Archive for the ‘Financial Scams’ Category

The New Face of Phishing

Tuesday, August 17th, 2010

In the past six months,  a dangerous new threat has emerged in the world of internet phishing. Many of us have often laughed at the crude and poorly crafted phishing explorations that often invade our in-box.

Lest any of us fall asleep at the wheel thinking we are already hip to the rather primitive  phishing tactics of the past, this one could easily  catch you in it’s insidious hooks if you don’t read on.

Known as “tabnapping”, this ploy is designed to psych you out with a behind-the-back switcheroo that literally kidnaps  open tabs and catches most savvy observers by surprise. Using an almost invisible layer of embedded JavaScript, here’s how it works.

Brian Krebs explains:

” As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.”

In as little as five seconds, a tabbed page silently and almost invisibly changes to a seemingly familiar page (including the cute little “favicon” in the address bar) which requires you to re-enter your log-in credentials. As soon as you enter your private details,  both you and your personal information  have literally been “had”.

The best defense against this tricky new tactic is to take a time-out. What that means is whenever a site you visit “times-out” , you should take some time-out of your browsing frenzy to open a new tab and re-enter the desired URL yourself.

Most browsers including Safari, Chrome,  Firefox and Internet Explorer claim to be on the lookout for you by blocking tabnapping attack code. Researchers and hackers have both been able to sidestep many of the current blocking protections,  leaving most browsers vulnerable.

Safety dictates that you don’t log in on any tab that you  have not opened yourself. Get into the habit of opening fresh tabs whenever you enter a user-name or password.

If you forget to refresh previously opened and familiar log in pages, one day soon you could literally open up a fresh can of worms.

Posted in Data security, Financial Scams, Internet, Phishing | 1 Comment »

New “Data Passing” Scams Exposed

Thursday, July 1st, 2010

What do online companies like Orbitz, Priceline and Travelocity have in common?

Nope, guess again.

All three have found themselves  in the middle of complaints about dubious business practices. The behavior in question has recently been investigated by the Federal Trade Commission on behalf of boatloads of victimized consumers.

The scam here,  refers to the practice of sharing or “passing” credit card information over to a third party at the end of a transaction without the knowledge or explicit consent of the buyer.

The retailers deny any wrongdoing.

The practice known as “Data Passing” or “Pre-Acquired Account Marketing” was the subject of a high profile, year-long investigation by the Senate Commerce Committee according to a June 22, 2010 article in the Washington Post.

According to published reports:

“In May 2009, Chairman Rockefeller launched an investigation into a set of controversial e-commerce business practices that have generated high volumes of consumer complaints. Since that time, Commerce Committee staff has been investigating three Connecticut-based direct marketing companies – Affinion, Vertrue, and Webloyalty – as well as the hundreds of online websites and retailers that partner with these three companies to sell club memberships to online shoppers. Although this investigation is not yet complete, it is clear at this point that these three companies use highly aggressive sales tactics to charge millions of American consumers for services the consumers do not want and do not understand they have purchased.”

Bob Sullivan from MSNBC.com  also reported that the problem has triggered an astounding $ 1.4 billion in unauthorized charges onto the credit card bills of  30 million Americans.

Senate investigators revealed that this practice was used by over 450 e-commerce websites and retailers. Many of the names on the list are well-known and respected companies who got around existing data-privacy and banking rules by forming partnerships and joint ventures with third parties.

Credit card issuer Visa, has taken a stand and no longer allows merchants to use the so-called “Data-Pass Marketing” on their network.

Despite Visa’s policy and after more than $1 billion dollars in “aggressive and potentially deceptive” sales tactics,  I think it would be fair to complain that the horse is already out of the barn.

Posted in Credit card fraud, Federal Government, Financial Scams | No Comments »

Haitian Disaster Scammers Target Donors

Saturday, January 16th, 2010

Hands of HaitiAs Americans and the world respond to the urgent needs of the Haitian people, the dark deeds of evil people surface yet again.

The scammers who take advantage of disasters  such as this one by preying upon unsuspecting donors,  are already in full swing.

It has been widely reported now, that criminals have begun setting up fraudulent charities, helplines and websites in an attempt to cash in on the misery and heartache of the Haitian quake survivors.

