ID THEFT - PREVENTION, DETECTION, RECOVERY - A SERVICE OF KNIGHTSBRIDGE CASTLE

HOW WIDESPREAD IS IDENTITY THEFT – DELOITTE AND TOUCHE REVEALS 15,000,000 VICTIMS LAST YEAR.

2007-04-25T09:56:00.000-07:00

KnightsBridge Castle participated in the California Governors Identity Theft Summit on April 11, 2007 and once again we had the opportunity to view a widely divergent set of statistics concerning the growth of Identity Theft crimes in the US.

In the last two years, federal agencies such as the FTC and commercial enterprises such as the credit card companies have painted a picture a crime in decline citing approximately 7 million incidents. Both the FTC and the credit card firms have been somewhat self congratulatory about the reports they have issued or sponsored indicating a decline in the crime. However this rosy picture was somewhat tarnished when leading a leading market research company, Gartner Research, contradicted these reports recently and indicated that in the same period identity theft crimes had grown by 50% and is now exceeded 10,000,000 incidents per year.

Rena Mears, Partner in the auditing firm of Deloitte & Touche was the keynote speaker at the Governors conference and in her remarks she indicated that Deloitte’s estimate of identity theft crimes for this period was in excess of 15,000,000 victims in 12 months. In addition she commented that the financial impact of identity theft crimes had doubled in the pas 12 months. In other words the amount of money stolen or defrauded had increased significantly. She also noted that victim recovery (the ability to recover the financial loss – but not the loss of time and effort) had dropped from 87% in 2005 to 61% in 2006.

IRS FRAUDS AND TAX SEASON

2007-04-12T11:07:00.000-07:00

KnightsBridge Castle staff was interviewed a second time last week by NBC television about IRS Tax Frauds. The program will be aired tonight on the Bay Area NBC affiliate channel 11.

We offer here on our blog the critical issues discussed during the interview.

IRS TAX FRAUDS

Identity Theft Frauds which result in IRS Tax fraud are the most common type of Identity Theft – not credit card fraud

33% of Identity Theft involves hijacking a Social Security Number (SSN) for purposes of reporting illegal income, fore example:

Employment fraud, and false employment
Money laundering transactions, DMV fraud, Medical Benefits Fraud

The financial exposure of IRS Tax frauds are real – there is no policy of forbearance or quick resolution to these frauds – they are painful and expensive to unwind,

Two Common IRS Frauds

9095 Tax Form
You receive an official looking IRS 9095 tax form with an urgent message to complete the form and FAX is to a special IRS number. Failure to comply will result in your bank account being frozen. The form asks for your full personal information including banking information – such as bank routing numbers. The form is fake, and the special telephone number is a direct line to organized criminals.

IRS Email – Tax Refund
You receive an official looking email from the IRS informing you that you are eligible for a significant refund. The amount is often about $500 and the only requirement is that your reply to the IRS email with your personal information and your banking information – such as bank routing numbers.

Objective of these frauds

To obtain your personal information and your banking information and to then loot your bank account through wire transfer or other money transfer methods.

If you supply this information and do not exercise due caution and care in protecting your personal information, your bank has no obligation under law or in common practice to reimburse you for your loss. You have been robbed and you are unavailable to receive restitution from the bank, because you freely gave personal information without exercising care.

How to Spot an IRS Fraud

The government and business will never ask for information they already have. Confirmation gambits are always fraudulent.

Confirmation gambit – where someone poses as a business or government official and seeks your personal information (Such as SSN and banking information) to confirm your identity and to maintain their records.

Confirmation information is asked for in an email, by fax, or on the telephone.

You are offered a windfall from a business or government by email, telephone, or fax.

Tax Time Advice to Consumers

File your taxes electronically – reduce the potential for your paper forms and documentation to be lost or stolen by criminals

If you do file paper forms, hand them to a uniformed postal employee who is behind the counter at a post office

NEVER place them in street corner post boxes, of outgoing mail drops in
Businesses.

NEVER hand them to someone standing in front of the post office at the filing deadline who looks like a postal official. Always go inside the post office.

Once a year, use a commercial service to ensure that your SSN has not been hijacked by someone for use in committing fraud. The cost can be as little as $10 to detect the use of your SSN by someone else.

Never respond with sensitive personal information (including SSN and banking information) if you are contacted by email, fax, or telephone. If you are concerned, call back the business or the government agency at the number listed in the phone book and ask to talk to a representative about this matter.

TJ MAXX – ADVICE TO CONSUMERS - NBC INTERVIEW

2007-03-29T14:53:00.000-07:00

Tim Logan, CEO of KnightsBridge Castle spoke to NBC television today about the risks of fraud and impersonation crimes resulting from the loss of over 45 million credit card and debit card records by the retail company TJ Maxx. NBC wanted to know what consumers can do to protect themselves from this criminal attack.

“The TJ Maxx threat is serious,” said Tim Logan. “The loss of credit card numbers, debit card numbers, PINS, security features and drivers’ license number, to organized crime groups, presents a very real threat to consumers,” he continued. “This was not lost tape, or misplaced data. Organized criminals targeted TJ Maxx and systematically looted their databases over a six year period. This stolen information will be used to commit frauds and impersonation crimes for years and years,” said Tim Logan.

What can consumers do to protect themselves if they shopped at TJ Maxx? Mr. Logan provided NBC with the following general advice:

-- Take this threat seriously.

-- Remember commercial credit monitoring services will not protect you against this fraud. Credit monitoring will capture these frauds 60 to 90 days after they occur and have gone to collections. “Its like a fire alarm that goes off after the house has burned to the ground,” commented Logan.

-- Place a 90 day fraud alert on your credit records with the credit bureaus. Then lock down your credit records with a Credit Freeze in 25 states.

--Monitor your credit card accounts by checking statements immediately upon receipt – better yet, check using internet account tools once a week.

-- Debit Card holders are at the greatest risk. If you debit card has been compromised, cancel the card and have a new one issued. Debit cards do not provide adequate protection against fraud. They are not regulated by federal credit regulations as are credit cards with which your actual out of pocket loss is limited.

-- Subscribe to a service which monitors the dark web, where criminals buy and sell stolen information such as that taken in the TJ Maxx incident.

-- If fraud occurs:
o Notify the credit card company, or the debit card issuer immediately by phone. Then notify the credit rating companies. Failure to notify both the credit issuer and the credit rating companies may result in the loss of critical consumer rights under federal law.
o Always follow up in a written letter – keep copies and send a postal return receipt requested form.
o File a police report – without a report no crime has been committed and without a police report you cannot exercise your full rights to legal protection including permanent “fraud alerts” no-cost credit freezes, and lessened probability of later collection demands by creditors.
o Watch carefully for any suspicious activity involving your Drivers License information, such as unrecognized traffic violations, or auto insurance increases which may result from DMV or insurance fraud.

Tim Logan concluded “This is a serious breach of confidential financial and personal data. Consumers who take action to protect themselves now will avoid enormous grief and trouble later if they just take some simple precautions. No one will protect you. You must rely upon yourself to prevent and recover from this crime.”

IDENTITY THEFT – ONE THE RISE? OR IN DECLINE?

2007-03-20T10:48:00.000-07:00

Symantec, the internet security company and key provider of internet anti-virus software, released its annual Internet Security Threat Report volume XI this month. The Symantec report, similar to the Gartner report issued last week are in sharp contrast to studies issued by both the Federal Trade Commission and research sponsored by the credit card companies. While the FTC and credit card companies report declines in “identity theft”, both Gartner and Symantec describe a crime wave of unprecedented proportions growing rapidly and adapting to the weak preventative measures provided by government and business.

At KnightsBridge Castle we not surprised by the findings of growth in identity theft and frauds facilitated through the theft of personal information. However, we were surprised by the quantity of this activity originating in the USA. In recent years many analysts had assumed that the systems in which phishing scams, spam scams, internet initiated fraud, and the criminal resale of stolen and breached information had moved to safe havens offshore. The Symantec report indicates that up to one third of all this illegal activity still resides in the United States and therefore subject to the our law enforcement.

Here are some of the surprising findings of the Symantec report:

The Unites States was the top country of attack origin, accounting for 33% of worldwide attack activity.

86% of the credit card and debit cards advertised for sale on underground and illegal economy servers were issued by banks in the US

The government accounted for 25% of all identity theft related data breaches, more than any other sector.

51% of all underground economy servers were located in the USA.

46% of all known phishing web sites were located in the USA

The US has the largest proportion of spam zombies.

These findings are alarming, in that government regulatory agencies and law enforcement have within their reach the many of these illegal activities, yet they do little or nothing to shut them down. A phishing site in Moldavia or Beijing presents great challenges for American law enforcement, however a criminal server offering stolen banking information for sale located in Detroit is an entirely different matter. In our opinion its time for the Federal Trade Commission and US law enforcement to get focused on this crime wave and recognize that much of the threat lies in the USA and is therefore within the reach of the long arm of the law.

The full report is available on Symantec’s website at:

http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport

DEBIT CARDS AND INCREASED RISK OF FRAUD

2007-03-15T09:47:00.000-07:00

At KnightsBridge Castle we often advise clients to not use debit cards for payments. In our opinion the legal protections against fraud provided by “credit cards” are significantly superior to those protections against fraud found in “debit cards.”

Credit card use and fraud is protected under federal fair credit laws which limit your exposure to $50 per fraudulent charge. Most credit card issuers (but not all) will wave this fee in the event of fraud. However debit cards have fewer protections and losses are generally limited to $50 if the bank is notified within business two days. Losses reported after two days are limited at $500. If the loss is reported following a 60 day delay, the bank is under no obligation to reimburse you. While some banks offer added protections for debit cards, consumers are often ill prepared to follow the complex provisions of these additional debit card protections. For example, the added protections against fraud provided by VISA and MasterCard require that the debit card be authorized by a signature rather than a PIN. In a recent Wall Street Journal article the author commented:” The reason: Banks get higher fees from merchants when consumers use debit cards with signatures, rather than PINs.”

Whatever the risk, consumer protections against fraudulent use of cards is best provided by credit cards regulated under the federal fair credit laws. At KnightsBridge Castle we do not advocate either debit or credit payments. However, in our opinion, and based on our experiences in assisting fraud victims, you are far far safer using credit cards. If you don’t like debt, then pay off the card fully when you receive the bill.

FRAUD ALERTS – POOR PROTECTION AGAINST IDENTITY THEFT

2007-03-12T14:32:00.000-07:00

The CEO of an Identity Theft company which provides “fraud alerts” placed on your credit records with the credit reporting companies recently advised fraud alerts as a preventative technique for the prevention of identity theft. The CEO said “Placing a fraud alert with the major credit Bureaus … is a great frontline for defense.” By doing this the CEO explains any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.”

While this sounds like good advice "fraud alerts" are a very poor defense against identity theft. Why?

The fraud alert is not statutory – it is advisory. New credit issuers are not required to notify you of a new account. The law advises them to do so and in our experience less than half provide notice – often little more than a message on your answering machine or voicemail.

Secondly, fraud alerts are easily manipulated by credit thieves and they can be changed, removed, or worse modified by credit thieves. For example, the security measures of the credit bureaus are so poor, that credit thieves with a minimum of personal information can and will either remove the alert, or change the phone number to themselves.

Most important is that a fraud alert is applicable only to credit theft. Credit theft is less than 25% of identity theft. The single greatest form of identity theft is Social Security Number hijacking often for purposes of illegal employment. Fraud alerts do nothing to prevent or detect from the common identity frauds of IRS fraud, Medical Benefits Fraud, Drivers License fraud or over 70 other frauds facilitated by the theft of identity information.

Lastly, the CEO of this company charges $99 per person per year to assist you with this free service.

If you think that the small benefit of fraud alerts are of value, save yourself some money. Buy 12 envelopes and $4.68 of stamps. Address each envelope four times with the addresses of the credit reporting companies. Write a letter demanding a fraud alert. Place a copy in each letter. Then once a quarter mail three letters – one each to each credit reporting company. Save yourself $93.

Even better take a really effective measure to protect yourself against credit fraud – lock down your credit history with a credit freeze. New applications for credit cannot be processed without your permission to access your report.

IDENTITY THEFT UP 50% IN RECENT SURVEY

2007-03-09T12:46:00.000-08:00

15 million Americans were victimized by some sort of identity-theft related fraud in the 12 months ending in mid-2006, according to a survey by Gartner, Inc. Gartner’s survey is contradictory to the credit card company funded surveys indicating a 10% decrease in the crime for a similar period. The new survey revealed more than a 50 percent increase since 2003 when the Federal Trade Commission (FTC) reported 9.9 million American adult identity theft victims.

“Hackers are exploiting Internet auctions, nonregulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,” said Avivah Litan, analyst at Gartner. “The thieves have also discovered the weakest links in the U.S. payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves.”

In the past two years KnightsBridge Castle has seen enormous inconsistency in surveys attempting to characterize identity theft crime growth. The FTC has indicated that the crime is diminishing. The credit card company sponsored surveys have also indicated a small decline in the crime. On the other hand Federal Banking officials have completed a study indicating a 103% increase in mortgage fraud facilitated by identity theft for the same time period. Now we have Gartner’s report of a 50% increase.

These survey inconsistencies can sometimes be explained through examining the survey firms definition of identity theft. The FTC survey exclusively focuses on credit card crimes, thus ignoring identity crimes in false employment, IRS fraud, medical benefits fraud, and more than 70 other frauds facilitated through identity theft. The credit card company sponsored surveys are in our opinion biased and are funded to allow the credit companies to assure the public that new security measures are working to stem this crime wave.

While we lack the survey facilities of the FTC, Gartner, and the credit card companies, we do feel that we have a good feel for the state of identity theft in the USA. In our opinion this crime wave continues unabated, and if anything the Gartner survey may understate the real rate of growth both in the US and through out the world.

AGE OF FRAUD AND THE END OF CASH

2007-03-05T12:05:00.000-08:00

Two recent articles hit our desk at the same time and got the staff at KnightsBridge Castle thinking about the future of Identity Theft. The Economist Magazine featured an article announcing the end of the “cash era”. Electronic commerce, including the credit cards, debit cards, pay pal, and electronic payments from bank accounts has greatly diminished the need for notes and coins in the cash economy. The Economist noted “Notes and coins are already a small fraction of the money in most rich countries.” The article predicted that the within a few years cash as we understand it would cease to exist.

The second article was a series of comments by the President of the Association of Certified Fraud Analysts. In these comments the president of the association commented that the crime of the new century would be fraud. New technologies and new systems were actively creating new opportunities for criminals engaged in fraud and theft. Clearly the proliferation of frauds and identity theft confirm his views

As we enter a cashless society many classes of crime may diminish. For example when a bank contains no cash, or a store has no cash, certain types of robbery will disappear. However they are most certain to be replaced by new types of robbery and fraud.

Therefore we at KnightsBridge Castle believe that Identity Theft, and the frauds that are committed using personal information, are a crime wave that will not diminish. Reluctantly and sadly we find ourselves watching the unprecedented growth of identity theft and fraud as we exit the age of cash and enter the age of fraud.

BOGUS CD RATES REVEAL BOGUS ON-LINE BANKS

2007-02-21T09:27:00.001-08:00

Internet banking rates can be too good to be true. A company called Federal Savings offered an 8.85 percent rate on a six-month CD on its internet banking site. When bank rating agencies sought more information, the company's Web site disappeared. Later it popped back up with a 6.25 percent rate. When questions concerning the companies operations were directed to Federal Savings the company did not answer. Its Web site is down again, and the company could not be reached. To see whether a bank is federally insured, go to http://www.fdic.gov/.

Banking scams are growing on the internet and caution is advised. Make sure that the internet bank you have selected is legitimate. In addition carefully look at the name and URL (website address) of the bank in question. In the example cited above, there are many legitimate banks with Federal Savings in their name. So don’t be confused by names which sound legitimate or resemble know banking institutions.

Fraudulent banks on the internet can steal both your money and your identity. Use caution in selecting internet banking sites.

IT’S TAX TIME – WATCH THOSE W2’s AND 1099’s

2007-02-20T12:29:00.000-08:00

Most of us are careful about divulging our Social Security Numbers or Taxpayer ID Numbers. However soon to arrive in your mail will be key information which can be used to commit a wide variety of harmful identity theft and crimes of fraud. This mail often has blazed across the front of the letter such phrases as “Important Tax Documents” or other phrases that identity thieves can quickly spot. In addition the format for these documents and the envelopes that contain them make them very easy to spot if left unattended in an unsecured mail box.

Identity thieves and credit fraudsters often target un-secured mail boxes. A variety of techniques are used. Some of these techniques are simple such as opening unlocked mailboxes and simply taking the mail. Others are more sophisticated and include using simple tools to extract mail. Sometimes identity thieves will steal mail directly from postal authorities.

Identity thieves, criminal imposters, and other fraudsters know that tax time can be harvest time for identity theft. And W2’s and 1099 tax forms are of great value in committing the many crimes of identity theft.

Here are a few tips for protecting this important information and for preventing identity theft.

-- Locked Mailbox – get a locked mailbox or use a postal box to receive important documents such as W2’s and 1099

-- Clear Out Your Mailbox within 8 hours of receipt of your mail. Don’t let mail pile up in a mail box. Find out the time your mail is usually delivered and pick it up as soon after delivery as possible.

-- Store W2’s, 1099’s, and other tax documents in a locked and secured place within your home or office. Burglars know that these documents have street value and can be sold for cash to other criminals. Don’t leave these documents lying about the house or in conspicuous places such as boxes labeled Tax Documents, or next to your computer.

-- File your taxes electronically or by handing your tax documents directly to a postal official within the post office. Go to the post office window; never post tax documents in outside mail boxes.

MOST RECENT DATABREACHES

2007-02-14T11:51:00.000-08:00

At KnightsBridge Castle we track databreaches as they are reported. The loss of personal information security, enabled by a databreach at a government agency, merchant database, or other source is an increasingly common vector for identity theft, impersonation crimes, criminal activity, and fraud.

Here is a list of this weeks top five databreaches –

Wellpoint - [2007-02-14]

(196,000 Social Security numbers among information on stolen tapes)

Washington D.C. Metropolitan Police Department - [2007-02-11]

(Social Security numbers for 2,000 police officers exposed)

Department for Work and Pensions (UK) - [2007-02-10]

(Bank details of as many as 26,000 pensioners sent to wrong addresses)

State of Indiana - [2007-02-10]

(5,600 people and businesses notified about credit card numbers on hacked server)

Radford University - [2007-02-09]

(Breached computer contained 2,400 Social Security numbers and birthdates)

East Carolina University - [2007-02-09]

(Social Security numbers, names, and some credit card numbers for 65,000 posted to web)

St. Mary's Hospital - [2007-02-08]

(130,000 names, Social Security numbers and birthdates of patients on stolen laptop)

Central Connecticut State University - [2007-02-07]

(Letters reveal Social Security numbers for about 750 students)

University of Nebraska, Lincoln - [2007-02-07]

(72 Social Security numbers posted on public web site for over two years)

Johns Hopkins Hospital - [2007-02-07]

(Missing computer tapes contain Social Security numbers of 52,000)

FRUDULENT DEBT – IT KEEPS GOING, AND GOING, AND GOING

2007-02-12T12:04:00.000-08:00

Under federal and state law you are not responsible for debts incurred by fraudsters and identity thieves. The mailing of a stop contact notice to a creditor, together with a police report of the crime, and an FTC approved identity theft affidavit provides the needed notification to the debtor that a fraud has been committed. Debtors usually cancel the debt after a short investigation.

However, this does not mean the end of collection headaches for a proven fraudulent debt.

For example the collected bad debts of a credit card issuer or merchants may be packaged in bundles of debt and sold to debt collection companies. After some time these bad debts may be packaged and sold again. And then sold again.

