Category Archives: Crime & Fraud

Young Living Sentenced For Harvesting Essential Oils From Endangered Plants

Essential oils come from exotic plants all over the world, but do the companies selling these oils have the proper permits to import and sell the products made from them? The company Young Living has been sentenced for importing rosewood oil and spikenard oil without permission, and must pay $760,000 for importing the products without permits.

“Protected species of plants”

The U.S. Department of Justice announced this week that Young Living, a company that sells essential oils through multi-level marketing, must pay a fine to the government of $500,000, restitution of $135,000, and a donation of $125,000 “for the protected species of plants used in essential oils.” The company’s plea agreement says that some of its employees and contractors harvested 86 tons of rosewood in Peru between 2010 and 2014, distilling 1,899.75 liters of oil from the wood. That rosewood oil was worth between $3.5 million and $9 million. The harvesting of the trees and importing of the oil were both illegal under the federal Lacey Act. The company turned itself in after conducting its own investigation of the rosewood imports, sending a written statement to the federal government about its possible violations of the law in importing that rosewood oil. Young Living’s investigation found that in addition to the rosewood operation, another group of employees had imported oil from spikenard (a flowering plant related to valerian) that originally came from Nepal. The company had acquired the spikenard oil from the United Kingdom, but the supplier exporting the oil didn’t have a permit under the Convention on International Trade in Endangered Species to export it from Nepal or from the UK. The oil was found to be unacceptable and shipped back, but that was yet another incident related to endangered plants uncovered during the company’s investigation of the rosewood incident.

“The acceptance of responsibility”

Federal law enforcement officials praised the company for investigating itself and coming forward voluntarily. “While the natural resource violations by certain employees of Young Living were intentional and substantial, the Company’s decision to conduct an internal investigation, voluntarily disclose the initial violations to government enforcement authorities, and cooperate throughout the ensuing investigation is to be commended,” U.S. Attorney for the District of Utah John W. Huber said in a statement. “This sentence reflects both the seriousness of the offenses and the acceptance of responsibility and cooperation by the Company.”

What’s the Lacey Act, anyway?

You may remember the Lacey Act from a piece of news about Lumber Liquidators case a few years ago, where the company pleaded guilty to importing hardwoods that weren’t themselves endangered, but came from forests where endangered species of leopard and tiger live. The law originally only applied to animals and was meant to keep Americans from hunting or transporting live animals across state lines. This protected over-hunted game animals from being transported and sold by commercial hunters, and also helped keep people from transporting live animals to another area where they might lack natural predators and become an invasive species. A controversial 2008 amendment changed the law so that it now applies to importing plants, including trees, that are illegal to harvest in their country of origin without a permit.

Mysterious Cash-Flusher In Switzerland Remains At Large

Why would someone need to dispose of a huge amount of cash — tens of thousands of euros — very quickly? That’s what authorities in Geneva, Switzerland, want to know, after finding wads of foreign cash clogging toilets at a bank and at restaurants around the city. The euro is a useful currency for stashing huge amounts of ill-gotten money, since its largest note is worth almost $600. The U.S. dollar now tops out at the $100 bill. Yet who flushed the cash, and why did they do it? The first notes were discovered in a toilet near the safety-deposit box department at a Geneva branch of UBS. It’s possible that someone may have kept a large amount of cash in one of the boxes and disposed of it after retrieving it. The mystery deepened a few days later, when restaurants in Geneva found that their toilets were clogged with cut-up cash as well. Police say that someone tried to cut the bills up before flushing them, but why were they destroying so much cash in the first place? We may never know. It’s worth noting that it’s not technically a crime to destroy banknotes in Switzerland. Still, the bill-flusher’s behavior indicates that he or she was trying to hide some other activity from authorities.

After Hack, Registry-Cleaning App CCleaner Infected Users With Malware

When you download an app meant to clean your computer, you assume that it’s supposed to remove junk from your machine, not add more. Yet for about a month, downloads of the popular program CCleaner came with a free bonus dose of malware, installed on millions of PCs around the world.

Clean up some crap, add some crap

CCleaner is a shortened and cleaned-up name; the program was once better known as “Crap Cleaner.” The security software company Avast recently acquired the company that created it, Piriform. It helps speed up systems, remove temporary files, and delete programs while actually fully removing them from one’s system. It’s a free app with paid upgrades that unlock more features, and has been downloaded billions of times. The compromised version of the program was distributed between Aug. 15, 2017 and Sept. 11, 2017. It was part of the Windows and cloud versions of CCleaner, distributed as version 5.33.6162. Yes, the malware installer piggybacked on the official versions of the app. Since the compromised program came with a genuine Norton signature and was on the company’s servers, the investigation shows that baddies probably gained access to the company’s systems either by posing as one of its developers or using a developer’s login to add the extra malware to the program.

