At last Friday's championship celebration parade, featuring World Series MVP Sean Carter, Yankee fans, apparently lacking confetti, flung documents containing sensitive personal information into the air.

According to Fox 5 New York, "Some of the documents were medical records listing names, addresses, insurance information, medical diagnoses, and other private information. One document was somebody's stock brokerage account, containing financial information."

Sure, it's not technically the Yankees' fault, but when your owner is a convicted felon, disrespect for the law will trickle down to the fans.

Private Documents Tossed on Yankees Parade [Fox 5 New York]
(Photo: frankieleon)

They said he is an account representative for Rent-A-Center and went to the 21-year-old woman's home Oct. 22 to discuss a delinquent account. During the discussion, he turned the conversation into a sexual nature, offering to make her bill go away in exchange for a sex act, police said.

Herron then exposed himself to her while taking her hand and placing on himself. The woman pulled away and Herron completed the sex act upon himself before leaving her home, police said.

In what universe is this a good idea? If the accusations are true, had he tried this same scheme on other women who simply didn't report it to police?

Bill collector accused of demanding sex for debt relief [Detroit Free Press] (Thanks, Adam!)

(Photo: striatic)

Apparently he also had insurance, and the hospital should have sent the bill to his insurer.

"I can't believe that in any country besides the U.S., any civilized country, that the parents of a murdered boy would receive this bill for $29,000 and such an insulting letter," Gerald Hawkins, the victim's father, told ABC 10 in Sacramento, CA.

The bill in question was for "five minutes in [the hospital's] emergency room," says ABC 10, who tried to assess why 5 minutes could cost $29,000.

Scott Seamons with the California Hospital Council said the critical response to Hawkins is what cost the most. He said UC Davis is a Level 1 Trauma Center, which means the best and most expensive doctors were waiting for Scott.

"Whether it was five minutes or 55 minutes doesn't really matter in the initial review and assessment of the patient," he said.

Trauma surgeons, nurses, technicians and more had to treat Scott before they realized they couldn't help, according to Seamons.

"They're all right there," he said. "And those are highly trained, highly specialized and highly paid clinical experts. Clearly in the aftermath, in hindsight, they looked at it and determined there was probably less need for that, but in the first five minutes all of those resources were right there at the side of this patient, and they cost a lot of money."

ABC 10 says that the letter included with the bill instructed the deceased to take his health care needs to a county clinic in the future. The hospital has apologized.

Why was Murdered Sac State Student's ER Bill So High? [News 10]
Slain Sac State Student's Parents Stunned by Hospital Bill, Letter [News 10]

From American Fork's local news website:

The teens started the rap at a faster pace and then repeated at a slower one, causing workers to tell them they were backing up the line and they either needed to order or leave.

Spencer Dauwalder says nobody was in line, and he and his friends left - without ever purchasing anything.

McDonald's didn't find it amusing. In fact, ksl.com says the McDonald's workers "felt threatened" and that bad language was used. They called the police, who tracked the teens down at a volleyball game and cited them.

Don't worry, kids; just keep up the fight, and eventually at your prom this will happen:

"Teens cited for burger ‘rap' in drive-thru" [ksl.com] (Thanks to Nate!)
(Photo: adotjdotsmith)

"Madoff Trustee Advances $534 Million to Customers " [Bloomberg]
(Photo: Todd Huffman)

The ad said she was a buxom blonde who was also a die hard Phillies fan and that the price she'd pay for the tickets was "negotiable."

"I'm the creative type! Maybe we can help each other!" the ad said.

When the cop answered the ad, police say he was offered a variety of sex acts in exchange for the tickets. She has now been arrested.

Phillies fan arrested for sex-for-tickets offer [USAToday]
(Photo:loop_oh)

Prosecutors say Daniel Weston and Mary Ann Parmelee hired two loan modification agents in hopes of keeping their home but believed the men took their money and did nothing.

Each of the alleged torturers are being held on about $1 million bail each.

5 Charged With Torturing Home Loan Agents [KTLA via Fark]
(Photo:austrini)

Here's what happened:

The afternoon of October 8, my 70-year-old mother got a call from American Medical Alarms asking her to check on an elderly neighbor whose alarm had gone off, and who hadn't responded when they tried to contact her.

My mother ran over to the woman's house and heard loud noises coming from inside. She pounded on the door and called the woman's name, and two men carrying knives ran out, jumped a fence, and escaped down an alley. Police and paramedics got there soon afterward, and found the woman inside, beaten and bloody. She was taken to the hospital and is now doing well.

