Wednesday, April 25, 2007


KnightsBridge Castle participated in the California Governors Identity Theft Summit on April 11, 2007 and once again we had the opportunity to view a widely divergent set of statistics concerning the growth of Identity Theft crimes in the US.

In the last two years, federal agencies such as the FTC and commercial enterprises such as the credit card companies have painted a picture a crime in decline citing approximately 7 million incidents. Both the FTC and the credit card firms have been somewhat self congratulatory about the reports they have issued or sponsored indicating a decline in the crime. However this rosy picture was somewhat tarnished when leading a leading market research company, Gartner Research, contradicted these reports recently and indicated that in the same period identity theft crimes had grown by 50% and is now exceeded 10,000,000 incidents per year.

Rena Mears, Partner in the auditing firm of Deloitte & Touche was the keynote speaker at the Governors conference and in her remarks she indicated that Deloitte’s estimate of identity theft crimes for this period was in excess of 15,000,000 victims in 12 months. In addition she commented that the financial impact of identity theft crimes had doubled in the pas 12 months. In other words the amount of money stolen or defrauded had increased significantly. She also noted that victim recovery (the ability to recover the financial loss – but not the loss of time and effort) had dropped from 87% in 2005 to 61% in 2006.

Thursday, April 12, 2007


KnightsBridge Castle staff was interviewed a second time last week by NBC television about IRS Tax Frauds. The program will be aired tonight on the Bay Area NBC affiliate channel 11.

We offer here on our blog the critical issues discussed during the interview.


Identity Theft Frauds which result in IRS Tax fraud are the most common type of Identity Theft – not credit card fraud

33% of Identity Theft involves hijacking a Social Security Number (SSN) for purposes of reporting illegal income, fore example:

Employment fraud, and false employment
Money laundering transactions, DMV fraud, Medical Benefits Fraud

The financial exposure of IRS Tax frauds are real – there is no policy of forbearance or quick resolution to these frauds – they are painful and expensive to unwind,

Two Common IRS Frauds

9095 Tax Form
You receive an official looking IRS 9095 tax form with an urgent message to complete the form and FAX is to a special IRS number. Failure to comply will result in your bank account being frozen. The form asks for your full personal information including banking information – such as bank routing numbers. The form is fake, and the special telephone number is a direct line to organized criminals.

IRS Email – Tax Refund
You receive an official looking email from the IRS informing you that you are eligible for a significant refund. The amount is often about $500 and the only requirement is that your reply to the IRS email with your personal information and your banking information – such as bank routing numbers.

Objective of these frauds

To obtain your personal information and your banking information and to then loot your bank account through wire transfer or other money transfer methods.

If you supply this information and do not exercise due caution and care in protecting your personal information, your bank has no obligation under law or in common practice to reimburse you for your loss. You have been robbed and you are unavailable to receive restitution from the bank, because you freely gave personal information without exercising care.

How to Spot an IRS Fraud

The government and business will never ask for information they already have. Confirmation gambits are always fraudulent.

Confirmation gambit – where someone poses as a business or government official and seeks your personal information (Such as SSN and banking information) to confirm your identity and to maintain their records.

Confirmation information is asked for in an email, by fax, or on the telephone.

You are offered a windfall from a business or government by email, telephone, or fax.

Tax Time Advice to Consumers

File your taxes electronically – reduce the potential for your paper forms and documentation to be lost or stolen by criminals

If you do file paper forms, hand them to a uniformed postal employee who is behind the counter at a post office

NEVER place them in street corner post boxes, of outgoing mail drops in

NEVER hand them to someone standing in front of the post office at the filing deadline who looks like a postal official. Always go inside the post office.

Once a year, use a commercial service to ensure that your SSN has not been hijacked by someone for use in committing fraud. The cost can be as little as $10 to detect the use of your SSN by someone else.

Never respond with sensitive personal information (including SSN and banking information) if you are contacted by email, fax, or telephone. If you are concerned, call back the business or the government agency at the number listed in the phone book and ask to talk to a representative about this matter.

Thursday, March 29, 2007


Tim Logan, CEO of KnightsBridge Castle spoke to NBC television today about the risks of fraud and impersonation crimes resulting from the loss of over 45 million credit card and debit card records by the retail company TJ Maxx. NBC wanted to know what consumers can do to protect themselves from this criminal attack.

“The TJ Maxx threat is serious,” said Tim Logan. “The loss of credit card numbers, debit card numbers, PINS, security features and drivers’ license number, to organized crime groups, presents a very real threat to consumers,” he continued. “This was not lost tape, or misplaced data. Organized criminals targeted TJ Maxx and systematically looted their databases over a six year period. This stolen information will be used to commit frauds and impersonation crimes for years and years,” said Tim Logan.

What can consumers do to protect themselves if they shopped at TJ Maxx? Mr. Logan provided NBC with the following general advice:

-- Take this threat seriously.

-- Remember commercial credit monitoring services will not protect you against this fraud. Credit monitoring will capture these frauds 60 to 90 days after they occur and have gone to collections. “Its like a fire alarm that goes off after the house has burned to the ground,” commented Logan.

-- Place a 90 day fraud alert on your credit records with the credit bureaus. Then lock down your credit records with a Credit Freeze in 25 states.

--Monitor your credit card accounts by checking statements immediately upon receipt – better yet, check using internet account tools once a week.

-- Debit Card holders are at the greatest risk. If you debit card has been compromised, cancel the card and have a new one issued. Debit cards do not provide adequate protection against fraud. They are not regulated by federal credit regulations as are credit cards with which your actual out of pocket loss is limited.

-- Subscribe to a service which monitors the dark web, where criminals buy and sell stolen information such as that taken in the TJ Maxx incident.

-- If fraud occurs:
o Notify the credit card company, or the debit card issuer immediately by phone. Then notify the credit rating companies. Failure to notify both the credit issuer and the credit rating companies may result in the loss of critical consumer rights under federal law.
o Always follow up in a written letter – keep copies and send a postal return receipt requested form.
o File a police report – without a report no crime has been committed and without a police report you cannot exercise your full rights to legal protection including permanent “fraud alerts” no-cost credit freezes, and lessened probability of later collection demands by creditors.
o Watch carefully for any suspicious activity involving your Drivers License information, such as unrecognized traffic violations, or auto insurance increases which may result from DMV or insurance fraud.

Tim Logan concluded “This is a serious breach of confidential financial and personal data. Consumers who take action to protect themselves now will avoid enormous grief and trouble later if they just take some simple precautions. No one will protect you. You must rely upon yourself to prevent and recover from this crime.”

Tuesday, March 20, 2007


Symantec, the internet security company and key provider of internet anti-virus software, released its annual Internet Security Threat Report volume XI this month. The Symantec report, similar to the Gartner report issued last week are in sharp contrast to studies issued by both the Federal Trade Commission and research sponsored by the credit card companies. While the FTC and credit card companies report declines in “identity theft”, both Gartner and Symantec describe a crime wave of unprecedented proportions growing rapidly and adapting to the weak preventative measures provided by government and business.

At KnightsBridge Castle we not surprised by the findings of growth in identity theft and frauds facilitated through the theft of personal information. However, we were surprised by the quantity of this activity originating in the USA. In recent years many analysts had assumed that the systems in which phishing scams, spam scams, internet initiated fraud, and the criminal resale of stolen and breached information had moved to safe havens offshore. The Symantec report indicates that up to one third of all this illegal activity still resides in the United States and therefore subject to the our law enforcement.

Here are some of the surprising findings of the Symantec report:

The Unites States was the top country of attack origin, accounting for 33% of worldwide attack activity.

86% of the credit card and debit cards advertised for sale on underground and illegal economy servers were issued by banks in the US

The government accounted for 25% of all identity theft related data breaches, more than any other sector.

51% of all underground economy servers were located in the USA.

46% of all known phishing web sites were located in the USA

The US has the largest proportion of spam zombies.

