How to buySAFE on the Internet

(Courtesy of buySAFE)

The Center for American Progress and the Center for Democracy and Technology recently released a report concluding that not enough is being done to protect the public from fraud on the Internet. "If problems such as malware, phishing, and spam are left unchecked, many consumers may lose trust and abandon e-commerce," according to the report.

What if a shopper could safely enjoy the convenience, lower prices and choices offered by the world of e-commerce, while avoiding all the fraud lurking on the Internet free?

In 2006, buySAFE entered the e-commerce scene with a unique concept, giving sellers the ability to become bonded and display the buySAFE seal on their site. Once a seller is bonded, the purchase is guaranteed up to $25,000.

The buySAFE guarantee covers virtually any loss that might occur during an online shopping transaction. This includes, but isn't necessarily limited to fraud, phishing and financial misdeeds.

Last month, they grew their concept with the buySAFE Shopping Advisor, which is a free software tool that rates the safety/security of all sites within a search term. The tool also points to sites sites with the buySAFE seal, which guarantees the transaction.

Shopping Advisor leverages buySAFE’s advanced technology and bonded merchant customer base to provide a fully closed-loop safe shopping experience. "There is nothing else like it in the world as it provides comprehensive safe shopping for consumers from search through purchase and beyond – guaranteed," according to Jeff Grass, buySAFE's CEO.

While buySAFE offers a free service to the e-consumer, they aren't in business to lose money. Some of the due diligence performed on every bonded merchant includes ensuring they have a SSL certificate and a privacy policy describing how they protect personal information. Additionally, bonded sellers are required to allow buySAFE access to inspect their business anytime they choose to do so.

Shopping Advisor provides a tool to analyze e-commerce sites and provides a safe shopping portal, which consists of bonded sellers, only. Once in the safe shopping portal every purchase is guaranteed within the limits of the bond buySAFE provides.

Shopping Advisor uses buySAFE's proprietary website inspection and assessment technology to analyze almost 100 different safety/security attributes of an e-commerce site. It then provides objective ratings on the site when searching with Google, Yahoo and MSN (Firefox is on the way). This allows the shopper to make an informed decision before forking over their hard-earned cash.

Within the Shopping Advisor tool is the Safe Shopping Portal providing alternative product choices from thousands of merchants that are protected with the buySAFE seal. It is within the Safe Shopping Portal that every purchase is guaranteed with a Bond of up to $25,000 and it's protected against identity theft, also.

Essentially, Shopping Advisor shows all the shopping opportunities for the search term listed, rates the sites in question and then gives the consumer the ability to make an informed buying decision. If the buyer chooses to buy a product via the Safe Shopping Portal, it is automatically guaranteed and the transaction is protected against identity theft for 30 days. When the buyer purchases an item from the Safe Shopping Portal, they automatically receive an e-mail with the specifics on the guarantee for their personal records.

buySAFE offers a lot of benefits to sellers, also. The biggest is which is what ensures any successful business, or the trust of it's customers. They've also added a cost-per-sale pricing model that has received positive feedback from the merchants using it. If a merchant needs more information on this, I'll refer them to Jeff Grass' blog, or the press release on this matter.

According to most if not all of the reports out there, Internet crime continues to grow and become more sophisticated. Saying that, no matter how sophisticated it becomes the primary motivation to commit cybercrime is money. This rings true from the most simple social engineering scheme to most sophisticated attacks using crimeware. What buySAFE has done is remove this primary motivator from the mix, or at least made it a lot less attractive to Internet fraudsters, charlatans and tricksters.

Shopping Advisor takes this concept to the next level by providing the consumer with a tool to make an educated shopping decision without falling prey to the pitfalls of a too good be true come-on. Too good to be true lures are the common theme Internet fraudsters, charlatans and tricksters use to snare their prey. In other words, Shopping Advisor is a tool a consumer can effectively use to practice the principle known as caveat emptor, or buyer beware.

buySAFE is also offering a shopper referral program. They pay $1.00 for every user referred to Shopping Advisor. This is a great fundraiser opportunity for charities, sports leagues, churches or any good cause.

Report Reveals That Internet Fraud Threatens E-Commerce

The Center for American Progress just released a report indicating that not enough is being done to protect the public from fraud on the Internet. It's also warning that the convenience, choices and lower prices enjoyed by Internet users are at risk because of this.

They report reveals that high levels of fraud and abuse may cause more and more consumers to lose trust, a key-component of any successful business. Malicious software, phishing and spam were cited as primary causes for the high levels of fraud and abuse on the Internet.

Studies indicate that over 80 percent of all e-mail is spam. It should be noted that spam is the preferred delivery vehicle of fraud and abuse on the Internet. Malware and phishing normally start with a spam e-mail. In Phishing schemes -- which are designed to steal personal and financial information -- the use of malicious software to automatically steal information is on the rise. In the past, phishing normally relied on a social engineering scheme to accomplish this goal.

The Anti Phishing Working Group, an organization that tracks phishing activity, has noted an increase in the use of malicious software to phish information. They speculate that ability of e-criminals to use automated tools to spread crimeware (a.k.a. malware) could be the reason for the increase.

The report states that although the Federal Trade Commission is stepping up enforcement activity, it's resources are limited and more action by the State attorney generals is desperately needed. It cites as an example that over the past three years, only 11 cases against spyware distributors have been brought forward by the States, which is the same number taken for action by the FTC.

The Center for American Progress and the Center for Democracy and Technology asked States to provide data on the complaints they received 2006 and 2007. Thirty six States responded and most of them had a Internet related category listed in their top-ten complaints. It was also noted that overall Internet related complaints increased from 2006 to 2007. Eight of the States listed Internet related complaints in their top-three and four States listed them as being the number-one complaint.

The FTC, who gathers data on a much wider scale noted an increase of 16,000 Internet related complaints in 2007 versus the number received in 2006. When comparing the numbers to 2005, a 24,000 increase in complaints was noted.

The report points out that many experts speculate that not all cybercrime is reported or even discovered. Additionally, the standard for classifying it varies from State to State, which makes it hard to evaluate current statistical data. Given these factors, many believe the problem is understated.

In looking at the enforcement level by the States, the Center for American Progress and the Center for Democracy and Technology gathered information from annual and biennial reports, websites, news articles, and the bimonthly Cybercrime Newsletter released by the National Association of Attorneys General.

Data from the Cybercrime Newsletter revealed that 60 percent of the cases prosecuted were for the sexual enticement of minors or pornography. Crimes involving the theft of information or identity theft represented 8.9 percent of the total and 15.5 percent involved online sales and services. The majority of the cases involving online sales and services were for false advertising or the quality of a product or service.

The conclusion given by the researchers is that not very many crimes involving phishing, spyware, spam, adware and hacking were being effectively investigated or prosecuted. "Internet crime requires almost no expense to execute, carries potentially high financial rewards, and involves relatively little risk of being caught and punished," according to the report.

The monetary cost of all this activity isn't cheap, either. In 2007, an estimated $7.1 billion was lost due to phishing, viruses and malware in the United States, alone. Given that the estimated losses in 2006 was a mere $2 billion, this would lead a reasonable person to speculate that the problem is a growing one. Worldwide estimates put the losses at about $100 billion.

