Entries Tagged "scams"

Page 9 of 12

Can Smuggling in the U.S.

The U.S. has a patchwork of deposit laws on soft drink bottles and cans. Most states have no deposit, but some states — Michigan, for example — have deposits. The cans are the same, so you can make ten cents by buying a can in one state and then returning it for the deposit in Michigan.

Ten people have been arrested for making more than $500,000 doing this:

They ran grocery stores such as Save Plus Superstore in Pontiac, The Larosa Market In Sylvan Lake and Value Foods in Ypsilanti, police also raided The Farmer John, Savemart Food Center and the Americana foods, all three in Detroit.

Investigators alleged that millions of non-redeemable out-of-state cans were collected, crushed, packaged in plastic bags and sold at a discount to merchants who then redeemed them.

Bulk redemption payments from the state are based on weight.

Nice arbitrage scam.

Posted on September 28, 2007 at 10:15 AMView Comments

How to Get Free Food at a Fast-Food Drive-In

It’s easy. Find a fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. This won’t work at the more-common U.S. configuration: a microphone where you order, and a single window where you both pay for and receive your food. The video demonstrates the attack at a McDonald’s in — I assume — France.

Wait until there is someone behind you and someone in front of you. Don’t order anything at the first window. Tell the clerk that you forgot your money and didn’t order anything. Then drive to the second window, and take the food that the person behind you ordered.

It’s a clever exploit. Basically, it’s a synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.

It’s relatively easy to fix. The restaurant could give the customer a numbered token upon ordering and paying, which he would redeem at the next window for his food. Or the second window could demand to see the receipt. Or the two windows could talk to each other more, maybe by putting information about the car and driver into the computer. But, of course, these security solutions reduce the system’s optimization.

So if not a lot of people do this, the vulnerability will remain open.

EDITED TO ADD (9/20): The video has been removed from YouTube. It’s available here.

Posted on September 10, 2007 at 6:27 AMView Comments

Poodle Identity Theft

Weird:

Lynne Day said Afonwen Welch Fusilier — or Blue, for short — was targeted after his pedigree details were accidentally posted online.

A suspected conman has been passing Blue off as his own, claiming the dog has given birth to pups which he tries to sell to unsuspecting customers.

Posted on July 27, 2007 at 6:14 AMView Comments

Weird Lottery Hack

This is a weird story:

On January 4, 2005 Dr Lee and Ms Day presented their Lotto ticket at the World Square Newsagency Bookshop. A friend took their photo with the ticket before they handed it in and filled in a claim form.

After the transaction, the employee who had served them, Chrishartato Ongkoputra, known as Chris Ong, substituted their claim form for one of his own. He then sent his form, and their winning ticket, to NSW Lotteries.

“The stars really aligned for him,” said the barrister James Stevenson, SC, who is representing newsagents Michael Pavellis and his partner Sheila Urech-Tan.

Mr Ong knew that NSW Lotteries would not pay out for 14 days. He told his boss he was having visa problems and needed to return temporarily to Indonesia. He gambled that the backpackers would not chase up their win until after he had left the country.

Gutsy.

Posted on May 7, 2007 at 11:07 AMView Comments

Top 10 Internet Crimes of 2006

According to the Internet Crime Complaint Center and reported in U.S. News and World Report, auction fraud and non-delivery of items purchased are far and away the most common Internet crimes. Identity theft is way down near the bottom.

Although the number of complaints last year­207,492­fell by 10 percent, the overall losses hit a record $198 million. By far the most reported crime: Internet auction fraud, garnering 45 percent of all complaints. Also big was nondelivery of merchandise or payment, which notched second at 19 percent. The biggest money losers: those omnipresent Nigerian scam letters, which fleeced victims on average of $5,100 ­followed by check fraud at $3,744 and investment fraud at $2,694.

[…]

The feds caution that these figures don’t represent a scientific sample of just how much Net crime is out there. They note, for example, that the high number of auction fraud complaints is due, in part, to eBay and other big E-commerce outfits offering customers direct links to the IC3 website. And it’s tough to measure what may be the Web’s biggest scourge, child porn, simply by complaints. Still, the survey is a useful snapshot, even if it tells us what we already know: that the Internet, like the rest of life, is full of bad guys. Caveat emptor.

Posted on April 24, 2007 at 12:25 PMView Comments

Hacking the U.S. Post Office

This is clever:

Many USA ecommerce shops don’t send their goods to Russia or to the countries of the Ex-USSR.

Some shops send but delivery costs differ greatly from the homeland ones, they are usually much bigger.

So what did some Russians invented? They got a way to fool the delivery.

It’s no secret that many bigger shops use electronic systems processing orders. So in order to see if this address is in USA or Canada it uses ZIP code, state or province name and words “USA” or “CANADA”.

So what was possible to do is to put totally Russian address in the order delivery form, like: Moscow, Lenin St. 20, Russia in the address fields, usually there is a plenty of space to enter long things like this, and in the field country they put Canada in the field ZIP code ­ Canadian zip code.

What happens next? The parcel travels to Canada, to the area to which the specified ZIP code belongs and there postal workers just see it’s not a Canadian address but Russian. They consider it to be some sort of mistake and forward it further, to Russia.

Posted on April 23, 2007 at 1:00 PMView Comments

Story of a Credit Card Fraudster

A twopart story from The Guardian: an excerpt from Other People’s Money: The Rise And Fall Of Britain’s Most Audacious Credit Card Fraudster.

The first time I did the WTS, it was on a man from London who was staying in a £400 hotel room in Glasgow. I used my hotel phone trick to get his card and personal information — fortunately, he was a trusting individual. I then called his card company and explained that I was the gentleman concerned, in Glasgow on business, and had suffered the theft of my wallet and passport. I was understandably distraught, lying on my bed in Battlefield and speaking quietly so my parents couldn’t hear, and wondered what the company suggested I do. The sympathetic woman at the other end proposed I take a cash advance set against my account, which they could have ready for collection within a couple of hours at a wire transfer operator.

Posted on April 4, 2007 at 6:25 AMView Comments

Social Engineering Diamond Theft

Nice story:

In what may be the biggest robbery committed by one person, the conman burgled safety deposit boxes at an ABN Amro bank in Antwerp’s diamond quarter, stealing gems weighing 120,000 carats. Posing as a successful businessman, the thief visited the bank frequently, befriending staff and gradually winning their confidence. He even brought them chocolates, according to one diamond industry official.

[…]

Mr Claes said of the thief: “He used no violence. He used one weapon — and that is his charm — to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were.

“You can have all the safety and security you want, but if someone uses their charm to mislead people it won’t help.”

People are the weakest security link, almost always.

Posted on March 19, 2007 at 3:42 PMView Comments

Huge Online Bank Heist

Wow:

Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona — up to £580,000 — in what security company McAfee is describing as the “biggest ever” online bank heist.

Over the last 15 months, Nordea customers have been targeted by emails containing a tailormade Trojan, said the bank.

Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved.

This is my favorite line:

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea security procedures.

Um…hello? Are you an idiot, or what?

Posted on January 23, 2007 at 12:54 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.