So while things turned out OK in this case, the fact remains that a medical alarm company sent my mother to intervene in a violent home invasion. Of course, they didn't do it intentionally, and I'll grant that it's a reasonable assumption that the alarm was for a medical emergency. The woman is in her 80s and suffers from some serious medical issues. If it were a private party who had called my mother and asked her to check on the woman, I would understand completely.

But this wasn't some well-meaning private party who didn't have time to stop and think about all the possible scenarios. This is a corporation that exists primarily to serve as a middleman between their customers and local emergency services. This is all they do, and their customers pay them a lot of money to provide this questionable service. As such, they should have already considered the possibility that something like this could happen, and have policies in place to prevent it.

I emailed the company several days ago, asking them what their policies are, and what measures they intended to put in place to prevent this sort of thing from happening in the future, but I haven't gotten a response at all.

Update: We asked Lisa whether her mom volunteered to be on the woman's contact list. Lisa wrote back,

My mom wasn't sure why they called her, but it's a pretty safe bet the woman listed my mom with the company as an emergency contact. My mom keeps an eye out for her, and from looking at their FAQs, they do ask for contact information. My mom didn't know anything about it until they called her, though.

(Photo: Paramount Pictures and Greencolander)

First, here's how MoneyGram delicately addresses it:

"While we don't agree with the FTC`s allegations regarding our fraud prevention in the past, we can agree on fraud prevention today and in the future," said Patsley. "We don`t want our customers being victimized by third-party fraud. What we are announcing today with the FTC is our commitment to enhance our already comprehensive efforts to combat fraud and ensure our customers can continue to rely on MoneyGram for safe, reliable money transfer services."

But check out these specific allegations from the FTC's press release, which also came out today (emphasis ours):

The FTC charged that between 2004 and 2008, MoneyGram agents helped fraudulent telemarketers and other con artists who tricked U.S. consumers into wiring more than $84 million within the United States and to Canada – after these consumers were falsely told they had won a lottery, were hired for a secret shopper program, or were guaranteed loans. The $84 million in losses is based on consumer complaints to MoneyGram – actual consumer losses likely are much higher.

The FTC charged that MoneyGram knew that its system was being used to defraud people but did very little about it, and that in some cases its agents in Canada actually participated in these schemes. According to the FTC's complaint, MoneyGram knew, or avoided knowing, that about 131 of its more than 1,200 agents accounted for more than 95 percent of the fraud complaints it received in 2008 regarding money transfers to Canada; a similarly small number of agents was responsible for more than 96 percent of all fraud complaints to the company in 2006.

[...]

According to a recent FTC survey cited in the complaint, at least 79 percent of all MoneyGram transfers of $1,000 or more from the United States to Canada over a four-month period in 2007 were fraud-induced. The Commission's complaint further stated that based on the more than 20,600 fraud complaints MoneyGram itself received, U.S. consumers lost more than $44 million to cross-border money-transfer frauds between 2004 and 2008 alone. When combined with losses reported by U.S. consumers on money transfers within the United States, that number grows to $84 million.

[...]

The FTC's complaint alleges that MoneyGram ignored warnings from law enforcement officials and even its own employees that widespread fraud was being conducted over its network, claiming that proposals to deal with the problem were too costly and were not the company's responsibility. The company even discouraged its employees from enforcing its own fraud prevention policies or taking action against suspicious or corrupt agents. Some employees who raised concerns were disciplined or fired, the FTC charged.

Wow, that sure doesn't sound like MoneyGram gives a hoot about its customers. They say, "Ensuring safe and reliable money transfers for our customers all over the world is at the forefront of all we do." Except for that estimated $84 million, we guess.

"MoneyGram International Reaches Agreement with FTC" [Reuters]
"MoneyGram to Pay $18 Million to Settle FTC Charges That it Allowed its Money Transfer System To Be Used for Fraud" [FTC]

RELATED
"Money Transfers Can Be Risky Business" [FTC]
(Photo: renaissancechambara)

The NYT says:

Mr. Vargas, 35, even posed in front of the property for a photograph that appeared in a real estate journal.

By May 2008, an independent developer agreed to buy Mr. Vargas's share for $4.8 million, giving him a $1 million down payment.

Five months later, New York Road Runners, the nonprofit organizer of the New York City Marathon, signed a contract to buy the same 60 percent share for $8.5 million.