Each new collection company may have no record of the status of the debt as fraudulent.

At KnightsBridge Castle we very often see debts that have been acknowledged as fraudulent and forgiven by the debtor, show up in the new collections efforts by collections companies – regardless of the status of the debt as a proven and accepted fraud.

It is critical that you keep written copies of all correspondence regarding the cancellation of a debt. Never fail to follow up a phone call to a debtor with a written notice of the fraudulent charges – even if the debtor says this is not necessary. Do not rely upon “fraud alerts” “information postings” or other notices with the credit rating companies for protection. Credit collections companies who purchase bundles of supposed “bad debts” pay little or no attention to the records of these companies. There only goal is to get money from you – regardless of the proven status of the fraudulent debt.

These fraudulent debts can show up time and time again. And each time you may need to provide copies of the original correspondence about the fraud to stop collections companies from harassing you.

LOTTERY SCAMS PROLIFERATE AND HIT HOME

2007-02-02T13:14:00.000-08:00

The famed and highly successful Canadian Lottery Scam has begun to spin off new variants and twists. This week we talked with yet another victim of this scam who lost well over $100,000.

We have modified some of the elements of this story, but not the basic facts, in order to protect current and potential victims.

The victim was notified by email of his extraordinary winnings in a Netherlands lottery by a large and ethical lottery company in Europe. However the email was from criminals not from the lottery company. He was directed to a legitimate looking website and given his client access information. And amazingly there was a web page indicating a balance in the lottery bank of millions of euros. All they had to do was provide personal information and pay fees and taxes and the money would be released to him. These criminals are after both money and key identity information to be used in later crimes.

Once again the tragedy of “too good to be true” strikes home.

Here is a copy of the criminal email.

From: "Tracy Moore" <xxxxx@hotmail.com> (NOTE; THIS IS FROM A FREE EMAIL HOSTING COMPANY NOT THE NETHERLANDS LOTTERY FIRM)
Date: February 2, 2007 8:56:51 AM PST
Subject: ANNUAL WINNING NOTIFICATION !!! CONGRATULATIONS !!!
Reply-To: xxxxx@aim.com (NOTE; THE REPLY IS TO A WIDELY DISTRIBUTED SPAM GENERATOR PROGRAM)

ANNUAL WINNING NOTIFICATION !!! CONGRATULATIONS !!!
Computer Ballot Jackpot 'A' Draw Result.
FROM: De LOTTO.NL
PRIZE AWARD DEPT.

REF No: QNL/4A51/8C60/06
BATCH No: XA3/312-59
TICKET No: 334/ 660078
SERIAL No: 05908
LUCKY No: 9-43-97

WINNING EMAIL NOTIFICATION [FOR CATEGORY "A" WINNER ONLY].

Dear Lucky Winner,

Congratulations to you as we bring to your notice, the results of the Free Email Computer Ballot Jackpot 'A' draw 1st Category of LOTTO.NL.

We are pleased to inform you of the result of the Lottery Winners International programs drawn today, 29/01/2007. Your E-mail address attached to Ticket number 334/ 660078 with Serial number 05908 drew the lucky numbers 9-43-97, which consequently won in the 1st category; you have therefore been approved for a lump sum payout of EUR2, 500, 000. 00 Euros. (TWO MILLION, FIVE HUNDRED THOUSAND EUROS). CONGRATULATIONS!!!

This lottery is a promotional program by LOTTO.NL (Biggest lottery Organization in the Netherlands) to advertise to the world its existence. All participants were selected through a computer ballot system drawn from over 50,000 companies and 2,000,000 individual email addresses from all over the world, as part of our international promotions program, which we intend to conduct several times a year.

To file for your claim, please contact our /your processing agent

CONTACT:
**********************************************
Mr. Andrew Thompson
Email: nlsoftwarepros@aim.com
Tel. No: +31-61-047-4520
Fax. No: +31-84-722-2680

**********************************************
You are advice to provide him with the following information:
Names:
Telephone/Fax number:
Nationality:
Age:
Company (if any):
Winning reference and Batch numbers:

NOTE: All winnings must be claimed not later than 14 days, thereafter unclaimed funds would be included in the next stake. Remember to quote your reference information in all correspondence. Members of the affiliate agencies are automatically not allowed to participate in this program.

Furthermore, we call on you to make sure that you save a copy of this mail and note every letter clearly as stated for we will not be held responsible should there be any complications in this transaction due to laxity on your part. Congratulations once more from our members of staff and thank you for being part of our promotional program. Should there be any change of address do inform our agent as soon as possible.
Congratulations once more from our members of staff and thank you for being part of our promotional program. Pls Do not reply to the email address from where you received the information, thank you.

Yours truly,

MS Caroline Van Bosch
Promotion Manager.
THANK YOU AND CONGRATULATIONS!!!

************THIS IS NOT SPAM***********

_________________________________________________________________

From the official website of the Netherlands Lottery company:

De Lotto warns against a large Lottery scam. In an e-mail (or letter), which is written in bad English, the addressee is told that he/she has won a large amount of money in a lottery. When the ‘lottery’ is contacted, it turns out that the prize can only be collected if a payment is made of thousands of dollars/euros for ‘handling fees’. Obviously the prize is never paid out. The organization behind the fraud operates under different names, often derived from well known lotteries. For example: Lucky Day Lottery, De Lotto Netherlands, Interlotto, Oy Keikkaus Switzerland, El Gordo de la Primitiva and Global Trust Lottery. The police and the Ministry of Justice have been informed about the fraud. Nevertheless, it is hard to stop the malpractices. The criminals give false addresses, and cannot be traced via the stated telephone numbers, e-mail addresses and P.O. Boxes. Neither do they have permanent addresses and moreover, they change their identity regularly.

If you should receive such an e-mail, do not respond in any way, don not provide these people with any personal identity information and do not pay any money!

BILLING SCAMS ON INCREASE ON THE INTERNET

2007-01-31T09:53:00.000-08:00

Fraudulent billing scams, facilitated by spamming, are clearly on the rise. We have noticed a significant increase in fraudulent bills in recent months.

Fraudulent billing scams are an old and established fraud, but the new scams have a very different intention that the older more traditional frauds. Traditional billing frauds often relied upon the recipient assuming that the bill was valid and then paying it. The amounts were often low, and both individuals and even large corporations would often pay rather than take the time and energy to confirm the amount owed.

These new on-line billing frauds have a more sinister intent. They are after your identity profile which allows the criminals to commit dozens of crime against you, including looting of all you financial resources including bank accounts, engaging in financial transactions in your name, money laundering, and other serious crimes.

For example here is a criminal email received by this office in recent days. We are not members of Ebay, and our Chief Financial Officer who previously worked with Ebay views these billing statements with both alarm and disgust. The name server to which the View Invoice link is connected is not a registered site. The site is probably in Asia or Eastern Europe – far beyond the reach of US law.

Hello Member,

Your monthly eBay Invoice is now available for online viewing.Invoice Date: Jan 26, 2007Amount Due: $47.34

You can review your current Invoice details and Account Status at any time by clicking this link:VIEW INVOICE

For future reference, you can access your invoice by following these steps:

Go to the eBay Home page.

Click My eBay at the top of the page, and sign in with your eBay User ID and password.

Click the "Seller Account" link (below My Account in the left navigation menu).

Click the "Invoice" link.

Regards,
2007 eBay, Inc.

BEWARE ON-LINE LOAN OFFERS AND APPROVALS

2007-01-31T09:35:00.000-08:00

In recent weeks we have received at KnightsBridge Castle an increasing number of fraudulent loan offers. Many of these offers come in the form of “pre-approved” loans and are sent to staff individually and to some general email addresses such as “information” and “press”. That a legitimate “pre-approved” credit offer should come to an email address without any possible credit history, such as “information,” tells you immediately that this spam is from a criminal group.

These spam messages then lead to websites that look legitimate, but to the trained eye they are clearly fraudulent and intent on committing criminal acts.

What are these criminal groups after? Your personal information, as required on any loan application, is a pure gold for a thief. This information is key to hijacking your identity and committing a wide variety of crimes against you such as mortgage fraud, IRS fraud, credit frauds, and simply looting your bank account.

These sites are either harvesting your personal information or asking you to pre-pay processing fees. The processing fee scam has two benefits, it helps pay for the cost stealing your identity information, and it allows the criminals to initiate unauthorized electronic transfers from your bank to the criminal organization. The result, it is a looted bank account, for which the bank need offer no restitution. You freely gave up your banking information and were defrauded. Banks are under no obligation to make the fraud good by restoring your funds.

The techniques used to make these websites seem real vary. But they often include the use of the following elements.

Https URL name certificates – yes criminals can buy a HTTPS website certificate as easily as a legitimate business. Https is a URI scheme which is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port (443) and an additional encryption/authentication layer between HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.

Use of Seals and Logos from respected institution such as the Better Business Bureau (BBB) appear fraudulently on the website.

The use of local addresses are used on the website, however the fraudulent business is not local at all but offshore and far beyond the reach of US law.

The use of a legitimate bank or lending institution’s name. The name of the website and the logo look like a familiar brand name, but they are not part of the banking institution at all. They are scams.

The use logos and realistic looking links of Truste or other website verification techniques such as Verisign. TRUSTe, founded in 1997, is an independent non-profit organization best known for its Web Privacy Seal. VeriSign is well known for the VeriSign Secured Seal, which is an outward expression of a Web site's authentication and encryption commonly posted to VeriSign SSL Certificate customers' Web sites. However these logos can be stolen and pasted on the offending website. Also the click through verification can be faked if the user lacks the tools for checking the ultimate location of the responding website.

THE BOTTOM LINE
If you need a loan, for a car, debt consolidation, or just to pay for something you want, go to your local bank. If you must use an online service, go directly to the website from your browser, never to a link provided by email.

THE CANADIAN LOTTERY SCAM HITS HOME

2007-01-24T13:39:00.000-08:00

I was contacted by a close friend of the family this weekend who had received a large check drawn on a Canadian bank in the amount of $85,000 together with a letter urging the friend to cash the check and the then send a check for $7500 to cover taxes due. This was the now infamous Canadian Lottery Scam, in which good looking but bogus checks are sent for supposed lottery winnings. The victim is asked to pay a fee, in this case $7500 as soon as the check is deposited.

Fortunately for the family friend they did not immediately write a check but instead waited for the check to clear the bank. Of course the check bounced – it was a good looking but very bad check.

However, the friend of the family wanted to know why the check bounced. After all they had won a lottery. Should they resubmit the check? Clearly something had gone wrong. Perhaps they should pay the $7500 first and then resubmit the check again.

Patiently I explained that this was a well known fraud. However the family friend did not want to hear this. They wanted to believe that this “too good to be true” opportunity for significant gains was real. Our family friend became heated in the argument. Insisting again and again that it must be real because the check was clearly a real check. And that taxes were clearly due. And that the could really use the money.

“Did you enter a lottery in Canada” I asked. “No” was the reply. “Did the check bounce?” I asked. “Yes” they said. “Is this too good to be true?” I asked again. ?Well yes, but I still think it’s valid” was the reply.

Finally the family friend, an elderly woman who clearly would benefit from any financial windfall, agreed not to send any money until the resubmitted check cleared the bank. She wanted to believe.

In this conversation I became the unreasonable person and hostility was directed toward me for informing her of a simple truth – it was a scam, there were no winnings.

The power of greed and of scams which appeal to this weakness in human nature continues to amaze us at KnightsBridge Castle. We have on occasion become the subjects of anger and resentment when we tell clients and potential clients that their supposed wonderful windfall is a nightmare fraud in disguise. I greatly hope the family friend will not send the money as requested by the fraudsters. However I am not really certain that she will follow our advice.

Greed and wishful thinking are as powerful as narcotics in clouding reason. Fraudsters rely on this weakness in our nature every day.

IDENTITY THEFT AND PROTECTING YOUR CHILDREN

2007-01-19T10:02:00.000-08:00

While millions of Americans struggle with identity theft each year we often forget the need to protect our children from the ravages of this crime. Identity theft is not a crime that affects only adults. The crime is frequently directed against children. Why? The records of children are perfect for committing crimes – they are blank slates upon which a criminal may construct elaborate and complex identity crimes which are unlikely to be detected for many years.

Parents of minor children need to monitor the personal information about their children to ensure that identity theft is detected quickly and terminated before one of the many crimes of identity theft are committed -- such as IRS tax fraud or medical benefits fraud. Identity crimes against children may have very long lives and they can affect your child’s tax status, their qualifications to enter schools and colleges, their credit ratings, and their employment prospects. Children can be affected in hundreds of ways which can damage their future prospects in life.

What can you do to protect your minor children?

The first line of defense is to monitor the use of your child’s Social Security Number (SSN). The use of the number can be detected through the use of specialized fraud prevention and detection tools such as those used by KnightsBridge Castle’s eye-spy™ programs. KnightsBridge Castle’s experience has been that as many as 30% of minor children’s SSN’s have been compromised. The unauthorized use of the SSN runs the gamut of simple transposition errors to full blown identity hijacking. When the unauthorized use of a SSN is detected a series of proven steps for the assessment of the use can be undertaken. While these steps can be complex they are effective in limiting the damage to your child’s future.

If you can catch unauthorized use of a SSN and shut down the identity thieft of a minor child at an early age then the damage may be limited. However, the trauma and confusion of discovering your child’s stolen identity when applying for his first job, or seeking a student loan, or applying for college can be heartbreaking.

PHISHING ATTACKS - NOVEMBER 15 TO TODAY

2007-01-17T09:59:00.000-08:00

Here is a list of recent phishing attacks. This list is compiled from a variety of sources.

01.16.07
Phishing Alert
The Co-operative Bank p.l.c.

01.15.07
Malicious Websites / Malicious Code
Brazilian and Russian hackers are now cooperating in launching new very advanced phishing techniques.
01.11.07
Phishing Alert
Kaw Valley State Bank and Trust

01.10.07
Phishing Alert
ELGA Credit Union

01.09.07
Phishing Alert
MoneyGram

01.09.07
Phishing Alert
RHB Bank

01.04.07
Malicious Website / Malicious Code
Adobe Acrobat XSS Vulnerability

12.28.06
Phishing Alert
Andover State Bank

12.19.06
Phishing Alert
Caisse d'Epargne

12.19.06
Malicious Website / Malicious Code
Skype Trojan Horse

12.18.06
Phishing Alert
Birmingham Midshires

12.11.06
Informational Alert
Cyber Extortion via Web Mail

12.06.06
Malicious Website / Malicious Code
MS Word Zero-Day

12.05.06
Phishing Alert
Community America Credit Union

12.05.06
Phishing Alert
First South Bank

12.05.06
Phishing Alert
Mazuma Credit Union

12.04.06
Informational Alert
Webcast: Exploit 2.0

12.01.06
Malicious Website / Malicious Code
MySpace XSS QuickTime Worm

11.21.06
Phishing Alert
Interchange Bank

11.20.06
Phishing Alert
Yorkshire Building Society

11.18.06
Phishing Alert
Derbyshire Building Society

11.18.06
Phishing Alert
Summit National Bank

11.18.06
Phishing Alert
Bank of Cyprus

11.15.06
Phishing Alert
State Bank of India

11.15.06
Phishing Alert
First Exchange Bank

11.15.06
Phishing Alert
Central National Bank of Enid

11.15.06
Phishing Alert
Fake Bank: McLloyds Bank International

NOTE: We are now recieving more than 5 PayPal phishing attempts per day against our request for information email address at KnightsBridge Castle.

IT’S TAX TIME AND THE IDENTITY THEIVES ARE LOOKING FOR YOUR MAIL

2007-01-17T09:05:00.000-08:00

Its tax time and our mailboxes will be full of important tax information such as 1099’s and W-2’s. These documents are highly prized by identity thieves since they are the “keys to the kingdom” and can be used to commit a wide variety of crimes against you such as IRS fraud, medical benefits fraud, bank and brokerage wire transfer fraud, and a wide variety of other ugly crimes.

The envelopes in which these documents are delivered are easy to spot and without a locking mailbox or other secure delivery mechanism you may be inviting thieves to enter your world and wreak havoc.

If you don’t have a locking mailbox get one immediately. Better yet use a Post Office Box and get the added security of protection by the postal inspectors while the mail remains in your PO Box.

Pick up your mail as soon as possible. Don’t let unattended mail sit in an insecure mail box.

If you’re traveling then have your mail held at the post office until you return. Get a bunch of the yellow card “Authorization to Hold Mail” (PS form 8076) and keep them handy.

And now the most important advice of all –

FILE ELECTRONICALLY OR IF POSTING YOUR TAX RETURNS CARRY THEM INTO THE POST OFFICE AND HAND THEM TO A POSTAL EMPLOYEE WHO STANDS BEHIND THE COUNTER. Never, never, put tax forms in the blue post boxes on street corners. Never, never hand tax forms to persons standing on the street in front of the post office that may or may not be identity thieves.

FILE AN IDENTITY THEFT AFFIDAVIT WITH THE FTC – EXPECT THAT THEY WILL DO SOMETHING WITH THE INFORMATION?

2007-01-13T14:07:00.000-08:00

One of the popular misconceptions about the Federal Trade Commission and the Social Security Administration is, that when you report identity theft crimes to them, that these agencies will actually do something with the information you provide to protect you or initiate an investigation on your behalf. The truth is that both the FTC and the SSA will do nothing with the information you provide other than perhaps file it. There are some exceptions to this general rule of inaction, but these are few and far between. Theft of social security benefits is one exception. Hijacking of your social security number and using it for other illegal purposes will not be investigated by the SSA.

We have written extensively on the Public Relations campaigns of the FTC in their mistaken attempt to assure us that they are fighting this crime wave. However their pronouncements have no real substance to support any factual base for their competency in dealing with the crime wave of identity theft. After all, what can 14 employees within the FTC actually do with over 8 million reported cases per year? Here is a copy of the letter returned to a client following a report by the client of identity theft as outlined on the FTC website.

References in this letter to sharing the data with police departments are true, however we are aware of no police department that accesses or uses this information - and we have talked with many departments over the last two years. Raw and unverified information placed into the FTC Sentinal database is of no use to the police in investigating crime.

Please note, they do provide a brochure, but at the same time say nothing about what if any action will be taken. From long and hard learned lessons we are confident that they will only file the report and do nothing.

June 21, 2006
Re: FTC Ref. No. NNNNNNN
Dear XXXXXXXXXXXXXXXX:

Thank you for contacting us about identity theft. The information you have requested is enclosed. We hope it provides information that will be useful to you. Please let us know if you have any other questions or concerns about identity theft.

You can always reach us in three ways:
1) you can call us toll-free at 1-877-ID THEFT (1-877-438-4338);
2) you can visit our website at www.consumer.gov/idtheft; or
3) you can write to us at:
Identity Theft Clearinghouse
Federal Trade Commission
Washington, DC 20580

For consumer problems not related to identity theft, please call the FTC's Consumer Response Center toll-free at 1-877-FTC-HELP (1-877-382-4357), or visit the FTC's website at http://www.ftc.gov/.

We appreciate any comments or suggestions you may have. Please mail any feedback to us at the above address. The efficacy of our identity theft tracking and referral program is dependent upon information we receive from people like you. Thank you for contacting us. How We Use Your Information

We use personally-identifying information gathered from consumers in various ways to further our consumer protection and competition activities. We collect this information under the authority of the Federal Trade Commission Act and other laws we enforce or administer. We enter the information you provide into our database to make it available to our attorneys and investigators involved in law enforcement. We also may share it with a wide variety of other government agencies enforcing consumer protection, competition, and other laws.

If you contact us because you have been the victim of Identity Theft, we also may share some information you provide with certain private entities, such as credit bureaus and any companies you may have complained about, if we believe that doing so might help resolve identify theft-related problems.

