Tag Archives: FTC

FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures

The Federal Trade Commission, the nation’s chief privacy agency, issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.

The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. Most of the recommendations involve making sure that consumers get timely, easy-to-understand disclosures about what data they collect and how the data is used.

http://ftc.gov/opa/2013/02/mobileprivacy.shtm

Support Scammers

arstechnica.com
Jon Brodkin -Dec 5 2012

How Windows tech support scammers walked right into a trap set by the feds

When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn’t spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.

http://arstechnica.com/tech-policy/2012/12/how-windows-tech-support-scammers-walked-right-into-a-trap-set-by-the-feds/

FTC press release 10/03/2012

FTC Halts Massive Tech Support Scams

Tens of Thousands of Consumers Allegedly Tricked Into Paying for Removal of Bogus Viruses and Non-Existent Spyware, and Allowing Scammers to Remotely Access their Computers

The Federal Trade Commission has launched a major international crackdown on tech support scams in which telemarketers masquerade as major computer companies, con consumers into believing that their computers are riddled with viruses, spyware and other malware, and then charge hundreds of dollars to remotely access and “fix” the consumers’ computers.

At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets.

“The FTC has been aggressive – and successful – in its pursuit of tech support scams,” said FTC Chairman Jon Leibowitz. “And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem.”

http://www.ftc.gov/opa/2012/10/pecon.shtm

http://www.onguardonline.gov/articles/0346-tech-support-scams

European Commission clears Intel’s acquisition of McAfee subject to conditions

Press release
Brussels, 26 January 2011
Mergers: Commission clears Intel’s proposed acquisition of McAfee subject to conditions

The European Commission has approved under the EU Merger Regulation the proposed acquisition of McAfee, a vendor of information technology security, by Intel, both of the US. The approval is conditional upon a set of commitments ensuring fair competition between the parties and their competitors in the field of computer security, a growing concern due to the exponential rise in the number of malware such as viruses. The Commission was concerned that rival IT security products could be excluded from the marketplace given Intel’s strong presence in the world markets for computer chips and chipsets. In particular, the Commission worried about the high likelihood that the merged entity would embed its own security solutions into its chips and chipsets. To alleviate those concerns, Intel committed to ensuring the interoperability of the merged entity’s products with those of competitors.

The US Federal Trade Commission (FTC) approved the acquisition in December.
http://www.h-online.com/security/news/item/FTC-gives-its-blessing-to-Intel-s-acquisition-of-McAfee-1158590.html

FTC Endorses “Do Not Track”

Press release

FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers
Endorses “Do Not Track” to Facilitate Consumer Choice About Online Tracking

The Federal Trade Commission, the nation’s chief privacy policy and enforcement agency for 40 years, issued a preliminary staff report today that proposes a framework to balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services. The proposed report also suggests implementation of a “Do Not Track” mechanism – likely a persistent setting on consumers’ browsers – so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.

“Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well,” said FTC Chairman Jon Leibowitz.

http://www.ftc.gov/opa/2010/12/privacyreport.shtm

The makers of the popular Firefox Web browser are exploring ways to create a do-not-track mechanism that could offer Internet users a way to avoid being monitored online.

The effort comes just months after Firefox’s creator, Mozilla Corp., killed a powerful new tool to limit tracking under pressure from an ad-industry executive, The Wall Street Journal has learned. Mozilla says it didn’t scrap the tool because of pressure, but rather out of concern it would force advertisers to use even sneakier techniques and could slow down the performance of some websites.

Read more: Wall Street Journal

Scams turned deadly

Graham Cluley’s blog

A ghastly story reaches me of a man who committed suicide, after losing $50,000 to West African romance scammers.

67-year-old Al Circelli, shot himself in the living room of his home in Yonkers, New York, after – his family say – he became embroiled in an international romance scam that caused him to lose thousands of dollars and even steal from his relatives.

Circelli’s son Peter says he stumbled across evidence that his late father had wired considerable amounts of money to Ghana, and discovered email messages and photos on his father’s laptop supposedly from a woman called Aisha, who wanted to come to the USA to begin a new life and promised to bring a small fortune with her

http://www.sophos.com/blogs/gc/g/2010/08/19/romance-email-scam-drives-father-suicide/

Many victims have been devastated monetarily by such scams over the years. One can only imagine the emotional pain.

FTC: The “Nigerian” Scam, Costly Compassion

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt117.shtm

FTC Obtains Court Order to Halt “Money Mules”

FTC Press release

At the request of the Federal Trade Commission, a federal court has halted an elaborate international scheme that used identity theft to place more than $10 million in bogus charges on consumers’ credit and debit cards, pending a trial. More than a million consumers were hit with one-time charges of $10 or less, and their payments were routed through dummy corporations in the United States to bank accounts in Eastern Europe and Central Asia.

