Subscribe
Printer Friendly
Share this PageCredit
July 2009 not only brought the hopes of fun summer activities, but it also brought the new vicious Trojan virus called Clampi. Clampi is a newly sophisticated virus designed to attack online banking systems. And unlike most Trojan viruses this virus can be picked up from trusted sites like blogs, online magazines, search engines and mainstream news websites, not just gambling and pornography sites. It also is only designed to attack computers running the Microsoft Windows operating system. So Mac users are safe from Clampi, for now.
Currently, Clampi is tracking over 4,500 financial websites. Most Trojan viruses usually track 30-40 sites at a time. Clampi is designed to watch: banks, credit card companies, e-mails, retail sites, utilities, online casinos, wire transfer services, share brokerages, government sites and mortgage lenders. Clampi is also not just limited to the United States. It has been found attacking in the United States, Britain and other English speaking countries.
How Clampi Operates
Once Clampi has been picked up it settles into your computer and waits. What does it wait for? It waits for the user to log on to a bank account, credit card or some other financial website. Once the login information is entered, Clampi grabs it and shoots it to the cyber criminal's computer. From there the criminal uses the information to fulfill their desires. Whether it is taking money from a bank account, using a credit card to make purchases or reek whatever havoc they may.
What Clampi Can Do
Maybe you're thinking that this can't happen to you and maybe it won't. But it has been reported that through the use of Clampi criminals have stolen $75k from a car parts company in Georgia, $30k from a non-profit childcare organization in Seattle, $480k from an online city bank account, $150k from a public school district in Oklahoma, $350k from a Chicago-are school district and $700k from the Western Beaver School District in Pennsylvania. There have also been reports of companies losing anywhere from $10k to $500k because of this one virus. There is really no telling how many people have been victims of the Clampi virus.
What You Can Do
The most important thing you can do is to be proactive about protecting yourself from getting Clampi. Here are some ways to be proactive:
- Protect your computer with security software. It should be a natural part of being online. Make sure that you have the most current version of your anitvirus software and download any necessary patches to keep it current.
- Avoid clicking on suspicious links on blogs, e-mails and social networking sites. If you are not sure that it can be trusted, then don't go there.
- Don't use e-commerce sites that you are not familiar with and use a credit card instead of a debit card when making online purchases.
- Use caution when using a wi-fi network - especially one outside your home, like at an airport or coffe shop. Don't access financial web sites when using wifi in these kinds of locations. Make sure that your connection is password protected so that others cannot hack into your connection. Use WPA2 (or stronger) encryption and strong passwords when setting up your wireless network at home.
Ben Bernanke is a victim of identity theft. This is proof positive that it can happen to anyone.
Ben Bernanke - the Federal Reserve Board chairman - was one of hundreds of victims of an elaborate identity-fraud ring, headed by a convicted scam artist known as "Big Head," that stole more than $2.1 million from unsuspecting consumers and at least 10 financial institutions around the country.
How Did It Happen?
On August 7, 2008, Anna Bernanke - Ben Bernanke's wife - was at a Starbucks when her purse was stolen off the back of her chair.
What Was in Her Purse?
It's not good...
- Driver's License (no problem)
- Four credit cards (not so great - the fewer the better)
- Checkbook (no problem)
- Social Security card (OUCH!!!)
So the thieves had Mrs. Bernanke's SSN, Date of Birth (from the Driver's License), home address, and home phone (from the checks). This is the perfect combination of personal data.
It goes without saying that you should never carry your Social Security card in your purse or wallet. It should be tucked away in a very safe place at home or in a bank lock box. You should also limit the number of credit cards you carry. Just think of how many banks you'd like to call and/or fraudulent transactions you want to deal with and limit your cards accordingly.
Who Were the Thieves?