So what should I do?

Piriform pushed a malware-free version of the program to users, and you should make sure that you’ve updated your copy to the latest version if you’re a CCleaner user. The good news is that the malware was two-stage, and the malicious program hadn’t been installed on target computers… yet. Piriform and other experts believe that the end game here was probably to stage a future botnet attack on an outside target, turning your PC into part of a zombie army attacking… someone. If you want the super-technical details of how the malware worked and how this happened, read up at Cisco Talos, the research group that discovered the mostly-hidden malware, and Piriform’s news site.

Payless Won’t Accept A Gift Card I Bought Online. Is It Because Of Their Bankruptcy?

Is Payless ShoeSource trying to recover from bankruptcy by discouraging customers from ever redeeming their gift cards? A Consumerist reader bought a discounted gift card from a card exchange site, then was annoyed when his local Payless store wouldn’t accept it. The retailer says that it accepts virtual gift cards in its stores, but only from certain vendors, and only after taking very specific anti-fraud measures.

So, you want to buy and sell gift cards online

Reader Steve contacted Consumerist about his issue with a gift card for Payless ShoeSource that he bought from a marketplace. He believed that Payless was up to some trickery and refusing to accept gift cards that customers had bought in good faith. We found that wasn’t the case, but ruling that out means doing some research before you buy discounted gift cards online. Before we get into Steve’s story, it’s important to understand gift card exchange sites and how they work. Ostensibly, these sites exist so people with gift cards they don’t want can exchange them for either cash or a card that they do want. Would you rather have a $25 Outback Steakhouse card that you’ll never use because you’re a vegan, or twenty bucks in your PayPal account? However, they can also be used to sell gift cards that have either been stolen the old-fashioned way, or that scam victims have used as currency. There’s a reason why iTunes and Amazon gift cards are popular forms of currency for paying scammers: There’s always a market for them, and they can be resold quickly. Marketplaces can also be used to sell gift cards obtained from shoplifting. In this scam, people steal from brick-and-mortar retailers, then return the goods for gift cards and re-sell those gift cards for cash. They might sell those cards online, including in online marketplaces. From some sites, you can buy just a code instead of a physical card. That means the gift credit can change hands instantly, without having to wait for a card to be mailed. The buyer can turn around and spend this code on a retailer’s website, and some retailers accept them from some gift card marketplaces as payment in stores. It’s those limitations that are important for Steve’s story, since a gift card marketplace site sold him a gift card code that the retailer isn’t willing to accept.

Pay even less

Steve bought a gift card code worth $31 from ABC Gift Cards, a site that he says that he normally trusts. He brought this code over to a physical Payless store, but they wouldn’t accept it, since the chain’s policy is that it only accepts virtual gift cards from the sites Raise and Gift Card Mall, and customers have to meet strict requirements. He was told that he would have to print out the virtual gift card and hand this copy over to the store, and the store would write down his driver’s license number and keep it with the printout. Steve thought that this sounded excessive, and speculated that Payless was trying to weasel out of accepting pre-bankruptcy gift cards. “This bulls–t policy makes a lot of sense since Payless is bankrupt and every gift card they refuse to honor is more money they get to keep,” he emailed to Consumerist. Unlike some retailers, Payless accepted gift cards all through its Chapter 11 bankruptcy, and at store liquidation sales. Now that it has emerged from bankruptcy, the company plans to accept its old gift cards indefinitely. Steve’s hypothesis would be true in some retail bankruptcies, but not this one. We checked with Payless about using gift card codes purchased from third-party sites. A company spokeswoman confirmed that yes, it only accepts cards from Raise and from Gift Card Mall, and yes, it requires a printout of the virtual gift card.

The code wasn’t useless after all

We learned that Steve could have used the code on the Payless website as long as the seller provided the PIN used for online purchases. However, that wouldn’t have been helpful if he needed the shoes right then and couldn’t wait for them to be shipped, or if he were shopping a liquidation sale at a local store. The transaction worked out okay for Steve. He received a refund from ABC Gift Cards when he reported that he had trouble spending the gift card. He most likely could have used the code online with no problems, but he didn’t know that at the time. Consumerist checked with ABC Gift Cards to ask about how it markets cards for retailers that don’t accept them, but haven’t yet received a response. We will update this post if we do.

