Spambully Download and Interview With SpamBully CEO
IdentityTheftSecrets interviewed the CEO of SpamBully, Mr. Paul Jendrasiak.
SpamBully is a spam filter that's been rated "Best Buy" by WIRED Magazine, rated "5 cows" by Tucows (For whatever that's worth... apparently 5 cows worth), has appeared in the book Fighting Spam for Dummies, USA Today, Wall Street Journal online, and other noted media outlets.
That's all well and good, but we wanted to go to the source of the software to find out what SpamBully was really all about. In this interview, you'll be able to hear what IdentityTheftSecrets found out about SpamBully.
According to Jupiter Research, the average American will get more than 3,600 spam email messages in 2007.
One of the nice things about SpamBully is that they have taken into account that people have different systems for which they may want a Spam protection product. So, Spambully works with Outlook, Outlook Express and the new Windows Mail in Vista. It's based on a Bayesian Spam Filter, which Intelligently knows which emails you've received are good and which are spam. It does this through using artificial intelligence and comparison against server blacklists. Basically, this makes sure that good emails make it to your Inbox
Here is the interview transcription.
IdentityTheftSecrets: Welcome to another exciting call with IdentityTheftSecrets.com. This is Jonathan Kraft and I am here today with, I know I am going to mess up this name but, Paul Jendrasiak. Did I say that right?
IdentityTheftSecrets: Alright, Paul Jendrasiak from Spam bully and I thought we could take a few minutes today and ask a few questions, not only about Spam bully but just about spam in general. Obviously, people are concerned about identity theft, part of the thing that is going on a lot in terms the way people's information is being stolen is through phishing, spam, and that sort of thing. So, I wanted to talk with you about that today, but can you just get started; would you mind just sharing a little bit about your background?
Spambully (Paul Jendrasiak): Sure, absolutely. First of all, good to be with you, Jonathan. My background, right now we do spam bully which is a spam email filter and we have been doing spam bully for about five years. It has been really successful for us and prior to that, my history goes back to internet marketing and I have a strong background in that back to about 1995, 1996. And past that time period, I used to be into magazines. I used to interview rock stars; ran a music magazine so, a little bit different than the software industry and Internet promotion so I seem to hop around into different things, but really do enjoy doing the software these days and with spam bully, it is obviously, it is a very needed piece of software, spam really seems like it is on the increase.
IdentityTheftSecrets: Yeah, definitely would agree with that. What got you into actually creating software to help people with spam?
Spambully (Paul Jendrasiak): Well, actually my partner and myself, his name is Jeff; we were involved, both together, in Internet promotion. We used to do internal software for our businesses and we decided wouldn't it be great to do consumer base software for the home user and the business user. And at that point spam was a pretty big deal and he is the technical person, I am more of the business/advertising person. He had seen something on what is called Bayesian filtering which is an intelligent kind of way filtering spam where it makes decisions on what is good email and bad email, kind of an artificial intelligence format, and my partner Jeff wanted to get involved in that. And I thought well, that is a fantastic idea because spam is such a huge problem out there so, we just started rolling with that. It really took off within probably about three months we were in Wired magazine. We got rated best buy there, and we have been picked up by a number of other publications throughout the world. Write-ups, reviews and pretty much it snowballed from there so; it has been a pretty good ride. We are just releasing our fourth version of spam bully and in addition to the spam; we also integrate a great anti-phishing technology because that's kind of, you know, almost like the cousin of spam I guess you can say.
IdentityTheftSecrets:Sure.
Spambully (Paul Jendrasiak): We are kind of working on both sides of that for the consumer.
IdentityTheftSecrets: We actually just did a big interview on Identity Theft Secrets about phishing. We interviewed the gentleman who has actually been an identity thief for over twelve years. He says that he only sees the problem of phishing getting worse. I don't know what your take is on this but, I mean, how do you see the problem of phishing being slowed or eventually stopped?
Spambully (Paul Jendrasiak): Well, as far as getting worse I say yeah that is a fair statement. You've got a lot of that stuff out there that is making its way into folks' mail boxes, and unfortunately, not everybody who uses the Internet is incredibly savvy so a lot of the things look like they are legitimate, they look like they are from PayPal, they look like they are from eBay, or from their banks; so, it is easy to get tricked into giving out your well-guarded details, your financial information. Obviously, the way to combat that is making sure that people know what to look for - tell-tale signs, making sure that they exam the emails, you know, with spam bully we examine the links in there and we alert people that this may not be a legitimate email and you may want to examine it twice before you click the link and enter in you password information. One of the reasons why that stuff is so hard to combat is these folks are offshore. They may be in Eastern Europe, they may be in Asia. It used to be that if you were going to be a victim of some sort of theft it was, you know, somebody that is right near to you, local to you. Now you are dealing with people that are thousands and thousands of miles away and countries that you may not be able to pronounce so...
IdentityTheftSecrets: Right.
Spambully (Paul Jendrasiak): It is a little more difficult to go after some of that stuff. So, it is very cat and mouse, you know, we see authorities do a pretty decent job trying to catch up with that but these folks are pretty savvy. I mean, you said you talked with somebody who's been doing it for twelve years and they obviously know the ins and outs to that. Certainly it is a terrible thing to pursue that as a business to steal people's identity for financial gain, but the fact that this guy has been at it for twelve years shows you that, you know, it is very much an intense cat and mouse game. And, you know, people; we have seen in the US who, you know, have gotten involved in that as far as trying to steal identities, those folks usually get caught fairly easy, fairly traceable, but it seems like your more savvy criminal is offshore, in Asia or somewhere over in Eastern Europe. I think the name of the game is to have consumer education and a lot of the time, you know, folks who are getting their identity stolen is your mother or your grandmother who have been online for maybe two years. They use it for emails, maybe they have a PayPal account or an eBay account, but they are easily tricked into giving out their information. It used to be, you know, you were afraid of breaking into your house well, now they break into your house through your computer which, you know, is really a whole new ball game. I mean, with any of this stuff it is always a double edge sword, but hopefully, you know, as law enforcement becomes more savvy, you are going to see some of these folks, you know, discouraged from trying to do these kind of activities.
IdentityTheftSecrets: Right. Well, kind of on that note, I mean, the government passed the spam law into effect on January 1, 2004, and obviously, our boxes are more filled with junk mail than they ever have been. Can you explain to me why that may have happened? I mean, obviously the law didn't work, but can you talk to me about why?
Spambully (Paul Jendrasiak): Well, that kind of gets back to what we were talking about with phishing, because you've got these people who are operating offshore and when you are dealing with spam, sure is a headache to you, it is a headache to me, but when you look at it in the grand scheme of things as far as what authorities are going to go after, it is not going to be a high priority. I mean, are you going to go after somebody who is a terrorist or somebody who is spamming? Well, we both know the answer to that.
Now, the fact is that you've got some folks in the United States who have been prosecuted under the Can-Spam Act so, in that respect, sure is working when you can pretty much go down the street and nab the guy, you know, who is doing it; it's a different ball game but when somebody is over in Malaysia and they've got a huge spam operation, typically that is going to be a lot harder to go after, you know, because that's, you know, way out there versus some guy who may be sitting in his house in Tennessee with millions of spam email addresses. So, I mean, the law works but it doesn't work. I guess maybe that is kind of the way of put it, you know, folks in the United States: sure some of them have been prosecuted but a lot of these folks who may be sitting in the former Soviet Union or something, they are a little bit harder to catch on something like that. The bottom line is that they don't care that there is a United States law. Can-Spam, almost to an extent, it's almost a guideline; it says, you know, if you want to send emails here is what you've got to do. There is really not a lot of teeth to it, but you know, folks who are kind of in that I guess you would want to say that black zone of spamming, you know, they don't care one way or another and they are again just like with the phishing, you know, it is a cat and mouse game.
IdentityTheftSecrets: What do you think is the big solution to that is? I mean, if you've got all these people who are overseas and they are able to send spam, they are not affected by the laws obviously, of the United States at all. And in fact to their government they might even be happy that they are taking money out of the United States, you know, from whatever spam scheme that they are running with, whether it is phishing or whether it is whatever it is that they are spamming people about; their government is probably will be okay with them spamming especially if that money ends up in their country. So, what do you think, I mean not all countries but a lot of countries have that kind of mentality of well if you are stealing money from them and putting it in our economy that is alright. So, what do you think is the big solution to this issue?
Spambully (Paul Jendrasiak): Well, that is a question that has been asked time and time again and there have been a number of solutions put forward. A lot of them unfortunately, sometimes you end up throwing the baby with the bath water. There have been, the name escapes me but, it is some sort of verified sender type situation, but a lot of times where that was being utilized, the spammers were essentially taking advantage of that someway, or you would end up loosing legitimate emails. So, it is kind of hard to say what the solution, I mean, there has been a number of solutions put forward in the last five years and spam is still here. I mean, like you said these countries, you know, they are small countries or whatever; they are not going to care, you know, what the United States' stance is on that. They are just happy about generating money for, you know, folks inside their country.
You know, as far as the backbone of the internet, if there were some way that they could maintain a way to better police emails that are going through the system so they don't even hit your ISP. But sometimes, you know, can be a little bit tricky because with spambully, for example, we're customized to you, on your desktop. So, you've got some spam filtering set up where it is a community spam filter but there may be some things that you consider spam but I don't consider spam. I may legitimately want those things so that gets into a whole other arena of this email is good to you, this email is bad to me and vice-versa.
So how do you decide some of that stuff? I mean, some of it is obviously pretty clear, pretty obvious, you know, that this good, this is bad, but still, you know, there is a need to make that correct determination. Some of that, you know, really needs to go to the backbone of the internet as far as, you know, what is going on out there in ways to better block these people because, you know, it used to be that they would go through regular ISP's to send their spasm but now they pretty much have their own set up. They are pretty savvy and, you know, really when it gets down to it, but at the end of the day, I look a lot of these things and I say, really who is buying this stuff?
IdentityTheftSecrets: Right.
Spambully (Paul Jendrasiak): I have no idea I mean back, you know, spam kind of started to rear its ugly head; say around mid nineties, ninety five, ninety six. A lot of it was adulatory and sure people were probably signing up for that stuff. But now, you know I just don't see it. I mean, I've yet to run into anybody who says I got a mortgage through a spam email or I bought this penny stock. It was a fabulous deal and I got it through a spam email. So, it really makes me scratch my head and wonder how are they making money off of that because I just don't think that there is anything that really jumps out at somebody and frankly why would you want to buy something that came through you through that unsolicited format.
So it is baffling to me but, you know, we get just as much of it as you are, as well as any of the folks that you see out there and it make us shake our heads. But, you know, they are still out there and it always goes in a up and down format usually around October through the end of winter, you know, we usually see the peak time for spam and right around now it seems like it is dropping off a little bit. But yeah, as far as a firm solution; I don't know, we will see a lot of things put forward probably in the next few years but we have seen things put forward before. But none of them really seem to stick, don't seem to have teeth or spammers seem to find a way to use it to their advantage. So, you know, it is a hard call; it really is.
