Since the technology records both physical and UPC information, the database can determine exactly where the merchandise was compromised (stolen). Given that many merchants use digital video systems -- which are capable of storing video footage for a long time, it's also possible to obtain video evidence of the original transaction -- when sales information has been programmed to tie into the technology.

SIRAS has been used by select manufacturers and merchants for several years now -- however a new initiative, SIRAS PI, which was tested with Mesa PD -- makes the database available to law enforcement agencies free of charge.

Law enforcement can access the database either via the Internet, or by telephone. They can also add items to the database when they are reported stolen. If someone later tries to refund the merchandise at a participating retailer, the transaction can be automatically flagged.

Although a lot of fencing now occurs on the Internet, the technology is equally as effective in investigating more traditional property crimes, also. The bottom line is once merchandise is discovered, it can be tracked by SIRAS, if the item has been registered.

Recently, Chris Hansen (MSNBC), did a story about iPod theft. When Apple was approached about tracking the merchandise using Apple's registration database, they decided not to cooperate with MSNBC.

Undaunted by this, MSNBC purchased a bunch of iPods and engineered the registration disc to send them the information when the iPod was registered. They then left the iPods (new in the box) unattended, let them get stolen and tracked them to the crooks once the iPod was registered.

Chris Hansen made an excellent point on how databases can track stolen merchandise -- but in this instance, brand new iPods had to be left in public places to be stolen -- then registered to make the point.

If Apple used SIRAS technology to protect their merchandise -- it would have already been traceable, even if it was stolen from an individual -- who didn't provide the thief with the registration disc. It also would eliminate privacy concerns, which might be why Apple didn't want to cooperate with the MSNBC investigation?

When registering any product, a lot of personal information is normally asked for.

In any event, most criminals of the smarter variety aren't going to provide their personal information in the registration process. Most of them shy away from doing things, which might get them caught.

It would be interesting to have MSNBC, or another investigative news source do the same story with merchandise protected by SIRAS. The story might expose more than people, who stole because of an almost "too good to be true" opportunity was provided to them.

MSNBC iJacking story, here.

This brings up another potential benefit to this technology. Expensive portable electronics and other expensive toys like mountain bikes are stolen from the people who buy them (customers) all the time. Using SIRAS technology might even be a selling point that instills customer trust in the product they are purchasing.

This technology has prevention/investigation applications for corporations, law enforcement agencies and individuals, alike. It also doesn't require using people's personal information, which isn't as effective as it used to be, and is becoming more unpopular all the time.

In my opinion, this technology has the ability to make it a lot harder to get away with stealing merchandise and converting it into money.

Of course, the more it is used, the more effective it will become. Databases have a tendency to do this, or become more useful as they contain more information.

There are a lot of anti-theft/fraud technologies that claim to prevent theft/fraud. Very few of them also claim to be able to go after and hold the criminals committing the fraud/theft personally accountable.

The last I heard, most criminals still fear getting caught!

If you would like more information on the organized trade in counterfeit identification documents, the story of Suad Leija can be seen, here.

Suad's story has been covered extensively in the media, including by Lou Dobbs. Currently, she is writing a book and I keep in touch with her occasionally.

More information about bogus financial instruments can be seen, here and here.

A chronology of data breaches is compiled by the Privacy Rights Clearinghouse, here.

The best source on phishing is the Anti-Phishing Working Group and if you are interested in learning even more about phishing and want to see some totally fake banking sites, Artists Against 419 is another good place to visit.

Last, but not least, if you are interested in learning more about SIRAS PI, you can do so by visiting their site, here.

Friday, September 07, 2007

International investigation in Nigeria regarding counterfeit checks could lead to arrests, worldwide



A joint operation by the Economic and Financial Crimes Commission, United States Postal Inspection Service and the United Kingdom Serious Organized Crimes Agency has substantiated that a lot of counterfeit checks are being shipped via mail out of Nigeria.

From This Day courtesy of AllAfrica.com:

A statement by Osita Nwajah Head, Media & Publicity of EFCC said the exercise is the first multi-national interdiction operation of outward bound packages in the country. It saw agents of the three law enforcement agencies poring through tones of outward bound packages in the pre-exporting mail processing centres of the Nigerian Postal Service (NIPOST) and private courier companies like FedEx, UPS and DHL. The operation produced startling discoveries of how criminal elements operating from the country ship fake documents and counterfeit financial instruments abroad. In several packages were found fraudulent identification and counterfeit financial instruments neatly concealed in carbon paper to evade the sensors of scanners.

In all, 15,129 counterfeit cheques related to advance fee fraud scams were intercepted. They include 6,948 blank cheques and others drawn for the sums of $145.9 million, Euro 211,077, 218.00, over two million Pounds Sterling and 120,450.00 Canadian dollars.