In addition, when you submit a complaint, you may be contacted by the FTC or any of the agencies or private entities to whom your complaint has been referred.

In other limited circumstances, including requests from Congress, Freedom of Information Act (FOIA) requests from private individuals, or in accordance with our public record rules, we may be required by law to disclose the information you submit.

The information you provide is up to you. If you don't provide your name or contact information, it may be impossible for us to refer, respond to, or investigate your complaint or request.

Sincerely,

Identity Theft Clearinghouse Enclosures:1. Take Charge: Fighting Back Against Identity Theft (CRE-02)

FEDERAL PROSECUTORS MOVE AGAINST THE IDENTITY THEFT CRIME OF “PRETEXTING”

2007-01-12T12:03:00.000-08:00

“Pretexting” is an identity theft crime in which someone poses as the victim in order to obtain private commercial information such as billing information and telephone number call lists. The protections with businesses, such as the phone company or utility company are few, but the law is very clear – it’s illegal.

However law enforcement at both the state and federal level has been lax in prosecuting this crime. But with the recent revelation of identity theft crimes against board members at Hewlett Packard by the Chief Executive Officer of the company, the reluctance to prosecute seems to have evaporated.

Within weeks of the public appearance of this crime the California Attorney General moved to prosecute the crime. On January 11, 2007 it became apparent that Federal Prosecutors were also moving against a private detective working out of Colorado and for HP. Today on the 12th the press announced that an arrest had been made by federal officials for the identity crime of pretexting by the private eye.

Pretexting is a crime. It has been a crime for years. Pretexting is the theft of confidential, protected, and private information. We support both state and federal prosecutors in their willingness to tackle this crime.

TODAYS EMAIL AND PHISHING SCAM

2007-01-08T13:06:00.000-08:00

Today’s emails and phishing scam is included below. The domain name for this site was registered on January 4. Needless to say we have not applied for a loan. The email came to our general information email address. The URL provided has no server and an analysis of the actual coding of the email indicates that a redirect to another hidden site is highly likely.

Here for you amusement and amazement is today’s email scam:

_______________________________________________

Thank you for your loan request, which we recieved yesterday, your refinance application has been accepted

Bad credit OK, We are ready to give you a $371,000 loan, after further review, our lenders have established the lowest monthly payments.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second Secure Web-Form.
www.XXXXXXXXXX.xxx

___________________________________________________

Using a safe sacraficial browser we visited the site and noticed that the website had unauthorized logos for the CAN-Spam organization, VeriSign, Equal Housing Opportunity logo, and Trust-e. The links to these organizations were not links at all, but simple pictures of the logos of the trusted site.

CREDIT INFORMATION LOCKDOWN - LIST OF STATES

2007-01-03T09:31:00.000-08:00

States Allowing Credit Record Lock Downs – States Allowing Credit Freezes
California, Colorado, Connecticut, Delaware, Florida, Illinois., Kentucky., Louisiana., Maine, Minnesota, Nevada., New Hampshire. New Jersey, New York, Oklahoma., North Carolina, Pennsylvania., Rhode Island, Utah*, Vermont., Wisconsin.

States With Freeze Rules Following ID Theft
Hawaii, Kansas., South Dakota., Texas, Washington.

* Effective September 2008

NIGERIAN SCAM – IT KEEPS GOING AND GOING AND GOING

2007-01-03T09:19:00.000-08:00

Regular readers of this blog will remember a few weeks ago that our staff met with a victim of the Nigerian Scan. After restraining our shock that someone could fall for this obvious fraud, we realized that what is common knowledge to ourselves is not so common to others. This is the variant of the Nigerian Scam we received today.

The scam email is classic in its form and offer.

SAGARDOY LEGAL PRACTITIONER´S &FINANCIAL SOLICITOR´S HOLLAND.Barrister James ParkerE-mail: ?????@yahoo.com

Dear Sir / Madam, Before I proceed, I must first apologize for this unsolicited mail to you. I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, but you will realize the need for my action.

My name is Barrister James Parker of the SAGARDOY LEGAL PRACTITIONER´S & FINANCIAL SOLICITOR´S. Actually, I got your contact information through the U.S.A. public records while searching for a name similar to my Late client Eng. Johannes Neice an expatriate engineer who worked with the Mining and Smelting Company (Asturiana de Zinc S.A.) in Holland for Thirteen years. He died along with his family during the Tsunami catastrophic, which occurred on Monday 27 December 2004. Before his death, he deposited One Trunk Box/Diplomatic Personal Treasure containing the sum of $8.752M (EIGHT MILLION AND SEVEN HUNDRED AND FIFTY-TWO THOUSAND US DOLLARS ONLY) with a security company here in Holland, but he did not disclosed the content of deposited diplomatic consignment to the security company for security reasons. The security company has however, mandated me to present any family heir/inheritor for claims before the consignment gets confiscated or reverts to the Bureau of Diplomatic Security as an unclaimed diplomatic immunity. So I decided to search for any of my late client's relative which has been very difficult for me, as he did not declare any other person, address, partner or relatives in the official paper works of his diplomatic consignment deposit.

Against this backdrop, my suggestion to you is that I will like you as a to stand as the next of kin to Eng. Johannes Neice, so that the diplomatic consignment will be released to you. With my position as his lawyer, I will now place your name as the next of kin to my late client. I will prepare every relevant document that will assist your claims, and facilitate the release of the consignment. Note that this transaction is 100% risk free. There is no atom of risk in connection to this business as I have worked out all modalities to complete the transaction successfully. Once the diplomatic consignment is released to you, we shall share in the ratio of 50% for me, 50% for you as your benefit. Reply via my private email for further clarification.

Please be kind to get back to me if you are not interested so that I can further my search for another partner. Best Regards Barrister James parker (ESQ)

PROVIDING PROTECTIVE SERVICES TO YOUR CUSTOMERS WHEN YOUR BUSINESS DATA IS BREACHED

2006-12-29T11:06:00.000-08:00

We often talk with businesses about protecting their customers after their business data has been stolen, lost, hacked, or compromised. Consumers are required by law to be notified when their personal information such as name, address, and social security number (SSN) have been compromised and failure to provide timely notification caries heavy fines and penalties.

The responses by businesses vary from simple notification of a breach containing minimal information to advanced protective services provided by the business for the “at risk” consumer

What should a business do when faced with a breach of consumer data? Complying with the law is one thing, but retaining valued customers is another thing entirely. If customers are valued, then minimal protection will undoubtedly result in the loss of those customers. A fully formed protection program, while challenging, may actually bond the business closer to its customers as the business demonstrates care and competence in managing this very real crisis.

Here is a list of things that will ensure that customers lose confidence in a business which is sending a breach notice:

A simple notice of breach, without explanation and with no remediation

To assure customers that you care about the breach you must explain in simple terms what happened, what you have done to correct the breach, and if the breach was intentional or inadvertent. Most breach notices, written by lawyers afraid of litigation, will say nothing about corrective action, your competence to deal with the crisis, and your loyalty to customers. A business that sends a minimal breach notice will undoubtedly scare their customers and who may well take their business elsewhere. Customers often need someone to talk to who can assure them that competent and speedy action has been taken to provide protection.

A simple notice of breach with minimal explanation and a free credit monitoring service.

Credit monitoring provides no meaningful protection to customers if their information has been compromised. Customer information is stolen for many types of crime. For example false employment crimes, IRS fraud, Medical Benefits Fraud and over 75 other types of identity theft related fraud are undetected by credit monitoring. In other words more than 75% of all identity fraud cannot be protected by credit monitoring. Further credit monitoring services detect credit card fraud only after the fraud has occurred and the consumer is left to clean up the mess. Think of a fire alarm that goes off after the house has burned down – that’s the value of credit monitoring. Consumers are lulled into thinking they are protected by these services, but as recent press coverage (see comments on press coverage in our other blog entries) has shown, consumers become very very angry when the identity thieves strike and their imagined protection proves worthless.

Here is a program that will work and will demonstrate competence and care of valued customers.

-- A brief and timely explanation of details of the breach without providing information of value to thieves. When did the breach occur? What have you done to keep breaches from happening again (e.g., new security measures, fired a sub-contractor, employee training programs, etc.) Was the breach intentional – was the information targeted for theft or simply lost or misplaced. A missing back up tape presents on set of challenges to a consumer, but a broken window and a smashed file case with selected records missing is something entirely different. Even worse is a targeted and hacked computer database.

-- Consumers need assurance that you are competently protecting their interests. They need a human to talk to about the breach. Both at the company whose data was breached and at a company which provides protective services. Consumers need to know that the business cares, and that identity theft prevention, detection and recovery experts are available to discuss their concerns and to take action. Disembodied phone trees with endless recorded messages are certain to make the customer more angry that they were when the received the breach notice.

-- A program that addresses all the avenues of crime that the loss of customer data enables is required. In addition to credit crimes, these include false employment fraud (the most common form of identity theft and devastating to consumers in the long run), medical benefits fraud, IRS fraud, bank theft and forgery, Drivers License fraud, immigration frauds, and many many others. While it may prove impossible to protect customers entirely following a breach, systems which prevent, detect, and have recovery procedures in place for these crimes is critical in keeping valued customers.

-- Rapid reaction and response, if a consumer is defrauded, is a major requirement and is missing from almost every program available today – such as credit monitoring programs. The customer needs a hot line and a trained identity theft expert available in a timely fashion to respond to hints of fraud or to actual fraud. If a business values its customers it will not leave them in the cold when the identity thieves strike.

Acquiring and keeping satisfied customers is a high priority for almost every business. Business managers should treat breaches of customer data using the golden rule. How do you want to be treated as a business person if another business looses control of your personal information? How would you feel if you were essentially told you were on your own, or given security tools which simply were unable to provide any meaningful safety to you or your family? A business data breach is ugly, but it provides an opportunity for the business to demonstrate that it values its customers and that it is competent in protecting them in the future. In other words it is a business that is worthy of continued patronage.

PHISIHING INCREASES DRAMATICALLY – CHINA IS THE CULPRIT

2006-12-28T11:46:00.000-08:00

A recent study by a leading internet security vendor reports a 300% increase in phishing attacks in the last week. It seems that not only does credit fraud peak during the holidays but also phishing and spam attacks.

The report points out that the significant increase is primarily due to a massive jump in phishing messages being sent from South Korea and China. China is now the biggest generator of phishing emails in the world, jumping from 10th position last week.

The significant increase is primarily due to a massive jump in phishing messages being sent from South Korea and China. In addition to the rise in phishing, the report commented that Christmas spam rates have exploded over November. At the end of October there was almost zero Christmas Spam distributed, but it now represents 10.9 per cent of spam overall

DISPUTE THE BILL – LOOSE IT ALL

2006-12-27T10:13:00.000-08:00

Today’s phishing variant is one in which you receive an invoice on a paypal account that you clearly did not authorize. The phishing scam provides an instant and highlighted link to dispute the bill. The “dispute transaction” link goes to a UK address and to a domain name that is not properly registered. In other words it goes into the ether and straight to criminals.

This email confirms that you have paid PALMTREOSTORE
(sales@palmtreostore.com) $419.95 USD using PayPal.
This credit card transaction will appear on your bill as
"PAYPAL PALMTREOSTORE*".
-----------------------------------------------------
PayPal Shopping Cart Contents I
tem Name: Palm Treo 700p smartphone
go-anywhere, Palm OS device
uantity: 1
Total: $399.95 USD
Cart Subtotal: $399.95
USDShipping Charge: $20.00 USD

Cart Total: $419.95 USD
------------------------------------------------------
Shipping Information
Shipping info: Andy Crouse
202 N Magnolia Dr.
Saco, ME 04072
United States Address Status: Unconfirmed
-------------------------------------------------------
If you haven't authorized this charge, click the link below to cancel the payment and get a full refound.
DISPUTE TRANSACTION

WHY CROSS CHECKING SOCIAL SECURITY NUMBERS WITH NAMES FOR PURPOSES OF EMPLOYMENT IS DOOMED TO FAILURE

2006-12-20T10:38:00.000-08:00

In the news this week has been the INS raid on the meat packing houses of Swift in which over 1500 employed illegal immigrants were arrested. All the illegal’s had qualified for employment at Swift by presenting one or more of the 10 documents required by the federal I-9 form for Employment Eligibility Verification. Among these is a passport, driver’s license, social security number (SSN), Certificate of Naturalization, foreign passport with US employment authorization, permanent resident card, alien resident card, temporary resident card, employment authorization card, temporary resident card, refugee travel document, or employment authorization from the Department of Homeland Security.

At KnightsBridge Castle we are continually seeing cases where identity theft is facilitated by making up a number in the SSN format and using it with another name. Credit reporting companies and other information companies see this all the time and never report a mismatch. Thus if you have credit under your SSN and name, another person can easily get credit using your SSN and their name. Yes, its sounds impossible, but it happens every day.

Until recently the same inability to match names to SSN’s was preventing employers from checking the validity of the name SSN match. Recent federal legislation now provides employers with the ability to validate these names and SSN for a proper match.

This legislation was intended to prevent illegal immigrants from seeking employment.

Like so many other efforts to block identity theft, this one is doomed to failure. Why?

Because, as reported in a recent Wall Street Journal article about the Swift raid, illegal immigrants seeking employment are already beginning to use valid name and SSN combinations. Name and SSN combinations can be stolen, rented, donated by other legal family members, purchased on the street, or acquired in many different ways.

SSN and Name matching are no protection against identity theft. This well intentioned effort at curbing illegal employment will actually accelerate identity theft by encouraging others to use valid name and SSN combinations, rather than simply making up a valid number.

PROSPECTS FOR NATIONAL CONSUMER CREDIT INFORMATION LOCK-DOWN OPTIONS GROW

2006-12-18T13:02:00.000-08:00

(illustration from the Wall Street Journal)
Two years ago the ability of a consumer to lock down their credit information from unauthorized prying eyes as nearly doomed as the previous congress, under heavy pressure from banks and credit reporting companies moved forward to eliminate 24 state laws which provided for this important protection.

The attorneys general of 49 states had argued that consumers should be allowed to block access to their credit records thus closing a major vector of fraud and identity theft. The credit rating companies, facing the significant loss of revenues from the widespread selling of your personal information opposed state laws and sought to eliminate “credit freezes” in the congress. Under the guise of providing for a national program, the congressional committee responsible for such legislation reported a bill which effectively eliminated “credit freezes” in all states and replaced it with a federal law which provided no such protection.

Fortunately the “do nothing congress” did nothing and the bill languished amid partisan cat calling and inaction.

We have urged our clients to contract congress to allow the states to pass their own laws in this area. And if a national law were needed then the law must provide similar protections to the 24 states currently with these laws, rather than eliminating the protection all together. Fortunately our congressional representatives have been listening. The Wall Street Journal reported this weekend that the new congressional leaders intend to bolster privacy rights in the next congress. Among these improved protections against identity theft and fraud will be provisions to allow states to continue their protections or to adopt strict federal legislation allowing consumer to lock down their credit information from unauthorized prying eyes.

CREDIT MONITORING – CRITICISM MOUNTS ON FALSE PERCEPTIONS OF PROTECTION

2006-12-15T10:52:00.000-08:00

KnightsBridge Castle has been critical of credit monitoring from its inception for a number of reasons. It reports new credit lines after the credit line has been looted by criminals, many institutions will grant credit without checking a credit report, and lastly notifications that someone has recently purchased your credit report is a poor indicator of pending theft. Lastly we don’t like credit monitoring because it creates a false sense of protection against the over 80 crimes of identity theft – of which credit fraud is only one.

Now the New York Times has published a stinging criticism of credit monitoring. We quote briefly from the article by Ed Zugra below:

“Melody Millett was shocked when her car loan company asked her if she was the wife of Abundio Perez, who had applied for 26 credit cards, financed several cars and taken out a home mortgage using a Social Security number belonging to her actual husband. . . Melody Millett found that the Social Security number of her husband, Steven, was being used to apply for financing under another name. Beyond her shock, Mrs. Millett was angry. Five months earlier, the Milletts had subscribed to a $79.99-a-year service from Equifax, a big financial data warehouse, that promised to monitor any access to her credit records. But it never reported the credit activity that might have signaled that they were victims of identity theft. “

The incident describe in the article is common. This is not the result of a glitch in some system. It is the result of a failed system of reporting by the credit reporting companies. The New York Times article continues:

“At the same time, credit monitoring may fail to detect that a credit request was even made. For example, a fraud artist may use someone else’s personal identification information — like a Social Security number — but take out a loan in his or her own name. The data mismatch can cause the bureau’s computer systems to route the loan request to a separate file so that a credit-monitoring service never picks it up.”

At KnightsBridge Castle we believe that only a credit freeze, allowed now in 26 states, is the best way to prevent credit fraud. We also believe that a comprehensive program of protection is required that provides protection against credit fraud, bank forgery, wire transfer fraud, employment fraud, medical benefits fraud, and over 70 other form of identity theft.

We also object to credit monitoring on the basis that it is similar to extortion rackets. The credit rating companies sell information to anyone. Now they want to sell it to you to protect yourself against the others they sell the same information to. There is something fundamentally wrong with this picture,

The New York Times article was published on December 12, 2006 and for subscribers to the times the article may be found at the link below:http://www.nytimes.com/2006/12/12/business/12credit.html?pagewanted=1&_r=2&ore

KNIGHTSBRIDGE CASTLE ADMITTED TO CYBERCOP PROGRAM

2006-12-14T10:30:00.000-08:00

In our continuing effort to fight the many crimes of identity theft, KnightsBridge Castle’s CEO has been admitted to the national CyberCop program. The CyberCop program is part of the InfraGard National Members Alliance (INMA or “InfraGard”), the largest national network of private sector, FBI- vetted subject matter experts (SMEs) for critical infrastructure protection. KnightsBridge Castle will begin using its CyberCop portal beginning today to facilitate secure communication with other InfraGard members, local chapters and local, state and Federal government agencies.

InfraGard’s goal is to promote ongoing dialogue and timely communication between its members and local, state and federal government and law enforcement agencies, including the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS). InfraGard members provide subject matter expertise to federal agencies that enhances their ability to secure and protect our nation’s critical infrastructures from terrorism and other crimes.

“Identity theft is a major threat to our personal welfare and to our national security” said Tim Logan CEO of KinightsBridge Castle. “Not only do common criminals steal identities, but so do international drug cartels, organized crime groups, and terrorists. We are proud to participate in this program and to extend our protective service to cover a wider range of crimes” he concluded.

The CyberCop portal was designed to provide a secure, Web-based environment to promote and facilitate the communication of sensitive information among a cohesive network of law enforcement, homeland defense and first responder professionals from all levels of government - including international, federal, state and local - and the private sector. InfraGard uses the CyberCop portal to facilitate communications with its approximately 12,000 active members while also providing dedicated portal space for InfraGard partners like KnightsBridge Castle and affiliated organizations as well as for each of InfraGard’s 84 local chapters. Through CyberCop, InfraGard participants can control access to their information down to the chapter and individual level.

CyberCop, an ESP-coined term, refers to computer forensic experts, law enforcement and emergency responders that use the Internet to collaborate and share information with one another. Due to various geographic, system, political and monetary barriers, these individuals are rarely able to securely engage one another to share case information and to exchange best practices and lessons learned. As a result, The ESP Group created this secure portal which is committed to providing a safe and secure environment where ideas can be freely exchanged to aid individual efforts and to foster cooperative efforts in the fight against crime, terrorism and the security of the nation.