IdentityTheftSecrets: Right. Well, in the meantime I think you and I both will be proponents of people educating themselves about what is going on out there and what they can do to protect their own computer until some sort of systematic thing gets set up. I mean, on that line there is a lot of spam filtering and junk email block software. There is all kind of stuff out there but, you know, I came across your software and I find that it be kind of interesting, I mean, I've never talked about software in Identity Theft Secrets before but; I think your software provides some unique kind of things, but if you would just take a couple of minutes and talk about what makes spambully different than a lot of the other stuff that is out there.
Spambully (Paul Jendrasiak): Sure, I'll be glad to do that Jonathan. First of all, one of the number one things that set us apart is; spambully is what it is called Bayesian on filtering, it is almost kind of an artificial intelligence. When we install spambully for the first time, it takes the time to learn your email habits so it customizes to you. So, it knows what type of email you consider good and what type of email you consider spam. So, it makes sure that the emails that you have from friends, or certain type of text, how emails are made up; that you consider good emails make it to your inbox and emails that you consider that are spam don't go to your inbox.
We also have an allowed block list on there, which allows you to have people on there who are your friends, people that you don't want emails from, words that are important to you. So, if you run a business, you can put in words that pertain to your business so that you know that those emails are always going to go to you inbox. You can also block out or add entire domains. We also have anti-phishing technology on there so emails will be flagged if there is a link in there that doesn't seem legitimate. So on the face of it, it make look like this is a link to Pay Pal but the reality is that it is not so we see that for you so you don't have to do all the work. So, that is one way we want to help keep people out of trouble from running into any sort of an identity theft issue or, you know, getting their Pay Pal account cleaned out or their eBay account hijacked by somebody.
So, basically spam bully is a fairly easy piece of software. When you download your email, it sorts it out automatically; we have a simple toolbar that allows you to correct things. So, if you noticed an email that you consider to be spam in your inbox, you can mark it with a spam button, it sends it to the spam folder. It trains spambully so in the future it is going to operate in the way that you want so that the emails that are showing in your inbox are going to be friendly emails. Emails that you are interested in and we do a two week free trial and so you can download it from spambully.com and you can use all the features for two weeks free, make sure you like it and we also customize into a variety of different languages, you know, the internet is obviously a huge international venue so, we customize for Germans, Spanish, Italians, Russian; those are just a few of the languages we can transform into. You can also, for a lot of the folks that use PDA, you know, with the cell phones, what have you, we can also set it up so we can always send your good emails right straight to that so you won't have to get all the spam junk that you normally would. So that is really kind of a handy feature that folks seem to like.
IdentityTheftSecrets: Right, yeah I definitely saw that on there. There is a lot of software that doesn't include that and it seems like a pretty basic thing.
We are actually running out of time here very shortly but I wanted to; if you have any kind of thoughts about what people can be doing in general. I mean, just kind of general things obviously, you know, installing your software is a good thing for them to do but in general; are there some things that people should be doing to keep their name or, you know, protect their information from being on the spam list or to reduce the amount of spam that is coming into their inbox?
Spambully (Paul Jendrasiak): Yeah, absolutely. A few very important things that they can do is; if you are going to be out there on the internet posting forums, asking questions, anything that would allow somebody to harvest your email address, use a secondary email address. Use a free email address from a Yahoo, Hotmail, or a Gmail so that you are protecting your main email address which you may use, you know, for correspondence with family and friends or a business address. That is going to help you out big time. Also, if you run a business make sure that you don't put your email address right on your website, set it up as a form so that, you know, spammers aren't necessarily going to be able to harvest your address. So, any types steps that you can take in and do things such as that to keep your real email address as private as possible, that is going to benefit you because we still see to this day people posting their real email address on forums and other places on the internet and it is too easily harvestable for spammers and then they are going to get it. So, if you are on one list then you are going to be on ten lists, and if you are on ten lists then you are going to end up on about one hundred lists, and so on and so forth. So, it is to your benefit to be as vigilant as possible to keep your real email address as private as possible. That is probably the number one tip and the easiest thing to do.
IdentityTheftSecrets: Good deal. I used to actually, I had to shut down my Hotmail account because when I first started doing web design and websites and things I put my Hotmail address on every single web page that I built and that account with Hotmail gets about three hundred and fifty junk email messages a day. So, I know that personally that it is not a good idea to put your info out there. I mean putting up a forum.
Spambully (Paul Jendrasiak): There are some bad folks out there and whatever they can do to get your details, they are going to do. So, like I said before, it is a very much a cat and mouse situation.
IdentityTheftSecrets: Well, do you have any kind of final thoughts as we rap up the call here? Anything you would like to share specifically with people?
Spambully (Paul Jendrasiak): I think that what you are doing is a fantastic idea to better educate folks on identity theft and things such as spam and phishing and anybody out there, such as yourself who, you know, can take the time to do that; it puts people in a better position because it is a jungle out there because you really got to keep your guard up. Whatever you can do to keep your information to yourself; whether it is financial or just merely your email address, you've got to do. You know, you just have to stay ahead of these folks and, you know, that is one of the things that we try to do with spam bully, you know, helping people keep their email boxes as clean as possible and helping them stay out of trouble with avoiding phishing schemes. So, you know, whatever you can do to remain vigilant I think that is an incredibly important thing.
IdentityTheftSecrets: Well, Paul thank you very much for taking a few minutes with us today and we will >link directly to spambully so people can go and check out the information there, and obviously, sign up for your free trial if they like to do that. I just thought the software was definitely offering some unique features.
Spambully (Paul Jendrasiak): I really appreciate you taking the opportunity to talk to us about spambully and spread the word.
IdentityTheftSecrets: Absolutely. I hope you have a great afternoon and thank you very much for talking.
Report from the Fraud War Blog and Ed Dickson - What You Need to Know About Computer and Internet Fraud (Part 2)
In this interview, Ed Dickson from the fraud war blog reports on the nature of fraud and how what's going on in the world can affect your computer, your bank account, and your life.
We discuss free e-gold accounts, Western Union and money transfer fraud, data breaches and information loss, and more.
The following is a Presentation of IdentityTheftSecrets.com
IdentityTheftSecrets: Welcome back to Identity Theft Secrets and I am here talking with Ed Dickson from the Fraud War Blog and just before we left we were talking about e-gold. We were going to have you talk with us a little bit about what e-gold is, why criminals use it, and how it works, basically.
Ed with the FraudWar Blog: Basically to set up an e-gold account, which is supposedly and I guess it is backed up by Gold, all you need is an email address and you can set up these accounts that are relatively anonymous. And e-gold will transfer the money. It is used in a lot of the bigger auctions scams where they will set up these accounts and move money, let's say, into a phony escrow where you get ripped off because you think you are buying a high end item, like a car. But essentially it's not much different from the Western Union and the money gram wire transfers. The bottom line is that once the money is moved from there, the victim has no recourse whatsoever, and of course, the transactions are pretty well anonymous and you are out of your money. I hope that explains it pretty...
IdentityTheftSecrets: How do they remain anonymous?
Ed with the FraudWar Blog: Well it's real simple, if all you have to provide is an email address. Think about it; you can be anybody with an email address. Western Union - they have kind of clamped down with some of the wire transfers but as long as you keep it, say under a certain dollar amount - again, not much ID needs to be shown at certain places.
IdentityTheftSecrets: And how do I end up as a criminal then; I get money in my e-gold account, how do I get that money out of there? How do I actually spend that money?
Ed with the FraudWar Blog: That is where I haven't actually been an e-gold customer. But that money can be used to buy goods or services. In the scams from what I have read and heard what they do is they move it into an escrow account, which is actually a phony escrow account. So, they set up a phony escrow company, the crooks get the money, and disappear. And of course, you never get your car or your other high dollar item. The wire transfer is pretty much the same thing, once you've wired the money and it has been picked up, and understand that Western Union will let you pick up, up to a certain dollar amount with just a code word. The money is gone, and again, the victim is out the money. And even if ID has to be shown, getting fake ID is not much of a problem in most major cities nowadays. And, that is another topic I have covered quite frequently on the blog.
IdentityTheftSecrets: So, how does that work?
Ed with the FraudWar Blog: With fake ID?
IdentityTheftSecrets: Yeah.
Ed with the FraudWar Blog: Pretty much they can counterfeit credit cards, IDs, or even counterfeiting Metro bus passes in some areas. They are using, you know, pretty straight forward technology and they are doing it out of garages. I had the opportunity of interviewing Suad Leija a few months ago, and she is actually the stepdaughter of one of the large Mexican crime families that counterfeits all of these documents all over the US and you really get an eye opening. She has done a series of videos on YouTube, and again, her name is spelled S U A D, last name L E I J A, and if you are interested in that; I mean, it is pretty interesting to watch those videos and I also did a piece on her. She has also been interviewed, by the way, by Hugh Downs and several other people from the mainstream press.
IdentityTheftSecrets: And in the interviews, I have read those interviews; by the way, very nice job with those; she talks a lot about how they use, and maybe if you could go into this a little bit, but how they use the fake identifications that they create in pursuit of all sorts of different kind of crimes, and not just actual identity theft but other kind of crimes so, they are actually using somebody else's identity. So, would you kind of go into that a little bit?
Ed with the FraudWar Blog: Well with the illegal immigrants basically their main goal is to assimilate into society and what you are referring to is that they get themselves involved with; one of the things they counterfeit is utility bills. And the idea is to get enough feeder documents so you can go into a DMV and actually become that person. Now, what is interesting about illegal immigrants is once they get a good identity they are not going to want to wreck it so, they might establish all kinds of credit, you know, pay taxes and do everything else but they are not going to go south on you; south on the identity so to of speak and bring any attention to it. But, I mean, as we have all read and we've probably have ran into a few people; people are finding out that their identity is being used, by somebody else and that can mess; sometimes they are stuck with bad taxes, all kinds of fun stuff.
IdentityTheftSecrets: Right. Bad criminal record, I mean...
Ed with the FraudWar Blog: That is another one and that is not so much done by illegal immigrants but people are actually been arrested who are victims of identity theft and the criminals literally took over their identity and warrants; whatever the criminal did fooled the police. The criminal never shows up in court after getting out on bail and there is a warrant out for the real person's arrest.
IdentityTheftSecrets: For not only the original crime but also for just missing court.
Ed with the FraudWar Blog: Right. Normally, you know if they don't show up in court any judge is going to issue a bench warrant.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: So it gets really sticky and just think about it, I mean, some of these people must go through pure hell.
IdentityTheftSecrets: At the hands of someone who has stolen and used their information.
Ed with the FraudWar Blog: Yeah, and gone out and committed all kinds of crimes.
