fraud
Latest
UK teen buys $750,000 of his own music from iTunes using stolen credit cards (update)
A UK teen named Lamar Johnson has recently plead guilty to one count of conspiracy to defraud. His crime? It seems that he and his band (both in a musical sense and in a "Robin Hood" sense) used stolen credit cards to purchase something like $750,000 worth of their own music from both Amazon and the iTunes Store between January 2008 and June 2009. There's no telling how much the group would have earned from royalties, and the name of the band hasn't been disclosed (believe us, we looked), but something tells us that they probably recorded dubstep. Also, something tells us that -- since the royalties would have to be paid out to someone with a bank account -- this was a painfully easy case for prosecutors to crack. While Johnson will find his sentence tacked onto the 5-year jail term he is currently serving for grievous bodily harm, the rest of his 12 member "band" will have to wait until they appear in court in January to discover their fate. Update: One of our fine commenters (christianoliff) dug up an article from the Sunday Mercury that discloses a little more info on the perp, including a dashing photo and the name of his MySpace artist page. Apparently his criminal enterprise was more of a 2-step thing.
Criminals constructing ATM skimmers from DAPs
A recent article from Brian Krebs highlights a new trend in ATM skimmers: by using parts from cut-rate audio players and spy cams, criminals are able to construct something called an audio skimmer that records the data from the magnetic strip for later playback. Also included in the device is a miniature spy cam, which captures the user's PIN. The basic methodology behind the device is nothing new (for instance, it could be found in an issue of Phrack dating back to 1992) although the use of DAPs means that the whole thing is a lot more elegant than it was in the days of the portable cassette recorder. According to a recent report by the European ATM Security Team (EAST), devices of this type have been found in five countries, two of them "major ATM deployers" (with 40,000 active ATMs or more). Please guys, don't get any ideas. PR from EAST after the break.
Dell reaches $100 million settlement in SEC fraud case
Dell announced back in June that it's set aside a $100 million reserve fund for a potential settlement, and it looks like it's now finally going to have to use it -- a federal judge has today approved a settlement with the government for that very amount in a long-standing civil fraud case brought by the SEC. Of particular note, CEO Michael Dell himself has agreed to pay a $4 million fine, although neither he nor the company has actually admitted to any wrongdoing in the settlement. Dell did say that the company is committed to implementing the range of reforms it's promised, however, and adds that "we will certainly live up to all the commitments in the settlement." As for the SEC, attorney John Worland says that the settlement is "appropriate," and he notes that there isn't any evidence that Dell intended to defraud.
HP agrees to pay $55 million to settle investigation into illegal kickbacks
The company that kicked Mark Hurd to the curb for financial impropriety has today reported it'll pay $55 million in a settlement with the US Department of Justice relating to some fiscal delinquency of its own. HP was accused of greasing up the wheels of business, as it were, by throwing cash around to companies who would recommend its services to state procurement agencies. This particular set of allegations related to a federal contract obtained by HP in 2002, and the settlement also extinguishes investigation into whether or not the computer vendor had provided incomplete information to the US government. That's all well and good, but we have to question the size of these levies. Today's also the day that HP's announced a new $800 million supply contract with the US Air Force -- would a fine that's less than a tenth of the contract's value really deter HP's entrepreneurial spirit?
Thousands stolen through iTunes/Paypal scam
The BBC reports that a web scam is affecting a number of iTunes accounts that are linked to PayPal. Amounts ranging up to $4,700 were reported on Twitter and through Techcrunch as being stolen. All signs point to users falling for an online scam known as phishing. People will get e-mails that look similar to those from official sources urging them to change their user name and password for security reasons. They'll be redirected to a fake website which collects the credentials. The perpetrators then use the information to engage in further scams, such as the royalty scam we reported on earlier today. MobileMe was a target for phishing in the past. There are also new ways of ferreting this information being developed, such as tabnabbing that could even fool those who are familiar with these sorts of scams. One of the best defenses against phishers on a Mac is to invest in 1Password. If you click on a fraud e-mail and it tries to get you to change a password, it's going to detect the phishing site and steer you away. Otherwise, use common sense. Neither Apple, PayPal or any legitimate company will send you an e-mail asking for personal account information. If you get an e-mail asking for your full name, Social Security Number, credit and/or debit card numbers, passwords, etc., it is always fraud. Likewise, never click on an e-mail link to access your account. Go directly to the web site itself. If you have a parent or child that is not web-savvy, double check to make sure that they have not fallen for any of these scams. If you are a victim of this, contact PayPal immediately. The company told the BBC that it will reimburse any unauthorized charges. [All Things D reports that Apple is denying any iTunes-specific security breaches, adding to the likelihood that the account credentials were phished. –Ed.]