The report gives a possible reason for the increase in activity. With few overhead or start-up costs a phishing group can net about $250,000 a month and operate anonymously from just about anywhere in the world.

Do it yourself (DIY) phishing kits for sale on the Internet have been cited as a primary cause of more and more activity, also. Some of these DIY kits even come with technical support. The bottom line is that it no longer takes much technical knowledge to become a phisherman.

The report speculates that we shouldn't be surprised that online fraud and abuse are at high levels and calls for stronger deterrents. They believe that stronger action by the state attorneys general is key to this effort.

While more support at the State level is needed, I'm not sure if the States can control Internet crime all by themselves. Internet crime moves across borders with a click of a mouse and it's going to be difficult for Alabama to prosecute a spammer or phisherman living in Moscow, Shanghai, Montreal or London.

Two so-called spam kings were recently prosecuted by the federal government. One later escaped and killed himself and family members in the process. These arrests didn't seem to make much of a dent in the amount of spam being sent. Both of the government press releases on these stories mentioned they were catering to commercial clients. Any solution to crime on the Internet will have to take a long and hard look at what enables the activity to be too easy to facilitate in the first place.

Some blame the Internet Service Providers (which seem to be a dime a dozen) for looking the other way because spam brings in revenue for them. Of course, auction sites like eBay have long been criticized for looking the other way at the the criminal activity on their sites. Since Internet Service Providers and Auction sites operate worldwide with a click of the mouse, it's difficult to prosecute or investigate anything on the Internet.

This list of Internet crime enablers is long and the one's referenced regarding service providers and auction sites are merely two examples of them. But if you were to take a look at all them, they have one thing in common: which is maintaining an environment conducive to making money easily. The question is how long will it take for the financial and social costs of Internet fraud and abuse to inspire a more responsible and practical approach to the problem?

Bills Introduced to Combat Organized Crime on Auction Sites

While stories of individual people getting scammed on auction sites are legendary, individuals aren't only ones victimized on these sites. Large retailers and brand owners are victimized when their stolen or counterfeit merchandise is sold on these sites, also.

In response to this, two bills are being introduced to combat this problem in the halls of Congress.

The reason this has become a growing issue is that criminals can net 70 percent of the value of stolen merchandise on an auction site versus the going 30 percent received on street corners, flea markets and pawn shops. So far as all the knock-off (counterfeit) goods being sold on auction sites, it's hard to put a dollar loss to it, but many believe it's substantial.

According to the International Anticounterfeting Coalition, counterfeiting costs U.S. businesses $200 to $250 billion a year. Counterfeiting and e-fencing pose safety risks to the public-at-large, also. Outdated or merchandise that isn't what it is advertised to be could potentially poison people, or cause bodily harm when it doesn't work like it's supposed to.

Simply stated auction sites, provide an anonymous marketing environment to sell both stolen and counterfeit goods.

“By hiding behind the anonymity of the Internet, they can make more money with less risk of getting caught than selling to a stranger on a street corner who might turn out to be a police officer. This bill would lift that cloak and help law enforcement put on-line criminals where they belong – behind bars,” according to Joe LaRocca, the National Retail Federations Vice President of Loss Prevention.

To address this problem, a federal bill (H.R. 6713, the E-Fencing Enforcement Act of 2008) is being introduced by Representative Bobby Scott, chairman of the House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security.

The bill will require on-line auction operators to maintain information about high-volume sellers and provide the information to a person with "standing" once a police report is filed. The definition of a person of standing would be a law enforcement officer or a representative from a company, who has an interest in the merchandise being illegally sold on an auction site.

This is the second bill introduced recently to combat organized retail crime, which costs retailers anywhere from $15 to 30 billion a year. On July 15th, H.R. 6491, the Organized Retail Crime Act of 2008, was introduced by Representative Brad Ellsworth, a former county sheriff, along Representative Jim Jordan, as the lead co-sponsor. The bill establishes that unless auction site owners can show specific steps to prove goods being sold were not being obtained by theft or fraud, they could be viewed as "facilitating" the activity. This bill will also require site operators to cooperate with the police and organizations with a stake in stopping the activity. In certain instances, it will also allow merchants to initiate civil actions over stolen merchandise being sold on an auction site.

In the past, auction operators have been criticized for not effectively cooperating with companies and law enforcement when they made an inquiry into suspected criminal activity on their sites. It has also been established that smaller (individual) victims and merchants often receive little to no assistance after being victimized in an Internet auction deal.

E-fencing, phishing, counterfeit goods and the use of fraudulent financial instruments to buy merchandise from unsuspecting customers have all victimized countless people and organizations on auction sites.

Criminals often lure people to do their dirty work, also. Recruits are normally harvested off the Internet, sometimes from job sites, and offered work to reship stolen merchandise and or launder money from fraudulent transactions. Much of this activity involves sending money, or hot merchandise across an International border --making it extremely difficult to track.

A lot of criminal activity is facilitated on auction sites by what is known as phishing. Phishing is where an account owner is tricked into giving up their account details, either via social engineering, or more and more often, after downloading some malicious sofware. The stolen account details are then used to take-over the account and use it for illicit purposes.

In fact, eBay and PayPal accounts are frequently the most phished brands out there.

Phishing, normally facilitated by spam e-mails, is another ever-growing criminal activity on the Internet. Recent studies by the Anti Phishing Working Group show that it is becoming more automated and malicious software (crimeware) used to automatically steal information is becoming more prevalent.

There is little doubt that a lot of the criminal activity on auction sites is sophisticated and reeks of organized crime.

For anyone investigating fraud on an auction site, the only way to effectively do so, is to have access to information quickly and with as little red tape as possible. A lot of these crimes cross over borders quickly and by the time and investigator gets what they need, the trail is often pretty cold.

When auction site owners -- who suffer no financial liability and collect a lot of revenue in fees from this activity -- don't cooperate or move too slowly, it only ensures that criminals will be laughing all the way to the bank.

Even the government has had their stolen inventory sold on eBay and Craigslist. In April, the GAO issued a report that military items, including F-14 components, were being sold on auction sites. In August of last year, a U.S. Attorney was quoted as saying that stamps being stolen from self service vending machines with cloned payment cards were being sold on auction sites. At the time, I ran a simple search query and found some pretty good deals on stamps. As of today, these great deals still exist. Many of them are being sold below cost and the last I checked the Postal Service still offers credit. Why would someone sell stamps below cost?

In my opinion, both of the bills don't only serve the large merchants out there, but have the potential to protect everybody from fraud on auction sites. While both of these bills are being driven by the National Retail Federation, I see a lot of benefits to passing them for everyone concerned with fraud on auction sites.

I highly recommend that these other people, join in with the NRF and the Congressmen involved, and support getting these bills passed.

Vladuz busted, according to eBay

Vladuz, the mysterious hacker, who seemed to take great pleasure in hacking eBay has been arrested, according to eBay.

Ina Steiner reports on the AuctionBytes blog:

A cyber-criminal who embarrassed eBay for nearly a year with claims he had hacked the site was arrested on Thursday, according to eBay. "Vladuz" had harassed eBay with his taunting from December 2006 through October 2007, when he accessed eBay servers and gained limited access to a very small number of eBay accounts on the eBay.com site. (eBay said at the time that at no point did the fraudster get any access to financial information or other sensitive information.).

