The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business. Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected by spammers: Namely, fake reviews and dodgy search engine manipulation techniques that seek to drown out legitimate, negative reviews in a sea of glowing but fake endorsements.

Perhaps the most common example of this can be found among companies that offer moving and storage services, an industry that consistently ranks in the top 10 across the United States for consumer fraud complaints.

Trust your family heirlooms and other belongings to a moving company without scratching beneath the surface of that glowing review online and at best you could end up paying way more than the agreed-upon price once the company has all of your possessions loaded onto the truck. In most cases, the consumer horror stories about moves-gone-bad also include tales of massive damage to the customer’s stuff — if indeed the customer’s stuff ever arrives.

Even people who are steeped in the ways of the Interwebs can get bamboozled by slick search engine manipulation tricks. Last month I heard from David Matusiak, a longtime reader and information security professional who hired a Florida-based moving company that got five-star reviews from dozens of sites. Unfortunately for Matusiak, many of those “review” sites appear to have been set up and maintained by the people behind the company he hired.

Based in Morrisville, NC, Matusiak had just landed a job in California that wanted him to start right away. So after a couple of hours of reading reviews online for a reputable moving company, Matusiak settled on Full Service Van Lines based in Coconut Creek, Fla. Now, more than 30 days after his truckload of belongs left his home on the East Coast, Matusiak is still waiting for his stuff to arrive in California.

HUGE RED FLAGS

Matusiak said he read page after page of glowing reviews about Full Service Van Lines. Little did he know, the same email address used to register fullservicevanlines.com was used to register many of those “review” Web sites, which naturally list Full Service at the top of their supposed consumer rankings.

Interestingly, if you conduct a simple Google search on Full Service Van Lines, you’ll notice the top review sites — Google and Yelp — have two types of reviews for this company: Very positive and extremely negative, and not much in between.

In retrospect, Matusiak said, the stark disparity in consumer reviews about the company should have been one of many red flags. Another red flag was that the company gave him an estimate for his moving costs over the phone — and refused to send anyone to his home to more accurately and realistically price the move.

The lack of an in-home inspection by the potential moving company is one of the red flags listed at the Protect Your Move site maintained by the Federal Motor Carrier Safety Administration (FMCSA), the federal agency which oversees the moving industry in the United States.

According to Matusiak, Full Service Van Lines exhibited just about every other red flag listed by the FMCSA, including a requirement that some ($1,441.65) of the total moving estimate ($4,225.52) be paid up-front. The other red flag? When the movers arrived on Sunday, May 24, 2015 to load up his belongings, they showed up in a rented Penske truck — not a company-owned and marked fleet truck as displayed on the company’s home page.

Yet another red flag: As soon as the movers had all of his furniture and belongings loaded onto the truck, the foreman — a guy who Matusiak said had a thick Russian accent and offered his name only as “Serge” — said Matusiak’s stuff took up 375 more cubic feet than the estimate had stated, and that as a result the company would be charging him an additional $2,437!

“He said it had to be paid right now in cash or money order or they were going to start unpacking the truck,” Matusiak recalled. “Since this was on a Sunday afternoon, coming up with that kind of cash was pretty impossible, and I couldn’t risk taking all of this stuff off the truck and finding another moving company to get out to my new job in time.”

So, Matusiak said he told Serge to charge the overage to the credit card that Full Service Van Lines had used to fund his initial deposit. After a heated conversation with someone from Full Service, Serge told Matusiak he needed to take a picture of Matusiak’s credit card and driver’s license. That was the last time Matusiak saw Serge or any of his worldly possessions.

Matusiak said he arrived in southern California on May 28, thinking the moving van would be a few days behind. When the promised delivery date of June 1 came and went, Matusiak reached out to Full Service Van Lines to inquire about the status of the moving van. The manager at Full Service assured him his stuff was on its way, so Matusiak decided to stay in a hotel for a few days. On June 7, unable to get a straight answer from his contact at Full Service about the van’s location, Matusiak moved into his apartment, minus any furniture, clothes or bed.

Growing increasingly alarmed, the North Carolina native said he was able to convince a police officer in Coconut Creek, Fla. to visit the company’s offices there, but the officer ultimately came back and said it was clear that this was a contract dispute — not a criminal matter — and that Matusiak needed to take his claims to civil court.

“I didn’t get a straight answer out of them for nearly a month until I asked a Coconut Creek police officer to go visit them, and they finally told him that it had been sitting ‘in their warehouse in Virginia’ since it was taken from my home on May 24th,” he told KrebsOnSecurity. “They promised to send photos of my items to prove that they still existed and had not been destroyed, stolen or sold. So far, they have yet to send me these pictures despite several requests.”