IdentityTheftSecrets: Now, if someone reporting on fraud; oh sorry go ahead.
Ed with the FraudWar Blog: Oh that is alright; I was just saying that is really prevailing with bad checks because bad checks come back and companies file it with collection agencies and some of them are actually filed with DA's offices and, you know, when they don't show up for court again, warrants are issued.
IdentityTheftSecrets: So I write a bad check using your checking account information, I don't pay the fees associated with that, the company turns me into the court system, and then the court system is after me even though I never had anything to do with that check in the first place?
Ed with the FraudWar Blog: Right and what I have seen is where they have DA restitution programs. Check fraud is an interesting thing, I mean, like we go back with the intent theory. You have to prove intent but a lot of DAs have programs where say I can bring in; understand that just writing a bad check is normally a civil matter. But if you use one of these DA programs and say, I turn over my bad paper to the DA program; they send out letters and you don't respond to them, which with an identity theft victim that can happen pretty easily, then it escalates into a criminal matter because you refuse to respond to the collection request. That is unique to some of these DA restitution programs; that by the way are all over the country.
IdentityTheftSecrets: So then the DA, I mean, this happened to me one time actually with; and it is not quite the same thing but, I got into an accident where I felt, you know, I mean; I was hit from behind and I felt like, man I got hit from behind and I got the ticket? I never heard of that happening before and the officer even said I should take it to court after the other lady had left the scene and so it was a three point ticket, I was going to take it to court but the DA added on and I didn't know DAs can do this, but the DA added on a four point ticket. So, instead of fighting a three point ticket I was now fight a seven point ticket in court. I decided it just wasn't worth. I took the plea bargain for two points, but for somebody who has a criminal issue, I mean, a traffic accident is not the same thing as a criminal issue for check evasion or check fraud so, a district attorney can add those kinds of charges after the fact.
Ed with the FraudWar Blog: And a lot of the victims too; plea bargaining is the American way. I mean, the DA wants to plea bargain it and they go back and forth with the defense attorney and that is a whole other circus. But, going back to the identity theft victims too; in a lot of cases from what I have seen and read, these poor people are actually even arrested and put through the system using somebody else's identity and then of course they never show up for court and then that is when the warrant starts getting issued.
IdentityTheftSecrets: Right. Well, what is, I mean, if somebody reporting on fraud; what is the most difficult thing you have read about that one person or group has done to another individual or group?
Ed with the FraudWar Blog: That would be hard to say Jonathan because every time I think I got it something new comes up. I would say what I am most concerned about is the amount of information with the data breaches out there and you translate that to the Carder forums and how cheaply that information is being sold; it just makes you wonder how much is out there and how organized it is. So, that to me is probably the greatest concern. But the reason I do the blog is because there are a lot of people that are getting scammed out there and to me people are what matters.
IdentityTheftSecrets: Right, right. So, not one individual but; I'm totally with you too on the level of information, I mean, I've got a theory of what is happening with all of this information that is being compromised that probably would go into a book at some point, but I mean it is amazing about how much if you; you know like we are talking, one billion records are out there and you know, I mean, let say that one tenth of those are real people. It's just a lot of information about one person that means there is one hundred million people's information that is just sitting out there available to crooks and scammers and thieves.
Ed with the FraudWar Blog: Even scarier, if you watch the Suad story, she flat out says that some of these groups are tied in with terrorists.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: And, as a matter of fact, the Al Qaeda training fields train their, what I call minions, but train their disciples or whatever, to use credit card fraud as a way of funding their way through all their other various exploits.
IdentityTheftSecrets: Right. Have you read that translation online? There is a place where it is actually completely translated online; their training manual.
Ed with the FraudWar Blog: Right. I have read bits and pieces of it. I have never taken the time to read through the whole thing. Interestingly enough, I grew up in Pakistan so...
IdentityTheftSecrets: Okay.
Ed with the FraudWar Blog: I know I have had some experience with that part of the world.
IdentityTheftSecrets: And, how would you say in general because people are people around the world and 99% of people are good people but; how would you say in general, just from your perspective, identity theft ties in with terrorism?
Ed with the FraudWar Blog: I don't know I just see that; what I see is it's becoming more and more viable. I would say that organized crime is behind it more and more all the time because it is so profitable. Again, enabled by some of the technology that has come out and the laws that don't keep up with the technology and the internet. I mean, let face it; you can commit a crime across borders by clicking on a mouse nowadays.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: To think that, you know, tights in to how it is growing. I think that identity theft isn't just a problem here in the US; we already know it is a problem in Canada, Europe, but it is quickly becoming a world wide problem.
IdentityTheftSecrets: Right, well even; sorry go ahead.
Ed with the FraudWar Blog: No, you go ahead.
IdentityTheftSecrets: Oh no, I was just saying that I just saw recently, I mean, big, big loss in South Korea around a video game that like two hundred and thirty thousand people's information was compromised straight out of a video game that they all signed up for and then South Africa has had big problems with identity theft too recently.
Ed with the FraudWar Blog: Right. And actually the one that I like to watch is India. Because India is an IT giant and I was just reading that one of their terrorist groups, the Tamils out of; which operate out of Sri Lanka and that has gone on for years, were actually using debit credit card fraud to fund it. They were, you know, all the information being skimmed was actually being done over in Great Britain.
IdentityTheftSecrets: Do you know how you spell the name of that group?
Ed with the FraudWar Blog: It is T A M I L.
IdentityTheftSecrets: Okay.
Ed with the FraudWar Blog: And they are sometimes referred to as the Tamil Tigers and they have been involved with a Civil war in Sri Lanka, which used to be Ceylon for years. As a matter of fact, I have a contact and I can't mentione which bank he is with who shuttles me information; he is with the security department for a major bank in India, major American bank that does business in India, and we've often corresponded back and watched how slowly but surely the scams are moving over there.
IdentityTheftSecrets: Because why? What is the reason behind it?
Ed with the FraudWar Blog: I was just; just because they are getting more and more involved in the technology. They have a tremendous amount with all the outsourcing of people's information there that needs to be protected. One thing I will say for India though is; their government realizes that there is a tremendous uproar about the outsourcing and they seem to be actually very proactive in trying to do something about it.
IdentityTheftSecrets: What I was reading "In the World is Flat," I don't know if you have read that book or not but; it is a good one, definitely pick it up. But, one of the things that they talk about in there is you go to XYZ American company to have your taxes prepared, you give them all of your information, and all they do is scan it or, you know, they have a digital scan basically that they basically send these pages through, but once the pages go through or you fax your pages to them; they are actually being faxed to somebody in India. And that is who actually is preparing your taxes, it is somebody in India who turns around and sends the information back. Now, it is supposed to be all securely encoded and all of that before it is sent, but I would image that there are some of that that is not happening. Would you agree with that?
Ed with the FraudWar Blog: Oh, I agree with you 100% and you know that is the other thing that I write about sometimes is; the security industry is a multi billion dollar industry too and everybody is fixing everything but guess what? The crooks have generally figured out how to compromise it within six months and then the security people run out and come up with more expensive solutions on how to fix it, and even if you do have technologically secure protection; all it takes is one person on the inside who has access to compromise all of that information.
IdentityTheftSecrets: Right. So what is the solution in your mind to all this?
Ed with the FraudWar Blog: I think that we need to look more at protection, more of not laying out all that information that we lay out where it is so easy, you know, and a good example of that is Tom over at TrustOn who we talked about earlier, I mean he; we are seeing an identity theft product, you know, where people don't have to go out there and compromise their information. Another example that I got involved with recently is a company called Cirrus, they are out of Redmond, Washington and anybody that has done a refund in a retail store knows that you now have to give out all your information which gets stored in a database; Cirrus is coming out with a new product that actually tracks the product rather than people's information. Now, I have written a lot about that too because criminals do refunds at stores. I mean, that is how they get their cash, and I am just guessing that with identity theft a lot of that information that these retailers have been data mining is probably would not be accurate and might even be your information or my information.
IdentityTheftSecrets: So let take a step back; I am a criminal, I go in and, because this is a pretty common thing, I shoplift something out of a store and then I take it back in order to get the money for the thing that I returned. The store requires me to give information in order to get that refund so, instead of giving my information as the criminal; I give your information so that you are the one who returned the item that was originally stolen.
Ed with the FraudWar Blog: Yeah that is it absolutely. And the systems that they are using now, that data mine information, the whole idea behind it is once your identity is used too many times, they start denying you refunds. So, the crooks have to figure out a way to get around that. Is just like retailers, if you remember years ago they didn't lock stuff up until it all started disappearing. Well, guess how they are stealing all that locked up information now, real simple; they are coming in with bad credit cards and bad checks and they are buying it. So it is really interesting if you figure out that the people using the bad credit cards and the back checks are already using other people's information. It is just a step away from them using that information to refund the merchandise and turn it in, you know, what they really want is cash.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: You know that is what; it is funny because it always boils back down to money.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: No matter how sophisticated you get, as a matter of fact, I am sure you; did you follow the TJX scandal?
IdentityTheftSecrets: A little bit, not a lot.
Ed with the FraudWar Blog: Yeah, that one they are saying now; it keeps growing because they admit to more and more. Forty five million records compromised just in that, but one of the systems they hacked was their refund database.
IdentityTheftSecrets: Well, would you kind of start from the beginning with the TJX scandal, like what happened with it just so everybody because I think that a lot of people listening to this won't know. What started the TJX issue, what caused it and all of that?
Ed with the FraudWar Blog: Well, allegedly nobody; that is the problem with the data breaches, the truth is that you get bits of information.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: From what I can tell at this point is, they announced it in January and claimed that they discovered it in December; it has however now been traced that the hackers were hacking the information as far back as 2003 and what is being said is that hackers actually got into their system and were sifting the information out over that period of time.
IdentityTheftSecrets: What does TJX do?
Ed with the FraudWar Blog: TJX owns a bund of retail stores. Marshall's, I don't have a computer right in front of me but they own Marshall's, there is a TJX store, they own a couple of chains in Canada. I mean, the breach literally effected people in the UK, Canada, and the United States. So, TJX is the parent company and I am sorry that I don't know all...
IdentityTheftSecrets: No, that is okay. So, they hacked in; some criminals hacked into this and supposedly now over a period of four years or at least three years were sifting information out of the inside of that system. So, for three years this company was being hacked and as many as forty five million people's information has been compromised.
Ed with the FraudWar Blog: Yeah and I believe that if you really dig into it, and I wish I had it in front of me right now; they are saying it only happened for chunks of time but you know Jonathan, who really knows.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: They haven't caught anybody, that is for sure, and if you look at all these data breaches it is rare that anybody is getting caught; which it even adds to how much of it is out there, how much doesn't get caught.