Thus far only eBay is confirming the arrest:

eBay spokesperson Nichola Sharpe said local Romanian law enforcement officials would have to confirm details, as they considered the case confidential until a conviction was made. Asked why eBay had issued a press release, Sharpe said eBay wanted to thank all of the law enforcement agencies involved who collaborated in the case. She also said that the community was aware of Vladuz, and said, "This is obviously great news."

eBay states that Vladuz never accessed any financial information, but I’m not certain that was his intention in the first place.

There are some, who believe his intention was to point out the massive amount of fraud occurring on auction sites and show weaknesses that could be exploited in eBay’s system.

After all, unless he is mentally disturbed, why would he make his effort so public otherwise? Most criminals prefer to remain anonymous when they are committing financial crimes. They make a lot more money that way.

Here is a previous post, I did on the mysterious, Vladuz:

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?

eBay/Craigslist praised by Congressman for efforts to curb sales of stolen military equipment on their sites (?)

I've written a few things about scams and fencing stolen merchandise on auction sites. Recently, the GAO discovered that items stolen from the military are for sale on eBay and Craigslist.

Even more interesting were the results of narrowly focused hearings (my opinion) on this matter in Washington, which can be seen at the bottom of this post. The reason I believe they were "narrowly focused" is because there is no shortage of fraud, phishing and financial misdeeds on auction sites.

Of course, there is also no shortage of ordinary citizens and businesses that have been taken to the cleaners on an auction site. Stolen government items are only a small part of the overall problem.

From the GAO report:

GAO found numerous defense-related items for sale to the highest bidder on eBay and Craigslist. A review of policies and procedures for these Web sites determined that there are few safeguards to prevent the sale of sensitive and stolen defense-related items using the sites. During the period of investigation, GAO undercover investigators purchased a dozen sensitive items on eBay and Craigslist to demonstrate how easy it was to obtain them. Many of these items were stolen from the U.S. military. According to the Department of Defense (DOD), it considers the sensitive items GAO purchased to be on the U.S. Munitions List, meaning that there are restrictions on their overseas sales. However, if investigators had been members of the general public, there is a risk that they could have illegally resold these items to an international broker or transferred them overseas.

Apparently, body armor, MRE (meals ready to eat), uniforms, night vision goggles, NBC (Nuclear Biological Chemical) equipment and even F-14 components were some of the items purchased on eBay and Craiglist by undercover investigators.

The obvious concern would be terrorists, or other not very friendly people getting their hands on some of this stuff.

Given the organized effort on a lot of auction sites to fence stolen merchandise via some pretty sophisticated methods, it's not surprising that the GAO found military equipment for sale on the sites. Many have speculated that these sites are used as a means of fencing the proceeds of what is known as organized retail crime. Of course, less organized criminals obviously sell their goods on auction sites, also.

Organized retail crime obtains their goods by a variety of methods from common theft to using stolen financial instruments. A lot of stolen financial instruments are used to purchase items on auction sites and e-commerce sites. Of course, they are used in more traditional store settings for the same purpose, also.

On eBay, account credentials and payment accounts (PayPal) are phished all the time, enabling an additional layer of anonymity to the schemes. In fact, over the years, many experts have stated that eBay and PayPal are the two most phished brands out there.

One thing not mentioned in the report is that people don't always get what was advertised on these sites. It isn't inconceivable that a complete fighter jet might be put up for sale, paid for and in the end a toy, or "nothing at all" is received by the buyer.

Trust me, this wouldn't be the first time something like this has happened on an auction site.

A lot of counterfeit (knock-off) merchandise is sold on the sites, advertised as the "real thing," also.

Our leaders in Congress reacted by calling Jim Buckmaster (Craigslist) and Tod Cohen (eBay) in to speak with them on the matter.

Anne Broache (CNet) writes:

By calling Craigslist CEO Jim Buckmaster and eBay government relations chief Tod Cohen to Washington for the hearing, the subcommittee seemed to be preparing to place those executives in the hot seat. But the tone of that questioning was actually quite cordial. At the end of the panel, Tierney even praised the companies for "trying very hard" to keep sensitive military goods off their sites and acknowledged the rules of the road aren't the most clear.

Based on her article, which reports that Buckmaster and Cohen were treated with "kid gloves" during the session, my prediction is that little is going to be done to regulate the sale of stolen goods on auction sites as a result of this.

Meanwhile, everyone running for office is saying they will be the one doing something about the problem of special interests in Washington.

On a closing note, I want to commend the GAO for their efforts to expose a problem. I'm just saying it's a shame that no one listened to what they were saying, very carefully.

HTML version of the GAO report, here.

PDF version, here.

OCCRP reports on Eastern European/Eurasian organized crime

(Photo courtesy of the OCCRP site)

Eastern European/Eurasian organized groups seem to have their hands in a wide variety of organized criminal activity. They are often mentioned when referring to anything from auction fraud to payment (credit/debit) card skimming and computer crimes.

eBay claims there are entire towns in Romania making a living via auction fraud on it's well known site.

A new site called the Organized Crime and Corruption Reporting Project has been launched by a group of journalists to cover this activity, which seems to have to have a global reach.

In their own words, here is their vision:

The Organized Crime and Corruption Reporting Project (OCCRP) is a joint program of the Center for Investigative Reporting in Sarajevo, Romanian Center for Investigative Journalism, Bulgarian Investigative Journalism Center, Media Focus, the Caucasus Media Investigation Center, Novaya Gazeta and a network of investigative journalists in Montenegro, Albania, Moldova, Ukraine, Macedonia and Georgia.

Our goal is to help the people of the region better understand how organized crime and corruption affect their lives. OCCRP seeks to provide in-depth investigative stories as well as the latest news pertaining to organized crime and corruption activities in the Eastern Europe and Eurasia. In addition to the stories, OCCRP is building an online resource center of documents related to organized crime including court records, laws, reports, studies, company records, etc that will be an invaluable resource center for the journalists and public alike.

The site has been given financial support by the Foundation Open Society Institute (FOSI) and the United Nations Democracy Fund.

Although many of the journalists aren't well known in Western Europe and North America, they have been recognized as putting out some award winning work:

Recently, the program’s first project on energy traders was awarded the Global Network of Investigative Journalists “Global Shining Light Award” for quality investigative journalism under adverse conditions. The project was done in cooperation with SCOOP.

Journalists who have participated in projects published on this website have included Stanimir Vaglenov, Alison Knezevich, Boris Mrkela, Sorin Ozon, Eldina Pleho, Beth Kampschror, Stefan Candea, Roman Shleynov, Mirsad Brkić, Michael Mehen, Mubarek Asani, Paul Cristian Radu, Milorad Ivanović, Vitalie Calugareanu, Vlad Lavrov, Michael Mehen and Altin Raxhimi. The Editors are Rosemary Armao, Paul Radu and Drew Sullivan.

The site covers a wide variety of organized criminal activity (besides what I mentioned above) coming out the the area. Some of these activities include narcoterrorism, illegal arms sales, shell companies and even tobacco smuggling.

