Category Archives: Identity Theft

Identity Theft Using LimeWire

Posted by on 25 March, 2008 No comments

Here’s an interesting story that hopefully raises your awareness of identity theft.

Lime Gregory Kopiloff, from Seattle USA, has pleaded guilty to a number of fraud related crimes and has been jailed for 4 years. He used LimeWire to download tax and credit reports, bank statements and student financial aid applications that people had made available using this P2P system.

Why would anyone put sensitive documents on a file sharing program for everyone to see? Maybe the people who put these files up thought they have nothing to lose, that documents should be free and shared. Whatever the reason documents like these are sensitive and should not be shared, especially through anonymous file sharing programs like LimeWire.

Gregory used this information, as well as dumpster diving and mail theft, to commit identity theft. He obtained credit cards and debit cards under these people’s names and used them to spend US$73,000 in online purchases.

In this case it’s not the technology that’s at fault, it’s the misconceived value placed on financial documents by regular people.

3.6 Million People

Posted by on 17 March, 2008 No comments

crowdGartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

Some tips you might find useful to avoid being of of these 3.6 million people:

  • Never hand over personal details to people or web sites, unless you’re 100% certain of who you’re handing the details to.
  • Pay attention to web addresses you click on. Read our article on this here.
  • If you didn’t ask your bank or other service provider to send you an email then treat it as suspicious.
  • Scammers always take advantage of popular events to send phishing emails. E.g., it’s now Easter so expect lots of Easter related scam emails.
  • Be skeptical of what you read online. Chances are you didn’t really win a lottery in Spain without even buying a ticket.
  • Use a good antivirus package that includes a web site scanner. The newer packages filter out fraudulent pages.

G-Archiver Password Theft

Posted by on 10 March, 2008 2 comments

G-Archiver is an archival tool for Gmail. It lets you backup your Gmail emails to your computer. It’s been discovered that it also has a darker purpose.

emailG-Archiver costs US$29.95, and it does what it claims. To use it you enter your Gmail username and password, and it downloads emails to your computer as a backup.

Unfortunately the program has also been sending people’s usernames and password to the program’s creator (identified as John Terry).

If you’ve used G-Archiver before then uninstall it and change your Gmail password.

PayPal Phishing

Posted by on 9 March, 2008 No comments

There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

Subject: PayPal Account Review Department

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

  • Login to your Paypal with your Paypal username and password.
  • Confirm your identity as a card member of Paypal

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

hookAll typos and grammatical errors are from the original email.

If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.

Fraudulent eBay Bid

Posted by on 1 March, 2008 No comments

Records Imagine someone steals your eBay password and bids $3,002,500 on an item on eBay? That’s what happened last week to someone only identified as jopsoup.

His password was stolen while he was at an internet cafe and it was used to make a bid on a record collection.

The matter’s been cleared up by eBay because it was of such a large amount. For smaller items it might not end so well. Always be cautious when using other people’s computers, especially public computers at internet cafes or at hotels.

(Full article here)

Has your email been hacked?

Posted by on 22 February, 2008 No comments

If you suspect someone else is reading your emails you normally change your password immediately and figure out how they were able to access your account.

lens If you’re curious then the following information could interest you ;-)

There’s a free online service called OneStatFree that can be used as a tripwire to detect access to your emails. It will tell the time and day your email was opened (by someone other than you), the country it was access from, the IP address and possibly more information (such as city) depending on the actual network used.

The way it works is you create a special email and send it to yourself. You never open this email yourself and if someone else does it will instantly send some information to the OneStatFree service, which you then check at a later date.

Full instructions are provided here, it should be fairly easy for most people to follow.

Just keep in mind that if someone is indeed reading your emails this trick won’t stop them. So think carefully if you want to continue compromising your email while you investigate the culprit, or take immediate action and change your password.

Fraud Statistics

Posted by on 21 February, 2008 No comments

The US Federal Trade Commission (FTC) has released a report showing some statistics on fraud for 2007. These statistics come from people who report incidents of fraud to them, so it’s really limited to USA. The problem worldwide would be much much worse.

The top 20 complaint categories were:

Rank    Category    Complaints

  1. Identity Theft    258,427
  2. Shop-at-Home/Catalog Sales    62,811
  3. Internet Services    42,266
  4. Foreign Money Offers    32,868
  5. Prizes/Sweepstakes and Lotteries    32,162
  6. Computer Equipment and Software    27,036
  7. Internet Auctions    24,376
  8. Health Care Claims    16,097
  9. Travel, Vacations, and Timeshares    14,903
  10. Advance-Fee Loans and Credit Protection/Repair    14,342
  11. Investments    13,705
  12. Magazines and Buyers Clubs    12,970
  13. Business Opportunities and Work-at-Home Plans    11,362
  14. Real Estate (Not Timeshares)    9,475
  15. Office Supplies and Services    9,211
  16. Telephone Services    8,155
  17. Employ. Agencies/Job Counsel/Overseas Work    5,932
  18. Debt Management/Credit Counseling    3,442
  19. Multi-Level Mktg./Pyramids/Chain Letters    3,092
  20. Charitable Solicitations    1,843

That’s 258,427 cases of identity theft in one year, in one country! The total fraud losses recorded in this report totals more than $1.2 billion. The full report is here.

Tax Refund Scams Have Reached Australia

Posted by on 14 February, 2008 No comments

The tax refund scam mentioned a few days ago now comes in an Australian version. It’s the same email and same scam but customised to look like the Australian Tax Office (ATO). They even make a fake website that copies the ATO’s website.

The scam involves asking people for their credit card number, expiry date, security code, and other personal details.

australia

Spear Phishing – Targetting Students

Posted by on 12 February, 2008 No comments

spear Spear phishing is a term referring to targeted attacks on organisations to collect personal details. This latest warning will explain:

Students and staff at a few colleges and universities in the US have been receiving emails that appear to come from their system administrators. The emails state that a database is being updated and asks users to provide their username, password, and date of birth.

The schools targeted include Columbia University, Duke University, Princeton University, Purdue University, and the University of Notre Dame.

This information is collected by the people who sent the emails and used to compromise their accounts.

Be very suspicious of emails asking you to provide any personal details, especially if you didn’t request the email. And pay particular attention to which website the email links to – it’s a common tactic to use a similar sounding address that contains a typo (something that the human mind sometimes ignores).

Update: Australian universities have also been targetting in this attack.