SleuthSayers: scams

Showing posts with label scams. Show all posts

10 October 2020

Kyle in Payables Has Been Binge-Watching, and Now You Need to Care About Zettabytes

by mystery guest

Please welcome the newest inmate to our cozy little asylum. Robert Mangeot has been around the short mystery fiction scene for a few years now. His stuff is in a few anthologies and appears frequently in Alfred Hitchcock Mystery Magazine (and has made my best-of-the-week selection four times.) He’ll have a piece in AHMM's November/December issue due out later this month. Bob is a healthcare industry long-timer when not writing, as his first piece makes clear.

— Robert Lopresti

KYLE IN PAYABLES HAS BEEN BINGE-WATCHING, AND NOW YOU NEED TO CARE ABOUT ZETTABYTES

by Robert Mangeot

Here’s Kyle again, five minutes late for the 8:00AM St. Healthcare Payables team Zoom huddle. He’s bleary-eyed--again--and slurping coffee (“Kyle, can you mute, please?”) after all-nighter binge watching the just-dropped Wicked Streaming Show That Has People Talking, season two. WSS.2, in Kyle-ese. He’ll gush baggy-eyed over each and every spoiler if anyone hangs on the Zoom too long. Usually, we can’t stay mad at him. Kyle is bedrock here in Payables, first with the virtual high fives and the loudest voice singing “Happy Birthday.” This morning, though, the coffee isn’t kicking in yet, and he’s digging this new email promising a GIFT CARD!!! if he clicks there and takes this important HR survey. Gift cards? Hello, WSS merch.

Don’t do it, Kyle. Don’t.

Kyle does it. Clickety clickety click. He’s heard about email scams and stolen files and that stuff. They do training in Payables, thank you very much. But this email seems legit. The logos and fonts are right for HR (they are), the linked website looks like HR (it kinda does, those smiling nurses), and the password log-in seems fine (it’s so not). Anyway, his melatonin is off this morning.

Let’s call the malware BigBummerExpress. Kyle’s computer doesn’t slow to a crawl processor-wise. It doesn’t flash the Blue Screen of Death. It doesn’t laugh a super-evil laugh like that cray hacker episode from WSS.1. BigBummerExpress is loaded and running, sure. And yeah, there’s patient information on his computer for the grabbing.

Kyle isn’t who BigBummerExpress is after.

Meet the United States healthcare system. We Americans spend $3.6 trillion annually on all things medical and surgical, much more per capita than most other industrialized nations. Three trillion isn’t the largest number involved in this caper, but it’s the motivating number.

However we got here and whatever your opinion about it, U.S. healthcare is a huge market. Most money is spent well enough or at least well-intendedly. As for the rest, there’s a reason that entire professions--including mine--have spun up to chase bad actors. And lately, there’s the bad actor golden ticket: ransomware.

To be clear, I am not a technology expert. I’m not involved in cybersecurity. I’m a humble regulatory nerd who barely understands how my laptop crunches its ones and zeroes. But with cybersecurity being crucial to those regs, I try to stay hip on the trends.

In September, Universal Health Services--a giant at 400 facilities--announced a major cyberattack had taken down clinical systems. Universal is not releasing details, but if it sounds like ransomware, it probably is. Patient appointments were rescheduled, test results were delayed, and patients inbound to their ERs were diverted elsewhere.

Universal is hardly alone in the cyber battles. In 2019, hospitals and clinical practices reported nearly 1,000 successful ransomware attacks. What makes healthcare an outsized target over other sectors? Large health organizations can find the pay-off money somehow. Paying up may be a care imperative. Also, medical software products are often older and assembled as a patchwork. Lastly, a patient record contains a more comprehensive set of personal data than your average retail outlet. Such records are so valuable that the Dark Web apparently coined its own term: Fullz.