Interestingly enough, by reading through the site, I discovered that organized crime even has it's hands in the energy business in the region.

This subject, or the underlying causes of it aren't covered in depth when we read about this phenomenon in the West. Normally, we hear rumors pointing to mysterious Eastern European gangs associated with a sophisticated scam that has surfaced in our own back yard.

In scam circles, some of these people are referred to as "Vlads," which refer to Vlad Tepes, who as the inspiration for the Dracula story. Recently, a person who goes by the name of "Vladuz" has given eBay and the authorities considerable grief when hacking into their system.

Given that this activity reaches far beyond Eastern Europe and Eurasia, this has always amazed me. If you live in any major city in North America or Western Europe, Eastern European/Eurasian organized crime groups are probably operating not very far from where you live.

As the site matures, my guess is that it will provide evidence to ties between these groups and terrorist organizations, also. In fact, if you read what is on the site, some of the evidence I mention is already being written about.

The OCCRP is an excellent and well-written resource for the lay person and professional writer to learn more about a problem, which has become International in nature. Furthermore, since it is written by journalists from the Region, it is a great research tool for anyone interested in the subject.

OCCRP site, here.

When will we realize how serious the problem of counterfeit devices has become?

On March 6th, Queens District Attorney, Richard Brown announced a series of indictments against a major counterfeiting ring. Although based in New York City, the group was operating nationwide. The ring was obtained skimmed card information from hackers in China. Subsequent news reports have stated that skimmed information was obtained from hackers in the Ukraine, also.

From the press release:

Queens District Attorney Richard A. Brown, joined by Police Commissioner Raymond W. Kelly, today announced that a forged credit card and identity theft ring based in Queens County and with roots in the Far East has been successfully dismantled following the indictment this week of thirty-eight individuals. The ring was allegedly responsible for stealing the personal credit information of scores of American consumers and costing these individuals, financial institutions and retail businesses more than $1 million in losses over the past year.

Counterfeit identification documents to match the counterfeit financial devices were being produced, also.

DA Brown explains why this is of greater concern than mere financial crime:

Many of the defendants charged today are accused of going on nationwide shopping sprees, purchasing tens of thousands of dollars worth of high-end electronics, handbags and jewelry with forged credit cards that contained the account information of unsuspecting consumers. Particularly disturbing is the fact that, in a number of cases, the defendants are charged with using bogus documents to purchase airline tickets and then using those documents as identification to board commercial aircraft. In the hands of terrorists such documents could have easily undermined the efforts of homeland security and other law enforcement officials intent on keeping our borders and citizens safe.

Given that the scope of this crime potentially crosses three continents, it probably demonstrates different organized crime groups are working together. The potential these items might be sold to people with twisted political and or religious motives isn't too far a stretch.

It has been reported that Al Qaeda training manuals teach their minions to use credit card fraud as a means of financing their activities.

I doubt if most of these criminals could care less, who they are selling them to. Even if they did, the full intent of the purchaser might not be readily apparent.

Suad Leija -- who has been providing information on a major counterfeiting cartel to the government -- says that this was the reason she turned on her family members running the cartel.

This latest example shows that despite a lot of focus on security to prevent terrorist attacks, counterfeit documents are a clear threat to all of us.

Prior to Suad turning against her family, her husband says he tried to get the cartel to let the government use their database as a tool to identify potential terrorists, who might have already crossed our border.

I'm sad to report that the database was never accessed and that the criminal case against the cartel is facing some serious challenges at the present time.

This series of indictments also shows how the Internet is being used to fence a lot of stolen merchandise. Normally, we hear about it happening on auction sites, such as eBay or Craigslist; however in this instance this group had an e-commerce website of their own. This website, Easttrades.com, is still up and running at the time I am writing this.

I decided to run the domain through "Whois" and it’s registered right here in the United States.

Maybe it’s just me, but it appears that we need to take the counterfeiting problem a little more seriously. They appear to be easy to produce and are available to too many people.

They are a gateway for criminals, or worse to commit all sorts of illegal activity. I would love to ask the political candidates running in the current election what they think about this problem.

Unfortunately, my guess is that no one is going to ask them and that this is an issue they would rather not talk about.

Queens District Attorney press release on this, here.

$500 reward for eBay pirates selling super cheap (counterfeit) software

The Software & Information Industry Association is willing to pay up to $500.00 to anyone, who inadvertantly buys pirated software off an auction site.

Software piracy is a huge problem. The International Anticounterfeiting Coalition estimates that counterfeiting is a $600 billion a year problem. They also estimate that the problem has grown 10,000 percent in the past two decades.

More specific to the counterfeit software part of the all of this was revealed in a Business Software Alliance (BSA) and IDA white paper released in May estimating the problem at $40 billion a year.

Pirated software might not work as well as it is supposed to and it might even contain malicious software, which is often referred to as crimeware. The person, who puts this on their system is likely to have all the personal and financial details stolen and become an identity theft statistic.

Microsoft has a site to help consumers identify counterfeit software. Earlier this month, they filed 52 lawsuits and referred 22 cases for criminal investigation based on an investigation -- jointly conducted with the FBI and Chineses authorities -- into a counterfeiting syndicate based out of China.

Microsoft has also worked with eBay and information is also available on their site on how to avoid buying counterfeit software, here.

A lot of pirated software is sold on auction sites. The Software & Information Industry Association (SIIA) has launched a campaign to go after this problem on auction sites because they believe a lot of auction consumers are being defrauded when pirated software is sold as the real McCoy.

From the SIIA press release on this campaign:

“The sale of pirated software doesn’t only hurt the software industry,” said Keith Kupferschmid, Senior VP Intellectual Property Policy & Enforcement. “It also hurts consumers. Consumers feel “taken” when they buy software, only to find out when it arrives that the software is a fake -- they did not get an instruction manual or can’t get support from the software company. The Don’t Get Mad, Get Even program is a way for unsuspecting buyers to get even with auction sellers who rip them off by selling them counterfeit software.”

SIIA press release on reward, here.

Counterfeiting is a huge problem which hurts economies (takes jobs) and funds organized criminal and some say (terrorist?) activity. It also puts the person, who inadvertantly buys it at a fair amount of personal risk. Everyone can help fight it by reporting it to the SIIA, or the other links I've included in this post.

Despite what some people believe, counterfeiting is far from a victimless crime!

SIIA home page, here.

BSA and IDA white paper on counterfeit software, here.

Counterfeit Visa Travelers Cheques in circulation!

Counterfeit financial instruments are circulated in a variety of Internet scams. The ploy is always to get someone to cash them and then wire the money back to the person behind the scam.

In the past couple of weeks, readers and other sources have brought to my attention that counterfeit Visa Travelers Cheques are in circulation.

Visa has provided resources to identify these instruments.

You can call them at 1-800-227-6811 to verify an item. This can also be done on-line, here.Visa also has a good interactive tool to identify the security features of the Visa Travelers Cheque, here.

The trick is to ALWAYS verify them before you negotiate them using your good name!

Some of the scams being used to trick people into cashing these items are known as work-at-home (job) scams, secret shopper, romance, lottery and auction scams.

A collective name for all of these scams that ask you to cash an item and send the money back to the scammer is called the advance fee (419) scam.

