Wednesday, January 31, 2007


Fraudulent billing scams, facilitated by spamming, are clearly on the rise. We have noticed a significant increase in fraudulent bills in recent months.

Fraudulent billing scams are an old and established fraud, but the new scams have a very different intention that the older more traditional frauds. Traditional billing frauds often relied upon the recipient assuming that the bill was valid and then paying it. The amounts were often low, and both individuals and even large corporations would often pay rather than take the time and energy to confirm the amount owed.

These new on-line billing frauds have a more sinister intent. They are after your identity profile which allows the criminals to commit dozens of crime against you, including looting of all you financial resources including bank accounts, engaging in financial transactions in your name, money laundering, and other serious crimes.

For example here is a criminal email received by this office in recent days. We are not members of Ebay, and our Chief Financial Officer who previously worked with Ebay views these billing statements with both alarm and disgust. The name server to which the View Invoice link is connected is not a registered site. The site is probably in Asia or Eastern Europe – far beyond the reach of US law.

Hello Member,

Your monthly eBay Invoice is now available for online viewing.Invoice Date: Jan 26, 2007Amount Due: $47.34

You can review your current Invoice details and Account Status at any time by clicking this link:VIEW INVOICE

For future reference, you can access your invoice by following these steps:

Go to the eBay Home page.

Click My eBay at the top of the page, and sign in with your eBay User ID and password.

Click the "Seller Account" link (below My Account in the left navigation menu).

Click the "Invoice" link.

2007 eBay, Inc.


In recent weeks we have received at KnightsBridge Castle an increasing number of fraudulent loan offers. Many of these offers come in the form of “pre-approved” loans and are sent to staff individually and to some general email addresses such as “information” and “press”. That a legitimate “pre-approved” credit offer should come to an email address without any possible credit history, such as “information,” tells you immediately that this spam is from a criminal group.

These spam messages then lead to websites that look legitimate, but to the trained eye they are clearly fraudulent and intent on committing criminal acts.

What are these criminal groups after? Your personal information, as required on any loan application, is a pure gold for a thief. This information is key to hijacking your identity and committing a wide variety of crimes against you such as mortgage fraud, IRS fraud, credit frauds, and simply looting your bank account.

These sites are either harvesting your personal information or asking you to pre-pay processing fees. The processing fee scam has two benefits, it helps pay for the cost stealing your identity information, and it allows the criminals to initiate unauthorized electronic transfers from your bank to the criminal organization. The result, it is a looted bank account, for which the bank need offer no restitution. You freely gave up your banking information and were defrauded. Banks are under no obligation to make the fraud good by restoring your funds.

The techniques used to make these websites seem real vary. But they often include the use of the following elements.

Https URL name certificates – yes criminals can buy a HTTPS website certificate as easily as a legitimate business. Https is a URI scheme which is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port (443) and an additional encryption/authentication layer between HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.

Use of Seals and Logos from respected institution such as the Better Business Bureau (BBB) appear fraudulently on the website.

The use of local addresses are used on the website, however the fraudulent business is not local at all but offshore and far beyond the reach of US law.

The use of a legitimate bank or lending institution’s name. The name of the website and the logo look like a familiar brand name, but they are not part of the banking institution at all. They are scams.

The use logos and realistic looking links of Truste or other website verification techniques such as Verisign. TRUSTe, founded in 1997, is an independent non-profit organization best known for its Web Privacy Seal. VeriSign is well known for the VeriSign Secured Seal, which is an outward expression of a Web site's authentication and encryption commonly posted to VeriSign SSL Certificate customers' Web sites. However these logos can be stolen and pasted on the offending website. Also the click through verification can be faked if the user lacks the tools for checking the ultimate location of the responding website.

If you need a loan, for a car, debt consolidation, or just to pay for something you want, go to your local bank. If you must use an online service, go directly to the website from your browser, never to a link provided by email.

Wednesday, January 24, 2007


I was contacted by a close friend of the family this weekend who had received a large check drawn on a Canadian bank in the amount of $85,000 together with a letter urging the friend to cash the check and the then send a check for $7500 to cover taxes due. This was the now infamous Canadian Lottery Scam, in which good looking but bogus checks are sent for supposed lottery winnings. The victim is asked to pay a fee, in this case $7500 as soon as the check is deposited.

Fortunately for the family friend they did not immediately write a check but instead waited for the check to clear the bank. Of course the check bounced – it was a good looking but very bad check.

However, the friend of the family wanted to know why the check bounced. After all they had won a lottery. Should they resubmit the check? Clearly something had gone wrong. Perhaps they should pay the $7500 first and then resubmit the check again.

