All posts by FPU

Your biggest security vulnerability, according to the World’s Greatest Hacker

Kevin Mitnick was a hacker before hacking was even illegal. He was famous for having broken into the computer networks of some really large companies. He didn’t make a single dime from his activities; he just wanted to prove it could be done. He was eventually arrested, convicted and given a harsh five-year sentence, served in solitary confinement because the judge was convinced Mitnick could “start a nuclear war by whistling into a pay phone” (source: Wikipedia).

Later, he was released from prison and started a security consulting business (Mitnick Security Consulting, LLC), and now gets paid by companies to break into their computer systems and tell them what they need to fix.

Since he’s no longer dangerous (many argue that he was never all that dangerous, in the “this guy wants to destroy the world” way the prosecution claimed), Mitnick has also become a popular conference speaker. He knows the single biggest security flaw in every single commercial or private computer system, including yours:

It’s the people.

Time and again, Mitnick bypassed high-tech means of hacking (using software to force his way into a system) in favor of low-tech hacks: calling people on the telephone and asking for information.

It’s called social engineering, and it amounts to tricking people into giving away information simply by talking to them.

Mitnick concentrates on corporate network security, teaching businesses how to keep their data safe. However, the same goes for your own personal online safety: you are the weak point. How public have you made the names of your pets, your birthdate, your children’s names and birthdates, or the school(s) you attended? (I’m looking at you, MySpace and Facebook users.) All of this information can be used to steal your identity, by providing a would-be thief with enough information to talk you into accidentally revealing too much information.

Mitnick’s business card, a miniature lock-picking set, has become quite famous these last few years. Look at his website again, under the “Get Kevin’s Business Card” section. It says “Send your IP address and password to:” and his address. It’s obviously meant as a sly inside joke, but I wonder how many people actually mail this information to him.

Suspicious Email: credit reporting agencies are NOT going to remove accurate negative information

I recieved the following suspicious email message this morning. I have removed all the links; other than that, this is the full text:

Credit News: “All Three Credit Bureaus Forced to Remove All Negative Credit” 

Hi, it’s Glenn Garvin with updated news about your credit…

*** Find Out How Your Negative Credit Can Be Removed By The Bureaus***

All negative credit can now be removed from any credit report……and not just by Experian…TransUnion and Equifax will also remove all negative credit because…

….of a simple and proven legal strategy that forces them to comply with the “Law” based on Section 609 of the Fair Credit Reporting Act.

The Section 609 Credit System is patented and copyrighted and has been used on behalf of 125,000+ clients since 1999 to remove or turn to positive over 5 million negative items….

But the amazing thing is that…

It has never lost a single case. – Not one case…Ever!

The Section 609 Credit System is used for the clients of over 3,500 Law Firms and Attorneys and well over 22,000 Lenders and Loan Officers…because it works!

To Be Clear: The Section 609 Credit System can remove ALL negative credit from ANY credit report from all three Bureaus…

Think of what this can mean for you or someone you know who is currently living with damaged credit…..A huge boost in scores and no more negative credit showing up on credit reports….within a few short weeks!

There’s a lot more to know about the Section 609 Credit System….

So a Free Section 609 Guide has been prepared to explain everything.

Don’t hesitate… ***** Get Your FREE REPORT Right Here ******

I’ll check back again with more information,

Glenn

PS. This is NOT credit “repair”. You’ll learn why in the free report.

If you already have great credit, please pass this information on to some who is not as fortunate. The fastest growing segment of the entire country are people with lower credit scores.

The Section 609 System is the only successful method that legally forces the credit agencies to remove all negative credit.

CreditRestore
(mailing address removed)

Really?

A while back, I did a “play along at home” post with a suspicious email. I posted the full text, with very little comment, and then posted my list of things that should tip you off that it was a scam the next day.

This time, I’m just going to pass judgment: this email is extremely suspicious. I would not click on a single link, trust a single word, or give it a second thought. There was a mailing address at the bottom, and I can say this much about it: Glenn Garvin doesn’t live there.

What I think they’re doing is selling you some “secret” method of clearing your credit report of any negative information.

It won’t work, by the way; the three major credit reporting agencies (Experian, TransUnion and Equifax) will not remove accurate records from your credit report. The law, believe it or not, is on their side. Imagine—the financial industry having been set up over many decades by lawyers, bankers and legislators who knew exactly what they were doing and covered every base.

It reminds me of those Mortage Elimination scams you see sometimes—the ones where you pay for some “secret” information. When (and if) you get the information, it’s some crackpot theory about how your mortgage wasn’t actually money, and therefore you don’t have to pay it back, and your case will win every time in court. What actually happens is that you end up losing your house (at best) and serving time in prison for fraud (at worst).