A lot of the sites dedicated to fighting scams are also seeing an alarming trend, which is that people are getting arrested for attempting to cash these items.

I recently had a conversation with the fine folks over at FraudAid about this trend.

A great (new) resource about all the counterfeit paper being circulated is FakeChecks.org.

People, who fall for these scams do so because they are lured with something that is too good to be true. The old saying is that if it is "too good to be true, it is NOT!"

Here are some other counterfeit instruments, I written about that are still in circulation:

Counterfeit MoneyGram Money Orders being passed via Internet Scams

Counterfeit Cashier's Checks Fuel Internet Crime

American Express Gift Cheques Being Circulated in Internet Scams

Counterfeit Postal Money Orders Showing Up in IScams Again

Here is a picture of counterfeit Visa Travelers Cheques that were sent to someone about a week ago. They were sent from the United Kingdom, however the scammer wanted the money wired to Nigeria.


(Photograph courtesy of Raleigh)

SIRAS offers guarantee that it will reduce retail crime

The reason SIRAS' product registration and smart return service perked my interest is because it protects people's privacy and is an effective means of reducing losses.

SIRAS tracks an inanimate object (merchandise) instead of a customer's personal information.

Now they are now offering a "guarantee" the technology will add dollars to a organization's bottom line by reducing fraudulent returns.

In their own words from the press release regarding this matter:

Electronic Product Registration, is putting its money where its mouth is with a unique Return On Investment (ROI) Guarantee for any company using SIRAS’s product registration and Smart Return service to manage their product returns and warrantees. The program, designed to eliminate any risk for companies interested in implementing SIRAS’s technology, guarantees that over the course of a year companies will save more money through deflected product returns than it spends in transaction fees.

In case you haven't had to refund any merchandise in a long time, most retailers require you to give them your personal statistics before they approve your return.

This information is all maintained in a database, where it might be exposed to a hacker, or probably more frequently, dishonest employee. Information is worth a lot of money to anyone, who knows where to sell it.

A dishonest Certegy employee recently got caught selling 8.5 million people's information to an undisclosed data-broker. Since the mysterious data-broker still hasn't been identified -- despite being listed as a co-conspirator in court filings -- we really aren't sure where these records went?

Certegy provides check verification services for a lot of merchants.

Personal and financial information is marketed in carder forums (chat rooms) on the Internet. Anonymous payment methods, such as wire transfers, PayPal and eGold add to the problem. They make it relatively easy to buy and sell stolen information.

It also isn't unknown for criminal organizations to plant, or recruit employees to steal information from within an organization.

The press release quotes Peter Junger (SIRAS CEO) as saying, "And in all cases, regardless of ROI, clients retain all of the valuable POS data collected."

This POS data also serves another important purpose. If the merchandise is found in a fencing operation, or on an auction site, it can still be tracked to the point-of-compromise.

This opens up opportunities to recover stolen merchandise and makes it more dangerous for the criminals fencing it.

Mesa Police Department tested these capabilities with SIRAS and FOX News did a story on it, which can be seen, here.

The technology, when deployed properly with a point-of-sale system can also identity fraudulent means of tender used to purchase merchandise.

SIRAS technology can be deployed by a merchant, or at the factory, itself.

They already makes their database available to law enforcement free-of-charge.

With all the identity theft and counterfeit ID available, using SIRAS reduces the possibility that an innocent customer will be wrongfully identified as an "undesirable" in a refund database.

Saying that, who knows how much of the information in these databases is one-hundred percent accurate anymore? With retail crime becoming more and more organized, the possibility exists that it is NOT.

One of the systems targeted in the TJX data-breach was their refund database. The information in this database is probably worth more than simple financial information because it contains the elements necessary to assume a person's identity.

It's relatively easy to shut down a bank account, or credit card number. Once a person's statistics are compromised, they can be at risk of identity theft for a long time.

Data breaches are becoming more expensive. TJX claimed a loss of $118 million in their second quarter earnings. Estimates vary widely on exactly how expensive data-breaches will become, but everyone agrees the cost of them is going up.

SIRAS seems more effective in resolving property crimes because it tracks the property, itself. It also protects customer privacy and protects a merchant from becoming the victim of a data-breach.

I doubt that SIRAS would make this guarantee if they weren't absolutely certain of the results. If they were wrong, I doubt they would be in business very long.

Press release from SIRAS, here.

Word of mouth is fraud's worst enemy!

FraudAid, a website dedicated to helping fraud victims has a saying, "Silence is fraud's best friend. Word of mouth is fraud's worst enemy. Pass the word!"

In a world, where fraud victims have a hard time getting anyone to even talk to them this saying makes a lot of sense.

FraudAid was conceived by a woman by the name of Annie McGuire, who fell victim to a fraud scheme, herself. Her personal story, which is told in great detail on the site proves that just about ANYONE can become a fraud victim.

In my personal dealings with victims, you would be surprised who has been scammed.

The problem is that most people -- especially those who think they should have known better -- rarely report that they have become a victim of fraud. FraudAid strives to educate all of us that the lack of communication enables fraudsters to victimize people (who if they have been made AWARE) might not be have been taken in by a fraud scheme.

Thus, the reason there seems to be so much fraud and the experts compiling all the statistics disagree on how much fraud exists. After all, "Silence is fraud's best friend."

The FTC just released their estimate of identity theft victims, which has raised a lot of speculation about how accurate their number is.

I have no doubt that the FTC did the best they could, but if fraud isn't reported, it's hard to quantify.

The FraudAid site is a wealth of information for someone, who is trying to seek help after becoming a victim. Of the greatest importance (in my opinion) is how to deal with the authorities.

One page on the site shows the average person how to write a narrative that will get the Police interested in going after your case.

It also goes into great detail on what law enforcement agency specializes in what type of fraud. This can be confusing for someone dealing with being victimized for the first time.

The site also addresses a growing phenomenon, which is how to avoid getting arrested after becoming a victim. With all the auction fraud and stolen financial information being sold wholesale, fraudsters have developed a need to launder the proceeds of their illicit transactions.

The way they do this is by tricking people to do it for them. This is accomplished by hiring them under "false pretenses" to negotiate all their illicit transactions and wire the money to them. This scam is often referred to as a work-at-home, job, or check-cashing scam.

Another variation, known as a reshipping-scam, tricks people into reshipping stolen merchandise.

In reality the victim is taking all the risk for the scammer -- and more and more often -- the rap for them when they get caught. Sadly enough, the end result is almost certain financial ruin and possibly being charged with a host of crimes including, check fraud, money laundering and receiving stolen goods.

Some of detailed information on the different scams that can be found on FraudAid include investment, Nigerian (419), sweetheart/romance, lottery sweepstakes, lottery, work-at-home, visa/green card, counterfeit check/money order and reshipping/package processing scams.

Also covered on the site is how to protect yourself and recover from identity theft. Many fraud victims later become a victim of identity theft when a fraudster sells all the information they've data-mined off them.

The site even contains information on child safety and human trafficking.

Backing all this up are a host of research tools for fraud, where to report it and how to take political action.

Annie is now backed up by a group of volunteers, one of whom, Karrie Brothers, assisted me with a lot of information on the current going-ons at FraudAid.

