Rick Beal wanted to grab some cash from the bank on the way to the airport - so he hired a limo and allegedly robbed a bank on the way.

The man called a limo company and asked them to wait for him outside a Bank of America branch in the San Francisco area.

Inside Beal robbed the bank by "simulating a gun" and then used the limo to get away. The limo driver oblivious to the crime just committed sped Beal off to the airport.

A witness followed the limo and notified the police. The police recovered all the stolen money. The unnamed limo driver was released. Beal is being held on two counts of bank robbery.

» 11:17 AM :: permalink

I'm a member of PayPal, a popular Internet payment processor which lets any business or consumer with an email address send and receive payments online. Recently, I began receiving suspicious emails from what appeared to be from a PayPal email address (verify@paypal.com) requesting that I re-verify my username, password and sensitive personal (e.g. social security number) and financial information (e.g. credit card, debit card, bank account, etc.) by visiting an included link in the message which appears to be from the PayPal.com main site. The subject of the message was "PAYPAL - VERIFY AND UPDATE YOUR ACCOUNT." If you are a member of PayPal (or not) and receive a message like this, DO NOT RESPOND TO THESE MESSAGES! It is part of an apparent identity theft scam. PayPal didn't send you the message and you will be submitting sensitive financial information which can be used to loot, plunder, and pillage your accounts and your credit standing.

Initally the email messages seemed harmless at first but I received several of them at once and all sent to the same account. Given I was on vacation, I ignored them initially, however they kept coming. When I returned from vacation, I examined the email messages more clearly paying particular attention to the language and grammer used and the email's "header" information. On close inspection, I noticed the following in the message which raised some red flags and prompted me to act cautiously:

• The word becaurse was used instead of because. Sure, could be a simple typo but corporations usually use Spell Check on any emails that they send out to subscribers or clients. It didn't raise a red flag initially, but continued to peak my interests.


• The same sentence also had a rather odd construction to its grammer, again beginning to raise some flags in my mind.


• The subject line contained all capital letters and read, "PAYPAL - VERIFY AND UPDATE YOUR ACCOUNT." Though this too didn't really raise any major flags, it did seem odd since I don't recall ever receiving a message from PayPal in all caps before.


• Though the from and return address (verify@paypal.com) appeared to be a legitimate PayPal account, the "Received" from entry in the mail header said it was from the ip address (24.53.129.37) and program HELO Mail.com and not a PayPal email server like smtp.paypal.com or mail.paypal.com or something like smtp1.nix.paypal.com. If nothing else, this hinted to possible spam since the message did not originate from a PayPal server.


• The link itself, though it began with https://www.paypal.com had a rather weird formation to it with a colon after .com and then a long string of what appeared at first glance to be quite cryptic and possibly quite ok address. Then on closer inspection, I saw that the link contained a url in it and if nothing more this link was going to somehow collect information on me or redirect me somewhere else. One message had n9iTe3.WoRlDiSpNeTwOrK.cOm or if you make it all lower case n9ite3.worldispnetwork.com and another email listed a different link with host80.ipowerweb.com in the verify email address url. The red flags and sirens began sounding in my head, big time!


• To add insult to injury, when I clicked on the link the page looked like PayPal.com with its accompanying logos, familiar look, etc. except they were asking for some highly sensitive financial and personal information including my PIN on my ATM card, my bank account and credit card numbers, and other sensitive financial info. PayPal needs my ATM pin for no reason at all to use the service and such a deluge of information to verify seemed quite excessive at once.


• When I clicked on the the link, it resulted in an 'Invalid Security Certificate'. Meaning the https:// wasn't digitally signed correctly and it didn't match the originating web site. The real PayPal site SSL certificate at https://www.paypal.com does say "PayPal, Inc." as the organization and doesn't come up invalid.
  

Late last night, sufficiently convinced something wasn't right with this message, I logged into the real PayPal website and contacted them. An autoreponse message asked that I forward copies of the suspicious emails to accessviolation@paypal.com for further investigation. This morning, I received a response from PayPal. According to the message I received (from a last nameless Robert using the webform@paypal.com email address), PayPal confirmed that the email I received was not sent to me by PayPal, the websites linked to the email are not a registered URL authorized or used by PayPal. They said they are currently investigating this incident fully and asked that I do not enter any personal or financial information into this website. They also asked that if I receive any further messages to report them through their website and send a copy of the message to the email address above. As I write this blog entry, both URL's to these PayPal cloaking websites are down and not operational, however that it not to say these messages are not gone for good. Other websites can be compromised and used to steal your identity.

How can someone steal your identity? By co-opting your name, Social Security number, credit card number, or some other piece of your personal information for their own use. In short, identity theft occurs when someone uses your personal information without your knowledge to commit fraud or theft. Then they open up accounts in a consumer’s name and run up charges on the account. Or, they use the personal information to charge goods and services to a consumer’s existing accounts. In other cases, they may work, or even be arrested, while using the victim’s name. The harm to a consumer’s credit and daily life can be devastating. Victims of ID theft often have trouble getting new credit cards or loans because of the damage to their credit ratings.