Thus far, according to the report, no arrests have been made. The checks used in different variations of the advance fee scam are normally mailed in quantity to distributors and then mailed to the individual victims to cash. My guess is that this effort was to gather evidence, which will enable law enforcement to tie in the counterfeit checks to criminals in several different countries.

To substantiate this guess, the article in This Day states:

Similar interdiction operations were carried out simultaneously in Spain, the Netherlands, United Kingdom, Canada and the United States. The global initiative against 419 scam will climax with an international press conference in Washington DC, to be conducted by Chief Executives of selected law enforcement agencies around the world. The EFCC is one of the agencies invited, the statement pointed out.

In an advance fee scam, social engineering ploys (trickery) are used to dupe people into cashing these bogus financial instruments and wiring the money back to the criminals behind the scheme.

When the check is discovered to be fraudulent, anywhere from right on the spot to about ten days later, the person passing the item is left holding the bag. This can translate into a loss of their freedom (getting arrested), being held financially liable, or a combination of both these consequences.

Interestingly enough, the report states that fraudulent identification documents were being shipped along with the counterfeit checks. This might lead some to speculate that not all of these items are intended to be pawned off on advance fee victims. Counterfeit checks and counterfeit identification documents are a well-known combination used by individuals, or groups committing the more intentional variety of check fraud.

Advance fee victims are duped into using their own information to cash the items.

A new trend has been noted called reverse scamming, also. This occurs when scammers have the bogus instruments sent to them, cash them and then never follow the instructions to wire the money.

If confronted, these reverse scammers will always proclaim (loudly) to be victims, however if they don't wire any money anywhere, their intent in passing the item is pretty obvious.

Hopefully, enough evidence has been gathered in this operation to prosecute fraudsters all over Europe and North America, as well as in Nigeria.

The Economic and Financial Crimes Commission's motto is "The EFCC will get you anywhere .....anytime." With a little luck, this investigation might end up proving how true this statement is!

This Day story, here.

A lot of people are led to believe that advance fee scams are all from Nigeria. Although some of them are, Nigeria isn't the only point of origin for this activity. In fact, because of all the press on Nigerian scams, I've seen a lot of these other advance fee fraudsters impersonate Nigerians to lay the blame, elsewhere.

Counterfeit money orders, gift and travelers cheques have been circulating in these scams in the recent past, also.

I've written other posts about how the EFCC goes after criminal activity, here.

Wednesday, September 05, 2007

Immigrants targeted in learn English (with Rhythm) scam

Immigrants are often targeted in scams because they are less likely to report them. Here is an example -- where the Oregon AG with some assistance from the Willamette University College of Law Clinical Law Program is going after four California corporations for scamming immigrants -- who want to learn English.

Ironically, I seem to hear a lot of criticism about immigrants, who don't want to learn English. In this instance, people trying to exactly this (learn English), were being scammed!

From the Oregon AG (Attorney General) press release:


The lawsuit alleges that from 2002 to 2005 the defendants targeted members of Oregon's Hispanic community by advertising "free" English-language instruction courses entitled "Ingles con Ritmo" (English with Rhythm) and later charged exorbitant shipping and handling fees. The defendants repeatedly demanded additional payments for products that consumers never ordered or received. Thereafter, the defendants falsely represented themselves as third-party debt collectors and lawyers and threatened legal action in an effort to extract more money from the victims. In all cases, the victims owed the defendants nothing.

I decided to Google "Ingles con Ritmo" (English with Rhythm) and found an article by Consumer Affairs, where the FTC filed a similar action in June.

From the FTC press release:


According to the FTC’s complaint, from 2003 to 2005 the defendants sold an English-language instruction course, “Ingl├ęs con Ritmo,” advertised on Spanish-language television and the defendants’ Web sites, http://www.tonorecords.com/ and http://www.tonomusic.com/, stating that it was free due to government or non-profit subsidies. Inquiring consumers were told that a shipping and handling fee of $100 to $169 applied. Since 2006, the complaint states, the defendants, posing as third-party debt collectors, told consumers they owed money, typically $900, and repeatedly called them, even though the evidence shows that they owe no money.

The defendants are charged with violating the FTC Act and the Fair Debt Collection Practices Act (FDCPA) by falsely claiming that a debt is owed; by falsely claiming to be, or to represent, an attorney; and by falsely threatening legal action, arrest, imprisonment, property seizure, or garnishment of wages. Other FDCPA violations alleged are attempting to collect an amount of debt not authorized by contract or permitted by law; harassing consumers; and failing to inform consumers, within five days of their initial communication with them, of their right to dispute and obtain verification of their debt and the name of the original creditor.

