FTC proposes a compromise so RadioShack can sell consumer data

On Monday the Federal Trade Commission (FTC) sent a letter to the bankruptcy court presiding over RadioShack's supervised asset sell-off suggesting a compromise that would allow RadioShack to sell its database of information from 117 million customers.

The sale of the data—which includes names, addresses, e-mail addresses, phone numbers, and purchase histories—has caused concern among consumer protection advocates. The states of Tennessee and Texas recently filed objections to RadioShack's plan to find a buyer for its database, saying that the company promised in various privacy policies that it would not resell customer data to third parties. AT&T and Apple also objected to the sale of portions of the database, saying that that information actually belongs to them and not to RadioShack as per RadioShack's business agreements with those companies.

According to FTC Consumer Protection Director Jessica Rich (PDF), RadioShack could find a way to appease consumer advocates by taking a look at a bankruptcy case from 2000 involving retailer Toysmart. In that case, Toysmart had wanted to sell off its database of customer data, but after some pushback from the FTC it agreed to certain limitations on the sale of the database. For example, the buyer could not buy the customer database alone—it had to receive it bundled in with the sale of other assets like trademarks or Web content. In addition, the information had to be sold to a business similar to Toysmart and that buyer had to agree to honor the privacy policy that Toysmart had pledged to its customers.

Read 3 remaining paragraphs | Comments

Protecting others from getting ripped off – online or offline

This week, I’ve been attending and presenting at a conference in Brisbane, Queensland, entitled Seniors’ Fraud Protection Symposium.

The event was organised by the Queenland cybercops – the same guys who brought you Fiscal the Fraud Fighting Ferret – and aimed to get law enforcement, business and industry groups to work together to reduce the exposure of seniors to financially-oriented crimes.

Of course, seniors (loosely defined in Australia as anyone 50 or above) aren’t automatically at a higher risk of getting ripped off.

After all, seniors have, by definition, more life experience – which might include getting ripped off in their youth, and learning an important lesson as a result.

But seniors who have already retired from full-time work, and who are relying on returns from existing investments to survive, must be considered at high risk of financial scams.

Many Aussies currently living on government-mandated retirement investments have seen their nest-eggs implode recently. If you’d made compulsory investments all your life in an official, government-approved, household-name superannuation fund only to find out that the smooth-talking company running the fund had feet of clay all along, you too might easily be tempted to try something out of the ordinary to top up your retirement savings.

Lottery scams were one of the ‘extraordinary’ investment opportunities covered at the conference.

When most people think of lottery scams, they think of those emails awarding you a prize in a lottery you didn’t even enter. Those scams are unsophisticated and rather obviously bogus. After all, you can’t legally win a lottery you didn’t enter.

But there’s another class of lottery scam. These don’t feel like internet scams, because they’re kicked off by professional-looking documents delivered by old-fashioned snail-mail. Nevertheless, these scams often rely on a cyber-element to give them credibility, and cyber-technology such as cheap internet telephony to offer toll-free entry by phone or fax.

Never forget that even a professional-looking printed document backed up by a professional-looking website, and endorsed by objective-looking reports talking up the business, might still be a total scam. Anyone can publish reports saying company X is excellent – including company X itself. Self-boosting like this is called astroturfing. You make yourself seem to have support, right down to grassroots level. But the grass is completely fake.

Some of these lottery operations might argue they’re not really scams – they may be technically legal, albeit only just – but they are nevertheless astonishingly unwise investments, made to look attractive with a bit of lustrous Web 2.0 polish.

Ironically, just the morning after I returned from the event, a colleague – not yet half way to senior age – dropped a lottery scam letter on my desk, asking for comment.

This scam carefully avoids saying, or even implying, you’ve already won a prize, but that might be because the same company was previously outed in local news – in Queensland, no less.

Back in 2009, the company was sailing even more closely to the wind, dubbing their document an “Acceptance Form”. Now, it’s just a “Notification of Entry Eligibility.”

The premise is simple. You give the company, your personal details in writing, including your credit card number, expiry date and CVV code – those secret three digits on the back, which you ought never to write down.