Health data has grown to mind-boggling size and mushrooms further each year. Experts predict that cumulative health data about you and me will reach 35 zettabytes this year. A zettabyte is tech-speak for one sextillion. That’s roughly one byte for all the grains of sand on all the Earth’s beaches--multiplied by 35. Or to see all the commas, we’re talking 35,000,000,000,000,000,000,000 bytes of health data out there.

And the problems usually start with phishing.

A month has passed since Kyle did that vendor survey thing. He’s forgotten about that gift card or reporting a concern because, bless him, rumors go WSS.3 will be the full throttle, slam-bang finale. In that month, BigBummerExpress has used his system credentials to cruise the company IT platforms and learn where that sweet data is, how it’s structured, what protects it. To the Security people, if they spot any oddness in Kyle’s activity, it looks like him accessing places he’s authorized to access.

It’s encryption time.

8:15AM, the Zoom huddle and Kyle slurping coffee. His boss is asking Kyle to mute when everyone’s Payables screens flicker off. Text messages start flying. His boss manages to say, “I gotta go.”

It’s no wonder that crime fiction often involves a cyber angle. The technology and its human implications can be fascinating, and it brings plenty of cat-and-mouse games. If anyone is mulling a healthcare cyber tale, here’s a general lay of the land for 2020 realism.

To read the industry studies, hospital ransoms used to be small, way cheaper than fighting the protracted fight. A volume business. Fast forward to 2020: Those studies put asking prices in the millions. Today’s ransomware isn’t just encrypting data natively but stealing it on threat of release, so that companies can’t plug in the back-ups and refuse to bargain. Big game hunting, in the lingo.

Healthcare providers have layers of serious defenses in place. Be assured the good guys are damn good—and have to be. Federal regs (anyone remember the Health Insurance Portability and Accountability Act?) require detailed IT security plans and regular self-assessments, at the pain of major fines and enforcement should personal health information be jeopardized. Europe’s laws are even tougher.

Cybercriminals are such an everyday threat that it’s an insurable risk. Of course, no underwriter goes on the hook for potential millions only to stay out of the response and prevention discussions. Like I said, serious defenses.

That can have a weak link.

Kyle is messaging his buddy. He had another emergency Zoom interview, this time an IT consultant dude with an open collar shirt and razor stare. The consultant dude kept showing Kyle that HR email and asking about BigBummerExpress and even about his browser history. His affiliations. This FBI lady joined the call, too. She didn’t utter a word. Just made notes.

It was awesome.

It’s been weird at St. Healthcare. HR sent an actual email with an actual performance warning. It took forever to get the Payables and medical record interface back running, and while it’s not been on the news, Kyle figures somebody must’ve coughed up for the hackers to go away.

Hackers. Big money. Affiliations. What Kyle’s thinking, this would make full throttle WSS fan fiction.

28 September 2020

Bam, Scam, Thank you, Ma'am

by Steve Liskow

Every six weeks, or so, my wife Barbara says to me, "Isn't your big break about due again?"

It's a standing joke, going on for so long we no longer remember when it began.

The phone rings and when one of us answers, we hear a young female with an Asian accent asking for "Step-on Leez-cow." This young woman, whose name is always "Mumble" and who works for "Mumble Mumble" promotion group (both of those change from call to call, by the way), is very ex-site-ted about my new book, Post Cards of the Haing-Ging. They would like to promote it and hope I will send (usually 50 or 100) copies to some book event that also changes with each call and which I've never been able to find through an Internet search.

I haven't stayed on the line long enough to learn how much money I'm supposed to invest in their enterprise, but I know it will be enough to make their phone call worthwhile… for them.

My "new" novel Postcards of the Hanging, appeared in February 2014. I have received this phone call at least a dozen times in the last three years and I look forward to it along with offers to update the warranty on my 2004 Honda Accord.

If you're new to writing, you'd probably be thrilled to receive a call like this. Don't be. Ask how the "Company" heard about your book. Ask what they noticed about your website. Ask where else they have looked to find information about you. It's fun to listen to the dead air before they guess. Sorry, Ms., no lifeline here.

