Monday, August 30, 2010

Grandparent Scam Thwarted

LONDON, Ontario, August 30 /Canada NewsWire/ - The RCMP London Detachment thwarted an attempted "Emergency" or "Grandparent" Scam last week. An RCMP officer who was attending a bank on unrelated police business learned that a senior citizen was withdrawling a large sum of cash to send to a grandson in trouble while away on a trip. The RCMP officer and bank staff were able to convince the senior to contact family members and confirm some facts. It was later learned that it was indeed a scam.

Though the "Emergency Scam" (or sometimes referred to as the "Grandparent Scam") has been around for years, the RCMP led Canadian Anti-Fraud Call Centre (PhoneBusters) warns the public to be on the lookout after noting a marked increase in the number of complaints in the last two months.

In the typical scenario, a grandparent receives a phone call from con-artist claiming to be one of his or hers grandchildren. The caller goes on to say that they are in some kind of trouble, usually a car accident, returning from a foreign country, or even bail money and need money immediately.

Victims don't verify the story until after the money has been sent as the caller specifically asks that they do not want other relatives to know what has happened by asking "Can you please help me? I'm in jail (or in the hospital / or in some type of financial need). But don't tell Dad. He would kill me if he found out, please sent the money ASAP. I'm scared"

The CAFCC (formerly called PhoneBusters) was established in 1993 and is jointly operated by the RCMP, the Ontario Provincial Police (OPP) and the Competition Bureau Canada. The CAFCC is a national call centre where people can report fraud complaints and the information is used to assist in investigations. The CAFCC plays a key role in educating the public about specific fraudulent mass marketing and identity theft pitches. It also helps to prevent similar crimes from taking place in the future through its ability to identify emerging trends. To report a fraud call 1-888-495-8501 or report online at

Protect yourself:

Be vigilant. Protect yourself and your family. Resist the pressure to "act now". Don't panic. Know with whom you are dealing. Ask for his/her name and coordinates and confirm them for yourself or request assistance from a member of your family or somebody you can trust. Contact your local police to help you or to verify the legitimacy of such telephone calls. Be wary of unsolicited emails, telephone calls, or mail attempting to extract money from you or asking you to transfer money electronically urgently. Fraud - Recognize It. Report It. Stop It.

Tuesday, August 24, 2010

False Sense of Computer Security

A team of security analysts found that most leading anti-spyware and anti-virus software fail to detect commonly used keyloggers.

HALIFAX, August 24, 2010 /Canada NewsWire/ - Keyloggers are designed to silently record all of one's computer activity. They are commonly used for parents to monitor their children's computer activity. Now they are being used for criminal activity ranging from spying on individuals, identity theft and data theft.

The security team at SpyReveal tested the leading anti-spyware and anti-virus software against ten of the most popular keyloggers. The results were astonishing! Most of the leading security software used to combat viruses and spyware failed to detect 70% of the keyloggers. While most failed to detect any keyloggers at all, SpyReveal successfully detected all keyloggers.

Computer users are receiving a false sense of security when installing various security applications. With the explosion in online banking, the proliferation of identity theft is greater than ever. Many users install an anti-spyware solution with the expectation of being safe from identity theft. Unfortunately, they are still at an extremely high risk for identity theft and data logging.

"More and more news stories are being published of hackers who have obtained credit card records by using keyloggers", said Mr. Hankinson, SpyReveal's co-founder. "Yet, we still see major players in the security industry continue to fail at this specific type of problem."

Still don't think you or your business is at risk? Take for example Verizon's 2009 Data Breach Investigations Supplemental Report which states "Keyloggers and spyware.... played a crucial role in larger breach scenarios in which hundreds of millions of records were compromised."

"Consumers and businesses should not rely on a single solution for security. Each has a specific purpose. We want consumers to realize that even though their anti-spyware software says 'Nothing Found', that any keylogger could still be present, recording credit card information or business intellectual property," Mr. Hankinson added.

It is important for users to purchase security solutions that are designed for a dedicated purpose to receive the highest degree of protection, without being too narrow. With software like SpyReveal, you can rest assured that you are protected from most keyloggers available on the open market.

