Saturday, June 07, 2008

Does our current economic situation make sense?

Could major companies outsourcing jobs be an enabling factor in oil prices skyrocketing out of control? After all, the oil companies claim that increased demand in Asia (especially China and India) are a major reason prices skyrocket, weekly.

I guess this means we have outsourced so many jobs and manufacturing, they are using more oil?

Of course, some of other reasons used to justify oil prices increasing seem to not make very much sense. Sinister terrorist threats that never surface, or minor attacks have been used to drive the price of a barrel of oil up, also.

The problem is for the average person, it's hard to figure out if someone is telling the truth or offering us a convenient excuse for making an obscene amount of profit.

And if anyone were to blame the people in Asia for this, they would be sadly mistaken. I suspect they are being used for one thing and one thing alone, cheap labor. This cheap labor has some other ugly aspects to it, such as labor practices that wouldn't be tolerated in the West and a constant stream of unsafe and defective products being sold all over the world.

So far as placing blame, we might want to look at the few, who are making a ton of money by reducing their labor costs?

Last time I checked, the out-of-control gas prices and food shortages are impacting people in Asia and Africa pretty severely, also. Some say one of the reasons for this is all the corn being diverted to make ethanol.

While this is still merely a nuisance at the grocery store here in the West, they say it is sending people to bed hungry at night in less fortunate countries.

Sadly enough, experts are now telling us that using corn to produce Ethanol is unlikely to make an impact on the energy crisis, either. They say it uses more energy to produce than we get by using it. Is this just another venue for a few speculators to make a lot of money at the expense of everyone else?

I suppose this revelation is just another inconvenient truth?

Yesterday's sharp increase in the price in oil and the fact that we are seeing the largest loss in jobs in 20 years sparked the following commentary in the New York Times by Peter Goodman:

For tens of millions of Americans struggling to pay bills, the jobs report added an official stamp of authority to a dispiriting reality they already know: A deteriorating labor market is eliminating paychecks just as they are needed to compensate for the soaring cost of food and fuel, and as the fall in house prices hacks away at household wealth and access to credit.

The well-written commentary goes into a lot of specifics, which are pretty gloomy. It also contains quotes from the various presidential candidates, who offer completely different solutions to the problem.

For a long time, we have been hearing there is no fraud in the oil prices going out of control. Despite this the U.S. Commodity Futures Trading Commission is hosting a International energy market manipulation conference. Do they know something we don't?

Of course, in another contributing factor to the overall mess (the mortgage meltdown), the FBI recently announced that they are investigating several major companies. It's going to be interesting to see what becomes of that.

In both these contributing factors to the economic crisis, a lot of taxpayer dollars are being used to protect or bail out both of these industries. I've often wondered why the taxpayer gets to pay to protect oil producing countries and bail out corporations, who were clearly irresponsible in the way they did business?

With all the money they made, or are currently making, shouldn't they be held responsible for at least some of the costs?

If you look at the entire situation, it's hard to make sense or understand the reasons we are being given for why it is occurring.

What does make sense it that our overall perception of the public officials, who swear an oath to the protect it's citizens from enemies (both foreign and domestic)is at it's lowest ebb in history. Part of the reason for this is too many of them are getting caught with their hands in the cookie jar and the general consensus is that special interests seem to influence the way they vote more than anything else.

We are seeing a lot of talk about doing something about this problem, but little to no action being taken to correct it. A little less talk and more action might go a long way in fixing the problem. Otherwise, we might begin to think that all this talk is nothing more than a lot "hot air."

I'm not sure how much longer the voting public is going to put up with the current situation -- but one thing is clear -- politicians running for office are accepting a lot of money from lobbyists, which is a nicer word for "special interests."

As long as the public is getting gouged (my opinion) for no apparent reason, the ties between politicians and lobbyists are going to become more and more questionable.

One good place to keep up on these issues and or voice your opinion (my wife, Ellen is a big fan) is Lou Dobbs' site.

In fact, since I am slightly off my normal topic, I think I'll dedicate this post to her.