A month ago, I heard from a new caller and was in a bad mood (Surgery does that to me), so I played with him more than usual.

"Kevin" called from some mumbled promotion group, and they were palpitating about Words of Love, which I published "recently." It was late 2019, so props to them for being more up-to-date than Ms Bangkok (Who is due to call again next week). Kevin wanted to promote my book so we could boost the sales enough to bring it to the attention of major publishers and renegotiate a deal. We would split the profits. He didn't say whether it would be an even split.

I interrupted to ask how much he expected me to invest, and he answered, "10 or 15 thousand dollars" (Cue hysterical laughter). After that, like a basketball player who turns the ball over and compounds the error by committing a foul, he asked if I was familiar with traditional publishing.

My first novel was with a small traditional publisher. They peeled me like an apple, partly because I signed a bad contract and partly because they were blood-sucking vermin. Other writers had similar experiences and the company has long since disappeared because word got around, as it always does. Remember, we're writers. We tell stories. That company is one of the reasons I self-publish my novels now.

Then Kevin went for the Trifecta, asking me what I've done to promote my book. This is my answer, pretty much verbatim:

I'm a member of Mystery Writers of America, Sisters in Crime, International Thriller Writers and the Short Mystery Fiction Society. I have served on panels for both MWA and SinC, usually at libraries, but at both the New England Crime Bake and Crime Conn, too. I conduct fiction workshops in libraries and other venues, and have a video workshop available online. I have done radio and TV interviews, podcasts and print newspaper feature stories. I have won several awards, which are listed on my Website and Facebook Author page. My daughter updates my website frequently. I have also published about thirty short stories (traditionally) and have several others currently under consideration.

Kevin was amazed. I told him he hadn't done his homework or he would have, at the very least, Googled me and found all that stuff--along with reviews of various books and stories.

I didn't bother to point out what would happen on the one in a trillion chance that a traditional publisher decided to take on my book. I simply told Kevin I don't give large sums of money to amateurs.

These are scams.

Because of the Covid-19 lockdown, many people who have threatened to write "That Book" have actually used the time to do just that. The scammers smell fresh meat and are coming out of the dunghills to take advantage of it.

The Short Mystery Fiction Society posted a scam letter a few weeks ago, and when I first started out, I might have fallen for it. Now, I got about one sentence beyond the salutation before I knew it was fake. Less than two weeks ago, SMFS published a warning about a questionable literary agency that wanted to put writers in touch with Hollywood to sell their novel as a screenplay. I get email offers like that about once a month. They never name the novel they're looking at.

The problem is, if you're starting out, you're learning to write and query and create a synopsis and do an elevator pitch and revise your novel and create a website, a Twitter feed and a dozen other things. You're already swamped without having to learn to spot the grifters out there. There are a few websites to warn people, but they need to know a scam is active before they can pass the word. That means someone has to spot it and alert them.

Writer's organizations are important because they protect their members.

That's another thing mystery writers do besides tell stories. We try to look out for each other.

01 February 2018

Just Another January in South Dakota

by Eve Fisher

I don't know if this made the national news, but the South Dakota media was all over the story of a 72 year old SD man, Daniel Lucas, who snow-birded in winter to Arizona, and who never came back last spring and was missing. Well, they found him. He killed himself in his car, they say. His head was in a box, and his body down in a canyon in Maricopa County. So how did he get dismembered? Well, apparently a homeless man, Mattew David Hall. found him in his car, dead, and rather than call the police, he moved the body but kept the head to prove that he hadn't killed him… And kept it for a long, long, long time… They say that Mr. Hall has mental issues. Yah think? I think the guy kind of looks like Nick Nolte, so there's casting if they ever make a movie of it.