To grow this effort, Karrie and Annie are actively seeking volunteers to assist them. Being one of the few resources where a victim can turn to, they are getting a lot of business!

FraudAid gives a good explanation of why volunteers are needed and they are trying to grow their organization:

Fraud, by every measure, is one of biggest and fastest growing industries in the world.

One study values worldwide corporate fraud at over two trillion dollars. This is not counting consumer and Internet frauds for which there is no reliable assessment. Another study estimates that 6% of global product is laundered money.

The fraud industry is run by many, many skilled professionals. The anti-fraud industry is small and, by comparison, run by very few skilled professionals.

That's why if you have the skills you can make a real difference!

Fraud Aid, Inc. is a volunteer anti-fraud organization. We, as all other anti-fraud organizations, are out-numbered and need your help.

We have the frauds. Do you have the time?

To grow the organization, they are recruiting a wide range of volunteers with law enforcement, legal, IT and education experience. There are also opportunities for people with no experience, also.

Even if you think you are aware of all the fraud schemes out there, FraudAid is a great place to learn more about them. After all, if people weren't being taken in by the schemes, fraud would probably disappear pretty quickly!

If you want to learn more about FraudAid, the site can be seen, here.

Too good to be true employment opportunities

Patrick Jordan (Sunbelt blog) did a nice post about a huge problem that frequently occurs on the dark-side of the Internet.

The problem, I'm referring to is people being recruited (some might say duped) to assume the risk involved in collecting the proceeds of Internet crime.

With all the fraud occuring on auction and e-commerce sites -- criminals need a way to move they money they are stealing. This activity is often referred to as money laundering.

They accomplish this with money transfer scams, which are sometimes referred to as job scams.

These scams are nothing more than a way to trick people into negotiating bogus financial instruments, or launder the proceeds of auction fraud!

We've all probably seen a spam e-mail, or two (I get several daily) with job offers that seem a little too good to be true. Most of these jobs seek a financial representative to handle payments for a foreign company. In reality -- the person is moving stolen money overseas -- where it disappears into thin air.

Besides being offered in spam e-mails, people are also recruited off job sites and sometimes even from the classifed sections of newspapers and magazines.

A sister scam to money transfer scams is referred to as a reshipping scam. The difference is in this job a person reships hot merchandise (normally from auction sites) to their bosses.

In most of these scams, they prefer you use Western Union or MoneyGram to send them their money. Once the money is picked any efforts to recover it will most likely be useless. Please note that there are many e-cash venues that are used, also.

While these jobs might have fancy titles, a lot of people refer to someone doing this as a "mule."


(courtesy of mattcoz at Flickr)

In Patrick's post, he reveals another twist to this activity, which are websites set-up to make these jobs appear to be legitimate.

Here is a screen shot (courtesy of the Sunbelt blog) of the site Patrick discovered:



He also lists some other sites to avoid from the same IP in his post, which can be seen, here.

Most of these scams are pretty easy to discover because they are offering too much money for too little work.

These job offers are nothing more than a way for criminals to get other people to take all the risk, while they reap the rewards of their illegal efforts!

Besides facing almost certain financial ruin, some of these employees are ending up living in new digs:

Digital gangsters can buy everything they need to commit fraud right on the Internet!

There is a lot of technology with questionable applications being sold on the Internet. Of course, this is merely my opinion, but I have my reasons for believing this.

Robert McMillan, IDG News Service wrote an INTERESTING article about spyware being sold on eBay that has questionable applications.

From his article:

Think your wife may be cheating on you? Wondering who your boss might be talking to? "Learn the truth. Spy today."

So reads an ad for "Bluetooth Spy Pro-Edition," one of nearly 200 mobile phone spyware products currently listed for sale on eBay.

The software, which costs as little as US$3.99, can be used to view photographs, messages and files on the phone, listen into phone conversations, and even make calls from the phone being spied upon.

Security experts are concerned, because while these products aren't illegal, installing them without authorization to spy on someone else most definitely is.

Of course, eBay wasn't able to be reached for comment.

In August, I did a post called, Self service stamp machines targeted by credit card thieves. When writing it, I saw a quote that some of the stolen stamps were being sold on eBay and decided to see for myself. What I found was a lot of stamps for sale for what seemed to be too good to be true prices.

To be completely fair, eBay isn't the only one selling questionable merchandise on the Internet. The problem exists on auction sites in general and there are e-commerce companies that specialize in selling devices, which are marketed specifically as tools to violate other people's privacy.

In the wrong hands, these devices can be used for more sinister purposes, also.

A good example of this is keylogging software, which is is a favorite tool of cybercriminals to steal people's personal and financial information. Keylogging software is legal and easy to purchase in a variety of places, including the Internet.

Another example, which is similar to Robert McMillan's story concerns a company called FlexiSpy. I did a post on this company, who sells technology designed to spy on Smart Phone users.

In the post, I wrote:

There is already a lot of "buzz" that mobile phones, especially those of the smarter variety will be targeted for their "information value."

A product called "FlexiSPY" is being legally sold, which allows anyone (with the money to buy it) to invade the privacy of someone, who uses a smart phone.

Despite all the controversy at the time, FlexiSpy seems to be alive and selling their product to anyone with the money to buy it.

To end this post, I will refer to the worst site of this type (my opinion) out there. Hackershomepage.com is a one stop e-commerce shop selling technology and a host of manuals that could be used to commit a host of financial crimes.

I covered this website in a post entitled:

It is no wonder why skimming (credit/debit card fraud) is becoming a nasty problem!

Here is the websites legal disclaimer:

We WILL NOT answer emails from anyone asking about illegal activities, or how to use our products for illegal activities...they will automatically be deleted. All products are designed for testing and exploring the vulnerabilities of CUSTOMER-OWNED equipment, and no illegal use is encouraged or implied. We WILL NOT knowingly sell to anyone with the intent of using our products for illegal activities or uses. It is your responsibility to check the applicable laws in your city, state, and country.

Hackershomepage.com, who has the motto "they make it we break it" is up and running at the time of this writing and boasting they've been in business for eleven years.

While there might be legitimate uses for some of this technology being marketed on the Internet, you would think at the VERY least we might want to put a few controls on who it is being sold to?

When I say some of this technology MIGHT have legitimate uses, there is also some that I can think of no legitimate use for!

Unfortunately, until laws are enacted that hold the sellers accountable, little can be done about this.

One thing to remember is that even though the sellers aren't being held accountable, the buyers will be if they are caught using them in a manner deemed to be illegal. Just because it appears easy to buy doesn't mean that using it won't land a person in a lot of trouble.

It's safe to say that we could find people in correctional institutions that could attest to this fact.

IDG News Service story (courtesy of PC World), here.

eBay shoppers crack QVC fraud case

eBay and auction sites are found to have HOT merchandise being sold on them too frequently (my opinion). I ran across a story in the Register, written by Dan Goodin, where two eBay customers cracked a $412,000 fraud case being committed against QVC.

As reported by Dan Goodin:

A woman has pleaded guilty to fleecing the QVC home-shopping networking of more than $412,000 by exploiting a gaping hole in its website that allowed her to receive merchandise without paying for them.