The property, it turned out, was not Mr. Vargas's to sell, prosecutors said on Wednesday. In fact, he owned no part of it, and Mr. Duran was the sole owner, Robert M. Morgenthau, the Manhattan district attorney, said at a news conference in his office.

Mr. Vargas apparently forged paperwork to make it look like he owned a stake in the building — using information he obtained while posing as a potential buyer.

The Road Runners never paid Mr. Vargas any money, says the NYT, but prosecutors says that they wasted $300,000 in attorney and consultant fees. The guy who gave him a million bucks... well: Ouch, ouch, ouch.

Man Charged in Scheme to Sell Harlem Property [NYT]
Landlord's Son Busted for Trying to Sell Building He Didn't Own [Gothamist]
(Photo:DCvision2006)

According to GazetteOnline, a 22-year-old woman was arrested last Friday in a mall in Lake Grove, New York, for trying to sell a teenager a magic stone and some miraculous body wash for $1,250. The woman had approached the teen a few days before at the mall and offered to read her fortune for $25, which she then upsold to a $100 "in depth" reading. Two days later, she met up with the teen again to warn her that she was cursed and should buy the stone and body wash. The teen paid $600 for the objects and agreed to come back in two days time with the remaining $650.

Instead, the teen went to the police, who arrested the woman and charged her with fraudulent accosting, fortune telling, and attempted grand larceny. Which is weird, because we're fairly sure Axe Shower Kits—which sell for nearly the same amount—use pretty much the same argument to convince teenage boys to hand over their money.

We bet you're wondering what we wondered: holy frak, you can get arrested for pretending to accost someone when you have no intention of following through on it?!! Does that mean you can get arrested for bailing on a handshake and saying "Psyche!"? But no, that's not what it means in New York Penal Law:

A person is guilty of fraudulent accosting when he accosts a person in a public place with intent to defraud him of money or other property by means of a trick, swindle or confidence game.

"Woman at NY mall charged in curse scam; Offered to get rid of it for $1,250" [GazetteOnline] (Thanks to David!)
(Photo: twid)

Somehow, this feat was pulled off in Florida back in July. True, Walmart greeters are no substitute for actual security measures, but a combination of social engineering and inside knowledge was behind the success of this heist. Police have been unable to identify the culprit(s) despite having the entire incident on surveillance video.

A criminal dressed as a Walmart supervisor, complete with badge, had the proper combinations to open office doors and the store's safe, but no store employees admit recognizing the man.

After closing the safe, the burglar carried boxes outside the office and loaded them into his shopping cart. Then he headed for the store exit.

However, a Walmart greeter briefly stopped the cash-rich thief at the door and asked to see his sales receipt.

"The man continued to walk out the store," the report states. "Upon insisting to see his receipt, the man held up his name badge that said assistant manager and 10 years of service on it."

The greeter let him pass.

Does this mean that Walmart managers can walk out of the front door with boxes of whatever they can carry and no consequences? That doesn't seem right, either.

Who stole more than $200,000 at Walmart? [Orlando Sentinel]

(Photo: Brave New Films)

From Fox Miami:

The gunman, who remains at large, ambushed several employees as they stepped out of the Taco Bell at 630 NE 79th St. at closing time, at about 3:30 a.m., Tuesday.

One of the employees took a bullet in the leg. It's still in there and she has to use crutches to get around.

"I couldn't believe it because I'm never rude to any of my customers, I never get any complaints," she told FOX. "The most I get is compliments and something like that, but when it happened I'm like, oh, my God, I couldn't believe it."

Police say the gunfire was prompted because the restaurant was closed and the man wanted food:

[The employee] took the bullet, according to Miami Police, because some guy was upset the store had closed and he could not buy any food.

She feels lucky to be alive and hopes to see luck run out for her assailant. "For you to do what you did, it was very unnecessary," Bouie said, addressing the shooter, "and I have a child. I didn't do anything or say anything wrong to you, and even if I did, that doesn't give you reason to shoot or to fire your gun at anybody, and I hope you get caught for what you did."

They're still looking for the guy, so if you know anything: call Miami-Dade Crime Stoppers at 305-471-TIPS.

Taco Bell cashier speaks out after disgruntled customer shoots her [FOX7]

According to the FBI, the U.S.-Egypt phishing operation collected personal information from thousands of victims and used that information to defraud U.S. banks. Hackers based in Egypt allegedly captured banking information and other personal details, then supplied that information to associates in the U.S. who then withdrew funds using the stolen credentials and wired back a portion of the proceeds to Egypt.