The week after that, Matusiak said, the company told him it couldn’t get in touch with the driver, and that they didn’t quite know exactly where the truck was.

“They said they thought the truck was somewhere near Texas, but that was pretty much when they stopped talking to me,” he said. “The whole thing has been a nightmare, and I’m hoping it can come to some resolution. I doubt most of my stuff will be in good condition should it ever be returned. And it would cost me tens of thousands of dollars to replace most of it, plus there are things that can never be replaced. Most of the work I’ve produced in the past 12 years existed on those computers.”

A LONG, SPOTTY HISTORY

While the Internet can help companies hide a pattern of misdeeds or crooked practices, careful research into public documents about an organization’s corporate history and company ownership can often reveal quite a bit about this activity. And as it turns out, Full Service Van Lines is just the latest venture by a company that appears to have a history of ripping people off and disappearing with their stuff (the company has not yet responded to requests for comment).

Update, July 7, 2015, 12:29 p.m., ET: I received a response from a Jason Stokes at Full Service Van Lines, who said Matusiak was one of a handful of customers who were inconvenienced by a unpredictable and sudden increase in demand for moving services at the height of the summer moving season. Stokes said Full Service was in the process of sending a truck to pick up Matusiak’s things from its warehouse in Virginia, although he noted that the truck first would need to be loaded with other customers’ items and passed through either Florida or New York before heading to California. “This isn’t something that’s normal for us,” Stokes said of the delays. “We’re going to go above and beyond monetarily to make this right with our customers.”

Original story:

Search on “Full Service Van Lines” at the corporation search page of the Florida Department of State’s Web site turns up zero results. But a search for that company using the “fictitious names” lookup at the same site reveals that this company is registered to a firm in Pompano Beach, Fla. called Moving and Storage Accounting.

A search on Moving and Storage Accounting shows that the company is run by a Grace Metzger and a Maxx Socher. A simple Google search on this last individual leads to several interesting results, including a scathing Ripoff Report listing, as well as several blogs documenting consumer experiences very similar to the nightmare that Matusiak has endured.

Among the search results for Socher is an NBC Miami story from February 2014 that recounts the heartbreaking story of a Florida couple who trusted Ryder Moving and Storage — a moving company owned by Maxx Socher’s brother Joshua Socher and Josh’s wife Jodi under the slightly modified company name Storage & Moving Services Inc. in Pompano Beach, Fla — and ran into the same fate as Matusiak. That story notes that the Better Business Bureau got so many complaints that it awarded Ryder an “F” rating.

In addition, the FMCSA fined the company $50,000 for false and deceptive billing, among other violations. And as noted triumphantly by Movingscambusters blog — a site set up by another victim of Ryder who sought to expose the company’s practices — the Florida Attorney General is now suing the Sochers after receiving hundreds of consumer complaints about the company.

Public records searches also can yield revealing results. For example, searching the FMCSA’s database on “Full Service Van Lines,” produces two results, both for companies in Coconut Beach, Fla. The first Department of Transportation (DOT) license number listed is no longer active, apparently because the operator of that license incurred a high number of consumer complaints and safety inspection violations.

The second DOT license listed — issued to a company by the same name at a different suite number — is active but also includes a number of consumer complaints about final charges and lost or damaged shipments. Oddly enough given this company’s history, the active license for Full Service Van Lines (which is a DBA of “Dr. Schlepper Inc.”), has yet to receive an inspection from the FMCSA.

Finally, while the Better Business Bureau is hardly the arbiter of which companies are legitimate and which are potentially crooked, the BBB’s consumer complaint listing on Full Service Van Lines fairly well tracks Matusiak’s awful experience.

Matusiak says he’s in the process of documenting his case and sending the supporting evidence to regulators and law enforcement in Florida and North Carolina.

“I’m trying to piece this all together and contact relevant authorities,” he said. “It is complicated by the nature of being in multiple states. Each office I contact merely asks me to get in touch with another state. It looks like I’m at the will of this company and can only wait. Without broader attention I doubt they will do much and they may close this company before I can take any legal action.”

Matusiak told me that in hindsight, he definitely should have spent more time investigating the history of Full Service Van Lines and its owners. But he said he doubts most consumers would do that before-the-fact.

“I certainly didn’t think that all of the review sites would be run by them,” he said. “But also, I don’t think the average consumer could or should have to do all this research on federal and state filings just to find out if a company is legitimate.”

Whether consumers should have to do this or not is debatable, but it seems fairly clear that there is simply far too much money to be made in moving scams and far too few consequences for people engaged in this type of fraud.

