The Attorney General for the State of Missouri announced last week the establishment of a new, national fund to assist and repay victims of Moneygram scams. The fraudulent wire transfer scams occurred between January 2004 and August 2009. According to the announcement:
"MoneyGram International, Inc. (MoneyGram), a global money services business, has agreed to forfeit $100 million to the United States as part of an agreement with the Justice Department. The agreement arose from a case involving approximately 25 MoneyGram agents allegedly carrying out wire scams..."
The fraudsters operated several versions of scams, often targeting senior citizens. Some of the scams involved promises of large cash prizes, shopping discounts, or employment opportunities as a "secret shopper" to trick unsuspecting consumers into transferring money. Another version of the scam involved a bogus story where a relative was stranded in another country, in need an immediate cash.
The Missouri Attorney General's Office will send letters to consumers who filed complaints about the MoneyGram scam. the letters describe the process for victims to receive a share of the forfeited payment. If you were a victim of the scam and did not file a complaint, you may still be eligible. If you believe you were a victim during the above period, contact the Missouri Attorney General's Office at 800-392-8222. All claims must be submitted by November 15, 2013.
For more information about the claims process, see http://www.justice.gov/criminal/vns/caseup/moneygram.html. The Justice Department's Victim Asset Recovery Program will review claims and determine payment on a case-by-case basis. The amount victims will receive will be determined after all claims have been processed.
The Oregon Attorney General, made a similar announcement in September 2013 about a settlement with Moneygram.
Sadly, this is not the first time Moneygram has been involved in scams. In 2008, The State of Maryland Attorney General announced an agreement between Moneygram and attorney generals in 43 states for alleged wire transfers to fraudulent marketers. The 2008 announcement:
"... MoneyGram will, among other things, fund a $1.1 million national consumer awareness program and set out very prominent consumer warnings on the forms used by consumers to wire money. MoneyGram, based in Minneapolis, offers money transfer services by wire... The problem addressed by the Agreement is the high number of “fraud-induced transfers” – money wired by consumers to fraudulent telemarketers and other scam artists. For example, some telemarketers, often based in other countries, use a “lottery” scam, in which they tell vulnerable consumers they have won a large sum of money but must pay taxes or other charges in order to claim the winnings..."
The Texas and Vermont attorney generals made similar announcements about the 2008 settlement. And, the U.S. Justice Department announced in November 2012:
"MoneyGram International Inc... has agreed to forfeit $100 million and enter into a deferred prosecution agreement (DPA) with the Justice Department in which it admits to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program, as charged in an information filed today in the Middle District of Pennsylvania."
In that 2012 announcement, Assistant Attorney General Breuer said:
“MoneyGram’s broken corporate culture led the company to privilege profits over everything else... MoneyGram knowingly turned a blind eye to scam artists and money launderers who used the company to perpetrate fraudulent schemes targeting the elderly and other vulnerable victims."
It sounds to me like the corporate culture is still broken. How much is enough? While the fines help victim recover stolen money, they clearly aren't enough. Send corporate executives to prison. That will put a quick stop this garbage.
Readers of this blog know that Moneygram is key vendor behind Walmart Money Centers, which offer a variety of banking services including money transfers, credit cards, prepaid cards, and gift cards. Knowing this history, I would not buy any money transfers at a Walmart Money Center. Would you?
Experts advise consumers to never wire money to a stranger. Transferring money via wire services is the same as cash. Call or contact the supposed family member in distress first, to verify the story.
Last week, the Attorney General's office for the State of Maryland announced that its Consumer Protection Division had reached a settlement with Stanislav Komsky, operator of the Joomsef.net, a website that featured traffic citations issued to Maryland residents. The Maryland Attorney General office's announcement said that Komsky's website:
"... exaggerated the traffic offenses by representing that consumers had been "booked" or arrested, and by displaying a space on each webpage reserved for a photograph of the consumer that was captioned "Mugshot Unavailable," wrongly suggesting that a mugshot had been taken... In order to fully view the information about the "charged" offenses, Joomsef.net required a fee of $9.99..."
So, to view a full report, which was misleading, residents paid $9.99 per report. Residents who wanted their information removed Joomsef.net had to pay from $39.99 to $89.99, depending upon how quickly they wanted their information removed. Komsky has since taken down the Joomsef.net website.
Terms of the settlement agreement require Komsky to cease publishing false or misleading information about consumers' backgrounds (criminal or other), to refund payments he already collected from consumers to view or remove their information, and to pay a $7,500 penalty to the Consumer Protection Division.
Maryland Attorney General Gansler said:
"The Internet should be a resource for sharing information, not a vehicle for spreading misinformation... Businesses cannot be allowed to post half-truths on the Internet to make a quick buck."