Information Week notes that "all 53 defendants in the U.S. face charges of conspiracy to commit bank fraud and wire fraud, which carry a maximum sentence of 20 years in prison."

"One Hundred Phishers Charged In Largest Cybercrime Case" [Information Week]
(Photo: adobemac)

I get messages all the time over Xbox Live from people engaging in phishing scams. Thus far, I've been very annoyed because Microsoft seems completely unconcerned about it and their customer service has been very poor. I think of the people who fall for these scams and wonder why doesn't Microsoft do more.

I spoke with a customer service rep and asked about the phishing scams, and he said to file a complaint on the person in-game, which had absolutely nothing to do with phishing. He suggested I select the option to report them for cheating in-game—does that make sense? I remarked how this was confusing and that there was no option to report phishing and he said that in the next update this fall, the option would be there. I'm pretty certain he was lying. He did say, though, that it was very hard to get an account back once it was stolen, something I don't doubt he was being honest about.

Now today [October 4th, 2009], I got two messages from two different users, which are apparently audio clips of some little kid offering cheats and asking you to send a message back (during which he'll ask for your account info and steal your account). It was strange because I got identical audio from two different accounts, meaning either that these phishers are very sophisticated or that there are a lot more phishers out there than I previously realized, because there's this default phishing audio being spread around and re-used.

In the same time frame, I got another message from a different user with the same type of scam.

Frustrated with all the fraud going on, I called Xbox Live again to complain, to see if I could find some kind of fraud department, because I don't think they take these things seriously. I was a bit belligerent (but respectful) with the customer service rep., but who can blame me? Again, she told me pretty much the same nonsense the guy before told me and more. Like he said, this woman told me the same: File a complaint on their gamertag (that's their username in-game), go to the Xbox forums (where there's no real support — just other gamers like me), and so on. She then said something even more ridiculous: She suggested that I make several accounts with Xbox and use all of them to file a complaint on the same person. As with the other gentleman's remarks, I pointed how this was against the rules. It's gaming the system. She said it wasn't. I asked her why I should need several usernames to file a complaint and I told her I only pay for one account and that what she said didn't make sense. It seemed like gaming the system. I asked if she was being honest with me, because she really didn't seem like she was being honest because of how absurd it was. And then she hung up on me. Oh well.

How can Xbox not be concerned with all the fraud that goes on over their service? I've been thinking of calling Xbox Live and recording the phone conversation, then uploading it to Youtube. If I don't do it, somebody else will... Heck, even you guys over at Consumerist ought to do it because the customer service reps. seem to say the most ridiculous things. They know how the system is being manipulated and instead of fixing it, they are telling other people to just manipulate it too.

If you look on the Xbox forums, you'll see lots and lots of people complaining about "hacked" accounts and lack of support from Microsoft. Many of them either can't afford a lawyer or don't know they need one. So, many people apparently just pay for NEW ACCOUNTS on Xbox and Microsoft seems to be profiting from this phishing, which is... of course... the reason why they ignore it. Why stop people from scamming if it helps the bottom line?

(Photo: AdrianDC)

The Iowa City Press Citizen reports, "Weiss was charged with fourth-degree theft. She was taken to the Johnson County Jail, posted a cash bond and was released an hour later." She then promptly signed up for Netflix, we hope.

"Woman arrested for 1998 video tape thefts" [Press-Citizen] (Thanks to Bruce!)
(Photo: mecredis)

That sounds like something that would happen in Florida, not Canada. Oh wait, here's a more Canadian-sounding bit from the Winnipeg Free Press article:

"I'm very angry," Rose said Saturday afternoon, fiddling with napkins in his hands and trying to hold back tears. "I went to a dance later that night and I didn't even enjoy myself."

"Service with a... shove" [Winnipeg Free Press] (Thanks to Bicycle Man!)
(Photo: chego101)

WBEZ Chicago interviewed someone whose car was impounded in a case of mistaken identity:

JARRETT: I come down, half of the Chicago Police department got the whole sidewalk blocked off.

The police wanted to know about her car. She was talking to the cops in the blue shirts when a commanding officer joined the conversation.

JARRETT: The white shirt got out. He said this car has an "APB" out on it. I said an "APB" for what. He said to seize the car and seize all occupants.

The car was taken and Jarrett says she spent about 26 hours in jail for what was essentially a case of mistaken identity. The detective who had put out the APB came to interview her.

