Friday, April 11, 2008

eBay/Craigslist praised by Congressman for efforts to curb sales of stolen military equipment on their sites (?)

I've written a few things about scams and fencing stolen merchandise on auction sites. Recently, the GAO discovered that items stolen from the military are for sale on eBay and Craigslist.

Even more interesting were the results of narrowly focused hearings (my opinion) on this matter in Washington, which can be seen at the bottom of this post. The reason I believe they were "narrowly focused" is because there is no shortage of fraud, phishing and financial misdeeds on auction sites.

Of course, there is also no shortage of ordinary citizens and businesses that have been taken to the cleaners on an auction site. Stolen government items are only a small part of the overall problem.

From the GAO report:

GAO found numerous defense-related items for sale to the highest bidder on eBay and Craigslist. A review of policies and procedures for these Web sites determined that there are few safeguards to prevent the sale of sensitive and stolen defense-related items using the sites. During the period of investigation, GAO undercover investigators purchased a dozen sensitive items on eBay and Craigslist to demonstrate how easy it was to obtain them. Many of these items were stolen from the U.S. military. According to the Department of Defense (DOD), it considers the sensitive items GAO purchased to be on the U.S. Munitions List, meaning that there are restrictions on their overseas sales. However, if investigators had been members of the general public, there is a risk that they could have illegally resold these items to an international broker or transferred them overseas.
Apparently, body armor, MRE (meals ready to eat), uniforms, night vision goggles, NBC (Nuclear Biological Chemical) equipment and even F-14 components were some of the items purchased on eBay and Craiglist by undercover investigators.

The obvious concern would be terrorists, or other not very friendly people getting their hands on some of this stuff.

Given the organized effort on a lot of auction sites to fence stolen merchandise via some pretty sophisticated methods, it's not surprising that the GAO found military equipment for sale on the sites. Many have speculated that these sites are used as a means of fencing the proceeds of what is known as organized retail crime. Of course, less organized criminals obviously sell their goods on auction sites, also.

Organized retail crime obtains their goods by a variety of methods from common theft to using stolen financial instruments. A lot of stolen financial instruments are used to purchase items on auction sites and e-commerce sites. Of course, they are used in more traditional store settings for the same purpose, also.

On eBay, account credentials and payment accounts (PayPal) are phished all the time, enabling an additional layer of anonymity to the schemes. In fact, over the years, many experts have stated that eBay and PayPal are the two most phished brands out there.

One thing not mentioned in the report is that people don't always get what was advertised on these sites. It isn't inconceivable that a complete fighter jet might be put up for sale, paid for and in the end a toy, or "nothing at all" is received by the buyer.

Trust me, this wouldn't be the first time something like this has happened on an auction site.

A lot of counterfeit (knock-off) merchandise is sold on the sites, advertised as the "real thing," also.

Our leaders in Congress reacted by calling Jim Buckmaster (Craigslist) and Tod Cohen (eBay) in to speak with them on the matter.

Anne Broache (CNet) writes:

By calling Craigslist CEO Jim Buckmaster and eBay government relations chief Tod Cohen to Washington for the hearing, the subcommittee seemed to be preparing to place those executives in the hot seat. But the tone of that questioning was actually quite cordial. At the end of the panel, Tierney even praised the companies for "trying very hard" to keep sensitive military goods off their sites and acknowledged the rules of the road aren't the most clear.

Based on her article, which reports that Buckmaster and Cohen were treated with "kid gloves" during the session, my prediction is that little is going to be done to regulate the sale of stolen goods on auction sites as a result of this.

Meanwhile, everyone running for office is saying they will be the one doing something about the problem of special interests in Washington.

On a closing note, I want to commend the GAO for their efforts to expose a problem. I'm just saying it's a shame that no one listened to what they were saying, very carefully.

HTML version of the GAO report, here.

PDF version, here.

