Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken

from the i've-still-got-my-identity dept

Last month, we posted an amusing discussion (and comedy act) concerning whether or not "identify theft" was really a crime, or if it was really a bank robbery where the bank was passing off the liability for its poor authentication system onto the bank customer. Apparently, just such an argument is already playing out in the courts. Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:

"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."

Chalk one up for those who believe "identity theft" is actually a "bank robbery."

Filed Under: banks, identity theft, scams, security

Is It ID Theft Or Was The Bank Robbed?

from the which-one-seems-more-accurate dept

Via Clay Shirky, comes a very good point from Kevin Marks concerning claims of "identity theft," where he notes that identity theft is not actually an identity being stolen but is usually a bank/credit card company being robbed and passing off the blame for their own poor security on the victim. He point to a brilliant comedy routine by Mitchell and Webb that makes this all pretty clear:

"They took all the money? That sounds more like a bank robbery."
"No, no. If only. 'Cause we could take the hit. No, no. It was actually your identity that was stolen, primarily. It's a massive pisser for you."
"But, it's actually money that's been taken..."
"Yes"
"From you?"
"Kind of."
"I don't know what you want from me other than my commiserations."
"You see it was your identity. They said they were you!"
"And you believed them?"
"Yes, they stole your identity."
"Well, I don't know. I seem to still have my identity, whereas you seem to have lost several thousands of pounds. In light of that, I'm not sure why you think it was my identity that was stolen instead of your money."

The problem isn't "identity theft." It's bad security and verification processes by a financial institution.

Filed Under: identity theft, scams, security

DJs Buy Their Own Music Online With Stolen Credit Cards To Grab Royalties

from the scheming dept

A group of people in the UK have been arrested after they allegedly put their own music on the iTunes Music Store and Amazon, then purchased it with stolen credit-card numbers. Police say they made 19 tracks and put them up in the shops, then spent about $750,000 on the music, grabbing about $330,000 in royalties from the purchases. It's quite the scam, since one difficulty in stealing credit-card numbers is converting them into cash. One way to do this is to sell the numbers themselves; another common way for people to do this is to take a stolen card, then go buy gift cards from a store with it, then sell the cards on the street at a discount. But selling Wal-Mart gift cards and hawking them on the street seems like an awful lot of work, compared to what a criminal with a computer and some music software can do. Of course, it's not too smart to continually buy the same tracks over and over with 1,500 stolen cards...

Filed Under: music, royalties, scams, stolen credit cards

FTC Cracking Down On Car Warranty Robocall Scammers

from the about-time dept

It was just last week that we questioned why the FTC hadn't been able to track down the scammers behind the "this is the 2nd notice that the warranty on your car is about to expire" robocalls. Apparently, we were just a little anxious. On Thursday, the FTC filed complaints against two of the companies involved in the scam, noting that they were apparently placing 1.8 million calls per day, with no regard for the Do Not Call List. Apparently, the scam has already brought in $10 million from people who were duped, though the FTC is trying to get all that money back.

Filed Under: car warranty, ftc, robocalls, scams

Computer Repairman Steals Hard Drive, Tries To Charge Company For 'Retrieving' Data

from the so-close-yet-so-far dept

It's widely known that internal staff are the biggest threat to IT security, but what about your computer repairman? After a hard drive was stolen from Real Living Action Realty in Pennsylvania, the company called Kevin Andrew Lutes, who had done repair work for them in the past, to fix the machine. He told them he could retrieve the files, but the owner later called the computer manufacturer and learned that it's impossible to do this... without the hard drive. Oh, and the police learned that Lutes' car -- computer repair sticker and all -- was spotted outside the office on the night of the break-in. When he returned a few days later with the stolen hard drive back inside the computer and tried to charge the company $2000 for the "repair," Lutes was arrested and charged with theft. You'd think that with potential access to the machine, he could have done something a little more subtle or sinister, but, lucky for the company, their repairman turned out to be a pretty dumb criminal. Someone should let him know that basing a business model on artificial scarcity is a bad idea...

Filed Under: hard drives, scams, theft

No, The FBI Isn't Gunning For The Business of Mailboxes Etc.

from the stupidity-reigns dept

A note to all the stupid criminals out there: when making a purchase with a forged check, you're probably better off not using your local FBI office as the delivery point for the goods you're trying to scam. That's what a mastermind in Monroe, La., did recently, giving the feds' address for a shipment of cell phones he wanted to receive. The firm he "bought" the phones from noticed something fishy when the guy paid with a "cahier's check" (as opposed to a cashier's check), and they called the authorities, who later found the guy trying to flag down a delivery driver outside the FBI office. Sometimes, you have to wonder, do these people just want to get caught?