12 people charged in iTunes royalty fraud
I guess with all of the money flowing around iTunes, sooner or later someone would have to try to steal some of it. Twelve people have been charged in the UK with basically laundering money through iTunes -- they were allegedly uploading their own tracks onto the music sales service, then buying those same tracks with stolen credit card numbers. The fraudsters nabbed over $300,000 worth of royalties in just a four month period between September 2008 and January 2009. The Register doesn't note how the 12 (who come from a surprising number of various jobs and backgrounds) came up with this idea, or how they got caught, although there was an investigation underway by the FBI. iTunes wasn't the only service defrauded -- Amazon was reportedly used for some of the transactions as well. The suspects are scheduled to appear on bail next month, and I'm sure both Apple and Amazon have taken steps to make sure this doesn't happen again. Even so, out of all of the millions if not billions of dollars running through iTunes, if this $300,000 is all of the theft they need to worry about, Apple's doing pretty well anyway. [via MDN]
Apple supply manager arrested for wire fraud, money laundering
Ever wonder why -- after years of secrecy -- camera-ready iPod cases began rolling out? The answer could possibly be Apple supply manager Paul Shin Devine, who was just fingered by the FBI and IRS as a fraudulent, money laundering mole. Devine was arrested Friday for allegedly receiving kickbacks from six accessory suppliers in exchange for confidential information, which apparently gave them an edge in negotiating Apple contracts. "The alleged scheme used an elaborate chain of U.S. and foreign bank accounts and one front company to receive payments," reports the San Jose Mercury News, "and code words like 'sample' were used to refer to the payments so that Apple co-workers wouldn't become suspicious." Though we're not yet sure what specific confidential information might have been passed along and we doubt the indictment will say, a separate civil suit filed by Apple claims Devine accepted over $1 million in "payments, kickbacks and bribes" over the course of several years.
iTunes fraud takes trip to travel section?
Here we go again, unfortunately. Both 9 to 5 Mac and Ars Technica are reporting a new spat of potentially-fraudulent apps climbed the iTunes charts today, now in the Travel section. This time, the culprit's purported to be Chinese-based WiiSHii and a series of "GYOYO" Chinese- and English-language maps. The two publications have a screenshot each showing the apps climbing the charts, as well as an apparent receipt from one customer who unwittingly found charges for the software on his or her bill -- and yeah, we see them, too, albeit not topping any charts as of this writing. So yet again, we advise caution and double-checking your payment history. Le sigh. %Gallery-97248%
Apple looking to hire iTunes Fraud Prevention Specialist
Just days prior to the App Store fraud story, Apple posted a job listing for an "iTunes Fraud Prevention Specialist." The winning candidate will join "...a small but high impact team of specialists whose goal is to improve the iTunes Experience by mitigating the risk associated with iTunes Orders." Earlier this week, it was discovered that a developer called Thuat Nguyen had his book apps removed from the App Store after taking 42 of the top 50 sales slots. At the same time, some users reported unauthorized charges on their accounts. Considering that there are 150 million iTunes users, there will be, statistically, some who aren't there just to buy music and apps. Apple has reported that only 400 accounts were affected by the scam (that's 0.0003% of all customers) which is better than it could have been. Hopefully, the iTunes Fraud Prevention Team will but the smack down on these guys once and for all. [Via 9to5 Mac]
'App farming' update: Apple says only 400 accounts compromised
The good news is, one crooked developer has been booted from the store. The bad news is, some iTunes accounts were pillaged to fund his rise to the top of the Books category. While Apple's official statement this morning simply reminded us to be careful out there (change passwords, check with your bank, don't get fooled again), some other sites have been continuing to dig into the App Store's funkier corners, turning up additional stories from users that had their accounts compromised (and in the process, dinging game developer Storm8, which was previously sued for collecting user phone numbers). More disturbingly, among the victimized iTunes account holders are at least a few who claim they did use strong passwords, didn't fall prey to phishing attempts, didn't have malware or keyloggers on their machines -- but one day discovered that hundreds of dollars of apps had been bought on their accounts. Creepy. The problem of Apple IDs being hijacked is not a new one -- developer Joe Streno pointed out the weak spots in the password change protocols when his account credentials were swiped back in June of 2009. In this particular go-round, late word from Apple (via Clayton Morris) is that fewer than 400 accounts were compromised, out of over 150 million accounts worldwide. Morris also reports that Apple will be tightening up payment security a bit, requiring more frequent entry of credit card secondary security (CVV2) codes. As always, if you've had an issue with unauthorized app purchases on your account, let us know below.