The thieves were part of a crime ring called "The Cannon to the Wiz." Here is the entry from the Urban Dictionary for "cannon":
Cannon - Old school term for a skilled pickpocket. "
These thieves were after personal information as well as checks and credit cards. They worked in government or medical offices or were simple pickpockets or mail thieves. They attended major sporting events in order to target victims with wallets and purses full of loot. One such victim was Donna Pendergast - an assistant Michigan Attorney General. Her experience went like this:
The robber was so adroit he managed to lift the wallet from her purse without her even knowing it. "They took it right out of my purse while it was on my shoulder," she said. "I didn't feel a thing."
Have They Been Caught?
Yes and no.
Federal agents busted the identity theft ring this summer, but George Lee Reid - the one who fraudulently used the Bernanke's checks to steal $9,000 - had the charges dropped against him, but the Feds are now searching for him again on related charges.
More information on this story from Newsweek.
It's a new year and — what do you know — there's a new tactic in the endless quest for new and improved phishing schemes from scammers.
Here's How It Works
Researchers at Trusteer recently released a security advisory detailing this new phishing technique. Rather than using email to lure unsuspecting victims into clicking over to a fake web site, this technique uses what Trusteer is calling "in-session" attacks. Here's a typical scenario:
- A user opens a browser and logs into their banking web site
- Leaving that browser session open, they open another browser window to check on their Webkinz or some other web pursuit.
- After a time, a pop-up window opens — supposedly from their bank web site — asking for them to re-enter their username and password.
- Since the user has recently logged in to the targeted web site, they are more likely to enter their info.
That's it! Their login credentials are now in the hands of the scammers.
What Makes It Possible?
A few things have to be in place for this to work. First, the scammers need a compromised web server in order to install the malware. Fortunately, there are lots of those around. Second, the malware has to be able to determine which other sites the user has visited. This is possible based on a vulnerability in the JavaScript engine used by Internet Explorer, Firefox, Safari, and Chrome.
From Trusteer:
The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.
How Can You Protect Yourself?
Well, the planets have to align a bit to pull this scam off and it's likely the JavaScript vulnerability will be patched in the near (hopefully) future.
Until then, Trusteer recommends the following preventative measures:
- Have an up-to-date anti-virus installed
- Be suspicious of any pop-ups asking you to login
- Log out of banking or other sensitive sites before heading over to Pogo.com for your bingo fix.
and most of all...
Learn more about this attack by downloading Trusteer's security advisory.
Of all the worries that parents of young children face, few would rank the prospect of their 7-year-old opening up six credit cards and running up $35,000 in debt as one of the most pressing. But increasingly, parents and young adults are struggling with a very similar reality these days — only the children themselves aren't to blame, identity thieves are.
Last week, two stories of childhood identity theft hit the headlines...
- In Florida, a woman was accused of opening up a Capital One credit card under her daughter's name, and then using the card until the girl's father began to notice collection notices being sent to their home.
- In California, a man was discovered to be using the identity of a 4-year old who died in 1984. He was caught after using the deceased child's name to buy a home, a car, and to obtain several credit cards.
A Growing Problem
According to the Federal Trade Commission, there were more than 34,000 incidents of childhood identity theft reported between 2005 and 2007. The figure makes up about 5 percent of all identity thefts.
Chiefly to blame is a credit check system that at no time makes an effort to verify the age of individuals. With nothing but a Social Security number, thieves are often able to gain a credit history by finding creditors who don't require a photo ID or birth certificate. The first age that goes into a system like Trans Union, Experian, or Equifax, becomes permanently associated with the applicant's name and Social Security number.
Here's how John Moira, the father of the girl who had her identity stolen by her mother, describes it:
"My heart dropped, I couldn't believe it," said John Moisa, who became suspicious when he received correspondence from the credit card company addressed to his daughter. "At first I didn't think about it until my mom said she was getting collection calls at her house."
Moisa called the credit card company, which wouldn't initially talk to him until he faxed proof of his daughter's age. Moisa said he's spent the past several months trying to repair the girl's credit.
"It was unpaid, past-due bills, so it didn't look good," Moisa said.