Filed Under: fbi, scams, stupid criminals

The Rise Of Corporate Identity Fraud

from the expect-to-see-more-and-more... dept

A few years ago, we wrote about the odd (and somewhat amusing) case of a group of fraudsters in China who didn't just build knockoff NEC products, but created an entirely fake version of NEC in China. Yes, they set themselves up as if they were a legitimate division of NEC, but had nothing to do with the company (other than producing knockoff NEC gear). That was corporate identity fraud taken to an extreme level, but it seems like others are starting to jump into corporate identify fraud in a way quite similar to personal identify fraud. Michael Scott points us to a story about some scammers in West Virginia who took on the identity of various vendors to the state, and were able to scam $2 million out of the state before the scam was exposed. While the article calls this a "rare" occurrence, I'd be willing to bet that it's going to become a lot more common. For scammers looking for a big score, taking on a corporate identity rather than an individual's seems likely to get you into higher dollar amounts much more quickly...

Filed Under: identity fraud, scams

Reddit Community Discovers Phone Numbers To Reach Car Warranty Telemarketers...

from the poetic-justice? dept

Pretty much everyone is getting those telemarketing scam car warranty calls these days. They're the ones that start out "this is the second warning that the factory warranty on your car is about to expire...." Of course, it's not the second warning (in some cases it's the 100th) and it doesn't matter if your car warranty is about to expire or even if you own a car. They just call everyone. Last summer, the FTC announced that (partly in response to those calls), all prerecorded telemarketing calls were banned. But, considering these guys are scammers, that wasn't going to stop them. It looks like the folks over at Reddit got fed up and social engineered the phone numbers of the company out of a rep, and then the community just started calling repeatedly, overwhelming the company's phone lines. Of course, while it certainly has that poetic justice feel to it, it won't stop them. They'll change their phone number and get right back to it. What's not clear is why the Reddit folks could track down who was responsible while the FTC has been unable to do so...

Filed Under: car warranty, mob justice, scams, telemarketing

Merck And Elsevier Exposed For Creating Fake Peer Review Journal

from the wow dept

I know I've mentioned for a while that I've been spending a lot of time looking into the healthcare industry -- particularly pharmaceutical companies, but haven't written that much about them yet because I haven't had the time to put everything together. However, the one thing that seems pretty consistent is how incredibly untrustworthy some of these companies are. The claims that it costs $800 million to make a pill are totally unsubstantiated. The idea that patents are necessary to create drugs is also entirely unsubstantiated. The more you look at it, the more you realize that patents have actually allowed the pharma industry to slow down many potential life-saving innovations in favor of a drug-based solution that isn't always the best. That isn't to say that there aren't some valuable pharmaceuticals, but the industry has a long history of deception and convincing the public and politicians that they need a lot more protection and money than they really do -- and that their drugs are more effective than they really are.

Even so, I was still somewhat stunned to read (via Clay Shirky) that Merck supposedly created a fake peer-reviewed journal to publish data that made its drugs look good. It also got Elsevier to publish the journal to make it look legit (Elsevier being one of the bigger publishers of -- of course -- proprietary medical journals). Two companies with a history of locking up information and data teaming up to mislead doctors and the public? What a shock...

Of course, this is exactly the sort of thing that you can do when everything is locked up and proprietary, rather than open. There's almost no way to confirm or check the data or information to make sure it's legit, so people tend to assume it is. In that regard, perhaps it's no surprise that the two companies eventually went down this road, but it does highlight one of the problems with the way the system works today. As Shirky later points out this is hardly unique for a firm like Elsevier, which has faced some serious ethical questions regarding its publications in the past as well.

Filed Under: closed source, journals, peer review, pharmaceuticals, proprietary, scams
Companies: elsevier, merck, reed elsevier

As Long As People Keep Buying, Scams (and Spam) Will Keep On Coming

from the pt-barnum dept

It looks like if anything is going to be able to effectively stop spam, it might be pressure on spammers' profit margins that makes spamming a less attractive line of work. But that still seems a ways off, as long as enough people continue to buy the stuff being sold in spam messages. Spammers know if they can reach a high enough volume, they'll find enough suckers to make it worthwhile. Scareware, too, is a volume business: a new report looked at a recent scam in which users were sent to booby-trapped web sites which said their computers had a virus. They were then directed to a site selling them some $50 "anti-virus" software. While a small percentage of people actually ponied up the cash, enough did to allow the scammers to pay more than $10,000 per day to the people who used SEO techniques on keyword typos to drive marks into the scam. It's easy to say that people shouldn't be so stupid and fall for the scams, but at the same time, perhaps a bigger issue lurks for the legitimate security software industry: if people can't distinguish between legitimate warnings from their products and scams, it could be a problem for them.

Filed Under: scams, spam