A number of websites have emerged in several states where website operators post publicly-available mug-shot photos, and then charge large fees to residents who want the information removed. I agree and look forward to more states' attorney generals investigating and prosecuting this type of deceptive marketing.
On Thursday, Adobe announced a data breach that affected 2.9 million of its customers. The types of data elements accessed and stolen included customer names, ID numbers, encrypted passwords, encrypted credit- and debit card numbers, expiration dates, and information related to customers' software orders. At the time of the breach announcement, Adobe does not believe that unencrypted credit- and debit card numbers were stolen.
Adobe is working with its partners and law enforcement to investigate the breach and resolve the situation. Besides notifying affected customers' banks, Adobe is:
"... resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password... notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you..."
Adobe will offer affect customers one year of free credit-monitoring services.Perhaps most troubling is that during the Adobe breach, hackers modified and/or stole the company's source code for several of its products. Reportedly, products with stolen source code included Adobe Acrobat and ColdFusion. Adobe produces several other proudcts including Photoshop, which is available through the company's Creative Cloud service.
The Krebs On Security blog announced the breach before Adobe confirmed it:
"... hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers... affected customers — which include many Revel and Creative Cloud account users... Adobe is still in the process of determining what source code for other products may have been accessed by the attackers, and conceded that Adobe Acrobat may have been among the products the bad guys touched..."
Krebs On Security reported that the hackers behind the Adobe breach are the the same group behind the NW3C breach:
"...the attackers appear to have initiated the intrusion into the NW3C using a set of attack tools that leveraged security vulnerabilities in Adobe’s ColdFusion Web application server..."
The modified and/or stolen source code for Adobe software products is particularly alarming and troublesome because it becomes very easy for hackers and thieves to insert malware inside of product software to do far more damage, identity theft, and data breaches. It undermines totally the security of the software.
What I have learned and observed during my career while working for a variety of businesses:
Click on the image to view a larger version. Pretty soon, I will publish an "advanced" wage-theft flow, as there are even more ways some ethics-challenged executives and employers will "mug" their employees. To learn more, visit the Wage Abuse section of this blog.
Recently, researchers at Harvard Business School published a report about a study about fake online reviews. Typically, a company or hired vendors write the fake online reviews. The researchers studied fake reviews at the Yelp.com site about restaurants in Boston, and found:
"First, roughly 16 percent of restaurant reviews on Yelp are identified as fraudulent, and tend to be more extreme (favorable or unfavorable) than other reviews. Second, a restaurant is more likely to commit review fraud when its reputation is weak, i.e., when it has few reviews, or it has recently received bad reviews. Third, chain restaurants - which benefit less from Yelp - are also less likely to commit review fraud. Fourth, when restaurants face increased competition, they become more likely to leave unfavorable reviews...
The researchers labeled certain business behaviors: "positive review fraud" when a business engaged in creating fake, positive reviews about itself, and "negative review fraud" when a business engaged in creating fake, bad reviews about a competitor. The study methodology used Yelp's formulas for identifying bogus reviews. At the time of the study, Yelp had about 30 million online reviews and 100 million unique visitors per month.
The researchers cited results from other studies that focused on other industries:
"... Mayzlin et al. (2012) exploit an organizational difference between Expedia and TripAdvisor (which are spin-os of the same parent company with different features) to study review fraud by hotels: while anyone can post a review on TripAdvisor, Expedia requires that a guest has "paid and stayed" before submitting a review. The authors observe that Expedia's verification mechanism increases the cost of posting a fake review. The study finds that independent hotels tend to have a higher proportion of five-star reviews on TripAdvisor relative to Expedia and competitors of independent hotels tend to have a higher proportion of one-star reviews on TripAdvisor relative to Expedia..."
The findings in this study probably explain the motives by 19 companies exposed last week and fined for astroturfing by the New York State Attorney General. Desperate companies and executives do desperate things. It isn't right, but they do it. And, they will continue committing online review fraud as long as:
The probability of getting caught X the probability of getting sued X the probability of paying a fine (or going to jail) < the amount of revenues generated by fake online reviews
What are consumers to do? Right now, learn how to spot fake reviews. Some of the links below can help. I hope that the attorney generals in more states investigate and prosecute online review fraud. These fraudsters need to be exposed publicly.
Download the Harvard Business School report, "Fake It To You Make It: Reputation, Competition, And Yelp Review Fraud" (Adobe PDF). Learn more about online reviews:
On Monday, the New York State Attorney General announced agreements with 19 companies to stop their practice of submitting fake reviews at many social networking websites. The year-long undercover investigation, code named "Operation Clean Turf," found:
"... the manipulation of consumer-review websites... companies had flooded the Internet with fake consumer reviews on websites such as Yelp, Google Local, and CitySearch... many of these companies used techniques to hide their identities, such as creating fake online profiles on consumer review websites and paying freelance writers from as far away as the Philippines, Bangladesh and Eastern Europe for $1 to $10 per review. By producing fake reviews, these companies violated multiple state laws against false advertising and engaged in illegal and deceptive business practices."
