...... According to a survey released Wednesday by the Consumer Federation of America (CFA), nearly a third of all adult Americans have been approached with fake check scams and at least 1.3 million have fallen for it.

“They didn’t realize the pitch and the check were both phony until they wired off the money,” says Susan Grant, CFA’s director of consumer protection. She says the average victim gets taken for between $3,000 and $4,000.

Sally Greenberg, executive director of the National Consumers League, puts the yearly loss at $20 to $60 billion a year. Her group runs the Web site fakechecks.org. “These are very persuasive scams that play on people’s vulnerability,” she says.

Here’s another reason so many people get burned by these counterfeit checks: They look legitimate. “They look so real your bank teller can’t always tell it’s a fake,” says Allison Southwick of the Better Business Bureau. ...........

Full story:

»www.msnbc.msn.com/id/30968506/

MGD

e-busted
By John Leyden
The Register
9th April 2009 11:26 GMT
Nine suspects in a banking Trojan case have been arrested by specialist cybercops from the UK's new Police Central E-Crime Unit (PCeU).
The suspects - four women and five men - were arrested following police raids in south east London. Investigators reckon the group of UK-based eastern European nationals used malware planted on compromised machines to steal login credentials and plunder online banking accounts.
The arrests follow the establishments of a virtual crime force, involving more than 50 officers from the PCeU and the Met's specialist crime directorate.
Full article here: Via the Register

By John Leyden
The Register
Romania police arrested 20 suspected phishing fraud suspects on Wednesday.
Stefan Negrila, chief of the organised crime police in the western Romanian city of Timisoara, said the alleged hackers set up counterfeit banking websites that they used to trick surfers in Italy and Spain into handing over sensitive login credentials.
Phishing mule accomplices in the targeted countries then used these stolen credentials to "cash out" compromised accounts in a fraud whose losses might run into hundreds of thousands of euros, The International Herald Tribune reports

Full article here: Big phish

Erik Larkin
PC World
Mar 13, 2009 11:45 am


The TinyURL service allows you to enter a long URL, such as one for a particular Google Maps location, and convert it into a short, easy-to-type or e-mail link. Good for sending links - or as Trend Micro reports, for hiding a malicious Web site URL in a phishing e-mail.

Trend says the dirty trick, which it first reported on in February, is becoming more popular and spreading into multiple languages. The ruse is intended to make it more difficult for the wary to immediately peg a link as suspicious when they mouseover a link to see where it actually goes.


Full article here

Major data breach could put police officers at risk of identity theft
BY: Shaun Nichols in San Francisco
vnunet.com, 06 Mar 2009

A recent offline data breach may have put tens of thousands of New York City police officers at risk of identity theft.
According to local media reports, a man has been arrested and charged with illegally entering a data warehouse in the borough of Staten Island and stealing an unencrypted storage cassette belonging to the department's pension fund office.

Full story here

By Elinor Mills
CNET
March 6, 2009 3:54 PM PST

BERKELEY, Calif.--Six years after California enacted the country's first data breach notification law, many state residents have received letters warning them that their data was exposed by a breach but usually they don't know how or how long, experts said at a privacy conference on Friday.
That would change with the passage of a measure proposed by California State Sen. Joe Simitian, who authored the country's first bill requiring companies to notify customers when a breach has occurred that exposes their data.
Senate Bill 20 would require that notification letters to consumers have a standard set of information such as information about the timing and circumstances of the breach.


Full story here

Companies, authorities fawn over informatics whiz
By Dan Goodin in San Francisco for The Register
2nd March 2009

Software companies and government officials in Italy are falling over themselves to recruit a 22-year-old hacker serving a three-year prison sentence for electronic fraud.

Gabriel Bogdan Ionescu, who is incarcerated at the Bassone Penitentiary in Como in northern Italy, has already been admitted to that country's prestigious Polytechnic University of Milano, thanks to help from Italian authorities.

by Elinor Mills
CNET News
When we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites.

But you don't even need to be online to get phished.

Why pay when you can pwn?
By John Leyden
The Register
2nd March 2009


Three in four phishing sites are hosted on compromised servers, according to a new survey.

A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.

Full article via The Register

By John Leyden
The Register
25th February 2009

Gmail users, still swooning from the extended outage on Tuesday, were hit with a widespread phishing attack hours after the blackout.

The malicious message spread via the Google Talk instant messaging chat system, urging users to a video by clicking on a link connected via the TinyURL service. The link points to a website called ViddyHo, which invited users to submit their Gmail usernames and passwords.

Full article here: The Register

By JEFF OVERLEY
THE ORANGE COUNTY REGISTER
LINK: Personal information belongs to scores of Seaview Financial customers

NEWPORT BEACH – Folders with personal information for numerous clients of a local mortgage broker sat for days at a public recycling site, overflowing from the tops of several bins in an apparently glaring identity theft risk.

The files contained bank account statements, completed tax forms, credit reports and Social Security numbers, among other information, and most if not all had one broker in common – Seaview Financial of Corona del Mar.

Seaview’s offices were vacant Monday; it moved out of its East Coast Highway office building last week, according to tenants and the property owner.

Photo slide show: »www.ocregister.com/photos/inform···d2316455

Police seem to have arrested the first suspects in the Hartland Payment Systems hack.

By John Leyden
The Register

Phishing fraudsters have moved on from banking sites with an attack designed to hoodwink hotel customers, according to a team of security volunteers.

Hotel chains including Hyatt, TraveLodge, Comfort Inn, Ramada, Days Inn, and Wyndham are being targeted in the reported scam. More than 71,000 travelers each month have been redirected to counterfeit sites, volunteer security community FraudTip.com warns (»www.prweb.com/releases/hotel/fra···4834.htm). Mainstream net security firms are unable to confirm these figures.

More: Counterfeit site ruse proves hard to pin down

A major credit card processor, Heartland Payment System, has recently admitted that tens of millions of accounts were exposed due to poorly secured data being hacked.

»www.idtheftcenter.org/artman2/pu···9.shtml

Every year the Identity Theft Resource Center (ITRC) shares its thoughts for the upcoming year. The following items are ITRC’s predictions for 2009:

Monday, December 8, 2008
WWW.USDOJ.GOV

Telemarketer Sentenced for His Role in a Massive Fraud Scheme Targeting U.S. Residents
WASHINGTON - A room manager of a telemarketing call center operating out of Costa Rica was sentenced today to 11 years in prison for his participation in a massive, Costa Rica-based, telemarketing fraud scheme that targeted thousands of U.S.

November 25, 2008 6:05 PM PST
by Steven Musil - CNET News
Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.

The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.

Complete article

24 Nov 2008 14:31



In a report, Symantec has revealed prices for cyberattack tools and bank-account details, and identified counterfeit-software trends
According to Symantec, a keystroke logger can be bought for $23 (£15), while $10 will pay for someone to host your phishing scam.

Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site costs, on average, $740, and runs as high as $3,000, according to Symantec's Report on the Internet Underground Economy, released on Monday.

Full article Copyright © 1995-2008 CNET Networks, Inc

By JORDAN ROBERTSON, AP Technology Writer

Monday, November 24, 2008

(11-24) 04:16 PST San Jose, Calif. (AP) --

Internet criminals have been getting more "professional" for years, trying to run their businesses like Big Business to get better and more profitable at selling stolen data online.

By Matthew Lee

updated 1:27 p.m. ET, Fri., Oct.