According to the ID Theft Data Clearinghouse, the most common types of identity theft are:

• using or opening a credit card account fraudulently


• opening telecommunications or utility accounts fraudulently


• passing bad checks or opening a new bank account


• getting loans in another person’s name


• working in another person’s name.

If you did surrender financial information or your password to this or other bogus PayPal websites (or your financial information has been breached), you should immediately begin taking steps to undo or subvert further damage. Here is a list of helpful hints on taking steps to prevent identity theft in general as well as any breaches related to PayPal:

1. Immediately log into your PayPal account and change your password and secret question and answer information.


2. If you notice any unauthorized activity associated with your PayPal transaction history, immediately report this to PayPal using the security center link at the bottom of the page and report the problem using their Help system.


3. Contact the fraud departments of each of the three major credit bureaus, report the theft, ask that a "fraud alert" be placed on your credit file and that no new credit be granted without your approval. The phone numbers for the three bureaus are Equifax: 1.800.525.6285, Experian: 1.888.397.3742, and Trans Union: 1.800.680.7289. Obtain copies of your credit reports from each of the three bureaus and review the account information.


4. For any accounts that have been fraudulently accessed or opened, contact the security departments of the appropriate creditors or financial institutions. Close these accounts. Put passwords (not mother’s maiden name or Social Security number) on any new accounts you open.


5. Call the ID Theft Clearinghouse toll-free at 1.877.ID.THEFT (1.877.438.4338) to report the theft. Counselors will take your complaint and advise you on how to deal with the credit-related problems that could result from ID theft. The Identity Theft Hotline and the ID Theft Website (www.consumer.gov/idtheft) give consumers one place to report the theft to the federal government and receive helpful information.

If you would like further information about the problem of Identity Theft and Online Information Security, check out these useful web sites from the folks in Washington: http://www.consumer.gov/idtheft/ and http://www.ftc.gov/infosecurity. For more information on PayPal security, to report that you account was compromised, or to report a spoof SPAM email or fake PayPal unauthorized website visit www.paypal.com/cgi-bin/webscr?cmd=p/gen/security-main-outside.

» 11:16 AM :: permalink

Well I am finally back from a 10 day stint in Sin City Las Vegas and the mountains of Northern Arizona. I had a great time, though Vegas was mightly hot. In the next few days, I will be posting a few pictures from the adventure. While away I did notice that gee wiz I get a ton of spam and there is a pattern to it. I even get spam messages about the problem of spam! GRRRR!

I forwarded mail from one of my accounts to another just to examine the spam and to weed it out before downloading to my computer. I had from my 10 day trip 155 messages, almost all of which were spam. That's an average of 16 spam messages a day! Or about 5100 messages annually. Now this is for just one account, I have dozens for work, my business, my personal accounts, etc. And I periodically clean, expunge delete this email account and retire it from use a few times a year just to curtail the spam. What are we doing about this crap?

I got messages about all sorts of Medical Miracles. For instance, penis enlargement. I get this one in various flavors daily. I am beginning to develop a complex. Sure, I've got the Irish curse but come on there is no way to enlarge the male genitalia without costly surgery and essentially breaking it. And at that point, what use is it other than to pee (if you can do that at all)? Pumps, pills, creams they all don't work. It stopped growing in girth and length when puberty came and went. One email writes VP-RX will take your sex life to new levels...Guaranteed!. Guaranteed not to work! Do people actually believe this stuff and click on the messages? Are men (and women) that obsessed with size? And the male organ? According to these emails we are. And since spam is growing exponentially (unlike penises), it must be working for some body otherwise why continue sending unsolicitated messages.

Viagra is another popular one. I get a dozen of these messages a week: 1/2 off viagra, V I A G R A without a prescription, E N H A N C E Y O U R S E X D R I V E. All garbage. If the he majority of people who need viagra are in their 60's or later (based on the Pfizer ads with older couples dancing), then they aren't using the Internet to get it and probably don't even own a computer. My grandparents don't even know how to program the VCR never mind turn on a computer. Why do these spammers bother?

I get a lot of gambling spam messages too. Mind you, I hate gambling and I am no good at it nor would I visit some off shore gambling internet site to start a new habit. As a matter of fact, I lost money in Vegas (like most people who gamble). The only good thing about the gambling spam messages I get is that they put "ADV:" or "AD:" in the subject line alerting me about the solicitation which quickly prompts me to push the delete button. I think the gambling sites signed me up arbitrarily because I don't accept advertisements on one of my sites from gaming Internet sites but its only a theory and not one I'd bet on.

The last type of messages that I receive have to do with IPO's and stock trading. I don't own any stock and the IPO and tech side crashed in the late 1990's early 2000's. These messages boast secret deals and the hottest stock buys for just pennies. More crap that I don't want.

Out of the 135 messages I received while gone, 1 was relevant and it too was in someway SPAM and an advertisement though one I can live with since it relates to my hosting company. Spam is making my e-mailbox essentially useless.

I've oftened wondered if someone saved all the spam for historical purposes and looked at it over time what could be concluded about the society we live in?

My conclusion would be: Gamble on a penis enlargement fix and you'll need to buy stock in Viagra. Cheers and happy deleting!

» 6:57 PM :: permalink