The agreements, called Assurances Of Discontinuance, require the 19 companies to pay more than $350,000 in fines. Fines for individual companies ranged from $2,500 to about $100,000.
Some of the defendant companies involved were Search Engine Optimization (SEO) firms. SEO firms help client companies' websites appear on the first page of search results at search engines such as Google, Yahoo, and Bing. The SEO firms also offered reputation management services which included "astroturfing" -- a form of fake advertising where a company prepares and/or distributes fake reviews where reasonable consumers would believe those reviews to be from a neutral, third-party. Some SEO firms also changed the IP addresses of users' computers submitting fake reviews to avoid the filters at social netowrking websites to reject fake reviews.
The SEO companies that agreed to stop their astroturfing activities (bold emphasis added):
"Zamdel, Inc., d/b/a eBoxed, a search engine optimization company based in New York City, which posted more than 1,500 fake reviews of clients on consumer-review websites such as Yelp.com, Google Places, Yahoo! Local, Citysearch, Judy's Book and InsiderPages.com..."
"XVIO, Inc., another search engine optimization company based in New York city, which posted hundreds of fake reviews of clients on consumer-review websites. XVIO also conducted a "secret shopper" campaign where its agents received free or discounted goods and services from XVIO's clients in exchange for a review. However, the reviewers were encouraged to post on consumer-review websites only if they were positive, the "secret shopper" did not disclose that he or she had received a free or discounted product or service..."
"Laser Cosmetica, the now-former owner of this well-known laser hair-removal business with multiple locations in the tri-state area orchestrated an astroturfing campaign, hiring an SEO company that posted fake reviews on consumer-review websites, and instructed employees and friends to write fake reviews on consumer-review websites. They also offered discounts on services in exchange for online reviews, without requiring the customer to disclose the gift in the review."
"US Coachways, Inc. The management of this leading national bus charter company based in Staten Island, NY orchestrated an astroturfing campaign, writing bogus reviews themselves, soliciting freelance writers from oDesk.com and Fiverr.com to write bogus reviews, and urging employees to pose as customers and write positive reviews..."
"Swam Media Group, Inc. and Scores Media Group, LLC. The manager of this licensee of the Scores gentlemen's club franchise orchestrated an astroturfing campaign with the help of a freelance writer that resulted in 175 fake reviews of entertainers at the Scores adult club in New York City and an affiliated website, scoreslive.com..."
The companies that signed Assurance of Discontinuance agreements included:
Congratulations to the New York State Attorney General, and his investigative team, for putting a stop to this business practice in New York State. Now, attorney generals in other states also need to take action.
Today's post highlights another reason consumers should install (and keep updated) the anti-virus software on their smartphones, tablets, and other mobile devices. Experts expect online criminals to migrate their ransomware attacks from personal computers (e.g., desktops and laptops running Windows OS, operating system software) to mobile devices.
With ransomware, criminals install malware on the victim's computer that takes over the computer. The malware is disguised within mobile apps or in bogus software (e.g., fake anti-virus). Some ransomware, known as "police trojans" pretend to be software from law enforcement. Once installed upon and in control of a victim's computer, the criminals demand payment for the victim to get control back of their computer. The payment is usually to wire money to a foreign account. Of course, there is no guarantee that the victim will get control back of their computer back after payment.
Experts expect ransomware to target mobile devices running the Android OS. Why Android OS devices? CSO Online reported:
"Any business can open an Android app store with or without a mechanism for vetting the available software. As a result, the platform has become a favorite target for cyber criminals... In 2012, the number of Android malware was up 2,577% from the previous year..."
Earlier this year, European law enforcement broke up a ransomware theft ring that had targeted victims in 30 countries. Reportedly, about 3 percent of victims paid $100 Euros (about $134 U.S.) to the online criminals. Officials estimated that the theft ring made millions of Euros.
Ransomware appeals to criminals because it is difficult for consumers to remove the software. So, prevention is the best method for consumers. To avoid ransomware, experts advise consumers to:
If your computer or mobile device has been infected with ransomware, experts advise consumers:
Just before the Labor Day holiday weekend, the U.S. Federal Trade Commission (FTC) announced a preliminary agreement with two agencies in Nigeria to increase cooperation with fighting cross-border fraud. The FTC signed a memorandum of understanding (MOU) with Nigeria's Consumer Protection Council (CPC) and Nigeria's Economic and Financial Crimes Commission (EFCC).