Parents Are the Best Protectors (and Most Likely Culprits)
Some experts estimate that around half of childhood identity theft is committed by parents and relatives with access to a full range of information and documentation associated with a child. Other reports point to teachers, administrators, coaches, babysitters, and others with easy access to documents and records. (Some teachers have even been known to have pupils write their social security numbers on all homework and tests, exposing students anyone who bothers sifting through the school's wastepaper baskets.)
With a down economy, parents and family members might be more likely to turn to identity theft as a way getting their hands on additional credit.
"The majority of cases involve parents who may be going through a tricky time, going through a divorce and looking for additional credit," said Purl, Chief Operating Officer for Grand ISS, a St. Petersburg-based investigative security firm.
Purl said with more people out of work, identity theft cases involving young children are likely to increase.
"I think we're going to see more crime in general, as money is more tight for people. We've seen that with credit card fraud and white-collar crime. It's an easy way to make money," Purl said.
How Can We Protect Our Kids?
It's becoming increasingly important for parents to help their kids get savvy about giving away personal information on the internet, or over the telephone. Beyond that, responsibility falls on parents to be vigilant about who they send copies of birth certificates to, and to notice things like debt consolidation notices coming in the mail addressed to their children.
For more on how to prevent childhood identity theft and what to do if you think your child has been targeted, check out this fact sheet from the Identity Theft Resource Center - www.idtheftcenter.org.
We're stepping a bit outside our normal comfort zone of covering scams, fraud, identity theft, and whatnot to present an offer that we think will be valuable to our readers.
For a limited time Suze Orman is making her latest book "Suze Orman's 2009 Action Plan | Keeping Your Money Safe and Sound" available for free via the Oprah Winfrey web site.
NOTE: Offer expires at 11:59 p.m. CT on Thursday, January 15
Why Should You Read This Book?
I have to admit that I haven't read the whole book yet. I wanted to get this posted so you would have time to download it before the offer expires.
What I have read, however, speaks directly to these ugly economic times. I see my friends in the U.S. and elsewhere struggle with layoffs, home foreclosures, business failures and every other kind of stressful situation. Unfortunately things don't look like they'll be improving anytime soon and we're all wondering how we're going to survive this downturn.
I think Suze says it best in her Introduction:
I bet you are scared. Angry, too. And confused. These are absolutely rational and appropriate responses to the global credit crisis that erupted in 2008 and continues to send tremors through every household in America. And I do mean every household. No matt er how conscientious you have been with managing your money, the events of 2008 have battered us all.
The one in 10 homeowners who are at risk of facing foreclosure on their homes are obviously scared, but so too are the 9 out of 10 homeowners who can afford their mortgage but are watching plummeting home values jeopardize their financial security.
It’s not just the overreaching Wall Street firms who are paying the price for those risky investments. Every U.S. taxpayer is now on the hook for a massive bailout — bailout engineered by the same players in the federal government that had turned their back on regulating the very practices at the root of today’s financial crisis. Angry? You should be.
In any case, the book is free until January 15th, so it won't cost you more than a minute or two of your time and a few bytes flowing over your internet connection.
I think it will be worth your while. Take care out there...
Go the the download page on the Oprah Winfrey website. Once the offer expires you can buy the book for less than $10 on Amazon
In case you want to learn more about the book, I've provided some Amazon reviewer comments and the table of contents:
Amazon Reviews
Suze hit it big with this book for many people. She wrote a precise book on how to handle 2009 proactively with specific "what to do" situations and how to assess financial challenges into correct decisions. Picking this book on Borders out of curiosity, I learn a lot from security precautions you should take from local banks. That alone pays the trip and the well deserved $10 I paid over a Dolce Latte over the quick read.
This is hands down Suze Orman's best book. Upon reading every word and turning every page I felt confident that I am on the right track. Following Suze's advise over the years has provided me with the education required to be prepared for what lies ahead. The Expenses breakdown chart is a very helpful tool to see where you can cut back. I also loved the format in which this book was written, it can be used as a reference tool and you can read based on your area of concern be it credit, 401k, retirement etc. I think everyone should not only read this, but live by it!