That’s probably exactly what this “Section 609 System” is: a way for you to make your credit problems seem trivial, once you’ve been convicted on federal charges.

By the way, here is the full text of the Fair Credit Reporting Act. Section 609 says you have the right to dispute information on your credit report. It does not say the agencies have to remove it just because you said so. It’s in Section 609 (c), which is actually readable; the heavy legal-ese starts later in the Section.

Also: Glenn Garvin is apparently a journalist (Miami Herald) and libertarian activist. I’m pretty sure he isn’t selling credit repair secrets. Plus, no veteran journalist would ever use that many ellipses. It’s very poor writing.

National Protect Your Identity Week is October 17-24, 2009

Actually, shouldn’t every week be Protect Your Identity Week?

Snide remarks aside, PYIW is apparently an awareness initiative by the National Foundation for Credit Counseling. I’ll let them describe their organization (from their website):

Founded in 1951, the National Foundation for Credit Counseling (NFCC), Inc., promotes the national agenda for financially responsible behavior and builds capacity for its Members to deliver the highest quality financial education and counseling services. The NFCC is the nations largest and longest serving national nonprofit credit counseling network, with more than 100 Member agencies and nearly 850 offices in communities throughout the country. Each year, NFCC Members assist more than 3.2 million consumers, helping many to drive down their debt and take control of their finances.

Consumer Credit Counseling Service of Northwest Indiana is a member of this organization. They are one of the good ones—no misleading claims, true nonprofit structure, no insane promises, and an A+ rating from the BBB.

So, how to celebrate Protect Your Identity Week? Had I found out about this sooner, I would have set up some live presentations or something. But hey, if you hear about any bangin’ PYIW parties, be sure to keep me in the loop, ‘kay?

Yet another type of scam that targets the elderly: home repair/utility scams

Wednesday’s edition of the NWI Times had an article called “Lansing police warning of scam against elderly.” It’s specific to one incident in one location, but the lessons apply to everyone.

This is another con that’s been around forever and is currently experiencing a resurgence. A group of people (usually three men) shows up at your door, claiming to represent a utility company or similar. While two crooks distract the homeowner by “checking the utility box” or something, the other searches the house for cash and valuables.

To me, this is a far worse situation than wiring money to a thief overseas, even though your monetary losses may be smaller. I mean, these people are in your house. If you’ve let them in, then suddenly realize your mistake, and they know you’ve figured them out, you could be in real, immediate, physical danger. A frightened criminal is a dangerous criminal.

Crooks pulling this con usually concentrate on the elderly, so make sure your parents, grandparents, and others know not to let anyone in their house who just shows up on their doorstep, no matter who they claim to be.

If a group of people shows up at your door, asking to be let in to “check” something, politely decline and close and lock your door. If you think there’s the remotest possibility that they might be telling the truth, call the utility company and ask. However, since real utility companies almost never operate in this manner, I’d call the police instead. If they’re really from the utility company, two things will be true:

  1. They won’t run away the second you shut the door
  2. They’ll understand why you reacted as you did, and will be able to prove that they are who they claim to be.

Stay vigilant out there, and make sure any elderly people in your family or neighborhood know about this scheme.

But seriously folks, what is the deal with wiring money?

Looking back over the different types of fraud and scams I’ve been covering these past few months (and the ones I’m going to cover soon), I can’t help but notice that an inordinate amount of them involve wiring money.

Mystery Shopper Scams: the victim wires money to the thief.

Grandparent Telephone Scam: the victim wires money to the thief.

Craigslist Overpayment Scam: the victim wires money to the thief.

Job Interview Scam: the victim wires money to the thief.

Lottery Scam: the victim wires money to the thief.

So this has me thinking…what is the deal with wiring money? There just seems to be an aroma of seediness around the whole industry.

I’m not trying to throw Western Union under the bus here. I know the vast majority of people are using it and similar services for legitimate reasons, but still. Why is it so easy to commit crimes using money-wiring services, and could providers do anything to make it less so?

In all honesty, probably not. The crook is the one committing a crime. The victim is just wiring money, which you can pretty much do at will. It’s not a crime to fall for a scam. Limiting users’ ability to wire funds would just create extra hassle for customers and drive down business.

So that means it’s on you to not become a victim in the first place. Be knowledgeable about different types of scams. Most of all, just think before you act.

For example, I can’t think of a single legitimate case in which someone would mail you a cashier’s check and ask you to cash it, then wire money back to them. If someone is telling you to do this, it is a scam. 100% of the time. Just take that as a general rule, and you’ll reduce your chances of becoming a victim.

Telephone scam targets grandparents

There’s another antique scam currently experiencing a renaissance: the telephone “Grandparent Scam.”