The MOU provides for a Joint Implementation Committee to identify concrete areas of collaboration, establish joint training programs and workshops, and provide assistance regarding specific cases and investigations. The MOU is a framework for voluntary cooperation and will not change existing laws in either country. The CPC addresses consumer complaints through investigations and enforcement; the EFCC is a criminal enforcement agency with authority to address consumer fraud and other financial crimes.
FTC Chairwoman Edith Ramirez said:
"Cross-border scammers use fraudulent e-mails and other scams to bilk consumers all over the world, while undermining confidence in legitimate businesses... This MOU will help our agencies better protect consumers in both the U.S. and Nigeria.”
Director Dupe Atoki of the CPC stated:
“We fully support this collaboration on consumer and fraud matters, and have already detailed a senior CPC official to the FTC for a six-month staff exchange.”
Executive Chairman Ibrahim Lamorde of the EFCC said that he:
“...welcomes this partnership, which builds on our existing collaboration with the FTC and with U.S. criminal enforcement authorities."
The FTC already works with the two Nigerian agencies on policy and enforcement matters, including the African Consumer Protection Dialogue, the International Mass Marketing Fraud Working Group, the London Action Plan (LAP, an anti-spam network), and the International Consumer Protection and Enforcement Network (ICPEN). ICPEN has agencies from about 50 countries.
The FTC Office of International Affairs oversees international projects and provides representatives who work with agencies in other countries. Using both formal and informal agreements, the FTC works with more than 100 consumer protection organizations in other countries.
Earlier this month, Rhode Island residents were warned about a utility scam where fraudsters try to trick them into disclosing sensitive bank account information. The fraudsters pretend to be representatives from your local utility provider; in Rhode Island, National Grid.
During the phone call, the fraudsters claim that customer's account is past due, and that their electric or gas utilities will be shut off unless they pay immediately, by providing their bank account and payment information over the phone. Besides Rhode Island, the fraudsters have targeted consumers in Pennsylvania, Maryland, Ohio, Florida, and Alabama. In Florida, the fraudsters demanded payment via the Green Dot prepaid card.
National Grid does not contact Rhode Island customers by phone about past due account notices. If you receive a phone call with this scam, or were affected:
Earlier this wek, the Keiser Report posted this Yourtube video with a comparison, which I distilled into the following formula:
Well, Western bankers certainly deserve this criticism. You can read about the reasons why in the banking section of this blog. While this comparison is pretty funny, what isn't funny is that a viewer or reader probably can't rely on RT (Russia Today) News to deliver consistently balanced news. Will Russia Today criticize, when appropriate, the Kremlin? Will it present news about harsh anti-gay laws in Russia? Will it report instances of persistent and violent racism in Russia? Will it report news about the assissinaton of journalists? I highly doubt it.
Yesterday, the U.S. Attorney's Office in New Jersey announced the indictment of five persons for operating a worldwide and data breach and hacking ring that stole information about more than 160 million credit- and debit-cards, resulted in losses of hundreds of millions of dollars. The theft and fraud ring targeted financial institutions and companies, including alleged:
"... attacks on NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard."
How the theft ring operated:
"The five men each served particular roles in the scheme. Vladimir Drinkman, 32, of Syktyykar and Moscow, Russia, and Alexandr Kalinin, 26, of St. Petersburg, Russia, each specialized in penetrating network security and gaining access to the corporate victims’ systems. Roman Kotov, 32, of Moscow, also a hacker, specialized in mining the networks... The hackers hid their activities using anonymous web-hosting services provided by Mikhail Rytikov, 26, of Odessa, Ukraine. Dmitriy Smilianets, 29, of Moscow, sold the information stolen by the other conspirators and distributed the proceeds of the scheme to the participants. Kalinin and Drinkman were previously charged in New Jersey as “Hacker 1” and “Hacker 2” in a 2009 indictment charging Albert Gonzalez, 32, of Miami, in connection with five corporate data breaches – including the breach of Heartland Payment Systems Inc.,..."
Drinkman and Smilianets were arrested in the Netherlands on June 28, 2012. Smilianets was extradited to the USA on Sept. 7, 2012, The other three defendants are still at large. Four defendants are Russian citizens. Rytikov is a citizen of Ukraine. The number of 160 million cards stolen is an estimate, and could be higher.
Addition information from the announcement:
"The five defendants conspired with others to penetrate the computer networks of several of the largest payment processing companies, retailers and financial institutions in the world, stealing the personal identifying information of individuals. They took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of cardholders."
Thanks to the several federal agencies involved in pursuing and capturing these defendants.
To me, this case is another example that identity-theft thieves and fraudsters are smart, creative, organized, and persistent. The days of the lone hacker are gone. Identity thieves target firms they believe are vulnerable. Identity thieves go where the money is.