Motel 6 Admits Some Locations Were Sharing Lists Of Guests With Immigration Officers On Daily Basis

When you check into a hotel and provide a photo ID, your expectation is that the hotel will be holding this info for its records in case you mess up the room or try to skip out on your bill. What you don’t expect is that the hotel management is taking its daily guest logs and turning them over to federal immigration officials. Earlier this week, an article in the Phoenix New Times pointed to a recent pattern of frequent arrests by Immigrations and Customs Enforcement (ICE) officers at two Motel 6 locations in the Phoenix area. Records showed that ICE was showing up at these two Motel 6 addresses at a rate of about once every two weeks, while New Times reporters couldn’t find any evidence of ICE making arrests at any other area hotels during the same time period. Warrants granted for these arrests only stated that the officers were “following a lead,” though these were leads with incredibly specific information about the allegedly illegal aliens staying at the hotel. It appeared to those concerned that someone at the hotels was the source of the information being provided to ICE. In fact, Motel 6 staff confirmed to the New Times that they weren’t just calling ICE when they suspected that a guest was in the country illegally. They were giving daily reports of all guests to the officers. “We send a report every morning to ICE — all the names of everybody that comes in,” a front-desk clerk admitted to the New Times. “Every morning at about 5 o’clock, we do the audit and we push a button and it sends it to ICE.” Unlike some Motel 6 locations that are owned by franchisees, the two Phoenix hotels involved in this story are corporate-owned, but in a statement released after the story broke, the company still contends that the decision to voluntarily turn over all guest records to ICE was made at the local level and without knowledge of Motel 6 HQ. “When we became aware of it, it was discontinued,” says the hotel chain, which is promising to make sure that all 1,400 of its locations now understand that “they are prohibited from voluntarily providing daily guest lists to ICE.”

Let’s Not Forget That Equifax Hackers Also Stole 200K Credit Card Numbers

We’re constantly learning new things about the massive Equifax data breach, including its actual cause, that it affected people all over the world, and that the Federal Trade Commission is investigating. Let’s back up, though, and remember something important: Along with the millions of Social Security and driver’s license numbers, 200,000 customer credit card numbers were taken too. Krebs on Security obtained a confidential alert that Visa and MasterCard sent to financial institutions, and the alert is pretty specific. Fraud alerts that go out to banks and other financial institutions after a payment data breach usually have incomplete information and can’t name specific customers, but for cards that the Equifax hackers took, the networks had more detail than that. The credit card networks know which customers’ cards were breached and shared that information with banks. They also were able to confirm the source that the numbers were taken from, Equifax. It’s easy to skip over a mere 200,000 credit card numbers when the ingredients to commit identity theft on half of all American adults were also taken. However, the hackers were able to obtain card numbers and expiration dates as well as users’ names, which is enough information to create a magnetic stripe cloned card or place fraudulent orders from some websites. Equifax estimates that the hackers downloaded the credit card data sometime in mid-May of 2017, and the company didn’t discover the breach until the end of July 2017.

If Someone Calls You From Equifax To Verify Your Account, It’s A Scam

Now that Equifax is part of the mass public consciousness for failing to secure sensitive financial and personal information for about half of the adult U.S. population, soulless scammers are trying to prey on this heightened awareness by blasting out fake calls to people, asking them to verify their account information. This morning, the Federal Trade Commission — which is currently investigating the data breach — posted a consumer fraud alert, warning Americans that Equifax is not trying to call you, no matter what some jerk on the phone claims. READ MORE: 4 Things To Remember To Avoid Getting Scammed In Wake Of Equifax Breach The FTC says that if you receive a call from someone claiming to be from Equifax, just hang up. “Don’t tell them anything,” writes the FTC. “They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.” Don’t press any buttons, give them any info. Just hang up and get on with your day. To help the FTC catch these scammers, you should also report the bogus call via the FTC’s online complaint portal. Every little bit of information the FTC gets about these calls can aid in tracing them back to the amoral morons who think this is an acceptable way to make a buck. If you are worried that there is some extraordinary reason that Equifax would be calling you out of all the 143 million people affected by this breach, you can always call the company back at 866-447-7559.

Equifax Says Site Vulnerability Behind Massive Breach; FTC Confirms Investigation

It’s been a week since credit reporting agency Equifax admitted it had lost sensitive personal data for 143 million American consumers — one of the worst data breaches yet. Now, the company says it knows how the intruders got in… and it’s through a bug that was first identified six months ago.