Patiently I explained that this was a well known fraud. However the family friend did not want to hear this. They wanted to believe that this “too good to be true” opportunity for significant gains was real. Our family friend became heated in the argument. Insisting again and again that it must be real because the check was clearly a real check. And that taxes were clearly due. And that the could really use the money.

“Did you enter a lottery in Canada” I asked. “No” was the reply. “Did the check bounce?” I asked. “Yes” they said. “Is this too good to be true?” I asked again. ?Well yes, but I still think it’s valid” was the reply.

Finally the family friend, an elderly woman who clearly would benefit from any financial windfall, agreed not to send any money until the resubmitted check cleared the bank. She wanted to believe.

In this conversation I became the unreasonable person and hostility was directed toward me for informing her of a simple truth – it was a scam, there were no winnings.

The power of greed and of scams which appeal to this weakness in human nature continues to amaze us at KnightsBridge Castle. We have on occasion become the subjects of anger and resentment when we tell clients and potential clients that their supposed wonderful windfall is a nightmare fraud in disguise. I greatly hope the family friend will not send the money as requested by the fraudsters. However I am not really certain that she will follow our advice.

Greed and wishful thinking are as powerful as narcotics in clouding reason. Fraudsters rely on this weakness in our nature every day.

Friday, January 19, 2007


While millions of Americans struggle with identity theft each year we often forget the need to protect our children from the ravages of this crime. Identity theft is not a crime that affects only adults. The crime is frequently directed against children. Why? The records of children are perfect for committing crimes – they are blank slates upon which a criminal may construct elaborate and complex identity crimes which are unlikely to be detected for many years.

Parents of minor children need to monitor the personal information about their children to ensure that identity theft is detected quickly and terminated before one of the many crimes of identity theft are committed -- such as IRS tax fraud or medical benefits fraud. Identity crimes against children may have very long lives and they can affect your child’s tax status, their qualifications to enter schools and colleges, their credit ratings, and their employment prospects. Children can be affected in hundreds of ways which can damage their future prospects in life.

What can you do to protect your minor children?

The first line of defense is to monitor the use of your child’s Social Security Number (SSN). The use of the number can be detected through the use of specialized fraud prevention and detection tools such as those used by KnightsBridge Castle’s eye-spy™ programs. KnightsBridge Castle’s experience has been that as many as 30% of minor children’s SSN’s have been compromised. The unauthorized use of the SSN runs the gamut of simple transposition errors to full blown identity hijacking. When the unauthorized use of a SSN is detected a series of proven steps for the assessment of the use can be undertaken. While these steps can be complex they are effective in limiting the damage to your child’s future.

If you can catch unauthorized use of a SSN and shut down the identity thieft of a minor child at an early age then the damage may be limited. However, the trauma and confusion of discovering your child’s stolen identity when applying for his first job, or seeking a student loan, or applying for college can be heartbreaking.

Wednesday, January 17, 2007


Here is a list of recent phishing attacks. This list is compiled from a variety of sources.

Phishing Alert
The Co-operative Bank p.l.c.

Malicious Websites / Malicious Code
Brazilian and Russian hackers are now cooperating in launching new very advanced phishing techniques.
Phishing Alert
Kaw Valley State Bank and Trust

Phishing Alert
ELGA Credit Union

Phishing Alert

Phishing Alert
RHB Bank

Malicious Website / Malicious Code
Adobe Acrobat XSS Vulnerability

Phishing Alert
Andover State Bank

Phishing Alert
Caisse d'Epargne

Malicious Website / Malicious Code
Skype Trojan Horse

Phishing Alert
Birmingham Midshires

Informational Alert
Cyber Extortion via Web Mail

Malicious Website / Malicious Code
MS Word Zero-Day

Phishing Alert
Community America Credit Union

Phishing Alert
First South Bank

Phishing Alert
Mazuma Credit Union

Informational Alert
Webcast: Exploit 2.0

Malicious Website / Malicious Code
MySpace XSS QuickTime Worm

Phishing Alert
Interchange Bank

Phishing Alert
Yorkshire Building Society

Phishing Alert
Derbyshire Building Society

Phishing Alert
Summit National Bank

Phishing Alert
Bank of Cyprus

Phishing Alert
State Bank of India

Phishing Alert
First Exchange Bank

Phishing Alert
Central National Bank of Enid

Phishing Alert
Fake Bank: McLloyds Bank International

NOTE: We are now recieving more than 5 PayPal phishing attempts per day against our request for information email address at KnightsBridge Castle.


