A Scammer's Life

Online scammers in Nigeria are facing tough times because many of the Americans they target are broke.

Their financial woes have been somewhat offset because more Americans, motivated by their own financial issues, are more easily duped by scammers — but even that is not enough, The Washington Post reported Friday.

One scammer, who identified himself to the Post only as Felix, said that in a good month he used to make $30,000 from duped Americans, but his revenue has dropped by about 40%.

Another scammer, known as Banjo, told the paper that Americans "don't have money. And the money they don't have, we want."

These online con artists send e-mails about unclaimed money to lists of e-mail addresses they buy online. People who respond to the ruse are told they must wire a processing fee to claim the larger sum, and their victims often comply.

"I'm selling greed," Felix told the Post. "You didn't apply for any lotto, and all of a sudden you just see a mail in your mailbox that you're going to win money? That means you have to be greedy."

Another variant of this scam is to mail a forged check and ask people to send a portion of the money back. The victims are often held responsible when banks later find that the check was fake.

The scam culture is so pervasive in Nigeria that it shows up in pop songs, though law enforcement agencies there are trying to crack down, the Post said, for example, by raiding cybercafes to head off scam e-mails as they are sent.


Online scammers are coping with the recession by posting fake want ads.

The bogus job postings work much like other common advance-fee scams but are disguised as job listings on legitimate Web sites. The New York Times profiled one victim, Claude Vera, who was sent a fake check to buy supplies that scammers said he would need for a work-from-home job.

He dutifully wired close to $8,000 to the purported vendors, but the funds really went to scammers, the Aug. 6 article said.

"If you are a con artist, having more people out of work to deal with increases your odds of finding a victim," Pam Dixon, the executive director of the nonprofit research group World Privacy Forum, told the Times.

Online job sites try to filter out scam listings, which typically are disguised as "work-from-home" opportunities or mystery shopper jobs, a technique that hides the fact that there are no actual offices that respondents can visit, the article said.

Exposures

The Social Security numbers of many big-shot business executives were exposed online by an Iowa government Web site.

More than 2,000 Social Security numbers belonging to top executives and directors were posted as part of corporate reports filed with the state before 2000, according to an article in The Des Moines Register Saturday.

The Web site, which the state shut down Friday, also included personal information on executives from outside Iowa. The state was notified about the exposure by the Register, which was told of the matter by privacy advocates.

Iowa's secretary of state, Michael Mauro, told the paper that the personal information was posted unintentionally. "There's nobody out there in the government sector, either the secretary or the governor, who is out there intentionally making information available to the public," he said.

The article noted that this is the second time in less than a year that Iowa has been caught posting Social Security numbers online. The earlier incident involved Social Security numbers found on the state's land records Web site.

The problem is primarily with older records, predating a state law that took effect in 2002, barring the use of Social Security numbers on government records. Before the law took effect, many businesses put Social Security numbers on forms voluntarily, in part because people were less concerned about identity theft then, the article said.


A laptop stolen from a government contractor has put 131,000 soldiers at risk of identity theft, the Bangor (Maine) Daily News reported Tuesday.

The affected individuals were enrolled in a bonus incentives program, and the laptop was stolen at a conference, Peter Rogers, the deputy commissioner of Maine's Department of Defense, Veterans and Emergency Management, told the paper.

"We have to assume that the information can be used to steal someone's identity," Rogers said.

The department is mailing letters to 766 members of the Maine Army National Guard, and more letters will be sent out as more affected soldiers are identified.

Sen. Susan Collins of Maine told the paper that government contractors should be aware that they are "stewards of large amounts of personal data on law-abiding citizens and that they must guard this information wisely or lose people's trust."

Hacked.Gov

The Web sites of at least 18 members of the House of Representatives were hacked into and altered this month.

The incident may serve as a lesson on password security — the affected pages were assigned to representatives who never changed their default passwords, according to GovTrends, the Web design company that hosts the House.gov pages. Another possibility is that the sites were attacked through a flaw in the Web server configurations, The Washington Post's Brian Krebs reported Aug. 6 and Aug. 7 in his "Security Fix" column.

Parts of the members' pages were replaced with the message "H4ck3d by 3n_byt3 @ Indonesia H4ck3rs." Among those affected were Republicans Duncan Hunter of California and Spencer Bachus of Alabama; as well as Democrat Jesse L. Jackson Jr. of Illinois.

Ab Emam, the founder of GovTrends, said that the default passwords assigned to each page were not considered strong. "Most of these passwords could be guessed; they were obvious," he said.

However, Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham, suggested that the Web server might have been attacked.

Jeff Ventura, a spokesman for the House's chief administrative officer, called the incident "digital graffiti" and said no sensitive data was exposed. "Over the last year the House has continued aggressively fortifying its security systems," he told the Post. "These improvements to our systems resulted in the swift identification of the site defacements."

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.