The Problem

Equifax updated its breach information page this week to identify the vulnerability malicious actors were able to use to get access to all that juicy private data. The issue was in the Apache Struts framework, code used to develop and run Java-based apps for web servers. Loads of companies, including other banks and credit reporting agencies, rely on versions of Apache Struts to work. Ars Technica reported on the vulnerability in early March. Means of exploiting the vulnerability were “trivial, reliable, and publicly available,” Ars noted at the time, making the flaw high-impact, high-visibility, and leaving major sites vulnerable to an increasing wave of attacks. By the time Ars ran that story on March 9, Apache had already issued a patch. And yet by the time the big breach began two months later, in mid-May, Equifax had apparently still not updated, since its systems were vulnerable to that flaw. Ars notes that applying this particular patch is “labor intensive and difficult,” due to the way the software works. But clearly the worse-case outcome of not doing it has proven to have massive consequences for not only nearly half the entire U.S. population, but tens of millions of people around the world as well.

The Investigation

In an extremely unusual move, the Federal Trade Commission has confirmed that it has opened an investigation into the circumstances of the Equifax breach. “The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” an agency spokesman told media. MORE: How much control do you have over your private data? The FTC is responsible for overseeing business compliance with laws that require credit reporting agencies to keep non-public personal information, well, non-public. So although it’s exceedingly rare for the Commission to confirm an investigation has been opened, it’s also unsurprising they would do so in this case. Virginia Senator Mark Warner on Wednesday sent a letter [PDF] to the FTC requesting it launch an investigation into the massive data breach. “Aspects of this breach raise questions about the data security practices of Equifax that implicate the FTC’s existing authority,” Warner wrote. The Senator also called out several of “Equifax’s post-breach actions,” including poor site management of the breach notification portal, weak user PINs for credit freezes, and confusing notification to consumers who just wanted to know if they were hit. “Taken as a whole, and given past breaches by other major credit bureaus, these lapses may potentially represent a systemic failure by firms currently incentivized to collect and store highly sensitive identification and financial data for Americans,” Warner said. “I fear that firms like Equifax may illustrate a set of institutions whose activities, left unchecked, can significantly threaten the economic security of Americans.” In the wake of consumer complaints and media coverage, Equifax says this week it has updated call center support, added clarification about mandatory binding arbitration, and revamped the way it issues PIN codes to consumers placing freezes on their credit. We’ve asked Equifax for a comment and will update if we hear back.

Did TransUnion Increase Cost Of Credit Monitoring In Wake Of Equifax Breach?

With more than 143 million consumers’ personal information now circulating on the dark web thanks to the massive Equifax data breach, there’s no doubt many of these victims are turning to the other two major credit bureaus — TransUnion and Experian — for credit freezes and monitoring services. But is one of these agencies cashing in on the Equifax hack by raising the price for its services? That’s the accusation some long-time TransUnion customers are throwing out after finding their TrueCredit monitoring service bill increased by 50% this month — just days after Equinox’s breach came to light.

An Inconvenient Increase

Reader Frank tells Consumerist that he was shocked to see his monthly TrueCredit monitoring service tab jump from $9.95 to $14.95. Of course it’s not uncommon for companies to increase the fees on their services over time or at the end of a promotional period. However, in Frank’s case, a promotional price wasn’t in play, as he’s had the service since 2003, and always paid $9.95/month. Additionally, he says he hadn’t received any kind of notice from TransUnion that the cost of the service would be increasing. The abrupt change and the timing of the increase were concerning to Frank. “I find it interesting that they decided to raise the cost by 50% on existing customers at precisely the time that Equifax disclosed their breach,” he tells Consumerist. “It seems like the moral equivalent of price-gouging for water during a hurricane.” When he reached out to TransUnion’s customer service about the issue, he received a less than helpful answer. He was told that the company had increased the service cost without notice. If he didn’t like it, he could cancel the service for a full refund of the month’s fees. Consumerist has reached out to TransUnion about the increase and the blunt response Frank received. We’ll update this post when we hear back.

Where’s The Freeze?