Moving on, we South Dakotans have our own Kremlin connection! We're so proud. Paul Erickson, of Vermillion, SD, is a long time Republican campaign operative. He worked in SD for Trump, and in 2016 Erickson claimed he was on the Trump presidential transition team. Which is why he sent an email during the 2016 NRA convention to then-presidential candidate Donald Trump with the subtle subject: "Kremlin Connection":

Image result for paul erickson south dakota

Fun Fact: Back in 1994 Erickson was an entertainment lawyer
who booked John Wayne Bobbitt
on a “Love Hurts," worldwide media tour.
Subtle, he's not.

"Putin is deadly serious about building a good relationship with Mr. Trump. He wants to extend an invitation to Mr. Trump to visit him in the Kremlin before the election. Let's talk through what has transpired and Senator Sessions' advice on how to proceed."

No one knows if that meeting took place: Sessions told the House Intelligence Committee he didn't remember the request.

Okay, so Erickson is also connected to Russian gun rights advocate Maria Butina, who's worked for the deputy governor of Russia's central bank, Alexander Torshin, and who ran a pro-gun group in Russia supported by Torshin. Erickson and Butina formed a limited liability company called "Bridges" in South Dakota in 2016 (I don't know if it was before or after the Kremlin Connection e-mail), which has an address in a Sioux Falls apartment building and no known actual purpose. (Can't even find it on the web, dag nabbit.) So - according to McClatchy news outlet, the FBI is investigating whether Torshin funneled money (thru Butina, thru Erickson?) through the NRA to help fund the Trump presidential campaign. The NRA spent $55 million on the 2016 election with $30 million of that going to the Trump campaign.
Gentle reminder: The reason this matters is that it's illegal to use foreign money to influence federal elections. (Thank you, Angela Kennecke for your investigation!)
BTW: Check out this post from South Dakota's own Cory Heidelberger, with photos of Ms. Butina speaking all over South Dakota, including the Teenage Republicans Camp in the Black Hills, where a number of past and current South Dakota legislatures were counselors, or just there for the party. Including Mr. Erickson...

Our South Dakota Legislature is back in session, and the legislation is coming out thick and fast, and piling deeper and higher. Some of my personal favorites so far:

HB 1144, which makes it easier for city councils, county commissions, school boards, and other governmental bodies to do their business behind closed doors, especially if they're "Consulting with legal counsel or reviewing on communications from legal counsel about proposed or pending litigation or contractual matters.” (Someone's trying to do something they don't want anyone to see...)

SB 107, which would repeal all regulations and licensing requirements for barbers. Can't figure that one out to save my soul...

SB 109, which would repeal the licensing requirements for sign language interpreters. Can't figure that one out, either...

THE Official State Seal

HB 1102 started as a bill to require as much as a year in jail and a $2,000 fine for creating any replica of the Great Seal of South Dakota that did not include every detail specified by state law, including the state motto, “Under God the People Rule.” (See image to the right)

Well, the ACLU and most of us South Dakota smart-alecks had a lot of fun with that (google freely), and it's since been amended to ban renditions of the seal that are “greater than one-half inch in diameter and used for an official purpose or a for-profit commercial use” while at the same time making it clear that HB 1102 does not apply to “or limit any artistic or satirical use of the seal.” More fun is still being had, because how can you resist shooting ducks? (This is funnier up here, in Ducks Unlimited territory.) Google freely.

State Representative Drew Dennert wants to make hunting, fishing, trapping and harvesting wildlife a constitutional right, that "shall be forever preserved for the public good" in HJR 1005, and make "Hunting, fishing, and trapping... a preferred means of managing and controlling wildlife." Still trying to figure out the "harvesting" part. I can just see it now - hunters fighting against farmers in combines in the corn fields over the pheasants:
"I'm hunting!" "But I'm harvesting!" And shots ring out...

