Virtual Kidnapping - A New Version of a Confidence Trick!

Not all the kidnappings in Mexico and the United States are real. The US Immigration and Customs division gets reports of virtual kidnappings, where the intent is to extort money, but the alleged victim is safe and sound.

The kidnappers appear to be able to find out who is traveling to Mexico and/or is coming into the US illegally. They then call a family member or loved one, claiming they have the tourist or illegal immigrant hostage and demand money for their safe return.

I happened to pick up this story on Fox News, which reported that Immigration and Customs in Phoenix gets a report about once a week of smugglers holding a hostage. Although 75 percent of them are real, about 25 percent are bogus, according to the story.

The reason the virtual scam works is probably that real cases of people being kidnapped are becoming commonplace south of the border. In April, CBS News reported that a hotline set up in Mexico City to deal with extortion cases had received 44,000 calls since December. The hotline statistics recorded were 22,851 extortion attempts avoided, 3,415 telephone numbers identified as being tied to extortionists, and 1,627 people who paid off the virtual kidnappers.

In another version of virtual kidnapping, an illegal immigrant already in the country is contacted and told that a family member is being held hostage in Mexico. It's not unknown for smugglers to hold onto a family member and extort money from illegal immigrants whom they have brought across the border. With all the real kidnapping going on, it makes sense that fake ones seem legitimate.

In April, the New York Times did another story on virtual kidnapping. In their article, they speculated that at least some of it was being done from Mexican prisons. Apparently, the guards look the other way as long as they get a cut of the action. The article also mentioned that besides virtual kidnapping, other telephone scams are rampant in Mexico, like the sweepstakes variety, a type of the infamous advance fee (419) scam.

Network World asked why this type of kidnapping is referred to as virtual. Paul McNamara wrote a interesting piece pointing out that the term "virtual" doesn't really fit in these cases. "The crime itself is horrific — beyond comprehension in its cruelty — so there's some hesitancy to complain about semantics. But this is a technology column and the underlying issue — society's tendency to blame modern-day bad deeds on technology instead of the bad-deed doers — is an important one," according to McNamara.

He makes a very good point: scams designed to part people from their hard-earned money didn't start with the computer age. Confidence tricks have been around for a long time and virtual kidnapping is merely that, a confidence trick. A good example is what is known as the Spanish Prisoner letter, where someone was tricked into thinking they were securing the release of a wealthy individual (who couldn't reveal their own identity) from prison in return for future compensation. This particular scam dates back to well over 100 years ago.

The Internet is full of too-good-to-be-true scams, which use greed to lure victims. Besides greed, fear is another lure scammers use. We see this on the Internet in threatening letters allegedly from government agencies, or even in what is known as the hit-man scam. In the hit-man scam, a person is intimidated into paying someone off to remove a contract that has supposedly been taken out on their life.

Scams using the telephone are becoming more and more common as well, dubbed "vishing." Here the telephone is used to perform confidence tricks of all sorts, and/or to steal personal and financial information later used in identity theft schemes.

This doesn't take away from the fact that a lot of people are victimized because of the not very secure situation we have on our border. It often seems that the criminals are more in control than the authorities, and besides confidence tricks, we see an overabundance of crimes that threaten public safety and, some say, our national security.

Until we take the control of the border away from criminals, we are going to continue seeing a lot of people victimized.

International Phishing Gang, nailed with a little teamwork!

I suppose it's big news when a phishing gang gets caught. Sadly, few of them ever seem to get nabbed, or prosecuted. Phishing is a crime that is committed across borders with the click of a mouse, or "bot," which makes investigating and prosecuting this type of crime, slightly challenging.

Saying that, the times might be changing, especially (more and more) when U.S. citizens are targeted. Besides this latest series of arrests, the FBI recently conducted a very successful operation against bot-herders in an effort dubbed "Operation Bot Roast."

Bot-herders, who run botnets are behind growing amounts of spam. Spam is the preferred method of spreading scams and other questionable activity across cyberspace.