JARRETT: She looked at me, she said you're not who I'm looking for. I said I know I'm not who you lookin for. I said, "who are you looking for?" She said, "your sister Sharrice Jarrett."

Jarrett says her sister is a drug addict who often uses her name when she's picked up by the police. Once that was figured out, Jarrett was released but she still had to get her car. She thought it was a simple mix-up that could be sorted out easily. She went to the impound lot and talked to an officer in the trailer by the gate and asked him for a hearing.

JARRETT: He said okay, I'll give you a hearing. So I'm thinking he fenna go get a judge. Somebody with some authority. He asked me, your name Vivian Jarrett...

PETERS: They're not hearings. You can call up and say you have my car and you should never have taken my car and I really shouldn't have to pay you any money for my car and by the way I have 25 witnesses including my priest and my husband's rabbi, it makes no difference who the witnesses are. You always lose.

From personal experience, I know that this can also happen if someone steals your car. After it's recovered — it can still mysteriously wind up in the impound.

Vivian Jarrett did eventually get her car back though it took almost two months and at $35 a day the storage fees added up quickly.

JARRETT: I got to pay you $2000 dollars for something that's legally mine and I broke no laws. That's crazy.

No, that's Chicago.

Lawsuit Critical of Chicago Police Car Impound Practices [WBEZ]

Her county has the unfortunate distinction of being the fifth-largest producer of meth in Indiana, despite being the 12-smallest county in the state, which may help explain the law enforcement overkill to some degree.

The Tribune-Star notes that pharmacies in the area post a "Meth Watch" sign "alerting customers that their purchases of drugs containing ephedrine and pseudoephedrine are being monitored," but we're not sure whether Harpold paid attention or knew about the 7-day limit.

Harpold said she did go talk to the prosecutor about the situation, and Alexander offered her the deferral program, in which Harpold is required to pay the court costs, abide by all laws and not be arrested for 30 days. At the end of 30 days, the class-C misdemeanor will be erased from her record.

We do think it would be nice if pharmacies pharmacists made that explicitly clear upon purchase—"This medicine contains pseudoephedrine, and it uses 75% of your weekly allotment of the drug. If you buy anything else with pseudoephedrine in it within the next 7 days, make sure it doesn't have more than n grams." Yeah, that probably sounds like overkill, but with such a severe law on the books it might be wise to keep the public as informed as possible and actually teach them what to watch out for.

Of course, it's also a perfect example of why you should take the time to read any "it's the law!" warnings around your pharmacy, considering the weird locked-down state of many OTC drugs these days.

"Wabash Valley woman didn't realize second cold medicine purchase violated drug laws" [TribStar] (Thanks to Warren!)
(Photo: JOPHIELsmiles)

"Infamous Domino's location closes doors" [Charlotte Observer] (Thanks to Timothy!)

The incident began when a gun-toting Gibson confronted the Marine, Lance Cpl. Richard Grimes, and demanded that Grimes drive him to a nearby ATM and withdraw some money. Grimes instead checked his balance, and told Gibson he didn't have enough money in his account to do a withdrawal. That's when Gibson's stomach apparently began to rumble. As reported by WTOC in Savannah:

"He started freaking out and demanded that I take him to McDonalds to get food," said Grimes. "I took him through the drive through and ordered him a Big Mac, fries, and a Hi-C drink and then I drove up to the next window."

Grimes mouthed "911" to the drive-through attendant, and the assistant manager recognized Gibson as a guy who "usually comes in the restaurant and causes problems for us." McDonald's staff told Grimes and Gibson to pull up to the next window and wait for their order. Instead of getting a burger and fries, Gibson was greeted by police, who arrived within three minutes. Grimes credits the McDonald's staff with saving his life. "If it weren't for them, I'd probably be dead right now," he told reporters.

We're thrilled for Grimes, and have no sympathy for Gibson. But we can't help wondering about two things. First, what ever happened to the meal Gibson ordered? Grimes paid for it, afterall. And second, Hi-C? What's that all about?

McDonald's employees help save a Beaufort Marine's life [WTOC]

The two men, who were scheduled to appear in court today, told investors that they would be paid out from the fees on ATMs installed in retail spots nationwide. "The phantom revenue came from new investors," said Joseph Demarest of the FBI. "The scheme itself, until discovered, was one giant cash machine."

Investors apparently started getting suspicious when they began looking for ATMs, and couldn't find them. According to Bloomberg, prosecutors said that, "when one investor couldn't find an ATM he purportedly owned in Florida, Moore told him it had been moved."