ABOUT INFRAGARD NATIONAL MEMBERS ALLIANCE

Founded in 1996 in the Cleveland, Ohio field office of the Federal Bureau of Investigation, the InfraGard National Members Alliance (INMA or “InfraGard”) is the largest national network of government-vetted private sector experts. With more than 11,000 active members across the organization’s 84 local chapters, InfraGard provides a vital link in protecting the nation’s infrastructure by serving as subject matter resources to local, state and Federal government and law enforcement agencies. InfraGard National Members Alliance is a volunteer non-profit 501(c)3 corporation.

NIGERIAN SCAM HITS HOME - YET AGAIN

2006-12-12T10:02:00.000-08:00

This week we received a distress call from a new victim on the Nigerian Scam. The victim was local so we had the opportunity to talk directly with the victim.

The victim had fallen for the classic Nigerian scam and had used a bank transfer to send everything they had to obtain the huge returns promised by the criminals. Needless to say the money disappeared.

We interviewed the victim who brought family members for support. The victim was in tears. The family distressed.

The victim kept asking why our government allowed these scams to occur. At KinghtsBridge Castle we have no answer to this question.

Many of us know of this scam and its variants, and some are surprised when a victim appears. “Everyone knows about this scam. Why did she fall for it,” commented one of the staff. The answer is that everyone does not know. And in a moment of weakness any one of us may be tested by a scam where the returns are too good to be true.

Unfortunately this scam had the traditional additional elements that made the crime more horrific.

The Nigerian criminals pressured the victim to come to Nigeria and deliver the money. The victim wisely declined. People traveling to Nigeria responding to this scam have been killed or kidnapped.

The criminals attempted to perpetrate a second scam by offering to fix the problem for additional payments.

And lastly they began threatening the victim with violence if the victim did not pay more.

At the time we met the victim had not contacted the police, FBI, or Secret Service.

After examining her documents we immediately contacted the authorities. The Secret Service has jurisdiction over this matter and they took critical banking information and are trying to trace the flow of the funds. Local police have been contacted as well. Banking authorities were also notified.

The threats of violence should end with the police reports and notification. The criminals are relying on shame and fear to keep extorting money from the victims.

This scam and its variants are real. We have seen two victims and stopped several people from becoming victims. Not everyone knows about the Nigerian scam and now we have another victim of what the Financial Times of London calls an $800,000,000 crime wave.

SUCCESS - WE HELPED PUT AN IDENTITY THIEF IN JAIL THIS WEEK

2006-12-08T12:57:00.000-08:00

One of the first clients of KnightsBridge Castle informed us today that the identity thief we were able to identify in her case is to be sentenced this week.

Our client came to us after 5 years of continuing check forgery and identity theft. The local police had lost interest and considered the client a nuisance. With the help of our case specialist we gathered the facts, performed research, and presented all of her information to the police fraud department in an organized manner. We also used our contracts within the regional fraud detective’s network to bring attention to the matter.

Within days of presenting a complete case to the police an arrest warrant was issued in another state. An arrest followed and then a conviction.

This week a sentencing. Our client is overjoyed to end five years of fear and to have the culprit convicted. We are very happy to have served our client in making a difference.

(Note: the facts of this paticular case have been jumbled a bit to esnure client protection)

PAYPAL PHISHING – WILL IT EVER STOP

2006-12-06T10:10:00.000-08:00

We are now receiving at KnightsBridge Castle no less than four separate PayPal phishing attempts every day. It’s starting to look like phishing and spam. To think that anyone would fall for these scams is amazing. But they must continue to work.

In one case today when you click on the PayPal link you actually are clicking on a link that looks something like this: (we changed the URL slightly to protect our readers)

://rds.yahoo.com/_ylt=A0LaSV66fNtDg.lmnopkAUoJXNyoA;_
ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3M
DMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/
EXP=1138544186 /**http%3a//61.57.2nn.209/%20/.
confirm/index.php?MfcISAPI Command=SignInFPP

If you can read this URL you know its trouble. We know its theft.

We used to have fun tracing the origin of the sites to Uruguay, Moldavia, and Chechnya. But the fun is gone.

Never communicate with PayPay or any vendor by clicking a link included in an email or web page attached to an email. NEVER.

YOU WON THE LOTTERY – AND YOU LOOSE CONTROL OF YOUR BANK ACCOUNT

2006-12-06T10:01:00.000-08:00

In an unending stream of lottery frauds we noticed today’s fraud with some interest. It seems that Wall Mart and Publisher’s Clearing House are sending out checks to international lottery sweepstakes winners by the hundreds. All the recipient need do is cash the check and wire money to pay fees to receive the remainder of the winnings.

The checks are bogus. The wire transfer pays the fraudsters cash from your account and then opens the account for wire transfer draining of all that is left in the account. If you win a contest you did not enter it’s the start of theft. If you are asked to pay fees directly to the person claiming you won something its theft.

GIFT CARD SCAM REPORTED

2006-12-05T09:44:00.000-08:00

It’s the holiday season and you’re probably seeing racks of gift cards at stores for everything from hamburgers to electronics. The value of these cards varies but the larger amounts are considerable.

A new scam has been reported that we have as yet been unable to confirm. However caution is warranted when buying gift cards off a rack in a store. We have received reports that fraudsters are using cell phones to photograph bar codes and other information on the back of gift cards. Upon returning to the store the fraudster can see that a specific card or group of cards has been sold. Using information on the card the card is activated and the account drained. Fraudsters are fully aware that in most cases these gift cards will sit under a Christmas tree until the end of the holiday given the thief plenty of time to act.

Caution is warranted when buying gift cards from a rack in a store.

ATM FRAUD USING AN MP3 PLAYER

2006-12-04T13:16:00.000-08:00

In the past few days in the UK a new ATM connectivity scam has been uncovered. The scam involves placing an MP3 recorder between the ATM machine and the telephone line linking the ATM to the home bank. The MP3 recorded the data carried down the line from the ATM. This data was then transferred to a PC and subsequently decoded by a fraudster with previous experience of cards, using software from Eastern Europe.

An estimated £200,000 ( $360,000) of goods were obtained using counterfeit cards produced from the de-encrypted information. Fortuitously, the gang using the cards in the UK was arrested as a result of a traffic violation before further fraud could be committed.

WHAT DOES IT TAKE TO RUN A SCAM WEBSITE ?

2006-12-04T13:07:00.000-08:00

Consumers often don’t realize what it takes to run a scam on the internet. The amount of equipment needed is very little and the costs of setting up a scam can be less.

A recent report in the Financial Times commented that Verisign, the internet security company, believes that virtually 100% of all the on-line transactions originating in the Former Yugoslav Republic of Macedonia are “suspicious”.

Macedonia has in recent years built an advanced internet infrastructure with 100% of the population covered by high speed internet links. In a country like Macedonia a simple PC or a slightly more expensive server can send out hundreds of thousands of phishing scams every day. Junk email by the millions is possible as well as targeted hacking attacks. Needless to say, law enforcement for fraud occurring in the US, but originating in Macedonia is non-existent. These websites often purchase security certificates and https links providing full security. The website transaction may be secure, but the persons operating the websites are completely criminal.

In parts of the former Soviet Union, such as Moldavia, it’s as simple. A generator to provide power, a cheap server, a satellite link, and an unemployed computer scientist are all that is needed to engage in fraud without any recourse to police authorities. In fact in some of these countries the police are providing protection to criminals in their activity.

HOLLIDAY SHOPPING AND AVOIDING ID THEFT

2006-11-29T14:06:00.000-08:00

It’s the holiday season and the stores will be filled with happy families rushing for last moment presents for loved ones and friends. The stores will also be filled with criminals and thieves intent on having a happy holiday at your expense.

For stores and merchants this is the busiest time of the year and almost every store will run short handed and often with untrustworthy temporary employees. Normal credit checking procedures will not be followed or waved as merchants try to capture as much income as possible. Instant store credit will often be granted without ID verification or credit checking.

What can you do to protect yourself during this season?

Here are KnightsBridge Castle’s suggestions for extra care during the holidays:

Check you credit card when it is returned to you to make sure it is you own, and not substitute.

If possible, don’t let your credit card out of your view when processing payments at a store.

Check your on-line credit accounts frequently – at least weekly or more often for early detection of fraud.

Close unused and dormant merchant accounts. These accounts are like open doors inviting thieves to enter your home and accounts.

Shop on-line. Many risks are reduced through on-line shopping.

Make a photocopy of the contents of your purse or wallet. If your wallet or purse are stolen are you going to remember exactly what you were carrying? Can you take action to close accounts within moments of the detection of theft?

If possible avoid making payments to temporary employees. Seek a supervisor or long term employee to handle your transactions.

Never apply for instant store credit. Instant store credit only provides thieves with effective and riskless ways to steal from merchants. You pay higher prices as a result.

Watch you incoming mail very closely for new unauthorized credit card welcome letters or cards. Last Christmas we had clients discovering up to 11 unauthorized cards during the hollidays.

To ensure a truly happy holiday, take a little extra care.

CREDIT CARD SUBSTITUTION FRAUD

2006-11-28T13:25:00.000-08:00

An all too common and overlooked fraud is credit card substitution. In this fraud your credit card is taken for a given transaction and a substitute card of similar appearance returned to you. It may be a fraudulent card or an expired card.

The fraudster hopes you will not notice that the card has been substituted, and most people don’t really look at their card when it is used to process a transaction. This gives the fraudster both your card and valuable time to use the card for fraudulent transactions. If you notice that the card was substituted the sales clerk will claim an error, feign embarrassment, and then find your real card.

It’s always wise to take a quick look at credit cards, ATM cards, and debit cards when returned by a merchant to ensure that the card has not been substituted or for that matter that the merchant during a busy Christmas season has not mixed you card with another.

PHISHING FACTS OF LIFE – DON’T BE THE TARGET OF ORGANIZED CRIMINALS – KNOW THE BASIC DEFENSES

2006-11-22T13:32:00.000-08:00

Phishing Scams – Definitions and Protection

We all need to be aware of the online scam known as "phishing" (a variant of the word "fishing"). Phishing involves the use of e-mail messages that appears to originate from a bank or trusted business or government agency such as PayPal, Ebay, Bank of America, the IRS or another source, but they are actually originating from thieves and criminals.

Phishing e-mails typically ask you to click a URL link to visit a Web site. Once on the website you are asked to enter or confirm personal financial information such as your account numbers, passwords, Social Security number or other data. Although these Web sites appear legitimate, they are not. These impersonation websites are the domain of thieves and organized crime groups. Giving up your personal information in the name of “confirming” your account is in essence giving the thief or crime group the keys to your kingdom. Some sites that you click on may appear temporarily out of service, in reality the site may be downloading a virus and or other malware (ill-intended software) to your computer.How can you spot a phishing scam?

Look for these warning signs:

-- Urgency. The message you receive often insists you to act immediately by suggesting that your account is threatened or will expire soon. It often says that if you fail to update, verify or confirm your personal or account information, your account will be closed. Several years ago these messages often contained spelling errors and grammatical errors often reflecting their origin off shore. However this is no longer true. The best phising scams in recent months have been using perfect English and grammar.

-- Demands for personal information. Ethical businesses will never ask for confirming information from you by email. They already have this information and the do not need it again. Modern computer systems simply do not loose this information or require you to re-confirm your data. Requests for the following information is a flashing red light indicating identity theft pending if you respond.
-.- Account numbers and passwords
-.- Credit and check card numbers
-.- Social Security numbers
-.- Online banking user IDs and passwords
-.- Mother's maiden name
-.- Date of birth
-.- Other confidential information

-- Download Software Demands Never install software downloads directly from e-mail messages, or from companies or Web sites you do not recognize. If you are instructed to download new software, go to your browser, search on the name of the business, and download from the business site directly. If you don’t find the new download instructions prominently displayed on the landing page you can be assured the email is originating from criminals.

-- HTTPS is no longer a protection. Organized crime groups are purchasing legitimate security software that indicates you are on a secure and encrypted site. Do not rely on the HTTPS element. Yes the link is secure, but you’re still talking to organized criminals.

Basic Safety Tips

-- Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious.

-- Businesses never ask for confirming information on-line, by telephone, or in a fax. A legitimate business will never request personal information from you by email, on the phone (if the call is initiated by them), or in a fax. If you are concerned call your trusted business directly using the telephone number found in the phone directory or on your statement. Do not use the telephone number provided in the phishing email – you will only end up talking to the criminals.

-- Never download software originating in an unsolicited email. Installing unsolicited software from an email is asking to be robbed.

-- Never click on the URL provided within an email. The URL may look legitimate, may have the company name, and an HTTPS indicator, but its still a criminal site. Always type in the URL yourself or better yet use your browser and search for the general corporate website and begin you account access there.

-- Never give out your password except to logon. Never logon using the URL contained in an email.

-- Install and maintain anti-virus, anti-spam, and spyware detection software. It’s a fact of life, you cannot use online systems without these critical protections installed.

Useful Links to Phishing Information Websites

phishing brochure provided by The Office of the Comptroller of the Currency (OCC).

www.antiphishing.org

"How Not to Get Hooked by the 'Phishing' Scam," available at: www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm,

"ID Theft: When Bad Things Happen to Your Good Name," available at: www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm. This is a general publication on ID Theft and is usefull, however in the opinion of KnightsBridge Castle it misleads victims into thinking that federal government agencies such as the FTC or the Social Security Administration is prepared to assist them in recovery. In our extensive experience, and by the admission of these agencies, they will not or cannot assit individual victims in any meaningfull way.

Recent phishing scams – Our blog reports on recent and new phishing scams every two weeks. However many phishing scams are years old, such as the PayPal scams.

General Advice

Install and Use Anti-Virus ProgramsViruses can infect a home computer in many ways: through floppy disks, CDs, e-mail, Web sites and downloaded files. Anti-virus programs help protect your computer against most viruses, worms, Trojans and other unwanted invaders that can make your computer "sick." Viruses, worms and the like often perform malicious acts, such as deleting files, accessing personal data or using your computer to attack other computers. If a file is infected with a virus, most anti-virus programs provide you with options of how to respond, such as removing the harmful item or deleting the file. Installing an anti-virus program and keeping it up-to-date is the best defense for your home computer.Firewalls: What Are They and How Do I Use Them?Before you connect your computer to the Internet, you should install a firewall. A firewall can be generally described as a security guard for your home computer. The guard is a piece of software or hardware that helps protect your PC against hackers and many computer viruses and worms. With a firewall, you define which connections between your computer and other computers on the Internet are allowed and which are denied. There are firewall programs, both free and available for purchase that provides the capabilities you need to help make your home computer more secure.E-mail AttachmentsE-mail viruses and worms are fairly common. Here are steps you can use to help you decide what to do with every e-mail message attachment you receive. You should only open and read a message that passes all of these tests:

The know test—is the e-mail from someone you know?
The received test—have you received e-mail from this person before?
The expect test—were you expecting e-mail with an attachment from this sender?
The sense test—does the e-mail subject make sense based on who is sending the e-mail? Would you expect this type of attachment from this person?
The virus test—does this e-mail contain a virus? To determine this, you need to install and use an anti-virus program.

Purchasing and Installing Programs

Apply these practices when you select software for your home computer.

Learn as much as you can about the product and what it does before you purchase it.

Understand the refund/return policy before you make your purchase.

Buy from a local store that you already know or a national chain with an established reputation. If you buy software on-line access the vendor by searching first on your browser. Be carefull to make sure that you have spelled the company name correctly. There are criminals who will take advantage of a mispelling.

Keep Your System Up-to-Date. Use the automatic update feature of these protection programs. At KnightsBridge Castle our few on-line systems are updated many times a day by our service providers.

Backups: How Important?It is a good practice to back up important files and folders on your computer. To back up files, you can make copies onto media that you can safely store elsewhere, such as CDs or floppy discs.

For more information on home computer security, visit http://www.cert.org/.

As always KnightsBridge Castle is prepared to assist you in the prevention, detection, recovery, and prosecution of the many crimes of identity theft.

TAX LIENS – THE DOORWAY TO YOUR SOCIAL SECURITY NUMBER SLOWLEY CLOSES

2006-11-22T12:16:00.000-08:00

Tax liens are public records and for many years the Social Security Number of the person subject to the lien was included in the record. As a public record it became accessible in public records searches.

The author was subject to a tax lien placed in error by a taxing authority. The lien was placed one morning years ago and removed by the afternoon. However the public record lingered and the SSN was available to anyone with a public records search facility.

However recent legislation required that the full SSN not be released in public records. Records in recent years have not contained the last four digits of the SSN. The first five digits have been reported.

Our recurring eye-spy reporting system has noticed that for clients with old tax liens the full SSN report is slowly being replaced in favor the abbreviated SSN. The process has been slow, and it will take several years for the full SSN of old tax liens to be fully removed. However this gaping security risk is slowly being lessened.

Tax liens are more common that many people think. In an experiment in our home town of 4,000 residents, we located the full SSN of over 2,300 by searching public records for tax liens within a given zip code. In other words more than 50% of our fellow townspeople were at risk of disclosing their SSN.

However a word of caution to all. Even the elimination of tax lien reporting of full SSN’s does not eliminate the ease with which an accomplished database specialist can obtain SSN’s. Skilled searching will still find individual SSN’s with relative ease.

FEDERAL GOVERNMENT AGENCIES DON’T PROTECT PERSONAL INFORMATION

2006-11-21T15:18:00.000-08:00

This week a report released by the Government Accountability Office (GAO) has summarized the results of a nine month study of 24 major federal agencies. The study looked into how well agencies are keeping tabs on the security of their data resources including personal information.
"Agencies have not adequately designed and effectively implemented policies for periodically testing information security controls," wrote Gregory C. Wilshusen, director of information security issues for the GAO. "While almost all agencies had documented policies for security testing, the policies did not always adequately address elements important for effective testing."
Six agencies were targeted for in-depth studies. The GAO found that these agencies did not document their test methods and results, failed to define assessment methods, didn't test their controls and couldn't determine whether previously reported problems had been addressed.
Government agencies are mandated by the Federal Information Security Management Act (FISMA) to take these steps and others to improve information security within the federal government.
KnightsBridge Castle complies with all federal and state requirements for information security. It’s unfortunate that the federal government may indeed not be in compliance with the rules it applies to individuals and business.

PHISHING OR JUST BAD BILLING - A TALE OF TWO EMAILS

2006-11-20T11:40:00.000-08:00

This week we observed two interesting events in our offices. One was an excellent phishing attempt and the other a bad billing system. Both of these events illustrate problems for business owners and individuals.

We have become very adept at spotting phishing here at KnightsBridge Castle. This morning we were notified by American Express about our business account and the necessity of capturing our business expense records before year end. The email said that to print out our business records we should click on the Amex link provided in the email and print the records. We clicked, and were presented with a very good looking clone of the Amex site. It pitched signing up for the service of printing the expense records. All we had to do was logon. At this point we stopped. Why?

We don’t have a KnightsBridge Castle corporate account with American Express. And the corporate accounts we do have allow us to print records as part of the basic service. Further our systems searched for the URL identifier of the linked site and came back with an unregistered URL! Further investigation indicated the possibility of a redirect from the URL to an unknown site. Was this a scam? Absolutely.

Now the other side of the coin.

We began to receive bills from a credit card processor by email that we did not subscribe to. The bills were from one of the largest firms. Our CFO & CPA were convinced it was fraudulent. False billing is a common fraud and large companies often pay without thinking. We all reviewed the billing notice and the several others that followed. We did not respond.

Then our credit card processing was momentarily turned off. Why? It turns out that our credit card processor had been purchased by the larger company. The larger company had failed to notify us. The company with whom we had the account continued to process our information and send its billing data. However due to confusion in the acquisition the acquiring company had also sent billing records.

This then presents a new challenge to businesses. How can one determine if a bill is valid or if it is fraudulent? In our case we always assume fraud unless we have some certainty that it is valid. Our caution here bit us because the new company failed to properly notify us and to provide adequate and correct account information

We will not change our policy on these bills. The acquiring company was PayPal. We have discussed this matter with them, they admit the error, but seem to have little concern about this issue. Given the number of times the name of PayPal is used in phishing we would expect PayPal to do a better job.