I find this case highly interesting, as both Global Payments and Heartland experienced massive breaches previously. That the hackers targeted these and other payments processors means that all of these firms' computer systems are still vulnerable, despite executives' claims otherwise.
Late in June 2013, the National Employment Law Project (NELP) released the results of a study about wage theft in America. The NELP press release stated key findings from the study:
"Over 83 percent of workers in California are unable to hold employers accountable and recover their unpaid wages after receiving a legal judgment in their favor... The study... exposes the challenges that workers face in collecting wages owed from their employers—even after state authorities rule in the workers’ favor and order employers to pay... The first of its kind, the study finds that the majority 60 percent of businesses found liable for unpaid wages ultimately suspend, forfeit, cancel or dissolve their businesses, making it more difficult for employees to collect the wages they are owed."
The study, "Hollow Victories: The Crisis in Collecting Unpaid Wages for California’s Workers" (Adobe PDF; 422K bytes) was produced by the National Employment Law Project (NELP) and the UCLA Center for Labor Research and Education. The researchers performed a detailed, comprehensive analysis of records from 2008 to 2011 released by the California Division of Labor Standards Enforcement (DLSE). The researchers also interviewed 50 workers in California who had attempted to collect unpaid wages through legal methods. The NELP is a non-partisan, not-for-profit organization that conducts research and advocates on issues affecting low-wage and unemployed workers.
Wage theft is:
"... paying workers less than the minimum wage or agreed-upon wage, requiring employees to work “off the clock”without pay, failing to pay overtime, stealing tips, illegally deducting fees from wages owed, or simply not paying a worker at all. Pay violations are shockingly high in low-wage industries... retail, restaurant and grocery stores; domestic work and homecare; manufacturing, construction, and janitorial services; car washes, and beauty and nail salons..."
Interviews with employees revealed even more ways employers practice wage theft:
"... employers paid them with invalid checks with insufficient funds; other employers simply stopped issuing workers their paychecks at all because the company had run out of money. Other employers would fail to pay their workers, and when pressed, would break promises to pay at a later date. Still other employers forced workers to record fewer hours than actually worked on their timesheets, or failed to pay for overtime. More often than not, workers reported that patterns of wage theft occurred over a lengthy period of time, lasting months or even years."
The wage theft affects everyone, not just employees:
"... the state loses valuable revenue in payroll taxes... In a sense, taxpayers are subsidizing unscrupulous and law-breaking behavior by these employers. Wage theft hurts communities and other businesses that abide by the law. Unpaid wages also means that fewer dollars circulate to local businesses, stunting economic recovery, depressing employment by small businesses, limiting local sales tax collections, and diminishing opportunities for local economic development. Even other businesses are hurt; when responsible employers must compete with unscrupulous employers..."
Besides wage theft, employees experienced several hardships. After reporting wage theft to authorities, many employees experienced retaliation by employers:
"... Several workers reported that their employers lowered wages, fired them, or threatened to call the police or immigration enforcement after learning that workers had filed a wage claim or lawsuit. These reports echo prior data on retaliation against low-wage workers: the same national study found that 43 percent of workers who made a complaint or attempted to form a union experienced one or more forms of retaliation."
"The lengthy duration of the wage claim and collections process, including the DLSE process and private lawsuits, caused severe economic distress on workers and their families... Several workers reported going without food or medicine and difficulty in paying bills and rent as a result of unpaid and uncollected wages."
Detailed findings from the report about unpaid wage collections by employees:
"... workers recovered only 42 percent, or $165 million of approximately $390 million in total wages verified as owed by the DLSE. This figure includes amounts agreed to in settlement and after judgment.
Only 17 percent of California workers who prevailed in their wage claims before the DLSE and received a judgment were able to recover any payment at all between 2008 and 2011.
Although the DLSE issued awards for unpaid wages of more than $282 million between 2008 and 2011, workers were able to collect a mere $42 million—roughly 15 percent—of those awards from their employers. Our research also finds that workers who try to enforce DLSE judgments for unpaid wages often find that their employers have disappeared, hidden assets, or shut down operations and reorganized as a new entity.
Employers who did not pay their workers, refused to settle, were found by DLSE to owe wages, and then became subject to a court judgment were more likely than not to have suspended, forfeited, cancelled, or dissolved business status within a year of the wage claim.
In 60 percent of cases where judgments were issued against business entities by the DLSE, employers who were found to owe their workers for unpaid wages were also found to be “non-active” business entities by the California Franchise Tax Board or the California Secretary of State. “Non-active” businesses include those that have forfeited, cancelled, or dissolved status. In 24 percent of all cases, employers were found to be non-active before the DLSE was able to issue its finding."
