Monday, January 11, 2010

SkyChaser Learned the Hardway

This is a page I put together about a frightening and real threat we all face when doing business on the Internet. This threat is a rapidly growing type of FRAUD and just recently, I had a personal and painful experience with it! With the advent of "Ebay" and "Paypal", Internet fraud is increasing at an alarming rate. This page also shows examples of how fraudulent activity can appear in a junk-email message that appears to be legitimate at first glance, but is not and criminal in nature. Identity theft is rampant, and it can affect ANYONE, regardless of how "careful" you are - but there are ways to recognize it early on. I urge anyone who sees this page to read both my experience and what you can do to protect yourselves.

First of all, I will identify what FRAUD is. FRAUD is defined as a deliberate action to achieve and unfair and / or unlawful gain. FRAUD comes in many forms and sizes, such as tax fraud, securities fraud, and the topic of this page, INTERNET FRAUD. Internet fraud is such unfair or unlawful practices using the Internet as a medium. Below are examples of two of the most common types of fraud found on the Internet.

IDENTITY FRAUD - Mis-representation of a person's name, address, passwords, etc. If someone steals a user ID and password, and uses it to get into a web-site, such as AOL for "free" (using your money), that is an example of IDENTITY FRAUD.

BUSINESS SCAMS - Mis-representation of a seller (or buyers) goods, or unfair conduct during a transaction. Examples can be buying a 3 drawer dresser on-line and receiving a chair instead, or in my case, paying for something and not receiving the item(s).

OTHER - There are many other types of fraud common on the Internet, including SECURITIES (mis-representation of investments) and INSURANCE (false claims) fraud, just to name a few.