FBI reports scams against senior citizens are growing


(Picture courtesy of the FBI site)

Ran into an interesting communication from the FBI on the growing problem of senior citizens being targeted by scam artists. Of even greater interest -- largely because most senior citizens now use the Internet -- a lot of them are being targeted from foreign lands with the click of a mouse.

The FBI reports:

The threat to seniors is growing…and changing. Baby boomers (born between 1946 and 1964) are now the largest segment of our population—about 78 million people. That means that the number of senior citizens is rising. Many younger boomers also have considerable computer skills, so criminals are modifying their targeting techniques—using not only traditional telephone calls and mass mailings but also online scams like phishing and e-mail spamming.
Most experts agree that senior citizens are targeted because many of them have developed solid financial resources over a lifetime of hard work.

I frequently watch spam trends -- largely because I consider spam the vehicle for most fraud, phishing and financial misdeeds on the Internet -- and I've noted a lot of anti-aging and health products of a dubious nature being pitched. To me, this confirms that the spammers and bot-herders are indeed targeting the elderly.

The current press release has a lot of great information on how to spot fraud and avoid becoming a victim.

Instead of copying them for this post, I would recommend reading the press release.

The press release also points to another excellent page on the FBI site dedicated to educating all of us about fraud against our senior citizens.

Last, but not least if someone thinks they are being targeted by a scam, it's always a good deed to report it. By doing this, it might prevent another human being from a lot of pain and suffering.

Here is the FBI recommendation on how to do this:

Who to call. If you’re a senior citizen who has been victimized by fraud, start by calling your local or state law enforcement agency.

The FBI doesn’t handle isolated individual cases: we get involved only when there are huge dollar losses or if there's evidence of an international crime ring at work. But you can report fraud online to us through our Internet Crime Complaint Center, which is run in concert with the National White Collar Crime Center, and we’ll refer it to the proper authorities.

Wednesday, April 09, 2008

Report challenges IRS that it is not doing enough to protect taxpayers from identity theft

According to a recently released report by the Inspector General for Tax Administration, the IRS is falling behind on a problem that has increased almost 600 percent in the past five years, controlling the use of stolen identities to file tax returns.

Most of the identity theft referred to in this report is when someone's personal information is stolen to maintain employment.

Here is the synopsis from the report:

The IRS has not placed sufficient emphasis on employment-related and tax fraud identity theft strategies. Specifically, its prevention strategy does not include pursuing individuals using another person’s identity, unless their cases directly relate to a substantive tax or conspiracy violation. IRS policy is that the actual crime of identity theft will only be investigated by the Criminal Investigation Division if it is committed in conjunction with other criminal offenses having a large tax effect.

Here is how the Inspector General came up with these numbers:

During Calendar Years 2005 and 2006, the Federal Trade Commission received 92,570 taxpayer complaints related to employment-related and tax fraud identity theft. Due to the lack of IRS information related to identity theft, it is not clear whether the Criminal Investigation Division evaluated or investigated any of these complaints. According to the IRS, the Criminal Investigation Division does not use the Federal Trade Commission Identity Theft Clearinghouse data, and any identity theft prosecution recommendations would have been developed from other
sources.

The report goes on to say that in past two years out of the 92,570 cases reported only about 100 were prosecuted.

Another interesting aspect of the report is that only no match cases (where a name and SSN do not match) are reported to the employer:

Employers are notified of mismatches between names and Social Security Numbers. However, if both a taxpayer’s name and Social Security Number are used by another person, employers are not notified and no further action is taken to stop the continued unlawful use of the identity.

This ties in with the no match social security number legislation that the Department of Homeland Security is trying to enact. As of right now, anyone can use someone else's or even a made up social security number and remain employed. There are few to no consequences for the identity thief, or the employer, who chooses to look the other way.

The new law would force employers to take action, but has been held up in Federal court at the behest of several civil liberties groups. Ironically, many of the cases I've read about involved a citizen of Hispanic American heritiage having their identity stolen.