Its tax time and our mailboxes will be full of important tax information such as 1099’s and W-2’s. These documents are highly prized by identity thieves since they are the “keys to the kingdom” and can be used to commit a wide variety of crimes against you such as IRS fraud, medical benefits fraud, bank and brokerage wire transfer fraud, and a wide variety of other ugly crimes.

The envelopes in which these documents are delivered are easy to spot and without a locking mailbox or other secure delivery mechanism you may be inviting thieves to enter your world and wreak havoc.

If you don’t have a locking mailbox get one immediately. Better yet use a Post Office Box and get the added security of protection by the postal inspectors while the mail remains in your PO Box.

Pick up your mail as soon as possible. Don’t let unattended mail sit in an insecure mail box.

If you’re traveling then have your mail held at the post office until you return. Get a bunch of the yellow card “Authorization to Hold Mail” (PS form 8076) and keep them handy.

And now the most important advice of all –

FILE ELECTRONICALLY OR IF POSTING YOUR TAX RETURNS CARRY THEM INTO THE POST OFFICE AND HAND THEM TO A POSTAL EMPLOYEE WHO STANDS BEHIND THE COUNTER. Never, never, put tax forms in the blue post boxes on street corners. Never, never hand tax forms to persons standing on the street in front of the post office that may or may not be identity thieves.

Saturday, January 13, 2007


One of the popular misconceptions about the Federal Trade Commission and the Social Security Administration is, that when you report identity theft crimes to them, that these agencies will actually do something with the information you provide to protect you or initiate an investigation on your behalf. The truth is that both the FTC and the SSA will do nothing with the information you provide other than perhaps file it. There are some exceptions to this general rule of inaction, but these are few and far between. Theft of social security benefits is one exception. Hijacking of your social security number and using it for other illegal purposes will not be investigated by the SSA.

We have written extensively on the Public Relations campaigns of the FTC in their mistaken attempt to assure us that they are fighting this crime wave. However their pronouncements have no real substance to support any factual base for their competency in dealing with the crime wave of identity theft. After all, what can 14 employees within the FTC actually do with over 8 million reported cases per year? Here is a copy of the letter returned to a client following a report by the client of identity theft as outlined on the FTC website.

References in this letter to sharing the data with police departments are true, however we are aware of no police department that accesses or uses this information - and we have talked with many departments over the last two years. Raw and unverified information placed into the FTC Sentinal database is of no use to the police in investigating crime.

Please note, they do provide a brochure, but at the same time say nothing about what if any action will be taken. From long and hard learned lessons we are confident that they will only file the report and do nothing.

June 21, 2006

Thank you for contacting us about identity theft. The information you have requested is enclosed. We hope it provides information that will be useful to you. Please let us know if you have any other questions or concerns about identity theft.

You can always reach us in three ways:
1) you can call us toll-free at 1-877-ID THEFT (1-877-438-4338);
2) you can visit our website at; or
3) you can write to us at:
Identity Theft Clearinghouse
Federal Trade Commission
Washington, DC 20580

For consumer problems not related to identity theft, please call the FTC's Consumer Response Center toll-free at 1-877-FTC-HELP (1-877-382-4357), or visit the FTC's website at

We appreciate any comments or suggestions you may have. Please mail any feedback to us at the above address. The efficacy of our identity theft tracking and referral program is dependent upon information we receive from people like you. Thank you for contacting us. How We Use Your Information

We use personally-identifying information gathered from consumers in various ways to further our consumer protection and competition activities. We collect this information under the authority of the Federal Trade Commission Act and other laws we enforce or administer. We enter the information you provide into our database to make it available to our attorneys and investigators involved in law enforcement. We also may share it with a wide variety of other government agencies enforcing consumer protection, competition, and other laws.

If you contact us because you have been the victim of Identity Theft, we also may share some information you provide with certain private entities, such as credit bureaus and any companies you may have complained about, if we believe that doing so might help resolve identify theft-related problems.

In addition, when you submit a complaint, you may be contacted by the FTC or any of the agencies or private entities to whom your complaint has been referred.

In other limited circumstances, including requests from Congress, Freedom of Information Act (FOIA) requests from private individuals, or in accordance with our public record rules, we may be required by law to disclose the information you submit.

The information you provide is up to you. If you don't provide your name or contact information, it may be impossible for us to refer, respond to, or investigate your complaint or request.