Friday, June 06, 2008

Spam ruse promising money for being an Internet crime victim spoofs IC3's name


(Picture courtesy of the FBI)

"The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA)," according to their website.

In their own words it provides a "vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime."

According to a recently released press release from the FBI's Cyber Division, the good name of IC3 is being spoofed (impersonated) to lure people into become victims of identity theft and financial crimes. In this instance, the specific come-on is a claim that they are passing out money to the victims of cyber crime.

Besides being devious - they obviously have a "sick sense of humor."

From the press release:

The FBI is asking the public to be aware of e-mail schemes containing various versions of fraudulent refund notifications claiming to be from the Internet Crime Complaint Center (IC3) and the government of the United Kingdom. The e-mails falsely state that refunds are being made available to compensate the recipients for their losses as victims of Internet fraud.

The perpetrators of this fraud use the names of people not associated with the Internet Crime Complaint Center, but give them titles in an attempt to make the e-mails appear official. The perpetrators use IC3’s logo and the former name of IC3, the Internet Fraud Complaint Center (IFCC), as well as the names of the Bank of England and the Metropolitan Police (U.K.) in the e-mails.

According to the FBI, the intended victim is required to sign a wire transfer release form in order to receive their refund. In actuality the scammers behind this will probably use the release form to have the bank wire all the money out of an account to them.

I haven't seen one of these spam e-mails yet. They could use different come-ons, or even drop malicious software on your system. When this occurs malware steals all the information from your computer, automatically.

If you would like to learn about cyber scams, the FBI site has a lot of relevant information. They are also requesting that if you spot one of these scams to report it directly to the "real" IC3 site.

Press release on this matter, here.

Monthly Spam report reveals how uncertain economic times are fueling new scams!


(Courtesy of Symantec)

With prices rising out-of-control and foreclosure signs being used to market real estate, one might think that scam artists and other less than ethical people would lay off for awhile. Think again, they are out in force and coming up with devious methods to make bad situations, worse.

I follow Symantec's spam report on a monthly basis. If you want to get an idea of what fraud campaigns are being run by cyber criminals, or what new twists to old scams are surfacing - it's a great place to get an overview.

Interestingly enough, the report starts with a comparison of e-mail spam to the lunch meat it is named after:

The harsh economic times can be witnessed from every angle, with the rise not only in email spam, but also the sales of the actual lunchmeat product, Spam. According to NBC’s Brian Williams, the spike in Spam sales is a huge economic indicator of the times, and families trying to do more with less. The exact same could be said for email spam. With spam messages accounting for over 80% of email in May 2008, the economic slowdown and its effects are definitely being targeted by spammers – preying on the hardships of people not only in the United States, but Worldwide.

In the past month, the economic stimilus program and the disasters in China and Myanmar have clogged inboxes with come-ons designed to trick people out of their money, or even worse (if a little malware is dropped) all the personal and financial information off their computer.

The report also highlights a campaign in China, offering fake invoices to avoid paying taxes.

Also noted was a scam to sell tickets to the Championship League Final, which was the biggest football (soccer) event in recent times:

The biggest football game in the European football calendar took place on May 21, 2008 in Moscow. Tickets were in big demand all over Europe for this event, and spammers certainly took notice.

Under the guise of a travel agency, the spammer offered the recipient “a unique opportunity” to acquire tickets for the game. The prospective customer was asked to click on a link to purchase the tickets and provide personal details. The recipient was then instructed to go to a legitimate online payment site to complete the transaction.

When the recipient paid for the tickets using the legitimate online payment site, the spammer requested that they email their name, surname and the unique online payment voucher number to the spammer in order to receive the tickets. The legitimate online payment website for the Champions League Final clearly states that the unique voucher number should never be emailed and only used on secure websites that accept their payments.
Please note that ticket scams are nothing new and the more popular the event is, the more likely spammers (scammers) are going to try to dupe people out of their money in the hopes of securing a ticket.

The June report highlights how spam has become a problem that has become International in nature!

Full June report from Symantec can be accessed, here.