Apple responds on iTunes fraud, vaguely confirms said fraud (update)
Over the weekend we saw reports of what appeared to be fraud occurring in the iTunes system -- namely, a rogue developer had somehow managed to snag 42 of the top 50 sales positions in the App Store's "book" category with seemingly bogus content. It looked as if there was some correlation between those suspicious sales and word of an increase in iTunes account fraud, but Apple had been mum on the subject over the holiday weekend. We've finally gotten a response from the company, and the folks in Cupertino say that the developer in question -- a gentleman named Thuat Nguyen -- has been chucked out of the Store altogether. Additionally, while they don't explicitly say fraud occurred, they suggest you check with your bank and kill your card if any of your info was stolen... which seems to suggest that something funky happened to some users. Here it is from the horse's mouth: The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns. Developers do not receive any iTunes confidential customer data when an app is downloaded. If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes. So it looks like even the walled garden isn't impervious to attacks -- here's hoping the problems were limited to a small group of people. Have any of you guys noticed strange charges on your account? Double check it right now! Update: Apple pinged our old buddy Clayton Morris with the damage report and claims it's fairly low -- roughly 400 iTunes users were hit, all told. While that's a pretty small percentage of the reported 150 million Apple serves daily, the company said new security measures are in place anyhow: according to Morris, iTunes will ask for the verification code on the back of your credit card "a little more often" from now on.
App Store chicanery powered by iTunes account fraud
It's a shame to have to point out such underhanded behavior on a holiday weekend, but we got a heads-up from developers Alexandru Brie and Patrick Thomson that something was seriously amiss in the Books category on the App Store. As detailed on Alex's blog and in this follow-up from The Next Web, it appears that at least one Vietnamese developer (mycompany/Thuat Nguyen) has gamed the category so that 40 of the top 50 entries are all apps from their stable. It's possible that another two or three developers have tried the same thing, although to a less extraordinary degree. As Alex points out, at least two of the reviews for these apps indicate that the apps were purchased against the buyer's will, with hacked iTunes account credentials. The ongoing MacRumors forum thread here indicates a possible spike in iTunes fraud, with major purchases being charged against unsuspecting users' accounts. Alex also notes that Apple's response team is already looking into the issue. If you have unexpected charges on your iTunes account, be sure to notify your card issuer or bank immediately, and then send word to Apple. It may take a bit longer to get help during the long weekend. Updates: 9to5Mac points out that the offending apps have been pulled from the store. Arnold Kim at MacRumors reminds us that compromised iTunes accounts have been reported for years, and it's not clear that the current circumstances represent a spike in malicious activity.
EnergyStar program certifies 'gasoline-powered alarm,' other imaginary abominations
It'd be pretty difficult for you to reach Engadget without having seen the EnergyStar logo on something along your way here. Whether it was as part of your motherboard's bootup sequence or on the box of your new TFT monitor, EnergyStar certification has become a de facto standard for most electronics being manufactured nowadays. What you might not have known -- but probably could have guessed -- is that the process for obtaining that sticker is far from bulletproof. The American Government Accountability Office has recently done a bit of spy work by putting forward imaginary products and false claims to the validating authority, and regrettably found its bogus items "mostly approved without a challenge." The auditors' conclusion was that the program is "highly vulnerable to fraud," and the stuff they've had certified would seem to corroborate that verdict. Hit up the Times article for the full story of governmental incompetence while the Department of Energy -- the body responsible for running the program -- tries to get its act straightened out. [Thanks, Adam]
Class-action suit charges Microsoft with fraud
[Image credit: bloomsberries] In a lawsuit filed by Philadelphia-area lawyer Samuel Lassoff, Microsoft is being sued for allegedly taking money from consumers for Microsoft Points that were erroneously used during "incomplete and/or partial downloads of digital goods and services and refused refund of same." The Horsham, Pa. resident claims that "an invoice he received early this month from Microsoft included charges for purchases he couldn't complete due to a balky download system," according to an InformationWeek.com report. Furthermore, he contends that this was no accident on Microsoft's part. When we called Mr. Lassoff's law office for comment, we were met with a disconnected number message. However, the lawsuit's Facebook page (it's a brave new world, folks) calls the suit a "class action on behalf of several million US customers exposed to Microsoft Point fraud." Citing "fraud, breach of contract, negligence, unjust enrichment, and unfair business practices," Lassoff seeks a "full refund to all US consumers of all Microsoft Points fraudulently charged to consumers for incomplete or partial downloads of purchased digital goods and services." Aside from his current lawsuit, Mr. Lassoff previously sued Google, Yahoo, and IAC Interactive in 2006 -- all three suits were eventually dropped. [Thanks, Zo]
PSA: Scrub your gaming console's memory before selling
Usually, when we label a headline as a "PSA," it's in a joking manner; say, "PSA: Bacon is delicious, good for you." However, we're pretty sure this post constitutes a legitimate public service announcement: Ars Technica recently published an article that the frequent trade-in-ers among us should probably read. In short, if you're not erasing your consoles' hard drives before trading them in, there's a pretty good chance you could be robbed blind. (Or at least robbed astigmatic.) Seriously, if you're thinking about trading in or pawning one of your gaming consoles sometime soon, follow the helpful tips provided in the Ars piece. They'll ensure that you don't accidentally leave your credit card information in the system's memory for its next owner to exploit. You also don't want to leave your Avatar, Mii or PlayStation Home account on there, either. That's how e-stalkers get started, donchaknow.