Of course, if Moore was sharp, he could have just told the investor that the ATM had to be moved because, say, a mouse had built its nest there. Then again, we wouldn't believe that one either.

U.S. Accuses Two Men of $80 Million ATM Ponzi Scheme [Bloomberg]

(Photo: me and the sysop)

Brendan sent this to us back in August right after we posted about Ameriprise's 5-month-long security hole that they wouldn't fix, despite repeated warnings from a security expert. (When a news organization contacted them to confirm the exploit, they fixed it within 2 hours.) Brendan decided to bring it up among the members of his Ameriprise consumer advisory panel—the one place where you might think discussions about things like reputation, trust, and reliability would be encouraged.

Up until yesterday, I was a member of Ameriprise's 600 member consumer advisory panel, which is a private forum administered by Communispace. Since most of the forum members are Ameriprise clients, I posted a link to the above article, and to the Register article it references.

That prompted the following e-mail from my "Financial Connection Facilitator":

Hi Brendan,

This morning we noticed that you posted a discussion titled "Ameriprise Web Site Riddled with Security Vulnerabilities for at Least Five Months!?"

The main purpose of this community is to serve as "consumer consultants' by sharing your perspectives and opinions with us and each other on your finances. While we encourage you to discuss whatever topics are important to you, we just ask that you keep in mind that the 600 of you represent a diverse group, and we are interested in hearing all perspectives on a given topic – even the unpopular ones.

That said, we are uncomfortable with the discussion you started. As per our member agreement, we reserve the right to remove any content from the Web Site for any reason or no reason and have removed your discussion.

Please continue to be considerate of all opinions, and recognize that not everyone will necessarily share your perspective.

If you have any questions, please feel free to contact me by email.

We appreciate your understanding and assistance.

Best,
Sandra

Brendan responded angrily,

Wow, Sandra.

So much for a free and open exchange of ideas.

What does our diversity have to do with it? Are you saying that we are such a diverse group that some members will not be interested in knowing that Ameriprise jeopardized their sensitive financial data?

Your wording implies that I was somehow out of line or off on some weird tangent. Name just one member out the 600 in our little group who would not share my perspective and completely agree with me that Ameriprise has done wrong. The company was clearly asleep at the wheel with regards to the security of customer information, spent five months ignoring a security expert who tried repeatedly to bring the problem to their attention, and then had the nerve claim that the problem was no big deal.

Instead of pretending that I have said or done something inappropriate, and instead of pretending that the other members of our community would somehow be offended or not appreciate knowing about this very valid security concern, why don't you just be honest: Ameriprise signs your paycheck, so you are going to suppress any discussion of this outrageous failing on the part of Ameriprise.

Sincerely,
Brendan

And with that, Sandra deleted Brendan's account.

Obviously you have a sick fetish, Brendan, where you're obsessed with things like trust and security when it comes to your finances. Gross! "Stay away from our beloved customers!" cries Ameriprise in pain. We hope you've looked for, and found, a better match for your higher standards.

RELATED
"Ameriprise Website Riddled With Security Vulnerabilities For At Least Five Months"
(Photo: calmdownlove)

If you didn't visit nytimes.com over the weekend, here's what happened: the paper reported on Monday that they'd essentially been tricked, by someone who knew how to game their oversight policies, into displaying malicious ads to some users who visited the site.

The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.

Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. "In the future, we will not allow any advertiser to use unfamiliar third-party vendors," she said.

Security consultant Dancho Danchev thinks that a particular, sophisticated crime group was behind the ad, which happens to be the same group that Microsoft filed 5 lawsuits against in Seattle's King County Superior Court earlier this week.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

[...]

Click Forensics, a company that tracks click fraud, on Thursday said that it had discovered a 200,000 computer botnet — a group of compromised computers harnessed to work in unison — linked to the Microsoft lawsuits. In a blog post, Steve O'Brien, VP of sales and marketing at Click Forensics called it "one of the most advanced sources of click fraud we've seen."

The botnet, known as the "Bahama botnet" because it at one time directed online traffic through computers in the Bahamas, is believed to be linked to the malicious advertising that appeared on the New York Times Web site several days ago, according to O'Brien.

Although O'Brien suggests that the cyber crime group believed to be responsible is located in Ukraine, Richard Boscovich, senior attorney at Microsoft for Internet safety enforcement, said in a phone interview that it's not clear where the people responsible are located.