In August of last year, I wrote about a financial crimes detective, Adrian Flores having his identity stolen. Before clearing his good name, Detective Flores went through a lot of pain and suffering when the IRS came after him for back taxes. He also had to deal with a slew of collection agencies coming after him for unpaid debts using his stolen identity.

Sadly enough, it appears that the groups blocking this legislation don't take the victims rights into consideration (my opinion). I'm all for protecting individual rights, but we need to consider the people getting their identities stolen, also.

Who is protecting their civil liberties?

Most Americans have nothing against hard working immigrants, but many of us have become weary with all the crime that hides itself in it's mass. There isn't going to be an easy answer to this issue, but we need to remove the factors that enable crime to camouflage itself within the problem, too easily.

Full report by the Inspector General for Tax Administration, here.

Latest press release from DHS about the impending (highly controversial) law, here.

Three law suits against Lifelock point to problems in the ID Theft protection business!

With the news that yet another class action law suit was being filed against Lifelock, it made me realize why identity theft and the subsequent loss of privacy seems to be a growing issue. As with most things in the world, money seems to come first and people take a distant second place.

After all the identity theft crisis wasn't caused by Lifelock, despite all controversy surrounding the company. And the service they provide isn't much different than what many other companies provide, either.

If I were some of these other companies, I'd be watching this litigation, closely.

The latest law suit was filed in New Jersey on March 28th and is similar to the other two, already filed.

There is even speculation about an organized hit job on Lifelock by the credit bureaus and perhaps, the people issuing credit.

Of course, the credit bureaus and the credit card companies probably didn't cause the identity theft crisis, either. They might have helped enable it by buying and selling too much information and storing it in some not very safe places, but they didn't cause it.

The true cause of the identity theft crisis is what seems to be an organized GLOBAL criminal effort to steal information. Everyone suing each other has hardly put a dent in the activity, nor is it likely to. In fact, I often wonder if the criminals aren't sitting back and laughing at everyone pointing the finger at each other, while they steal us blind?

The identity theft crisis has been the inspiration for a lot of businesses to provide a product to protect people from identity theft. Interestingly enough, most of the credit card companies and the credit bureaus are offering pay for protection products to their customers, also. This is especially ironic because information to commit identity theft is probably stolen from them all the time.

In fact, there are so many pay for protection services, it's pretty hard for the "average joe" to figure out which one is better than another, or if it's even worth signing up for.

The identity theft protection business is showing double-digit growth in not very healthy economic times. As long as it is a highly profitable venture, it is likely to attract a lot of players wanting to get in on the business of protecting people from it.

In the most recent class action, it alleges that Lifelock doesn't protect it's customers from all forms of identity theft. It also alleges that putting repetitive alerts on a credit report might hurt a person's ability to get credit. Last but not least it alleges that Todd Davis -- the CEO of Lifelock who plasters his own social security number all over the place as a marketing tool -- has himself been an identity theft victim several times.

I knew about Mr. Davis being a victim once, but the fact that he has been victimized several times was a new revelation (?). I guess that means more controversy to come?

The truth is that Lifelock is no different from a lot of services that can't protect it's customers from all forms of identity theft. Perhaps that goes back to the root cause of what enables identity theft, or the storing of too much personal information in not very secure places. Of course, since too many people are making a lot of money from all this information, some of them are resistant to make it more secure (harder to get at).

Making it harder to get at would make the mechanics of issuing credit more difficult. Of course, given the current financial crisis, I've often wondered if more due diligence and regulation might make us all a little better off?

What the law suit is probably referring to when they say there is no guaranteed protection against identity theft is synthetic identity theft. This is where different parts of other people's identities are used to forge a synthetic one. Quite often, because a lot of the information doesn't match, the credit bureaus don't pick it up. Most frequently, this is discovered at tax time, when someone gets a bill for taxes that an identity thief never paid to the government.

Most experts recommend that you watch your yearly Social Security statement carefully because of this.