Meanwhile, a Mr. Levi Breyfogle of Rapid City has proposed a new Constitutional Amendment that would make all "victimless" crimes unchargeable:
"(1) A charge of a violation may only be filed by a victim whose person or property has been physically damaged by the defendant. If the victim is incapable of filing a charge of a violation, a family member may, but only if the victim does not object; and (2) The damages must be physical, quantifiable, and have already occurred."
(Someone's done something they don't want anyone to know about...)

But enough of that, back to the news:

Local News: On January 24th, in an improbably appropriate move, a woman crashed into the Billion Car Care Center. Meth, not alcohol, and there were also 2 children under three in the back seat, who were unharmed, and are now "in the care of a family member." Thank God. BTW, here in South Dakota, if you get arrested, you get to do the walk of shame in jail stripes., which is then broadcast on the nightly news, and she looked shell-shocked, to put it mildly. Whether it was the situation she finds herself in, or that she hadn't had any meth in over 24 hours, I don't know.

The photo that launched multi-
million dollar investments...

The latest scam: Perhaps because they saw the EB-5 and GearUp! rifling of federal dollars, Tobias Ritesman and Tim Burns (long-time Brookings developer) cooked up a new company, Global Aquaponics which was going to be a high-tech fish farm near Brookings, SD. (check out their website here!) They were going to grow fish and shrimp in tanks, and use the "nutrient rich" water to grow vegetables.

And apparently there were quite a few people who weren't bothered by the lack of experience in shrimp farming available in the High Plains, because they managed to raise a few million dollars. (P. T. Barnum was so right.) But a year later, while the ground had been (barely) broken, no tanks were being built, and there was no sign of anything but a nice office downtown in which Mr. Ritesman went slightly off his nut one day and wanted to know about Bitcoins while waving a gun in front of a tech consultant. Let's just say that everyone got ripped off, and Mr. Ritesman and Mr. Burns are facing federal charges.

In the "we should have known" department: Mr. Burns was involved in the EB-5 scandal. (Thanks again to Angela Kennecke at Keloland News) And Mr. Ritesman claimed to have won the same "Entrepreneur of the Year Award" as Steve Jobs and Elon Musk. He didn't, but apparently no one checked before investing.
(BTW, this proves that there's a reason why Frank L. Baum made the Wizard of Oz a humbug and a conman in his earthly life back in Kansas and other parts of the Midwest.)

National News: So, no fish, no shrimp, no vegetables in nutrient-rich water. But we do have radium, at least in Brandon, SD. Radium, which is (1) radioactive, (2) killed Marie Curie, (3) can occur naturally, and (4) has been in the city's water for decades. It's also not uncommon across the country. An analysis by EWG (go here for an interactive map) found 170 million people exposed to radium from drinking water in 22,000 utilities nationwide. Brandon's radium level doesn't exceed federal guidelines. What's amazing to me is how much (and many) poison(s) you can have in your drinking water before it exceeds the guidelines Look it up some time.

Well, that's all from South Dakota, where we talk like Mayberry, act like Goodfellas, and the crazy just keeps on coming.

My husband just looked this over and suggested, "Sponsored by the South Dakota Tourism Department".

22 January 2017

Yet Another Computer Scam

by Leigh Lundin

WARNING A scam involving Google and clever programming sleight-of-hand has hit the scene. It’s not entirely new– a prototype showed up in 2014– but it fools many professionals. Apologies in advance for the technical parts below.

A new month, a new scam, this one brought to our attention by a reader. Although widely reported, this scam hasn’t shown up in the ACM Risks Digest yet. Surprise– the scheme starts with your GMail where a note from a friend or colleague contains a link to another page or document. You click and receive a message you must log in again. Happens every so often, annoying but sign in again for security.

A Google log-in page shows up– the URL field (web page address) contains google.com. Enter your name, enter your password. Click. The document your compatriot sent now appears.

You may not know it, but you just lost exclusive control of your Google account. Your pal didn’t send that email and the link was plucked out of your emails.