The researcher look at several tools available to employees, such as a post-judgement lien, a mechanic's lien, collection agencies, and collection by the DLSE. The researchers concluded:
"A stacked deck: current collections tools are inadequate for victims of wage theft"
Why employees have huge difficulties collecting unpaid wages with the current set of collections tools:
The researchers also compared findings about California to findings:
"... released by the Wisconsin Labor Standards Bureau, Wisconsin Department of Workforce Development, and Wisconsin Department of Justice... We examine Wisconsin data, as the state has the oldest and one of the most extensive wage lien programs in the country."
Some comparisons between California and Wisconsin:
"In Wisconsin, which does not have an administrative hearing process for wage claims, 80 percent of suits to enforce the wage lien result in some payment of unpaid wages for the worker. In cases where wage liens are used to recover unpaid wages for a worker, workers recover 25 percent of the amount found to be owed, more than 1.5 times more than in California."
Some states have laws allowing employees to attach wage-liens against an employer's property, but many don't or the laws are limited to certain industries:
"Many states have wage lien laws in some form, providing good experience and success with this mechanism, including Georgia, Idaho, Maryland, New Hampshire, Texas, and Wisconsin. Alaska, Pennsylvania, Washington, and Florida allow wage liens for specific industries, and Tennessee and Indiana allow wage liens for corporate or partnership employers."
The researchers concluded:
"The good news is that other states have enacted policy solutions that encourage prompt settlement and promote efficiency in their wage collections process. For example, states like Wisconsin that have enacted laws that authorize the worker to impose a lien on the employer’s property in cases involving unpaid wage have higher rates of collection for wage theft... California and other states around the country can provide more effective legal tools, such as wage liens... to increase efficiency in the enforcement of judgments for unpaid wages."
What does all of this mean? Several things:
What's your opinion about wage theft? Is it getting better or worse? What about the laws in your state?
Last Tuesday, the law firm of Labaton Sucharow announced survey results about ethics, executive misconduct, and the role of regulators in the financial services and banking industry. The survey, part of the "Wall Street In Crisis: A Financial Storm Looming" (Adobe PDF) report, concluded:
"A particularly troubling and consistent finding from our survey is what the future holds for Wall Street. Many of the young professionals who will one day assume control of the trillions of dollars that the industry manages have lost their moral compass, accepted corporate wrongdoing as a necessary evil and fear reporting misconduct. This is a ticking economic timebomb that responsible organizations must immediately defuse."
Some detailed results from the survey:
"Despite the many reforms put in place in the wake of the financial crisis, only 36% of respondents felt that Wall Street has changed for the better since Dodd-Frank’s passage in 2010. More than half of respondents–52%–felt it was likely that their competitors have engaged in unethical or illegal activity to gain an edge in the market; 24% felt employees at their own company likely have engaged in misconduct to get ahead. Misconduct is still widespread... 23% of respondents indicated that they had observed or had firsthand knowledge of wrongdoing... 26% believed the compensation plans or bonus structures in place at their companies incentivize employees to compromise ethical standards or violate the law... 28% of respondents felt that the financial services industry does not put the interests of clients first."
According to the survey, younger professionals were more likely to know about, accept and participate in illegal or unethical behavior than older workers:
"... 24% of financial services professionals likely would engage in insider trading to make $10 million... if they wouldn't get arrested. That figure surges to 38% for individuals with 10 years or less in the industry."
Perhaps most importantly, bad executives don't act alone or unseen:
"... there are always witnesses. Indeed, 23%–more than one in five professionals–have personally observed or have first-hand knowledge of wrongdoing in the workplace. The data suggests that the longer you work in the financial services sector, the more you’ll see: 29% of professionals with more than 20 years’ experience have observed or have firsthand knowledge of misconduct, a full 9 percentage points higher than those with 10 years or less in the field."
Regarding regulators, the survey found (links added):
"... 62% of financial services professionals felt the SEC is an effective watchdog and 57% felt that FINRA is effective. Despite the encouraging 89% of financial services professionals who indicated a willingness to report wrongdoing given the protections and incentives such as those offered by the SEC Whistleblower Program, 40% of respondents were still unaware of the SEC’s Whistleblower Program."
Despite the whistle-blower protections, Wall Street workers fear retaliation (emphasis added in bold):
"Given the pressure to perform and a concerning lack of faith in leaders to address criminal activity... 24% of respondents felt their employers would likely retaliate if they were to report wrongdoing in the workplace. This astonishing figure is a full 9 percentage points higher than our 2012 survey... 36% of female respondents believing that they would be retaliated against... compared to 17% of male respondents... 32% of professionals with 10 years or less experience would fear retaliation, which represents a 21 percentage point increase over those with more than 20 years’ experience..."