Synthetic identity theft is corrupting a lot of the data bases out there, also. Anyone, who uses the services of a data broker, knows that there is a lot of incorrect information already showing up in these data bases. Most of the data brokers have prominent disclaimers about this on their main page when you look information up.

In fact, if someone wanted to see if they were a victim of synthetic identity theft some of these data bases would be a good place to start.

Another reason there is no way to guarantee protection is that not all identity theft shows up on credit bureaus. Some examples of this are in cases of medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and last, but not least, when it is used to commit crimes of other than a financial nature.

The International criminal element is very creative at figuring out where the loopholes are. In fact, some say they are sharing information and operating on an economy of scale. My guess is that as long as they suffer few consequences for their activitites, a lot of people are going to continue to be victimized.

Meanwhile the good guys are all suing each other, deep sixing how they are having information stolen from them, and arguing about who is responsible for the mess. It's a shame that the good guys don't become more transparent about the problem, realize who the problem really is, and then come together as team to go after it.

So far as paying for identity theft protection, it can be bought, or if one has the knowledge, done for free. I've looked at a lot of the services and there is no doubt that some are a lot better than others.

Believe it, or not, I've even had the pleasure of meeting people within the industry that do really care about the people they are protecting. One shoe rarely fits all when it comes to human beings.

We need to remember that the industry is unregulated and all the current litigation might be an argument for some sort of certification (regulation).

Even without regulation, protecting someone's personal identity is a matter of trust. Everyone in the identity theft protection business needs to reflect on this and remember that in the end, consumer trust is going to be a key component of whether they are successful, or not.

In the end, perhaps it's time for a wake up call. After all a lot of people are suffering because someone took one a very personal item from them, or their very own identity.

Previous posts on this blog about the continuing Lifelock saga can be seen, here.

Tuesday, April 08, 2008

2007 Internet Crime Report shows dollar loss at all time high!



According to what many consider a reputable source, the FBI, Internet scams have set a new dollar record ($240 million).

Here is what they wrote about it in the press release (courtesy of the FBI site):

Pets, romance, and secret shoppers.

They’re each among the top ruses used by Internet scam artists in 2007, according to a comprehensive report on online crime just issued by the Internet Crime Complaint Center, or IC3.

Here is how the FBI described the most prevalent scams:

Pet Scams

- You see an online (or offline) ad selling a pet and send in your money, plus a little extra for delivery costs. But you never get the pet; the scam artist simply takes your money and runs. - You’re selling a pet. You’re sent a check that’s actually more than your asking price. When you ask about the overpayment, you’re told it’s meant for someone else who will be caring for the pet temporarily. You’re asked to deposit the check and wire the difference to this other person. But the check bounces and you lose the money you sent to what turns out to be a fraudster.

Secret Shoppers and Funds Transfer Scams

- You’ve been hired via the web to rate your experiences while shopping or dining. You’re paid by check and asked to wire a percentage of the money to a third party. Like the pet scam, the check is bad and you’re out the money you sent. As part of the scam, the fraudsters often use (illegally) real logos from legitimate companies.
- While renting out a property, you’re sent a check that is more than your rental fee and asked to wire the difference to someone else (are you seeing a trend here?). Or you take a job that requires you to receive money from a company and redistribute funds to affiliates via wire.

Adoption and Charity Frauds

- You get a spam e-mail that tugs on your heartstrings, asking for a pressing donation to a charity and often using the subject header, “Urgent Assistance is Needed.” The name of a real charity is generally used, but the money is really going to a con artist. One set of scams in 2007, for example, used the name of a legitimate British adoption agency to ask for money for orphaned or abandoned children.

Romance Fraud

- You encounter someone in an online dating or social networking site who lives far away or in another country. That person strikes up a relationship with you and then wants to meet, but needs money to cover travel expenses. Typically, that’s just the beginning—the person may end up in the hospital during the trip or get mugged and need more money, etc.