This one is really simple: thieves will call elderly people, posing as a grandchild and asking for money because of a car accident, arrest or other emergency. Alternately, they may claim to be a police officer or lawyer and tell the victim their grandchild has been hurt, arrested or in need of legal counsel. In either case, the victim is instructed to wire money to the thieves.

It’s a simple scam because it’s so easy to find out the names and ages of family members online. In fact, a single obituary might provide everything a crook needs to victimize family members of the deceased. However, an experienced “social engineer” might be able to pull it off cold, with very little information to start with.

Thieves using this technique are working under a set of assumptions:

  1. Grandparents will be less judgmental if a young person is in trouble with the law, which is why the “grandchild” is calling them instead of a parent
  2. Grandparents will be quick to panic if they think a grandchild is injured
  3. Elderly people can’t hear well, which means the thief doesn’t have to work very hard to disguise his or her voice
  4. Older people are less informed and less tech-savvy
  5. Elderly people may be ill or on medication, which can affect their judgment

Of course, in any individual case, none of these might be true, some of these might be true, or all of these might be true. Crooks use stereotypes as a way to select potential victims, knowing that one group (grandparents) will have a statistically higher rate of return than another (parents or siblings).

If you are a grandparent, be extremely wary of anyone calling who claims to be a grandchild in trouble. Ask questions that only the real grandchild would know. Hang up the phone and call him or her directly, or the parents. If the caller claims to have been arrested in Tijuana, but his parents say he’s in the living room in Des Moines, you’ve pretty much got your answer right there.

Don’t wire money to someone who calls just because they asked you to. Don’t panic. Take a breath or two, and figure out how you can verify beyond reasonable doubt who that caller is. Ask questions (the crook will likely hang up immediately). Call the parents. Call the grandchild. Do whatever it takes to verify the identity of the caller.

In all honesty, if someone is calling and asking you to wire money, I’d put 90% odds on it being a scam right away.

Not even the FBI Director is above falling for a phishing scam

I spend a lot of time on this site repeating (explicitly or implicitly) these two ideas:

  1. You can take steps to vastly reduce your chances of becoming a victim of fraud or identity theft
  2. That said, nobody is ever 100% safe, and nobody is “too smart” to walk right into a scam

The following is an excerpt from a recent speech by FBI Director Robert S. Mueller, III:

Most of us assume we will not be targets of cyber crime. We are not as careful as we know we should be.  Let me give you an example.

Not long ago, the head one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.

It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam—“phishing” with a “P-H.” This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time.

He definitely should have known better. I can say this with certainty, because it was me.

After changing all our passwords, I tried to pass the incident off to my wife as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”

If I didn’t dislike vapid clichés like “it really makes you think” so much, I’d probably say that right now. I mean, it would be funny (but not ha-ha funny) enough if someone like myself fell for a phishing email, but the FBI Director?

I think the Soup Nazi-esque “no online banking for you!” response is extreme, although I can see how a high-profile figure like Mueller could have his reasons beyond just his own personal finances for going offline—namely, his very credibility.

For the rest of us, though, online banking and bill payment is still very safe, as long as you’re informed when it comes to the dangers. If you get an email that appears to be from a financial institution, don’t click on any links within that message. Go directly to that bank, credit union or credit card company’s website by typing the URL manually, or by running a search on Google, and log in from there. Of course, if it’s from an institution you don’t even have a relationship with, you’re pretty safe in assuming it’s phony.

The full text of Mueller’s speech is an interesting read, if you have a few minutes, by the way.

“Debt Crisis in America” Commercial

On Monday, I posted about an incredibly sleazy debt counseling commercial, and promised to find out who it was and post their BBB rating and some other information.

Well, apparently this ad is a “turnkey” job, where an advertising agency creates the commercial, and then plugs in the phone number of whatever company buys the ad from them. In other words, the company running the advertisement here in Northwest Indiana might not be the same company that uses it in Cleveland or Las Vegas or Anchorage.

Basically, that means I can’t call them out by name and post their BBB ratings, because it could be many different debt counseling companies.

However, what I can do is post a couple screenshots, so you’ll recognize it when you see it.

This is not a real news broadcast:

003

001

Subtle, isn’t it?

Everything I have said or am about to say is my opinion. In other words, if your debt counseling company has been using this ad, save your time, money and breath. I’m not going to soften my position on this out of fear of litigation, because you haven’t got a case.

I believe that any debt counseling company that is using this advertisement is deliberately misleading consumers. They are running an advertisement specifically designed to trick people into thinking it is a genuine news broadcast (fine print or not), and that the President endorses their services. I would not give this advertisement a second glance, but if you want to figure out who is running it and what their BBB rating is, just for fun, try catching the phone number and Googling it when it appears on your TV.