The best of WoW.com: January 14th-20th
This week on WoW.com saw World of Warcraft in the news yet again, when a man from Clearwater, Florida was arrested for fraud after he sold his WoW account and failed to hand over the goods. On the gameplay side of things, Lead Systems Designer Greg Street and Lead Producer J. Allen Brack hit Twitter to answer numerous questions about patch 3.3, Icecrown Citadel, and the upcoming expansion, Cataclysm. For all of this and much more, keep reading to see the best of WoW.com from the last week.
Phishing schemes targeting MobileMe users again
Be very careful if you get an email from Apple telling you they need to re-check your credit card information. One of our readers got just such an email, and he didn't fall for it. This particular rip-off comes from an 'Apple-bills.com' domain, which has nothing to do with Apple. They'll be glad to take your credit card info, and give you a big surprise when you get your next billing statement. An Apple representative confirmed that the email is not from Apple. They also suggest you send copies of the email and relevant details to spam@me.com if you get one. This isn't the first time this scam has gone after MobileMe users. We reported on some MobileMe scams in May. In February another scam site was telling people their MobileMe renewal was not received and to do it again. Back in 2008, ComputerWorld reported on another phony scheme that fleeced about 200 MobileMe customers in a single day. It's probably a good idea to not click on links in emails that ask for financial or credit card information, and it is easy to check with any vendor to see if the request is legitimate. If you ever have questions about a MobileMe renewal, you can go to: www.apple.com/support/mobileme/ and do a live chat with an Apple support agent. Also, don't update from an email. Log into your account and update there. Just before posting this I tried the link our reader sent. The first time I clicked I saw the fake Apple page. Now there is an error page there instead. Thanks to Asif for the tip.
Man imprisoned on fraud and theft charges over account selling scam
digg_url = 'http://digg.com/pc_games/Man_faces_criminal_charges_after_WoW_account_selling_scam'; According to The Associated Press, 23 year old Christopher H. Bouffard accepted $760 in 2008 from at least two people in exchange for WoW accounts. Bouffard then failed to turn over the agreed upon accounts, leading to a police investigation. He has now been charged with two counts of grand theft and one count of scheming to defraud. Bouffard is currently being held in jail until he is able to post a $20,000 bail. While defrauding people and taking their money isn't anything new, getting busted over it while selling WoW accounts is. From what we understand, the arrest is not for the actual trading and selling of accounts, but for the fraud that went on in the process. The fraud in this case is a criminal matter with very real implications for Mr. Bouffard, whereas the buying and selling of WoW accounts is against the agreed upon Terms of Service, but not against any criminal code. We've been hearing a lot about misbehaving WoWers lately, from the cougar who ran off with a fifteen year old boy, to Blizzard helping international authorities track fugitives online. This appears to be just the latest in a string of cases for Jack "Hang 'em High" McCoy to lay some law and order down on.
Dante's Inferno 'Fraud' trailer makes you fight for your life
We're ... we're just not sure we understand the reasoning behind Dante's Inferno's eighth circle, Fraud, depicted in the trailer above. See, Visceral Games has brought the concept of the circle's 10 Malebolges to life in the game in form of 10 arenas, where Dante must battle all the enemies he's fought in previous levels in succession. While doing so, he must navigate dark corridors where, according to art director Ash Huang, "you really can't see where you're going." Well, that actually sounds pretty faithful to the source material. It also sounds immeasurably frustrating. Check out the trailer above to find out where politicians go, and make sure you tune in for the final Dante's trailer in February to catch a glimpse of Mr. Beel Z. Bubb himself.
Phishing Android apps explain our maxed-out credit cards
There's no such thing as a perfect mobile app store strategy -- you're either too draconian, too arbitrary, or too loose in your policies, and as far as we can tell, there's no way to find a balance that isn't going to trigger an alarm here and there or get a few people worked into a lather. If you're too loose, for instance, you're liable end up with the occasional bout of malware, which is exactly what appears to have gone down recently in the Android Market with a few fake banking apps published by a bandit going as "Droid09." As you might imagine, the apps end up doing little more than stealing your information and ending your day in tears; the apps have since been pulled, but that's probably little consolation for those already affected. The moral of the story? Be vigilant, keep a close eye on those system permissions the Market warns you about as you install new apps, report sketchy ones, and -- as always -- use a hearty dose of common sense.
