Alerts - Phishing, Pharming, Identity Theft, Online Fraud

Fraudulent E-Mail and Symantec Norton Fraud Monitoring - I received this Phishing e-mail, notice how legitimate it appears right down to the HTTPS: The following screen capture is of this e-mail. Chase | PayPal

I use Symantec's Norton Internet Security with provides protection of Fraudulent sites.

The above e-mail went to the trouble of stating "We won't require your ATM PIN number for this operation" They are getting more cleaver in disguising Phishing E-Mails.

The following screen capture is from clicking on the link beginning above https://chaseonline.chase.com which appears to be a secured site by the HTTPS the link begins with. Symantec's Norton Internet Security warns you that this site is a known Phishing site. Click on image for larger view

Always check with your financial institution/bank before following the instructions. In all the years I have been banking online, my bank has never asked me to compete any survey or re-activation/use of my account through/by an e-mail.

You may report these fraudulent crimes to your Bank or visit US-CERT.gov and follow their instructions. US-CERT is The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors.

Another Phishing E-Mail is regarding PayPal followed by the screen capture when clicking on the link within the e-mail body. Click on image for larger view

Once again having safeguards in place such as Norton Internet Security notified me that this site has a Security Certificate issue and recommendation. Click on image for larger view

16 Mar 2006 - Your secret PIN may not be so secret

An unprecedented theft of personal identification numbers from thousands of consumers across the country is calling into question the basic safety of paying with debit cards.

The debit card breach, which the trade publication American Banker says could have allowed thieves to gain access to as many as 600,000 bank accounts, has raised larger questions about whether merchants are improperly storing customers' personal data.

To Read More

DATA-CAPTURING VIRUS AT TUCSON PROCESSOR

A security breach of customer information at a credit card processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday.

The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants.

MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem.

CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon Gamsin. The FBI was investigating.

MasterCard, which said about 14 million of its own cards were exposed, said it was giving CardSystems a "limited amount of time to demonstrate compliance with security requirements."

John Perry, chief executive officer of CardSystems, did not immediately return calls, nor did officials from American Express and Visa. Discover had no immediate comment. MBNA, a large issuer of cards, also did not immediately return a call.

The breach is the latest in a series that has hurt a number of high-profile companies--including Citigroup Inc., Bank of America Corp. and DSW Shoe Warehouse.

It also appears to be the largest involving financial data, said David Sobel, general counsel at the Electronic Privacy Information Center.

"The steady stream of these disclosures shows the pressing need for regulation of the industry both in terms of limitation in the amount of personal information that companies collect and also liability when these kinds of disclosures occur," Sobel said.

That the breach involved a third party also "indicates that this is a shadowy industry where the consumer never really knows who is going to be handling and using their personal information," he added. "Presumably, the affected consumer thought they were dealing with MasterCard."

Earlier this month, Citigroup said United Parcel Service lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, a unit that provides personal and home loans.

BANKS NOTIFY CUSTOMERS OF DATA THEFT

CHARLOTTE, N.C. (AP) - More than 100,000 customers of Wachovia Corp. and Bank of America Corp. have been notified that their financial records may have been stolen by bank employees and sold to collection agencies.

So far, Bank of America has alerted about 60,000 customers whose names were included on computer disks discovered by police, bank spokeswoman Alex Liftman said Monday.

"We are trying to communicate with our customers as promptly as possible,'' she said. "So far, we have no evidence that any of our customer information has been used for account fraud or identity theft.''

"Wachovia said it has identified 48,000 current and former account holders whose accounts may have been breached. The numbers have increased as we continue to receive additional names from police,'' Wachovia spokeswoman Christy Phillips said Monday.

AUDITORS FIND IRS WORKERS PRONE TO HACKERS

WASHINGTON (AP) - More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.

The report by the Treasury Department's inspector general for tax administration reveals a human flaw in the security system that protects taxpayer data.

It also comes on the heels of accounts of thieves' breaking into computer systems of private data suppliers ChoicePoint Inc. and LexisNexis.

The auditors called 100 IRS employees and managers, portraying themselves as personnel from the information technology help desk trying to correct a network problem. They asked the employees to provide their network logon name and temporarily change their password to one they suggested.

``We were able to convince 35 managers and employees to provide us their username and change their password,'' the report said.

That was a 50 percent improvement when compared with a similar test in 2001, when 71 employees cooperated and changed their passwords.

"With an employee's user account name and password, a hacker could gain access to that employee's access privileges,'' the report said.

"Even more significant, a disgruntled employee could use the same social engineering tactics and obtain another employee's username and password,'' auditors said.

With some knowledge of IRS systems, such an employee could more easily get access to taxpayer data or damage the agency's computer systems.

Employees gave several reasons for complying with the request, in violation with IRS rules that prohibit employees from divulging their passwords.

Some said they were not aware of the hacking technique and did not suspect foul play, or they wanted to be as helpful as possible to the computer technicians. Some were having network problems at the time, so the call seemed logical.

