Over 14,000 phishing websites were detected in July. And this represents over 154 “brands” (Paypal, banks, credit unions, etc.). Got this from Computerworld.

The number of phishing sites -- or fraudulent Web sites try to fool people into handing over sensitive personal information -- rose to 14,191 in July, an 18% increase over May, the previous all-time high, said the Anti-Phishing Working Group (APWG). The fraudulent sites mimicked a record 154 brands, up 20% over June and 12% over the previous high, also recorded in May, APWG said.

According to Symantec (via ZDNet), in March 2006, there were nearly 8 MILLION phishing emails sent every day.

Internet Crime Complaint Center (IC3) issued an alert today. There are millions of phishing emails sent every day. This one is notable because the scammers thought it would  be effective to pose as the FBI.

The FBI has been alerted to a fraudulent email which purports to be from the FBI and attempts to convince recipients to send money to secure prizes won in an international lottery.

The email contains Director Mueller's name and office address, and typically comes under the title, "FBI Internet Fraud Watch/Alert". The return email address may be listed as FBIfraudalert@hotmail.co.uk, or FBIfraudwatch@hotmail.co.uk

If you ever take a laptop with you while traveling by air, watch out for this scam.

The Federal Aviation Authority has warned about a common scam to steal laptops at airport security. Basically, what happens is that a team of scammers (probably 2 or 3) get between you and your laptop at the metal detector at airport security. They look for people carrying laptops. One of the scammers gets in front of the mark, while one or two more wait on the other side of security. After you put your laptop down to go through the conveyor, the scammer in front of you purposely sets of the metal detector and delays while your laptop goes through the detector.

Your laptop comes out the while you are still waiting way back behind the scammer who is still delaying, emptying pockets, and probably distracting security. A scammer on the other side grabs your laptop, makes off with it, and may hand it off to a third team member to make it harder to find.

Tip:  If you are traveling with a laptop or notebook computer, be very careful at security checkpoints. Wait as long as possible before putting your laptop onto the conveyor belt. And keep an eye on your laptop the entire time. If you are being delayed and can’t see your computer, don’t be afraid to speak up (politely) and tell a security person that you fear your laptop might be stolen and ask that they keep an eye on it.

Tags: laptop, steal, notebook, theft

This was announced last year, but I thought those who missed it might like a reminder. There is a FBI consumer scam site called www.lookstoogoodtobetrue.com. where you can find some information about scams and how to prevent them. They also offer a link to free DVDs from the US Postal Inspection Service. Sorry, I’m still very underwhelmed.

And it says Monster.com and Careerbuilder are “partner” and “sponsor.” Huh? I guess it is easier to cut a check to buy yourself moral cover, then actually do some work and fight fraud. Would love to know what they are doing to stop work-at-home and cashier’s check scams posted on their job board. Please don’t bore me with “we have an abuse email address where users can inform us about scams.” I’m telling you, they could hire a couple of smart Computer Science interns and put a real dent in the problem. I would have LOVED that job when I was a Comp Sci student—writing code to shut down international fraud rings? That’s cool.

Ted Richardson has a post on Qchex. I blogged about them in May 2005 over on scamsafe.com. They make it criminally easy to commit check fraud, or even worse, demand draft fraud. I was even contacted by NBC television about Qchex and I going to write a long article about them. A Santa Barbara police officer I talked to about Qchex (he’s now with the Beverly Hills PD) told me it was remarkable how simple fraud was with Qchex. So much so, that he asked me to tell the TV guys to not do a story—and that I not write write about it. He didn’t want the word to get out because, according to him, even a halfwit could use it.

Even more striking was this. A short time later, I was talking to a couple of fraud investigators for a large bank. Really nice guys. I asked them about Qchex and they just smiled and didn’t say anything. I asked again and they just kept smiling. That’s when I knew it was bad news. My advice: if you see an email, check or document that says Qchex on it, do not trust it.

I rarely post about phishing attacks here because there are so many of them. I tried to post summaries of weekly phishing attacks back in 2004 on my scamsafe.com blog and it quickly became pointless—there are hundreds or thousands of new scams every week sent via billions of emails. At this point just assume that every e-mail from any organization asking for personal information is a fraud.

But the FDIC today issued a consumer alert I thought worth posting. 

The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that has the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation" and the subject includes the phrase "IMPORTANT: Notification of Federal Deposit Insurance Corporation." The e-mail states that the FDIC received an application. It says, in part:

"…from your bank to ensure your Checking or Savings account against Fraud, phishing or Identity Theft. If u agree with the following, PLEASE ENROLL in the FDIC protection system."

The e-mail is fraudulent and was not sent by the FDIC. It is an attempt to obtain personal financial information from consumers.

Updates below…

I probably receive two dozen emails a week from people asking about check cashing and work at home scams. There are hundreds or even thousands of these running simultaneously and they aggressively target people in the U.S. Often, but not always, they are run out of eastern Europe. They are very difficult for law enforcement to track and shutdown. My guess is that many of them are run by organized crime rings or terrorist organizations.