According to the DOJ press release, 33 phishermen have been hooked, in an operation that was truly International in nature:

A federal grand jury in Los Angeles charged 33 individuals in a 65-count indictment unsealed today for their alleged participation in an international racketeering scheme that used the Internet to defraud thousands of individual victims and hundreds of financial institutions. Seven individuals were charged in a District of Connecticut indictment for their roles in an Internet phishing scheme, including two who were also charged in the Los Angeles case.

U.S. law enforcement authorities are executing nine arrest warrants in the Los Angeles area and Romanian law enforcement authorities are executing search warrants in Romania today in connection with the racketeering indictment.

Supporting the "global theory" of this activity, these phishermen operated from six different countries. They also claimed citizenship from several different countries:

The individuals named in the indictment operated from locations in the United States and abroad including Canada, Pakistan, Portugal and Romania, and include both U.S. citizens and foreign nationals. Sonny Duc Vo, Alex Chung Luong and Leonard Gonzales are U.S. citizens. Nga Ngo, Thai Hoang Nguyen, Loi Tan Dang and Dung Phan are permanent legal residents of Vietnam. Hiep Thanh Tran is a U.S. permanent resident from Vietnam. Caroline Tath is a permanent legal resident of Cambodia. Hassan Parvez is a citizen of Pakistan. Rolando Soriano is a Mexican citizen and is currently charged in Los Angeles with illegal entry by an alien following deportation. Ovidiu Ionut Nicola-Roman; Petru Bogdan Belbita; Stefan Sorin Ilinca; Sorin Alin Panait; Costel Bulugea; Nicolae Dragos Draghici; Florin Georgel Spiru; Marian Daniel Ciulean; Irinel Nicusor Stancu; Didi Gabriel Constantin; Mihai Draghici; Marius Sorin Tomescu; Lucian Zamfirache; Laurentiu Cristian Busca; Dan Ionescu; Marius Lnu; Alex Gabriel Paralescu; and Andreea Nicoleta Stancuta are Romanian citizens. An additional four individuals known only by their aliases, “Cryptmaster”; “PaulXSS”; “euro_pin_atm” and “SeleQtor” are believed to be Romanian citizens.

According to an article in PC World by John E. Dunn, stolen financial details (mostly payment card numbers) were stolen using a fake website. The stolen financial details were then sent via SMS (text) messaging to their cohorts in the United States and counterfeit payment (credit/debit) cards were produced.

After the counterfeit cards were produced, we can assume "runners" went to ATM machines and drained the accounts.

Financial institutions targeted included "People’s Bank, Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., and PayPal," according to the DOJ press release. Although, not a financial institution, the DOJ press release mentioned eBay was a phishing target, also.

Two good resources, largely from the private sector that study phishing and provide a lot of relevant information about the activity are the Anti-Phishing Working Group and Artists Against 419. Besides goverment resources, there are private warriors out there dedicated to taking down phishing sites, also. The PIRT Phishing Incident Reporting and Termination Squad run by CastleCops, a site dedicated to computer and internet security, is a leader in this private effort to curb phishing. PIRT goes after phishing as it occurs in the "wild," or on the Internet.

Most of the information gathered by these groups is provided and used as intelligence by law enforcement resources. As a disclaimer, in this case, it is unknown what private resources might have contributed intelligence to this effort.

Law enforcement resources on a local, national and international level contributed to this latest series of arrests. Most experts agree that cybercrime has flourished in the past because of the inability of members of the "white side of the fence" to come together as a team. Sadly, the members of the "black side of the fence" have seemed to embrace teamwork and the result has been devastating, to say the least.

Last month, Attorney General Mukasey announced a "Law Enforcement Strategy to Combat International Organized Crime." This strategy was developed to combat a growing threat to the stability of U.S. interests posed by organized crime groups.

DOJ press release, here.

80 year old man loses over $700,000 to advance fee (419) scammers

With spam e-mails offering too good to be true come-ons filling up our mailboxes, we often forget that there are some very real people who get victimized after falling for one of them.

Of course with the availability of botnets -- which command legions of spam spewing zombies (compromised computers)-- even if only a few people fall for the scheme, the scammers still make a tidy sum off of other people's misfortunes.

