 Tuesday, February 24, 2004 ( 3:28 PM ) Andy From the St. Louis Post Dispatch Southern Commercial Bank had an off-site programmer needing to test a program. The bank, instead of sending a test file with dummy data, sent an unencrypted file with 40,000 records. State and federal regulators are looking into this matter. The customers records may be read easily and could fall victim to identity theft. The state banking commissioner has noted this is a matter of policy, not law. In any case, this is an extremely bad mistake and represents a lapse in policy or judgment. # ( 9:41 AM ) Mary Beth How powerful is the Internet? I read a story this weekend that really showed how powerful the Internet is -- and how that power can be used for things we might not even dream of. A seventeen year old kid decided to do a search with his own name on the Net and was astonished at what he found. He discovered that he had been abducted by his mother during a custody battle when he was just three years old. Too young to even remember his father, he had been living on the lam with his mom for 14 years -- without even realizing he was the victim of a parental kidnapping and without knowing he had a whole other family who had never given up hope of finding him. Have you Googled yourself lately? # Monday, February 23, 2004 ( 3:33 PM ) Michele Almost had me fooled! Well not quite .. but I have to admit this latest scam has a new level of sophistication. The visa-security domain looks legitimate. The pitch for their Zero Liability program sounds familiar, the language is not too bad and the message has me a little worried that maybe my card WAS STOLEN!!! Would your customer know that this is a scam? What might have happened if your customer had no virus protection installed? Would they have compromised their information in a manner that could have allowed a fraud to be perpetuated that left you holding the bag? These scams are on the rise and its time to educate your customer to the potential threat. # ( 9:26 AM ) Andy I've said it before and I'll say it again. When there are looses under Reg. E or Reg. Z for debit/credit card fraud, it is said how much the consumer lost in the theft. In fact, it will be the banks who issued them who suffer most or all of the losses. The San Mateo Daily Journal reports the last of a gang has been arrested that was skimming cards in restaurants and manufacturing cards. One waiter reported $13,000 stolen in one month. San Jose police have tracked down $400,000 in loses in a four state area. Remember as you process those claims, just because the card wasn't reported lost or stolen doesn't mean it wasn't used by someone else. # Saturday, February 21, 2004 ( 7:04 PM ) Andy What have you told your customers about phishing scams? Park National Bank of Newark OH is telling plenty. Their customers are getting calls from someone posing as the banks Security Officer and asking for account numbers, Social Security Numbers and other confidential information. So far no one has fallen victim and lost money. But some of these scammers can be very convincing. The waters get muddier when a bank does send a genuine request such as one reported recently by BOL'er Michele. The bank was giving her a web site to register for new account advantages. That could easily have been a phishing scam, how was she to know? Inform your customers of the popular scams such as phishing and the still popular Nigerian scam, so you can save both of you time and money. # Wednesday, February 18, 2004 ( 11:05 PM ) Andy COPPA Penalties $400,000 and $75,000 - UMG Recordings which operates music sites, and Bonzi Software, makers of Bonzi Buddy, a real pest of a software program in my opinion, entered into separate settlements over COPPA. The Childrens Online Privacy Protection Act requires that children under the age of 13 go through an extra process when providing personal information online to commercial web sites. UMG allowed registrations that violated the rules as children signed up for newsletters, fan clubs and such. Bonzi is the first software company to be penalized as it allowed the children to register software and provide protected, personal information. The two settlements are the 9th and 10th enforcements of COPPA to date and the UMG settlement is the largest. More information is available on the FTC's web site. # ( 10:54 PM ) Andy The 10th U.S. Circuit Court of Appeals upheld the "Do Not Call" list which telemarketers challenged on the grounds that it was a free speech issue. The court said it was a "reasonable fit" and not illegal. It is compared to placing a "No Solicitors" sign in your front yard, except that people register on the list and they are removed from most telemarketers call lists. # Friday, February 13, 2004 ( 5:30 PM ) Andy SPAM SCAM. The FTC warns about a possible fake Do Not Email Registry site. This is NOT a site established because of the CAN SPAM law which became effective Jan. 1, 2004. There is no registry set up for email, but the unsub.us site looks suspiciously similar to the FTC's Do Not Call Registry site even though it says it isn't associated with it. Users should not confuse the ".us" address with