One of their major ways of reaching people is through job web sites, online classifieds and social/community networks, such as CareerBuilder, Monster.com, Hotjobs, and Craigslist. The phony companies, people, and offers behind these schemes change constantly, but they have several characteristics that are similar. They offer a way to make money for doing virtually no work. It’s usually centered around cashing checks or wiring funds. And it’s always about working from home or independently. Their absurd and false business proposition is that they need agents, representatives or financial processors in the United States to help them process payments from U.S. customers or vendors. It’s a  ridiculous concept—any foreign business that is legitimate would simply use a local office and bank to accept payments. THESE ARE ALL FRAUDULENT SCAMS. There are never any exceptions.

They will either use the “agent” to launder funds for them, steal funds from the agent themselves or, both. They dupe people by telling them they get a cut or fee for processing payments. They typically send you stolen, falsified or counterfeit checks. And the “job” is to deposit the checks in your account and wire funds to them (or write them a check and send via overnight mail). Often they use forged cashier’s checks as well, which fool people all the time. (Cashier’s checks are not cash, they are as risky as any other check. If you can steal or forge a regular check, why not a cashier’s check? Think about it.)

I’ve have tracked hundreds of these, usually through my old blog scamsafe.com, which still gets dozens of comments a week from people asking about work at home scams. I can sniff them out in seconds. There’s a new one called InDigit that is worth checking out to get a taste of a more creative fraud attempt. Their web site is designed to fool you into thinking they are a legitimate business: www.indigit.net. Here is a link to their job offer on Craigslist for a “Project Agent” (it will hopefully be taken down soon). This is a totally fake company and bogus web site. They tell you they are a software company that has been in business for seven years with 250 employees. And yet, they registered the domain name July 2006.

The takeaway: assume any work-at-home job that involves depositing payments and sending funds is a scam. And to report an online scam, go to the FBI’s IC3 website at www.ic3.gov.

Update: Another point to add. The job boards are utterly useless in stopping this fraud. They are in the business of accepting ads, not taking them down. They do very little to stop it although they may talk a good story. I was contacted by CareerBuilder a while back and they promised they were diligent in fighting fraud. I took them at their word, reported some abuse and waited. I didn’t see any let up in scam job postings on their site. Their standard line is that people should report fraud and then they will shut it down. By now they should realize that job seekers don’t realize it is fraud until it is too late, and by then the fraudsters have re-posted using a different name and tactic. With two interns, they could cut bogus job postings significantly. Scan all their ads for certain keywords, monitoring new job posting companies and flag accounts that use foreign addresses of any kind. And put a link on every ad that lets visitors flag a posting as suspect. That won’t catch them all but it’s a start.

Update 2: One of my readers send an email to InDigit asking if they were a scam. This is the response he received from”Eva Habenicht”. It’s a funny read:

Dear X, We are insulted to the innermost of our hearts with you groundless suspicions. We know that in the Internet present false and knavish firms. Because of it there is not much confidence to our and other firms. But we build our business exclusively on the confidence and honest. We must to stop our collaboration if you have any suspicions in our honesty.

Update 3: Michael Webster is blogging about this here. He suggests, I think, that the job boards and social networks that post misleading “business opportunities” is a violation of Section 5 and 12 of the FTC Act. Now I assume it is that only the FTC itself can go after such violations. So Michael seems to be suggesting that the FTC Act be amended to allow for “private cause of action”  which to me means allowing individuals to file suit for FTC Act violations.

Update 4: The scammers are watching. I noticed in my server logs that someone from the Russian Federation was reading my blog. The were referred to my website by an internal, hidden web page of a company called FranceSoftUnicom. That sounded suspicious to me. I visited their web site, and sure enough, it’s another bogus company. They also offer Financial Agent positions. Watch out for FranceSoftUnicom, it’s a scam also.

Internet Crime Complaint Center (IC3) has issued an alert. Watch out for scams (primarily emails) that prey on our desire to help out military members deployed in Iraq and elsewhere.

ConsumerAffairs.com has an article on 3 new ways scammers can steal your sensitive data. But it’s not really new overall, it’s just a different twist on pretexting. Someone calls you posing as someone else in order to get confidential data, maybe a PIN number, account number or social security number. The take away, as always, is don’t give out sensitive data over the phone in almost all cases, and only when you initiated the call and know who you are talking to (even then be careful what you tell people).

Lottery scams, especially international lottery schemes, have been around a long time. The Internet makes it easier for the fraudsters to reach the public.  A Canadian lottery outfit is warning Americans to watch out for a lottery letter scam. Typically these dirtbags will ask you for a fee in order to collect your winnings or maybe ask for your account numbers to wire you money. Then they steal your money.

Here’s the take away: U.S. residents can’t win a foreign lottery because they are not allowed in the U.S. There is no such thing as a lottery in Canada or any other country that offers sweepstakes and prizes to U.S. citizens.