Other employees could not find the caller's name on a global IRS employee directory but gave their information anyway. Some hesitated but got approval from their managers to cooperate.

Within two days after the test, the IRS issued an e-mail alert about the hacking technique and instructed employees to notify security officials if they get such calls. The agency also included warnings into its mandatory security training.

Lexis Nexis says hackers commandeered one of its databases, gaining access to the personal files of as many as 32,000 people. This is the second such infiltration at a large database provider in recent months. Rival database ChoicePoint Inc. said last month that the personal information of 145,000 Americans may have been compromised by thieves posing as small business customers.

In the ChoicePoint scam, at least 750 people were defrauded, authorities say. The incident fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business, and legislative hearings are expected.

A fraud ring infiltrated one of the nation's largest collectors of consumer information ChoicePoint Inc. and obtained credit reports, Social Security numbers and other information about tens of thousands of people in a massive case of identity theft."

ChoicePoint Inc. said Tuesday that it had begun sending letters to about 35,000 California residents to tell them that their personal information may have been compromised. The Georgia company urged them to check their credit reports for new accounts or suspicious activity.

Alert to All Businesses / Retailers - if you maintain customer's personal data/information on your system, how protected is your system from data theft, hackers/attackers and viruses?

Alert to All Consumer /Customers - Across the Internet, retailers and other service providers that handle consumer transactions are requiring customers to agree to waive any right to sue the companies if the businesses are hacked, regardless of how secure their systems are.

DO NOT BUY from A&M Photo World their web site misleads the consumer, not clearly stating the item you may see or wish to purchase ARE NOT as shown. For example cameras appear with a lens and there is no warning that the lens is NOT included, so you are MISLEAD by the price first which may bring you to the site, as it did me. Only to find the lens is not included, then to find the battery is not included and one last item, as this was a digital SLR, the flashcard is not included. After speaking with the sales person and finally trying to get a complete camera, not only was the cost higher than other sites, i.e. Ritz Camera, which comes with 2 lenses, I was asked why I was not buying the Pro Kits. I replied, I am not aware you have them, nor does your web site mention Pro Kits, nor the cost.

The high pressure sales pitch comes into play trying to sell you on why you need certain items and the next thing my order went from approx. $2200 to $3999.99. Which exceeded my credit line. Also another complaint of mine is I placed this order online and never received a confirmation e-mail. I could not check the status of my order, for it had not even began processing by end of business day Friday. Order Status: was left messages. No one from A&M Photo World sent an e-mail or called, so the Left Message was a lie. On Monday when I called to check the status, I was told my credit card was declined. That was because A&M Photo World through high pressure sales tactics exceeded my credit line. They then tried to ask me not once but twice by two different employees what my credit line was. Never give this information out. Then with more sales pressure tactics tried to convince me they wasted 30 minutes of their time and tried asking me again what my credit line was as an attempt to see what charges they could reduce to meet my credit line, which would of maxed my credit card out. My order now exceeded $3999, with shipping of $200. How can shipping be $200 for 2 cameras?

I then was inconvenienced further by having to call my bank. Tuesday, A&M Photo World called me to state the bank had approved the order of approx. $3300, after I told repeatedly to cancel my order because of how I was pressured and mislead not only by their web site, but the sales person. I was told (you might of just called me a lair) that no the charge was never $3999.99 or approx. $4200 including shipping. I explained, I was told by Robert my total was $3999.99 and even wrote it down. Since I never got a confirmation e-mail of this price either. I was played back and forth between the lady in their credit dept., the original sales person and another sales person. Which is how cars are sold, pressure and bouncing you back and forth. I am not stupid and saw this pressure scam/tactic. I know they get paid on commission and the more sales, the more commission they get. They do not let you get a word in edgewise, so they pressure you by word brow beating.

A&M Photo World has caused my credit card to be tied up and not able to make any other purchases, or if I needed the funds in an emergency, also caused for delay in 2 products I wished to have ordered, having me to call my bank and now look elsewhere. Thus they have lost my business by how they mishandled my request from day one. And any future business. I make allot of online purchases and have bought camera's online before. ButterflyPhoto hassle free, received the camera in a timely manner and a reasonable price. Feel Free to contact me, D.R. "Doc" Begnal-Young

Recently I received several Phishing e-mails in one day Subject: FPA NOTICE: eBay Registration Suspension - Section 9

Phishing is defined as The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

You may report these fraudulent crimes to US-CERT.gov and follow their instructions. US-CERT is The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors.

To Download and install or not install the SP2 Patch for Windows XP is more than the usual roll-up of bug fixes and updates. Microsoft has made something of a trade-off, focusing on security at the expense of compatibility. As a result, SP2 can render existing applications inoperable. Microsoft has urged developers and IT professionals to test the update.

1. When was the last time your operating system was updated (Windows 98/ME/2000/XP) for critical security and driver updates?

2. Are you protected against Back Door Attacks/Trojans or Viruses and how often do you update virus definitions and security files?

4. Are you aware of different types of Hoaxes, Threats and other Internet Security Steps needed for protection.