Scams reported to the FBI and investigated.

I was doing some research on a report of a telephone scam that involves fraudulent requests for information based on a “Jury Duty” failure to appear. I seems that the caller tries to bully the unsuspecting victim into giving up their social security number and other important private information so they can have a “bench warrant” rescinded for failure to appear. This telephone scam has been reported by the FBI and can be reviewed at: http://www.fbi.gov/page2/june06/jury_scams060206.htm .

I looked it up, it’s from June 2006. Good information provides the best defense against this kind of scam. Ask the caller if you can call the local court jurisdiction in order to verify the “bench warrant” and the caller will generally go away.

I found another more recent scam that is using email as it’s delivery mechanism.. From the FBI web site January 2007.

A new scam cropping up in e-mail boxes across the country is preying not on recipients’ greed or good intentions, but on their fears. The scam e-mail, which first appeared in December, threatens to kill recipients if they do not pay thousands of dollars to the sender, who purports to be a hired assassin.

“This is a hoax, so do yourself a favor and don’t respond,”

In one case, a recipient responded that he wanted to be left alone and threatened to call authorities. The scammer, who was demanding an advance payment of $20,000, e-mailed back and reiterated the threat, this time with some personal details about the recipient—his work address, marital status, and daughter’s full name.

For more information on scams, visit our Common Fraud Schemes page. IC3 also has information on Internet crime schemes and prevention tips. (FBI’s Internet Crime Complaint Center (IC3) – just so you know what the acronym means)

To report Internet crime, contact IC3 or your local FBI field office.

As always, safe surfing,

Darrell Mishler

mndcreativeconcepts store

demphoto site and amazon store

Gourmet Wild Rice

Motreasures

Auction software has flaws, be careful.

Hi again,

I was doing some poking around for something new to talk about and came across the National Vulnerability Database. I found information that might be valuable to online auction participants and thought I would share it with you.

The National Vulnerability Database has identified a vendor of auction, banner exchange, link and ad management as having a flaws ranging from medium to high. To be brief, the SoftBiz suite of products has been identified to have serious security gaps. I haven’t contacted SoftBiz directly, but there are references to the problem areas in the NVD. The references follow.

Please be careful where you do your business. I’m sure this is an oversight and will be corrected soon, but the SoftBiz web site says that they have over 3000 applications and installations. This is from their web site faq:

“We have an experience of powering 3000+ web sites with our scripts. We have been improving our scripts over the years now. So, you can trust our technical skills. If you ever face any bug in the script, we will correct it for you free of cost. You do not have to wait for any patch to be released. Just notify us the problem and we will correct it as our highest priority. This can be offered only by an organization with full confidence on its script. We fully back our scripts and clients.”

As always, safe surfing,

Darrell Mishler

mndcreativeconcepts store

demphoto site and amazon store

Gourmet Wild Rice

CVE-2007-5999 (Softbiz Auctions Script)
Publish Date: 11/15/2007 CVSS Severity: 7.5 (High)
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-5998 (Ad Management plus Script)
Publish Date: 11/15/2007 CVSS Severity: 6.5 (Medium)
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

CVE-2007-5997 (Banner Exchange Network Script)
Publish Date: 11/15/2007 CVSS Severity: 6.5 (Medium)
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVE-2007-5996 (Link Directory Script)
Publish Date: 11/15/2007 CVSS Severity: 7.5 (High)
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.