Entries Tagged "fraud"

Page 19 of 35

Google Maps Spam

There are zillions of locksmiths in New York City.

Not really; this is the latest attempt by phony locksmiths to steer business to themselves:

This is one of the scary parts they have a near monopoly on the cell phone 411 system. They have filled the data bases with so many phony address listings in most major citys that when you call 411 on your cell phone ( which most people do now) you will get the same counterfiet locksmiths over and over again. you could ask for 10 listings and they will all be one of these scammers or another with some local adress that is phony. they use thousands of different names also. It is always the same 55.00 service qouted for a lockout and after they unlock your stuff the price goes much higher. These companys are really not in the rural areas but the are in just about all major citys from coast to coast and from top to bottom. [sic]

More here:

Google wasn’t their first target. The “blackhats” in the industry have used whatever marketing vehicle was “au courant,” whether it was the phone books, 411 or now Google and Yahoo.

Here is a BBB alert from 2007, BBB Warns Consumers of Nationwide Locksmith Swindle and a recent ABC news article and video. The Associated Locksmiths of America provides a list of over 110 news reports over the past several years from across the nation detailing the abuses. As you can see, consumers have paid the price of these many scams with high prices, rip-off installs and even theft.

Posted on March 11, 2009 at 12:38 PM

The Techniques for Distributing Child Porn

Fascinating history of an illegal industry:

Today’s schemes are technologically very demanding and extremely complex. It starts with the renting of computer servers in several countries. First the Carders are active to obtain the credit cards and client identities wrongfully. These data are then passed to the falsifiers who manufacture wonderful official documents so that they can be used to identify oneself. These identities and credit card infos are then sold as credit card kits to operators. There is still an alternative where no credit card is needed: in the U.S. one can buy so-called Visa or MasterCard gift cards. However, these with a certain amount of money charged Visa or MasterCard cards usually only usable in the U.S.. Since this anonymous gift cards to buy, these are used to over the Internet with fake identities to pay. Using a false identity and well-functioning credit card servers are then rented and domains purchased as an existing, unsuspecting person. Most of the time an ID is required and in that case they will simply send a forged document. There is yet another alternative: a payment system called WebMoney (webmoney.ru) that is in Eastern Europe as widespread as PayPal in Western Europe. Again, accounts are opened with false identities. Then the business is very simple in Eastern Europe: one buys domains and rents servers via WebMoney and uses it to pay.

As soon as the server is available, a qualified server admin connects to it via a chain of servers in various countries with the help of SSH on the new server. Today complete partitions are encrypted with TrueCrypt and all of the operating system logs are turned off. Because people consider the servers in Germany very reliable, fast and inexpensive, these are usually configured as HIDDEN CONTENT SERVERS. In other words, all the illegal files such as pictures, videos, etc. are uploaded on these servers – naturally via various proxies (and since you are still wondering what these proxies can be – I’ll explain that later). These servers are using firewalls, completely sealed and made inaccessible except by a few servers all over the world – so-called PROXY SERVERs or FORWARD SERVERs. If the server is shut down or Someone logs in from the console, the TrueCrypt partition is unmounted. Just as was done on the content servers, logs are turned off and TrueCrypt is installed on the so-called proxy servers or forward servers. The Russians have developed very clever software that can be used as a proxy server (in addition to the possibilities of SSL tunneling and IP Forwarding). These proxy servers accept incoming connections from the retail customers and route them to the content Servers in Germany – COMPLETELY ANONYMOUSLY AND UNIDENTIFIABLY. The communication link can even be configured to be encrypted. Result: the server in Germany ATTRACTS NO ATTENTION AND STAYS COMPLETELY ANONYMOUS because its IP is not used by anyone except for the proxy server that uses it to route the traffic back and forth through a tunnel – using similar technology as is used with large enterprise VPNs. I stress that these proxy servers are everywhere in the world and only consume a lot of traffic, have no special demands, and above all are completely empty.

Networks of servers around the world are also used at the DNS level. The DNS has many special features: the refresh times have a TTL (Time To Live) of approximately 10 minutes, the entries usually have multiple IP entries in the round robin procedure at each request and rotate the visitor to any of the forward proxy servers. But what is special are the different zones of the DNS linked with extensive GeoIP databases … Way, there are pedophiles in authorities and hosting providers, allowing the Russian server administrators access to valuable information about IP blocks etc. that can be used in conjuction with the DNA. Each one who has little technical knowledge will understabd the importance and implications of this… But what I have to report to you is much more significant than this, and maybe they will finally understand to what extent the public is cheated by the greedy politicians who CANNOT DO ANYTHING against child pornography but use it as a means to justify total monitoring.

Posted on March 11, 2009 at 5:49 AMView Comments

New eBay Fraud

Here’s a clever attack, exploiting relative delays in eBay, PayPal, and UPS shipping:

The buyer reported the item as “destroyed” and demanded and got a refund from Paypal. When the buyer shipped it back to Chad and he opened it, he found there was nothing wrong with it—except that the scammer had removed the memory, processor and hard drive. Now Chad is out $500 and left with a shell of a computer, and since the item was “received” Paypal won’t do anything.

Very clever. The seller accepted the return from UPS after a visual inspection, so UPS considered the matter closed. PayPal and eBay both considered the matter closed. if the amount was large enough, the seller could sue, but how could he prove that the computer was functional when he sold it?