Fraud stats. The report provides a complete breakdown of statistics on Internet crime in 2007. For the year, total complaints were down slightly with 206,884 submissions, but total losses were at their highest level ever, nearly $240 million. See the report for plenty more details about victims, perpetrators, and common categories of complaints.

Full report, here.

Please remember that these reports are only as accurate as the data they compile. Often, I find that a lot of scam victims have no idea, where to report activity to. Because of this, I will end this post with information from the release on where to report Internet scam activity (highly recommended):

Logging a complaint is easy: just go to the IC3 website, click on “File a Complaint,” type in the details, and hit “next.” Review your information and click on “submit” when you’re ready to send. The good folks at IC3 will take it from there.

Sunday, April 06, 2008

Model Networking Site (Babe Warehouse) being used to scam aspiring models

Recently, I ran into a fraud victim being duped into cashing a counterfeit check (cheque) and wiring the money to the scammer offering her a "too good to be true" photo shoot opportunity.

While duping people into cashing bad checks and wiring the money back to the scammer are nothing new -- the e-mails used to set up the scam referred to a modeling (and photographer) networking site called "Babe Warehouse (www.babewarehouse.com)." The site states they give aspiring models the opportunity to post a "free portfolio" by providing them with (at least) five photographs and a valid e-mail address.

It appears that scammers are using these e-mail addresses to contact the models and contact them with "too good to be true" offers of furthering their careers.

Most experts agree that it is dangerous to post too much personal information on any social networking site.

Of course -- with all the porn links associated with the site -- I would guess they have other streams of revenue, also. I would also deduct that aspiring models and photographers aren't the only ones frequenting this site.

Although, I can't say for sure, I doubt Tyra Banks would approve of young women using Babe Warehouse as a networking tool.

Overpayment (advance fee) scams mutate seem to be everywhere and there is no shortage of counterfeit cashier's checks, money orders, gift and travelers cheques being mailed (in bulk) that are used in these scams.

Recently, an International law enforcement task force monitored the mail for a short while and seized hundred of millions of dollars/euros etc. worth of these bogus financial instruments.

At first, I wasn't sure if I was inspired to do a post on Babe Warehouse. I decided I would sent them a quick note letting them know their site was being used to scam their readers. In the note, I recommended them putting up some sort of warning on their site to protect their viewers. As I write this, they've failed to put up a warning or even acknowledge my note.

Because of this, I decided to put up a warning myself and rely on the power of the search engine to educate people.

If they would like to see how the overpayment (advance fee) scam works, I highly recommend going to fakechecks.org.

I also have compiled a lot of information on this blog about this type of scam, some of which, can be seen, here.

I suppose the closest scam variation to this one is what is known as a Romance scam. Romance scammers often use photographs from sites like Babe Warehouse when they are romancing their victims. Please note that Romance scammers often get their love interest to cash bogus financial instruments and wire the money to them, also.

If you are interested in learning about this type of scam, Romancescams.org is a site, I highly recommend.

Sensitive infared cameras discovered bound for China at LAX

Dangerous and counterfeit products, hacking government systems and espionage all have one thing in common, they are likely to originate from China.

The latest example of this is being reported by the AP:

Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested on Saturday, a federal official said.

Federal agents stopped the pair on the jetway as they were preparing to board the flight to Beijing.

The men had been in the United States for about a week, said Rick Weir, assistant special agent in charge of the Los Angeles office of the Department of Commerce's Bureau of Industry and Security.

Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses, Weir said.
In February of this year, the FBI highlighted two high profile cases involving Chinese espionage.

Again, whether it involves defective goods, hacking or stealing military secrets -- the Chinese seem to be having a field day victimizing the citizens of the United States and the World.

Is the cheap labor they provide for a lot companies worth all the risks we are taking by allowing them "free trade status?"

Additional examples of Chinese espionage, hacking and defective products written about on this blog can be seen, here.

Full AP story on this latest development in the ongoing saga, here.