Reuters is reporting that the FBI and The Bureau of Justice Assistance have already begun warning donors and tracking complaints during this relief effort.

Both the Asian tsunami and Hurricane Katrina shed light on the depths to which con-artists will go in order to steal both money and personal information.

The potential for technology to be used for the good of the Haitian relief effort,  can be seen and safely accessed by texting to one or more legitimate mobile-friendly sites that are now in place.

– Texting HAITI to 90999: The U.S. Department of State’s Web site suggests texting “HAITI” to “90999″ to donate $10 to the American Red Cross to help with relief efforts. The $10 will be charged to your cell phone bill. Or you can go online to organizations like the Red Cross and Mercy Corps to contribute to the disaster relief efforts.

– Texting YELE to 501501: On Twitter, musician Wyclef Jean, a native of Haiti, notes, “Haiti needs your help text YELE to 501501 and $5 dollars will go toward earthquake relief.” Yele Haiti is a grassroots movement Jean has set up to inspire change in Haiti through programs in education, sports, the arts and environment.

We Americans can be a very generous and compassionate people.  The sheer magnitude of the issues facing the world’s poorest countries like Haiti, can and are now being brought to light by the media as well as the ongoing efforts of  well established relief organizations like World Vision and Food For The Poor.

In their hour of need, Haitian earthquake survivors and relief workers must not be held hostage by opportunistic “privacy pirates”.  Shame on those who attempt to re-route essential resources away from the people of Haiti and into their own dark pockets.

Tags: ,
Posted in Financial Scams | No Comments »

7 Top Tax Season Fraud Reminders!

Thursday, March 12th, 2009

If tax season is as taxing as ever for you, here are seven ways to reduce your annual tax time anxiety and vulnerability.

* Beware of tax-time ID thieves who create fake IRS websites just for this season.

* Bold fraudsters often “pose” as IRS agents to trick you into revealing personal data.

* The IRS never uses email to initiate contact with taxpayers.

* Any email that promises to deliver refund money should be deleted immediately.

* Taxpayer audit and refund information is always delivered through the U.S. mail.

* Unsolicited IRS contacts sent via email should never be opened or responded to.

* Communication from the IRS can be confirmed by calling (800) 829-1040.

Another common twist is that many unsuspecting taxpayers have received legitimate notifications from the IRS, requesting payment of taxes due on unreported earnings.

This is possible if someone illegally uses your Social Security number to obtain employment. In these cases, an unwitting employer reports the earnings attached to your stolen number and Uncle Sam comes calling for taxes on income you truly never earned!

Protect your Social Security number at all times and at all costs. If you suspect fraud, contact the Social Security Administration  immediately. They can also be reached at (800) 772-1213.

Posted in Federal Government, Financial Scams | No Comments »

Relentless Fraudsters Begin The Assault

Saturday, January 17th, 2009

The New Year’s barrage arrives just days before President Obama is sworn in.

Today was unlike most days when I open my email, yawn and shrug my shoulders. This evening, my KEEN eye caught three names of email senders that I didn’t recognize. That generally means “junk or spam email, but today was different due to the sheer volume and ridiculously (laughable) transparency of these scammers.

These emails were online scams, so phony looking that anyone with “half-a-brain” could spot them a mile away. Three in one day! I had to look in a mirror to make sure the word “sucka” wasn’t pinned to my back.

Not only did the senders promise OUTRAGEOUS sums of money for my help, the spelllinngg was so bad that I actually laughed out loud.

Phishing scams come in many varieties including lottery scams, bill collector scams, fraud investigation scams, employment application scams, overseas bank transfer scams, credit card or banking verification scams and many  others.

According to the Yahoo Security Center:

“If you receive an email (or instant message) from someone you don’t know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don’t be fooled by a site that looks real. It’s easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.”

Unfortunately, the current economic downturn is expected to cause a dramatic increase in the number and frequency of these fraudulent attempts to separate the uninformed from their personal data.

The good news is that these crimes are getting harder and harder to pull off, due to greater consumer awareness and more advanced spam filtering technologies.

Despite the almost comical transparency of the three scams that entered my email box today, the potential for harm and the growing frequency of these annoying ploys is really no laughing matter.

Posted in Computer safety, Cyberwar, Financial Scams | No Comments »