The defendants, using phony company names resembling real companies, and information taken from identity theft victims in the United States, opened more than 100 merchant accounts with companies that process charges to consumers’ credit and debit card accounts, according to the FTC complaint. The FTC believes the defendants may have run credit checks on the identity theft victims first, to be sure they were creditworthy. The defendants also cloaked each fake merchant with a virtual office address near a real merchant’s location, a phone number, a home phone number for the “owner,” a Web site pretending to sell products, a toll-free number consumers could call, and a real company’s tax number found on the Internet.

The FTC alleged that with spam e-mail, the defendants recruited at least 14 “money mules” – people in the United States they paid to form 16 dummy corporations, open associated bank accounts to receive the card payments, and transfer the money overseas. The defendants used debit cards linked to these bank accounts to set up telephone service, virtual addresses, and Web sites that helped deceive the card processors, according to the complaint.

http://www.ftc.gov/opa/2010/06/adele.shtm

FTC Bars Marketing of Commercial Keylogger Software “RemoteSpy” for Illegal Uses

FTC Press Release

06/02/2010
The Federal Trade Commission has put the brakes on the business practices of an operation that was selling spyware and showing customers how to remotely install it on other people’s computers without their knowledge or consent.

The FTC is announcing a settlement that bars the sellers of the “RemoteSpy” keylogger from advertising that the spyware can be disguised and installed on someone else’s computer without the owner’s knowledge. It requires that the software provide notice that the program has been downloaded and obtain consent from computer owners before the software can be installed.

In 2008, the FTC filed suit against CyberSpy Software, LLC and its owner, Tracer R. Spence, alleging they were violating the law by advertising and selling RemoteSpy, a keylogger software program that the defendants touted as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” According to papers filed with the court, the defendants provided their clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an e-mail. When the e-mail recipient clicked on the attachment, the RemoteSpy program was downloaded and installed without the victim’s knowledge. The spyware recorded every keystroke typed on an infected computer; captured images of the computer screen; obtained passwords, and recorded Web sites visited. To access the information gathered and organized by the spyware, RemoteSpy clients logged into a Web site maintained by the defendants.

The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment. It also requires that they inform purchasers that improper use of the software may violate state or federal law. The final Order also requires the defendants to take measures to reduce the risk that their spyware is misused, encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers on which it was previously installed.

http://www.ftc.gov/opa/2010/06/cyberspy.shtm

Consumer groups file new FTC complaint against Facebook citing privacy violations

Wednesday May 5th, fourteen privacy and consumer protection groups joined the Electronic Privacy Information Center (EPIC) in filing a 38-page complaint against Facebook with the Federal Trade Commission.

The Electronic Privacy Information Center, the Bill of Rights Defense Committee,
the Center for Digital Democracy, the Center for Financial Privacy and Human
Rights, the Center for Media and Democracy, the Consumer Federation of America,
the Consumer Task Force for Automotive Issues, Consumer Watchdog, the Foolproof
Initiative, Patient Privacy Rights, Privacy Activism, Privacy Journal, the Privacy
Rights Clearing House, the United States Bill of Rights Foundation, and U.S. PIRG
(hereinafter “Petitioners”) urge the Commission to investigate Facebook, determine
whether the company has in fact engaged in unfair and/or deceptive trade practices,
require Facebook to restore privacy settings that were previously available as detailed
below, require Facebook to give users meaningful control over personal information,
and seek other appropriate injunctive and compensatory relief.

http://epic.org/2010/05/new-facebook-privacy-complaint.html

http://certifiedbug.com/blog/2010/05/05/facebook-security-flaw-enabled-users-to-view-friends-live-chats/

Security Seal provider to settle FTC charges

FTC Press Release 2/25/2010.

ControlScan, a company that consumers have relied on to certify the privacy and security of online retailers and other Web sites, has agreed to settle Federal Trade Commission charges that it misled consumers about how often it monitored the sites and the steps it took to verify their privacy and security practices. The settlements will bar future misrepresentations. The founder and former Chief Executive Officer has entered into a separate settlement that requires him to give up $102,000 in ill-gotten gains.

Third-party privacy and security certification programs like ControlScan are used by Web sites to assure visitors and customers that the site is secure and consumers can feel confident about providing personal and financial information. Certification companies provide privacy and security “seals” to convey that an independent party is auditing the practices of the site regularly to be sure its data is not vulnerable.

http://www.ftc.gov/opa/2010/02/controlscan.shtm

Hat tip: http://blogs.pcmag.com/securitywatch/2010/02/controlscan_settles_misreprese.php

FTC Warns of Widespread Consumer Data Breaches on P2P

Press Release.

Widespread Data Breaches Uncovered by FTC Probe

The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them.

http://www.ftc.gov/opa/2010/02/p2palert.shtm