IdentityTheftSecrets: What is also interesting is that it has been reported since, I mean, really the laws have only been in place that they have to report this stuff to us since 2005. There is a company called Axciom that collects and sells our information and I think that they since have changed; they kind of market themselves differently, but they really, I mean, they were hacked over a period of two years by an inside job. And you are probably familiar with this and nobody ever talks about Axciom, you know, and yet two years later when the laws were finally passed, ChoicePoint becomes a poster child for "if you loose information, we will punish you."
Ed with the FraudWar Blog: You know the truth is companies have been buying and selling our information for marketing purposes for years.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: And that is what has probably enabled the problem that we are seeing today, and of course, I'll go back to be that nobody wants to stop making all the money that they are making off of it because we are talking millions of dollars. But at some point, I keep wondering when the bottom is going to fall out. I think that with TJX we are starting to see it because it is going to be a war, or I am predicting a war, between the retailers and the banks to see who is going to pay for all of this, and again, we are talking about the cost of providing identity theft insurance, issuing new cards, and all of the charge backs that they are going to come back when the phony cards are used.
IdentityTheftSecrets: Let's talk for a minute, sorry go ahead. It is almost like?
Ed with the FraudWar Blog: It is like a vicious cycle of everybody tries to charge everybody else with the loss.
IdentityTheftSecrets: You know who is ultimately going to end up being charge with the loss?
Ed with the FraudWar Blog: Oh, I write about that all the time. It is you and me because one thing is for sure Jonathan, businesses don't stay in business if they are not making money.
IdentityTheftSecrets: Right.
Ed with the FraudWar Blog: So any cost, whoever eats it, they are going to be forced to eventually pass it on to the consumer and that is why I kind of laugh when you see all these zero identity theft; zero exposure, you know, commercials from the banks for identity theft because we are paying for it.
IdentityTheftSecrets: Would you talk for a minute about identity theft insurance? We were touching on that real briefly before the call here and I think it is really interesting just to talk about because there are some; I should say this differently, there are few very good products out there and there is just a bunch of junk. And would you mind just touching on why, what makes an identity; because an individual needs to know what they need to do to protect themselves from fraud, and so, would you talk about maybe some of the challenges you see with some of the products out there and then also what an individual should look for in a product that they would be using.
Ed with the FraudWar Blog: Well, I mean, number one the only one...I've looked into a lot of them and after getting half way through I realized that they were junk. So, I am going to defer to you on some of the other ones we discussed before, but I ran into Tom Fragala over at TrustOn and Tom basically let you go and find out if there is a problem for free and then shows you very cheaply; understand most of the services I see what they want to suck you into is you pay $19.99 a month whether you ever become an identity theft victim or not, and then supposedly, if you do become a victim, they will take care of it all for you. Now, from what I have read; I question whether some are actually going to be able to do that for you effectively. But with Tom's program what you do is you check out everything for free. When you become a victim, he has a computerized module that literally goes through every step of filing the police reports, notifying all the credit bureaus, putting a freeze on your credit if you need to, and you know, all the things that you need to do to follow up and it is real simple. I'm not a computer expert, by no means, and I tested the product when he was rolling it out and pretty much I can probably have my grandmother using it within a half an hour and I think you had some personal experience with him too, didn't you?
IdentityTheftSecrets: Yeah, really sharp guy and I mean, the product is actually one of the few that I would recommend to people, you know. And, some of the things you just went through are the kinds of things that a program should do for people, you know, because there is a lot of junk out there.
Ed with the FraudWar Blog: So far as the other ones I'll be interested in; maybe we'll talk more in the future. You can educate me on some of the better ones because maybe I got jaded by seeing so many bad ones at first.
IdentityTheftSecrets: Sure. I guess kind of wrapping up here; how do you see getting this problem fixed - just as a whole?
Ed with the FraudWar Blog: I think that the more we can do to educate people that is certainly probably the most effective short term thing. Long term, we have to look at new ways of using information. And I think that some of the companies that we are talking about that have been data mining information, etcetera, etcetera, needs to look at ways of doing business and coming up with new ways of doing business where they are not letting people's information out so much. And, you know, we are seeing a lot of good laws come out but we are also seeing the laws come up, we are seeing special interests water them down and to almost where they are not very effective once we get the watered down version. Are you familiar with the new Federal Legislation? That has been a big problem with that. So, you know, to sum it up, I mean; I don't think that there is any one easy fix but that is what we should be working towards.
IdentityTheftSecrets: Yeah, I would agree with that. I mean; I just don't know that legislation is going to fix it in definitely short term, you know? I think that in the long run we have to make our social security numbers less valuable and make that information less valuable. I just don't see how that is going to become a solution before somebody forces the issue to have a solution.
Ed with the FraudWar Blog: No. Having been a person, you know, trying to catch everybody doing it; that is not going to be a solution either. There are just not enough people out there doing the catching to catch everybody who is doing it. So again, I think that we are all trying to do or educate people is probably the best way and it is going to have the greatest effect.
IdentityTheftSecrets: Yeah, definitely for the short term anyway. Well, I want to thank you for taking a few minutes with us today at Identity Theft Secrets, and again, your website if people want to get to it they go to http://fraudwar.blogspot.com. Is there anything you would like to say just in closing here?
Ed with the FraudWar Blog: No, I appreciate your time Jonathan and I look forward to maybe some further collaboration with you.
IdentityTheftSecrets: I would definitely welcome the opportunity of having you back. You are definitely very knowledgeable about this industry and doing good things to help people with it. So, I really appreciate it you taking the time today.
Report from the Fraud War Blog and Ed Dickson - What You Need to Know About Computer and Internet Fraud (Part 1)
In this interview, Ed Dickson from the fraud war blog reports on the nature of fraud and how what's going on in the world can affect your computer, your bank account, and your life.
Former Identity Thief Made 6 MILLION Dollars From Other People's Names
Here's an identity thief who made 6 MILLION DOLLARS at the expense of other people.
Did he use your credit card?
What's worse to think about is whether or not he sold your name to be used by the criminal underworld.
In this 1 hour interview, a former identity thief exposes the secrets he used to use.
He stole people's identities through hacking, phishing, and real-world scheming, and lived a very good life doing so.
So why is he sharing this information with me?
He says that hacking and identity theft is "too easy" and he needs "more of a challenge", and fixing identity theft is much more challenging than creating problems for people.
In short, he's joined "the good side".
Regardless of how you feel about his perspective, he is going to tell you how and why he stole the identity of countless thousands of people, how you can protect yourself, and as importantly, why he's changing his tune.
So welcome to IdentityTheftSecrets.com and I am here actually interviewing today a gentleman who will remain anonymous, however, has been in the identity theft arena for quite awhile and is trying to turn over a new leaf. He is somebody who contacted me through Identity Theft Secrets and basically said; I am really trying to get out of the industry of stealing other people's information but what I would like to do is to be able to inform people of what actually is going on in the industry and how people's information is being stolen and used.
So, I'm not going to announce your name here but if you say hello and actually if you wouldn't mind; tell us a little bit about your background, what got you into the underground scene of identity theft, and what's really the driving force behind getting you out of it?
Former Identity Thief: Well, my whole driving scene of identity theft? It actually started; I say about twelve or thirteen years ago. Started off basically as wanting to play around, hacking things at first, like web page defacement and then once I started to see the money that could made off like the databases, and the credit card information that could have been obtained and sold; I pretty much have been doing that for, I say about twelve years now.
IdentityTheftSecrets: Twelve years?
Former Identity Thief: Yes, twelve years.
IdentityTheftSecrets: So, you've been basically buying and selling other people's I mean, I guess I don't know what side of it you are on, but you've been basically buying and selling other people's information for twelve years?
Former Identity Thief: Well, pretty much mainly on the selling side of it all...
IdentityTheftSecrets: On the selling side?
Former Identity Thief: I was one of the people that would go in and hack the databases and offer it to other people online to sell.
IdentityTheftSecrets: Okay. So, you would go in, let's say some bank or something...
Former Identity Thief: I usually would do online stores. Banks are a little secure. The shopping carts were one of the biggest and easiest one to take advantage of.
IdentityTheftSecrets: Why is that? Why is it that they are so easy to hack into?
Former Identity Thief: Well, the online stores most people just download a PHP shopping cart script and don't bother; anything security wise. They figure I can just install it and go. That is all I need to run my own online business.
IdentityTheftSecrets: We are talking about bank security or somebody who is running a store for...
Former Identity Thief: It's usually the stores because what they end up doing is; once you sniff their traffic, you get the actual merchant account numbers, making it a lot easier to access the bank systems because you already have the logins and passwords to that.
IdentityTheftSecrets: I mean honestly, what made you think that that was okay to do?
Former Identity Thief: Oh no, there was nothing that made me think it was okay. I was looking at it monetary-wise. That was pretty much what it was. I can go in and take a database and get about fifty to one hundred thousand per database for one hour worth of work.
IdentityTheftSecrets: So okay, let me get this straight. You go and you hack in to somebody's database, you grab; what's an average number of people's information that you can grab from that database?
Former Identity Thief: Depending on the popularity of the website. The lowest that I ever came across by had at least 500 to 600 people's information in it.
IdentityTheftSecrets: What's the biggest you ever had?
Former Identity Thief: The biggest one I ever had, I say had about 300 or 400 thousand cards in it.
IdentityTheftSecrets: So you go and you hack into somebody's online store and you grab, let's say; I mean if you are grabbing 200 or 300 thousand peoples information, you've got to be going, hey pay day, right? But, you hack in and you grab, let say, a thousand people's information. Credit card, names, address, sometimes social security number, I would imagine?
Former Identity Thief: Yes, e-mail, passwords.
IdentityTheftSecrets: You grab all of this information on somebody, and then, what is the process? Like you've got, let say, a thousand people's information; what do you do next with that information after you hacked in?
Former Identity Thief: Well, you can go to one of those various places on the internet to sell it off one by one. But, that kind of gets time-consuming and it is a lot more work. Or, you can go to the bigger names who also sell the information online and you sell it to them at a discount and let them worry about all the work.
IdentityTheftSecrets: Okay so, there is like a resale network, right? Okay, you go and hack in, get all this information and you sell it to somebody who already has a bunch of people who buy from them?
Former Identity Thief: Yes.
IdentityTheftSecrets: Okay, what would be per name; you are selling them; okay, so there is two level of this, you are selling it at a discount or you are selling it just at full price? What would be a discounted price for people's information?
Former Identity Thief: Usually you can sell a database of one thousand people for about 400 or 500 dollars.
IdentityTheftSecrets: Okay, so fifty cents a name?
Former Identity Thief: Yes.
IdentityTheftSecrets: And that would be like the wholesale cost of buying somebody's name from you?
Former Identity Thief: Yes. Now, if it was a bigger deal one like bigger databases; it was like 20,000 people, I sell it for like five thousand. Just because you have to sort through them all; sometimes there are duplicates in there.
IdentityTheftSecrets: So, you actually are selling people's name in bulk?
Former Identity Thief: Yes.