"Microsoft Files Five Lawsuits To Halt Malicious Advertising" [InformationWeek]
"Times Web Ads Show Security Breach" [New York Times]

That evening, Krop spent hours watching the screen, taking screenshots and video captures as the other man wrote IMs, visited Facebook, and downloaded porn. He was eventually able to ID the user after he started a video chat and Krop was able to see his face. After calling the police, Krop got both of his laptops back the next morning. The porn fan had no regrets. "I didn't care whether it was stolen," he said. "I buy stolen stuff all the time. I don't care... If I can save $600, I'll do it." No word on what Krop did with the screengrabs he took, or the files that had been downloaded to the laptop the previous evening.

An Amazing Laptop Recovery Story [PC World]

"Sold! Bernie Madoff Beach House Goes to Contract at $8.75 Mil +" [ABC News] (Thanks to Natalia!)

Unfortunately for you but luckily for your would-be customers, Johnny law does not approve of such tactics. The News-Herald of Panama City, Fla. reports:

Springfield police say that on Sept. 9 Kennedy Cao, 33, interrupted the Springfield Cable service to Myrtle Danley, a Springfield Cable customer and the mother of Commissioner Carl Curti. Danley stalled Cao long enough for Springfield police to arrive, and after Cao confessed to interrupting the service he was arrested and charged with unauthorized tampering with communications services, according to documents released by the Springfield Police Department.

Danley and dozens of other Springfield Cable customers, including Mayor Robert Walker, have had their service disconnected by contractors working for Comcast for the past several weeks, said Springfield Police Chief Phillip Thorne. One customer had her Springfield Cable service cut off four separate times, he added.

So remember, Comcast contractors, win over prospective customers not by tricky, criminal shenanigans, but by preaching about how great Comcast is. Oh, wait...

Comcast, Springfield Cable disagreement leads to arrest [News-Herald]
(Photo: dmuth) (Thanks, Peter!)

The Seattle Times reports that the (tall) Federal agents had shown identity theft victim Michelle McCambridge a surveillance photo of the woman who stole her identity. Michelle didn't recognize the lady then, but she sure did when the lady came up to the counter where Michelle worked at JC Penney and tried to sign up for a credit card.

Michelle stepped away and made sure the manager got an image of the lady and reported it to law enforcement. Because of her cool thinking, she helped law enforcement apprehend the woman and four others who were part of an id theft ring that had defrauded at least 39 people.

The key in cracking the case, authorities say, was that Michelle and other victims got active in their cases and contacted the stores to make sure they saved their security tapes.

That doesn't happen very often, [Agent Velling] said. Usually, people just file a police report, cancel their accounts, and the cases languish for lack of evidence and resources.

"Identity-theft crimes are some of the most difficult criminal cases to investigate," Velling said.

Identity-theft victim meets her identity thief [The Seattle Times] (Photo: XISMZERO)

"Man gets busted by police installing 'skimming' device to ATM" [LiveLeak] (Thanks to Weary!)

We trust that the always mature readers of Consumerist will find nothing amusing about this situation whatsoever.

Shoplifter hides three pounds of bacon in his pants [Northwest Florida Daily News]

(Photo: Mykl Roventine)

The victim called Palm Bay police after the $399 laptop she ordered failed to be delivered. The woman first notified Federal Express officials and had the packaged traced. Fed Ex officials told the woman that [Norman] Taylor, who lives in area, signed and accepted the package while she was away.

Police talked to Taylor, who admitted to signing for the item. Police said the delivery box, ripped open and with the label missing, was found in Taylor's apartment.

Funny, isn't it, how a FedEx investigation can lead right to the person who lives near the recipient and signed his name on the little computer. Whatever happened to signing it as John Smith or Ben Dover? That might have delayed them long enough to throw the box away. Sigh, these criminals today.

Police: Man signs for package, pawns contents [Florida Today]

(Photo: frankieleon)

A couple in San Diego were arrested yesterday and accused of selling stolen gift card passes to Disneyland, Legoland, SeaWorld, and Universal Studios. Like other gift cards, they have to be activated first in order to work, so they were completely useless to victims who fell for the scam.

"Two accused of selling phony gift cards online" [SignOnSanDiego] (Thanks to Erik!)
(Photo: tracy the astonishing)

"Hacker in US payment card theft case pleads guilty" [Reuters]
(Photo: Brymo)

Local newspaper the Chronicle-Telegram talked to the store manager:

"Desperate people do desperate things," said Tracy Holmes, the store's manager. "At 6 o'clock in the morning when I got here, we had no doors at all."