It seems to me that the only way to solve this is for PayPal to not process refunds until the seller confirms what he received back is the same as what he shipped. Yes, then the seller could commit similar fraud, but sellers (certainly professional ones) have a greater reputational risk.

Posted on March 6, 2009 at 1:30 PM

More European Chip and Pin Insecurity

Optimised to Fail: Card Readers for Online Banking,” by Saar Drimer, Steven J. Murdoch, and Ross Anderson.

Abstract

The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer’s debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous weaknesses that are due to design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm.

EDITED TO ADD (3/12): More info.

Posted on March 5, 2009 at 12:45 PMView Comments

In-Person Credit Card Scam

Surely this isn’t new:

Suspects entered the business, selected merchandise worth almost $8,000. They handed a credit card with no financial backing to the clerk which when swiped was rejected by the cash register’s computer. The suspects then informed the clerk that this rejection was expected and to contact the credit card company by phone to receive a payment approval confirmation code. The clerk was then given a number to call which was answered by another person in the scam who approved the purchase and gave a bogus confirmation number. The suspects then left the store with the unpaid for merchandise.

Anyone reading this blog would know enough not to call a number given to you by the potential purchaser, but presumably many store clerks don’t have good security sense.

Posted on January 19, 2009 at 1:23 PMView Comments

Allocating Resources: Financial Fraud vs. Terrorism

Interesting trade-off:

The FBI has been forced to transfer agents from its counter-terrorism divisions to work on Bernard Madoff’s alleged $50 billion fraud scheme as victims of the biggest scam in the world continue to emerge.

The Freakonomics blog discusses this:

This might lead you to ask an obvious counter-question: Has the anti-terror enforcement since 9/11 in the U.S. helped fuel the financial meltdown? That is, has the diversion of resources, personnel, and mindshare toward preventing future terrorist attacks—including, you’d have to say, the wars in Afghanistan and Iraq—contributed to a sloppy stewardship of the financial industry?

It quotes a New York Times article:

Federal officials are bringing far fewer prosecutions as a result of fraudulent stock schemes than they did eight years ago, according to new data, raising further questions about whether the Bush administration has been too lax in policing Wall Street.

Legal and financial experts say that a loosening of enforcement measures, cutbacks in staffing at the Securities and Exchange Commission, and a shift in resources toward terrorism at the F.B.I. have combined to make the federal government something of a paper tiger in investigating securities crimes.

We’ve seen this problem over and over again when it comes to counterterrorism: in an effort to defend against the rare threats, we make ourselves more vulnerable to the common threats.

Posted on January 9, 2009 at 6:54 AMView Comments

Brazilian Logging Firms Hire Hackers to Modify Logging Limits

Interesting:

Some Brazilian states used a computerised allocation system to levy how much timber can be logged in each area. However, logging firms attempted to subvert these controls by hiring hackers to break systems and increase the companies’ allocations.

Greenpeace reckons these types of computer swindles were responsible for the excess export of 1.7 million cubic metres of timber (or enough for 780 Olympic-sized swimming pools, as the group helpfully points out) before police broke up the scam last year. Brazilian authorities are suing logging firms for 2 billion reais (US$833m).

Posted on December 17, 2008 at 11:52 AMView Comments

How to Steal the Empire State Building

A reporter managed to file legal papers, transferring ownership of the Empire State Building to himself. Yes, it’s a stunt:

The office of the city register, upon receipt of the phony documents prepared by the newspaper, transferred ownership of the 102-story building from Empire State Land Associates to Nelots Properties, LLC. Nelots is “stolen” spelled backward.

To further enhance the absurdity of the heist, included on the bogus paperwork were original “King Kong” star Fay Wray as witness and Willie Sutton, the notorious bank robber, as the notary.

Still, this sort of thing has been used to commit fraud in the past, and will continue to be a source of fraud in the future. The problem is that there isn’t enough integrity checking to ensure that the person who is “selling” the real estate is actually the person who owns it.

Posted on December 15, 2008 at 12:23 PMView Comments

Tourist Scams

Interesting list of tourist scams:

I have only heard of this happening in Spain on the Costa del Sol, but it could happen anywhere. This scam depends on you paying a restaurant/bar bill in cash, usually with a €50 note. The waiter will take your payment, then return shortly after, apologetically telling you that the note is a fake and that you need to pay again. He will return the “fake” bill to you, and any change you’re due. Of course, you gave him a REAL note, he gave you a FAKE note, and you gave him a second real note, so you paid €100 for a €50 meal. What I do now is write unobtrusively on all large notes I get, so I can challenge them if it happens to me.

Posted on December 8, 2008 at 6:54 AMView Comments

Who Falls for those Nigerian 419 Scams Anyway?

This is the story of a woman who sent the scammers $400K:

She wiped out her husband’s retirement account, mortgaged the house and took a lien out on the family car. Both were already paid for.

For more than two years, Spears sent tens and hundreds of thousands of dollars. Everyone she knew, including law enforcement officials, her family and bank officials, told her to stop, that it was all a scam. She persisted.

Spears said she kept sending money because the scammers kept telling her that the next payment would be the last one, that the big money was inbound. Spears said she became obsessed with getting paid.

An undercover investigator who worked on the case said greed helped blind Spears to the reality of the situation, which he called the worst example of the scam he’s ever seen.

EDITED TO ADD (12/13): More about the story.

Posted on December 3, 2008 at 8:20 AMView Comments

1 17 18 19 20 21 35

Sidebar photo of Bruce Schneier by Joe MacInnis.