See the rest of the reviews on Amazon
Table of Contents
2009: The New Reality
A Brief History of How We Got Here
Action Plan: Credit
- Falling credit lines
- Rising interest rates
- FICO scores under pressure
- Repayment plan
- Debt consolidation
- Borrowing from 401(k)
- Borrowing from home equity line of credit
- Bankruptcy
- Collection agencies
- The case for stocks
- Allocation strategies
- 401(k) loan/early withdrawal
- IRA rollover
- Retiree income strategy
- Roth IRA conversion
- FDIC insurance
- Money market deposits
- Eight-month emergency fund
- Credit squeeze
- Expense/income worksheet
- Finding ways to save
- Needs vs. wants
- Insurance saving tips
- Car loans
- Dif?cult choices
- A challenge from Suze for 2009
- Mortgage-modi?cation options
- Short sales
- Foreclosure
- Home equity line of credit
- Home values
- First-time-buying tips
- Pre-retirement strategy
- Vacation homes
- 529 allocation strategy
- What you can afford
- Federal loan strategy
- Stafford student loans
- PLUS parent loans
- HELOC loans/401(k) loans
- Private student loans
- Repayment
- Consolidation
- Job-loss strategies
- Hope for the best, prepare for the worst
- Health insurance
- Life insurance
Action Plan: Retirement Investing
Action Plan: Saving
Action Plan: Spending
Action Plan: Real Estate
Action Plan: Paying for College
Action Plan: Protecting Your Family and Yourself
The Road Ahead
Charles Darrow patented Monopoly in 1935. Since then, millions of people have turned giddy when receiving the "Bank Error in Your Favor" card from Community Chest.
Unfortunately, bank errors are nothing but a hassle in real life - the only thing you collect is a headache and frustration. To help reduce the headache, here are 10 things that everyone should know about bank errors:
Be Patient
The problem will not be solved over night. Banks process many transactions every day and it may take a few days for them to track down and solve your problem.
Be Quick
Call in the error to the bank supervisor (there isn't much that a teller can do) as soon as you discover it. The sooner the bank can start looking into it the better.
Keep Notes
Keep quality notes of who you talk to, when you talked to them, and what was said/promised. You may need to make several phone calls and it helps to be able to clearly state who you spoke with and what was said. You also may be required to provide documentation somewhere down the line of what you did. Good records will help make this as painless as possible.
Know the End Game
Ask for a date when the problem should be resolved. This will help keep the bank focused on solving your problem in a timely way.
Dodge Bounced Check Fees
If the mistake is an under deposit (you end up with less money than you thought), you should ask the bank to cover any fees that may occur because of the shortage of funds. The bank should cover fees to fix the problem and any others that occur because the correct amount of funds was not in the account
Don't Spend the Bank's Money
If there is an over deposit, don't spend the money. It might be tempting if the bank accidently deposits an extra $10,000 in your account. Unfortunately the money isn't yours and you shouldn't assume that the bank is going to let you keep it. If you do spend it you are just going to have to give it back - possibly with penalties or jail time if you can't return the money in a timely fashion.
Don't Move the Bank's Money
Don't be tempted to move the money to your brokerage account so you can make some nice interest or buy one of your favorite stocks. Leave the money in the account so the bank can figure out how it got there. Don't take the money out of the account so you don't spend it. The bank needs it there to track where it came from. Also, the money needs to be in your account when the bank figures out where it goes and decides to move it out of your account.
Stop Dreaming
The bank's not going to let you keep the money. Yes, the bank makes errors, but they are not going to let you keep somebody else's money because they made an error. Get over it. Stop dreaming about that Hawaiian vacation or a mall spending spree. It's not your money.
Complain or Switch
Some people seem to have bad luck when it comes to bank errors. I've been lucky and have had very few, but if you're having to deal with a lot of errors you should complain. Call customer support and ask to speak with a supervisor. Let them know how much of a hassle these errors have been. Have a reward in mind for how they can keep you as a customer. If you have a credit card, ask them to lower the interest rate. If you're paying monthly bank fees for your account, ask them to wave them.