The newspaper put together a YouTube video about the incident:

The thief remains at large. Consumerist recommends that if you want a sex toy that badly and can't afford it, you should save up your money rather than break into a store with your vehicle.

Man smashes car into store to get sex toy [Chronicle-Telegram]
(Photo: phototaker)
(Thanks, David!)

Barry, who is 52, was charged with securities fraud yesterday morning. He's been accused of bilking "hundreds of investors, including many retirees, out of $40 million in what prosecutors called a 'classic Ponzi scheme' dating to the 1970s."

From the New York Times:

Mr. Barry ran a group of small companies, known collectively as the Leverage Group, out of a small storefront office in Bay Ridge, where he grew up and where he still lives, and earned the trust of investors through his local ties and unassuming nature, his clients told investigators.

He eventually collected the $40 million from 800 investors by promising consistent returns of 12 percent or higher from stock options, according to the criminal complaint. Mr. Barry generated quarterly statements detailing fictitious trades and account balances, and promised investors they could withdraw money from their accounts whenever they chose, the complaint said.

In a separate case, the Securities and Exchange Commission filed civil fraud charges against Mr. Barry on Tuesday, echoing the criminal complaint and adding the contention that Mr. Barry had funneled investors' money into a mail-order pornography business.

At some point, Barry stopped using the incoming funds to invest, and instead funneled the cash into real estate purchases and his porno venture. The NYT adds, "It was unknown whether the pornography business turned a profit." His scheme continued for 30 years, and he seems to have only been uncovered after 2007 when the number of people asking for their money back outgrew the funds he had on hand.

The maximum sentence he can expect, if he's found guilty, is 20 years.

If you're shopping around for a money manager, remember these 5 tips on how to avoid falling into a Ponzi scheme.

"Man Accused of Running Ponzi Scheme in Brooklyn " [New York Times]
"SEC busts Brooklyn money manager in $40M porno Ponzi scheme" [Investment News]
(Photo: swimparallel)

WTEN says:

They say the group ran 470 feet of extension cord across a four lane highway and through a Home Depot parking lot to power an electric drill they planned to use to remove the sign early Sunday morning.

The group was stopped when the restaurant's alarm went off, but officers say they planned to make their getaway with the sign in an SUV.

The AP adds that the sign is valued at $8,000 but neglect to mention how they arrived at that figure.

Cops: four jailed after they try to steal sign from Chili's restaurant [wten]
(Photo: wten)

From MyFoxBoston:

Police said they encountered Brown shortly after and the dog, smelling the meat, immediately approached Brown.

Police say they found nearly $68 worth of meat stuffed in Brown's pants.

Brown has been charged with receiving stolen property worth less than $250 and disorderly conduct.

The man has pleaded not guilty.

Cops: Stolen meat in
man's pants [MyFoxBoston] (Thanks, SteveDave!)
(Photo:yarnzombie)

An argument ensued, after which the employees attacked and began beating the woman. She later died from her injuries.

From the AFP:

They started to hit her because she didn't do what they said," the paper quoted her husband Chen Baolin as saying.
"I got there and tried to stop them but they kept beating her."

Walmart confirmed that the attackers were Walmart security associates and offered their condolences. They say they are cooperating with "the relevant authorities."

2 China Wal-Mart workers arrested after death [Yahoo!]
Woman beaten to death at China Wal-Mart: police [Google] (Thanks, G!)
(Photo:largeheartedboy)

Two of the culprits got 10 year sentences for crimes including racketeering and identity theft and a third is awaiting sentencing.

[The thieves] used a computer in [one of the thieves] apartment to load credit card numbers stolen from Taco Bell patrons and gym members onto old credit cards, which were then used at Wal-Mart, K-Mart, Toys-R-Us and other retailers.

Police said all three "skimmed" credit card numbers from cards stolen out of locked and unlocked gym lockers.

Something to keep in mind when you're deciding what to bring to the gym, we suppose.

3 convicted in ID theft ring targeting Taco Bell, gym patrons [Colorado Springs Gazette]
(Photo:Synaesthesia)

The story had a security guard on duty after a previous robbery, but the thieves claimed to be armed. We certainly wish them luck trying to get a SIM installed in those demo iPhones, though.

Jersey Thugs Clear Apple Store in Seconds [PC World]
Smash and grab theft at Apple Store [ABC 6]
Thieves Clean Out an Apple Store in 31 Seconds [YouTube]