The corporations and individuals listed in the suit are:

Tono Records, dba Tono Music and Professional Legal Services, Tono Publishing, Promo Music, Millennium Three Corp., Dulce Ugalde, Luis Roberto Ruiz, and Maria Oceguera, all based in Los Angeles County, California.

As of this writing, both the sites linked to in the FTC press release are no longer active.

Although, I'm glad to see a civil action undertaken in this instance, I have to wonder why criminal charges aren't being filed. Some of the collection practices allegedly being used, might be defined as "extortion," which is a criminal offense.

Consumer Action, a non profit organization that has been around since 1971 has a page on their site detailing the most common scams, where immigrants are targeted.

They list the most common scams against immigrants, which were put together by the FTC in 2006:

  • Predatory lending practices. Lower income levels and other factors can make obtaining access to credit difficult. Moreover, Hispanics unfairly may be charged higher interest rates.


  • Immigration fraud. Perpetrated by so-called “immigration consultants,” such schemes tend to increase when immigration legislation (for example, for an “amnesty”) is being proposed or considered. The “consultants” take advantage of general awareness of possible new programs and their victims’ lack of sophistication about the legislative process.


  • Used cars. Some sellers fail to comply with applicable state and federal laws, such as the FTC’s Used Car Rule (if a transaction is conducted in Spanish, the mandated “Buyers Guide,” disclosing whether the vehicle comes with a warranty or “as is,” must be provided in Spanish) or California’s law that if negotiations are conducted in Spanish, the written contract also must be in Spanish.


  • Health insurance fraud. Because minimum wage earners often do not obtain health insurance from their employers, they are attracted to offers for low-cost health insurance, which may not provide the advertised benefits, if any.


  • Buying clubs (offering discounts on products and services). For Hispanics who seek discounts and best prices, offers for buying clubs are extremely attractive. Panelists at an FTC Hispanic/Latino Outreach Forum described a Hispanic cultural affinity for “free” or discounted goods and services, and an economic need for them driven by lower income levels as a group. Buying clubs often are offered for free for thirty days, requiring the consumer to cancel before the end of thirty days to avoid being charged for the club.


  • Work-at-home schemes. The panelists considered this a growing problem area that particularly takes advantage of undocumented immigrants seeking an income without having a traditional employer. Tackling this fraud also poses challenges because these schemes are advertised not just in classified ads and other media, but often by signs tacked onto telephone poles.


  • Notario fraud. In most Latin American countries, the term “notario” implies that the person described is a licensed attorney. Panelists reported a common scam involving individuals who represent themselves as “notario” and offer help with the immigration process; in fact, these individuals are not attorneys.


  • Remittances. The panelists noted that many Hispanics wire money to relatives in their home countries and that there are many problems with undisclosed fees or fees that vary from what was disclosed.


  • Prepaid phone cards. Panelists agreed that problems with undisclosed fees are commonplace with these cards.


  • Employment agency fraud. This fraud preys upon undocumented immigrants looking for work and tends to increase when the economy is in a downturn.


  • Panelists observed that purported cures for many ailments appear in numerous Spanish newspapers and other Spanish-language media.

Oregon AG press release, here

FTC press release, here.

The FTC now has information in Spanish on their site, here.

Monday, September 03, 2007

Educate yourself about scholarship scams before you go to school

With the high cost of an education these days, dishonest people are using the lure of a scholarship to cheat students and their parents of their hard earned money.

The FTC has a informative page on this trend:

According to the Federal Trade Commission, unscrupulous companies guarantee or promise scholarships, grants or fantastic financial aid packages. Many use high pressure sales pitches at seminars where you're required to pay immediately or risk losing out on the "opportunity."

Some unscrupulous companies guarantee that they can get scholarships on behalf of students or award them "scholarships" in exchange for an advance fee. Most offer a "money back guarantee"- but attach conditions that make it impossible to get the refund. Others provide nothing for the student's advance fee - not even a list of potential sources; still others tell students they've been selected as "finalists" for awards that require an up-front fee. Sometimes, these companies ask for a student's checking account to "confirm eligibility," then debit the account without the student's consent. Other companies quote only a relatively small "monthly" or "weekly" fee and then ask for authorization to debit your checking account - for an undetermined length of time.

More information on this from the FTC, here.

Also contained in the above link is information, where you can report suspected fraudulent activity to the FTC.

Advance fee schemes are nothing new in the world of fraud. If someone promises you something that's too good to be true and doesn't make sense, the best thing to do is ignore their offer and then report them.

The NACAC (National Association for College Admission Counseling) has put together a nice set of links regarding this subject, also.