Previous posts I've done on the monthly Spam Report can be seen, here.

Sunday, June 01, 2008

Fraudsters mutate counterfeit MoneyGram money order scam to fool victims/financial institutions

Counterfeit MoneyGram Money Orders seem to be surfacing all over the place, again! Here is what I wrote about them the last time I posted on them:

Recently, MoneyGram removed the Travelers Express name from their money order product. The new version is branded simply as MoneyGram, printed in Spanish (Espanol) in addition to English.

The old version with the Travelers Express name have been counterfeited and circulated via Internet scams for a couple of years. A lot of them had Walmart's logo printed on them. We've seen similar counterfeit American Express Gift Cheques and Postal Money Orders in recent years, also. Some of these items are still in circulation, including the older Travelers Express version.
For a long time, the counterfeiters seemed to prefer using a Walmart logo. Some of them even came with a letter from Walmart Financial Services.

The newer version, I saw on Friday bear a CVS Pharmacy logo and they are being distributed in lower dollar amounts. Presumably, the high dollar amounts $700.00 and over were being looked at too closely by financial institutions.

Not sure, but they could be starting to use a variety of logos to make them look legitimate. If anyone reading this has seen different, please add a comment to let everyone know.

The newer items seem to be in denominations of $500.00 or less.

These items normally are obtained when a person gets involved in a too good to be true financial scheme, or is solicited by a beautiful woman (or man) needing to be rescued from a foreign locale. This normally occurs on the Internet.

Here are some examples of the lures used to pass these items, along with links to old posts:

Some of these lures include, but aren't limited to (new lures surface frequently), secret shopper, romance, lottery, work-at-home and auction scams.
Sadly enough, the lowering of the dollar amount seems to have had limited success because I am getting reports that some of these items have been cashed at financial institutions.

The saddest part of all of this is (from an earlier post):

A common denominator in most of the scams is that there will be a request to send the proceeds, minus your paltry cut (normally via wire transfer) back to the person sending you the instruments. That is (unless) they are buying goods from you. In this case, your property is what they want you to send to them.

In other words, if the item is cashed at a financial instiution, when it comes back as a counterfeit -- they will hold you and YOU ALONE liable.

Even sadder, people are also getting arrested for passing them. When counterfeit instruments started getting passed in Internet scams, the financial institutions were a lot more forgiving. This isn't necessarily the case anymore with the amount of losses being taken out there.

More and more often, criminals pretend to be victims and pass the items. I call these people, "reverse scammers" because they have no intention of wiring any money back to the original scammer.

If you are a true victim, I recommend taking to the good folks at FraudAid, who advocate for the people that are really victims. The key is being able to show all the correspondence, along with proof that money was actually wired. If you kept the money from the transaction, it is going to be hard claiming "victim status."

The best way to avoid getting scammed is to call and verify the item at MoneyGram, itself. This can be done by calling 1-800-542-3590. In almost (although not always in theory) all cases, this call will reveal the item as a counterfeit.

MoneyGram money orders aren't the only instruments being counterfeited. Counterfeit cashier's checks, money orders, gift and travelers cheques are also being counterfeited and used in these types of scams.

If you want to learn more about these scams, I recommend going to fakechecks.org, who has some great videos illustrating the scams used to pass these items.

Bank of Mellon reports a second data breach

Last week, the Bank of Mellon disclosed they had lost unencrypted tapes containing the personal and financial information of several million people about three months ago.

Now it is being revealed that about a month ago, another incident involving a missing (unecrypted) tape occurred. This time, scanned images of checks, along with other assorted sensitive information disappeared. The Check 21 Act, passed in 2004 allows financial institutions to electronically deposit images of checks instead of using the actual paper check, itself.

According to press release on the matter, they are now going to start using encryption. I wonder how many other institutions out there are still not encrypting all of their confidential information?

Ironically, if you read the privacy and security pages on Bank of Mellon's site, they seem to be very pretty savvy about both identity theft and privacy issues.