So, things are getting worse, not better.
The survey, conducted June 18 to 27, 2013, was part of the "Wall Street In Crisis: A Financial Storm Looming" (Adobe PDF) report. Labaton Sucharow commissioned ORC International to conduct the survey, which included 250 respondents ages 18 years or older who work in the financial services industry as traders, portfolio managers, investment bankers, hedge fund professionals, financial analysts, investment advisors, asset managers, and stock brokers.
This is the second survey by Labaton Sucharow, which often represents SEC whistle blowers. Read about the firm's 2012 survey.
[Editor's Note: I am pleased to present in today's post the press release below by ID Experts.]
PORTLAND, Ore. — July 10, 2013 — The security of personal information is at greater risk now than a decade ago. Financial identity theft and medical identity theft—with life-threatening implications—are impacting millions of people. In fact, experts estimate that an identity is stolen every three seconds. The infographic, Is Your Information Safe?, provides a snapshot of identity theft and data breach over the last decade. According to leading experts, global networks and use of advanced sinister technologies are expected to escalate, threatening consumers’ information:
1. Global criminals. Criminals are now globally connected and increasingly part of organized crime rings.
-- Rick Kam, president and co-founder, ID Experts
2. Undetected hackers. Advanced persistent threat (APT) is when hackers gain access to a company’s network and remain there undetected for a long period of time.
-- James Christiansen, chief information risk officer, RiskyData
3. Malicious attackers. Hacktivists have an advantage over today’s corporate data.
-- Dr. Larry Ponemon, chairman and founder, the Ponemon Institute
4. Data breaches affect everyone and everything. Breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
-- Kirk Nahra, partner, Wiley Rein, LLC
5. Electronic breaches are infinite. Electronic health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage for an unlimited period of time.
-- James C. Pyles, principal and co-founder, Powers Pyles Sutter & Verville PC
6. More devices, science fiction type-technologies, to digitize personal data. Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software—all used to collect and digitize consumers' sensitive personal data—are on the horizon, and will force consumers to demand better privacy protections.
-- George Jenkins, editor, I’ve Been Mugged
7. The Insider Threat. Dishonest and poorly trained employees pose one of the greatest threats to consumers' personal information; it's much easier to do damage once inside the castle.
-- Philip L. Gordon, shareholder, Littler Mendelson, P.C.
8. Data cannot be protected. The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected.
-- Anthony M. Freed, community engagement coordinator, Tripwire Inc.
9. Bring Your Own Device (BYOD). More employers are allowing employees to utilize their own personally-owned mobile devices for work. While this can increase productivity and convenience, it introduces several potential data security threats.
-- Joanna Crane, senior consultant, Identity Theft Assistance Center
10. Data breaches involving sensitive consumer information have become the new normal. Consumers must play an active and long-term role in the privacy and security of their personal information and regularly monitor their financial account statements, credit reports and healthcare explanation of benefits.
-- Robin Slade, development coordinator, Medical Identity Fraud Alliance (MIFA) and president & CEO, FraudAvengers.org
11. The Surveillance Economy. With technologies such as Google Glass that can record video without anyone's knowledge or approval, we are always on candid camera. Combine that with location-based tracking on our mobile devices and suddenly privacy seems to be an outdated concept.
-- John Sileo, privacy evangelist and CEO of The Sileo Group
“Identity theft will not go away, until the issue of identity is solved,” said Robert Siciliano, CEO, IDTheftSecurity and personal security and identity theft expert. “‘Identity-proofing’" consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.”
About ID Experts
ID Experts delivers complete data breach care. The company's solutions in data breach prevention, analysis and response are endorsed by the American Hospital Association, meet regulatory compliance and achieve the most positive outcomes for its customers. ID Experts is a leading advocate for privacy as a contributor to legislation, a corporate and active member in both the IAPP and HIMSS, a corporate member of HCCA and chairs the ANSI Identity Management Standards Panel PHI Project. For more information, join the LinkedIn All Things HITECH discussion or All Things Data Breach; follow ID Experts on Twitter @IDExperts; and visit http://www2.idexpertscorp.com/.###
April 20, 2013 is "Secure Your ID Day." To learn more about how you can protect yourself and your sensitive personal information, visit the Better Business Bureau website. The site lists participating BBB groups in various states.
If you can't attend a local event, then browse these tips and suggestions from the BBB to keep your sensitive personal information secure. Other resources that consumers may find helpful:
St. Louis-based KSDK television reported a data breach at Schuncks supermarkets. The supermarket chain isn't yet sure exactly where (e.g., which stores) and how the breach occurred (e.g., in the store or with a debit/credit card processor). The breach occurred about a week ago.