These findings are alarming, in that government regulatory agencies and law enforcement have within their reach the many of these illegal activities, yet they do little or nothing to shut them down. A phishing site in Moldavia or Beijing presents great challenges for American law enforcement, however a criminal server offering stolen banking information for sale located in Detroit is an entirely different matter. In our opinion its time for the Federal Trade Commission and US law enforcement to get focused on this crime wave and recognize that much of the threat lies in the USA and is therefore within the reach of the long arm of the law.

The full report is available on Symantec’s website at:

Thursday, March 15, 2007


At KnightsBridge Castle we often advise clients to not use debit cards for payments. In our opinion the legal protections against fraud provided by “credit cards” are significantly superior to those protections against fraud found in “debit cards.”

Credit card use and fraud is protected under federal fair credit laws which limit your exposure to $50 per fraudulent charge. Most credit card issuers (but not all) will wave this fee in the event of fraud. However debit cards have fewer protections and losses are generally limited to $50 if the bank is notified within business two days. Losses reported after two days are limited at $500. If the loss is reported following a 60 day delay, the bank is under no obligation to reimburse you. While some banks offer added protections for debit cards, consumers are often ill prepared to follow the complex provisions of these additional debit card protections. For example, the added protections against fraud provided by VISA and MasterCard require that the debit card be authorized by a signature rather than a PIN. In a recent Wall Street Journal article the author commented:” The reason: Banks get higher fees from merchants when consumers use debit cards with signatures, rather than PINs.”

Whatever the risk, consumer protections against fraudulent use of cards is best provided by credit cards regulated under the federal fair credit laws. At KnightsBridge Castle we do not advocate either debit or credit payments. However, in our opinion, and based on our experiences in assisting fraud victims, you are far far safer using credit cards. If you don’t like debt, then pay off the card fully when you receive the bill.

Monday, March 12, 2007


The CEO of an Identity Theft company which provides “fraud alerts” placed on your credit records with the credit reporting companies recently advised fraud alerts as a preventative technique for the prevention of identity theft. The CEO said “Placing a fraud alert with the major credit Bureaus … is a great frontline for defense.” By doing this the CEO explains any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.”

While this sounds like good advice "fraud alerts" are a very poor defense against identity theft. Why?

The fraud alert is not statutory – it is advisory. New credit issuers are not required to notify you of a new account. The law advises them to do so and in our experience less than half provide notice – often little more than a message on your answering machine or voicemail.

Secondly, fraud alerts are easily manipulated by credit thieves and they can be changed, removed, or worse modified by credit thieves. For example, the security measures of the credit bureaus are so poor, that credit thieves with a minimum of personal information can and will either remove the alert, or change the phone number to themselves.

Most important is that a fraud alert is applicable only to credit theft. Credit theft is less than 25% of identity theft. The single greatest form of identity theft is Social Security Number hijacking often for purposes of illegal employment. Fraud alerts do nothing to prevent or detect from the common identity frauds of IRS fraud, Medical Benefits Fraud, Drivers License fraud or over 70 other frauds facilitated by the theft of identity information.

Lastly, the CEO of this company charges $99 per person per year to assist you with this free service.

If you think that the small benefit of fraud alerts are of value, save yourself some money. Buy 12 envelopes and $4.68 of stamps. Address each envelope four times with the addresses of the credit reporting companies. Write a letter demanding a fraud alert. Place a copy in each letter. Then once a quarter mail three letters – one each to each credit reporting company. Save yourself $93.

Even better take a really effective measure to protect yourself against credit fraud – lock down your credit history with a credit freeze. New applications for credit cannot be processed without your permission to access your report.

Friday, March 09, 2007


15 million Americans were victimized by some sort of identity-theft related fraud in the 12 months ending in mid-2006, according to a survey by Gartner, Inc. Gartner’s survey is contradictory to the credit card company funded surveys indicating a 10% decrease in the crime for a similar period. The new survey revealed more than a 50 percent increase since 2003 when the Federal Trade Commission (FTC) reported 9.9 million American adult identity theft victims.

“Hackers are exploiting Internet auctions, nonregulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,” said Avivah Litan, analyst at Gartner. “The thieves have also discovered the weakest links in the U.S. payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves.”

In the past two years KnightsBridge Castle has seen enormous inconsistency in surveys attempting to characterize identity theft crime growth. The FTC has indicated that the crime is diminishing. The credit card company sponsored surveys have also indicated a small decline in the crime. On the other hand Federal Banking officials have completed a study indicating a 103% increase in mortgage fraud facilitated by identity theft for the same time period. Now we have Gartner’s report of a 50% increase.

These survey inconsistencies can sometimes be explained through examining the survey firms definition of identity theft. The FTC survey exclusively focuses on credit card crimes, thus ignoring identity crimes in false employment, IRS fraud, medical benefits fraud, and more than 70 other frauds facilitated through identity theft. The credit card company sponsored surveys are in our opinion biased and are funded to allow the credit companies to assure the public that new security measures are working to stem this crime wave.

While we lack the survey facilities of the FTC, Gartner, and the credit card companies, we do feel that we have a good feel for the state of identity theft in the USA. In our opinion this crime wave continues unabated, and if anything the Gartner survey may understate the real rate of growth both in the US and through out the world.

Monday, March 05, 2007


Two recent articles hit our desk at the same time and got the staff at KnightsBridge Castle thinking about the future of Identity Theft. The Economist Magazine featured an article announcing the end of the “cash era”. Electronic commerce, including the credit cards, debit cards, pay pal, and electronic payments from bank accounts has greatly diminished the need for notes and coins in the cash economy. The Economist noted “Notes and coins are already a small fraction of the money in most rich countries.” The article predicted that the within a few years cash as we understand it would cease to exist.

The second article was a series of comments by the President of the Association of Certified Fraud Analysts. In these comments the president of the association commented that the crime of the new century would be fraud. New technologies and new systems were actively creating new opportunities for criminals engaged in fraud and theft. Clearly the proliferation of frauds and identity theft confirm his views

As we enter a cashless society many classes of crime may diminish. For example when a bank contains no cash, or a store has no cash, certain types of robbery will disappear. However they are most certain to be replaced by new types of robbery and fraud.

Therefore we at KnightsBridge Castle believe that Identity Theft, and the frauds that are committed using personal information, are a crime wave that will not diminish. Reluctantly and sadly we find ourselves watching the unprecedented growth of identity theft and fraud as we exit the age of cash and enter the age of fraud.

Wednesday, February 21, 2007


Internet banking rates can be too good to be true. A company called Federal Savings offered an 8.85 percent rate on a six-month CD on its internet banking site. When bank rating agencies sought more information, the company's Web site disappeared. Later it popped back up with a 6.25 percent rate. When questions concerning the companies operations were directed to Federal Savings the company did not answer. Its Web site is down again, and the company could not be reached. To see whether a bank is federally insured, go to

Banking scams are growing on the internet and caution is advised. Make sure that the internet bank you have selected is legitimate. In addition carefully look at the name and URL (website address) of the bank in question. In the example cited above, there are many legitimate banks with Federal Savings in their name. So don’t be confused by names which sound legitimate or resemble know banking institutions.

Fraudulent banks on the internet can steal both your money and your identity. Use caution in selecting internet banking sites.

Tuesday, February 20, 2007


Most of us are careful about divulging our Social Security Numbers or Taxpayer ID Numbers. However soon to arrive in your mail will be key information which can be used to commit a wide variety of harmful identity theft and crimes of fraud. This mail often has blazed across the front of the letter such phrases as “Important Tax Documents” or other phrases that identity thieves can quickly spot. In addition the format for these documents and the envelopes that contain them make them very easy to spot if left unattended in an unsecured mail box.

Identity thieves and credit fraudsters often target un-secured mail boxes. A variety of techniques are used. Some of these techniques are simple such as opening unlocked mailboxes and simply taking the mail. Others are more sophisticated and include using simple tools to extract mail. Sometimes identity thieves will steal mail directly from postal authorities.