If you are running a legitimate debt counseling company and have been using this commercial, I would stop running it immediately. You are going to damage your credibility because of people like me throwing you under the bus with the scumbags. You may be providing a wonderful service to those who need it, but your advertising is telling a different story.

If you are running a legitimate debt counseling company and have been considering using this commercial or similar, don’t. I don’t care how cheap it is. You don’t want to paint yourself with the same brush as the crooks. Looks sleazy? Is sleazy.

Facebook IQ Tests: Yes, they’re a rip-off

I did a couple presentations to some eighth graders this past Monday on the topic of common email scams like lottery and mystery shopper schemes, as well as having their parents check their credit reports to make sure nothing shows up.

I was surprised at how many of them had already encountered these emails, and I hope my message got through.

Another topic came up, however, during the Q&A portion of the presentations: those IQ tests that always show up on Facebook.

This isn’t the “Which Variety of Traditional German Sausage Are You?” tests. (Knackwurst, by the way, in case you’re wondering.) I’m talking about the IQ tests that appear as banner ads, with a few of your friends’ photos and the “score” they allegedly received, challenging you to beat them.

My quick advice is: don’t even click on those links. End of story.

The longer answer is this: if you click the link, it will take you to a website (not affiliated with Facebook) that asks you for your cell phone number, allegedly to give you your score. What it’s actually doing (if you read the fine print) is signing you up for a “service” with a monthly fee of $29.99. Then you take an idiotic IQ test, which is not even a little bit official, and wait until the charges show up.

I guess it’s not technically a scam, since you’re told (in very tiny text) that it will charge you, and I guess you’re signing up for something (though I’m not sure what). However, it’s sort of a dirty trick, if you ask me. These ads are aimed at teenagers, most of whom aren’t going to read the fine print.

This was the only real disconnect I had during the presentations. Some of the kids apparently believed that their parents wouldn’t mind paying an extra $360 per year for their kids’ cell phones. “It’s only a dollar a day,” one protested. Tough crowd. “Is this thing on?”

Yeah, it’s only a dollar a day. For a one-time IQ test that is in no way official and is not administered by a professional. I tried to emphasize that just because it’s on Facebook doesn’t mean you should trust it, and that these tests are essentially idiotic, but in the end had to admit to them, “Hey; it doesn’t matter to me if you want to get ripped off to take an idiotic test. If you think your parents will be thrilled to pay an extra $30 per month in this economy just so you can get your fake IQ score, then have at it.”

I think that might have woke them up a little. There was a short “I’m still processing what you just said, and realizing that you’re probably right” silence. I took that as a good sign.

All in all, a successful presentation, I think.

Misleading credit counseling advertisements on television

I just saw what may have been the sleaziest credit counseling commercial I’ve ever seen.

It appeared on the Weather Channel around 2:30 PM local time (I was watching Full Force Nature; they had some really killer close-up tornado footy).  Now, sleazy ads during daytime television are nothing new, but this one was incredible.

It began with footage of the President giving an address about the economy. I don’t know the date or specific topic of the speech—I know he used the phrase “drastic action.” This was framed by graphics designed to closely emulate the look of a broadcast from a cable news channel. There was a headline at the bottom of the screen about debt counseling, with a ticker underneath that, the kind they normally use to give up-to-the-minute stock prices.

After the (out-of-context) presidential clip, it cut to a woman in front of a photo of either the White House or the Capital Building. She was dressed in a sharp suit like a news anchor, and was telling you to call now for information on debt elimination. The headline and ticker remained at the bottom of the screen. If you weren’t paying close attention, you might easily mistake it for a genuine news item. Naturally, the color scheme of the ad was red, white and blue.

Of course, it wasn’t real. Consider these facts:

  1. Real news broadcasts don’t tell you to call a toll-free number for information on debt counseling
  2. The government does not endorse any such service, nor did it create the advertisement
  3. The President did not create or approve the ad, nor does he endorse any such service
  4. Anyone can create a TV commercial using cheap graphics and public domain footage and, as long as they purchase the time, have it run on television
  5. Ads that run during daytime television are created under the assumption that you are jobless, directionless, desperate and not very intelligent. In other words, they’re insulting. Take them with a massive grain of salt.

I didn’t catch the name of the company, but I wish I had. I’d gladly post it here, along with their BBB rating and the advice to not use their services. If I catch the commercial again, I’ll make note of this information. If it is a legitimate, non-profit counseling service, they need to be told that their advertisements are misleading and unbecoming. If they’re not, they need to be called out on it and run out of business.

There are real, non-profit credit counseling services available for those who need them. REGIONAL has a relationship with Consumer Credit Counseling Service of Northwest Indiana. They’ve got an excellent BBB rating.

If you’re in a different area, start with the Better Business Bureau, and don’t use any service with anything less than an A rating.