They take AU$20 from your credit card to buy you 8 tickets in the Irish lottery (tickets you never receive yourself) over the coming month. That accounts for about AU$16 of your entry fee. The remaining $4 enters you into what’s described as a syndicate which will enter you into 24 lottery draws in the next four weeks – two each week in Ireland, Spain and Germany. You will share in any winnings your syndicate makes.

Now read the small print. Your $4 “syndicate” consists of 600 lottery tickets per week- 200 each in Ireland, Spain and Germany. Whether there is one person or 1,000,000 in your “syndicate” over the next four weeks, the total investment of the lottery scammers on your collective behalf remains the same: 2400 lottery tickets.

So your collective chance of winning is not increased at all by the number of “syndicate” members. At the same time, your stake in any winnings is divided by the number of members.

Let’s imagine, for a moment, that the lottery scammers attract 1,000,000 entrants this month. That’s perfectly possible, since they’re promoting their scam worldwide, and offering what they claim are toll-free phone and fax lines in 19 different countries to help suck you in.

The lottery scammers would take in a cool AU$20,000,000 each month – a turnover just short of AU$250 million per year. AU$4,000,000 per month – or nearly $50,000,000 a year – would be the “syndicate” fees.

Now let’s assume, even with just 2400 tickets between the lot of you, that your syndicate collectively wins the AU$67,000,000 which the scammers unrealistically tout as the maximum value of your possible prizes. You’d get out just AU$67 each.

For this outlandish and absurdly unlikely outcome, you’d be paying $4 to win $67 – odds below 18-to-1. But for that 18-to-1 return, you and your other syndicate members would need to win lottery prizes not just once, but repeatedly throughout the month.

And how likely is that? The Irish Lottery feels obliged to tell you. The official approximate odds of winning any one lottery draw – for a minimum prize of about AU$3 million – are 1 in 8,145,060. So, assuming 2400 tickets, your syndicate would have about 4000-to-1 odds of getting back $3 each ($3 million split 1,000,000 ways), all for an initial investment of $4. In other words, if you’re really, really lucky in any one month, you’ll lose only $1, rather than the whole $4.

Worse still, you don’t actually share in all the prizes your tickets might win. The scammers’ terms and conditions allow them to keep any prizes other than the top-level jackpots. And, of course, the scammers have your credit card details – including the CVV needed for card-not-present transactions – and a bunch of other personally identifiable information.

Don’t fall for this sort of nonsense. And protect others from getting ripped off, too.

Friends don’t let friends get scammed online. Or offline, for that matter.



Avoid cyberwinter – turn Cybersecurity Awareness Week into a cybersafe lifestyle

Next week – Monday 30 May 2011 to Friday 03 June 2011 – is National Cybersecurity Awareness Week (CSAW) in Australia. It’s also the official start of winter.

Sophos has been an enthusiastic participant in CSAW events over the past few years, and has endorsed various industry initiatives introduced under the CSAW umbrella, such as the iCode, a scheme by which ISPs attempt to contact customers with virus infections and help them to clean up.

There’s a problem with CSAW, however – namely that awareness of Awareness Week is low.

Additionally, of course, there’s the problem that cybersecurity is something which requires attention all the time, not just one week of the year. In that sense, having a Cybersecurity Awareness Week is a little like having a Safe Driving Afternoon. You need to follow up your Safe Driving Afternoon with a safe driving lifestyle.

Various Sophos colleagues will be in various parts of Oz next week, including at a breakfast event put on by the Northern Territory Government in Australia’s northernmost capital city, Darwin.

It may not be winter in Darwin itself – in fact, it was touching 31C at lunchtime – but it can get distinctly frosty online if you don’t keep a lookout for yourself and your business whilst you’re using the internet.

So, if you’re a businessperson in Darwin, why not take advantage of the free National Cybersecurity Awareness Week Breakfast, which takes place at the Novotel Atrium Hotel on the Esplanade on the morning of Wednesday 01 June 2011?

Let guest speakers Peter Lee – a colleague of mine from Sophos in Brisbane – and Paul Morshead – from the Department of Broadband, Communications and the Digital Economy – teach you how to protect your business data, online financial transactions and networks from cyberscams, fraud and theft.

Territorians, don’t ask what you can do for your government – take advantage of what your government is doing for you! Register online now and turn Cybersecurity Awareness Week into a cybersafe lifestyle.