Identity thieves, criminal imposters, and other fraudsters know that tax time can be harvest time for identity theft. And W2’s and 1099 tax forms are of great value in committing the many crimes of identity theft.

Here are a few tips for protecting this important information and for preventing identity theft.

-- Locked Mailbox – get a locked mailbox or use a postal box to receive important documents such as W2’s and 1099

-- Clear Out Your Mailbox within 8 hours of receipt of your mail. Don’t let mail pile up in a mail box. Find out the time your mail is usually delivered and pick it up as soon after delivery as possible.

-- Store W2’s, 1099’s, and other tax documents in a locked and secured place within your home or office. Burglars know that these documents have street value and can be sold for cash to other criminals. Don’t leave these documents lying about the house or in conspicuous places such as boxes labeled Tax Documents, or next to your computer.

-- File your taxes electronically or by handing your tax documents directly to a postal official within the post office. Go to the post office window; never post tax documents in outside mail boxes.

Wednesday, February 14, 2007


At KnightsBridge Castle we track databreaches as they are reported. The loss of personal information security, enabled by a databreach at a government agency, merchant database, or other source is an increasingly common vector for identity theft, impersonation crimes, criminal activity, and fraud.

Here is a list of this weeks top five databreaches –

- [2007-02-14]

(196,000 Social Security numbers among information on stolen tapes)

Washington D.C. Metropolitan Police Department
- [2007-02-11]

(Social Security numbers for 2,000 police officers exposed)

Department for Work and Pensions (UK)
- [2007-02-10]

(Bank details of as many as 26,000 pensioners sent to wrong addresses)

State of Indiana
- [2007-02-10]

(5,600 people and businesses notified about credit card numbers on hacked server)

Radford University
- [2007-02-09]

(Breached computer contained 2,400 Social Security numbers and birthdates)

East Carolina University
- [2007-02-09]

(Social Security numbers, names, and some credit card numbers for 65,000 posted to web)

St. Mary's Hospital
- [2007-02-08]

(130,000 names, Social Security numbers and birthdates of patients on stolen laptop)

Central Connecticut State University
- [2007-02-07]

(Letters reveal Social Security numbers for about 750 students)

University of Nebraska, Lincoln - [2007-02-07]

(72 Social Security numbers posted on public web site for over two years)

Johns Hopkins Hospital
- [2007-02-07]

(Missing computer tapes contain Social Security numbers of 52,000)

Monday, February 12, 2007


Under federal and state law you are not responsible for debts incurred by fraudsters and identity thieves. The mailing of a stop contact notice to a creditor, together with a police report of the crime, and an FTC approved identity theft affidavit provides the needed notification to the debtor that a fraud has been committed. Debtors usually cancel the debt after a short investigation.

However, this does not mean the end of collection headaches for a proven fraudulent debt.

For example the collected bad debts of a credit card issuer or merchants may be packaged in bundles of debt and sold to debt collection companies. After some time these bad debts may be packaged and sold again. And then sold again.

Each new collection company may have no record of the status of the debt as fraudulent.

At KnightsBridge Castle we very often see debts that have been acknowledged as fraudulent and forgiven by the debtor, show up in the new collections efforts by collections companies – regardless of the status of the debt as a proven and accepted fraud.

It is critical that you keep written copies of all correspondence regarding the cancellation of a debt. Never fail to follow up a phone call to a debtor with a written notice of the fraudulent charges – even if the debtor says this is not necessary. Do not rely upon “fraud alerts” “information postings” or other notices with the credit rating companies for protection. Credit collections companies who purchase bundles of supposed “bad debts” pay little or no attention to the records of these companies. There only goal is to get money from you – regardless of the proven status of the fraudulent debt.

These fraudulent debts can show up time and time again. And each time you may need to provide copies of the original correspondence about the fraud to stop collections companies from harassing you.

Friday, February 02, 2007


The famed and highly successful Canadian Lottery Scam has begun to spin off new variants and twists. This week we talked with yet another victim of this scam who lost well over $100,000.
We have modified some of the elements of this story, but not the basic facts, in order to protect current and potential victims.

The victim was notified by email of his extraordinary winnings in a Netherlands lottery by a large and ethical lottery company in Europe. However the email was from criminals not from the lottery company. He was directed to a legitimate looking website and given his client access information. And amazingly there was a web page indicating a balance in the lottery bank of millions of euros. All they had to do was provide personal information and pay fees and taxes and the money would be released to him. These criminals are after both money and key identity information to be used in later crimes.

Once again the tragedy of “too good to be true” strikes home.

Here is a copy of the criminal email.

Date: February 2, 2007 8:56:51 AM PST

Computer Ballot Jackpot 'A' Draw Result.

REF No: QNL/4A51/8C60/06
BATCH No: XA3/312-59
TICKET No: 334/ 660078
SERIAL No: 05908
LUCKY No: 9-43-97


Dear Lucky Winner,

Congratulations to you as we bring to your notice, the results of the Free Email Computer Ballot Jackpot 'A' draw 1st Category of LOTTO.NL.

We are pleased to inform you of the result of the Lottery Winners International programs drawn today, 29/01/2007. Your E-mail address attached to Ticket number 334/ 660078 with Serial number 05908 drew the lucky numbers 9-43-97, which consequently won in the 1st category; you have therefore been approved for a lump sum payout of EUR2, 500, 000. 00 Euros. (TWO MILLION, FIVE HUNDRED THOUSAND EUROS). CONGRATULATIONS!!!

This lottery is a promotional program by LOTTO.NL (Biggest lottery Organization in the Netherlands) to advertise to the world its existence. All participants were selected through a computer ballot system drawn from over 50,000 companies and 2,000,000 individual email addresses from all over the world, as part of our international promotions program, which we intend to conduct several times a year.

To file for your claim, please contact our /your processing agent

Mr. Andrew Thompson
Tel. No: +31-61-047-4520
Fax. No: +31-84-722-2680

You are advice to provide him with the following information:
Telephone/Fax number:
Company (if any):
Winning reference and Batch numbers:

NOTE: All winnings must be claimed not later than 14 days, thereafter unclaimed funds would be included in the next stake. Remember to quote your reference information in all correspondence. Members of the affiliate agencies are automatically not allowed to participate in this program.

Furthermore, we call on you to make sure that you save a copy of this mail and note every letter clearly as stated for we will not be held responsible should there be any complications in this transaction due to laxity on your part. Congratulations once more from our members of staff and thank you for being part of our promotional program. Should there be any change of address do inform our agent as soon as possible.
Congratulations once more from our members of staff and thank you for being part of our promotional program. Pls Do not reply to the email address from where you received the information, thank you.

Yours truly,

MS Caroline Van Bosch
Promotion Manager.

************THIS IS NOT SPAM***********


From the official website of the Netherlands Lottery company:

De Lotto warns against a large Lottery scam. In an e-mail (or letter), which is written in bad English, the addressee is told that he/she has won a large amount of money in a lottery. When the ‘lottery’ is contacted, it turns out that the prize can only be collected if a payment is made of thousands of dollars/euros for ‘handling fees’. Obviously the prize is never paid out. The organization behind the fraud operates under different names, often derived from well known lotteries. For example: Lucky Day Lottery, De Lotto Netherlands, Interlotto, Oy Keikkaus Switzerland, El Gordo de la Primitiva and Global Trust Lottery. The police and the Ministry of Justice have been informed about the fraud. Nevertheless, it is hard to stop the malpractices. The criminals give false addresses, and cannot be traced via the stated telephone numbers, e-mail addresses and P.O. Boxes. Neither do they have permanent addresses and moreover, they change their identity regularly.

If you should receive such an e-mail, do not respond in any way, don not provide these people with any personal identity information and do not pay any money!