For example, several states have begun cracking down on “reputation management” and “search engine optimization” (SEO) companies that engage in writing or purchasing fake reviews, but the fines being enforced for violations are likely a fraction of the revenues that companies gain by engaging in this deceptive practice. It’s worth noting that Full Service Van Lines’ home page says the site was created by a company called Affordable SEO Miami, a reputation management firm that lists as its address the same location as Full Service Van Line’s license with the Department of Transportation.

I hope it’s clear that consumers investing in high-dollar services would be wise to spend some time using the resources available to look up public records on companies before doing business with them. True, it is easy even for computer-savvy people to get snookered by fake reviews and search engine manipulation tricks, but public records can be powerful tools in the hands of the wary consumer. Caveat emptor!

The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, appears to be the latest victim of a credit card breach, according to data shared by several U.S.-based banks.

Contacted regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, the company declined multiple requests for comment.

Update, 4:56 p.m. ET: The Trump Organization just acknowledged the issue with a brief statement from Eric Trump, executive vice president of development and acquisitions: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

Original story:

But sources in the financial industry say they have little doubt that Trump properties in several U.S. locations — including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York — are dealing with a card breach that appears to extend back to at least February 2015.

If confirmed, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments. In March, upscale hotel chain Mandarin Oriental disclosed a compromise. The following month, hotel franchising firm White Lodging acknowledged that, for the second time in 12 months, card processing systems at several of its locations were breached by hackers.

It is likely that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to upcoming changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit. Non-chip cards store cardholder data on a magnetic stripe, which can be trivially copied and re-encoded onto virtually anything else with a magnetic stripe.

Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash (think high-dollar gift cards and electronics).

In October 2015, merchants that have not yet installed card readers which accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards. While most experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers (and many U.S. banks are only now thinking about issuing chip-based cards to customers) cyber thieves no doubt well understand they won’t have this enormously profitable cash cow around much longer, and they’re busy milking it for all it’s worth.

For more on chip cards and why most U.S. banks are moving to chip-and-signature over the more widely used chip-and-PIN approach, check out this story.

Cybercriminals have long relied on compromised Web sites to host malicious software for use in drive-by download attacks, but at least one crime gang is taking it a step further: New research shows that crooks spreading the Dyre malware for use in cyberheists are leveraging hacked wireless routers to deliver their password-stealing crimeware.

Dyre (a.k.a. “Dyreza”) is generally installed by a downloader Trojan that is flagged by most tools under the name “Upatre.” The latter is most often delivered via malicious e-mails containing a link which directs unsuspecting users to servers hosting malicious javascript or a basic redirection to a malicious payload. If the user clicks the malicious link, it may serve a bogus file — such as an invoice or bank statement — that if extracted and opened reaches out to an Upatre control server to download Dyre.

According to a recent in-depth report from Symantec, Dyre is a highly developed piece of malware, capable of hijacking all three major web browsers and intercepting internet banking sessions in order to harvest the victim’s credentials and send them to the attackers. Dyre is often used to download additional malware on to the victim’s computer, and in many cases the victim machine is added to a botnet which is then used to send out thousands of spam emails in order to spread the threat.

Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS.

“We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”

Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.

In January 2015, KrebsOnSecurity broke the news that the botnet used to attack and briefly knock offline Microsoft’s Xbox and Sony Playstation’s networks relied entirely on hacked routers, all of which appeared to have been compromised remotely via telnet.

Whether you use a router from Ubiquiti or any other manufacturer, if you haven’t changed the default credentials on the device, it’s time to take care of that. If you don’t know whether you’ve changed the default administrative credentials for your wired or wireless router, you probably haven’t. Pop on over to routerpasswords.com and look up the make and model of your router.

To see whether your credentials are the default, you’ll need to open up a browser and enter the numeric address of your router’s administration page. For most routers, this will be 192.168.1.1 or 192.168.0.1. This page lists the default internal address for most routers. If you have no luck there, here’s a decent tutorial that should help most users find this address. And check out my Tools for a Safer PC primer for more tips on how to beef up the security of your router and your Web browser.

We often hear about the impact of cybercrime, but too seldom do we read about the successes that law enforcement officials have in apprehending those responsible and bringing them to justice. Last week was an especially busy time for cybercrime justice, with authorities across the globe bringing arrests, prosecutions and some cases stiff sentences in connection with a broad range of cyber crimes, including ATM and bank account cashouts, malware distribution and “swatting” attacks.

Prosecutors in New York had a big week. Appearing in the U.S. court system for the first time last week was Ercan “Segate” Findikoglu, a 33-year-old Turkish man who investigators say was the mastermind behind a series of Oceans 11-type ATM heists between 2011 and 2013 that netted thieves more than $55 million.