Identity Theft Clearinghouse Enclosures:1. Take Charge: Fighting Back Against Identity Theft (CRE-02)

Friday, January 12, 2007


“Pretexting” is an identity theft crime in which someone poses as the victim in order to obtain private commercial information such as billing information and telephone number call lists. The protections with businesses, such as the phone company or utility company are few, but the law is very clear – it’s illegal.

However law enforcement at both the state and federal level has been lax in prosecuting this crime. But with the recent revelation of identity theft crimes against board members at Hewlett Packard by the Chief Executive Officer of the company, the reluctance to prosecute seems to have evaporated.

Within weeks of the public appearance of this crime the California Attorney General moved to prosecute the crime. On January 11, 2007 it became apparent that Federal Prosecutors were also moving against a private detective working out of Colorado and for HP. Today on the 12th the press announced that an arrest had been made by federal officials for the identity crime of pretexting by the private eye.

Pretexting is a crime. It has been a crime for years. Pretexting is the theft of confidential, protected, and private information. We support both state and federal prosecutors in their willingness to tackle this crime.

Monday, January 08, 2007


Today’s emails and phishing scam is included below. The domain name for this site was registered on January 4. Needless to say we have not applied for a loan. The email came to our general information email address. The URL provided has no server and an analysis of the actual coding of the email indicates that a redirect to another hidden site is highly likely.

Here for you amusement and amazement is today’s email scam:


Thank you for your loan request, which we recieved yesterday, your refinance application has been accepted

Bad credit OK, We are ready to give you a $371,000 loan, after further review, our lenders have established the lowest monthly payments.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second Secure Web-Form.


Using a safe sacraficial browser we visited the site and noticed that the website had unauthorized logos for the CAN-Spam organization, VeriSign, Equal Housing Opportunity logo, and Trust-e. The links to these organizations were not links at all, but simple pictures of the logos of the trusted site.

Wednesday, January 03, 2007


States Allowing Credit Record Lock Downs – States Allowing Credit Freezes
California, Colorado, Connecticut, Delaware, Florida, Illinois., Kentucky., Louisiana., Maine, Minnesota, Nevada., New Hampshire. New Jersey, New York, Oklahoma., North Carolina, Pennsylvania., Rhode Island, Utah*, Vermont., Wisconsin.

States With Freeze Rules Following ID Theft
Hawaii, Kansas., South Dakota., Texas, Washington.

* Effective September 2008


Regular readers of this blog will remember a few weeks ago that our staff met with a victim of the Nigerian Scan. After restraining our shock that someone could fall for this obvious fraud, we realized that what is common knowledge to ourselves is not so common to others. This is the variant of the Nigerian Scam we received today.

The scam email is classic in its form and offer.


Dear Sir / Madam, Before I proceed, I must first apologize for this unsolicited mail to you. I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, but you will realize the need for my action.

My name is Barrister James Parker of the SAGARDOY LEGAL PRACTITIONER´S & FINANCIAL SOLICITOR´S. Actually, I got your contact information through the U.S.A. public records while searching for a name similar to my Late client Eng. Johannes Neice an expatriate engineer who worked with the Mining and Smelting Company (Asturiana de Zinc S.A.) in Holland for Thirteen years. He died along with his family during the Tsunami catastrophic, which occurred on Monday 27 December 2004. Before his death, he deposited One Trunk Box/Diplomatic Personal Treasure containing the sum of $8.752M (EIGHT MILLION AND SEVEN HUNDRED AND FIFTY-TWO THOUSAND US DOLLARS ONLY) with a security company here in Holland, but he did not disclosed the content of deposited diplomatic consignment to the security company for security reasons. The security company has however, mandated me to present any family heir/inheritor for claims before the consignment gets confiscated or reverts to the Bureau of Diplomatic Security as an unclaimed diplomatic immunity. So I decided to search for any of my late client's relative which has been very difficult for me, as he did not declare any other person, address, partner or relatives in the official paper works of his diplomatic consignment deposit.

Against this backdrop, my suggestion to you is that I will like you as a to stand as the next of kin to Eng. Johannes Neice, so that the diplomatic consignment will be released to you. With my position as his lawyer, I will now place your name as the next of kin to my late client. I will prepare every relevant document that will assist your claims, and facilitate the release of the consignment. Note that this transaction is 100% risk free. There is no atom of risk in connection to this business as I have worked out all modalities to complete the transaction successfully. Once the diplomatic consignment is released to you, we shall share in the ratio of 50% for me, 50% for you as your benefit. Reply via my private email for further clarification.

Please be kind to get back to me if you are not interested so that I can further my search for another partner. Best Regards Barrister James parker (ESQ)

Blog tracker