WHO'S PHISHING TODAY

2006-11-16T14:15:00.000-08:00

Here is a summary of phishing attempts from November 1 to November 15, 2006.

You may click on the bank name to see an image of the actual phishing attempt. Images are provided by WebSense.

11.15.06
Phishing Alert
State Bank of India

11.15.06
Phishing Alert
First Exchange Bank

11.15.06
Phishing Alert
Central National Bank of Enid

11.15.06
Phishing Alert
Fake Bank: McLloyds Bank International

11.10.06
Phishing Alert
Emporiki Bank

11.09.06
Phishing Alert
Crane Federal Credit Union

11.07.06
Phishing Alert
HawaiiUSA Federal Credit Union

11.07.06
Phishing Alert
Northern Federal Credit Union

11.07.06
Phishing Alert
Sears Card

11.07.06
Phishing Alert
Arizona Bank & Trust

11.06.06
Phishing Alert
Ouachita Independent Bank

11.06.06
Malicious Website / Malicious Code
Fradulent You Tube video on MySpace installing Zango Cash

11.02.06
Phishing Alert
Sears Card

HELP THE MARINES TRANSFER MONEY FROM IRAQ – THIS WEEKS EMAIL SCAM

2006-11-16T11:24:00.000-08:00

Here is the text of this weeks email scam:

Thanks for your mail and for accepting my offer. I apologize for my late reply. Its due to my duties here.

Since your last e-mail to me on the month of February, I could not reply back because my troops were camping at the road to the Jordanian border. That makes it difficult for me to check my email.

I have every proof of this transaction, only I need your assistance in smuggling this money out of Iraq.

I am ready now to transfer the money to you after counting which took me days. The total amount is $6.8million in $100 bills.

I want you to send your banking details to enable the transfer of the money.

After I finished the transfer, you will take 50 percent of the money and deposit the rest in your bank for me.

I am giving you all the trust and I believe that with the help of God, we will successfully transfer this money out of Iraq.

Please do not disclose this to anybody as to protect my duty with the US Marine.

Captain Mark Edwards, Iraq.

TODAY’S EMAIL SCAM – COMPLETE A BANK SURVEY, WIN $100, JUST GIVE US YOU BANK ACCOUNT AND PIN (OUR SERVER IS SECURE BUT IT’S IN ROMANIA)

2006-11-14T11:03:00.000-08:00

Today's email scam had everyone here at KnightsBridge Castle shaking our heads.

We were notified by a prominent regional credit union that as good customers they wanted us to fill out a satisfaction survey and in return we would be paid $100. The logo of the website we were directed to looked very good and the page was well designed. Upon completion of the survey the survey company asked which bank account we wished to have our $100 deposited into. We need only supply the bank account number and pin!

We traced the server to a location in Romania.

The federal credit union has posted prominently upon its own website a warning about this scam. Unfortunately a few victims will respond and not go directly to the credit union site for confirmation. The take the easy way, clicking on the email link, and they land right in the lap of a Romanian crime group.

20% OF MOVERS DON’T REPORT ADDRESS CHANGE TO US POST OFFICE

2006-11-09T11:30:00.000-08:00

The USPS reported recently that 20% of residents do not file change of address notices with the USPS when they move! A quick analysis indicates that the 20 to 28 year old age group are the most likely not to take advantage of this critical identity protection provision of the USPS’s services.

This age group is highly coveted by credit card issuers and they are targeted for “pre-approved” credit offers. As their mail piles up identity thieves move in.

Don’t leave undelivered mail behind. It’s inviting identity theft and the chaos that inevitably follows.

MORTGAGE FRAUD - 35% INCREASE THIS YEAR

2006-11-09T11:20:00.000-08:00

The US Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) reported in a new study that mortgage loan fraud in the United States continues to rise, and has risen 35 percent in the past year.

FinCEN conducted the assessment, which was based on an analysis of Suspicious Activity Reports (SARs) regarding suspected mortgage loan fraud, to identify trends and patterns that may be useful to law enforcement, regulatory authorities, and financial institutions offering mortgage loan products.

FinCEN began its assessment after noticing a significant increase in the filing of SARs concerning mortgage loan fraud. Since the inclusion of mortgage loan fraud as a characterization of suspicious activity, the number of SARs pertaining to mortgage loan fraud increased 1,411 percent by 2005. Many of the SARs reviewed included more than one characterization of suspicious activity in addition to mortgage fraud. "False statement" was the most reported activity in conjunction with mortgage loan fraud, while "identity theft" was the fastest growing secondary characterization reported.

FinCEN's Office of Regulatory Analysis reviewed SARs that depository institutions filed between April 1, 1996 and March 31, 2006. A search of SARs containing "mortgage loan fraud" as a characterization of suspicious activity retrieved 82,851 reports, of which a statistical random sampling of 1,054 were reviewed for additional analysis. SARs included in this assessment reported suspicious activity related to mortgage fraud in all 50 states, the District of Columbia, Puerto Rico, Guam and American Samoa.

"SARs are useful as both a regulatory and law enforcement tool," said Robert W. Werner, Director of the Financial Crimes Enforcement Network. "FinCEN offers a unique analytical perspective because of its position at the intersection of law enforcement and the financial industry. This information will help both constituencies assess the risks to the financial system from their points of view."

FinCEN's findings in the assessment are supported by the recent rise in the number of pending law enforcement cases involving mortgage loan fraud.
FinCEN's Mortgage Loan Fraud Assessment is available atwww.fincen.gov/MortgageLoanFraud.pdf.

Consumers owining realestate, or buying and selling realestate must excercise extreme caution in protecting their property assets. Recovery of stolen realestate is very costly often costing tens of thousands of dollars in lawyers fees to fr-establish title. Law enforcement and banking institutions will be of no help in mitigating these very real out of pocket expenses. Protecting your property is your responsibility as is the financial consequences of such protection.

MORTGAGE FRAUD BY IDENTITY THEFT ON THE RISE

2006-11-08T10:15:00.000-08:00

The real estate market in the US is huge and wherever there is money to be made identity thieves will strike. According to the FBI last year identity thieves skimmed $1 billion from the $3 trillion US mortgage market.

Unfortunately for the victims the financial costs of recovery are large and cannot be passed on to someone else. Victims typically spend tens of thousands of dollars on lawyers and in court costs to extract themselves from mortgage frauds. Real estate is not purchased on credit cards and there is no “friendly” bank that will assist you in recovering from the financial impact of this crime.

The scams are many but they often involve con men purchasing your home and then rapidly reselling the home or refinancing the home. Using false identities with forged identity documents the purchaser arranges financing, or takes owner financing. Within moments of completing a deal the home is often sold to another unsuspecting victim or refinanced in such a way as to yield quick cash. The thief then assumes another identity and dissapears leaving the victims to clean up the financial mess.

The real estate market is slowing down and police authorities expect that mortgage fraud is likely to rise. Why? Desperate and anxious sellers will not scrutinize deals and buyers as they have in the past. Using con artist skills, mortgage fraudsters take advantage of a buyers desire for a quick sale.

Not all real estate fraud and theft involves an interaction between the seller and the buyer. Often the identity thief commits the crime simply using forging skills and access to public records.

One recent report about identity thief and con artist Bevin Cox illustrates the enormous cost of this criminal activity. Cox identified his victims by studying the MLS (multiple listing service) ads for real estate. He studied title documents, visited the court house for property records, all the while making copies of critical documents.

Using basic forging skills he created false bills of sale and then either sold the property to others or refinanced the property directly with banks.

Cox is thought to have taken more than $15 million in these criminal transactions. He is now on the run from the law. The Secret Service wants to see him and he is considered armed and dangerous.

Our Identity Theft Most Wanted blog has carried a description of Cox since August 15. You can visit the Most Wanted blog by clicking on the link on the right hand side of this blog.

NEW MICROSOFT INTERNET EXPLORER FLUNKS USEAGE TEST

2006-11-07T13:30:00.000-08:00

Microsoft’s new and long delayed Internet Explore release 7 was tested at KnightsBridge Castle this week and it failed in several critical ways – but the biggest failure was to report known secure sites as not secure.

KnightsBridge castle uses a lot of the most secure internet sites in the world in fighting identity theft crimes – including investigative databases and federal policing authorities. Many of these sites when accessed receive a warning from the new IE7 that the site is un-secure.

Here is the message returned from IE7. not only for our very secure site, but also for one of our governments most secure sites:

There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Our website certificates and that of the Federal Government site we reference are valid and current. Microsoft needs to fix this problem soon or loose any credibility with the internet community.

INTERNET SECURITY SYSTEMS FAILING CONSUMERS – HTTPS AND VERISIGN SPOOFS

2006-11-07T13:15:00.000-08:00

Just when the public begins to understand the value of HTTPS:// and the importance of certificate checking via suppliers like Verisign, the criminals have begun to effectively mimic these safeguards and fool consumers into risky activity. These precautionary security provisions are now of little value as criminals have developed increasingly sophisticated impersonation schemes.

In the past few weeks we have noticed spam emails which lead to either valid HTTPS sites or mimicked sites. In the case of valid HTTPS sites, the criminals have purchased secure server programs in order to commit their crime. The unsuspecting citizen is actually on a secure connection, but he is connected, not to the legitimate business he seeks, but directly to the criminal site.

In other cases criminal webmasters have pasted on top of the URL an image block that says it’s HTTPS and that it’s connected to a legitimate vendor, but in fact the connection is to a criminal site.

In addition the familiar VeriSign logo has been copied and when clicked you are provided with what looks like an authentic certification from VeriSign. It’s not authentic, but it looks good. Only an expert can tell and then only by examining the source code – not for what it says, but for what is missing.

At KnightsBridge Castle we have had to change our internal authentication methodologies in order to avoid these traps. The tools we use are sophisticated and unavailable to most internet users. The solution for consumers seeking safe replies to email notifications? --- We don’t have one. Only be careful and don’t ever supply personal information over the internet when receiving a notification email from PayPal, Ebay, Bank of America, Network Solutions, or anyone.

If you need to access you account ignore the convenient email link. Go to your browser. Search for the home page of the company you seek and then access your account. It’s not fool proof, but its some protection.

SWEDISH HOSPITAL PLACES PATIENTS AT CONTINUING RISK WITH INADEQUATE SAFEGARDS FOLLOWING DATA BREACH

2006-11-07T12:34:00.000-08:00

Swedish Hospital in Seattle reported that an employee took names, birthdates, and social security numbers from files at the hospital for at least three patients. The stolen identities were used to apply for false credit and to purchase items at Wall Mart, Zales, and Banana Republic.

The employee was a support services worker. Although the hospital is notifying over 1,100 patients of the personal information security breach, a spokesman said that only three patients were compromised. Free credit reporting was offered to all affected.

What’s wrong with this picture?

Swedish Hospital’s continues to use badly flawed systems and processes as well as offering an entirely misleading and ineffective free "credit monitoring" service.

Management at the hospital needs to address the following critical items:

-- Are background checks, including criminal checks, performed on all employees, subcontractors, or others who may have access to data?

-- How are service workers to be restricted from accessing data in the future?

-- How can the hospital be certain that only three of 1,100 exposed patients were the only ones affected?

-- Why are social security number still used as identifiers for patients?

And the most important issue:

-- Why is Swedish Hospital offering useless “credit monitoring” services to "at risk patients", rather than providing effective and meaningful protection? We have written often about the ineffective nature of “credit monitoring”, but we suspect that few "at risk patients" realize that credit monitoring systems will notify them of credit breaches long after the breach has occurred, and usually after they have been contacted by creditors demanding payment.

Most importantly, credit monitoring is useless is providing meaningful protection against the preponderance of identity theft crimes using social security numbers such as employment fraud, tax fraud, medical benefits fraud, driver’s license fraud, and over 80 other crimes of fraud using social security numbers.

Swedish Hospital has failed its patients twice – first in not providing adequate safeguards against this horrendous crime, and secondly in offering useless remediation to the criminal act.

WORKPLACE IDENTITY THEFT – CHIEF EXECUTIVE OFFICER STEALS EMPLOYEE IDENTITIES TO COMMIT FRAUD

2006-11-03T11:29:00.000-08:00

Terrence Chalk, CEO of the respected service provider Compulinx was arrested this week on charges of stealing the identities of his employees in order to secure credit cards and fraudulent loans.

Chalk is charged with submitting some $1 million worth of credit applications using the names and personal information -- names, addresses and social security numbers -- of some of Compulinx's 50 employees.

Workplace identity theft is the most common form of identity theft. Data stolen from the workplace, wallets and purses stolen in the work place, employee data theft, poor data protection and privacy protection, all contribute to work place data theft and identity theft.

This twist, the CEO as the culprit, is unusual.

RADIO FREQUENCY IDENTIFIER TECHNOLOGY – THE NEXT THREAT TO PRIVACY AND IDENTITY THEFT

2006-11-03T11:10:00.000-08:00

RFID (Radio Frequency Identifier Technology) allows specially equipped radio receivers to read the contents of an identification chip from a distance. These chips have been appearing in credit cards, drivers licenses, and now in the new US Government passports.

The chips contain information about the person and the information contained within the document, license, or passport. Government and business raced to put these new technologies into production in order to speed up information processing services. With RFID in a passport, it was thought that citizens could clear customs and immegration quickly when returning to the US. Rather than hand the passport directly to the customs agent, the passport could be read without leaving your pocket or purse.

However the new technology allows hackers to access personal information with small receivers. They need only stand near the RFID enabled card or passport to read the contents of the document. In a recent study by the University of Massachusetts two RFID readers were purchased. The RFID readers scanned credit cards issues by VISA, MasterCard and American Express and uncovered numerous vulnerabilities. Even thought the contents of the cards were deeply encrypted, the researchers were able to relay data to decryption software and then read the contents including personal information.

In testimony before Congress, government agencies assured congress that RFID technologies were safe for US Passports. At KnightsBridge Castle, we believe that this technology is not safe and especially for a US passport.

HOLIDAY SEASON BRINGS SEASONAL IDENTITY CRIMES – FRAUD OF THE SEASON IS INSTANT STORE CREDIT IN YOUR NAME

2006-11-01T11:12:00.000-08:00

It will soon be Christmas and as the holidays set in stores, shopping districts, and the malls of America will be busy with shoppers and identity thieves. Christmas and New Years are the harvest season for identity thieves, as they commit their frauds and theft, while honest citizens and shopkeepers are too busy to pay careful attention.

Among the many crimes of the season is the “instant store credit” theft. Using forged identity documents and a stolen ATM or credit card number, identity thieves present themselves to store clerks as prepared to buy merchandise. The identity thief provides identification and a forged credit card, but before the transaction is completed, the thief applies for instant store credit. Many merchants’ provide incentives to customers to apply for store credit as a way of improving sales and reducing the expenses of credit card charges. Sales clerks are often encouraged to offer instant store credit if a customer provides identification and a seemingly valid credit card.

Once instant store credit is granted the identity thief purchases the maximum amount of merchandise allowed. The amount is usually under $1000. The items purchased have immediate resale value on the street or, in a variant on the scam the merchandise is returned for cash within hours of purchase.

This technique for identity theft works because criminals know that “credit checks” for instant store credit are not performed before the credit is issued. Customers are in a hurry, sales clerks are incented to provide instant credit, and the credit department of the store are swamped.

Last Christmas, we a KnightsBridge Castle had a client who discovered 27 applications for instant store credit in a two day period before Christmas. 11 cards were granted. All cards were maxed out within moments of issue. The client discovered the crime only when the cards arrived in the mail.

Credit monitoring, fraud alerts, or even a credit freeze does not prevent these crimes. Why? Because the credit is issued before a credit check is run.

BROKERAGE ACCOUNTS AND IDENTITY THEFT - BROKERS REPAY $22 MILLION TO VICTIMS

2006-10-30T11:32:00.000-08:00

Brokerage accounts, where consumers manage their retirement savings and investment accounts are a major target of professional identity thieves. With a little work and technology, they are easy to break into and the amounts of money to be stolen can be very large.

This week E-Trade and TD AmeriTrade revealed that they had paid $22 million to clients whose accounts had been taken over by identity thieves.

The vector of the crime – overseas clients using wireless networks or public computers infected with spy ware.

At KnightsBridge Castle we have always advised clients not to use public wireless systems or public computers to access personal financial accounts. That these access efforts were made outside the US makes security enforcement even more difficult.

BANK ROUTING NUMBERS ON CHECKING ACCOUNTS PROVIDE CRIMINALS CASH THROUGH QCHEX INTERNET SERVICE

2006-10-27T14:29:00.000-07:00

The national check clearing system processes 37 billon checks totaling more than $39 trillion dollars every year. Within the billions of dollars traversing the network every day are car payments, toothpaste purchases, utility bills, and forged checks or "demand drafts" produced by internet service provider Qchex.

New techniques in check forging and forged electronics fund transfers using bank routing numbers are on the increase. With the credit card companies establishing in the public mind that identity theft equal credit theft, consumers are failing to protect themselves against one of the oldest identity theft crimes – check forgery and bank account fraud.

The state of Florida, one of the states with the highest incidence of identity theft crimes, reports a 54% increase of check forgery facilitated by copying bank routing numbers. Bank routing numbers are the key to both depositing and withdrawing funds. Bank routing numbers flow through the system, not the checks themselves. These simple numbers are the key to stealing funds directly from consumer accounts.

How are these numbers captured? One way is by looking at your checks and copying the numbers down. A merchant employee can do this, or a teenage visiting the household. It’s not necessary to steal the checks. Only the numbers are required. The latest technique is to use cell phone cameras to photograph the routing numbers as you fill out your check at a merchant or bank. Too many consumers assume that by protecting their supply of checks they are preventing forgery. It’s not the checks themselves that really need protection – it’s the bank routing and account numbers than are critical to protect. Signatures are irrelevant to this scheme.

One recent scam involved a company called Qchex which provided an internet service that allowed stolen account and routing numbers to create “demand draft” checks that did not require signatures. The demand drafts then were used to steal money from consumer accounts and deposit them into criminal accounts. The criminal accounts were then immediately converted to cash. The website of qchex www.qchex.com has since been shut down.

LEGISLATIVE ACTION - OUR PROPOSALS FOR IDENTITY THEFT CRIMES

2006-10-27T12:06:00.000-07:00

At KnightsBridge Castle we deal with Identity Theft in all its forms every day. We understand the current limits of the law and the many failures of our legal system to adequately protect us against both identity theft and the new technologies that facilitate commission of the crime. After three years of fighting Identity Theft and assisting thousands in the prevention, detection, recovery, and prosecution of the many crimes of identity theft the team at KnightsBridge Castle calls for the following general legislative initiatives at both the state and federal level.

Require that consumers provide affirmative consent before selling personal information or “profiles” from commercial databases to others.

Require notification to the consumer within 48 hours and, for free, of any sale of his personal information to another. The person or entity purchasing the information should be clearly identified as well as the purpose for such access.

Establish a definition for identity theft that includes the three general elements of the crime – credit fraud, impersonation crimes, and criminal identity theft.

Require affirmative confirmation for credit applications. Passive confirmation of credit applications, such as mailing in pre-approved credit forms, should be forbidden. To complete a credit application, the applicant should physically present themselves together with their identity documents to the credit grantor or his agent.

Prohibit pre-approved credit card and bank draft solicitations.

Require police departments within the jurisdiction of the victim to take police reports for identity theft even if the actual identity crime occurred in another jurisdiction. Identity crimes are committed against a person living in a locality, even though the incident of the crime occurred in another jurisdiction often hundreds or thousands of miles away. Do not require that victims travel to a remote location to file a police report.