Let’s look at the sign-on dialogue boxes again. Which one is counterfeit? Hover your mouse over them for the answer, but the fact is, they’re indistinguishable.

The insidious part is that email web sites– Yahoo and AOL included– train us by periodically forcing us to relog in. Hold on… didn’t the URL box contain google.com?

Yes. Over the years we’ve seen clever fraudsters incorporate target domain names similar to this:

http://w5.to/google.com

The trick here is that the real domain, web address of the bad guys, is w5.to. The google.com is only a web page set up to fool you. Other examples might look like the following:

http://citibank.net.w5.to/index.html

This is a variation of the bad guy’s domain, w5.to, above.

http://citybank.net

Here the bad guys registered a variation of the real name made a little easier by CitiBank using a non-standard spelling. These three examples are reasonably clever and some scammers don’t take that much trouble. However, this new one can catch even professionals by surprise:

data:text/html,https://accounts.google.com/ServiceLogin

The clue something is very wrong lies in the first three words, data:text/html – you shouldn't see that at all. The opening letters of an URL don’t have to be http – they can be file, data, help, about, chrome, gopher or possibly another protocol, but ‘data’ is the only hint the page is abnormal.

Browsers have become more sophisticated over the years, so web pages might include additional capabilities such as setting preferences. The ‘data’ keyword allows HTML to be embedded in the URL field, but more insidiously, it allows JavaScript, and that’s how this particular exploit fools us. Following the ServiceLogin part of the URL are dozens upon dozens of spaces so you can’t see what comes next. Far beyond the right side of that URL field is where the real sorcery begins with <script…>. This malware program throws up a fake Google sign-in page to capture your ID and password.

Expect Google to quickly mount an update, but beware, look ever more critically at URLs when you’re asked to type in your credentials. It might save your on-line life.

20 March 2016

Duping Delight

by Leigh Lundin

“He lied for pleasure,” Fuselier said— Supervisory Special Agent Dwayne Fuselier, a clinical psychologist and an FBI investigator.
In this case, he was talking about Eric Harris of Columbine notoriety. But millions of people who aren’t mass murderers also lie for pleasure. They tread beyond compulsive, they go beyond obsessive– they lie for enjoyment, gratification, and amusement.

Psychologist Paul Ekman says lying represents a key characteristic of the psychopathic profile. He calls it ‘duping delight’.

It’s rare for the average person to get to know a criminal mind. I’m not talking about the desperate committer of crimes or those who’ve lost their way, but people who deliberately set out to steal or defraud for no other reason than they wish to.

Oddly enough, most fraudsters I’ve personally known have been disbarred lawyers. Truly. Wait, I’m not picking on lawyers as a class nor am I providing fodder for lawyer jokes– we can do that another time if my friend Dale turns a blind eye. But for unexplained reasons that seem beyond coincidence, the major swindlers I’ve encountered have been former attorneys and one a former judge. They all hail from Florida as well, formerly a haven for con artists and scammers selling underwater parcels of land.

My friend Sharon sent me an Orlando Sentinel article titled “Husband of disbarred attorney sues her, alleging fraud, forgery.” Strange as that sounds, it barely hints at the machinations involved… you’ve got to read the article.

It put me in mind of another lawyer whom I’ll call Dr. Bob Black.

Judge Not Lest… an opinion piece

I met ‘Dr. Black’ at a local college campus. We chatted between breaks. He failed to let on he’d been disbarred, although he mentioned numerous times he’d been a judge. He shared he was raised in financial comfort and had been well educated. His relationship with his parents, especially Bob Sr, sounded complex and later left me wondering about the residual effects.

Black had bought a minor mansion in an Orlando historical district. He’d gutted it and was in the process of slicing its interior into small apartments when the Historical Society called a halt, pointing out that ruining a historical building and establishing multi-family residences in a single-family zone was forbidden. Unfazed, Black put it up for sale, advertising it as partially converted to apartments but possibly not mentioning the legal stumbling blocks.