If they're unwilling to do anything for you it's probably time to move to a new bank.
Act Fast on ATM Issues
You only have 60 days to report an ATM transaction error. So, if the ATM records show that you took out more money than you actually did or vice versa, you must report it promptly or you are out of luck.
A bank error is not the joyous occasion that Monopoly suggests. It's more like a "Go Directly to Faceless Corporate Bank Hell" card. Follow these ten steps, however, and you'll survive mostly unscathed.
One more thing...
We've noticed on a different blog post - British Lottery Scam - that people are tempted to take a bad check and deposit it, hoping that the bank will become confused and give them the money. Here's how one poster puts it:
I received the lottery scam in the mail. There is a check enclosed that is to be cashed and sent back to pay the British taxes. What would happen if I cashed the check and kept the cash? Would the scammers loose the money?
Ummm... no. Checks like these are forgeries. The scammers don't loose money. You just create a problem for yourself by depositing a bad check, temporarily inflating your bank account, and then suddenly having it removed once the bank figures out it's fraudulent.
Does that sounds fun?
To learn more about bank errors, visit the always excellent bankrate.com.
The BBC is reporting that 25 million Britains were exposed to the threat of identity theft when the HM Revenue & Customs (similar to the IRS in the U.S.) lost a CD containing personal data.
Ouch!
This has to be one of the worst data breaches ever, since the CD was not encrypted (just password protected) and the data included:
- Name
- Address
- Date of birth
- Bank account details
- National insurance number
In case you're not familiar with that last item, it's similar to the Social Security Number here in the U.S. What else could a potential thief want?
The CD with the data was sent to another HMRC location by a lower level employee via regular mail instead of using an encrypted network connection or some other secure method. The CD never showed up at the other office and officials are now trying to determine if it was stolen or just lost.
"The data lost - bank account numbers, names and addresses - represents a gold mine for the thieves and is much more valuable to them than credit card numbers or taxpayer id numbers," said Gartner analyst Avivah Litan.
"In fact, in the black market, bank account numbers sell for the highest price, or between $30 and $400 (£15 to £200), which is significantly more than the fifty cents to five dollars that criminals pay for credit cards."
This disaster has already forced the resignation of HMRC's chairman - Paul Gray. I'm guessing the employee involved was also "sacked," as the Brits like to put it. Let's hope so.
More coverage on the BBC site - Q&A: Child Benefit Records Lost | Analysis: How Worried Should You Be?
To shred or to tear: that is the question. Robert Cockerham of cockeyed.com decided to put the matter to a test. His test subject? A newly received Chase Mastercard pre-approved application.
Step 1: Robert tears the application into small pieces.
Step: 2: Robert meticulously lines the torn pieces up and tapes them together, like so.
Step 3: Robert fills out the application, replacing the current billing address with a new one (his parent's house) and using his cell phone as the phone number on the new account.
With that, he mails it in.
Step 4: Robert excitedly receives his new credit card at his parent's house and activates it using his cell phone.
Analysis:
- Tearing up your sensitive documents is not sufficient.
- Some creditors will process applications, even if they've been torn up, taped together and have a new address.
- A criminal could easily apply for credit in your name, change the address, and activate the account via a pre-paid cell phone. You wouldn't even know what happened until creditors started calling you about your unpaid bills.
- You must destroy all sensitive documents using a cross-cut shredder
before placing them in the trash.
- Better yet, opt-out of pre-approved offers and give your shredder and the recyclers a rest.
Read the whole story on Cockeyed.com.
As cities work to scrape up every little bit of revenue, they're now going after library fines and overdue parking tickets.
How are they going after this money? With collection agencies.