Make it an additional and serious crime for persons arrested with multiple and different forged identity documents in their possession at the time of arrest. Own recognacense release on bail should be disallowed if a person has multiple identity documents in his possession.

Dumpster diving, for the purpose of committing fraud, should be a crime.

For Data Breach remediation, breached companies must provide comprehensive identity theft prevention solutions for a minimum of three years. Such comprehensive services must include social security number use monitoring, false identity document use notification, account data monitoring, as well as other indicators of significant impersonation crimes. Credit monitoring alone is not sufficient.

Require credit grantors to report the issuance of new credit instruments to the credit rating companies immediately upon issuance. Credit rating companies currently report “credit inquiries” instantly. If credit is granted then the credit rating companies and credit grantors must be required to immediately update the credit records. Current lag times of 60 to 90 days are woefully inadequate.

Establish tougher laws for identity thieves working in organized groups. Most professional identity thieves need the cooperation and assistance of others to be effective. Establish penalties for identity thieves conspiring to commit impersonation crimes and fraud.

Require merchants with video surveillance of identity theft incidents, to release the videos to identity theft victims who have filed police reports and who have legal representation in seeking redress of an identity theft crime.

Require government agencies who issue identity documents, such as deriver’s licenses, to provide mechanisms for validation of identity through the document granting agency. Currently, most identity document granting agencies will not validate documents, or the existence of documents, except for the license purpose for which it was issued – e.g. driving a car and internal use by government. Government needs to recognize that a drivers license or state issued identity document is used for more than just driving. Validation systems supported by the government agency are critical in establishing a true identity.

Establish penalties for employees of companies holding sensitive personal information if they sell or transfer that information to others for purposes of committing fraud or identity theft.

Require that social networking websites that solicit minor children to their sites, or fail to affirm age allow automated programmatic access to their systems by independent entities for purposes of monitoring the safety and security of minor children in these systems.

Establish firm legislation making “pretexting” or the access for personal information records, such as phone records, bank records, or personal identity records, a crime if committed by an individual or corporate entity.

Make it a criminal offense to “spoof” another’s telephone number in committing a fraud.

Require companies performing background checks for purposes of employment to carry prospective employee messages in the record, if serious errors are contained within the report.

Require “permissive use” for access to all personal information resources on the internet. Hold “independent” information brokers to the same standards of information dissemination as established information brokers. Establish brokers adhere to GLBA, and other state and federal rules for information dissemination. The new breed of internet brokers ignores all laws and offer information for sale to anyone.

Establish a uniform credit freeze demand document and credit freeze criteria. Disallow each credit rating company from using its own forms for purposes of delay or denial in requesting credit freezes.

Require cellular telephone providers to destroy SIM cards immediately when SIM upgrades are required or cell phone upgrades are required. SIM cards contain extensive personal information.

For internet access to public records, require registration and logging of all information requests. Registration must be easy and simple. Logging should not be restrictive. An audit trail must be established and available if public records access is used in committing fraud or identity theft.

Make it a felony to use the Social Security Number of another person in committing employment fraud, medical benefits fraud, insurance fraud, or other fraud and identity theft.

ERIC DREW'S INTERVIEW ON THE MONTEL SHOW AVAILABLE ON-LINE

2006-10-26T11:37:00.000-07:00

Eric Drew, founder of KnightsBridge Castle, was interviewed on the CBS Studio's Montel Show on October 19, 2006. Eric's interview is available on-line for viewing on our ID Theft Video blog. You can access the video bog at:

http://www.idtheftvideo.blogspot.com/

THREE OF FOUR BUSINESSES IN UK DISCARD PERSONAL INFORMATION IN THE COMMON TRASH.

2006-10-26T11:03:00.000-07:00

A recent report in the UK newspaper The Scotsman revealed that 3 of 4 UK businesses do not destroy sensitive personal information about customers when throwing out trash. 93% of the companies polled said they treated the issue of identity theft seriously, however, their document disposal processes revealed a significant weakness in their processes.

91% of the businesses said they shred documents containing sensitive personal information. However the researches examined the contents of company trash and found sensitive customer business information including home addresses, phone numbers, and photocopies of passports.

At KnightsBridge Castle we investigate many cases of identity theft every day. Victims often have theories of how the identity theft attack occurred. They are almost always wrong. Identity theft originating in the workplace or from business records is still the most common vector for this crime. The second largest vector is identity theft crimes committed within the family.

We challenge all businesses to examine their trash on a regular basis to see what information is revealed in the trash. It is not enough to have a shredder and a policy. Businesses must routinely monitor their trash disposal to ensure that the shredder is used and the policy followed.

TARGETED ATTACKS ON BANK EMPLOYEES

2006-10-25T11:43:00.000-07:00

If you were a bank employee and you received the following email, what would you do?

Dear ____, I am a reporter for Finance News doing a follow up story on the recent leak of customer records from [the bank's name]. I saw your name come up in the article from Central News and would like to interview you for a follow-up piece."

If you have time I would greatly appreciate an opportunity to further discuss the details of the above article. Regards, Gordon Reily

The email provided a link for responding the Reily.

If you suspect this is a scam your right. Hundreds of employees at a number of banks have been receiving the same message. If the bank employee clicked on the link to reply the remote site then downloaded a key logging bot from a Chinese website that was storing all of their keystrokes.

This was clearly a targeted attack on banking records by a sophisticated group. Not only did they understand psychology, but they also had the latest malware and key logging software.

NEW RISKS FOR INSTANT MESSAGING – SPAM ATTACKS, IM WORMS, PHISHING

2006-10-25T10:42:00.000-07:00

The research team at KnightsBridge Castle has been looking into social network instant messaging (IM) and the personal information security risks posed by these technologies. New risks have been identified in the past weeks and we wanted to share with you the evolving risks for IM

IM systems have been hijacked by hackers in recent months and used for the spreading of spam messages. The messages try to trick people into giving up personal information. Included in the personal information scams are the usual elements of Social Security Number and logon information for internet accounts.

Website references on IM have included redirects to phony websites of branded names such as EBAY, Amazon, and others. The website looks real, but as in phishing scams the websites are fraudulent and intent on causing you harm.

IM worms have appeared which propagate themselves from IM user to IM user. These automated systems appear to want to engage in a conversation, but they are intent on propagating malware, spyware, or malicious programs.

We always urge caution in revealing any personal information on the internet. IM is clearly a risk to anyone if personal information is revealed. Caution in using IM systems are warranted, because you can never be sure of whom you are actually communicating with – friend or foe?

ARE YOU A "HIGH NET WORTH" PERSON - SUGGESTIONS FOR YOUR SAFTEY

2006-10-24T11:09:00.000-07:00

We were recently asked to provide a list of suggestions and tips to "high net worth individuals" for a speaking engagement. Here is our "tip sheet" for those with significant assets to protect. Most of us know the basics, like shredding and a locking mailbox. These tips and suggestions assume the basics are well understood.
________________________
AVOIDING IDENTITY THEFT
Suggestions for those with assets to protect.

COMMON MISCONCEPTIONS ABOUT IDENTITY THEFT

Identity Theft is not just about credit. Credit card theft is less than 25% of Identity Theft. Employment fraud, and its associated frauds, such as IRS fraud, medical benefits fraud, drivers license fraud represent the vast majority of identity theft frauds.

Credit monitoring provides little protection against credit fraud. The lag times involved in the credit rating companies systems result in notification by credit grantors of problems long before those problems are reflected in a credit monitoring system.

Identity Thieves target high net worth individuals. While identity theft is statistically most common among the age group of 22 to 24, the greatest monetary damage and disruption of life occurs among those with significant assets.

Some identity thieves specialize in victimizing the very young, the very old, the very sick, and the dead. You need to protect the entire family.

Data breaches are a very real threat to your privacy and security. 40% of data breaches are intentional criminal acts, and not lost laptops or misplaced backup tapes.

TIPS

Avoid using ATM machines when traveling outside the USA/Canada. Never use an ATM machine in mainland China, Eastern Europe, or Southern Europe.

Freeze your credit – stop credit rating companies from selling your credit information to others, including criminals, without your permission.

Eliminate paper statements from banks and financial institutions. Use on-line systems with good software protection to access your financial records frequently. Set aside a specific time, say Sunday afternoon, to review your accounts on a weekly basis. Don’t wait for a monthly bill to uncover trouble.

Eliminate all unused credit vehicles. Cancel “emergency” credit cards. Close lines of credit you do not anticipate using in the near future. Cancel all cash balance dormant accounts. Bank employees are often bribed into providing this information to thieves. These accounts are targeted by criminals and tend to be unmonitored, giving criminals valuable time to escape detection.

Turn off wire transfer facilities with financial institutions. Use these facilities only when needed.

Billing errors are increasingly uncommon. Don’t assume a billing error will be cleared up without your direct action. It may not be a billing error. It could be identity theft.

Always file a police report when you are a victim of identity theft. Without a police report, no crime has been committed. Without a police report you have no rights to dispute claims by others.

If a victim, always create a paper trail. Do not rely of phone calls to permanently resolve problems. It its credit fraud, call the credit issuer immediately. Then follow up with a written statement and a copy of the police report. Create a contemporaneous log of all your activity. Document as if you were going into court.

Be sensitive to the fact that identity theft often occurs within families. These cases require swift but discreet handling. Knowledge experts will be required.

Second homes and vacation homes are major targets for mortgage fraud. Real property you do not closely observe is subject to significant risk.

Information about you has cash value to criminals. Criminals trade "profiles" for cash. If you are a victim once, you will probably be targeted again.

SOCIAL NETWORKING RISK – MYSPACE, ITS SO YESTERDAY – MOVING ON TO SECOND LIFE

2006-10-23T10:28:00.000-07:00

We frequently write in this blog about the dangers of revealing too much personal information on social networking sites such as MySpace. Pre teens and teens are particularly at risk; primarily due to the lack of caution, peer pressure to reveal too much information, and targeting by predators.

At KnightsBridge Castel we have searched through hundreds of records in MySpace looking for personally revealing information. This research was conducted with the approval of the MySpace participants, including teenagers. We found the amount of personal information revealed on these sites to be appalling.

In the last month we began researching the new social network craze – Second Life. Unlike MySpace, Second Life creates an active virtual world in which “players” in the game interact with each other through instant messaging (IM). Compared to Second Line, MySpace is passive, dull, and not interactive. Second Live is visually stunning and allows for interaction between players at a far more engaging level.

Second Life, has its seamy side, however we have noticed that players in Second Life are far more reluctant to reveal personal information than on MySpace. Our findings at this point are intuitive, but based on hundreds of IM conversations with participants. Only time will tell if players in Second Life fall into the same patterns of revealing too much personal information as they easily do in MySpace.

However, the dynamics of the almost real interactive nature of Second Life seems to make people more cautious than the simple posting systems of MySpace. In interactions on Second Life, you are presented with an interactive visual image of the person you are talking to, and although most of the players depicted are “beautiful” people, the very act of talking (via IM) to a virtual person makes players more cautious about revealing identity details.

A more scientific study is needed; however there is a deep difference in the psychology of interaction between MySpace and Second Life. Its worthy of a dissertation.

WORK AT HOME & MAKE BIG MONEY – MONEY MULES RECRUITED ON-LINE BY CRIMINAL ORGANIZATIONS TO FACILITATE ID THEFT.

2006-10-20T13:36:00.000-07:00

Phishing is not longer a crime of individual hackers. Phishing has become a favored tool of organized criminals. To facilitate the volume of frauds perpetrated by crime groups these organizations have been recruiting innocent citizens into their criminal activities. These “money-mules” are recruited to launder stolen money and stolen goods nationally and internationally.

Innocent people are drawn into participating in these frauds through major employment listings and often as work at home opportunities. Job titles such as “financial receiver”, “sales rep”, “shipping manager” or “stock supervisor” are offered for these fake positions.

Innocent victims from the US, UK, and Australia are often duped into the illegal transfer of funds to Eastern Europe. Money mules are critical to the success of these operations. Identity Theft victims are at the start of the chain of fraud. Money mules are at the end. The criminal organizations, in the middle, not only steal, but then must convert their ill gotten gains into clean money.

Successful phishing often results in “profile” information of the identity theft victim that allows the thieves to attack the victims assets. Money mules are needed in the same country as the victim in order to easily accept money transfers or to ship items to the crime groups.

Investigators recently spotted a Craigslist advertisement for a "regional assistant" and contacted a company called Terenfc and requested a job application. Terenfc described itself as a wholesale product distribution company. They offered a commission program of $50 per received package and then transferred plus a base salary of $2,000 per month.

Terenfc then sent the investigator an employment agreement with the following terms:
-- To accept merchandise orders at his/her residential address;
-- To handle the received merchandise in accordance with the reasonable conditions of handling of items;
-- To fill in all the necessary postal documents of the postal service company in complete accordance with their instructions;
-- To ship the item or merchandise to the address listed in the instructions;
-- To scan and send via e-mail or fax all postal documents attached to the shipped correspondence (such as invoices, package slips, custom declarations, receipts or courier's tracking numbers) to the representative of the company within one business day.

Investigators also determined that money mules were encouraged to open multiple accounts with the same bank as the identity theft victim. This allows for small transfers between accounts that just stay under the radar.

Criminal groups contact prospective victims with phony job ads through employment websites, general company websites, e-mail, and Internet chat rooms. Jobs are often advertised as managerial but have no real requirements for experience or education.

Criminal organizations convince victims to work for their company and often use contracts forms to cement the employment relationship. When employed the money mules take funds into their accounts from accounts that have been stolen or compromised. Mules then transfer funds out of their accounts and send them via wire transfer service to criminal accounts overseas.

Money mules are key to the success of these criminals. Without the money mules the criminals cannot get to their stolen goods and get their money.

WHO’S PHISHING TODAY

2006-10-20T10:55:00.000-07:00

Every day at KnightsBridge Castle we receive phishing attacks. We monitor them but I thought today I would share with you the Phishing effort of the day. Today’s effort is the common Ebay notice. The wording of the phishing attempt is as follows.

_________________________________

EBAY LOGO

Dear sir,

We recently have determined that different computers have logged onto your eBay account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.

If this is not completed by October 24, 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. Thank you for your cooperation.

CLICK HERE TO CHANGE YOUR PASSWORD

Thank you for your prompt attention to this matter.

We apologize for any inconvenience.

_________________________________

Upon clicking to change your password you are directed to a DNS location, not the URL of EBAY. A trace of the DNS reveals the following location of the phishing effort. EBAY has not moved its security facilities to Uruguay as indicated by the DNS.

OrgName: Latin American and Caribbean IP address Regional Registry

Address:    Potosi 1517

City:       Montevideo

Country:    UY

NW3C GUIDELINES FOR PROTECTING MINOR CHILDREN ON THE INTERNET VIOLATED BY MAJORITY OF CHILDREN AND TEENS

2006-10-19T11:11:00.000-07:00

Recent research conducted by KnightsBridge Castle indicates that the majority of children and teens using the internet and social networking sites such as MySpace violate at least one of the 6 basic child safety guidelines provided by the National White Collar Crime Center (NW3C).

We quote the NW3C child and teen safety guidelines:

Examples of information a child should not give out in their online profile include:
-- Real Name
-- Addresses
-- Any phone numbers
-- Name and location of school
-- Name or location of a teen’s place of work
-- Pictures of himself or herself.

KnightsBirdge Castle research indicates that social networking sites have proven so attractive to children, and that peer pressure to participate is so strong, that the majority of children interviewed violate one or more of the guidelines given above. During the interviews most children knew of the dangers of revealing this information, however, their resistance to providing detailed information often broke down with usage, time, and poor examples set by peers. Some children and teens that held to the guidelines often had their security compromised by friends who often posted this information on their own web pages.

RECENT PHISHING ALERTS TO OCTOBER 18, 2006

2006-10-18T11:47:00.000-07:00

10.18.06
Phishing Alert
Neighborhood Credit Union
10.18.06
Phishing Alert
OSU Federal
10.18.06
Phishing Alert
Britannia Building Society
10.17.06
Phishing Alert
Lorain National Bank
10.17.06
Phishing Alert
Bank of the Cascades
10.17.06
Phishing Alert
CU @ Home, Home Banking
10.16.06
Phishing Alert
Great Western Bank
10.13.06
Phishing Alert
BB & T Branch Banking & Trust
10.13.06
Phishing Alert
Teachers Credit Union
10.12.06
Phishing Alert
OCHA Credit Union
10.12.06
Phishing Alert
Alliance Bank
10.12.06
Phishing Alert
Notre Dame Federal Credit Union
10.10.06
Phishing Alert
Brattleboro Savings & Loan Association
10.10.06
Phishing Alert
USA Federal Credit Union
10.09.06
Phishing Alert
Bank of America, Military Bank
10.06.06
Phishing Alert
Del Norte Credit Union
10.05.06
Phishing Alert
Boulder Valley Credit Union
10.05.06
Phishing Alert
e-Bullion
10.04.06
Phishing Alert
St. Bernardino School Employees FCU
10.04.06
Phishing Alert
Honolulu City & County Employees Federal Credit Union
10.04.06
Phishing Alert
Cahoot Bank
10.04.06
Phishing Alert
Heritage Oaks Bank
10.02.06
Malicious Website / Malicious Code
Email Fraud Using Brazilian Gol Airlines Crash
10.02.06
Phishing Alert
National Bank of Abu Dhabi
10.02.06
Phishing Alert
Arkansas Federal Credit Union

ERIC DREW TO APPEAR ON CBS STUDIOS’ MONTEL SHOW – OCTOBER 19, 2006

2006-10-18T11:12:00.000-07:00

On October 19, Eric Drew, founder of KnightsBridge Castle, will appear on the Montel Show to discuss Identity Theft prevention, detection, and recovery. Eric is regularly featured as identity theft prevention expert on national television and appears regularly on NBC, CNN, and other networks. Please check your local listings for the time and location of this show with Eric Drew

MOTHER’S MAIDEN NAME – EASY TO CONSTRUCT FROM PUBLIC RECORDS

2006-10-13T10:22:00.000-07:00

Markus Jakobsson of Indiana University recently published a paper demonstrating computing techniques which can deduce a mother’s maiden name against a targeted individual with great efficiency. Using public records in the state of Texas his technique was able to deduce the maiden names of the mothers of over 4 million Texans.

Security professionals have known for many years that the use of the mother’s maiden name is a very poor authentication technique. However its use as a verification tool is still widespread.

At KnightsBridge Castle, using both public and private databases we easily find mother’s maiden names of our clients when providing identity theft protection services and with a clients “permissive use authorization.” When performing authentication we do not use this poor validation technique. Why do businesses continue to use this technique? We are not certain, but it is cheap and while it no longer can be relied upon, it once had some validity.

Professor Jakobsson’s approach is of great interest and the full paper may be found at:

http://www.informatics.indiana.edu/markus/papers/mmn.pdf

PICTURE PHONES – PRYING EYES AND IDENTITY THEFT

2006-10-12T11:58:00.000-07:00

Picture phones are everywhere and they are often used by identity thieves to facilitate crime. Consumers need to increase their sensitivity to the prying eyes of picture capable cell phones. Common risks of identity theft facilitated by identity thieves with picture phones and standing near you are:

Capture of bank routing information when writing checks. Routing numbers are used for check forging and electronics fund transfer.
Capture of key strokes at ATM machines – video records of keystrokes can be used to reconstruct pins. Account number data is stolen by skimming devices attached to the ATM. The combination allow thieves to steal from your accounts
Drivers license numbers and address information when providing proof of identity – used to create forged drivers licenses which have correct validation information.
In house account numbers – if you have an account number with a local merchant and use it to make purchases, cell phone camera’s may catch these numbers.

