Scams at restaurant tables

Posted on May 13, 2009 by Bambi Vincent

Busy waiters at outdoor restaurants.

A restaurant table is a good place to be had. The latest in low-tech scams happened last month in Hoboken, NJ, when a man appeared tableside to collect cash after diners had received their bills. He took their money and walked out the door. Pretty clever.

Why didn’t the customers question the new face? I can answer that, as one who visits restaurants some 200+ days a year. Sometimes we just don’t pay attention to who’s serving us. We’re seated by a host, served water by a busboy, solicited by a sommelier, finally the waiter comes, and sometimes we’re greeted by a manager. The meal might be a business meeting which demands our attention more than faces.

Last week, I had a long, late lunch at Postrio in Las Vegas. When our waiter’s shift ended, she did what customer service people call a “warm hand-off:” she introduced us to the waiter who would continue with us. She could have just left, and when the replacement waiter showed up, we’d have just accepted him.

So the Hoboken bogus waiter simply took advantage of our innate trust. He manipulated his victims by presenting himself as the person they expected; he didn’t even have to say anything. Hand out, money in, bye-bye.

So what did the restaurant do when the customers told the real waiter that they’d already paid someone else? Management did not make them pay again. Which invents an entirely new scam: diners claiming they already paid the bill (even though they haven’t). Perhaps the bogus waiter plans that as his next trick.

In the case of the bogus waiter, the victims were not out-of-pocket due to the goodwill of the restaurant management. Other potential losses while dining out:

swiped right off your lap

Unrelated posts:

How to steal a Rolex

Bob Arno on redflagging as criminal profiling

Bob Arno and Bambi in a den of thieves—3

Social engineering—is it time to curtail trust?

Posted on April 29, 2009 by Bambi Vincent

Judy Stevens, who has more than 270 identities.

A couple of scumbags have been casing neighborhoods in Las Vegas, preying on elders. They chat up residents, pretending to be a former resident or a relative of a neighbor. They ask questions and gather information. When they’ve learned enough about someone elderly on the street, they approach the senior armed with facts and trivia—enough to garner the senior’s confidence. In every case, the bottom line is that they need money. The money’s not for them, of course; it’s for one of the neighbors, who is in a costly (fictitious) emergency situation, something medical, or maybe legal. The two solicitors are merely good samaritans.

Rick Shawn, who has more than 1,000 identities.

Classic social engineering. This pair of con artists has bilked 19 known victims in Las Vegas, all over age 73, out of tens of thousands of dollars. It’s likely that they’re connected to similar incidents in Arizona and California; it’s probable that many other victims exist, unaware they’ve been scammed, or embarrassed to come forward.

It sounds like a couple on a crime spree, but it’s much more than that. From our intensive workshop with NABI, we know that this is organized crime. Assistant district attorney Scott Mitchell called them gypsies. Most likely, they are members of one of the families called Travelers. These families move from town to town as they pull their scams, often on the elderly. They have a large repertoire, including sweetheart swindles, pigeon drops, fake lotto schemes, and home repair. Many of these are combined with plain old burglary.

The Travelers are organized crime families. So organized, that when they find a particularly gullible victim, they pass his info to the next family members scheduled to roll through that town. Then, even if the victim realizes that the roof repair or driveway resurfacing job was shoddy, he won’t recognize the brother or cousin who offers to paint the house with leftover paint from a job down the street, or the sister collecting funds for the sick man a few houses down.

'My dog is accused of eating neighbours chicken Plyz help with bail.' Don't be tempted.

These fraudsters go to extremes in order to impersonate a good samaritan. Through social engineering, they manipulate their victims with a realistic story, bamboozle them with bullshit, dupe them, and exploit them. It always ends one way: the victims’ money in the Travelers’ hands. The two pictured above go so far as to drive their victims to their banks or ATMs.

