Security Watch

Grounded

The Federal Trade Commission has shut down the company of a Utah pilot for allegedly defrauding thousands of people of millions of dollars.

The company, called IWorks Inc., allegedly lured consumers into bogus money-making schemes and fake memberships in government grant and loan programs. People had to enroll using a credit card number, then were charged monthly fees and membership fees for programs they had not enrolled in. The membership fees were sometimes as high as $129.95. Monthly recurring fees were $59.95 for things like the fake grant program.

The charges frequently wound up in Visa Inc. and MasterCard Inc.'s chargeback systems, the International Business Times reported in a Dec. 27 article. The chargebacks prompted millions of dollars in fines for the defendants, Jeremy Johnson and nine others. To get around the chargeback problem, Johnson, a well-known Utah philanthropist who allowed state law enforcement agencies to use his private aircraft and who airlifted medical supplies and other provisions to Haiti after last January's earthquake, allegedly created 51 shell companies that opened merchant accounts with third-party payment processing companies in order to continue imposing the fraudulent charges, the Las Vegas Sun reported on Dec. 23.

IWorks also allegedly threatened people who complained by saying it would report them to BadCustomer.com, a merchant blacklist of bad customers. Johnson had had run-ins with enforcement agencies, including the Securities and Exchange Commission, since 2001.

Aloha

The Bank of Hawaii made some important upgrades of its automated teller machines after the sentencing of a 53-year-old man who stole $6,100 from nine hapless bank customers who left their cards in the bank's ATMs near a Honolulu shopping mall.

The thief, James F. Solomon Jr., lurked near the machines, waiting for people to leave their cards behind, then he withdrew as much money as he could, the Honolulu Star Advertiser reported in a Dec. 25 story.

To address the security flaw that allowed this scam, the bank now requires customers to key in their personal identification numbers again for multiple transactions.

Solomon was sentenced to a year in prison and four years of probation. The judge also ordered him to repay the money he had stolen, as well as to pay $4,175 to the state victim compensation special fund. Solomon will have to do 1,000 hours of community service during each year of his probation.

He was charged with multiple counts of theft, identity theft, credit card theft and fraud, the Star Advertiser reported.

What's on TV?

A host of new Internet-ready electronic gadgets are the targets of hackers, The New York Times Dec. 26. This includes at least one popular new HDTV model that researchers at the San Francisco security company Mocana Corp. discovered has a software flaw that lets it attach to the Web. reported

The researchers said they could easily exploit the hole to put up fake screens for legitimate websites, such as Amazon.com, that criminals could use to request payments from unwitting consumers. (The researchers did not identify the television brand.)

Internet-ready TV sets now join smartphones and electronic tablets, which have fewer built-in defenses than laptop and desktop computers, that have come under increasing attack this year through the burgeoning applications market that they support. Security firms said they may focus on nonsoftware methods of protecting some new devices, such as fingerprint scanners and other personal identifiers. The Times reported that security firms believe anti-virus software might take up too much memory on the new gadgets.

Playing His Game

A theater writer and director, James Veitch, has decided that, rather than fall victim to a Nigerian e-mail scammer who had hijacked a friend's e-mail account in an attempt to trick Veitch out of $2,000, he would instead string along the scammer on his own ruse, according to The New York Times blog Pogue's Posts.

"Hi, sorry to bother you at this time," the scammer wrote, "but I made a quick trip early this week to London, UK and had my bag stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. … I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in."

Veitch, a London resident, replied, "But how on earth did this happen? I had no idea you were even in London? And two GRAND on hotel bills? How on earth did you manage that? You could have stayed at [my flat] for free!"

After a dozen back and forth exchanges like that, including one in which Veitch insisted that the scammer write a poem in order to collect the money, the scammer gave up in disgust: "Fine no problem i can see you are not helping matters thanks for your time," the scammer wrote.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.