Note the screen captured image above from an email. Do you see anything wrong with it? Well, this was an actual email I got as a SPAM (junk email) message, and the sender claimed to be from "Paypal", a popular and legitimate on-line trading and payment service. In this email message, the perpetrator simply spoofed (pretended to be) from a Paypal representative, which is very easy. The key here is that if you click on the link in the email message, it takes you to a site which looks EXACTLY (or SIMILAR) to Paypal's, but is not their site, but a temporary site of the perpetrator. You are asked to enter personal information, which will NEVER, EVER be asked for by a legitimate company (including Paypal). If such information, such as emails, passwords, address, phone, even credit card and social security numbers, is entered and submitted - You may get a "thank you - records updated" or nothing at all. The perpetrator now has just harvested your personal information, probably along with many others, and now he can use this to create a false identity, purchase items using your account(s), and sell your email, phone or address to illegal or overseas porn / gambling sites, just to name a few - not good!This technique shown here in this example is called PHISHING. This is the illegal and fraudulent way to obtain sensitive information (for identity fraud) from a victim, and the Internet has made this frightengly easy. This can, however be recognized fairly easy and prevented. In the example above, note that the perpetrator could not even spell "Department" right (it's misspelled as "Departament"). More important, moving the mouse over the link provided (which is a URL with Paypal's link in it) showed some different URL address which appears in the lower-left side of the Internet Explorer window. This is another major indicator that something is wrong with this email. Also, always remember, a REAL and LEGITIMATE company will NEVER ask you for such information (SS number, credit-card, etc) - Never! If you are asked for something like this in a simple email or one that links to a non-secure site, then something is wrong. Also, a secure site, such as Paypal or another LEGITIMATE company, which asks for such information will display a little "lock" in the lower-right status corner of the Internet Explorer window. Phishing is a very serious problem. You can avoid it by taking the steps I explained here!
My first major experience with a type of fraud over the Internet with was with a type of BUSINESS SCAM fraud, common to the Internet, especially with eBay users. EBay is an on-line auction and trading company where registered users can buy and sell items. I have used eBay several times for purchasing items, normally used, or hard-to-find, for modest prices. The turn of luck, and money, began with me on July 23, 2003 at about 4:30 PM. Please read about my experience below.
On July 23, 2003, I went to eBay and after careful searching, bided on a Sony Vaio for $1,399 sold by a user, named NUKIT. I was outbided by another user and upped my bid to $1424.98 (still good for a $1799 laptop). By 4:30 PM, I won the auction and was notified by eBay the total (including shipping) was $1454.98. This number, "Fourteen-Fifty-Four-Ninety-Eight" was to haunt me for a while!
On July 24, I authorized the $1454.98 payment via my Paypal account. And the auction bid was satisfied. One strange thing, however, was that the seller, NUKIT did not send that "thank you for your payment" email like you usually get on eBay. I went back onto eBay to check the now closed status of the auction only to find a chilling surprise.
The eBay user ID of the seller had been changed, and eBay removed that user from the auction site. I was worried, but told by friends and co workers that people change their names all the time on eBay. As an act of courtesy, I emailed the seller NUKIT, via his email address advising that my payment was complete and to give me a UPS shipping number when the laptop ships (it was from California).
The email above was never responded to until 4 days later, where I was given a UPS shipping number. I went to UPS's site, entered the shipping number, and was declined with the message "The shipping number you entered is invalid". I figured I typed it wrong, so I copied the number from the email and pasted it into the UPS's tracking system. Still, it did not work. I emailed the seller back again, telling him that the UPS number he gave me was wrong. I called UPS's "1-800" number, and their customer service was of no help with anything other than a tracking number!
Two days later, the seller returned the email, but instead of a tracking number, I was given a contact to another person, a woman named VORAPHAN, with her full address in Logan Utah, cellular, and home numbers! I got really upset and concerned at this point! More alarming, I called this woman long distance, and she answered. I asked her about the auction, and this person (NUKIT) who was the seller. She stated she knew the person from 5 or 6 years ago when she lived in California. I told here about what happened with the laptop sale and the shipping number. She seemed to be scared and worried how I got her address and phone number(s), and rudely hung up on me when I was in the middle of a sentence.
About two weeks passed by since the transaction on July 23. It was now around August 10. Nothing ever came to my door from UPS. I diligently tried to email the seller and like "no response to a personal ad from a person you are not their type", the email(s) were never returned. I opened a fraud request case on both Paypal and eBay and explained the case. Paypal was the first to investigate. On August 11, I received and email from Paypal stating that NUKIT, the seller, refunded the money. I wiped the sweat off my forehead, "swew!", but the "Swew" became "Uh-Oh" when the refund code said "Pending ... Waiting for funds to clear from seller's account, there is no guarantee funds will clear in 3 business days."
The three business days passed, around August 14, and an email came from Paypal's fraud department. It read "We have found the seller is AT FAULT of your fraudulent claim, but we REGRET TO INFORM YOU that the funds have not cleared from the seller's account. As stated, we cannot guarantee refunds from such cases."
After some SEVERE FRUSTRATION and having to take a walk to calm down, I contacted my bank, dispute the charge from Paypal from my checking account. They forwarded me to their fraud department and sent me a load of paperwork. Meanwhile, I tried to resolve the issue with "squaretrade", a resolution / dispute mediation division of eBay, but to no avail because the seller, NUKIT never returned / responded to their emails either.
Over a month went by, and I filed a case (#103081315355021) with the Internet Fraud Protection Act division of the government on FBI's site with more details than this essay. That was the last I heard about anything, and I wound up doing around August 20 what "I SHOULD HAVE DONE" in the first place: I went to Sony's site and bought the Vaio laptop I needed for $1617.97. I got it only 5 days after I ordered it on my front door. I was happy, but I keep getting haunted by the "gross" cost I actually spend. I keep adding the $1617.97 (laptop I did get) plus the $1454.98 (the amount STOLEN from me) to get the $3072.95 (this is what I spent in the long-run)!
Later on September 9, 2003, the $1454.98 was slowly passing into a bad memory and a few sacrifices (such as holding off on buying a fence for my property, saving money from going out on weekends, not going on trips, etc). This day, I was at work early and checked my personal email. I received two emails, both from Paypal, but one saying my checking account was charged $1454.98 and the other my credit card charged $1454.98, both at 4:30 AM that day!
Again, after walking and calming down, and speaking to my co-worker / boss who asked me why I was upset, I called my Bank and my Credit card. The bank was able to stop the $1454.98 because it was from a non-trusted account (Paypal) that I flagged back in August when all the original fraud was happening. The credit card charge did go through, and it's another thing I have to dispute with lots of paperwork and explain. This should bring the total cost of the laptop up another $1454.98, so the amount is now $4527.93! WOW, could have bought a car on eBay Motors for that price!
I reported what happened to my bank and credit card as well as eBay and Paypal's fraud centers. I even, for the heck of it, lashed out at the seller's email with a message telling him to stop whatever he was doing. The email message, of course, was never answered. I also went out to my eBay, Paypal, online banking, and personal email accounts and changed all passwords which I now keep in my wallet (non-memorizable), just to be safe.
After lots and lots of fighting and red tape with my bank, the charges were eventually reversed from my checking account(s). Paypal put my account on hold for nearly a month until I proved to them that I was who I said I was. My credit card is handling the additional charge I am disputing as fraudulent at the time I am writing this essay.
In addition to all this excitement, I received an email from the same address as the seller, NUKIT. This time the email stated the mother's name of the seller, and that the seller moved to Thailand permanently, and produced the full new address with phone numbers of the seller in that country. The email also stated the same woman, VORAPHAN in Utah with here full address claiming it was the seller's girlfriend! This email also stated that if I was to investigate and try to contact these, I was not to mention any emails, but that I am from INS or the police.
The strange email was not to be trusted, but it was carbon-copied (CC'd to several others). For the heck of it, I wrote to each of the other recipients this strange email was also sent to. Nearly all responded stating that the same seller caused each of them similar, if not worse, frustration. One lost nearly $3,500, another who also lived in California, traveled to the seller's residence to try to confront him, only to find the placed vacated.
Sounding more like a "dramatic soap opera", this story seems like fiction. But it is not. Some names have been omitted to protect privacy. No actors or made up stories here, this really happened, and it could happen to anyone, even you (Yes YOU). Don't become a victim of fraud!
My second experience with Internet fraud began on one normal morning in August of 2006. I have some credit-card accounts on-line to pay bills, check balances, and such. I have each set up so if any activity is done on each account, an email will be sent to me alerting me of the transaction, which hopefully would be by myself and nobody else.
That morning I received an email to my personal email account from "", one of my on-line credit card administration accounts. The email stated my user name and password were changed to sign into the account. I attempted to sign into it to check things out, using the same password and login I used for years and they did not work. Luckily, catching this in the nick of time, I contacted customer service immediately and told them what happened. They wound up cancelling my account and creating a new one, and even sent me a new credit card via same-day delivery. Since I caught it in time, nothing was charged on my account and my old credit card was promptly cancelled.
Luckily here, the only hassle was dealing with cancelling the old credit card and getting a new one, as well as making sure any billing pending with the old (cancelled) card was straightened out. Upon speaking with the customer support for Discover, I was told that their security team had the username / password my (now cancelled) account was changed to, as well as the perpetrator's email address. The scary part then came, when I was told a SS number, address, and phone number is required to changed my on-line information. But who got it? And how?
I can only assume that my personal information could have been gathered in two ways. First, and most probably, from the trash. People actually go through garbage looking for sensitive information such as credit-card numbers, social security numbers, and such - Many with great success. Second, and less likely, a Trojan horse or spyware program was on my computer and recorded my key strokes as I was on sites such as Expedia or eBay. Spyware can actually get a SS number or credit card in this way, even if the site you are visiting is secure, since it is recording key-for-key what you are typing, and not the encrypted data being sent!
Identity theft is scary. Very scary. Most likely, whoever got my information, did not even get it recently. It could have happened last month, or 5 years ago, who knows. Do you remember back in college when you wrote your name and SS number down for class attendance / roll call? Did you know that those SS numbers can and HAVE BEEN used in identity theft! Now days, this has changed with ID theft in mind. To name a few of the things a person can do with a social security number, check out the scary possibilities below...