About SpyReveal

Founded in 1999, SpyReveal, has focused solely on keyloggers and other available commercial surveillance software. The product has been featured all over the world, most recently in USA Today, and is highly regarded by many security experts. For more information, please visit

Friday, August 13, 2010

In the US - New Scheme Uses Denial-of-Service Attacks to Access Consumer Accounts

Courtesy of Florence Klein, Founder, Published August 11, 2010

By now, it's more than clear—con artists never stop coming up with new ways to separate you from your money. Here's another scam to watch out for, as detailed in the following press release from the Internet Crime Complaint Center (IC3):

Fraudulent Telephone Calls Allowing Fraudsters Access to Consumer Financial and Brokerage Accounts

The FBI Newark Division recently released a warning concerning a new scheme using telecommunications denial-of-service (TDoS) attacks.

The FBI determined fraudsters compromised victim accounts and contacted financial institutions to change victim profile information (i.e., email addresses, telephone numbers, bank account numbers).

The TDoS attacks used automated dialing programs and multiple accounts to overwhelm victims' cell phones and land lines with thousands of calls. When victims answered the calls, they heard dead air (nothing on the other end), an innocuous recorded message, an advertisement, or a telephone sex menu. Calls were typically brief but so numerous that victims changed their phone numbers to terminate the attack.

These TDoS attacks were used as a diversion to prevent financial and brokerage institutions from verifying victim account changes and transactions, thus affording fraudsters enough time to transfer funds from victim brokerage and financial accounts.

Protection from TDoS attacks and other types of fraud requires consumers to be vigilant and proactive. In Newark’s public service announcement (PSA), consumers are reminded to protect themselves as follows:
Implement security measures for all financial accounts by placing fraud alerts with the major credit bureaus if you believe they were targeted by a TDoS attack or other form of fraud.
Use strong passwords for all financial accounts, and change them regularly.
Obtain and review your annual credit report for fraudulent activity.

If you are a target of a TDoS attack, immediately contact your financial institutions, notify your telephone provider, and promptly file a report at the FBI's Internet Crime Complaint Center (IC3). The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for case consideration. The complaint information is also used to identity emerging trends and patterns.

To learn more about the FBI’s role in addressing these attacks, please refer to the FBI Newark Division's PSA dated May 11, 2010.

Sunday, August 8, 2010

Protect Yourself Against Mortgage Fraud

Calgary Real Estate Board offers tips to avoid becoming a scam victim

CALGARY, August 6, 2010 /Canada NewsWire/ - With the recent rise in mortgage fraud cases in Calgary, the Calgary Real Estate Board (CREB(R)) is encouraging members of the public to be informed about mortgage fraud red flags and to do their 'homework' to avoid becoming a scam victim.

"Mortgage scams are carried out in all different forms and involve a multitude of people; some who don't even know they're being taken advantage of," says Diane Scott, president of CREB(R). Participating in a scheme that requires you to provide false or misleading information to a mortgage lender is fraud, an offence under the Criminal Code of Canada. "There are two prominent kinds of mortgage fraud today: one involves scams that attempt to illegally acquire property - 'fraud for property' - and one wherein schemes are designed to squeeze money out of transactions involved when a property is exchanged between buyers - 'fraud for profit'," says Scott. "The number-one rule to remember when it comes to real estate investments or any investments ... if it sounds too good to be true, then it probably is," adds Scott.

Mortgage Fraud Processes

Straw Buyers: People who are offered money to lend their identity, and are considered phoney loan applicants. They are often offered several thousand dollars for the use of their name and good credit information. Some straw buyers may not know that their name was used on a mortgage application. Another form of mortgage fraud through the use of a straw buyer is to have someone sign documents that contain false information or information they cannot prove. For example, if you state that you will be residing in the property and you have no intention of doing so, that is considered fraud.

Property Flipping: Involves a dishonest seller who artificially inflates the value of a property. This involves fraudulent appraisals, false loan documentation and exaggerated incomes in order to secure loans. The seller inflates the price using a phoney appraisal and arranges for a buyer who can qualify for a large mortgage. Once the mortgage is delivered, the home is sold and another buyer assumes the mortgage. The phoney appraisal remains with the property through multiple transactions, making it difficult to determine the property's true worth. The end buyer is the victim. They're conned into thinking they are purchasing a sound investment property. "CREB(R) takes mortgage fraud very seriously and would, if required, cooperate with the Real Estate Council of Alberta (RECA) and law enforcement agencies to assist in any investigation related to mortgage fraud. CREB(R) is committed to ensuring its members follow the highest standards or professionalism and the REALTOR(R) code of ethics," confirms Scott.