Wednesday, January 31, 2007


Fraudulent billing scams, facilitated by spamming, are clearly on the rise. We have noticed a significant increase in fraudulent bills in recent months.

Fraudulent billing scams are an old and established fraud, but the new scams have a very different intention that the older more traditional frauds. Traditional billing frauds often relied upon the recipient assuming that the bill was valid and then paying it. The amounts were often low, and both individuals and even large corporations would often pay rather than take the time and energy to confirm the amount owed.

These new on-line billing frauds have a more sinister intent. They are after your identity profile which allows the criminals to commit dozens of crime against you, including looting of all you financial resources including bank accounts, engaging in financial transactions in your name, money laundering, and other serious crimes.

For example here is a criminal email received by this office in recent days. We are not members of Ebay, and our Chief Financial Officer who previously worked with Ebay views these billing statements with both alarm and disgust. The name server to which the View Invoice link is connected is not a registered site. The site is probably in Asia or Eastern Europe – far beyond the reach of US law.

Hello Member,

Your monthly eBay Invoice is now available for online viewing.Invoice Date: Jan 26, 2007Amount Due: $47.34

You can review your current Invoice details and Account Status at any time by clicking this link:VIEW INVOICE

For future reference, you can access your invoice by following these steps:

Go to the eBay Home page.

Click My eBay at the top of the page, and sign in with your eBay User ID and password.

Click the "Seller Account" link (below My Account in the left navigation menu).

Click the "Invoice" link.

2007 eBay, Inc.


In recent weeks we have received at KnightsBridge Castle an increasing number of fraudulent loan offers. Many of these offers come in the form of “pre-approved” loans and are sent to staff individually and to some general email addresses such as “information” and “press”. That a legitimate “pre-approved” credit offer should come to an email address without any possible credit history, such as “information,” tells you immediately that this spam is from a criminal group.

These spam messages then lead to websites that look legitimate, but to the trained eye they are clearly fraudulent and intent on committing criminal acts.

What are these criminal groups after? Your personal information, as required on any loan application, is a pure gold for a thief. This information is key to hijacking your identity and committing a wide variety of crimes against you such as mortgage fraud, IRS fraud, credit frauds, and simply looting your bank account.

These sites are either harvesting your personal information or asking you to pre-pay processing fees. The processing fee scam has two benefits, it helps pay for the cost stealing your identity information, and it allows the criminals to initiate unauthorized electronic transfers from your bank to the criminal organization. The result, it is a looted bank account, for which the bank need offer no restitution. You freely gave up your banking information and were defrauded. Banks are under no obligation to make the fraud good by restoring your funds.

The techniques used to make these websites seem real vary. But they often include the use of the following elements.

Https URL name certificates – yes criminals can buy a HTTPS website certificate as easily as a legitimate business. Https is a URI scheme which is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port (443) and an additional encryption/authentication layer between HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.

Use of Seals and Logos from respected institution such as the Better Business Bureau (BBB) appear fraudulently on the website.

The use of local addresses are used on the website, however the fraudulent business is not local at all but offshore and far beyond the reach of US law.

The use of a legitimate bank or lending institution’s name. The name of the website and the logo look like a familiar brand name, but they are not part of the banking institution at all. They are scams.

The use logos and realistic looking links of Truste or other website verification techniques such as Verisign. TRUSTe, founded in 1997, is an independent non-profit organization best known for its Web Privacy Seal. VeriSign is well known for the VeriSign Secured Seal, which is an outward expression of a Web site's authentication and encryption commonly posted to VeriSign SSL Certificate customers' Web sites. However these logos can be stolen and pasted on the offending website. Also the click through verification can be faked if the user lacks the tools for checking the ultimate location of the responding website.

If you need a loan, for a car, debt consolidation, or just to pay for something you want, go to your local bank. If you must use an online service, go directly to the website from your browser, never to a link provided by email.

Wednesday, January 24, 2007


I was contacted by a close friend of the family this weekend who had received a large check drawn on a Canadian bank in the amount of $85,000 together with a letter urging the friend to cash the check and the then send a check for $7500 to cover taxes due. This was the now infamous Canadian Lottery Scam, in which good looking but bogus checks are sent for supposed lottery winnings. The victim is asked to pay a fee, in this case $7500 as soon as the check is deposited.

Fortunately for the family friend they did not immediately write a check but instead waited for the check to clear the bank. Of course the check bounced – it was a good looking but very bad check.

However, the friend of the family wanted to know why the check bounced. After all they had won a lottery. Should they resubmit the check? Clearly something had gone wrong. Perhaps they should pay the $7500 first and then resubmit the check again.

Patiently I explained that this was a well known fraud. However the family friend did not want to hear this. They wanted to believe that this “too good to be true” opportunity for significant gains was real. Our family friend became heated in the argument. Insisting again and again that it must be real because the check was clearly a real check. And that taxes were clearly due. And that the could really use the money.

“Did you enter a lottery in Canada” I asked. “No” was the reply. “Did the check bounce?” I asked. “Yes” they said. “Is this too good to be true?” I asked again. ?Well yes, but I still think it’s valid” was the reply.

Finally the family friend, an elderly woman who clearly would benefit from any financial windfall, agreed not to send any money until the resubmitted check cleared the bank. She wanted to believe.

In this conversation I became the unreasonable person and hostility was directed toward me for informing her of a simple truth – it was a scam, there were no winnings.

The power of greed and of scams which appeal to this weakness in human nature continues to amaze us at KnightsBridge Castle. We have on occasion become the subjects of anger and resentment when we tell clients and potential clients that their supposed wonderful windfall is a nightmare fraud in disguise. I greatly hope the family friend will not send the money as requested by the fraudsters. However I am not really certain that she will follow our advice.

Greed and wishful thinking are as powerful as narcotics in clouding reason. Fraudsters rely on this weakness in our nature every day.

Friday, January 19, 2007


While millions of Americans struggle with identity theft each year we often forget the need to protect our children from the ravages of this crime. Identity theft is not a crime that affects only adults. The crime is frequently directed against children. Why? The records of children are perfect for committing crimes – they are blank slates upon which a criminal may construct elaborate and complex identity crimes which are unlikely to be detected for many years.

Parents of minor children need to monitor the personal information about their children to ensure that identity theft is detected quickly and terminated before one of the many crimes of identity theft are committed -- such as IRS tax fraud or medical benefits fraud. Identity crimes against children may have very long lives and they can affect your child’s tax status, their qualifications to enter schools and colleges, their credit ratings, and their employment prospects. Children can be affected in hundreds of ways which can damage their future prospects in life.

What can you do to protect your minor children?

The first line of defense is to monitor the use of your child’s Social Security Number (SSN). The use of the number can be detected through the use of specialized fraud prevention and detection tools such as those used by KnightsBridge Castle’s eye-spy™ programs. KnightsBridge Castle’s experience has been that as many as 30% of minor children’s SSN’s have been compromised. The unauthorized use of the SSN runs the gamut of simple transposition errors to full blown identity hijacking. When the unauthorized use of a SSN is detected a series of proven steps for the assessment of the use can be undertaken. While these steps can be complex they are effective in limiting the damage to your child’s future.

If you can catch unauthorized use of a SSN and shut down the identity thieft of a minor child at an early age then the damage may be limited. However, the trauma and confusion of discovering your child’s stolen identity when applying for his first job, or seeking a student loan, or applying for college can be heartbreaking.

Wednesday, January 17, 2007


Here is a list of recent phishing attacks. This list is compiled from a variety of sources.

Phishing Alert
The Co-operative Bank p.l.c.

