Scams Happen to Smart People Who Do Stupid Things

Robert Siciliano Identity Theft Expert

Most people are too smart to fall for a Nigerian 419 scam. But plenty of smart people fell for Bernie Madoff’s investment scams. Madoff was far more subtle than your average scammer. But in this day and age, people ought to be more alert to potential scams than ever before. And yet this wolf in sheep’s clothing was able to bilk so many investors. So it looks like we aren’t as savvy as we should be.

The root of the problem is the sheer number of scams. There are investment seminars, smoke and mirror charities, phishing emails and even text messages. I got a “phext” (phishing text message) from “r.yahoo.com” that said, “changed secret question, log in to update, or text HELP or to end STOP.” Naturally, this raised my suspicions, so I did an online search which led me to a forum discussion of this particular scam. Apparently, any response to this text message would have allowed hackers to access plenty of proprietary data.

A prominent security and privacy researcher emailed me to describe an attempted Craigslist scam:

“Robert, so, I registered on Craigslist and posted our above ground pool for sale. Within minutes got a reply from someone asking some basic questions (most of which could have been answered if they had read the advert). Their reply to my answers raised an immediate red flag. This individual claimed to be from Miami and was willing to write me a check for the full amount, plus shipping charges for their shipping company that would pick up the pool. In other words, I deposit a check (in context it seemed to be either a business or personal check, either way I would have had to wait for it to clear) and when it clears, I keep my asking price and give the difference to the shipping company when they arrive to pick up the pool.

I’ve ceased communication with this individual, but this just stinks to high heaven. First, if it is their own shipping company, why should I have to pay them? Second, no way I’m going to deposit this check into my account and risk having my bank info show up on their statement. Third, why would someone in Miami (above ground pools aren’t all that popular down there, it seems to me) want to pay to have a used above ground pool shipped all the way from New England? Fourth, I’m just nervous about stuff like that anyway.

Ever heard of/encountered that kind of situation before?”

This is an advanced fee scam! Now, since I am obsessively screaming about this stuff all day, I can see this coming from a mile away, as did my friend. But those who are less tuned in to the variety of potential scams might easily fall victim to this type of crime.

Financial troubles are forcing people to seek out new opportunities. When we are searching for jobs or attempting to sell our belongings online, or simply spending more time using social networking sites, we become more susceptible to the latest scams. But the biggest danger is our own egos and our complacency, as we foolishly believe that we are all too smart to become victims.

According to The Wall Street Journal, many scam victims are pretty smart. Three recent studies showed that victims of investment fraud tend to be better educated and have higher incomes than nonvictims, and that most have been investing for a decade or more. Because they are so confident in their own judgment, they fail to seek out professional advice.

Years ago, the Better Business Bureau conducted a test in which they planted a man dressed in normal street clothes outside a store during the holiday season. They gave the man a plastic pumpkin and a bell to ring. He spent twenty minutes ringing the bell, and during that time, people kept dropping money into the pumpkin. When the people were questioned, most believed that they had just donated to the Salvation Army, simply because the man was ringing a bell. Like Pavlov’s dogs, they opened their wallets.

Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. You need to take steps to protect your own identity, because while you are smart enough to inform yourself about these issues, you can’t prevent some company from stupidly compromising your sensitive personal data. Prevent new account fraud by getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in Intelius Identity Theft Protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.

A Glorious Week of Identity Theft

Robert Siciliano Identity Theft Expert

If there was ever a week to get high, totally drunk, on information security and identity theft scammers and hackers, then this is it! Media outlets everywhere have been pumping out story after story of data breaches, identity theft, criminal hackers and indictments! Yeah team! For a criminal hacker groupie, this is Woodstock!

Dark reading reports Eight defendants were arraigned in a Brooklyn court for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford and seven other defendants. When identity theft defendants named Courtney, Gabe, Marsha, Saul and Ron are involved in a $22 million identity theft scheme, then you know it’s just a matter of time until someone named Britney or Brad will get busted too! It’s the identity theft apocalypse!

ABC News reports that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin’” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity.

Information week reports in the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year. Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

Cnet reports Rogue Facebook apps steal log-in data, send spam. Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims’ friends. So far, six malicious applications have been identified: “Stream,” “Posts,” “Your Photos,” “Birthday Invitations,” “Inbox (1),” “Inbox (2)” according to a blog post by Trend Micro researcher Rik Ferguson. The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called “sex sex sex and more sex!!!,” which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn’t appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

USA Today reports Hackers harness Twitter to do their dirty work.  A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities. Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed “Sninfs.”

The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, says Marc Fossi research and development manager at Symantec Security Response.

Protect yourself;

Don’t just sit back and get hacked. Arm yourself with anti-virus that runs automatically in the background and prevents “Courtney, Marsha and SoupNazi” from stealing your identity. Pick up McAfee’s Total Protection software and take control of your PC security.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing the sad state of cyber security on Fox News and check washing and campus security on ABC News.