Schnucks operates stores in Missouri, Illinos, Iowa, and Indiana. Customers have already seen unauthorized charges on their debit/credit cards. A representative from Montgomery Bank reported that about 600 of their accountholders have already filed fraud claims. Some customers wonder why the store has not posted alerts in its stores, so shoppers can use cash instead:
“They’re just letting people use their cards and not saying anything.”
Reportedly, the retailer has hired a forensics technology firm to assist it with a breach investigation. It sounds to me like the company' was caught unprepared and its post-breach response needs improvement. Customers need to be notified prompty to take appropriate action to avoid or minimize identity theft and fraud.
Wicked Local warned consumers about a check scam that targeted the Police Chief at Hingham, Massachusetts. Like many other check scams, the a package arrived snail mail -- in this case, UPS. The package included a letter and bogus $3,000.00 check which appeared to be from a legitimate business. The letter includes instructions to wire money, about $250, to cover supposed taxes and fees.
Police Chief Michael Peraino was suspicious and called the business first to verify the check. The receptionist at the business verified that the check was a fake, as the business had already received many phone calls from consumers.
Fraudsters attempt check scams like this because they receive real money wired to them from each victim long before the victim realizes that the bogus check they deposited in their bank account has bounced. Each victim is out the $250 they wired, the amount of the bogus check, and any bounced-check fees from their bank.
Check scams like this are a reminder for consumers to verify first any check you receive from an unknown organization or person.The Identity Theft Resource Center (ITRC) advises consumers to follow these steps to verify a suspected scam:
If you are unsure who the attorney general is in the state where you live, then browse this list. Readers of this blog are familiar with a similar check scam that targeted Craig's List website users.
The California Attorney General (AG) issued these safety tips for consumers to securely shop online:
"1. Shop on secure websites. One clue about which websites are safe and which are not is to look for a yellow padlock in the browser bar or ‘https’ in the web address (the ‘s’ stands for ‘secure’).
2. Don’t make purchases over a free Wi-Fi hotspot like at a coffee shop, which can be scanned by those looking to capture your passwords and other information.
3. Never send personal or financial information through e-mail. Legitimate companies will not ask you to do so because it is not a secure way to transfer sensitive information.
4. If you are receiving text messages on your cell phone saying you have won a prize or gift card, do not click on the link in the message – it is most likely a scam and may install a virus on your phone.
5. To get the full value of a gift card, use it right away. Gift cards that are lost or stolen are not always replaceable. Retailer or restaurant gift cards do not have expiration dates, but bank cards, like Visa or MasterCard gift cards, or cards issued by a mall that can be used at different stores, may sometimes have expiration dates.
6. Know the return policies of the retailers you shop with before you leave the store or conclude an online transaction. Many retailers will give you a refund if you have a receipt and your return is prompt, but some may only give store credit. Ask a clerk if the policy is not posted at the register."
This list is good advice year-round, not just during the holidays. To this list, I would add:
Recently, I received the following email message from a relative:
Sent: Thursday, November 01, 2012 11:30 AM
To: undisclosed recipients:
Subject: Manila, Philippines : (Sad News) : Shirley XXXXXXXXXX
Just hoping this message reaches you... Well, I'm sorry for this emergency and for not informing you about my urgent trip to Manila, Philippines but I just have to let you know my present predicament... Everything was fine until I was attacked on my way back to the hotel, i wasn't hurt but I lost my money, bank cards, mobile phone and my bag in the course of this attack.. I immediately contacted my bank in order to block my cards and also made a report at the nearest police station. I've been to the embassy and they are helping me with my documentation so i can fly out but I'm urgently in need of some help from you to pay up my hotel bills and my flight ticket back home... My return flight back home is scheduled to leave in few hours from now... Please i need your help..."
The bottom of the email had the person's standard, valid signature with her office contact information. Legit email or scam?
To me, it read like a scam. My relative uses much better punctuation and grammar. Plus, I didn't think she was traveling abroad. So, the simple next step was to call her via a land-line phone or other separate method to confirm things.
I called her, left a voice mail message, and she replied via email a day later. She confirmed that she was not traveling abroad, and that heer email account had been hacked.
Identity thieves and scam artists are creative and persistent. There are a variety of "phishing" (e.g., email) scams and "smishing" (text message) scams. Learn to recognize them. Remember, you can always call the company directly and confirm whether or not they sent the suspect text message (or email).
So, a word to the wise. When you receive a suspect communication, confirm it with the person (or company) first via an alternate method. If you receive a suspect text message, call or email the person. If you receive a suspect email, call the person. Even better, talk with them in person.
While waiting for the person to reply, you can always check one of the hoax websites, like Snopes. Your telephone company's website probably lists the types of phone and text scams that have been reported. Your Internet service provider's website probably lists the types of email scams that have been reported.