Malicious Websites / Malicious Code
Brazilian and Russian hackers are now cooperating in launching new very advanced phishing techniques.
Phishing Alert
Kaw Valley State Bank and Trust

Phishing Alert
ELGA Credit Union

Phishing Alert

Phishing Alert
RHB Bank

Malicious Website / Malicious Code
Adobe Acrobat XSS Vulnerability

Phishing Alert
Andover State Bank

Phishing Alert
Caisse d'Epargne

Malicious Website / Malicious Code
Skype Trojan Horse

Phishing Alert
Birmingham Midshires

Informational Alert
Cyber Extortion via Web Mail

Malicious Website / Malicious Code
MS Word Zero-Day

Phishing Alert
Community America Credit Union

Phishing Alert
First South Bank

Phishing Alert
Mazuma Credit Union

Informational Alert
Webcast: Exploit 2.0

Malicious Website / Malicious Code
MySpace XSS QuickTime Worm

Phishing Alert
Interchange Bank

Phishing Alert
Yorkshire Building Society

Phishing Alert
Derbyshire Building Society

Phishing Alert
Summit National Bank

Phishing Alert
Bank of Cyprus

Phishing Alert
State Bank of India

Phishing Alert
First Exchange Bank

Phishing Alert
Central National Bank of Enid

Phishing Alert
Fake Bank: McLloyds Bank International

NOTE: We are now recieving more than 5 PayPal phishing attempts per day against our request for information email address at KnightsBridge Castle.


Its tax time and our mailboxes will be full of important tax information such as 1099’s and W-2’s. These documents are highly prized by identity thieves since they are the “keys to the kingdom” and can be used to commit a wide variety of crimes against you such as IRS fraud, medical benefits fraud, bank and brokerage wire transfer fraud, and a wide variety of other ugly crimes.

The envelopes in which these documents are delivered are easy to spot and without a locking mailbox or other secure delivery mechanism you may be inviting thieves to enter your world and wreak havoc.

If you don’t have a locking mailbox get one immediately. Better yet use a Post Office Box and get the added security of protection by the postal inspectors while the mail remains in your PO Box.

Pick up your mail as soon as possible. Don’t let unattended mail sit in an insecure mail box.

If you’re traveling then have your mail held at the post office until you return. Get a bunch of the yellow card “Authorization to Hold Mail” (PS form 8076) and keep them handy.

And now the most important advice of all –

FILE ELECTRONICALLY OR IF POSTING YOUR TAX RETURNS CARRY THEM INTO THE POST OFFICE AND HAND THEM TO A POSTAL EMPLOYEE WHO STANDS BEHIND THE COUNTER. Never, never, put tax forms in the blue post boxes on street corners. Never, never hand tax forms to persons standing on the street in front of the post office that may or may not be identity thieves.

Saturday, January 13, 2007


One of the popular misconceptions about the Federal Trade Commission and the Social Security Administration is, that when you report identity theft crimes to them, that these agencies will actually do something with the information you provide to protect you or initiate an investigation on your behalf. The truth is that both the FTC and the SSA will do nothing with the information you provide other than perhaps file it. There are some exceptions to this general rule of inaction, but these are few and far between. Theft of social security benefits is one exception. Hijacking of your social security number and using it for other illegal purposes will not be investigated by the SSA.

We have written extensively on the Public Relations campaigns of the FTC in their mistaken attempt to assure us that they are fighting this crime wave. However their pronouncements have no real substance to support any factual base for their competency in dealing with the crime wave of identity theft. After all, what can 14 employees within the FTC actually do with over 8 million reported cases per year? Here is a copy of the letter returned to a client following a report by the client of identity theft as outlined on the FTC website.

References in this letter to sharing the data with police departments are true, however we are aware of no police department that accesses or uses this information - and we have talked with many departments over the last two years. Raw and unverified information placed into the FTC Sentinal database is of no use to the police in investigating crime.

Please note, they do provide a brochure, but at the same time say nothing about what if any action will be taken. From long and hard learned lessons we are confident that they will only file the report and do nothing.

June 21, 2006

Thank you for contacting us about identity theft. The information you have requested is enclosed. We hope it provides information that will be useful to you. Please let us know if you have any other questions or concerns about identity theft.

You can always reach us in three ways:
1) you can call us toll-free at 1-877-ID THEFT (1-877-438-4338);
2) you can visit our website at; or
3) you can write to us at:
Identity Theft Clearinghouse
Federal Trade Commission
Washington, DC 20580

For consumer problems not related to identity theft, please call the FTC's Consumer Response Center toll-free at 1-877-FTC-HELP (1-877-382-4357), or visit the FTC's website at

We appreciate any comments or suggestions you may have. Please mail any feedback to us at the above address. The efficacy of our identity theft tracking and referral program is dependent upon information we receive from people like you. Thank you for contacting us. How We Use Your Information

We use personally-identifying information gathered from consumers in various ways to further our consumer protection and competition activities. We collect this information under the authority of the Federal Trade Commission Act and other laws we enforce or administer. We enter the information you provide into our database to make it available to our attorneys and investigators involved in law enforcement. We also may share it with a wide variety of other government agencies enforcing consumer protection, competition, and other laws.

If you contact us because you have been the victim of Identity Theft, we also may share some information you provide with certain private entities, such as credit bureaus and any companies you may have complained about, if we believe that doing so might help resolve identify theft-related problems.

In addition, when you submit a complaint, you may be contacted by the FTC or any of the agencies or private entities to whom your complaint has been referred.

In other limited circumstances, including requests from Congress, Freedom of Information Act (FOIA) requests from private individuals, or in accordance with our public record rules, we may be required by law to disclose the information you submit.

The information you provide is up to you. If you don't provide your name or contact information, it may be impossible for us to refer, respond to, or investigate your complaint or request.


Identity Theft Clearinghouse Enclosures:1. Take Charge: Fighting Back Against Identity Theft (CRE-02)

Friday, January 12, 2007


“Pretexting” is an identity theft crime in which someone poses as the victim in order to obtain private commercial information such as billing information and telephone number call lists. The protections with businesses, such as the phone company or utility company are few, but the law is very clear – it’s illegal.

However law enforcement at both the state and federal level has been lax in prosecuting this crime. But with the recent revelation of identity theft crimes against board members at Hewlett Packard by the Chief Executive Officer of the company, the reluctance to prosecute seems to have evaporated.

Within weeks of the public appearance of this crime the California Attorney General moved to prosecute the crime. On January 11, 2007 it became apparent that Federal Prosecutors were also moving against a private detective working out of Colorado and for HP. Today on the 12th the press announced that an arrest had been made by federal officials for the identity crime of pretexting by the private eye.

Pretexting is a crime. It has been a crime for years. Pretexting is the theft of confidential, protected, and private information. We support both state and federal prosecutors in their willingness to tackle this crime.

Monday, January 08, 2007


Today’s emails and phishing scam is included below. The domain name for this site was registered on January 4. Needless to say we have not applied for a loan. The email came to our general information email address. The URL provided has no server and an analysis of the actual coding of the email indicates that a redirect to another hidden site is highly likely.

Here for you amusement and amazement is today’s email scam:


Thank you for your loan request, which we recieved yesterday, your refinance application has been accepted

Bad credit OK, We are ready to give you a $371,000 loan, after further review, our lenders have established the lowest monthly payments.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second Secure Web-Form.


Using a safe sacraficial browser we visited the site and noticed that the website had unauthorized logos for the CAN-Spam organization, VeriSign, Equal Housing Opportunity logo, and Trust-e. The links to these organizations were not links at all, but simple pictures of the logos of the trusted site.

Wednesday, January 03, 2007


States Allowing Credit Record Lock Downs – States Allowing Credit Freezes
California, Colorado, Connecticut, Delaware, Florida, Illinois., Kentucky., Louisiana., Maine, Minnesota, Nevada., New Hampshire. New Jersey, New York, Oklahoma., North Carolina, Pennsylvania., Rhode Island, Utah*, Vermont., Wisconsin.

States With Freeze Rules Following ID Theft
Hawaii, Kansas., South Dakota., Texas, Washington.

* Effective September 2008


Regular readers of this blog will remember a few weeks ago that our staff met with a victim of the Nigerian Scan. After restraining our shock that someone could fall for this obvious fraud, we realized that what is common knowledge to ourselves is not so common to others. This is the variant of the Nigerian Scam we received today.