IdentityTheftSecrets: Wow. Alright; so then that person that you sold the names to, they turn around and sell them at retail or maybe they sell them to another reseller but what would be like the retail price for someone's information? Let say I've got their name, their address, their social security number and some credit card information; what would be the cost? What would be; if I wanted to buy somebody's information, what would be the cost to me for that?
Former Identity Thief: Usually about five to ten dollars per person.
IdentityTheftSecrets: Unreal. So I work in a bank let say, and I can get a hold of these kind of people; I can sell names for let say, for two or three dollars a pop and they can turn around and resell them for five or ten dollars a piece?
Former Identity Thief: Yes.
IdentityTheftSecrets: What's the highest you've ever seen a name go for?
Former Identity Thief: I've seen some that come with mother's maiden name and everything; pin numbers on the accounts, go up to twenty dollars a piece.
IdentityTheftSecrets: So there are a lot of people making a lot of money just reselling names?
Former Identity Thief: Yes.
IdentityTheftSecrets: And then on the other end, the people who buy these names; I mean what kinds of things, and you know we have covered this before, but from somebody who is actually working in the industry; if you get a hold of somebody's name and you want to actually go and rip them off, use their information for identity theft; what kind of things do you do with that information?
Former Identity Thief: Well, first you start off by maxing out their credit cards and then with all that information; social security number and date of birth and the mother's maiden name and everything; you'll open new lines of credit and add other addresses to the person's credit profile so that way when they open up a line of credit, the credit cards are shipped to what they use as the drop address. And they can pretty much take someone bankrupt; fifty or one hundred thousand dollars in the hole in a matter of a week.
IdentityTheftSecrets: I apply for credit in your name. I put up a new address, a drop address, we will go into what that is, but I put up a drop address as your new address, right? If I have stolen your information and then I can get up to, with a good credit or somebody with at least moderately acceptable credit; I can get fifty to hundred thousand dollars worth of credit in your name?
Former Identity Thief: Yes. Sometimes even more depending on the credit score. Some vendor would actually sell the information rank on credit score.
IdentityTheftSecrets: So you go, you hack into somebody's information; you sell that to, let just call this guy Joe. Okay Joe, is somebody who resells other people's information to the people that are actually going to use it. So, you sell the information to Joe; Joe sells it for ten bucks to somebody, who goes out and finds out well, Joe goes out and finds out hey this person has a credit score of 750 and can get approved for basically anything so I sell their name, as Joe let say I am Joe; I sell that information to the end person who buys that for twenty bucks and then they go and get one hundred thousand dollars worth of credit in my name?
Former Identity Thief: Correct. They can also open utility bills in your name, bank accounts in your name, get state issued IDs in your name, everything.
IdentityTheftSecrets: Well let me ask you this direct question, have you ever used somebody's information?
Former Identity Thief: Yes.
IdentityTheftSecrets: Yes. And how many times do you think you have done that?
Former Identity Thief: Over one hundred.
IdentityTheftSecrets: Have you thought about; I mean this is what is so puzzling to me, the people; it is really hard for me to get in the mind of somebody who would do this to somebody else. I mean, how do you justify that, like in your mind?
Former Identity Thief: The justification when it comes down to it, sad to say, is in the long wrong run, the creditors, the way we look at it, the creditors are the ones that take the hit. They are the ones who actually loose the money, is not an actual individual who loses the cash. It is the mind set of everyone in the business.
IdentityTheftSecrets: Right, but what about the guy who is pulled over at three o'clock in the morning who's information has been used for some sort of criminal type thing, let say, somebody uses my information and goes and gets a driver's license in my name and they are pulled over and they have a DUI. And that goes on my record because they are using my driver's license with their name and I spend the night in jail because of it.
Former Identity Thief: Yes, not many think of it from that point of view.
IdentityTheftSecrets: From working inside the industry, what is the worst story you've heard about someone losing their information?
Former Identity Thief: Well, recently I say there was an online Casino scam that was running where one of the moderators took the person roughly about six hundred thousand in a matter of about two days right from their accounts and IRA.
IdentityTheftSecrets: Can you say a little bit about how that happened?
Former Identity Thief: What they usually do; it turns out to be almost like a phishing scam. They set up a fake casino and phished out their letters to everybody and once they sign up and start gambling; what they would do is they just would repeatedly charge the card and debit the bank accounts until it was flat out denied. And, in some cases the people would actually fax over copies of their driver's license, utility bills, credit cards; front and back, for them to just use at their will, because they didn't know any better.
IdentityTheftSecrets: Because they thought they were going to win inside these casinos?
Former Identity Thief: Yes, they figure oh I won this and they sent out a letter saying you have $10,000.00 that you have won and now you have to send me all this as proof that you are this person and then we will give you the money. Lo and behold, they have just turned in their whole life to somebody, including all their money, and didn't even know about it.
IdentityTheftSecrets: The people are just okay. Obviously, in that situation they know the individual that they are robbing?
Former Identity Thief: Yes.
IdentityTheftSecrets: Right and they are actually, because they have seen pictures of them, they have gotten all of their information faxed to them. What do you think is going on the mind of that person?
Former Identity Thief: Oh, they are just thinking about how much money they are going to make because once you send them all of your documentation; there is pretty much nothing that the person who has sent the information can do after that because they knowingly and willing gave them that information. So, on the legal stand point, the way the law works is the banks are not responsible for the money because they handed over their information. So the person that ran the scam is thinking, wow! I just got rich in two days.
IdentityTheftSecrets: I just made half a million dollars directly out of somebody else's account and the bank is not going to reimburse this person. I just ruined somebody.
Former Identity Thief: Yeah, that is pretty much how they think about it. They are more on the greed instead of how it would affect somebody else.
IdentityTheftSecrets: And obviously there are these forums, right? There is like Carder's market and I don't think they like me very much over there...
Former Identity Thief: There is CardersMarket, Mazafaka, I say about twenty up and running at a given time.
IdentityTheftSecrets: There are twenty active forums up and running right now?
Former Identity Thief: Yes, that are actually not scammers and rippers trying to rip off other people in the business.
IdentityTheftSecrets: Alright, so there are forums up right now and they are trying to rip off each other?
Former Identity Thief: Well, there are some forums that are trying to rip off verified members of other forums. They invite them to come in and what they would do is; they offer to sell a product to the newcomers and they will take the newcomer's money and not give them any product at all.
IdentityTheftSecrets: And who runs these boards; I mean, who sets up CardersMarket? Or who sets up the markets or sites like Mazafaka? I guess these other sitters that are out there? ScandinavianCarding was out there for a while. Who sets these things up?
Former Identity Thief: Various people from all over the world. Each forum pretty much bases itself with numbers from the areas that pretty much I'll say, involves business with like; Mazafaka is pretty much a Russian base community with the Russian speakers. They do have an English side to it but their main focus is European. Where Scandinavian(Carding's) focus was more Swedish and Carder's market is more English based. It is all; various people go all the way back I say, they all branch out since ShadowCrew went down back in 2004 I think it was.
IdentityTheftSecrets: So the government came in and I mean; I think people listening to this call doesn't even know about ShadowCrew. ShadowCrew was a form where everybody did business, right?
Former Identity Thief: Yes, it was one of the two main back bones at the time. There was a ShadowCrew that handled, I say 90% of the US business and then there was CarderPlanet that handled about 90% of the Russian based business.
IdentityTheftSecrets: I mean when you say "business" you are talking about the business of ripping other people off?
Former Identity Thief: Yes. When the law enforcement took over those forums the ones who eluded captured that were high up in the ranks, split apart, and started their own; I guess you can call it sub-forums at the time, and have built from there.
IdentityTheftSecrets: And today you say there are about twenty of these forums that are actively running with members?
Former Identity Thief: Yes.
IdentityTheftSecrets: And how many of these would you classify as good places to do "business"?
Former Identity Thief: I would say right now only about three of them.
IdentityTheftSecrets: Where are they set up?
Former Identity Thief: Well, Carder'sMarket is based out of Iran now. Then you have DarkMarket that is based out of the Ukraine. And then you have Maza (faka) and verified.ru which are both based out of Russian territories.
IdentityTheftSecrets: Where do most of these people live? Most of these people that are ripping other people off.
Former Identity Thief: They are all over the world. Some are in the United States. Most of them are European. The little low end bottom-feeders are Nigeria, South Africa. Those people really, I don't know. The media really likes to make them look more of a threat than what they really are.
IdentityTheftSecrets: The Nigerian fraud people?
Former Identity Thief:Yes. They are actually like low end when it comes to the whole big picture.
IdentityTheftSecrets: Okay, so can you give us a brief, what is the difference between someone who is low end and someone who is high end as far as someone who is taking other people's information and using it?
Former Identity Thief: Well, a great example who be. I'm sure you have seen the Dateline "To Catch an Identify Thief." The whole IRC they are using people's credit cards, everything like that. What they don't tell you are that those same people that is using those cards; those cards are actually thrown away by the people who know what they are doing. When someone steals a person's identity, they will use it and take what they want and they will throw it off to the Nigerians and the people in those channels to distract law enforcement from themselves. So, their targets when they see all the activity in fraud they'll think oh is the Nigerians doing this and that, but they don't see the big $2,000 or $4,000 hits by the people who actually used it for what they wanted before they threw it away.
IdentityTheftSecrets: Okay. So, let's try and put together this picture. You go and you hack xyzshop.com and you hack in there or you get the information some other way because I know that there are a ton of ways to do it. Your way of choice happens to be to hack in somebody's website that has poor security. So, you go to xyzshop.com, you get a thousand people's information, you sell that to a guy for five bucks a name or a dollar a name or fifty cent a name, he turns around and sells that for ten dollars a name or twenty dollars a name to someone who uses it and hits that person for ten thousand, fifteen thousand or twenty thousand dollars and then that person resells it to somebody who is operating, like a Nigerian type fraud?
Former Identity Thief: Well, they don't even resell it. They just give it away to them and they will just post it free for anyone. It is like a bunch of hungry piranhas on IRC for the best analogy. With the person that after they use it they will post it on one of the IRC chat rooms where all of the Nigerians and everyone hang out at and as soon as they see that information posted in that room, within minutes they will kill off the rest of that card in places all over the world.
IdentityTheftSecrets: So this card just gets publicly posted. I'm done with it because I have spent $10,000.00 on it. I know it has a $12,000.00 credit limit and I really don't want anything for $2,000.00 so it is much easier for me to go and buy somebody else's info. So I really don't care about this card; here you go.
Former Identity Thief: Yeah, and then the people who fight for the $2,000.00 limit; law enforcement would see twenty other transactions coming from ther, so the focus is on them trying to use it and it pretty much eludes the main person in the first place. Is just a way for them to cover their tracks.