Frank isn’t the only TransUnion customer to run into issues with the company’s services following the Equifax breach. Several Reddit users shared their dissatisfaction with the credit reporting agency this week, claiming that TransUnion was pushing them into credit monitoring service rather than simply freezing their credit. A credit freeze — generally free for identity theft victims — prevents lenders and others from accessing a consumer’s credit report in response to a new credit application. With a freeze in place, even the bona fide account holders will need to take special steps if they want to apply for any type of credit or unfreeze the account. Related: My Identity Was Stolen, Then TransUnion Let The Fraudster Unfreeze My Accounts One user says he noticed a change on the TransUnion website Wednesday morning while providing links to family on how to freeze their credit in the wake of the Equifax breach. “I froze my credit the day after news about the Equifax breach broke, and it looks like TransUnion has since changed their site to push people away from freezing their credit in favor for their own product called TrueIdentity,” the user claims. The Redditor says the company’s website previously provided easy to follow instruction for placing a credit freeze and had no mention of TrueIdentity.
Now, however, if someone wants to place a credit freeze they must traverse through a page of information about credit and fraud, then click on the “about credit freeze” button. The next page, once again, tries to convince customers to enroll in TrueIdentity.
The user says that the new language related to the credit freeze is passive and dissuasive, “A credit freeze may be available under your state law.” Conversely, the language related to the TrueIdentity service appears phrased for action, “Lock your credit information by enrolling in TrueIdenity.” While TrueIdentity is free of charge and allows customers to lock and unlock their credit, a premium version of the service is $10/month. “This is such a blatant attempt by TransUnion to take advantage of the Equifax breach for their own financial gain,” Reddit user Equisux wrote. “It’s a shitty thing for TransUnion to do, and people should be aware that they are being led away from putting an actual credit freeze on their account.”

No Freezes Here

Other consumers note on the thread that they have had a difficult time enrolling in credit freezes through the company. Redditor InformalProof reports that after going through the steps on the phone to obtain a credit freeze he was told that the credit card number “you entered is not a valid credit card number.” He was then put on hold and hung up on. “This happened to me yesterday, right after I entered my numeric address,” Redditor Dr_Iridium wrote. “They ‘could not verify’ and transferred me to an agent but I was hung up on in the process.” It is possible that TransUnion’s credit freeze phone system — which is automated — is overwhelmed given the extent of the Equifax breach. Consumerist has reached out to TransUnion for information on both the website changes and difficulties in enrolling in credit freezes. We’ll update this post when we hear back.

69 Cheating Volkswagen Diesels Stolen From Silverdome Parking Lot

The cheating diesels that Volkswagen has bought back as part of its settlement with purchasers are sitting in vehicular purgatories across the country, waiting to be repaired so they can go to new homes. Only some of them were sprung early: 69 “Dieselgate” vehicles were stolen only to turn up with fake Michigan titles at an auto auction in Kentucky. Volkswagen needs a lot of space to store cars that have its TDI “clean diesel” engines that were cheating on their emissions tests, a global scandal that led to massive penalties, recalls, and even criminal charges against the company and against key executives involved in the scandal. While a fix has been approved for most of the recalled vehicles, they still remain in vehicular purgatory awaiting repairs. They’re being kept at sites including the port of Baltimore, an Air Force base in California, and the parking lot of the Pontiac Silverdome, former home of the Detroit Lions and Detroit Pistons.

What we know so far

With hundreds of vehicles stashed in the Silverdome lot, someone must have realized that the cars wouldn’t be missed immediately. Indiana state police told WDRB-TV (via Jalopnik) that at least 69 vehicles have disappeared from the lot. The cars were given counterfeit Michigan titles, and were sold at auto auctions in Indiana and Kentucky. “Volkswagen was keeping track of all these vehicles they were purchasing back or buying back,” a state police officer told the TV station. “When these VIN numbers start[ed] showing up again in their system, that’s when the red flags started flying up.” Volkswagen was keeping track of these vehicles for exactly this reason, and learned about their whereabouts when the stolen cars legally re-entered state databases after they were inspected. The seller who brought 32 Volkswagens and Audis to an auction in Kentucky told WDRB through a legal representative that the cars were purchased from “a supplier out of Michigan,” and the seller bought them for around $11,000 each, selling them for around $18,000. State police in Indiana believe that the people responsible for the actual theft are further up the chain, and that the auto thefts may have been an inside job. The FBI is investigating, but no one has been charged in this case yet. A fix has been approved for most of the recalled vehicles, which means they could start to be repaired and re-sold soon.

What you should know

Even if you don’t live anywhere near Kentucky or Indiana, the thefts could affect you, since the vehicles have since made their way across the country. So far, authorities say they are aware of vehicles were sold to dealerships in California and Georgia. If your car’s title looks sketchy or something seems off, contact the local police or sheriff’s department to the facility that conducted the vehicle’s inspection listed on the title.