The scam email is classic in its form and offer.


Dear Sir / Madam, Before I proceed, I must first apologize for this unsolicited mail to you. I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, but you will realize the need for my action.

My name is Barrister James Parker of the SAGARDOY LEGAL PRACTITIONER´S & FINANCIAL SOLICITOR´S. Actually, I got your contact information through the U.S.A. public records while searching for a name similar to my Late client Eng. Johannes Neice an expatriate engineer who worked with the Mining and Smelting Company (Asturiana de Zinc S.A.) in Holland for Thirteen years. He died along with his family during the Tsunami catastrophic, which occurred on Monday 27 December 2004. Before his death, he deposited One Trunk Box/Diplomatic Personal Treasure containing the sum of $8.752M (EIGHT MILLION AND SEVEN HUNDRED AND FIFTY-TWO THOUSAND US DOLLARS ONLY) with a security company here in Holland, but he did not disclosed the content of deposited diplomatic consignment to the security company for security reasons. The security company has however, mandated me to present any family heir/inheritor for claims before the consignment gets confiscated or reverts to the Bureau of Diplomatic Security as an unclaimed diplomatic immunity. So I decided to search for any of my late client's relative which has been very difficult for me, as he did not declare any other person, address, partner or relatives in the official paper works of his diplomatic consignment deposit.

Against this backdrop, my suggestion to you is that I will like you as a to stand as the next of kin to Eng. Johannes Neice, so that the diplomatic consignment will be released to you. With my position as his lawyer, I will now place your name as the next of kin to my late client. I will prepare every relevant document that will assist your claims, and facilitate the release of the consignment. Note that this transaction is 100% risk free. There is no atom of risk in connection to this business as I have worked out all modalities to complete the transaction successfully. Once the diplomatic consignment is released to you, we shall share in the ratio of 50% for me, 50% for you as your benefit. Reply via my private email for further clarification.

Please be kind to get back to me if you are not interested so that I can further my search for another partner. Best Regards Barrister James parker (ESQ)

Friday, December 29, 2006


We often talk with businesses about protecting their customers after their business data has been stolen, lost, hacked, or compromised. Consumers are required by law to be notified when their personal information such as name, address, and social security number (SSN) have been compromised and failure to provide timely notification caries heavy fines and penalties.

The responses by businesses vary from simple notification of a breach containing minimal information to advanced protective services provided by the business for the “at risk” consumer

What should a business do when faced with a breach of consumer data? Complying with the law is one thing, but retaining valued customers is another thing entirely. If customers are valued, then minimal protection will undoubtedly result in the loss of those customers. A fully formed protection program, while challenging, may actually bond the business closer to its customers as the business demonstrates care and competence in managing this very real crisis.

Here is a list of things that will ensure that customers lose confidence in a business which is sending a breach notice:

A simple notice of breach, without explanation and with no remediation

To assure customers that you care about the breach you must explain in simple terms what happened, what you have done to correct the breach, and if the breach was intentional or inadvertent. Most breach notices, written by lawyers afraid of litigation, will say nothing about corrective action, your competence to deal with the crisis, and your loyalty to customers. A business that sends a minimal breach notice will undoubtedly scare their customers and who may well take their business elsewhere. Customers often need someone to talk to who can assure them that competent and speedy action has been taken to provide protection.

A simple notice of breach with minimal explanation and a free credit monitoring service.

Credit monitoring provides no meaningful protection to customers if their information has been compromised. Customer information is stolen for many types of crime. For example false employment crimes, IRS fraud, Medical Benefits Fraud and over 75 other types of identity theft related fraud are undetected by credit monitoring. In other words more than 75% of all identity fraud cannot be protected by credit monitoring. Further credit monitoring services detect credit card fraud only after the fraud has occurred and the consumer is left to clean up the mess. Think of a fire alarm that goes off after the house has burned down – that’s the value of credit monitoring. Consumers are lulled into thinking they are protected by these services, but as recent press coverage (see comments on press coverage in our other blog entries) has shown, consumers become very very angry when the identity thieves strike and their imagined protection proves worthless.

Here is a program that will work and will demonstrate competence and care of valued customers.

-- A brief and timely explanation of details of the breach without providing information of value to thieves. When did the breach occur? What have you done to keep breaches from happening again (e.g., new security measures, fired a sub-contractor, employee training programs, etc.) Was the breach intentional – was the information targeted for theft or simply lost or misplaced. A missing back up tape presents on set of challenges to a consumer, but a broken window and a smashed file case with selected records missing is something entirely different. Even worse is a targeted and hacked computer database.

-- Consumers need assurance that you are competently protecting their interests. They need a human to talk to about the breach. Both at the company whose data was breached and at a company which provides protective services. Consumers need to know that the business cares, and that identity theft prevention, detection and recovery experts are available to discuss their concerns and to take action. Disembodied phone trees with endless recorded messages are certain to make the customer more angry that they were when the received the breach notice.

-- A program that addresses all the avenues of crime that the loss of customer data enables is required. In addition to credit crimes, these include false employment fraud (the most common form of identity theft and devastating to consumers in the long run), medical benefits fraud, IRS fraud, bank theft and forgery, Drivers License fraud, immigration frauds, and many many others. While it may prove impossible to protect customers entirely following a breach, systems which prevent, detect, and have recovery procedures in place for these crimes is critical in keeping valued customers.

-- Rapid reaction and response, if a consumer is defrauded, is a major requirement and is missing from almost every program available today – such as credit monitoring programs. The customer needs a hot line and a trained identity theft expert available in a timely fashion to respond to hints of fraud or to actual fraud. If a business values its customers it will not leave them in the cold when the identity thieves strike.

Acquiring and keeping satisfied customers is a high priority for almost every business. Business managers should treat breaches of customer data using the golden rule. How do you want to be treated as a business person if another business looses control of your personal information? How would you feel if you were essentially told you were on your own, or given security tools which simply were unable to provide any meaningful safety to you or your family? A business data breach is ugly, but it provides an opportunity for the business to demonstrate that it values its customers and that it is competent in protecting them in the future. In other words it is a business that is worthy of continued patronage.

Thursday, December 28, 2006


A recent study by a leading internet security vendor reports a 300% increase in phishing attacks in the last week. It seems that not only does credit fraud peak during the holidays but also phishing and spam attacks.

The report points out that the significant increase is primarily due to a massive jump in phishing messages being sent from South Korea and China. China is now the biggest generator of phishing emails in the world, jumping from 10th position last week.

The significant increase is primarily due to a massive jump in phishing messages being sent from South Korea and China. In addition to the rise in phishing, the report commented that Christmas spam rates have exploded over November. At the end of October there was almost zero Christmas Spam distributed, but it now represents 10.9 per cent of spam overall

Wednesday, December 27, 2006


Today’s phishing variant is one in which you receive an invoice on a paypal account that you clearly did not authorize. The phishing scam provides an instant and highlighted link to dispute the bill. The “dispute transaction” link goes to a UK address and to a domain name that is not properly registered. In other words it goes into the ether and straight to criminals.

This email confirms that you have paid PALMTREOSTORE
( $419.95 USD using PayPal.
This credit card transaction will appear on your bill as
PayPal Shopping Cart Contents I
tem Name: Palm Treo 700p smartphone
go-anywhere, Palm OS device
uantity: 1
Total: $399.95 USD
Cart Subtotal: $399.95
USDShipping Charge: $20.00 USD

Cart Total: $419.95 USD
Shipping Information
Shipping info: Andy Crouse
202 N Magnolia Dr.
Saco, ME 04072
United States Address Status: Unconfirmed
If you haven't authorized this charge, click the link below to cancel the payment and get a full refound.