At the time of his real estate ventures, Bob was also hawking a computer he called the Macintosh XLS. I recognized the machine as an Apple Lisa, the forerunner to the Mac, although Black claimed it was not a Lisa but a super-advanced product that outclassed other computers— especially its price of $10 000, about five times the price of a Mac at the time.

A little research showed he was buying refurbished units from a company in Shreveport, bundling them with freeware and shareware, and offering training worth “thousands of dollars.” As it happened, he was paying less than $40 for adult classes at Winter Park Tech where my friend Geri taught. Geri found herself with more than one of his victims in her classes, including one man whose wife was dying of cancer and was barely holding together emotionally.

The Scheme

Black was buying outdated, refurbished computers for a few hundred dollars, adding freeware (free software) and $40 worth of classes, and then selling them as high-end products to the unsuspecting.

Dr. Black was a snappy dresser. Even at casual gatherings he wore suits, and under his suits he wore sweater vests, not a common sight in Florida.

He liked talking to me, even when I’d call him on some of his shenanigans. When I asked barbed questions, he showed a politely bland face, no anger or irritation at all. I wondered if he masked his feelings or felt nothing at all. Did he choose me just to have one person to talk to?

He claimed to have been a judge, and apparently that was true. The ‘Dr’ part he tacked onto his name– He liked the sound of it. Beyond the connotation of ‘juris’, it had no more meaning than the ‘Dr’ in Dr. Pepper.

Judgment-Proof

Black confided he was ‘judgment-proof’ and explained he maintained real property in his wife’s name and kept all his other assets offshore. The topic of disbarment didn’t disturb him… he simply acted as if he didn’t hear those questions, although once he hinted at a political misunderstanding.

One of his controlling peculiarities was to arrange meetings with clients at odd minutes on the clock, say 9:42 or 10:13. Black claimed he was too tightly scheduled to waste appointments on the half or quarter hour.

His attitude toward ripping off people was entirely incomprehensible to most observers. Black exhibited zero contrition but especially no shame whatsoever. He displayed a bullying arrogance toward anyone he could. He may have fancied himself superior to lesser people; others were merely ants that he righteously stepped on if they got in his way. Bob seemed to typify a sociopath in every sense of the word.

The Detective and the Reporter

A pair of related calls came in on my consulting line. Geri had referred one caller, a former New York City homicide detective who’d been defrauded by Black. The other was from our local WCPX star consumer crusader, Ellen MacFarlane. The detective happened to know Ellen’s mother, a NYC judge, and her sister, a force within the New York Department of Consumer Affairs. They asked me if I would provide technical knowledge for an exposé of Dr. Bob Black.

Ellen suffered from multiple sclerosis, but she was a fighter. I sat in on the interviews, sometimes feeding her questions. Black’s strategy was to answer no question directly. If she asked him about reselling obsolete equipment, he would respond with a rambling discourse on Steve Jobs, Reaganomics, and local gardening regulations. He exhausted the lady, but Ellen managed to air the segment.

The detective wasn’t done. He sued Black and called me as a witness.

We sat waiting for Black in the judge’s chambers. At nearly half-past the hour, the phone rang. The judge put it on speaker phone: A whimpering Black claimed he was deathly ill.

The judge said, “Frankly, Mr. Black, you don’t have much credibility around this court. However, I’ll continue this case if you get a doctor’s note to me within three days.”

Upon my return to court, I bumped into Black. He always acted polite to me and he did so this time, impervious to my cool nod. This time, the parties indicated they were considering a settlement. I wasn’t called to court again so I don’t know what, if any, judgment or restitution was involved.

To say Black was a scoundrel or a rascal is to diminish the impact he had on others. The Yiddish word ‘gonif’ comes close, implying a thief and a cheat.