An example of this can be found on the Newport Beach Police website, where an elderly gentlemen lost a lot of money (probably his life savings) to one of these schemes:

Recently, an 80 year old resident of the city learned he was a victim of an international lottery scam. He originally received an email claiming he had won an overseas lottery which required him to pay a processing fee to have the funds released. This scam continued for a two year period and ended with the victim losing over $700,000.00.

Scam operators (often based in Canada) are using email, telephone and direct mail to entice U.S. consumers to buy chances in high-stakes foreign lotteries from as far away as Australia and Europe. These lottery solicitations violate U.S. law, which prohibits the cross-border sale or purchase of lottery tickets by phone or mail.

This type of scam is often referred to as an Advance Fee (419) scam.

Of course, the lottery scam isn't the only one out there. There are work-at-home (job) scams, secret shopper, romance, lottery and auction scams being sent out in millions (billions ?) of e-mails, also. And if you don't have your own financial resources, the scammers will gladly provide you with a wide array of counterfeit financial instruments to negotiate. They could care less if you get arrested and expect that you will wire them any proceeds if you successfully pass the bogus instrument.

Please note, that just because you initially are able to pass the instrument doesn't mean that someone won't come after you, later.

The news release from Newport Beach Police Department offers the following advice on how to report scams like this:

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

They also point to a page on the FTC website about cross border scams, which can be seen here.

If you are a more "visual type," I recommend going to fakechecks.org, which has a series of video presentations on this subject.

When sweepstakes scammers target the elderly should it be considered elder abuse?

Photo courtesy of speedwaystar at Flickr

Lottery and sweepstakes scams are on the rise and there seems to be little help for the victims, who fall for them. There also seems to be not very many consequences for the criminals, who are stealing people blind.

Paul Wenske of the Kansas City Star did a telling story in the Kansas City Star, which focuses on how senior citizens in the Midwest are being targeted and losing their entire life savings in the process.

From the Star article:

Canadian telemarketers spent two years bilking Walter Blevins of Arkansas City, Kan., out of $300,000 — his life savings.

The scammers initially told the 78-year-old former aircraft worker he’d won $2.2 million in a lottery. He just needed to wire cash to cover the taxes and other fees on his windfall.

The article also states that no one seems to be able to help these people once they've sent the money, but these crimes are now being classified as "cross border fraud."

The Missouri AG has tried to step in, but is limited in his jurisdictional powers to sending cease and desist letters to the scammers up North:

Seniors who make the mistake of responding to one mailing or phone call often end up on lists that are sold and resold, resulting in a flood of junk mail.

Late last year, Missouri Attorney General Jay Nixon launched “Senior Sting,” an ongoing operation in which 300 seniors were asked to save such solicitations. They collected 8,000 pieces of mail in the first month.

Don Burnett, of Louisiana, Mo., said at one time he was receiving eight mailings a day from foreign lotteries, sweepstakes and check schemes.

Interestingly enough, a lot of these solicitations are coming in junk mail and telemarketing calls and not from spam e-mails.

The article speculates that the fraudsters doing this are compiling telemarketing lists. While this is probably true, an information broker (InfoUSA) was recently accused of selling market segment targeted lists to some of these scammers.

Given the fact, most of these enterprises pose as legitimate businesses, I wonder how hard it is for them to simply purchase these lists?

The article also cites information from the Federal Trade Commission and the National Consumer League's Fraud Center.

The NCL site has an entire section on Elder Fraud, which can be reached by clicking, here.

Not to be outdone, the FTC also covers this subject in great detail on their site, here.

What's interesting to me is that I see elder abuse becoming a hot issue. The National Center for Elder Abuse is an organization that lobbies for stricter laws when senior citizens are abused.

While most of these telemarketing scams are considered fraud -- which many think of as a low priority crime, perhaps if when it involves senior citizens, we think of it as elder abuse -- the authorities on both sides of the border might begin to get more aggressive in prosecuting the criminals behind these schemes.

In my opinion -- stealing a senior citizen's entire life savings is nothing less and the criminals doing this deserve to be considered as what they truly are -- one of the lowest forms of life on the Planet!

Kansas City Star article, here.