IdentityTheftSecrets: So who would you say is the most likely person to become a victim of identity theft? If there was a group of people who, because all of these statistics come out all the time and say well seniors are the most targeted; well teens are the most targeted. Well, you know kids who haven't established any credit are the most targeted. People in their twenties are the most targeted. You know, I've seen statistics on everything. Based on your experience working inside of the industry, who would you say is most likely to become a victim of identity theft?
Former Identity Thief: Anybody who pretty much uses their information on the Internet for anything whatsoever. I mean there is no specific category. If they are on the computer and they don't know about their own personal security and they don't run anti virus or firewall or anything like that; they are just as much chances as a 70 year old becoming a victim as a 19 year old. They don't care age, race, color, anything; they just want your information.
IdentityTheftSecrets: What about; I mean, I don't know. Have you ever tried to hack into a big company, like a health insurance company, or a bank, or a mortgage company, or a school?
Former Identity Thief: I have never personally done it but I have known it to be done. The VA hospital in Pennsylvania lost a whole bunch of records when they were hacked. There are schools where students would make fake IDs and have all of the people; like they would make IDs for all of the students to go get drunk but at the same time they would have all the personal information on that person. Name, date of birth, everything; so they would have them themselves, they claimed it was to make the IDs but then they will resell it later.
IdentityTheftSecrets: So some college kid is 19 years old and says, I'm going to get a fake ID, this guy is going to make one for me and it is a really good fake because what the guy is doing is taking the information that he used to make that fake and reselling it?
Former Identity Thief: Yes, on top of the money he is getting paid for making the ID.
IdentityTheftSecrets: He makes 100 bucks for the fake and then turns around and sells the info for twenty or thirty bucks a pop?
Former Identity Thief: Yes. The higher the quality of his fake, the more people that come to him, the more product he has to sell online, the more credibility he will have later on to do other business.
IdentityTheftSecrets: So there is a whole like trust network?
Former Identity Thief: Yes. A lot of the forums and the higher up identity thieves are all based on trust. You just can't be some new guy coming in and saying, hey look I want to do business. They would pretty much look at you and say all right you are law enforcement, you are a reporter; we don't want you, even if you are 100% serious in starting in the business. That is why a lot of the forums now require what its called guarantee. They have to have at least two people to vouch for them and then they have to pay a fee just to even be able to view the forums nowadays.
IdentityTheftSecrets: So someone can get in if they know a couple of people in the industry who are already ranked well and they are willing to pay. What kind of fees do they have to pay to join these forums?
Former Identity Thief: It is usually only around fifty to one hundred dollars, which is not much considering what they...
IdentityTheftSecrets: When you are ripping somebody else off, right?
Former Identity Thief: Yeah
IdentityTheftSecrets: When you know how to get somebody else's information, 100 bucks is nothing.
Former Identity Thief: Exactly and that is the way they advertise it on the forums. So, if you are here to do business you can buy a credit card with whatever name you want on it, with the ID to back it up and the information. So, you can just take it to the store for 200 hundred dollars and spend thousands and you can't pay 100 dollars to get on here, then there is no need for you to be on here; you are not serious.
IdentityTheftSecrets: If you had to speculate, why would they host; I mean this is a dumb question, for people who don't know it is not a dumb question at all; why is this, lets say Carder'sMarket, why would they host out of Iran?
Former Identity Thief: They do that pretty much for law enforcement has no control over anything they do at all. They can't force them to shut down the website, they can't take them offline, and it is pretty much out of everyone's reach.
IdentityTheftSecrets: We didn't have much success getting them to shut down their nuclear weapons program. So, I can't imagine we can get them to shut down a website?
Former Identity Thief: Yeah, slim chance there.
IdentityTheftSecrets: Yeah. So, everyone is equal opportunity to become a victim?
Former Identity Thief: Yes.
IdentityTheftSecrets: Because any bank, any mortgage company, or any insurance company can be hacked?
Former Identity Thief: Correct.
IdentityTheftSecrets: By the right person, right?
Former Identity Thief: Well, a lot of the times it is even done from inside. I know of certain banks where they don't even bother shredding their documents and so they just throw them away in a dumpster with a little lock that can be picked in no time at all and all of these mortgage applications, loan applications are free for the taking right out of the garbage.
IdentityTheftSecrets: And that kind of information can either be used or resold?
Former Identity Thief: Yes.
IdentityTheftSecrets: So if I am a real-world identity thief, like you are you using virtual methods or have in the past, I mean we are going to talk about you getting out of this, but if I am a real well identity thief; I am not stealing people's information, you know by hacking in, what is my process?
Former Identity Thief: Oh there are so many things you can do. You can go to the post office and have their mail put on hold and pick it up your self. You can have a change of address put over the internet with a gift card that you can buy and use any name on it and then the mail will be redirected to wherever you want it to be redirected to.
IdentityTheftSecrets: Explain that a little further. I can go get a gift card, explain how that works.
Former Identity Thief: You can go out and buy a gift card. All that the US Postal requires for you to do a change of address on the computer is register your new address and show a credit card as verification. So, if you get a prepaid credit card somewhere, you can put any name you want on it. So, when you apply for that on the US Postal website the name matches the address that you want to forward to so they just go ahead and put the change of address for your mail is being sent to wherever that person decided to put it in at.
IdentityTheftSecrets: Well, I have known that you can do that with the United States Postal Service. I mean, if you are willing to go in the place you can just actually write one out, you don't ever need verification.
Former Identity Thief: Yes correct, if you just want to write one out, but most people don't like doing that nowadays because you can't see if you have your fingerprints on the document, or they either have your signature or your handwriting for analysis later.
IdentityTheftSecrets: So instead I can go get a gift card and I can just change your address and get your mail for a few days and try to get information from your mail?
Former Identity Thief: Yes.
IdentityTheftSecrets: So, what other kinds of way if I am a real well identity thief and I am stealing information like real instead of virtually, how else would I steal people's information?
Former Identity Thief: A lot of people go through other people's garbage. Better know as dumpster diving for those who don't like to shred their documents. They just get stuff in the mail and don't even think about it, they throw it away. People throw their pay stubs away; they just crumble them up and throw them in the trash and don't pay any attention to it whatsoever thinking that the garbage is just going to come and get it. Bank institutions; some of them, I have to say most of the big name banks will actually shred their documents, but at the same time, some of them have them in a holding bin that is locked until the shredders come and get them and someone can just break the lock and steal I mean, bags full of people's identities. I mean, it is nothing but their identity, their bank account, social security number, everything we'd need to get, mortgage; it is all there for the taking. Other people, like working in the administrator's offices at schools and hospitals, and have the information like that. A lot of people, who throw their computers away, just because they format their hard drive, does not mean that the information is gone. A good person with computers can recover everything off of there unless it is properly cleaned.
IdentityTheftSecrets: What is the best way of having it properly cleaned?
Former Identity Thief: I would use something along the line Active Disc Wipe and Run like a GutMin wipe on it where no information can be recovered. It may take you a few hours but the money and hassles that would save you in the long run is well worth it.
IdentityTheftSecrets: So kind of getting into that topic then; if you could give people advise on what they need to do to protect their information, I mean just kind of open ended here; what would your advise be?
Former Identity Thief: They would need to shred their documents. Don't think that anything is something that doesn't really matter. Any information at all that can put you to something else gives them the ability of getting more information on you. Protect your computer. Use firewall, up-to-date anti-virus, there is a nice little plug-in that they have out now that is called key scripter which crypt your key strokes in the internet browser in case a key logger is on your computer it still gives random codes and it won't actual be able to get any of your information at all. I use Kapersky internet security suite and ZoneLabs security suite. Anything that you can actually protect anything you do on the computer is a big step forward. Make sure you use stuff to verify that the emails that you get are actually from the banks itself because 90% of the time a lot of people will respond to the email and the bank is not going to ask you for your personal information, they already have it all.
IdentityTheftSecrets: So, how would you be able to tell what is a real email and what is not a real email? Some of those phishing emails are so good now.
Former Identity Thief: Oh yeah, they also have programs out there that verify the actual email header. Most Internet companies and web mail you can't actually see the header but if you have the option to use the header and make sure that it actually comes from there. Microsoft actually, I have to give them credit on this and I really hate them, but in Windowd Vista and I think Internet Explore 7 offer a really nice anti phishing tool bar built into the browser now that tends to work very nice.
IdentityTheftSecrets: Right, we did a video on that actually about exactly that on Identity Secrets. This site has been reported as a suspected phishing site, would you like to continue to this website?
Former Identity Thief: Yeah. I mean there are still ways around that for the good identity thieves but most of them don't work their way around with that. I have given ideas to banks that they can use that are 100% surefire way to stop phishing. None of them have really implemented it, the only company that I have seen it implement it so far has been Paypal.
IdentityTheftSecrets: What did they do? I mean, what is the 100% surefire way to stop phishing?
Former Identity Thief: I suggested that they use RSA keys. I'm not sure if you are aware what those are or not, but it is like a key chain and it is a token that is tied to the account. The key chain that they send you is a little digital key chain and has a revolving password for every thirty second a new password is sent to that device that is generated by the token that is tied to the account. So that way, even if a person was phished, by the time they are done sending the form and they hit send to email it back, their password has already changed.
IdentityTheftSecrets: I can imagine that kind of thing can be very expensive for a bank to implement?
Former Identity Thief: No, not really. If they would charge their customer a one time fee of $5.00, it would cost the bank around; I say out of pocket with the fee maybe about two to three million to implement but they are also losing nine billion a year. So, but they just look at why spend ten million dollars now just in case we loose nine billion over the year.
IdentityTheftSecrets: The banks you are talking about, how do you know these statistics that the banks are losing nine billion a year?
Former Identity Thief: Oh, if you Google search and everything and you bring up the statistics on the loss of Identity Theft and I have actually talked with bank investigators from a few banks and got information from them when I was offering them this idea that they could use and they're like, well, the banks can't justify spending this much money now for something that might happen in a year.
IdentityTheftSecrets: So they rather have cure than prevention?
Former Identity Thief: Yeah.
IdentityTheftSecrets: The advice that you are offering here is basically shred your stuff, make sure you are completely secure in the Internet; I think you mentioned about six different products that the average person should have in order to protect their information, what other kind of things do you recommend they do?
Former Identity Thief: Well right now they have a telescam that is going on too were these identity thief are using automated systems to call and contact the people and saying, hey your bank information needs updating please call this 800 number. I would call your bank and verify first. Pretty much, if you shred everything, you keep yourself secure, if you try to make yourself aware of all the latest things that are going on and educate yourself on the new tricks that they are using; you should pretty much be safe.
IdentityTheftSecrets: Couldn't I though; I mean, if I am you and I am trying to hack into one of these companies or somebody with some really good hacking skills decides to hack well, I can even go up and look at the companies that have been hacked; I'm actually going to do that while we are on the phone here, but if I am really good at hacking in to somebody's information; how do I as the end consumer prevent you, the hacker, from going and hacking the companies that I have trusted my information with?