Most of us would like to leave the world a better place. Besides social currency, reputation is a reflection of future self, the part that remains after we’re gone. We can’t all be great authors, musicians, artists, nurses, and teachers, but we can be good people. People who don’t care are alien to the rest of us.

I’ll bracket this article with “in my opinion,” but Black made a living from cheating people. He could argue he gave naïve people what they asked for (“They should have done their homework”) and what he promised (“So what if I sold them free software and who’s to say the $40 course isn’t worth thousands”).

For all that, my greatest astonishment centered around his lack of shame. I used to attend LegalSIG, a special interest group run by a local law firm concerning matters of business and law. Black would attend, showing no chagrin, no humiliation, not the least discomfort. Most people would not put themselves through such mortification, but Black felt no discomposure. He was internally ‘judgement-proof’ emotionally as well as financially.

Friends asked why ‘Black’ singled me out to talk. Partly, people found it easy to chat with me, even confide, but also I could listen without hating him, which I suspect many of his colleagues and victims must have done. From him, of course, I heard only fragments of his exploits. He never mentioned the word ‘victims’, but hinted those who’d fallen for his schemes were weak-minded. He sometimes suggested when his prey rose up, they were unfairly trying to victimize him for being the more clever.

I can’t read a mind like his, but I began to suspect that if he dealt with emotions at all, he might have felt no wrong. He might even have believed himself entitled, that he had the right to exploit lesser humans, those who could not harm others. If so, I feel sorry for him. But I'll never know for sure.

24 May 2015

Scams, part 2

by Leigh Lundin

by Leigh Lundin

Last week I wrote about my friend Thrush fielding a scam telephone call pretending to be the IRS. This week I turn my attention to friends who were the subjects of web-mail scams. But as I was writing about other people’s email being cracked, my own was used to spoof addresses of email spammers.

Fourteen years ago, I signed up with AOL. I stuck with them during the vicissitudes of their development cycles, but at some point they wanted to charge fees at a time when their mail interface had run amok. I switched to Yahoo and stuck with them through their vicissitudes of (mis)fortune. Mail received by my old AOL account is forwarded to my Yahoo address, one-way only. I still give out my AOL address– it’s simpler to spell over the phone– but any reply I may make will come from Yahoo, not AOL.

As I’m working on today’s article, imagine my surprise when friends Dale Andrews, Thrush, and Sharon tell me my email’s being used to blast unsuspecting souls with ads for weight loss, penis enlargement, and an eatery called “Quick Sushi”. Friends, colleagues, and acquaintances have recently been attacked in a similar way. Typically, programs either mine email headers for addresses or they break into an address book. They then email from their own accounts ‘spoofing’ a fake return address hoping acquaintances will open emails from an apparent friend or family member.

But our SleuthSayers’s friend Cate was the unwitting pawn in a different kind of attack, as you can tell in the following exchange. I caught on early as did our friends Sharon and Darlene Poier. Not trusting her other accounts hadn’t been cracked, I immediately sent emails to friends and family to warn Cate her business address had been compromised.

Here’s my exchange keeping the scammers busy. Note the grammar, spelling, and punctuation, and keep in mind that Cate, a former teacher, writes and edits textbooks and tutorials.

From: ☒☒☒☒☒☒☒☒ Consulting <☒☒☒☒☒☒☒☒.consult1@gmail.com>
To:

Interesting. Cathrine is notorious among family and friends for refusing to carry a cell phone.

Sent: Wednesday, 06 May 2015 4:59 AM
Subject: Good Morning

How's is your day going, I'll like to discuss something with you. i should have called, my phone fell in the tub this morning are you online ? let me know

Cathrine ☒☒☒☒☒☒☒☒

Sent from my iPad

On 06 May 2015 at 16:11, Leigh Lundin <leigh_lundin@☒☒☒☒☒☒☒☒.com> wrote:

Is this you?

Leigh Lundin