Pre-Paid Legal Services, Inc. (PPLSI)

Area Homeowners' Fears Unfold In High-Stakes Courtroom Dramas

By Ovetta Wiggins Washington Post Staff Writer Saturday, January 31, 2009; Page A01

Courtroom

The court clerk calls his name, and Harry Rexrode, not entirely sure what to do, steps to the defendant's table. He is dressed in jeans, a flannel shirt with dried paint spattered on the sleeves and work boots. He has no attorney.

In a stern tone, Prince George's County Circuit Judge Herman Dawson asks Rexrode whether he knows what is happening to him. Rexrode, 50, nods his head. "I want to see if I can get a continuance," he says. Dawson grins, as if amused by Rexrode's use of the legal term. "A continuance? For what?" "To stay," Rexrode says.

Rexrode is seeking a miracle really, in a place where there are precious few. He is in the county's foreclosure court, asking Dawson to let him remain in the Hyattsville home he has owned since 1997 a little longer before the bank takes it and he is put out in the cold. In the foreclosure drama between homeowner and lender, this is the final act. Courtrooms such as this across the Washington region are the forums where banks ask judges to grant a default decree so they can take ownership of a home, and people such as Rexrode try to reverse or delay that decision. They are almost always too late, and tragically ill-equipped to do so.

Seated in Dawson's nondescript courtroom, most share a look of puzzlement, fearful about their futures and uncertain of how the legal system works. They sound confused when the judge begins to pepper them with questions about dates of missed payments and when the bank began warning them about default. Few offer any evidence to support their claims.

In the foreclosure drama between homeowner and lender, this is the final act. Courtrooms such as this across the Washington region are the forums where banks ask judges to grant a default decree so they can take ownership of a home, and people such as Rexrode try to reverse or delay that decision. They are almost always too late, and tragically ill-equipped to do so.

Seated in Dawson's nondescript courtroom, most share a look of puzzlement, fearful about their futures and uncertain of how the legal system works. They sound confused when the judge begins to pepper them with questions about dates of missed payments and when the bank began warning them about default. Few offer any evidence to support their claims.

"Have you talked to a lawyer?" Dawson asks Rexrode. "I didn't know I needed one," Rexrode responds.

Dawson, who often hears criminal and juvenile cases and has a reputation for toughness, shakes his head. Then he says something he will repeat over and over all day. "You don't come to court without a lawyer. This is the problem."

It is obvious to Dawson that many of the homeowners don't understand the process. They wait too long to seek his help, and by the time they arrive, he has no choice but to rule in the lender's favor. Attorneys for the lenders, in contrast, are armed with documents, including returned certified letters notifying homeowners of their late payments and the bank's plans to foreclose.

Dawson estimates that he can help in only about 10 percent of the cases. "The mortgage company has done everything they were supposed to do, but then you have a person saying they have nowhere to go," he said. "It's very disheartening, knowing you can't do anything for them.

You don't have to be in trouble to need a lawyer, but if you are in trouble, then it's better to have one handy. With a pre-paid legal membership, you can rest assured that legal help and guidance is only a phone call away. It's a "life events" legal plan…there are certainly, especially in these times, plenty of life events to go around…financial difficulties, employment and family matters…. Remember, you don't need to be in trouble to ask for help. And, it's always better to ask and get that help before it's too late. Call (888) 206-2978 or (510) 457-6995 for more information, or visit Get Around To It

Read the rest of the article…

Both Companies Might be Victims of Larger Fraud Schemes

Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced Monday that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Meanwhile, Forcht Bank, one of the 10 largest banks in Kentucky, told its customers it would begin reissuing 8,500 debit cards after being informed by its own card processor of a possible breach.

In the case of Heartland, while the company continues to assess the damages inflicted by the attack, Robert Baldwin, the company's president and CFO, says law enforcement has already noted that the attack against his company is part of a wider cyber fraud operation.

"The indication that it is tied to wider cyber fraud operation comes directly from conversations with the Department of Justice and the U.S. Secret Service," Baldwin says. The company says it believes the breach has been contained.

Heartland, headquartered in Princeton, NJ, handles approximately 100 million transactions per month, although the number of unique cardholders is much lower.

"It is still a question as to the percentage of the data flow they were able to get," Baldwin says, adding he would not speculate on the number of cards potentially exposed.

Specifics surrounding when the breach occurred are still being analyzed. But Baldwin says two forensic auditing teams have been working on the breach analysis and investigation since late 2008, after Heartland received the notification from Visa and MasterCard. The investigation began immediately after the credit card companies told Heartland they saw suspicious activity surrounding processed card transactions. Described by Baldwin as "quite a sophisticated attack," he says it has been challenging to discover exactly how it happened.

The forensic teams found that hackers "were grabbing numbers with sniffer malware as it went over our processing platform," Baldwin says. "Unfortunately, we are confident that card holder names and numbers were exposed."

Data, including card transactions sent over Heartland's internal processing platform, is sent unencrypted, he explains, "As the transaction is being processed, it has to be in unencrypted form to get the authorization request out."

No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland's check management systems.

The company delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide Baldwin says the company moved quickly to announce the breach.

"It is important to get it out, but leaves us with incomplete information for our customers until the investigation is complete," he says. For more information on the breach, the company has set up a website: www.2008breach.com. Heartland advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers.

Forcht Bank: "Not Isolated" In a statement to Forcht Bank's customers, COO Tyronica Crutcher says that the bank's debit card processor, STAR, informed the bank that a retail merchant processor's information may have been compromised, and that some unknown persons are possibly creating duplicate debit cards. "According to STAR, there are several other banks affected, and this is not isolated to Forcht Bank customers," says Crutcher.