These two have been arrested and are being held, as of this moment, at Clark County Detention Center in Las Vegas. Travelers are known to have lawyers on retainer and bail money at the ready. Although the two are considered flight risks, they may bail out on the condition that they wear GPS ankle devices.

Actually, that’s not likely. I just spoke with Lieutenant Bob Sebby, Las Vegas Metro, who said that 15 additional victims have been confirmed. Metro is asking other victims to come forward.

Unrelated posts:

Violence in Mexico

ID theft buffet

Overly careless behavior repels thieves—but don't try it!

Bob Arno on “Lie to me”

Posted on February 2, 2009 by Bob Arno

Two pickpockets looking for a victim.

I watched the first two episodes of Fox Network’s new television program Lie to Me, whose main character is loosely based on Paul Ekman, the world’s foremost expert on facial micro-expressions and how to spot when someone is lying. This is an intriguing, new subject to the majority of us. Call it a sexy science. Who wouldn’t like to immediately realize when his mate or partner is fibbing or deceiving him? And wouldn’t we like to ask our financial advisors: “have you ever swindled or cheated any of your previous customers?”

The bad guys, too, want to know how to manipulate their expressions when asked “where were you on the night of April 18?” Will this program suddenly shed light on surveillance and interrogation techniques that have previously been shrouded in mystery? It’s said that Paul Ekman is or has been working for the NSA. It’s confirmed that he’s involved in the structure of a limited program for TSA, in which screeners are supposed to detect irrational behavior in passengers that could indicate terrorist activity, signaling the need for additional and deeper screening of their luggage.

Dr. Ekman has spent a lifetime studying micro-expressions. What’s the chance Continue reading →

Unrelated posts:

Aggressive hospitality

Bob Arno and Bambi in a den of thieves—7

Bob Arno on "Pickpocket King"

Kevin Mitnick redflagged

Posted on September 21, 2008 by Bambi Vincent

Bob Arno and Kevin Mitnick.

At the Atlanta airport last week, a limo driver stood holding a sign marked “Bob Arno.” Next to him stood another driver holding a sign marked “Kevin Mitnick.” You remember Kevin Mitnick, the young hacker imprisoned for five years, released in early 2000. Remember the “Free Kevin” campaign? The guy who popularized the term “social engineering”? Kevin calls himself a non-profit hacker, since he hacked into computer systems for the fun and challenge, and gained nothing of significance.

We knew Kevin would be in Atlanta—we were all there to present at ASIS, the huge security industry conference. But Kevin was flying in straight from a job in Colombia, so we didn’t expect to arrive in sync.

First we social-engineered his driver to learn where Kevin would be staying. Same hotel as us. Then the chatty driver said that Kevin had been due in two hours ago. Huh. We left a note with the driver inviting Kevin to dinner later and left.

The airport parking attendant held us hostage. Our driver had given him the parking ticket, but he wouldn’t raise the barrier to let us pass. Something was wrong with his computer, he said. We waited. After five minutes, we requested our ticket be returned so we could go to one of the other booths, which were all empty. No car was behind us, either. The attendant refused. Bob got out of the car and demanded the ticket back, fed up with our driver’s polite style of dealing with this ticket moron. No luck. The man kept his head down in his glass booth, impervious. Neither logic nor threats worked, and it was twelve minutes before we were allowed to exit the airport parking.

We caught up with Kevin several hours later, and he told a hold-up tale that made thoughts of our little delay evaporate completely. U.S. Customs had detained him and questioned him about his many trips to Colombia.

“I have a girlfriend there,” Kevin said.

“Have you ever been arrested?”

“Yes.” Kevin couldn’t lie to federal agents.

“What for?”

“Hacking.”

“Were you hacking in Colombia?”

“Yes, but that’s my job. I was hacking for a company that hired me, to see if their system is secure.”