We are now very sensitive to “prying eyes”; however the cell phone camera is held in the hand and may compromise our personal information even though the eyes are not “prying.”

CRACKING PASSWORDS – EASIER THAN YOU THINK

2006-10-11T15:06:00.000-07:00

Passwords and PIN’s are our primary defense in protecting our personal security in personal systems as well as in commerce. Unfortunately, breaking these codes is easy. There are three common techniques for breaking your password and stealing your information or commercial accounts.

Dictionary or Brute Force attacks – these attacks use word frequency dictionaries and simply submit one common word after another until the logon is accepted. In the early 70’s when this author was a young programmer my password was “dog”. Today’s powerful servers and PC’s would have cracked open my old accounts in less than a second.

Rainbow Table attacks – these attacks use a technique which constructs a chain of possible passwords. Each chain contains randomly selected “guesses” of passwords and then successively applies a hashing technique and reduction function to search for a valid password. Failed password guesses are discarded and new random guesses constructed through the creation of a “rainbow table”. This table takes time and memory to build, but must only be built once at which point, it can then very quickly recover unknown passwords.
With the growth of on-line accounts we are all having trouble remembering passwords. The most common call to help desks is for forgotten passwords. Therefore we tend to fall into an all too common trap – we create a basic easily remembered short password and we use it for many accounts. The easily remembered password is usually a common English language word or a variant on that word. We all know the need for adding special characters, but few of us do so. Your keyboard has 64 characters on it and another 104 non-alpha-numerics. Both of the above techniques will search the character strings first. By including many of the other 104 keyboard elements you make these techniques much more complex and more time consuming.
Here are some poor passwords easily cracked but easy to remember.

alphabeta
abouttown
speedlimit

Here are some far more difficult passwords to crack but probably more difficult to remember.

$,H&aNlo*>>
M#ar”tin
Over64$easy^^TOn(=12

MICROSOFT INTERNET EXPLORER OR INDEPENDENT BROWSER – WHICH IS SAFER?

2006-10-10T13:33:00.000-07:00

For years the conventional wisdom has held that Microsoft’s Internet Explorer (IE) was not as safe from intrusion, hackers, keyloggers, or malware, than independently produced browsers such as Apple’s Safari or Mozilla’s Firefox. This axiom has been true for years, however we need to reassess the validity of this assumption given current developments.

Hackers prefer to write code that will cause the greatest harm or provide them with the greatest ill-gotten gains. Hackers and identity thieves have concentrated on Microsoft’s Internet Explorer, not because of inherent flaws, but rather because it was the most widely used browser technology. A week spent designing successful malware for IE would result in millions and millions of successful attacks. Time spent on formerly tiny Mozilla FireFox would gain only a few hundred thousand successes.

However with the growing popularity of independent browsers, and the increasing security efforts of Microsoft, these conclusions may not be valid. A leading internet security company recently reported that for the first time the number of known significant security risks was slightly greater for independent browsers.

We do not recommend changing browsers. We do recommend that you reconsider any assumptions about your browser based of traditional views of security.

OLD COMPUTER DISK DRIVES – A GOLD MINE FOR IDENTITY THIEVES

2006-10-09T12:20:00.000-07:00

As part of our identity theft prevention program we advise clients to destroy old hard disk drives from personal computers when scrapping them or donating the units to schools or charity,

While this caution is well understood, consumers continue to make the error of leaving a hard drive in a PC when disposing of it.

When PC’s are recycled the hard drives are pulled from the units and often auctioned off. In a recent study 300 used hard disks were purchased on auction site throughout the world. 41% were unreadable, 20% contained information identifying their previous owners, 5% held commercial business information such as account numbers and customer information, and an additional 5% held “illicit” data.

Data commonly found on these old hard drives included payroll information, mobile telephone numbers, copies of invoices, employee addresses and pictures, IP addresses, network information, illicit audio and video files, and financial details including credit card accounts.

How do you dispose of old hard drives? You have two options – degauss the drive or physically destroy the drive. Degaussing the drive involves a placing the drive in a powerful magnetic field to erase information. Some PC stores may have degaussing units available for consumer use, however these systems are not easy to find. The other option is to physically destroy the drive. Two physical destruction techniques are common – sledge hammer or a bucket of salt water. While the sledgehammer technique has some merit, we advise the salt water technique. Take a bucket of water, add a cup of salt, drill a hole in the disk drive housing to let the water in, place the drive in the bucket, put the bucket in the garage, wait a week, toss out the drive into the trash or recycling. Salt water attacks the circuitry of the unit as well as the aluminum substrate of the disks themselves. After a week the drive is ruined and recovery of data impossible.

NEW WORK AT HOME SCAM AND FRAUDULENT ADVANCE PAYMENT

2006-10-06T12:40:00.000-07:00

This counterfeit check is part of a "work at home scam." Targeted victims receive a letter and this above check allegedly from the Shopping Group Inc., informing them that they had been hired as a "secret shopper". The letter stated that she would be making a $50 secret purchase at Wal-Mart, a $40 secret purchase at Gap, then a $2500 wire transfer at Western Union and a $1200 wire transfer at Money Gram.The victim was instructed to call the Shopping Group at a specific number for instructions. When the victim called they were advised to deposit the check and once the check had cleared to call back. At that time they would tell the victim where to send the wire transfers.

The victim,suspecting fraud, looked up the phone number for Artisan's Bank and called them direct. An employee at Artisan's informed her the cashiers check was counterfeit and they had received several calls on them.

ORGANIZED CRIME AND IDENTITY THEFT

2006-10-06T11:42:00.000-07:00

Ten years ago the Association of Certified Fraud Examiners (ACFE) predicted that “fraud will be the crime of choice for the 21st century.”

Today the ACFE concludes that fraud in the US alone exceeds $600 Billion dollars annually.

Many of these fraud schemes are the result of identity theft and impersonation crimes.

Organized crime groups, have in recent years, seized upon new technologies to increase criminal attacks. These technological resources include powerful computers, advanced servers, state of the art networking equipment, skilled programmers and even computer scientists with advanced skills.

In the database world, in which our personal information resides, there is a cyber war between organized crime groups and businesses. Crime groups seek to break into personal information databases and businesses struggle to counter these attacks in protecting their data.

Detica, a leader in financial crimes prevention, in a recent article describe new developments in organized criminal attacks on databases.

“The modern criminal has adapted to these new environments, developing new ways of perpetrating serious financial crimes while continuing to operate below the radar. This new modus-operandi is characterized by well organized executions of many smaller frauds spread across multiple individuals and often across a number of financial institutions.”

Rather than launch massive attacks against a data base, which is easily detected, the new criminal technique is to target databases in low volume and low frequency attacks. By flying “under the radar” organized groups can repeatedly attack databases with far less chance of detection.

GOVERNMENT ACCOUNTABILITY OFFICE WARNS MEDICARE AND MEDICAID SERVICES VULNERABLE TO IDENTITY THEFT

2006-10-05T15:13:00.000-07:00

The GAO (Government Accountability Office) recently issued a report which found serious deficiencies in the Medicare and Medicaid computer network systems called the CMS system.

These vulnerabilities made it possible for hackers to access personal medical records and other personal records. The report found “significant weaknesses in electronic access and other systems control threatened the confidentiality and availability of sensitive CMS financial and medical information…. As a result sensitive, personally identifiable medical data traversing the network is vulnerable to unauthorized disclosure….”

At KnightsBridge Castle we have been following an alarming increase in medical benefits fraud facilitated by identity theft. The lack of a secure network system within CMS places all Medicare and Medicaid patients, medical professionals, and consumers at risk.

The full report may be read at:

www.gao.gov/cgi-bin/getrpt?GAO-06-750

“PRETEXTING” - ITS AGAINST CALIFORNIA LAW

2006-10-05T10:58:00.000-07:00

The “talking heads” on the financial news channels have today been assessing the recent HP “pretexting” case, and have been challenging the possibility that HP’s executive team violated the law. On the other hand, the California Attorney General filed charges yesterday against the executives. In addition to conspiracy charges the basic criminal charges are based on the following penal code sections.

538.5. Every person who transmits or causes to be transmitted bymeans of wire, radio or television communication any words, sounds,writings, signs, signals, or pictures for the purpose of furtheringor executing a scheme or artifice to obtain, from a public utility,confidential, privileged, or proprietary information, trade secrets,trade lists, customer records, billing records, customer credit data,or accounting data by means of false or fraudulent pretenses,representations, personations, or promises is guilty of an offensepunishable by imprisonment in the state prison, or by imprisonment inthe county jail not exceeding one year.

530.5. (a) Every person who willfully obtains personal identifyinginformation, as defined in subdivision (b), of another person, anduses that information for any unlawful purpose, including to obtain,or attempt to obtain, credit, goods, services, or medical informationin the name of the other person without the consent of that person,is guilty of a public offense, and upon conviction therefor, shall bepunished either by imprisonment in a county jail not to exceed oneyear, a fine not to exceed one thousand dollars ($1,000), or boththat imprisonment and fine, or by imprisonment in the state prison, afine not to exceed ten thousand dollars ($10,000), or both thatimprisonment and fine.

502(c)(2)
(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense:
(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.

STUDY CONFIRMS RISKS OF IDENTITY THEFT FROM SOCIAL NETWORKING SITES.

2006-10-05T10:40:00.000-07:00

The National Cyber Security Alliance (NCSA) a not-for-profit organization, has released a study which confirms the concerns of many that social networking sites pose a significant risk to personal security and to increased risk of identity theft attacks. The National Cyber Security Alliance (NCSA) is a public resource for cyber security awareness and education for home user, small business, and education audiences.

Social networking sites such as MySpace have become extremely popular in the last two years with MySpace alone having over 80,000,000 subscribers world wide. Social networking technologies allow individuals to create their own web pages full of personal information, chat with friends, photos, videos and instant messaging.

KnightsBridge Castle examined the risks to social networking some months ago by conducting focus groups with both teens and parents. Our conclusion was that the peer pressure to participate in social networks by teens was irresistible, and that teens often deceived parents about their use of these networks.

We also concluded that parents were unable to restrict access by their teens and children to these sites regardless of their vigilance. We advised that parents should set down rules for social networking use rather than to forbid their use. In addition we suggested for parental monitoring and enforcement of those rules.

The NCSA study concluded that many who used social networking sites were unaware of the risks to personal security and to identity theft.

We believe that this study is of great utility in understanding the risks to adults. The study has one major flaw in its methodology. It spoke only to adults. The study therefore gives the perception of adults as to the use of these sites by teens. NCSA reports that less than 25% of teens are active on social networking sites. Our studies, here in the San Francisco/Bay Area indicate that teen use of these sites exceeds 80%. In our focus groups we found that 40% of teens using social networking sites were doing so by deception to their parents.

CONCLUSIONS OF THE NCSA STUDY

83 percent of adults who use social network expose themselves to hackers and thieves by downloading unknown files potentially opening up their PCs to attacks.

74 percent have given out some sort of personal information such as their email address, name and birthday. Some have even given out their social security number. Providing this type of information can provide enough ammunition for criminals to hack into financial records and compromise users’ personal information.
57 percent of adults who social network received unsolicited emails or phishy emails asking for money, requesting account information, informing users of lottery winnings or asking users to download a video or picture.

31 percent of those who received these phishy emails actually responded to them. Responding to phishy emails dramatically increases the chances of receiving more unsolicited emails and providing personal or financial information that could be used to commit identity theft or fraud.

40 percent of employed respondents with access to a computer at work claimed to visit these types of Web sites at work, opening up their businesses to the same cyber security risks.

20 percent of adults surveyed are aware their children under the age of 17 use social networking services, only 49 percent of those adults limit access to their children’s profile.

The full report may be found at:
http://staysafeonline.org/features/ncsalibrary.html

PRIVACY, IDENTITY THEFT PREVENTION, AND INTERNET COMMUNICATIONS:

2006-10-04T10:50:00.000-07:00

Many of us have become increasingly reliant on internet messaging facilities, such as email and now IM (instant messaging). In 1995 we wrote an article for West Publishing entitled “Electronic Discovery in a Paperless World”, and in this article we discussed the concept that “an email is forever.” In other words, emails are not ephemeral. Emails do not disappear in the ether, but rather can be recovered and read by others. At the time we wrote the article, it was standard procedure for Silicon Valley companies to log and retain all email and voice mail messages for a minimum of seven years. Corporate emails are known now to have no assurance of privacy, and corporate logging and capturing systems are only one way in which personal information can be compromised.

Today, we can say the same for IM – Instant Messaging systems. To rephrase our earlier conclusion about emails we can now say “an Instant Message is forever.” Not only do corporate systems and internet service providers keep copies of instant messages, but hackers, keyloggers, and malware also may capture IM.

At KnightsBridge Castle we have a policy regarding electronic messaging. Our policy is never to include personally identifying information within an electronic message. Emails are used only to notify a client of the need to contact us directly about a problem or issue detected in their profile. When we use our website “Chat line” we insist that our consultations with potential clients and others, be kept of a general nature. The specifics of any situation, which would reveal personal information are not discussed at any time by email or IM. Critical communications with clients concerning personal information are carried out on secure telephone lines or through the US Mail. Telephone conversations and the US Mail have their own security issues, however, federal enforcement of privacy laws regarding the content of these messages is strong and enforced.

FREE JAGUAR AT THE MALL – JUST FILL OUT THE SURVEY – SAN JOSE POLICE FRAUD DETECTIVE SAYS: “DON’T DO IT”.

2006-10-03T13:27:00.000-07:00

In a recent interview with Frank Keffer of the San Jose Police department he reiterated advice that KnightsBridge Castle has provided to clients for a long time – don’t fill out surveys of your interests, buying habits, or which ask for personal information such as income. Our perspective on this scam is a bit theoretical, but Detective Keffer’s view is very practical.

When you see that new car at the mall you may be tempted to fill out the marketing survey and take a chance at winning a new car. Keffer advises you resist the temptation. Information you provide will be collected by marketing companies and potentially sold to hundreds of legitimate and not so legitimate data mining companies. Their purpose is to harvest the data and learn as much about you as possible. If identity theft does not follow, then marketing blitzes surely will.

Ask your self, “Why would someone give away a car in exchange for survey information?” The answer – survey information has value to marketers and thieves.

That car by the way, is probably traveling throughout the state our country as an inducement to provide personal information. Its not a local contest. Your chances of winning are very slim indeed – in fact the car may never be awarded at all.

OFF-SHORE CALL CENTERS ENDANGER CONSUMERS IDENTITY IN BRITIAN

2006-10-02T14:29:00.000-07:00

London’s Channel 4 presents a documentary airing on Thursday which will put the problem of British consumer data theft from Indian call centers under the spotlight.

A British documentary scheduled to air tomorrow night in London claims that thousands of credit card and passport details are being stolen from British consumers and sold on for as little as £5 each. The culprit – foreign call centers.

Channel 4 will broadcast 'Dispatches' an undercover documentary entitled ‘The Data Theft Scandal' on Thursday at 9pm.

The program follows a 12-month investigation and exposes "alarming security failures in a number of commercial call off shore centers".

Hidden camera footage shows one middleman offering the undercover reporter a database containing the credit card details of 200,000 people and another middleman offering details of customers with Halifax, Nationwide, Woolwich, Bank of Scotland and NatWest for £5 each.

The UK government estimates that identity fraud costs the UK economy £1.7bn and that there are more than 100,000 victims every year.

SOCIAL SECURITY INVESTIGATES BENEFITS FRAUD - POSTAL EMPLOYEE SENTENCED TO 30 MONTHS

2006-10-02T13:35:00.000-07:00

The Office of Inspector General (OIG) of the Social Security Administration (SSA) reported a successful prosecution for disability benefits fraud. Disability benefits fraud is taken seriously by the SSA and is vigorously investigated. Other forms of fraud, such as the use the fraudulent Social Security Number to seek fraudulent employment or to seek non-SSA benefits (such as medical benefits fraud, and IRS fraud) are not actively pursued by OIG of SSA. We have discussed this problem with SSA fraud investigations earlier in this blog. While this story is not about Identity Theft it does illustrate where the SSA puts its investigative efforts.

The New Haven office of the SSA investigated a woman employed by the United States Postal Service who fraudulently received $137,591 in disability benefits from both SSA between 1996 and 2005. She left the Postal Service in 1996, and filed claims for disability benefits in April and September 1999, alleging that she was unable to work because of physical ailments that prevented her from employment. The woman was granted SSA disability benefits in 1996 and received benefits until her conviction in August 2005. The United States Postal Inspection Service obtained extensive video surveillance footage of the woman between August 2000 and April 2001 which showed her engaging in activities inconsistent with her alleged disabilities. Subsequent investigation determined that she had made misleading and fraudulent statements and representations about her medical condition to SSA during the benefit application process.

SOCIAL SECURITY NUMBER SECURITY? – CONSUMER REPORTS ADVICE MISSES A KEY COMPONENT.

2006-10-02T12:36:00.000-07:00

“Inside”, the newsletter of Consumer Reports, this week ran a short article on “Safeguarding your Social Security Number”. Missing from its discussion of protection was a key and critical element.

The good advice from Consumer Reports?

-- Don’t carry your SSN
-- Don’t put documents with your SSN in your mailbox for pickup.
-- Don’t give your SSN to anyone – unless absolutely necessary.
-- Get your SSN off pay stubs
-- Don’t throw away old insurance cards, pay stubs, or anything with your SSN into the trash.

Missing from these recommendations – find out if someone else is using or has used your SSN. How? By checking over 85,000 databases for name, address, SSN combinations to ensure that your SSN is secure. If not, there are specific actions you can take to make yourself secure.

KnightsBridge Castles SSNWatch service (http://www.ssnwatch.com/) provides you with this capability.

FBI'S REDUCED ROLE IN INVESTIGATING IDENTITY THEFT

2006-10-02T11:17:00.000-07:00

Following 9/11 the FBI saw a major change to its priorities and one of the unintended consequences of these changes was a de-emphasizing of its role in white collar crime investigation including identity theft crimes. Some analysts have commented that the FBI lost all interest in these crimes, and others assert that the Secret Service is now responsible for identity theft frauds. The FBI following 9/11 transferred 500 agents from traditional crime areas to terrorism related programs.

The US Justice Department has reported a 38% reduction in the overall number of white collar crimes (including identity theft crimes) that the FBI has referred for prosecution, as well as a 37% reduction in organized crime referrals.

The actual commitment of the FBI to identity theft crimes is difficult to ascertain. Our contacts within major metropolitan police departments indicate that the FBI was rarely involved in day to day identity theft investigation and that their efforts were focused on high impact and high visibility major fraud.

Published on the FBI website are its top ten priorities. These are:

1. Protect the United States from terrorist attack.
2. Protect the United States against foreign intelligence operations and espionage.
3. Protect the United States against cyber-based attacks and high technology crimes.
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational and national criminal organizations and enterprises.
7. Combat major white collar crime.
8. Combat significant violent crime.
9. Support federal, state, county, municipal, and international partners.
10. Upgrade technology to successfully perform the FBI’s mission.

With respect to the many crimes of identity theft, including credit fraud, impersonation crimes, and criminal identity theft, the FBI priority list clearly delineates where the FBI places resources regarding this crime.

Identity theft to facilitate terrorism, foreign intelligence, espionage, public corruption, trans-national crime, significant or major white collar crime and violent crime are stated objectives. Effectively this means that for the FBI to take an interest in identity theft crimes affecting consumers the impact must be very large indeed.

By implication these priorities leave the vast majority of identity theft crimes to local police authorities with one notable exception – organized international criminal id theft rings.

At KnightsBridge Castle we believe that consumers and individuals are increasingly “on their own” when it comes to preventing, detecting, and recovering from these crimes. The U.S. Department of Justice statistics, as well as the new FBI priorities seem to lend credence to this conclusion.