Wednesday, December 20, 2006


In the news this week has been the INS raid on the meat packing houses of Swift in which over 1500 employed illegal immigrants were arrested. All the illegal’s had qualified for employment at Swift by presenting one or more of the 10 documents required by the federal I-9 form for Employment Eligibility Verification. Among these is a passport, driver’s license, social security number (SSN), Certificate of Naturalization, foreign passport with US employment authorization, permanent resident card, alien resident card, temporary resident card, employment authorization card, temporary resident card, refugee travel document, or employment authorization from the Department of Homeland Security.

At KnightsBridge Castle we are continually seeing cases where identity theft is facilitated by making up a number in the SSN format and using it with another name. Credit reporting companies and other information companies see this all the time and never report a mismatch. Thus if you have credit under your SSN and name, another person can easily get credit using your SSN and their name. Yes, its sounds impossible, but it happens every day.

Until recently the same inability to match names to SSN’s was preventing employers from checking the validity of the name SSN match. Recent federal legislation now provides employers with the ability to validate these names and SSN for a proper match.

This legislation was intended to prevent illegal immigrants from seeking employment.

Like so many other efforts to block identity theft, this one is doomed to failure. Why?

Because, as reported in a recent Wall Street Journal article about the Swift raid, illegal immigrants seeking employment are already beginning to use valid name and SSN combinations. Name and SSN combinations can be stolen, rented, donated by other legal family members, purchased on the street, or acquired in many different ways.

SSN and Name matching are no protection against identity theft. This well intentioned effort at curbing illegal employment will actually accelerate identity theft by encouraging others to use valid name and SSN combinations, rather than simply making up a valid number.

Monday, December 18, 2006


(illustration from the Wall Street Journal)
Two years ago the ability of a consumer to lock down their credit information from unauthorized prying eyes as nearly doomed as the previous congress, under heavy pressure from banks and credit reporting companies moved forward to eliminate 24 state laws which provided for this important protection.

The attorneys general of 49 states had argued that consumers should be allowed to block access to their credit records thus closing a major vector of fraud and identity theft. The credit rating companies, facing the significant loss of revenues from the widespread selling of your personal information opposed state laws and sought to eliminate “credit freezes” in the congress. Under the guise of providing for a national program, the congressional committee responsible for such legislation reported a bill which effectively eliminated “credit freezes” in all states and replaced it with a federal law which provided no such protection.

Fortunately the “do nothing congress” did nothing and the bill languished amid partisan cat calling and inaction.

We have urged our clients to contract congress to allow the states to pass their own laws in this area. And if a national law were needed then the law must provide similar protections to the 24 states currently with these laws, rather than eliminating the protection all together. Fortunately our congressional representatives have been listening. The Wall Street Journal reported this weekend that the new congressional leaders intend to bolster privacy rights in the next congress. Among these improved protections against identity theft and fraud will be provisions to allow states to continue their protections or to adopt strict federal legislation allowing consumer to lock down their credit information from unauthorized prying eyes.

Friday, December 15, 2006


KnightsBridge Castle has been critical of credit monitoring from its inception for a number of reasons. It reports new credit lines after the credit line has been looted by criminals, many institutions will grant credit without checking a credit report, and lastly notifications that someone has recently purchased your credit report is a poor indicator of pending theft. Lastly we don’t like credit monitoring because it creates a false sense of protection against the over 80 crimes of identity theft – of which credit fraud is only one.

Now the New York Times has published a stinging criticism of credit monitoring. We quote briefly from the article by Ed Zugra below:

“Melody Millett was shocked when her car loan company asked her if she was the wife of Abundio Perez, who had applied for 26 credit cards, financed several cars and taken out a home mortgage using a Social Security number belonging to her actual husband. . . Melody Millett found that the Social Security number of her husband, Steven, was being used to apply for financing under another name. Beyond her shock, Mrs. Millett was angry. Five months earlier, the Milletts had subscribed to a $79.99-a-year service from Equifax, a big financial data warehouse, that promised to monitor any access to her credit records. But it never reported the credit activity that might have signaled that they were victims of identity theft. “

The incident describe in the article is common. This is not the result of a glitch in some system. It is the result of a failed system of reporting by the credit reporting companies. The New York Times article continues:

“At the same time, credit monitoring may fail to detect that a credit request was even made. For example, a fraud artist may use someone else’s personal identification information — like a Social Security number — but take out a loan in his or her own name. The data mismatch can cause the bureau’s computer systems to route the loan request to a separate file so that a credit-monitoring service never picks it up.”

At KnightsBridge Castle we believe that only a credit freeze, allowed now in 26 states, is the best way to prevent credit fraud. We also believe that a comprehensive program of protection is required that provides protection against credit fraud, bank forgery, wire transfer fraud, employment fraud, medical benefits fraud, and over 70 other form of identity theft.

We also object to credit monitoring on the basis that it is similar to extortion rackets. The credit rating companies sell information to anyone. Now they want to sell it to you to protect yourself against the others they sell the same information to. There is something fundamentally wrong with this picture,

The New York Times article was published on December 12, 2006 and for subscribers to the times the article may be found at the link below:

Thursday, December 14, 2006


In our continuing effort to fight the many crimes of identity theft, KnightsBridge Castle’s CEO has been admitted to the national CyberCop program. The CyberCop program is part of the InfraGard National Members Alliance (INMA or “InfraGard”), the largest national network of private sector, FBI- vetted subject matter experts (SMEs) for critical infrastructure protection. KnightsBridge Castle will begin using its CyberCop portal beginning today to facilitate secure communication with other InfraGard members, local chapters and local, state and Federal government agencies.

InfraGard’s goal is to promote ongoing dialogue and timely communication between its members and local, state and federal government and law enforcement agencies, including the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS). InfraGard members provide subject matter expertise to federal agencies that enhances their ability to secure and protect our nation’s critical infrastructures from terrorism and other crimes.

“Identity theft is a major threat to our personal welfare and to our national security” said Tim Logan CEO of KinightsBridge Castle. “Not only do common criminals steal identities, but so do international drug cartels, organized crime groups, and terrorists. We are proud to participate in this program and to extend our protective service to cover a wider range of crimes” he concluded.

The CyberCop portal was designed to provide a secure, Web-based environment to promote and facilitate the communication of sensitive information among a cohesive network of law enforcement, homeland defense and first responder professionals from all levels of government - including international, federal, state and local - and the private sector. InfraGard uses the CyberCop portal to facilitate communications with its approximately 12,000 active members while also providing dedicated portal space for InfraGard partners like KnightsBridge Castle and affiliated organizations as well as for each of InfraGard’s 84 local chapters. Through CyberCop, InfraGard participants can control access to their information down to the chapter and individual level.

CyberCop, an ESP-coined term, refers to computer forensic experts, law enforcement and emergency responders that use the Internet to collaborate and share information with one another. Due to various geographic, system, political and monetary barriers, these individuals are rarely able to securely engage one another to share case information and to exchange best practices and lessons learned. As a result, The ESP Group created this secure portal which is committed to providing a safe and secure environment where ideas can be freely exchanged to aid individual efforts and to foster cooperative efforts in the fight against crime, terrorism and the security of the nation.


Founded in 1996 in the Cleveland, Ohio field office of the Federal Bureau of Investigation, the InfraGard National Members Alliance (INMA or “InfraGard”) is the largest national network of government-vetted private sector experts. With more than 11,000 active members across the organization’s 84 local chapters, InfraGard provides a vital link in protecting the nation’s infrastructure by serving as subject matter resources to local, state and Federal government and law enforcement agencies. InfraGard National Members Alliance is a volunteer non-profit 501(c)3 corporation.

Tuesday, December 12, 2006


This week we received a distress call from a new victim on the Nigerian Scam. The victim was local so we had the opportunity to talk directly with the victim.

The victim had fallen for the classic Nigerian scam and had used a bank transfer to send everything they had to obtain the huge returns promised by the criminals. Needless to say the money disappeared.

We interviewed the victim who brought family members for support. The victim was in tears. The family distressed.