As Customs officers began examining Kevin’s luggage, his cell phone rang. It was his girlfriend in Bogota, hysterical. Meanwhile, an officer lifted Kevin’s laptop. Kevin wasn’t concerned about it. He routinely wipes his hard drive before crossing borders, shipping an external drive containing his data to his destination. Everyone in the field of information security knows the Department of Homeland Security’s new policy:

Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies…

“FedEx called,” the girlfriend said in her poor English, “they found cocaine in the hard drive!”

Kevin’s face went white and was instantly drenched in sweat. He wondered who could have put cocaine in his hard drive: his girlfriend? the packing/shipping storefront where he dropped it off? He assumed, understandably, that the hard drive seizure somehow prompted this Customs search.

“What are you doing here in Atlanta?” the Customs officer demanded.

“Speaking at the ASIS conference, moderating a panel on internet abuses. Here, I’ll show you.” He took the laptop and launched Firefox, intending to open the ASIS keynote web page. First, he hit “clear private data” and glanced at the officer, who instantly realized his own stupidity. The officer snatched back the computer.

HID card spoofer.

Other officers pulled suspicious items from Kevin’s bags. Out came another laptop, which they started up, thinking they’d found gold, unaware that they’d need a password and dongle to access the real guts of that machine. Then they pulled out a large, silvery, antistatic bag and extracted its weird contents.

“They thought they found the mother-lode,” Kevin told us, able to smile in retrospect. And we could imagine why, looking at the thing.

“What’s this, huh?” the agent smirked. Like, how are you going to explain this one away? We gottcha now!

“It’s an HID key spoofer,” Kevin explained to a blank face. “Like your ID card there. You just wave your card at the door to go through, right? I just need to get close to your card and press a little button here. Then I can go through, too. This thing becomes a copy of your card key.”

“Why do you have it?” the officer demands accusingly.

“Because I demonstrate it at security conferences like ASIS.”

Somehow, Kevin kept his cool throughout four hours of grilling. When he was finally allowed to use a phone, he called an FBI agent who was to be on the panel he’d be moderating, and the FBI agent cleared him.

Having lost so much time, Kevin declined our dinner invitation, since he needed to prepare for his presentation. After listening to his long tale, Bob and I headed out to dinner alone. We found the French American Brasserie—quite worth raving about. http://www.fabatlanta.com/ Although we both ordered moules mariniÃ¨re, hardly a test for a brasserie, we enjoyed the meal thoroughly, along with the decor, ambiance, and service.

Kevin had been red-flagged, of course. He found out later that Customs knew nothing of the cocaine in his hard drive. He also found out that there wasn’t any cocaine in his drive. There may have been a few grains on the outside of the package, but it came from Colombia, right? Still, the drive had to be ripped open to determine that it was drug-free, and it wasn’t clear whether or not the disk itself had been damaged.

Unrelated posts:

Hotel room safe thefts

Hotel oddity #17

Bob Arno "Pickpocket King" National Geographic documentary

Social engineering vs. security theater

Posted on May 25, 2008 by Bambi Vincent

For a cross-country flight, I packed a lunch of deconstructed sandwiches. Slices of homemade walnut bread, a handful of arugula, a tomato, and a repurposed deli-container full of homemade crab salad. The crab salad was moist with mayo, lemon, and chopped apple. Spreadable, if not quite liquid, mostly filling an 8 oz container.

I didn’t expect it to pass security, so I was ready with Plan B: I’d back out of the security area, construct the sandwiches, and try again with the less-dense contraband.

So I’m pushing my carry-on along to the scanner belt when the TSA man on the x-ray calls for assistance. “Log-jam,” he says.

“They’re moving now,” I say, having straightened someone else’s bag. Mine goes through.

“I’m just trying to keep her busy [wink],” the TSA agent says, jerking his chin toward his colleague as she inspects the flow of bags.

I lock eyes with him. “Good strategy,” I wink back, and he doesn’t even glance at the screen as my bags sail through, crab salad and all.

Ah, social engineering vs. security theater. I love it.

Unrelated posts:

Suckers, high and dry

Airport bags for liquids

Hotel oddity #5