Category Archives: Investigation

Western Auto Sales ordered to change collection practices; pay fines


Western Auto Sales LLC a Boise auto dealer has agreed to change its business practices after being confronted by the Attorney General’s Consumer Protection Division.

Consumer Protection Division received consumer complaints about the auto dealer from a mentally impaired consumer who alleged that Western Auto Sales misled him during the sale of a car, while another consumer claimed deception in Western Auto Sales’ transfer of a motor vehicle service contract. A third consumer complained that, during the repossession of his car, Western Auto Sales’ agent threatened to arrest him and harassed his wife at her workplace.

Western Auto Sales satisfactorily resolved the consumers’ complaints and, under the terms of the agreement with the AG’s office, are prohibited from engaging in harassing debt collection or repossession acts or practices. Among other mandates, the agreement also requires Western Auto Sales to:

  • review its Internet website advertising and make all required changes to make sure its advertising complies with state and federal law;
  • comply with the Idaho Motor Vehicle Service Contract Act in the sale of its motor vehicle service contracts; and
  • show all material terms and conditions on the receipt of a free motor vehicle service contract with the purchase of a car.

Western Auto is also required to reimburse the Attorney General Office for its attorney’s fees and investigative expenses, Western Auto Sales paid $950 to the office. If the auto dealer fails to comply with the agreement, it is subject to a $15,000 civil penalty.

– Kriss Bivens Cloyd, AG’s office

1 Comment

Filed under Investigation

Don’t lose your identity to Costco Green lookalike email


By Robb Hicken/ BBB’s chief storyteller

“Give Costco your opinions in exchange for Costco cash”  from assortamazer.com looks to be a scam to get your information.

Filled with promises of “Cash” when the survey is completed, the address is simply a .com address, with no security provisions.When BBB attempted to open the link, it exposed a “bot” with malware.

These lookalike phishing emails typically spoof a well-known retailer, financial institution/bank or businesses. They typically contain hyperlinks that lead to online forms requesting personal information or download malicious software that can steal login information or passwords.

COSTCO states: “If you received an email concerning Costco Cash or Costco-Green  immediately delete the email and do not reply. This is a phishing scam and was not sent by Costco. Costco is not affiliated with the e-mail in any way.”

Cybercrime involves coaxing consumers to show personal information, such as their Social Security number, date of birth, address and telephone numbers.

The BBB offers the following advice to stay ahead of cybercriminals:

  • Make sure things check out – Research unfamiliar retailer and charity websites at bbb.org before entering a credit card number. Confirm your online purchase is secure by looking at your browser for the “s” in https:// and in the lower-right corner for the “lock” symbol before paying.
  • Be wary of unsolicited emails – Government agencies, credit card companies and banks will never ask for personal information such as a Social Security or Medicare number through email (or over the phone). In addition, when you receive a link to a “special deal” or coupon through a social network site, type in the Internet address yourself. A link’s true destination may be hidden, taking you to a lookalike  -website or download malware onto your computer.
  • Always use secure payment methods – Never send money by wire transfer to someone you don’t know. Use a credit card, online payment system or escrow service to pay for auction or classified ad items.
  • Beware of overpayment scams – Cybercriminals use scams that involve sending legitimate-looking checks for more than the purchase price and asking that the monetary difference be returned to them by wire transfer. Though the check may initially be accepted for deposit at a bank, it may take several days to bounce, resulting in the loss of any money wired away as well as overdraft penalties.
  • Be selfish with personal information – Social media sites encourage the sharing of information. However, avoid sharing your birth date, address and other information that may be used to help put together a profile that can be used to steal your identity. Check the privacy settings for your profile and considering hiding your profile unless you approve a friendship/contact request.
  • Practice safe computing – Don’t use short passwords, or the same password for multiple sites. Passwords should contain a variety of upper and lower case letters and digits or characters. Ensure your computer  software and operating system are current with the latest security updates and run malware scans on a weekly basis.

There is no telling what new online threats might lurk around the corner, however, common sense and caution go a long way towards protecting yourself from online crime.

Leave a comment

Filed under Investigation

Heartbleed virus could leave you bloodied


UPDATE: This bug may also climb aboard cellphones and more. It appears to be bigger than previously understood.
 
 
By Robb Hicken/BBB’s chief storyteller 

Business owners need to be aware of a computer bug that targets computer servers running the most widely used Internet encryption security system, according to Better Business Bureau serving the Snake River Region.heartbleed

Security engineers discovered that the “Heartbleed” bug exploits a flaw in OpenSSL, which allowed them to view passwords and user names when they tested the virus.  Secure Sockets Layer (SSL) is an open-source software program that encrypts data over the Internet.  It is used to secure business transactions, email, instant messaging services, social media sites and any other sort of web-based system that must secure the data that is transmitted to and from its servers.

Heartbleed compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the real content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

“Once the specialists understood how it worked, they avoided publicizing the discovery until OpenSSL’s developers could create an update that eliminates the security loophole,” says BBB CEO Dale Dixon. “We’re reading that the Heartbleed has also been seen in places like Gmail and Facebook, exposing your personal and financial information.”

Yahoo was among the first-named websites where Heartbleed was detected.  Yahoo and other major companies that rely on OpenSSL moved quickly to fix the vulnerability.  SSL is used on web servers, but not on PCs or mobile devices.

The bug is believed to have originated two years ago, but researchers say it covered its tracks to leave no trace of its presence.  There is no word on how many servers were infected.

BBB recommends businesses consult a qualified information technology (IT) professional, to see whether their servers are infected with the bug, and if so, remove it and apply the updated, secure version of OpenSSL.

Consumers and businesses should change their passwords, and regularly scan their computers with an updated computer security application.  In addition, install operating system updates and software patches, which often address emerging security flaws.

Where to find more information?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt or  https://www.cert.fi/en/reports/2014/vulnerability788210.html.

1 Comment

Filed under Investigation