Sunday, September 02, 2007

Blogger fights back against the storm worm

Since Blogger has been kind enough to host this blog for about two years now, I thought I should do a post about the recent reports concerning malware and Blogger.

Blogger itself, wasn't compromised, but a lot of bloggers individual blogs were. Most people are compromised by malware after clicking on a link they shouldn't have.

This was posted on Blogger Buzz:

You may have seen stories in the news recently about malware on Blogger, such has this one from the BBC or this one from Committee to Protect Bloggers. Blogger was not compromised. Instead, the blog posts are from bloggers whose machines were compromised by a Trojan horse.

These bloggers had their mail2blogger email addresses in their computers' address books (a perfectly legitimate use case), so when the malicious software spammed every address in their address book with its content, a copy of that email was posted to their blog.

We are in the process of notifying impacted bloggers and recommending that they scan their computers and run current anti-virus software, available in the GooglePack. This is also good advice for all computer users, especially those who may have clicked the links in the emails sent by the virus. For more information about computer security, check out upenn.edu and us-cert.gov.

The BBC article mentions that Alex Eckelberry, who blogs at the Sunbelt blog was the first to discover the problem on Blogger. Please note, Alex himself is a Blogger user and the CEO of Sunbelt Software, a computer security company.

Alex has even been kind enough to help me, when I ran into a problem, or two doing this blog.

Alex has a pretty visual post (lot's of screenshots), which show exactly how the worm would be encountered in the wild.

Of interest, Alex also discovered that Blogger wasn't the only place, where people are being lured into downloading the storm worm.

From what I understand the intent of the storm worm is to turn a computer into a zombie, which becomes part of a botnet. Botnets are networks of zombie computers.

Botnets are used to send out spam e-mail and sometimes attack other systems in what are known as DOS (denial of service) attacks. They are also used to commit click fraud.

Of note, most Internet fraud can be traced to a spam e-mail.

Besides running a scan with good anti-virus software (to see if you've been compromised) -- the best defense is to learn how to spot the lures that are designed to trick people into clicking on them. In most instances, this will stop the problem before it happens!

When sweepstakes scammers target the elderly should it be considered elder abuse?


Photo courtesy of speedwaystar at Flickr

Lottery and sweepstakes scams are on the rise and there seems to be little help for the victims, who fall for them. There also seems to be not very many consequences for the criminals, who are stealing people blind.

Paul Wenske of the Kansas City Star did a telling story in the Kansas City Star, which focuses on how senior citizens in the Midwest are being targeted and losing their entire life savings in the process.

From the Star article:

Canadian telemarketers spent two years bilking Walter Blevins of Arkansas City, Kan., out of $300,000 — his life savings.

The scammers initially told the 78-year-old former aircraft worker he’d won $2.2 million in a lottery. He just needed to wire cash to cover the taxes and other fees on his windfall.

The article also states that no one seems to be able to help these people once they've sent the money, but these crimes are now being classified as "cross border fraud."

The Missouri AG has tried to step in, but is limited in his jurisdictional powers to sending cease and desist letters to the scammers up North:

Seniors who make the mistake of responding to one mailing or phone call often end up on lists that are sold and resold, resulting in a flood of junk mail.

Late last year, Missouri Attorney General Jay Nixon launched “Senior Sting,” an ongoing operation in which 300 seniors were asked to save such solicitations. They collected 8,000 pieces of mail in the first month.

Don Burnett, of Louisiana, Mo., said at one time he was receiving eight mailings a day from foreign lotteries, sweepstakes and check schemes.
Interestingly enough, a lot of these solicitations are coming in junk mail and telemarketing calls and not from spam e-mails.

The article speculates that the fraudsters doing this are compiling telemarketing lists. While this is probably true, an information broker (InfoUSA) was recently accused of selling market segment targeted lists to some of these scammers.

Given the fact, most of these enterprises pose as legitimate businesses, I wonder how hard it is for them to simply purchase these lists?

The article also cites information from the Federal Trade Commission and the National Consumer League's Fraud Center.

The NCL site has an entire section on Elder Fraud, which can be reached by clicking, here.

Not to be outdone, the FTC also covers this subject in great detail on their site, here.

What's interesting to me is that I see elder abuse becoming a hot issue. The National Center for Elder Abuse is an organization that lobbies for stricter laws when senior citizens are abused.

While most of these telemarketing scams are considered fraud -- which many think of as a low priority crime, perhaps if when it involves senior citizens, we think of it as elder abuse -- the authorities on both sides of the border might begin to get more aggressive in prosecuting the criminals behind these schemes.

In my opinion -- stealing a senior citizen's entire life savings is nothing less and the criminals doing this deserve to be considered as what they truly are -- one of the lowest forms of life on the Planet!

Kansas City Star article, here.