Is it working? The Wall Street Journal says yes:
A handful of cities, including San Diego and Chicago, have worked with collection agencies since the late 1990s. But the trend is spreading rapidly around the country as strapped local governments look for creative ways to boost revenue without raising taxes and fees. Over the past few years, local governments in places including Seattle; Anchorage, Alaska; Austin, Texas; and Florida's Miami-Dade County have contracted with private agencies to collect late parking tickets and court fees. In New York City, Baltimore and Dallas, libraries use private collection firms to recover fines. New York state recently hired a collection company to pursue overdue E-ZPass toll bills.
While shaking down citizens over small debts might sound petty, hundreds of cities around the country are owed millions of dollars in unpaid fines. Since 1997, when Chicago began using a collection agency to track down unpaid parking fines, ticket revenue has more than doubled, rising from $68 million to $154 million last year. (The total number of parking tickets issued has dropped slightly over the period.) Since the Omaha, Neb., public-library system hired a private collection company in March, it has collected more than $40,000 in fines and recovered about $75,000 worth of overdue books and materials.
Yep, they're bringing in the big boys in order to collect on millions of dollars of small fines that many of you have ignored... until now. If you decide to ignore a collection agency, that $20 library fine could show up as a collection account on your credit report.
How will will single collection account for a stupid small overdue fine affect your credit score? It could lower it by as much as 100 points. Ouch! That's gonna hurt.
It appears that Equifax is the sole credit bureau that feels this may be a bit of overkill. Also from the Wall Street Journal:
Equifax Inc., the third credit bureau, makes an effort to weed out small charges like library books and parking violations from credit files. The company says it is not fair to include them in credit reports since municipal fines are reported unevenly around the country.
Well, that won't help too much because you never know which bureau a potential creditor will use to look at your credit.
So what should you do?
- Pay your fines, no matter how small
Your city could start using a collection agency at any time. Your fines - even years old - could then be sent to collections. - Call and negotiate
If you do get a collection notice, call and negotiate with the agency. Make sure they agree that if you pay the fine they will remove the collection from your credit file. - Review your credit
Make sure you review your credit report from all three bureaus months before you apply for a car or home loan. You want to have time to resolve issues like this before applying.
A U.K. 17-year-old risked life and limb by removing a fake fascia of an ATM machine. The nearby crooks gave chase and the hero, Luke Bridges, had to run for his life.
So what was the reward for this daring-do? A pocket calculator...
Maybe that would have been a cool gift in 1978, but I'm guessing it only cost the bank around a dollar and looks like one of those free giveaway items.
The bank, NatWest, reiterated in a statement that no one should risk removing one of these devices:
"We would never encourage anyone to put their safety at risk by attempting to remove any such device. We advise anyone who notices anything unusual about a cash machine to report it to the bank or the police immediately."
Probably good advice. In any case, the story gives you a good look at what these PIN skimming devices look like. Pay close attention to the machine whenever you go to use an ATM.
Special Offers
Connect With Us
We invite you to become a fan of Fight Identity Theft or just join in the discussion.
Subscribe to Breaking News
Subscribe to Fight Identity Theft and receive top stories and breaking news via email.
Recent Blog Entries
Blog Archives
- November, 2009 (1)
- October, 2009 (6)
- September, 2009 (2)
- August, 2009 (3)
- April, 2009 (2)
- February, 2009 (3)
- January, 2009 (8)
- December, 2008 (8)
- March, 2008 (1)
- January, 2008 (1)
- December, 2007 (3)
- November, 2007 (2)
- October, 2007 (3)
- May, 2006 (1)
- March, 2006 (4)
- February, 2006 (4)
- January, 2006 (10)
- December, 2005 (7)
- July, 2005 (3)
- June, 2005 (4)
- May, 2005 (5)
- March, 2005 (1)
- Credit (12)
- Fraud (36)
- Government (20)
- Identity Theft (36)
- Junk Mail (5)
- Phishing (10)
- Privacy (18)
- Scam (29)
- Technology (47)
- Telemarketing (2)
- Viruses (10)
- Visitor Stories (1)
- Worms (10)