REALTORS(R) are educated in the tell-tale signs of mortgage fraud and are trained to help identify these red flags. CREB(R) also encourages consumers to take a proactive approach and become familiar with the red flags of mortgage fraud.

Some tips for consumers include:

- Do your 'homework'! Make sure you are using a licensed mortgage broker who is registered under the Real Estate Act in Alberta. Licensed mortgage brokers are required to conform to a code of conduct enforced by RECA. Contact RECA at 403.228.2954 to ensure your broker is licensed.

- Before you buy, have a REALTOR(R) show you the listing history on the property. Check the number of sales, price ranges, and community prices.

- Get your own REALTOR(R) or independent representation for your purchase (if the seller objects, something is wrong).

- Ask your REALTOR(R) to provide you with a comparative market analysis of the property.

- Ask for a copy of the land title search.

- In addition to a comparative market analysis you may want to include, as part of your offer to purchase, the option to have the property appraised by a designated or accredited member of the Appraisal Institute of Canada.

- Make sure your deposit is being held in a trust account.

For more information about the red flags of mortgage fraud, go to RECA's website at and search for 'mortgage fraud red flags'.

Friday, August 6, 2010

Commissioner Cavoukian launches multi-level "Think before you Copy" educational campaign in an effort to eliminate avoidable data breaches

TORONTO, August 6, 2010 /Canada NewsWire/ - Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, is urging key players in the province's health sector to join her in a multi-level education campaign aimed at preventing the far-too-frequent disclosure of unencrypted personal health information through the loss or theft of portable electronic devices such as laptops and USB keys.

This announcement comes on the heels of yet another USB key containing the unencrypted, identifiable personal health information of more than 750 patients being lost through the theft of a purse.

"These privacy breaches - which in recent years have included the loss or theft of the unencrypted personal health information of more than 100,000 patients - can and must be stopped," said the Commissioner. "Portable devices should never be loaded with unencrypted personal information. Either encrypt the information, or remove all personal identifiers from the information before loading it onto a portable device."

"Despite my issuing three health Orders and other publications addressing this issue, it is still happening. The message is obviously not getting through to all levels," said the Commissioner. "We have had cases where employees were not aware of a "must encrypt" policy."

Commissioner Cavoukian is sending letters out to all regulatory health colleges and professional associations in Ontario, stressing the need for a new awareness campaign - which she is calling Think before you Copy - and offering the assistance of her office in developing educational initiatives. The College of Nurses of Ontario has already contacted the Commissioner's office, after she publicly cited her concerns Wednesday, offering to explore how to incorporate the information into its ongoing education for its members.

"I applaud the College of Nurses for being proactive and I look forward to working with them," said Commissioner Cavoukian.

While several of the recent breaches have involved hospital staff, many different sections of the health sector have encountered problems, said the Commissioner.

"It is essential," she added, "that all health-care practitioners, their staff and other agents ask themselves one key question before copying any health information to a mobile device. Is it necessary to store personal health information on this device? If the answer is yes, then they must either encrypt the information or effectively de-identify the information by removing all personal identifiers. It's that simple. We are reaching out to the Colleges and associations for their assistance in getting this message out to the entire health sector."

Among the initial ammunition the Commissioner is considering for the Think before you Copy campaign, are:

- generating case studies or practical examples applicable to staff in the various health sectors;

- creating pertinent posters;

- producing stickers for mobile devices with a message reminding health staff to STOP, THINK, ENCRYPT;

- distributing existing guidelines as well as producing short, pertinent articles for college/association newsletters.

The Commissioner stressed that she is also looking for input from colleges and associations.

An awareness campaign and firm action are needed, said the Commissioner. She praised Dr. Bob Bell, president and CEO of the University Health Network, for his commitment to encryption to protect the personal health information of the patients of UHN's three hospitals. Bell explained this week that the hospital group "is putting USB keys across the organization that are encrypted. We told all our staff they must put patient information on an encrypted device if they need to put it on a device at all."

Commissioner Cavoukian is encouraging all health colleges and associations to contact her office "to determine how we may work together in helping you create education programs for health-care practitioners, their employees and other agents on how to minimize the threat to privacy posed by mobile devices."

The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner's mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians, in addition to educating the public about access and privacy issues.