Name Game
In one case, scammers pretending to be Federal Trade Commission Secretary Donald Clark called from a phone number with the Washington, D.C., area code, 202. The victim, a Washington state resident named Ralph, phoned the number back where an answering machine said he had reached the FTC, MSNBC's Bob Sullivan reported Oct. 30 in his column "The Red Tape Chronicles."
The ruse itself was a typical advance-fee scam, asking Ralph to wire money to receive the $500,000 he was told he'd won. Ralph had entered a sweepstakes recently and was not surprised to be told he had won something, but he called the 202 number anyway just to be sure.
"It was very believable," he told Sullivan.
Betsy Broder, who heads the FTC's privacy and identity theft division, said there have been other instances of con artists impersonating FTC employees.
"Some of our people have been very shaken up once they find out their personal names were used. … This is particularly pernicious because it gives people a sense that this is legitimate and reliable," Broder told Sullivan.
Insider Indicted
A Bank of New York Mellon Corp. employee targeted his peers in an eight-year financial crime spree, according to Manhattan District Attorney Robert M. Morgenthau.
Adeniyi Adeyemi is accused of using the identities of 150 bank employees to steal funds from them and from other bank clients from Nov. 1, 2001, to April 30, 2009. He faces 149 charges of grand larceny, identity theft, money laundering, scheme to defraud, computer tampering and unlawful possession of personal identification information, according to an Oct. 28 announcement from Morgenthau's office.
According to Morgenthau, Adeyemi used employees' names to open dummy accounts at other financial institutions to receive stolen funds. He then allegedly stole money from those employees as well as several organizations with accounts at Bank of New York Mellon, where Adeyemi worked as a computer technician.
The New York/New Jersey Electronic Crimes Task Force traced the transfer instructions to a wireless Internet connection in Adeyemi's apartment building, where mail associated with the fraudulent transactions was also sent, according to Morgenthau. Further evidence, such as the computerized credit reports of many bank employees, was uncovered when a warrant for a search of Adeyemi's apartment was executed on April 30, the announcement said.
Going Viral
Microsoft Corp. has admitted that its Autorun feature, meant to be a convenience to users who want CDs and other devices to play automatically when placed in a computer, has helped some prominent malicious programs reach more targets.
The same feature that lets music play without any prompting from the computer's user can also let viruses on a disc or a USB drive activate before a user even realizes it is there, The Washington Post's Brian Krebs reported in his "Security Fix" column Monday.
In Microsoft's latest Security Intelligence Report, the company said that a pair of bugs that exploit the Autorun feature have infected more than 10 million computers. One of those bugs, a password stealer called Taterf, uses Autorun as its exclusive method of infection.
Microsoft did not enable the Autorun feature for USB devices in its newest operating system, Windows 7, though CDs and DVDs still run when inserted. A patch Microsoft put out in August switched off the Autorun feature for USB devices in earlier versions of the Windows operating system, the article said, though that patch was not distributed through the automatic update system that Microsoft uses to distribute most security fixes.