Quantina Moore-Perry ordered handbags, jewelry and electronics and then immediately canceled the transactions. The flaw allowed the North Carolina woman to take delivery of more than 1,800 items without being billed. Moore-Perry would then sell the booty on eBay, according to the Associated Press, which cited authorities.

I wonder if QVC offered a reward to the two eBay shoppers, who discovered this flaw in their system?

This would also make me wonder if this woman was the only one who has defrauded QVC in this manner?

There is a lot of controversy surrounding the sale of stolen merchandise on eBay and other auction sites. I've heard that some companies now have a dedicated person in their security departments to watch these sites for stolen merchandise.

Register story, here.

For other posts, I've written concerning stolen merchandise on auction sites, click here.

How much money is lost by businesses due to coupon fraud?

Here is an interesting blurb about an Arby's employee, who stole $14,524 by using coupons to conceal the fact he was dipping into the till.

NBC10.com (Philadelphia) is reporting:

A fast-food restaurant employee was charged with theft after police said he was skimming the cash register by using coupons.

Curtis Smith, 32, of Coatesville, was an employee at the Arby's store located on Concord Pike for several years, police said.

Police said Smith used $1 off coupons at the register and would then take that money from the register. He obtained between $50 and $150 at a time, police said.

The investigation started because of declining revenues at the restaurant.

Coupon fraud can be a huge problem for companies, who use them as marketing tools. A few years ago, Subway discontinued a promotion because too many coupons were being reproduced and sold on auction sites.

CouponInfo.com has some pretty good descriptions of the types of coupon fraud going on out there. According to the site, there is even an underground market in counterfeit coupons.

They state that coupon fraud costs companies millions of dollars a year.

After reading this, I decided to go on eBay and see if I could find coupons for sale. After going to the site, I was able to find quite a selection. If you want to take a look, click here.

Because everyone always picks on eBay, I decided to see what Google had to say. After doing this, I was amazed at the market out there in selling coupons.

No wonder CouponInfo.com couldn't put an exact figure to the losses caused by coupon fraud. It would be pretty hard to figure out!

Going back to the story about the Arby employee, the article doesn't state where he got the $14,523 in coupons. Of course, it's hard to say, but it wouldn't be hard to find them by doing a little surfing on the Internet.

Maybe this is something that businesses, who issue and redeem coupons should watch a little more carefully?

NBC.com story, here.

The continuing saga of Vladuz and Phishing on eBay

Here is an update to the ongoing saga of Vladuz versus eBay. Apparently, Vladuz, or someone claiming to be him, accessed eBay's servers and suspended some eBay accounts.

Ina Steiner reports on the AuctionBytes blog:

eBay confirmed that a known fraudster had limited access to a very small number of eBay accounts on the eBay.com site and the company appeared to have reacted quickly to block him on Friday. eBay spokesperson Nichola Sharpe said, "At no point did the fraudster get any access to financial information or other sensitive information." In a strange twist, some users reporting the incident said they had been openly critical of a hacker calling himself Vladuz and had been suspended briefly during the incident.

It is strange that some of the people suspended were openly critical of Vladuz?

Notably, this is the first time eBay has admitted Vladuz accessed their servers.

In another development, eBay, PayPal and Yahoo are joining forces to combat phishing. Phishing is a phenomenon that has caused a lot of eBay and PayPal account holders a lot of grief. Experts maintain that eBay and PayPal are the two most phished brands out there.

Phishing is where an account holder is duped into giving up their access information via social engineering (trickery).

The intent of the phishermen, who target eBay/PayPal accounts is normally to take the account over and commit even more fraud.

This activity gets more sophisticated all the time with crimeware (malware) being used (which steals the information automatically), and DIY (do-it-yourself) phishing and hacking kits being marketed in underground Internet forums.

Reuters, courtesy of the Washington Post is reporting:

EBay and PayPal have upgraded their computer systems to support an emerging technology standard known as DomainKeys invented by Yahoo that authenticates e-mail senders are who they say they are, allowing Yahoo to block fake e-mails.

The technology upgrade will be made available to Yahoo Mail users worldwide over the next several weeks, the company said.

If you are interested in how bad the phishing phenomenon is getting, the National Consumers League has a very well written and informative paper on the subject, here.

They also have an interesting document, which although is a little dated, shows the increase in auction fraud and calls out that eBay severed their ties with them.

It should be noted that auction fraud doesn't only occur on eBay. It can and does happen on all the auction sites. The reason we hear more about it on eBay is because they are the used by more people than the other sites.

For the scammers that means there are more potential victims to harvest there.

NCL article on auction fraud, here.

AuctionBytes blog post on this, here.

Reuters story on eBay/PayPal's efforts to combat phishing, here.

Here is my most recent post about Vladuz allegedly raising his head again:

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?

eBay responds to the alleged Vladuz hacking incident

eBay is responding to the latest (alleged) attack on their site by Vladuz by confirming that the account information was valid, however the credit card numbers were not.

Here is what the Chatter (eBay's blog team) has to say regarding their investigation:

I've been in touch with our operations and security teams, and I have more information I can share with you about yesterday's incident on the Trust & Safety discussion forum. In brief, very early yesterday morning, a fraudster posted contact information and alleged credit card numbers for about 1,200 members on our Trust & Safety discussion forum on eBay.com.

While the issue was very unfortunate, it was clearly falsified to cause public concern. Early on eBay's teams verified that the credit card "data" did not match anything on file for these members on eBay or PayPal. After more investigation, including phone conversations with many of the members, it appears that these numbers were not valid at all.

Each of these accounts was the victim of an Account Take Over, most likely through a successful phishing campaign. eBay has been in contact by phone with many of these members, and there is a My Messages email going out to impacted accounts to further our reach.

1200 successful account-takeovers is a fairly large asset for a criminal to part with, even if the credit card numbers were no good. In the hand of the wrong people, 1200 eBay and PayPal accounts can be used to commit a lot of crime.

Here is a description of how account-takeovers are sometimes used from my original post on this latest incident:

Account-takeovers enable criminals to scam others, using someone else's information. They can also be used to fence (sell) stolen merchandise with a high degree of anonymity. It should also be noted that stolen payment (credit/debit) card details are often used to purchase the merchandise, which is then fenced.

To cover their tracks, the scammers often dupe people into laundering the proceeds of these sales in work-at-home (job) scams and wiring the money, normally across a border.

Although eBay is stating that the credit card numbers in this case were no good, they are for sale, along with account-takeover information on the Internet. Because this information is sold over the Internet, the criminals are able to buy and sell this information (globally) without ever actually meeting each other in person.

As I stated in my earlier post, phishing is a method, where a lot of personal and financial information is stolen, also.

Thus far, all anyone can do is speculate as to how the accounts were compromised. It will be interesting to see if anyone gets to the bottom of what actually occurred.

The Anti-Phishing Working Group tracks phishing activity and many experts claim that eBay and PayPal are the most frequently phished brands. They also have some excellent information on how to avoid being a victim and what to do if you think you've become one.

Auction fraud doesn't only occur on eBay and can happen on any of the auction sites out there. The criminals behind this activity tend to go after what is the most popular, which probably has more to do with why they target eBay than anything else.

