Thursday, April 23, 2009

Scammers find new ways to misuse social networking sites

It seems that social networking sites are attracting more schemes attempting identity theft.

Today NBC-Washington reported that overseas hackers were employing workers for pennies an hour to answer captchas to create fake Facebook and Myspace accounts for phishing attacks. Also, other researchers have reported computer algorithms for guessing captchas to create fake accounts, defeating their purpose. The story was not immediately available online at NBC, but the Tennessean has an article April 23 by Acohido from USA Today, “Crooks’ bots swarm Facebook, Myspace” link here. (I couldn’t find ht e USA Today link).

MSNBC’s “Red Tape” file has a story by Bob Sullivan, Jan. 30, 2009, “Facebook ID Theft Targets ‘Frieds’”, link here, which describes a new kind of “Nigerian scam” based on manipulating social networking sites’ friends lists.

Picture: (no relation to news story): EarthDay concert, Washington, April 19.

Wednesday, April 22, 2009

Former Wells Fargo VP, after victim of a purse snatching, is falsely arrested for id theft: major story on NBC Today

The NBC Today show recently reported one of the worst cases of identity theft ever. A retired Wells Fargo Bank vice president, Margot Somerville, was accused of identity theft in Colorado under what seems like an incredible set of coincidences.

The complete story appears in the San Francisco Chronicle, by Susan Sward, “A strange case of identity theft”, March 22, 2009, link here.

The story started when her wallet was stolen on a streetcar in San Francisco in 2006. Five months later, money started disappearing from her accounts. Through a series of connected incidents, the bank and police came to believe that she had masterminded a scheme, and claimed that her handwriting matched that on forged documents (signed by another woman shown in the video below and captured on security cameras). It would sound, off hand, as if her background as a Wells Fargo vice president could have confused “appearances.”

Her ordeal started when she was on a California golf course, and she got a cell phone call from police in Colorado that she was about to be arrested.

The story goes on to explain how banks sometimes suspect people who complain of identity theft, because some convoluted schemes are possible this way.

Eventually the charges were dropped because of the lack of likelihood of conviction. She may litigate to get $50000 of attorney’s fees back.

The Today show has an interview between Margot, her son Todd Harris, and correspondent Matt Lauer here. Lauer emphasized that she actually “did everything right” but was still targeted as a suspect by police. I wondered how the police and bank could have lost track of the money trail, because obviously it didn’t show up in her accounts.

Monday, April 13, 2009

Caller-ID spoofing, "open to the public," has become a new ID theft trick

Elisabeth Leamy has a major report on ABC News, broadcast this evening on ABC “World News Tonight” (Monday April 13) that identity thieves have been “spoofing” Caller-ID systems and imitating banks, trying to get personal information. The "bank" calls, with both the number and voice spoofed, and tells you that you account is compromised and seeks personal information.

The practice undermines a major security assumption by banks, that they never email customers and that phone calls (up until now) would have been presumed to be "legitimate".

The story title is “Crooks Trick Your Caller ID for Identity Theft: Spoofing Services Let Users Alter Caller ID; Learn How to Protect Yourself from Fraudulent Phone Scams,” link here.

Companies have been set up to allow customers to change the number they seem to be calling from. The main legitimate use of such services is to help people calling from homeless shelters or battered women’s shelters find jobs and housing.

Thursday, April 02, 2009

Some married or divorced women may be more likely to become victims of id theft

Seamus McAfee from “” (I don’t know if the last name is related o the McAfee anti-virus company) has an article published in AOL Walletpop, “Are you a likely victim of ID Theft”? The most likely victims seem to be married women of divorcees with incomes of greater than $75000 a year. The study was conducted by Nationwide Insurance. In a difficult economy, a significant portion of the victims suffered real financial loss from which they did not fully recover, including damage to their credit scores and inability to keep up with bills.

Credit card fraud is easier to combat than debit card heists, or bank account losses, or fraudulent loans taken out in one’s name.

In some cultures, married women may be less prepared to manage their own affairs safely and independently than men or single women.

The 2004 Lifetime film “The Michelle Brown Story” shows a loan processor stealing the identity of a rich person whose loan she processed.

The Federal Trade Commission’s Identity Theft Site is here and seems to have been redesigned.

Wednesday, April 01, 2009

FBI warns workplace and organizational computer users about "spear phishing"

The FBI has put up a special page warning Internet users about the practice of “spear phishing”, link here.

Spear phishers send emails to a narrower or more targeted group of individuals, such as those who work for one company or support one organization. They may have gotten personal information on employees or members by hacking into an organization’s network. Then they send emails that make it appear that they came from the organization, often abusing the organization’s trademarks. Then the hackers use stolen information, either directly from the hacking or from answers supplied by the misled targets, for identity theft or bank fraud.