Former Identity Thief: Well, one of the things that I suggest for online purchases is go to like a Simon mall or other malls like that, they give you the gift card. You have to spend the two dollar fee but you can buy the gift card for the amount you want to spend online; take that gift card home and use that. They get the gift card number, the money is already deducted from it and you take no loss whatsoever, except the little two dollars that you paid to be able to use the credit card. That way they don't have your information, your credit card; they just have bogus information, so to speak.
IdentityTheftSecrets: Right, but let say I went into; I mean, I am looking at the list here that is on the Privacy Rights Clearing House website and as I am looking at this; Tufts University. Let say I attended Tufts University in Boston, Massachusetts; they lost 106,000 records from hacking on April 11, 2005. Here is another one for Ralph Lauren; now, I may not have shopped at Ralph Lauren's website online, but I may have shopped at their store, there physical store with my credit card right, and my information is now stored with them. Here is the California Department of Health Services...
Former Identity Thief: TJ Maxx was a really big one there as well which was recently done.
IdentityTheftSecrets: Right, so if I am shopping with these companies; we are not talking about internet now, we are talking about I walk in, I hand my credit card to somebody, my information is stored in their database and their database is hacked; how do I prevent my information, I mean, how do I protect myself from that kind of a thing? Because, I am going to go out and do real world purchasing, right? And, I am going to go to college and at college I am going to have to give my information out and I am going to have health insurance; my health insurance company needs my information. Here is one from the Colorado Health Department, they needed my information or whatever; 1600 families lost their information to hacking. All of these other companies that house my information, you can hack in to any of these people, right? If you are a good enough hacker, you can hack into any of these people?
Former Identity Thief: Yeah, and the sad thing is that there is really no preventative measures right now that can actually be put into work effectively with those.
IdentityTheftSecrets: So, even if I do everything that you just, and I am obviously leading with something here, but even if I do everything that you just recommended to me; there is no guarantee that my information is going to be safe?
Former Identity Thief: No, the only thing that you can possibly do would be like lock your credit; where you can do it through the credit bureaus where you can actually lock your credit where no new lines of credit can be applied for, but that still takes the chance that your credit cards can be used. I will never use a debit card in the stores. That is the biggest mistake that a lot of people do. Everybody thinks that it is more convenient because it comes out of your bank account, but when you use that debit card in the stores, there is a higher chance of them being able to clear out your bank account, take your life savings, then if you would have just used your credit card and have that maxed out.
IdentityTheftSecrets: Why is the reason for that?
Former Identity Thief: The credit card is actually not linked to your bank account at all; where the debit card gives them direct access to your bank account.
IdentityTheftSecrets: Okay. So, either use a bank account with a small balance in it or use a credit card?
Former Identity Thief: Yes and even at that; I would set up a complete separate bank account aside because if you have a checking account and a savings account, even though the debit card is only tied to your checking account; once they have that they can go online with your account number and apply to have your savings account added to your debit card later, and then clean out your savings account the same way.
IdentityTheftSecrets: Okay. So then even if I lock my credit, I don't use the bank account and whatever; then let go back to the situation before that I mentioned; someone is using my driver license and gets a DUI in my name, how does locking my credit help with that issue?
Former Identity Thief: It doesn't at all. The sad is that there is no actual true way at all whatsoever to pretty much put a stop to it right now; that is the biggest thing. The only thing that would possibly come in that would be stuff in the future that you have to hope that the government would decide to implement, but their whole thing is what will it cost? And, that is their biggest worry, what will it cost them to implement such measures?
IdentityTheftSecrets: And, not only that; but the banking industry on the other side doesn't want to do that anyway. Even if they wanted to implement it they've got somebody actively fighting against it on the other side.
Former Identity Thief: Yes.
IdentityTheftSecrets: Let's kind of go back to some of the other questions here. If there is one thing, we talked through a bunch of these, what is the number one thing, I guess, out of everything we just talked about; if there was just one thing that I could do to protect my information, what will that be?
Former Identity Thief: I would have to say educating yourself on everything is. I would read up on as much as possible to learn everything and practice as much computer security as you can.
IdentityTheftSecrets: I mean, a lot of people, you know, they push these power buttons on their computer and that is about the extent of their knowledge of how to use their computer, other than, hey I love eBay and I love to shop on eBay.
Former Identity Thief: Yeah and that is what makes it so hard, and those are the people that are mainly targeted because they don't know any better. They don't bother with firewall or anti virus because they don't know what it is. They don't see how it can benefit them. Why should they pay forty dollars for a piece of software when they feel that they don't go anywhere to get a virus, but at the same time, viruses are pretty much hidden everywhere nowadays. You can go to eBay where there is a new PNG virus that is going around where as soon as you load the web page it can infect your system and you wouldn't even know that you were infected.
IdentityTheftSecrets: What is a PNG for those who don't know?
Former Identity Thief: PNG is an image file. They would show, like when you would open up a eBay auction and it has a picture of, let say, a printer that you are going to buy; that printer (picture) can actually have the malicious code in it itself and execute itself on your machine.
IdentityTheftSecrets: Just based on viewing a web page, I could have a virus installed on my computer from a graphic?
Former Identity Thief: Yes.
IdentityTheftSecrets: And, what kind of things could that virus do? I mean, we all have heard a lot about virus.
Former Identity Thief: It can turn your computer into a drone. It can; they can use your computer to commit the crimes that they want to commit and when the investigation comes back it looks like it was your computer that did it. They can log all your information that you type, all your personal emails and once they start getting your personal emails and everything; that is where the social engineering aspect of it all comes into play. Where the identity thieves will talk to your friends, and other people, and co-workers and get more information on you so when they steal your credit they can answer any kind of questions that they might need to know later on to become you.
IdentityTheftSecrets: Run me through a hypothetical on how that would work.
Former Identity Thief: Okay. Let say you were sending an email to, say you have a brother, and I intercept your email and see what you were talking about. So, I decide to contact your brother saying that I am a friend of your and we were supposed to go to a football or baseball game or something, and I lost your phone number and I just needed it real quick because by the time you check your email it would be too late. Most likely a lot of the time they just give up the information freely and once they have your phone number they can do a reverse look up online and have your address. Now they have your name, your address, and your telephone number. With that they can start working through utility bills. There are a lot of utility bills online, accounts and everything, they will link it to your address and then next thing you know they will have your social security number. After they have your social security number they will go to a place like, Intellius or Integrascan and do a complete credit background on you, and next thing you know, your information has been sold and somebody else is you.
IdentityTheftSecrets: So, is really that simple?
Former Identity Thief: Yeah.
IdentityTheftSecrets: Someone can really just have your name and they can work it backwards from there and if they really want to get your info, they can do it; pretty simply?
Former Identity Thief: Yeah, they can. It might take them a few days or a week or two to get it done but if they want it bad enough they can do it.
IdentityTheftSecrets: What would the cost be of doing that overall? If all I started with was the hypothetical you just ran; if all I had was your name...
Former Identity Thief: Well, if you are actually an identity thief, it wouldn't cost you anything except your time. When they go to Intellius, they don't pay the fees but what they would do is; they take one of the stolen credit cards they have laying around or sit on one of the websites where it's posted for free and then use that to run the report. And then everything else is pretty much; you can find on Google, I mean Google is a great search agent, but they just include way too much information for some people.
IdentityTheftSecrets: That is one of the things that we have always advice people on Identity Secrets too. Go do a vanity search for yourself. Go type in your name or where you work or go type in your name and the name of your kids, or go type in you name; go type in your phone number.
Former Identity Thief: One other thing, the Department of Agriculture, I think it was listed on security focus, mistakenly had all the applications and everything indexed by Google because they did not set up the Robots.txt to where everyone, I think in was in Iowa or one of those somewhere, I am not sure at the moment which one it was, but all their applications with names, addresses, social security number were right there publicly browser able just through a Google search.
IdentityTheftSecrets: And how long were they up there for?
Former Identity Thief: Honestly, they don't know. It could have been up there for a year. They weren't even aware that they were being index. Someone mistakenly trip over and found it.
IdentityTheftSecrets: And then before it they took the Department of Agriculture, and they said, "Oops, sorry."
Former Identity Thief: Yeah, we didn't know we made that mistake. Computer security rating is like a C- when graded through what the actual guidelines are today for computer security. Some of them are complete failure; I think that the Department of Justice had like an F or a D for this year.
IdentityTheftSecrets: And can you go on and look those things up as an identity thief?
Former Identity Thief: Yes, you can look them up everywhere. A lot of the websites have what are called RSS fees, where the news fees and they just get the information constantly. For the hacker there are websites out there that focus in advisories and that is how most of the hackers even find companies that are still vulnerable. Now, a place like CERT which is an advisory; they issue the advisory and threats now the hacker sees the threats and it may be something that he never thought of and he has a new virus out there until the companies upgrade and fix the hole. Within those two weeks he can still profit nice bit of information in those two weeks.
IdentityTheftSecrets: So, these security advisories that are coming out; a smart identity thief would get on their list and they will get the notification and act quickly on that notification and go expose a hundred new companies or something to this and then?
Former Identity Thief: Yes and they hope to exploit the hole before it is patched. They don't sleep two days at a time; they just sit there and watch for a time to just come in.
IdentityTheftSecrets: So, they are not actively thinking; hey, what can I do to hack somebody, they are just waiting for security advisory to come in and then they use that security advisory to create further damage?
Former Identity Thief: Yeah. They are like wow. Yeah, if I use this one right here that will give me their database access. I haven't been thinking about using this method and then that is the method that they decide to run with.
IdentityTheftSecrets: You been offering; obviously, you know a lot about this industry. I mean, I appreciate you taking the time to talk about this today and really, honestly, the only reason why I am even talking to you is because you told me, "I am ready to kind of make some changes about what I am doing and trying to help people." And so, you have been involved in this industry of ripping other people off and taking their information and using it for identity theft for twelve years now; so, dating back to 1995?
Former Identity Thief: Yes.
IdentityTheftSecrets: What is it that is getting you out of this arena and actually trying to do positive things; going and talking to banks about ways they can protect their customer's information, what is getting you out of that side of it and trying to help people from the other side?
Former Identity Thief: Well, the main thing that got me into it was the challenge, but now that is not challenging, I figure it be more of a challenge to try to prevent everything from happening. I am more of a person who wants to be challenged about what I am doing then just sitting around and on the other side is like wow, this could be my wife's information stolen, this could be my mother's information stolen. Do I really want to put them through everything that comes with it; it is pretty much where I started going with it. I end up developing like a conscience.