The person can create a whole "copy" of your identity, and keep it to himself, even using YOUR name.

He or she can get a credit check, using your information, then buy a car, get a credit-card, and such - Using YOUR good credit rating.

The perpetrator will charge or get loans using your credit, and, of course, not pay - Destroying YOUR credit without you even knowing it (until perhaps years later).

Finding out about identity theft, especially when later on such as trying to finance a car and being turned down, will take many, MANY hours of hard work and frustration to resolve (if at all).

You can avoid such theft of your identity (or at least reduce the threat). Try to shred ANY sensitive information, don't just toss it in the trash. You can also burn it, but that is not recommended. Always keep close tabs on bank accounts, credit card activity, and your credit history to see if any thing looks amiss, and you catch it early on if you find something. NEVER give out personal and sensitive information to anyone. Do not even write a SS number on a check (use only the last 4-digits if you have to). Make sure you use a spy-ware blocker program AND full anti-virus software if you do ANY financial work of any kind online, even purchasing. Subscribe to an identity theft campaign for a small monthly fee. I did so as it was available with my credit card company, and I get a free credit report, and details about any financial and identity change activity where I can see if anything that I do not know about has happened.

Unfortunately, fraud is a nasty way many people lose money, and even worse, businesses, such as eBay, lost customers. Not a good thing in a bad US economy. You probably can't stop fraud, but the first step is to PREVENT IT by protecting yourself in the ways shown below. These tips are based on my experience.

Don't buy anything off eBay over $50 or $100. Big purchases are too risky.

Use a credit card if possible. Never use money-orders, cash, or checks! Even cash-transfers are nearly impossible to reverse if fraudulent.

Don't wait too long for a UPS / FedEx package. These are guaranteed 5 days coast to coast at most. Don't assume that "The check is in the mail"!

Look at a seller's eBay feedback. It should be near or at 100% positive rating. Assume that YOU can always be the FIRST one a seller chooses to impose an unfair transaction on!

Passwords are to be for security and protection. Names such as your "pet's name" or initials are not passwords! Also, don't use the same password for different Internet sites / services.

Don't be in a hurry to win an online auction. Don't be careless. What you see may NOT be what you get!

Stick to reputable sites! "" is a lot more trustworthy that "".

Never, EVER give out your name, phone number, address, or any confidential information such as credit card or bank account numbers. Trustworthy firms normally don't even ask for these things over the phone.

You get what you paid for. If a price appears "Too good to be true", then it probably is "Too good to be true!"

Avoid identity theft by destroying (shredding) any trash containing sensitive information such as social security numbers, credit card, bank accounts, immigration paperwork, etc.

Never give away any sensitive information. For example, do not write a social security number on an envelope or check. Do not provide such to any strangers or "casual" friends / acquaintances.

Always use a reputable spy-ware and anti-virus package on your computer that you use to do any online shopping, Internet banking, or where any sensitive information is provided. Make sure the site you are visiting is secure and legitimate.

Never reply to a SPAM (junk) email since doing so will confirm that your email is valid as most SPAM is computer-generated and random. Watch out for PHISHING (explained in detail above).

If you feel you are the victim of fraud, contact your local authorities, or start case at the FBI's Internet Fraud Site at

No comments:

Post a Comment