PHISHING ALERTS FOR 9/30/2006

2006-09-29T10:51:00.000-07:00

Fort Belvoir Federal Credit Union
Central Credit Union of Florida
Permanent TSB
Antioch Community Federal Credit Union
Marine Federal Credit Union
Associated Credit Union
Trinity Bank
NIH Federal Credit Union
Tyndall Federal Credit Union

“NIGERIAN 419 SCAM” TARGETS ASIANS

2006-09-29T10:26:00.000-07:00

Police in San Francisco reported this month a variation of the “Nigerian 419 Scam” targeted at Asians. The email scam offers Asian recipients millions of dollars from the bank account of a deceased Iraqi army officer.

The e-mail is a variant of a scam in which the sender offers the recipient a share of a large sum of money but first requires the victim to send personal information and funds to obtain the full payout.

The sender of the email is “Peter Wong” who uses a Yahoo Hong Kong e-mail account, and says he is the director of operations for Hang Seng Bank, Ltd.Police say Wong tells the recipient that an Iraqi client, Major Fadi Basem, and his family have been killed, leaving $24,500,000 in a Hang Seng Bank account.Wong says that as the family has no beneficiaries, the money will go to the Chinese government if there is no claim.He then reportedly offers to have documents falsified to help the e-mail recipient pretend to be a member of Basem’s family and claim the money.According to police, Wong says he will take 60 percent of the money received, with the remaining 40 percent going to the e-mail recipient.

The Financial Times recently reported that the classic “Nigerian 419 Scam” continues to defraud thousands in the USA and the UK even though public knowledge of the scam is widespread.

MORTGAGE FRAUD RING DEFRAUDS MORE THAN 100 – IDENTITY THEFT THE VECTOR OF THE CRIME

2006-09-28T14:26:00.000-07:00

Federal and state officials in Virginia are investigating an elaborate identity theft and mortgage fraud ring that defrauded over 100 people in a small town. Unwitting people were enticed to allow a real estate investment company to use their “good credit” to purchase properties at inflated prices. The company then falsely sought loans in their names and then defaulted on the loans. The default left the investors with fraudulent real estate ownership and inflated loans.

The investors were asked to provide personal information which would confirm their good credit and were then paid for providing the information. They were told that the information was not for securing loans in their names, but rather to assist in establishing “corporate” credit.

The company then engaged in a set of identity theft crime known as “impersonation crimes” where they used the personal information of the investor to seek loans in the name of the investor to purchase homes from their inventory.

One defrauded investor discovered the crime when the attempted to purchase a first time home and the local bank told them that they already owned four homes.

Mortgage fraud is rapidly growing in the US and is frequently facilitated by identity theft and impersonation crimes. The Federal Bureau of Investigation reports that mortgage fraud led to over $1 billion in 2005, up from $429 million in 2004.

Like most identity theft crimes, mortgage fraud is lucrative for the thieves and often presents little real risk of injury, capture, or long jail sentence.

CREDIT REPORTING COMPANIES – SELL YOUR INFORMAITON WITHOUT PRIOR AUTHORIZATION.

2006-09-27T14:24:00.000-07:00

Here is a carefully worded quotation from “12 common questions” a brochure produced by the credit reporting company Experian.

“Our economy and job market depend on companies, large and small being able to reach consumers most likely to be interested in their product and services. Direct marketing is often the key to business success and to lower prices and better services to customers”

“Credit reporting companies (including Experian), under carefully controlled procedures, provide lists of credit worthy consumers to companies that offer credit.”

Here is section 604 of the Fair Credit Reporting Act covering the permissible use of credit reporting companies information purchased by “persons”.

§ 604. Permissible purposes of consumer reports [15 U.S.C. § 1681b]
(a) In general. Subject to subsection (c), any consumer reporting agency may furnish a consumer report under the following circumstances and no other:
(1) In response to the order of a court having jurisdiction to issue such an order, or a subpoena issued in connection with proceedings before a Federal grand jury.
(2) In accordance with the written instructions of the consumer to whom it relates.
(3) To a person which it has reason to believe
(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer; or
(B) intends to use the information for employment purposes; or
(C) intends to use the information in connection with the underwriting of insurance involving the consumer; or
(D) intends to use the information in connection with a determination of the consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status; or
(E) intends to use the information, as a potential investor or servicer, or current insurer, in connection with a valuation of, or an assessment of the credit or prepayment risks associated with, an existing credit obligation; or
(F) otherwise has a legitimate business need for the information
(i) in connection with a business transaction that is initiated by the consumer; or
(ii) to review an account to determine whether the consumer continues to meet the terms of the account.
(4) In response to a request by the head of a State or local child support enforcement agency (or a State or local government official authorized by the head of such an agency), if the person making the request certifies to the consumer reporting agency that
(A) the consumer report is needed for the purpose of establishing an individual’s capacity to make child support payments or determining the appropriate level of such payments;
(B) the paternity of the consumer for the child to which the obligation relates has been established or acknowledged by the consumer in accordance with State laws under which the obligation arises (if required by those laws);
(C) the person has provided at least 10 days’ prior notice to the consumer whose report is requested, by certified or registered mail to the last known address of the consumer, that the report will be requested; and
(D) the consumer report will be kept confidential, will be used solely for a purpose described in subparagraph (A), and will not be used in connection with any other civil, administrative, or criminal proceeding, or for any other purpose.
(5) To an agency administering a State plan under Section 454 of the Social Security Act (42 U.S.C. § 654) for use to set an initial or modified child support award.

Now you decide if Excperian’s selling of your credit information to direct marketing organizations without your prior authorization meets the requirements of section 604. Read carefully section 604a.3.A through F. Then you decide for yourself.

TODAY’S PHONE SCAM

2006-09-27T13:41:00.000-07:00

At KnightsBridge Castle our staff members, contrary to our consumer advice to avoid identity theft and scams, often answer phone calls without screening. We do this to stay ahead of new scams.

Today’s scam went something like this:

(Staff Member) Hello.
(Caller) –after 5 second pause- Hello, May I speak to Sally Smith?
(SM) May I ask who is calling?
(C) This is Consumer Assistance calling for Sally Smith.
(SM) Is this a sales call?
(C) No, this is not a sales call.
(SM) This phone number is on the Do Not Call telephone registry. Do we have a preexisting business relationship?
(C) Yes.
(SM) Can you tell me what this call is about?
(C) Yes, the credit reporting companies have informed us that Sally Smith has more than $10,000 in debt and we are here to help. We can assist with 0% financing and reduce her debt payments by more than 40%.
(SM) Can you tell me more?
(C) Yes. We are calling to assist Sally Smith in reducing her debts and in reducing her payments.

The call then proceeded for some while as the caller repeatedly assured the Staff Member that this was not a sales call and that all they wanted to do was help. We bit!

(SM) Why this sounds very good to me. Id like to sign up.
(C) Great, we can help you immediately to reduce your debt. But first I need some information…

The information required?
Credit Card Numbers
Mailing Addresses

Can you spot the tell tale indicators of fraud in this call?

Here they are:
They called on a registered do not call telephone number.
They lied about a pre-existing business relationship.
They implied they had authorization and had obtained credit records.
They revealed to a person whose identity they did not know that Sally Smith had at least $10,000 in debt.
They wanted credit card numbers and mailing address information.
“Consumer Assistance” is often a section or division of government, public interest, and private company activity. The name is so common as to loose all identifying qualities.

Well, that’s today’s phone scam.

VOICE OVER IP – INTERNET TELEPHONY PRESENTS NEW RISKS

2006-09-27T12:10:00.000-07:00

At KnightsBridge Castle we have seen Voice Over IP (VoIP) used to facilitate credit fraud by spoofing caller ID’s. Many merchants use caller ID as one of several authentication techniques when purchases are made over a telephone. VoIP technologies are known to be used to spoof caller ID, or to present false caller ID’s when making a telephone call.

As VoIP technologies become more accepted additional risks have begun to emerge. Companies, such as banks and merchants, are switching their phone systems to VoIP. What they don’t realize is that they are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools.

We have been experimenting with VoIP technologies in our lab and while the benefits of this new technology are clear, the lack of security technologies and protections are very serious. Until these security issues are resolved we advise extreme caution in using these systems.

There are many risks to companies with these technologies, however the personal risk is very clear. You cannot rely on caller ID as a verification that someone calling you is from your bank, credit union, or trusted business supplier.

INFORMATION BROKERS – OPT OUT OFFER, IT’S A SCAM.

2006-09-27T11:28:00.000-07:00

With the introduction of unregulated information brokers on the internet, persons who want to protect their privacy have looked for “Opt Out” provisions on websites. Unfortunately the ethical and regulated information brokers generally do not provide opt out provisions within their databases. For the regulated brokers you have some protections on the distribution of this information through federal and state law. The unethical, unscrupulous, and perhaps illegal internet information brokers will sell your personal and sometimes private information to anyone – to you, to your boss, to stalkers, to abusive neighbors, and yes to identity thieves.

One of these unscrupulous brokers, Zabasearch, has been sending spam emails offering to allow you to opt out. These emails are actually attempts to verify information and if you respond you will not be removed from the database. Rather the information you provide will be used to update the records prior to the continued sale of your personal information.

We first discovered this unscrupulous broker while talking with the Menlo Park, California, Police Department about three years ago. At that time there were only a few of these unregulated internet information brokers on the net. Now there are dozens.

SYMANTEC INTERNET SECURITY THREAT REPORT – FLASH PRESENTATION AVAILABLE

2006-09-26T15:48:00.000-07:00

Note: We consider this Symantec Report to be critical to understing new identity theft trends. We have therefore posted links to the report on several of our blog sites.

Symantec, the internet security provider, will present its 10th edition of the Symantec Internet Security Threat report on a webcast on September 28, 2006, at 9am PDT.

We have reviewed the report issued on September 25 and find the threat assessment sobering. The latest trends and key findings relating to fraud and identity theft crimes are in stark contrast to those provided by the Federal Trade Commission in recent months. The FTC presents a picture of declining crime while the Symantec report indicates rapidly escalating cyber crime activity. While it is possible that crime activity is rapidly escalating, while crime reporting is falling, it is more likely that one of these two methodologies for studying crime trends is flawed.We see little reason to question Symantec’s findings.

You may view a flash presentation of Symantec’s finding at the following link:

http://www.symantec.com/enterprise/threatreport/index.jsp

Click on Flash Presentation.

MEDICAL BENEFITS FRAUD

2006-09-26T14:46:00.000-07:00

We have been detecting increasing incidents of medical benefits fraud and we anticipate that this trend will significantly increase in the coming months. The ease with which this identity theft crime is committed, combined with the lack of any real law enforcement, and the increasing expense of medical care combined make this crime more attractive with each day.

The risks to you are not just the consumption of your time and financial confusion. Medical benefits fraud may result in inaccurate information being included in your medical records. The errors may serious threaten you future health and your cost of health insurance, life insurance, or even your ability to obtain a drivers license.

The World Privacy Forum, a non-profit public interest group published in May a report entitled “Medical Identity Theft: The Information Crime that Can Kill You”. We quote from that report.

“…medical identity theft is a serious information crime that has had substantial consequences on patient well being, often affects the accuracy of patient medical records, and can impact a victim’s finances.

There have been 19,428 complaints regarding medical identity theft to the Federal Trade Commission since January 1, 1992…”

The report continues to discuss the difficulty in uncovering medical identity theft and the depth to which the medical systems may be involved in vectoring this crime.

At KnightsBridge Castle we have watched these trends with some alarm. Medical records, and medical billing records are complex, prone to great numbers of errors, and extremely difficult for lay persons to interpret. Even some members of the medical community find these records incomprehensible. Fraud within these records is most difficult to detect and these record complexities allow this crime to be repeated over and over again.

For more information about the World Privacy Forum report please follow this link:http://www.worldprivacyforum.org/

IMAGE SPAM AND PHISHING – THE NEW PLAGUE

2006-09-26T10:29:00.000-07:00

Spam filters have become common on home and office computers in the last few years and they have had a decided impact on reducing junk mail and exposure to phishing scams. Spam filters work in a variety of ways, but most analyze the text component of an email for tell-tale signs of spam.

However this technique of textual analysis does not work on images and spammers have been moving to sending messages as image files and not as text files. Text based spam filters cannot analyze these files and the spam is sent through to your mailbox.
A recent study by a leading software security provider saw an increase in image spam - phishers using multiple randomized images to bypass email filters. Symantec found 157,477 unique phishing messages during the first half of this year - an increase of 81 percent from the previous six months. During that time, spam made up 54 percent of all monitored email messages, a hike of 4 percent from the previous half-year.
For these new image spam messages and phishing attacks there is a technical solution – optical character recognition followed by textual analysis. Needless to say, more powerful computers are required for this detection and rejection mechanism.

The critical element to remember in Identity Theft prevention is do not open spam. If the message does not contain an understandable subject and if it does not come from an email address you recognize – then don’t open it. And if you do, NEVER, reply and NEVER buy anything from a spam source. Further always remember the fundamental rule for avoiding phishing – your financial and service providers will NEVER ask for personal information on the web, by email, or by phone. If they do, they are thieves.

CORPORATE DUMPSTER DIVING

2006-09-25T11:51:00.000-07:00

Hewlett Packard admitted last week that it engaged in corporate dumpster diving by going through the garbage of those people it was investigating for board room leaks.

Unlike HP’s efforts at “pretexting”, dumpster diving is legal.

Remember your trash may be an identity thief’s gold mine. Destroy all documents with personal information before placing it in the trash. Pay close attention to bank statements, medical records, and prescription containers – these are the sources of identity theft gold.

PRESIDENTS TASK FORCE RECOMMENDATIONS - TOO LITTLE, TOO LATE

2006-09-25T11:32:00.000-07:00

The Presidents Identity Theft Task Force has released this week its summary of “Interim Recommendations”. The report contains specific recommendations for prevention, victim assistance, and law enforcement. The report fails to address the root causes of identity theft crimes and resorts to simple solutions for complex issues. The net result of these recommendations is simply allowing the crime wave of credit frauds, impersonation crimes, and criminal identity theft to continue unabated.

KnightsBridge Castle’s services are particularly effective in identity theft prevention and we awaited the Presidents Task Force recommendations with some hopeful expectation. Included within the recommendations for PREVENTION were the following elements:
--Guidelines to government agencies on when to provide breach notices and when to provide for free “credit monitoring.”
--Recommends that the Office of Management and Budget (OMB) and Homeland Security (HSD) help agencies identify and defend against threats.
--Limit the un-necessary use in the public sector of Social Security Numbers.
--Allow agencies to quickly respond to data breaches and to share information under a new “routine use” practice drafted by the Department of Justice.
--The government should hold a workshop to determine improved identity verification and authentication techniques.

With respect to VICTIM ASSISTANCE the report called for allowing victims to recover for the time lost in correcting the harm suffered. The report recommends that the federal laws be changed to allow for the recovery of money damages for time lost from the thief.

In the LAW ENFORCEMENT SECTION the report calls for a standardized police report form to ease the collection of data into a uniform database to be maintained by the Federal Trade Commission (FTC).

KnightsBridge Castle’s view of these recommendations is as follows:

PREVENTION:
Guidelines are always good, however they need teeth. Guidelines should be regulations not suggestions for handling a breach.
Credit monitoring is a sham solution to breach problems. This guideline clearly indicates that the Task Force misunderstood either Identity Theft crimes or the limited nature of credit monitoring. Another potential factor is that the recommendation included the economic interest of the credit reporting companies in promoting their deeply flawed credit monitoring solutions. (Note: we have covered the question of the value of credit monitoring in earlier posts).
OMB and HSD assistance in preventing and following up government breaches is positive. However, recent HSD expenditures and management deficiencies, have indicated that we can expect little real help from the agency in the near term.
Limiting the unnecessary use of SSN’s is a real positive recommendation. However this will require congressional action and will be opposed by the financial community and the credit reporting agencies. To implement this plan congress must act in the public interest rather than in the commercial interest of the financial community.
Sharing information and adopting the “routine use” provision in data breaches will have no material effect in preventing data breaches in government.
Holding a workshop on authentication and verification is laughable. Alternative methods, both technical and procedural, for authentication of identity have been understood for years. The intense debate in the security and financial community about the utility of “biometrics” continues and will not be resolved in a government “workshop”.

The single VICTIM ASSISTANCE recommendation of allowing victims to seek restitution from criminals for the value of “time lost” is also of no real value. How is time lost to be measured? How is the time to be valued and how will the value of the time be proven. If a victim takes time off from work what documentation is required? If the victim takes time on a weekend is this also to be valued? These very real limitations are today preventing victims with insurance from recovering any real costs.

However all these valuation issues are moot, because the cost recovery action is taken against a criminal. Will the criminal really pay restitution? Or will he just run from the law and continue his criminal acts? We continue to follow Eric Drew’s restitution case, covered elsewhere on this bolg, and we will keep you informed if this restitution effort is successful or not.

The LAW ENFORCEMENT recommendation is the most absurd of all these recommendations. The FTC currently collects identity theft information using their ID Theft Affidavit. While a uniform police form will greatly improve the collection of data, the “Sentinel” database into which this information is input has proven to be of no value to police departments in stemming this crime wave. (Note: we have covered the “Sentinel” database and its limitations elsewhere in this bolg)

CONCLUSION:
The report of the Presidents Task force is of no real value in addressing the critical issues of identity theft reduction. It does nothing to provide police with the resources (e.g. Money and training) needed to catch and prosecute these criminals. The recommendation does nothing to lengthen prison sentences for these damaging criminal acts. The use of “credit monitoring” as a potential assistance to victims, does not benefit victims in any meaningful way, but rather it guarantees significant income to the credit reporting agencies that are often at the center of facilitation of this crime.

Link to Presidential Identity Theft Task Force Interim Report.
http://www.ftc.gov/os/2006/09/060916interimrecommend.pdf

PHISHING ALERTS FOR 9/21/06

2006-09-22T10:18:00.000-07:00

Vons Credit Union
Consumers Cooperative Credit Union
EverBank
SAFE Federal Credit Union
First Premier Bank
Tempe Schools Credit Union
Professional FCU
Bremer Banking
Hanley Economic Building Society
Orchard Bank Credit Card
Brigtht Star Credit Union
Community Trust Credit Union
MayBank2U
First National Community Bank
Gold Leaf – State National Bank
University of Deleware Federal Credit Union
First National Bank of Omaha
Hawaii State Federal Credit Union
Albaraka
GTE Federal Credit Union
Schools Financial Credit Union
GraphCard
Apple Bank for Savings
Nordea
Samsung Telecom Site - Crimeware
University of California Federal Credit Union
Monster, Job Offer Fraud
Banco Santander Central Hispano
Banca FIDEURAM

IT’S JUST THE SAME OLD STORY – ADDICTION AND IDENTITY THEFT

2006-09-22T09:59:00.000-07:00

Organized efforts at identity theft is the most significant trend in identity theft crimes in the past few years. However one form of organized theft has been with us for years – methamphetamine addition and identity theft crimes. Addicts often gather in groups, organize their efforts, and use their restless energy in organizing seemingly random information into an identity theft vector.

KnightsBridge Castle works closely with law enforcement and this we learned of an all too typical tale. The Santa Clara County Specialized Enforcement Team announced the arrest of an identity theft group of five who had victimized at least 50 persons.

The identity theft ring stole mail and then used the information to obtain fake identification documents including driver’s licenses. The ring used the fake IDs to cash forged paychecks. Officers seized methamphetamine paraphernalia during the arrest.

The identity theft crime facilitated by this drug addicted group included classic “impersonation crimes” to engage in check forgery.

KnightsBridge Castle accesses several databases which report the identity information of those passing bad checks. If your name shows up on this list, you may well be the victim of identity theft.