IdentityTheftSecrets: Man, was there something I mean; on Identity Theft Secrets, I mean, here is the thing; I'm the hopeful, I'm hopeful you know, because I think that without hope you just give up everything, but I am hopeful that at some point in the future we can get a hold of some of these people that are like, you know I mean, the serious rip off artists and that they would have some sort of conversion, you know I am not talking about religious conversion, but just some sort of conversion that go; I can't believe that just happened to X person and to have them see what that does, because that is what I see all the time. I mean, I see what it does to identity theft victims, right? I mean, if then knew some of the things that they cause; I would think, I mean, I'm just hopeful that like most of those people would convert, you know? Jim Rohn says that there are seven to ten really nasty people in the world and they move around a lot, right? You and I both know that there are more than just seven to ten but that we would just hope that those people could be converted. So, I mean, were there something for you that made that switch? Was it instant or was it over a period of time?
Former Identity Thief: It was more or less over a period of time. I just started like; we have on the forums where everyone would be posting their comments, the news articles and everything; we tried to keep an eye to see what was being said about us and everything and just blow it off, but then it is when I sit there and go through them I see is not just the creditors are taking a hit on the money so it is actually causing problems for this person and that person, and this is happening and that is happening; so after a time, wow. I got into thinking wow, the credit companies are charging you 23% on every dollar you spend so, they are not the only ones that are getting hurt anymore.
IdentityTheftSecrets: Initially you were trying to rip off the credit card companies?
Former Identity Thief: Yes, I looked at it as; they are ripping me off 23% on every dollar I spend, it is my turn to take back from them.
IdentityTheftSecrets: And, would you say that is the thought process of most people in the Identity Theft arena?
Former Identity Thief: Yes, I would say that is about how 90% of them think. The other 10% are like, hey this is quick and easy money.
IdentityTheftSecrets: Who cares who it hurts?
Former Identity Thief: Yeah.
IdentityTheftSecrets: So, there wasn't one thing that made you go; man I just got to get out of this?
Former Identity Thief: No.
IdentityTheftSecrets: Just more of a gradual process realizing that is actually hurting individual people instead of hurting banks?
Former Identity Thief: Yeah. Is like wow is not really, I mean it does still hurt the banks and people down back somewhat, but there is damage irreversible that is done. So, it is just; I just couldn't live with the fact that it was like alright, I am the one that is causing this person to be this miserable over something that it wasn't targeted at them as an individual as it was more so at the company.
IdentityTheftSecrets: How much money do you think you have personally made from identity theft; from the things that you have done?
Former Identity Thief: In a year I have made close to three quarters of a million, at a given year.
IdentityTheftSecrets: And you have been involved for twelve years so, let just say half a million a year so; you have been probably six million dollars for the last twelve years from other people's information?
Former Identity Thief: I would say more or less around three because you have to pay out money to make money. Experimental - like; you have to buy equipment to make your product better for use in other places so, all in all, I would say about three million profit.
IdentityTheftSecrets: So, you have deposited three million dollars in the bank and obviously you have family. I mean, you mentioned anyway that you have a wife; how does your family feel about what you do? Do they know?
Former Identity Thief: No. They think I am just a computer consultant that goes to work from nine to five every day.
IdentityTheftSecrets: Even your wife?
Former Identity Thief: Yeah, I didn't trust anybody enough to let them know what I was doing, because if you tell one person next thing you know law enforcement would be knocking on your door sooner or later.
IdentityTheftSecrets: So, you are trying to switch now to the other side?
Former Identity Thief: Correct.
IdentityTheftSecrets: And so, you started this website idtsolutions.org?
Former Identity Thief: Yes.
IdentityTheftSecrets: And your goal there is to really help people figure out I mean, some of what we are doing with identity theft secrets, really help people to see what the issues are, what they need to be aware of and some possible solutions to help with the problem?
Former Identity Thief: Correct.
IdentityTheftSecrets: Is there anything you want people to know about that website?
Former Identity Thief: Well, on top of that; it is not like your basic just educating yourself on things that have been done on the past. I plan on taking like my status on the underground and using it on a positive way to actually inform people of things that are going to be happening in the future that they can look out for, that haven't gone main stream yet to where it would be on the news of this happening or that happening. Kind of giving them preventive measures themselves, so they won't have to worry about, oh yeah, I heard about that but that happened to me six months ago.
IdentityTheftSecrets: One question I wanted to ask you before too; does your wife know now what you do?
Former Identity Thief: Yes, she knows now.
IdentityTheftSecrets: I imagine that was a fun discussion?
Former Identity Thief: Well, she really; she really didn't know how to take it. It was more or less like I can't believe you did this but what are you going to do if this happens or that happens.
IdentityTheftSecrets: So then, now your plan is to try and use your status that you built up there to try and turn some things around for people?
Former Identity Thief: Yes, help them prevent it from happening to themselves.
IdentityTheftSecrets: Where do you see all of this going? I mean just too kind of wrap up here; how do you see people putting an end to identity theft?
Former Identity Thief: They have to honestly start getting on their senators and governors, because one thing that you would notice is the United States is where all the other countries target because the government and the banks really just don't care. In other countries it's just so much harder to get the information because of such more strict penalties and everything. Hopefully, people will voice enough concern to where they would actually start implementing things that are out there that can be used and put into effect and just, I guess, make them not just look at the money aspect of what is going to cost them now to what is going to save them later.
IdentityTheftSecrets: The number one thing, I think out of all of it, I mean when I look at it; the number one thing we can do is make our social security numbers less valuable.
Former Identity Thief: Yeah.
IdentityTheftSecrets: Because, I mean, you agree with me that social security number is like gold, right?
Former Identity Thief: Yeah. Once you have someone's social security number that is their entire life and that is the other thing that makes it so easy in the United States; is that social security number for the hackers. Once they have that, they can pretty much do anything that they want with it. If they can come up with a new system, other than the social security number, that would be great. But I think they have relied on it for so many years that kind of come up with a new system; they just look at it as too much money out of their pocket.
IdentityTheftSecrets: So, the Federal Trade Commission has reports that ten million people are victims every year. So, there is about what, two hundred and fifty million people in the United States who are in buying age, right?
Former Identity Thief: Yes, about that.
IdentityTheftSecrets: And, the Federal Trade Commission receives reports that ten million people are becoming victims of some sort of identity theft, identity fraud? That is not a big enough...
Former Identity Thief: Yeah and the sad is that those are the only ones that are reported. There are plenty more that go on unreported, that most people don't even realize that they are victims until it is too late.
IdentityTheftSecrets: So, if ten million people reporting, and who knows how many others not reporting is not enough to cause the government to make changes; where do you see all of this going?
Former Identity Thief: Very bad; that is why I opened the website and I look for other websites that are the same, because I mean, if we don't educate the people and we don't try to help them take their steps; who else is going to do it? Is about how I look everything on it; you can't really rely on someone else to do something for you when you are not willing to do the steps yourself. So, it is just going to be, pretty much I am looking at it, is not going to get any better, it is going to get worse. I mean, if people would actually would take time and listen what people are saying about identity theft and listen to the message thatwe are trying to get across on; you have to be more secure, you have to be more cautious on what you do, then I can see the numbers going down dramatically, but the thing is, they have to be educated first before they know what not to do.
IdentityTheftSecrets: Simply by individuals educating themselves?
Former Identity Thief: Yes, unless the government is willing to set up and put something out there. I mean, the Federal Trade Commission talks about a few things on how to do this and how to do that, but how often do you see identity theft seminars at a local amphitheater or something or at a local conference on how to prevent things that could happen to you. How much identity theft awareness you see advertised on TV; you don't really see it, they make jokes about it, like CitiBank and make it look like is funny but no one actually shows the real threat to everybody to make them want to set up and take the initiative to save their stuff.
IdentityTheftSecrets: But it seems like there are a lot of education programs out there, but at the end; like I mean, I watched ""To Catch an Identity Thief" and...
Former Identity Thief: I watched that as well but the sad thing about that was they didn't target what the threats were. They targeted what the threats may have been a year ago, but they didn't; they don't cover what is now stuff. The stuff they put out there I mean, that was about a year ago; they have already done and moved on from most of what they were doing on there. That is like lost and dead and gone by now.
IdentityTheftSecrets: And the conclusion out of that to is; they say, you know, ""To Catch an Identity Thief," that's the title of the thing, right? As you know from watching it, no one is arrested out of that two hour special that they did. They flew all the way to Benin. No one spends anytime in jail out of the issue.
Former Identity Thief: Yeah, and that was mainly because they never actually really found the identity thief himself. They found the re-shippers, the person responsible for the re-shippers. Now, there are a lot of countries now that are stepping up and extraditing to the United States for them to stand trial. Back in 2004 the person who ran CarderPlanet, who was know as Scrip, he was set to stand trial in the US; as well as, Operation Rolling Stone there was someone by the name of Rayjack shipped to the US from Canada to stand trial. I mean, a lot more of the countries are making it more like a world wide law, but there is still some countries that just don't care. It's not happening to their citizens, why should they care?
IdentityTheftSecrets: Well, ultimately if I; let say I am in the Iranian government, I'm not too much of a fan of the United States government and people that live in my country set up a server and that server rips off Americans and pours money into Iran.
Former Identity Thief: Yeah, so they are all for it.
IdentityTheftSecrets: They have no reason not to let it run.
Former Identity Thief: Yeah. This is bringing revenue to them.
IdentityTheftSecrets: Alright, what I would like to do is stay in touch with you and obviously people who are listening to this call can ask questions using the comments right here on Identity Theft Secrets; do you have any closing thoughts for this call, we will have you back with Identity Theft Secrets, obviously I would like to know more specifically about certain kinds of schemes and that sort of thing. And if we can work together to share the info and get this out definitely would be, because I know a lot about the industry that I don't know from an insider's perspective and so it would be very good to have you back. Would you be willing to come back and do a call with Identity Theft Secrets?
Former Identity Thief: Yeah, sure.
IdentityTheftSecrets: Awesome...
Former Identity Thief: Go ahead.
IdentityTheftSecrets: No I was just going to say, just kind of closing out if you had any thoughts or anything you wanted to say kind of closing out here?
Former Identity Thief: The only thing I can really say to everyone is to make sure that would practice good security, I mean, there are a lot of free programs out there; I mean, there are ones that are offered all over the place. Like I mentioned before, [ZoneAlarm] offers a free personal firewall. The best thing you can do is; I mean, write to government officials, talk to your banks, press for them to actually look to what it is doing to their customers, instead of what is going to do to their pockets because in the long run, their customers keep getting hurt and they are going to leave anyway and the banks are going to loose even more money. So, just keep yourselves educated and try to stay on top of everything. Don't trust anybody that you don't know for the most part. That is like one of the golden rules in everything and from being inside of the business myself that I have learned. They will say anything or do anything to make you give them your information.
IdentityTheftSecrets: Well, thank you very much. Your website again is idtsolutions.org. We will have you back on identitytheftsecrets.com, thank you for taking a few minutes with us today.
IdentityTheftSecrets interviewed the CEO of SpamBully, Mr. Paul Jendrasiak.