According to prosecutors, Findikoglu organized the so-called “ATM cashouts” by hacking into networks of several credit and debit card payment processors. With each processor, the intruders were able to simultaneously lift the daily withdrawal limits on numerous prepaid accounts and dramatically increase the account balances on those cards to allow ATM withdrawals far in excess of the legitimate card balances.

The cards were then cloned and sent to dozens of co-conspirators around the globe, who used the cards at ATMs to withdraw millions in cash in the span of just a few hours. Investigators say these attacks are known in the cybercrime underground as “unlimited operations” because the manipulation of withdrawal limits lets the crooks steal literally unlimited amounts of cash until the operation is shut down.

Two of the attacks attributed to Findikoglu and his alleged associates were first reported on this blog, including a February 2011 attack against Fidelity National Information Services (FIS), and a $5 million heist in late 2012 involving a card network in India. The most brazen and lucrative heist, a nearly $40 million cashout against the Bank of Muscat in Oman, was covered in a May 2013 New York Times piece, which concludes with a vignette about the violent murder of alleged accomplice in the scheme.

Also in New York, a Manhattan federal judge sentenced the co-creator of the “Blackshades” Trojan to nearly five years in prison after pleading guilty to helping hundreds of people use and spread the malware. Twenty-five year old Swedish national Alexander Yucel was ordered to forfeit $200,000 and relinquish all of the computer equipment he used in commission of his crimes.

As detailed in this May 2014 piece, Blackshades Users Had It Coming, the malware was sophisticated but marketed mainly on English language cybecrime forums to young men who probably would have a hard time hacking their way out of a paper bag, let alone into someone’s computer. Initially sold via PayPal for just $40, Blackshades offered users a way to remotely spy on victims, and even included tools and tutorials to help users infect victim PCs. Many of Yucel’s customers also have been rounded up by law enforcement here in the U.S. an abroad.

In a small victory for people fed up with so-called “swatting” — the act of calling in a fake hostage or bomb threat to emergency services with the intention of prompting a heavily-armed police response to a specific address — 22-year-old Connecticut resident Matthew Tollis pleaded guilty last week to multiple swatting incidents. (In an unrelated incident in 2013, this reporter was the victim of swatting, which resulted in our home being surrounded by a dozen or so police and Yours Truly being handcuffed in front of the whole neighborhood).

Tollis admitted belonging to a group that called itself “TeAM CrucifiX or Die,” a loose-knit cadre of young Microsoft XBox and swatting enthusiasts which later renamed itself the “ISIS Gang.” Interestingly, these past few weeks have seen the prosecution of another alleged ISIS Gang member — 17-year-old Finnish miscreant who goes by the nicknames “Ryan” and “Zeekill.” Ryan, whose real name is Julius Kivimaki, was one of several individuals who claimed to be involved in the Lizard Squad attacks that brought down the XBox and Sony Playstation networks in December 2014.

Kivimaki is being prosecuted in Finland for multiple alleged offenses, including payment fraud, money laundering and telecommunications harassment. Under Finnish law, Kivimaki cannot be extradited, but prosecutors there are seeking at least two to three years of jail time for the young man, who will turn 18 in August.

Finally, investigators with Europol announced the arrest of five individuals in Ukraine who are suspected of developing, exploiting and distributing the ZeuS and SpyEye malware — well known banking Trojans that have been used to steal hundreds of millions of dollars from consumers and small businesses.

According to Europol, each cybercriminal in the group had their specialty, but that the group as a whole specialized in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks.

“On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking ‘services’ and looking for new cooperation partners in other cybercriminal activities,” Europol said. “This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users’ computers with banking Trojans, and subsequently targeted many major banks

The Europol statement on the action is otherwise light on details, but says the group is suspected of using Zeus and SpyEye malware to steal at least EUR 2 million from banks and their customers.

Hershey Park, a popular resort and amusement park in Hershey, Pa. has hired a security firm to investigate reports from multiple financial institutions about a possible credit card breach, KrebsOnSecurity has learned.

Contacted after reports by several financial institutions about a pattern of fraudulent charges on customer cards that trace back to Hershey properties, the company says it is investigating.

“We have received reports from some of our guests that fraud charges appeared on their payment cards after they visited our property,” said Kathleen McGraw, director of communications for Hershey Entertainment and Resorts Company.

“We take reports like this very seriously,” McGraw continued. “While our company does have security measures in place designed to prevent unauthorized access to our network, we immediately began to investigate our system for signs of an issue and engaged an external computer security firm to assist us. The investigation is ongoing.”

Sources at three financial institutions say they have detected a pattern of fraudulent activity on customer cards that were used at Hershey properties in Pennsylvania between mid-March and late May 2015. According to the banks, the cards were used at a variety of Hershey locations, including food and beverage outlets, ticketing stations and the Hershey Lodge.