The first incident occurred on February 27th and the now revealed second incident occurred April 29th. If they knew it happened on April 29th, why wasn't this one reported with the other one? The February 27th incident was reported last week, which was well after April 29th.

Of course, I'm sure that the "official explanation" will be that they didn't know if it was really missing and no one is really sure if the information is being used to commit identity theft.

Here is the low down as reported in Pittsburgh Tribune Review on the April 29th occurrence.:

The most recent incident occurred on April 29 when a backup data-storage tape containing images of scanned checks and other payment documents was lost while being moved from Philadelphia to Pittsburgh, spokesmen for the bank said Friday. It involved data of 47 institutional clients and a yet to be determined number of individual customers.

A ComputerWorld article by Brian Fonseca highlighted concerns that are being investigated by Connecticut Attorney General Richard Blumenthal, who is working with his peers in other States to determine why it took so long to report the matter. AG Blumenthal is also asking some hard questions as to why some tapes disappeared and other ones arrived at the storage facility.

The obvious reason, he might ask this question is that it probably points to an insider being involved (my speculation). If this is the case, it is very likely they had somewhere to get rid of the information, or more specifically, sell it.

His press release on the matter listed a lot of institutions, who may have had customers compromised in these incidents.

One thing I wanted to add is that in the most recent occurrence, they are stating scanned checks were contained on the tape. This would make it pretty easy for criminals to use the information to produce counterfeit checks. In recent years, we've seen checks counterfeited on a massive scale, and sent all over the world via snail mail, or even Federal Express and UPS. A recent joint investigation conducted in several nations revealed that these items were being produced on an industrial scale in certain countries.

Many of these counterfeit checks are passed via "too good to be true scams" on the Internet. There are also organized criminal gangs that pass counterfeit checks, also.

Interestingly enough, the way laws governing counterfeit checks are written, the banks have almost zero liability and pass off the loss to the entity who accepted them.

Since counterfeit checks are normally exact copies of actual checks, this made me wonder if sometimes the source of the information to produce them is coming from all the scanned checks being electronically transferred between businesses and financial institutions? Payment (credit/debit) card is transmitted and stored pretty much the same way, and there is certainly a history of these transactions being targeted for criminal purposes, frequently.

According to their most recent press release, the Bank of Mellon is offering free credit monitoring and identity theft insurance through Experian. This has become standard in the wake of most data breaches, but it doesn't necessarily protect a person from all forms of identity theft.

Some examples of where free credit monitoring doesn't catch identity theft right away are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and last, but not least, when it is used to commit crimes of other than a financial nature.

Additionally, the ComputerWorld article mentions that at least one class action law suit has been filed as a result of this:

This week, a lawyer representing 40 affected individuals filed a class-action lawsuit against the New York bank in Connecticut Superior Court. Attorney Michael Stratton, who represents the plaintiffs, said he is seeking up to seven years of free credit monitoring and credit insurance for customers, along with unspecified damages.
I found a list of companies that might have had their customers compromised in these data breaches on the Connecticut AG site:

People's United Financial Inc., John Hancock Financial Services, Inc. (acquired by Manulife Financial Corporation), The Walt Disney Company, TD Bank Financial Group, The Bank of New York Mellon Corporation, Hudson United Bancorp (acquired by TD Bank Financial Group), United Parcel Service, Inc., Wachovia Corporation, MetLife, Hudson City Bancorp, Eastman Kodak Company, Burlington Resources (acquired by ConocoPhillips Inc.), Providian Financial (acquired by Washington Mutual, Inc.), Penn Fed Financial (acquired by New York Community Bancorp), ADESA, Inc., Alcatel-Lucent, Odyssey America Reinsurance Corporation, Seacoast Financials Services Corp. (acquired by Sovereign Bancorp), Viewpoint Bank, Diamond Shamrock (acquired by ConocoPhillips Inc.), Sound Federal Bancorp (acquired by Hudson City Bancorp), Big Lots, Inc., Guidant Corporation (acquired by Boston Scientific Corp), New York Community Bancorp and ACE Limited.

Bank of Mellon press release on this matter, which contains information for potential victims, here.