The victim kept asking why our government allowed these scams to occur. At KinghtsBridge Castle we have no answer to this question.

Many of us know of this scam and its variants, and some are surprised when a victim appears. “Everyone knows about this scam. Why did she fall for it,” commented one of the staff. The answer is that everyone does not know. And in a moment of weakness any one of us may be tested by a scam where the returns are too good to be true.

Unfortunately this scam had the traditional additional elements that made the crime more horrific.

The Nigerian criminals pressured the victim to come to Nigeria and deliver the money. The victim wisely declined. People traveling to Nigeria responding to this scam have been killed or kidnapped.

The criminals attempted to perpetrate a second scam by offering to fix the problem for additional payments.

And lastly they began threatening the victim with violence if the victim did not pay more.

At the time we met the victim had not contacted the police, FBI, or Secret Service.

After examining her documents we immediately contacted the authorities. The Secret Service has jurisdiction over this matter and they took critical banking information and are trying to trace the flow of the funds. Local police have been contacted as well. Banking authorities were also notified.

The threats of violence should end with the police reports and notification. The criminals are relying on shame and fear to keep extorting money from the victims.

This scam and its variants are real. We have seen two victims and stopped several people from becoming victims. Not everyone knows about the Nigerian scam and now we have another victim of what the Financial Times of London calls an $800,000,000 crime wave.

Friday, December 08, 2006


One of the first clients of KnightsBridge Castle informed us today that the identity thief we were able to identify in her case is to be sentenced this week.

Our client came to us after 5 years of continuing check forgery and identity theft. The local police had lost interest and considered the client a nuisance. With the help of our case specialist we gathered the facts, performed research, and presented all of her information to the police fraud department in an organized manner. We also used our contracts within the regional fraud detective’s network to bring attention to the matter.

Within days of presenting a complete case to the police an arrest warrant was issued in another state. An arrest followed and then a conviction.

This week a sentencing. Our client is overjoyed to end five years of fear and to have the culprit convicted. We are very happy to have served our client in making a difference.

(Note: the facts of this paticular case have been jumbled a bit to esnure client protection)

Wednesday, December 06, 2006


We are now receiving at KnightsBridge Castle no less than four separate PayPal phishing attempts every day. It’s starting to look like phishing and spam. To think that anyone would fall for these scams is amazing. But they must continue to work.

In one case today when you click on the PayPal link you actually are clicking on a link that looks something like this: (we changed the URL slightly to protect our readers)


EXP=1138544186 /**http%3a//61.57.2nn.209/%20/.
confirm/index.php?MfcISAPI Command=SignInFPP

If you can read this URL you know its trouble. We know its theft.

We used to have fun tracing the origin of the sites to Uruguay, Moldavia, and Chechnya. But the fun is gone.

Never communicate with PayPay or any vendor by clicking a link included in an email or web page attached to an email. NEVER.


In an unending stream of lottery frauds we noticed today’s fraud with some interest. It seems that Wall Mart and Publisher’s Clearing House are sending out checks to international lottery sweepstakes winners by the hundreds. All the recipient need do is cash the check and wire money to pay fees to receive the remainder of the winnings.

The checks are bogus. The wire transfer pays the fraudsters cash from your account and then opens the account for wire transfer draining of all that is left in the account. If you win a contest you did not enter it’s the start of theft. If you are asked to pay fees directly to the person claiming you won something its theft.

Tuesday, December 05, 2006


It’s the holiday season and you’re probably seeing racks of gift cards at stores for everything from hamburgers to electronics. The value of these cards varies but the larger amounts are considerable.

A new scam has been reported that we have as yet been unable to confirm. However caution is warranted when buying gift cards off a rack in a store. We have received reports that fraudsters are using cell phones to photograph bar codes and other information on the back of gift cards. Upon returning to the store the fraudster can see that a specific card or group of cards has been sold. Using information on the card the card is activated and the account drained. Fraudsters are fully aware that in most cases these gift cards will sit under a Christmas tree until the end of the holiday given the thief plenty of time to act.

Caution is warranted when buying gift cards from a rack in a store.

Monday, December 04, 2006


In the past few days in the UK a new ATM connectivity scam has been uncovered. The scam involves placing an MP3 recorder between the ATM machine and the telephone line linking the ATM to the home bank. The MP3 recorded the data carried down the line from the ATM. This data was then transferred to a PC and subsequently decoded by a fraudster with previous experience of cards, using software from Eastern Europe.

An estimated £200,000 ( $360,000) of goods were obtained using counterfeit cards produced from the de-encrypted information. Fortuitously, the gang using the cards in the UK was arrested as a result of a traffic violation before further fraud could be committed.


Consumers often don’t realize what it takes to run a scam on the internet. The amount of equipment needed is very little and the costs of setting up a scam can be less.

A recent report in the Financial Times commented that Verisign, the internet security company, believes that virtually 100% of all the on-line transactions originating in the Former Yugoslav Republic of Macedonia are “suspicious”.

Macedonia has in recent years built an advanced internet infrastructure with 100% of the population covered by high speed internet links. In a country like Macedonia a simple PC or a slightly more expensive server can send out hundreds of thousands of phishing scams every day. Junk email by the millions is possible as well as targeted hacking attacks. Needless to say, law enforcement for fraud occurring in the US, but originating in Macedonia is non-existent. These websites often purchase security certificates and https links providing full security. The website transaction may be secure, but the persons operating the websites are completely criminal.

In parts of the former Soviet Union, such as Moldavia, it’s as simple. A generator to provide power, a cheap server, a satellite link, and an unemployed computer scientist are all that is needed to engage in fraud without any recourse to police authorities. In fact in some of these countries the police are providing protection to criminals in their activity.

Wednesday, November 29, 2006


It’s the holiday season and the stores will be filled with happy families rushing for last moment presents for loved ones and friends. The stores will also be filled with criminals and thieves intent on having a happy holiday at your expense.

For stores and merchants this is the busiest time of the year and almost every store will run short handed and often with untrustworthy temporary employees. Normal credit checking procedures will not be followed or waved as merchants try to capture as much income as possible. Instant store credit will often be granted without ID verification or credit checking.

What can you do to protect yourself during this season?

Here are KnightsBridge Castle’s suggestions for extra care during the holidays:

Check you credit card when it is returned to you to make sure it is you own, and not substitute.

If possible, don’t let your credit card out of your view when processing payments at a store.

Check your on-line credit accounts frequently – at least weekly or more often for early detection of fraud.

Close unused and dormant merchant accounts. These accounts are like open doors inviting thieves to enter your home and accounts.

Shop on-line. Many risks are reduced through on-line shopping.

Make a photocopy of the contents of your purse or wallet. If your wallet or purse are stolen are you going to remember exactly what you were carrying? Can you take action to close accounts within moments of the detection of theft?

If possible avoid making payments to temporary employees. Seek a supervisor or long term employee to handle your transactions.

Never apply for instant store credit. Instant store credit only provides thieves with effective and riskless ways to steal from merchants. You pay higher prices as a result.

Watch you incoming mail very closely for new unauthorized credit card welcome letters or cards. Last Christmas we had clients discovering up to 11 unauthorized cards during the hollidays.

To ensure a truly happy holiday, take a little extra care.

Tuesday, November 28, 2006


An all too common and overlooked fraud is credit card substitution. In this fraud your credit card is taken for a given transaction and a substitute card of similar appearance returned to you. It may be a fraudulent card or an expired card.

The fraudster hopes you will not notice that the card has been substituted, and most people don’t really look at their card when it is used to process a transaction. This gives the fraudster both your card and valuable time to use the card for fraudulent transactions. If you notice that the card was substituted the sales clerk will claim an error, feign embarrassment, and then find your real card.

It’s always wise to take a quick look at credit cards, ATM cards, and debit cards when returned by a merchant to ensure that the card has not been substituted or for that matter that the merchant during a busy Christmas season has not mixed you card with another.

Blog tracker