a ".gov" address. And the FTC isn't certain what will actually happen with your address if it is submitted. For now, it is recommended you NOT complete this registry. # Monday, February 09, 2004 ( 7:12 PM ) Andy Five Nigerian defendants pleaded not guilty to carrying out a 419 scam that toppled a Brazilian bank in 2001. The scam was profitable initially because a bank employee feel for the ploy. Four more have charges pending and the Nigerian government is hopeful that this will demonstrate their desire to bring these crimes to an end. Read the story here. # Sunday, February 08, 2004 ( 4:58 PM ) Mary Beth Spammers Change Tactics Watching spammers is like watching the theory of evolution at work. In an effort to avoid obliteration, they constantly retool, adapt, change their tactics in order to try to trick us (sometimes, successfully) into opening their messages. For the last couple of months, I've noticed the following patterns: -- use of really generic-sounding names for senders. They're counting on the fact that you may think the name sounds familiar and thus might be legitimate; -- use of subject lines that are random strings of words and nonsense syllables. One which arrived a couple of minutes ago bore the subject line: "crook fiscal kink rimy nightfall". Makes perfect sense, doesn't it? (Yeah, to a loon.) -- use of blank subject lines, giving you no clue what the email's about or whether it is legitimate. Andy recently wrote an article about email use and etiquette. It was a great article, but one of the most important points in it is that it is crucial to use a properly descriptive subject line when you send email. I generally receive about 300 per day and it is always shocking to me the number of emails I get from bankers that l) have no subject line; 2) have a subject line that says "Hi" or "Hello" -- right when we're in the middle of a worm outbreak where that is one of the hallmarks; or 3) say "I need your help" in the subject line. Yeah, and so do the Nigerians. I've got a mailbox full of those, too. The unfortunate side effect of these bad subject lines is that I sometimes just delete the emails unread, figuring I'm saving myself from being confronted with one more generic Viagra ad. So if you've written me and haven't heard back. . . You aren't the only guilty ones. Whenever I try to find something I've sent to someone and I'm forced to confront the subject lines I've devised, I realize I have a long way to go in that area. But starting here, starting now, I'm going to make it a point to pay more attention to email subject lines when I draft them. I hope you'll do the same. # Friday, February 06, 2004 ( 9:59 AM ) Andy As a follow-up to my blog entry of the 4th, some users and ZD Net UK have reported, and has confirmed, that this patch may not completely mitigate the risks the patch is supposed to eliminate. # ( 9:42 AM ) Andy The "Fraudulent Online Identity Sanctions Act" (HR3754) is being proposed in Washington to add more teeth to the penalties imposed on those who commit online fraud. Particularly this is aimed at anyone committing fraud through a website registered under a false name or with fictitious contact information. Copyright infringement is also a key focus as larger damages would be available when copyrighted material is made available without proper consent. The ACLU has voiced opposition and believes there are privacy concerns. Marv Johnson, an attorney with the American Civil Liberties Union, stated the U.S. Constitution "recognizes that you have a right to anonymous communication". Perhaps this act would contribute to more penalties against those "phishing" expeditions we read about, if they can be caught. On a related note I heard one report that the ISPs monitoring spam have reported a decrease since the CAN SPAM act took effect on January 1, 2004. That decrease was only 1%, however. While nobody expected it to stop it, this is a minimal impact at best. # Wednesday, February 04, 2004 ( 8:18 AM ) Andy I recently helped someone replace a dial up modem with DSL. She didn't know what that little globe icon in the system tray was and had tons of updates to install. Do you what that globe icon means and do you practice patch management? Clicking this icon is an easy way for you to update/patch your computer with Microsoft Windows critical operating system upgrades. Microsoft just released an update yesterday, the 3rd. Yesterday's patch helps protect your browser from someone else in effect using it, and corrects some URL display issues. This is rated as a critical update. # Tuesday, February 03, 2004 ( 8:29 AM ) Mary Beth Nigerian Scammers Rounded Up It's probably just the tip of the iceberg, but Guru Barry Thompson passed along news about a major arrest in the Netherlands. Wired.com reported February 2 that 52 alleged Nigerian email scammers were arrested in the Netherlands after a raid involving 80 law enforcement officers and 23 apartments. Wired.com article eWeek article Canadian Money Change Coming Due to slick counterfeits, Canadians will have a new $100 bill starting March 17. Four state-of-the-art, anti-counterfeiting features will be used for the new bill. # |
|