Forcht Bank has 34 branches in 11 counties, with more than $1 billion in assets.

Brian Krebs on Computer Security,
Washington Post

A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions credit and debit card transactions, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported.

Robert Baldwin, Heartland’s president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.
Baldwin said it would be unfair to mention any one of his company’s customers.

“No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair,” he said. “Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients. Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

“The transactional data crossing our platform, in terms of magnitude… is about 100 million transactions a month,” Baldwin said. “At this point, though, we don’t know the magnitude of what was grabbed.”

The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach. The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

“The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address,” Baldwin said. As a result, he said, the prospect of thieves using the stolen data to rack up massive amounts of fraud at online merchants “is not impossible, but much less likely.”

In many cases where a processor experiences a breach, the affected banks may simply re-issue new cards to some customers. In other cases, consumers may spot the first signs of fraudulent activity by reviewing their bank statements. It is unclear whether consumers who receive new account numbers from their bank will ever be able to definitively tie the re-issuance to the Heartland breach. Baldwin said it was not appropriate for Heartland to offer affected consumers credit protection or other identity theft protection services.

“Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible,” he said. “In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers.”

Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland’s disclosure — a day in which many Americans and news outlets are glued to coverage of Barack Obama’s inauguration as the nation’s 44th president.

“This looks like the biggest breach ever disclosed, and they’re doing it on inauguration day?” Litan said. “I can’t believe they waited until today to disclose. That seems very deceptive.”

Officials from the U.S. Secret Service could not be immediately reached for comment. Baldwin said Heartland worked to disclose the breach last week.

“Due to legal reviews, discussions with some of the players involved, we couldn’t get it together and signed off on until today,” Baldwin said. “We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognizing of course that this is not an ideal day from the perspective of visibility.”

The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors.

Last Updated: Friday, September 7, 2007 | 9:55 AM ET
The Associated Press

A Seattle man has been arrested in what the U.S. Justice Department described as its first case against someone accused of using file-sharing computer programs to commit identity theft. Gregory Thomas Kopiloff is accused of using Limewire’s file-sharing program to troll other people’s computers for financial information and then using it to obtain credit cards for an online shopping spree, federal prosecutors said Thursday. According to a four-count indictment, Kopiloff is accused of buying at least $73,000 US worth of goods online — including iPods and laptop computers — then reselling those items at half price and keeping the proceeds.

Authorities said they have identified at least 83 victims, most of whom have teenage children and did not know the file-sharing software was on their computer. But investigators also said they believe the number of people affected was in the hundreds, and that in all they lost hundreds of thousands of dollars. According to the indictment, Kopiloff is accused of using Limewire and Soulseek — free file-sharing programs available on the internet — over a period of about 2½ years to search for people who had inadvertently allowed access to their sensitive files.

He was arrested after one of his alleged victims, a Texas resident, told his company’s security officer about how his bank account had been compromised, with someone in western Washington passing bad cheques on his account. The agent forwarded the information to Secret Service agents and police in Seattle. Kopiloff is charged with mail fraud, accessing a protected computer and two counts of aggravated identity theft. Kopiloff did not enter a plea during an appearance in U.S. District Court on Thursday. A detention hearing was set for Monday.

File-sharing security concerns
Each day, computer users inadvertently share hundreds of thousands of sensitive files through such programs, from banking statements and medical records to tax returns and legal documents, according to Robert Boback, chief executive of Tiversa Inc., a Pennsylvania firm that monitors file-sharing. Typically the mistakes occur when a user downloads file-sharing software and accidentally allows it to share all files on a computer, rather than just music files, for example.

“If you are running file-sharing software, you are giving criminals the keys to your computer,” said assistant U.S. attorney Kathryn Warma. “Criminals are getting access to incredibly valuable information.”

When other users might search on Limewire for “Madonna,” a criminal can search for “federal tax return,” or for student financial aid forms or other financial information, Warma said. And instead of getting access to a few hundred files containing Like a Virgin or Papa Don’t Preach, they would get a few hundred files containing tax returns.

Boback showed during a news conference Thursday the searches being conducted on peer-to-peer networks at that moment. As the searches were entered, they scrolled rapidly along the screen of his laptop. Many clearly concerned music files and pornography, but interspersed were scores looking for files that contained terms such as “password” and “medical billing.”

Warning for users
“There are tens of thousands of individuals who make a living doing this,” Boback said.

A Limewire representative could not immediately be reached for comment. At a congressional hearing on July 24 regarding file sharing, the chairman of Lime Wire LLC, Mark Gorton, said the company warns its users about the dangers posed by the software and instructs them on how to use it safely.

“We continue to be frustrated that despite our warnings and precautions, a small fraction of users override the safe default setting that comes with the program and end up inadvertently publishing information that they would prefer to keep private,” Gorton said.

Monday, 5 January 2009

Users of red-hot social networking site Twitter have been warned to look out for a scam that leads to the theft of a user’s login and password details. The scam starts with a direct message appearing in a user’s Twitter account, urging them to check out another site – a scam message such as "hey! check out this funny blog about you..." is pretty common.

Click on the link provided and you’ll be taken to a screen that looks a lot like a Twitter login screen but is actually a trap.

Twitter has now posted a number of blogs on the scam and had one crucial piece of advice for users who are worried about the integrity of their information in this post: "If this has you feeling a bit weirded out, feel free to change your Twitter password."