If you get phishy e-mails that ask you to provide your eBay, or PayPal account numbers, the Chatter recommends you report them to spoof@ebay.com or spoof@paypal.com. They also recommend to go to their Security & Resolution Center if you encounter a problem.

Another place to report phishy e-mails is CastleCop's PIRT Phishing Incident Reporting and Termination Squad. Please note you can also report this activity on the Anti-Phishing Working Group's site, also.

Reporting a phishing attempt might prevent someone else from becoming a victim. Sadly enough, if you have an e-mail address, you probably see phishing attempts on a daily basis.

Post from the Chatter, here.

Self service stamp machines targeted by credit card thieves

Photo courtesy of Leff at Flickr

New scams are invented daily. Here is one, where self-service stamp machines (the kind that accept payment cards) are being targeted at Post Offices.

David Bowermaster at the Seattle Times is reporting:

In mid-July, three men left their homes near Los Angeles and traveled to Seattle to buy postage stamps.

But these were no ordinary collectors. Armed with at least 27 stolen credit-card numbers, federal prosecutors say, Artem Danilov, Stephan Melkonyan and Karapet Kankanian fraudulently purchased more than 3,200 books of stamps worth nearly $24,000 from Seattle-area post offices in just more than a week. A federal grand jury Thursday charged the men with an assortment of crimes.

Following a pattern that Postal Service investigators have uncovered in at least five Western states, the men made mass purchases of stamps after normal working hours from automated postal machines, which are accessible 24 hours a day in the lobbies of many post offices around the country, prosecutors allege.

While these three were caught (two Russians and an Armenian), it appears this activity has been occurring throughout the Western United States.

The illegal stamp-buying scheme appears to be a novel breed of identity theft, one that blends high-tech thievery, online commerce and the retro currency of the U.S. mail.

James Vach, a spokesman for the U.S. Postal Inspection Service in Seattle, said investigators first encountered a wave of fraudulent stamp buys in the Los Angeles area late last year.

Since then, the Postal Service has uncovered illegal stamp-buying schemes in Washington, Oregon, Arizona and Colorado.

The Postal Inspectors suspect a larger ring is involved and some of the stolen credit card numbers used have been traced to a car wash in Southern California.

According to the article, here is how the suspects were using the stolen credit card numbers:

Danilov, Melkonyan and Kankanian allegedly used a credit-card reader to embed the stolen credit-card numbers onto the magnetic strips of gift cards from a variety of retailers, Brown said, a process that allows the gift cards to function like credit cards.

They then used the adulterated gift cards to repeatedly buy books of stamps from postage machines in one post office after another. Customers used to be able to buy dozens of books of stamps per transaction from the automated postage machines, but the Postal Service has since limited the number to try to fight such fraud.

Although the authorities don't know where all the stamps were being sold, according to a assistant U.S. Attorney, some of them are being fenced on eBay.

A lot of stolen merchandise is fenced on eBay and other auction sites. A lot of this stolen merchandise is purchased with fraudulent credit/debit card information.

Out of curiousity, I decided to see if new stamps (the kind used for postage) could be found on eBay. Amazingly enough, I found what I consider a large selection with offers of free shipping and discounted prices. What I found can be seen, here.

Of course, at a glance, it can be hard to tell what is legitimate and what is not on an auction site.

A lot of stolen gift cards (used in this instance to clone the cards used) are also fenced on auction sites. I wonder if the value on them had already been used, or if our suspects lifted them at a retailer before a dollar value was loaded on them at a point-of-sale (register)?

Seattle Times story, here.

If you spot this type of activity during a visit to the Post Office, you can report it to the Postal Inspectors, here.

Although two of the suspects apprehended were Russian, the U.S. resident was an Armenian from Southern California. Recently, Armenians (from Southern California) have been tied into similar type activity. The previous posts, I've done on these stories can be seen, here.

If your car gets stolen, eBay might be a good place to look for it!

If your car was recently stolen, it might be a good idea to check out the listings on eBay, according to Dariusz Grabowski, a.k.a (also known as) as the "eBay king of stolen cars."

Rick Hepp at the Star-Ledger reports:

Grabowski and his crew would buy junked or damaged vehicles at auctions and look for similar newer cars to steal. Once they found a car they wanted, they would get its vehicle identification number, usually found in sales ads or right on the car's windshield.

Today's newer car keys can only be duplicated if their computer chips are programmed according to the vehicle identification numbers. Car owners who lose their keys and want duplicates generally go to locksmiths who program the new keys by getting "key codes" from database companies hired by auto manufacturers.

Posing as a locksmith, Grabowski got these codes from the database companies and then made brand new keys. His crew took the keys and simply drove off with the cars.

Before selling the cars, they made them look legitimate by switching the vehicle identification numbers with the ID numbers of the junked cars they had bought.

Grabowski learned how to do all of this by surfing websites that provide technical assistance to locksmiths, and interestingly enough, buying any hardware he needed, on eBay:

You go online, you find anything you need," Grabowski told the investigators in the videotaped interview. "You can go on eBay at this point and purchase any of the equipment you need. Of course, I might pick this up easier than other people.

From there, Grabowski got a business license, which he made on a computer "real quick" and lavished special attention on a female owner of a company licensed to provide locksmiths with the necessary code to clone keys.

Grabowski and crew have all been convicted, but their victims are still paying the price for their misdeeds. New Jersey State Investigator, Jeffrey Lorman was quoted in the article as saying:

The buyers were happy with the cars, they got a great deal. Then we found out about Dariusz and the stolen cars were recovered. Some of these people are still paying for cars they no longer have.

The article mentioned that Grabowski was affiliated with a lot of other Polish nationals, involved in the business of stealing cars, also.

Our friend Dariusz, might or might not be the eBay king of stolen cars. If he is, he isn't alone, at least according to Google. A simple Google search reveals a large amount of information related to scams involving automobiles on eBay, here.

Fraud, Phishing and Financial Misdeeds a.k.a. (sometimes) FraudWar has a lot of information on auction fraud (if anyone is interested), here.

My advice is to be extremely cautious when buying a car on an auction site! If you choose to be cautious a good place to perform due diligence is CarBuyingTips.com, which can be seen, here.

The word is caveat emptor, latin for "buyer beware."

Star-Ledger article, here.

Scambusters predicts a lot of scammers will use the iPhone as a lure to steal money

IPhone picture, already up on eBay, at the time I posted this. It comes from an offer to become a iPhone distributor.

Scambusters.org did a thoughtful article on the iPhone, and how, scammers will probably take advantage of the situation.

After reading Audrey and Jim's well though-out predictions, I'm going to opt to share their sage advice.

In Audrey and Jim's own words:

Apple's iPhone is one of the most anticipated -- and hyped -- products ever. And with any huge product launch, the scammers come out in droves. So, if you want to make sure you don't get ripped off, you've come to the right place.

For Scambuster.org's sage predictions, link here.

I've written a lot about auction fraud, which is where we will probably see a lot of these scams surface, here.

A good place to look at iPhones is the Apple store. You can go to their site, here.

From what I hear, discount iPhones will not be available for awhile!

A too good to be true deal on a iPhone, probably IS NOT a real deal!