About this blog

Bob Sullivan

Corporate sneakiness. Government waste. Technology run amok. Outright scams. The Red Tape Chronicles is MSNBC.com's effort to unmask these 21st Century headaches and offer real solutions that save you time and money.

Bob Sullivan covers Internet scams and consumer fraud for MSNBC.com. He is the winner of multiple journalism awards for his coverage of online crime and author of Gotcha Capitalism: How Hidden Fees Rip You Off Every Day and What You Can Do About It. and Your Evil Twin: Behind the Identity Theft Epidemic.

Got some red tape you want Bob to untangle? Write [email protected]

Unlisted number fee a 'privacy penalty'

Posted: Tuesday, April 19 2011 at 06:00 am CT by Bob Sullivan

Who says people won’t pay to protect their privacy? Mark Swartz is one of millions of U.S. consumers who pay dearly every month to keep personal information out of the hands of marketers. In fact, Swartz figures he's paid well over $1,000 through the years for the simplest of privacy protections -- an unlisted home telephone number.

The $4.95-a-month fee that Swartz pays is a relic from times of the AT&T monopoly, when consumers leased everything from the phone company, including handsets.  But Swartz, who lives near Boston and has had the same phone number since the 1980s, is wondering what he's getting for $60 every year.

"Despite privacy laws and the fact that there is no ongoing expense to Verizon to not publish my number -- it's programmed into their system just once -- I have to pay them to not divulge my number," he said. "Absolutely ridiculous."

It's also of questionable value. In the age of Google, paid search services like Spokeo and the Do Not Call list, it's debatable how effective unlisted numbers are. 


| Comments (40) Email thisEmail this | Link to thisLink to this

Just how creepy is 'Creepy'? A test-drive

Posted: Friday, April 15 2011 at 06:00 am CT by Bob Sullivan

Kelly Kelly Collis feels safe sharing her location information.

You probably know that some Internet and cell phone applications like Foursquare or Twitter can broadcast your location to the world.  And you might know that Web sites with names like PleaseRobMe and ICanStalkYou have been created with shock value in mind to call attention to the potential consequences of broadcasting such information. But those sites picked on random individuals and exposed their whereabouts one at a time.

A new software tool created by Greek programmer Yiannis Kakavas goes much farther in the shock category.  Called “Creepy,” Kakavas' tool makes it easy to gather all the location-based digital breadcrumbs that people leave online and plot them on a map.  The map and associated time stamps make it easy to discern their routines -- “It looks like Bob goes to this coffee shop every Friday morning around 10:30” -- a tool of incalculable use to a would-be stalker. For Web users who loyally leave breadcrumbs everywhere ("Now at Whiskey Bar!" "Now at Park Diner," "Finally home") it's possible to recreate much of their daily lives using Creepy.

What's more, unlike ICanStalkYou, users can search for any Foursquare, Twitter or Flickr user they want.  Kakavas tool also adds a handy handle-search tool, in case you only know your stalking subject by their real name.

When I reached Kakavas in Germany, where he is finishing his dissertation on computer security, he took pains to make clear he wasn't trying to make life easier for stalkers. 


| Comments (56) Email thisEmail this | Link to thisLink to this

Study: Banks hiding fee info, skirting law

Posted: Tuesday, April 12 2011 at 04:50 pm CT by Bob Sullivan

There's only one way to get the best price on a service: Shop around. And there's only one way to shop around: Compare prices. But banking consumers who try to engage in this pillar of free market economic activity often simply can't, according to a study released Tuesday by a consumer group. 

At nearly one in four banks, consumers can't learn the price of doing business because fee schedules are unavailable before they sign up, according to the Public Interest Research Group (PIRG), which conducted the study. Those banks are breaking the Truth in Savings Act, which requires such up-front fee disclosures, it said.

The results are all the more concerning because they mirror results from a similar study conducted by Congress' Government Accountability Office three year ago, which spurred government regulators to reiterate banks’ obligation to offer fee disclosures in 2010.


| Comments (74) Email thisEmail this | Link to thisLink to this

5 Traps: How do I use public Wi-Fi safely?

Posted: Tuesday, April 12 2011 at 06:00 am CT by Bob Sullivan

RedTape-fivetraps You've heard it for years: Using free coffee shop Wi-Fi isn't safe.  But then, you've done it anyway,  viewing critical work documents or doing online banking. So let's talk turkey.  To borrow from a modern parental dilemma, I really don't want you doing that, but if you do, you should be taking the proper precautions. This edition of Five Red Tape Traps will help you do that. 

Finding a free Wi-Fi hotspot is like finding an oasis in the data desert. You might be wandering around helplessly detached with your laptop, iPod Touch or iPad when you come upon a coffee shop or airport lounge that promises to quench your thirst for e-mail.  At moments like that, most consumers have one thing on their minds: connecting as quickly as possible. 

Somewhere along the line, you've probably heard that recklessly using Wi-Fi can be dangerous. Perhaps you've even heard that the danger level recently increased with the release of a new tool named Firesheep, which makes snooping on unsecure coffee shop networks easy for anyone with a Web browser.  There are a lot of fish in that sea: The Wi-Fi Alliance says there are now 92,000 hot spots in the U.S., and every one of them needs to be used with care.

The problem is simple: When you're using Wi-Fi, you're sending data through the air that gets picked up by a radio antenna on a router. Of course, anyone else with an antenna can receive the signal, too. If the data are scrambled, no big deal. But scrambling involves settings that could make life harder for customers, and there isn't a coffee shop in the world that wants to provide IT support to latte drinkers. Hence most free hotspots provide little or no security. It falls to the latte drinker to surf safely.  

Sadly, staying truly safe means heeding some rather brutal advice.

"I just tell people not to do anything at a coffee shop that they wouldn't write on the back of a postcard," said Kelly Davis-Felner, marketing director for The Wi-Fi Alliance, a global trade group that certifies Wi-Fi devices. She says the alliance is working on new technologies that will automatically make free Wi-Fi safer, but for now, you should pay heed to these five traps and their antidotes.

1.) It's never happened to me. This is probably the biggest problem facing improved Wi-Fi security.  Sure, you start out only reading the NYTimes.com website at coffee shops, but that's just the gateway site. One day, reading the business section, you see a stock you hold in your retirement account took a hit. You can't resist visiting your broker's account.  Then you are tempted to go to your online bank to increase your monthly contributions.  And nothing bad happens, so what's the problem?

"There's this great disconnect that even if someone took advantage of you and stole your data, you might not be aware of it," Marian Merritt, Internet safety advocate at Symantec Corp. "Someone could be using Firesheep against you, and you wouldn't know it."  This same phenomenon happens in credit card theft: When a criminal buys something with your credit card, you almost never know where the account number was originally stolen.

As a result, it's easy to get complacent with Wi-Fi, and get lured into doing riskier things. Here's the easiest, most basic rule of thumb everyone should follow: Do only casual Web browsing when in that coffee shop, ideally at websites where your password is already stored so it needn't be typed.  Remember, half of you use that DailyNews.com password at your online banking website, too, so even a seemingly harmless visit to your town's obituaries could expose your money to a hacker. 

2.) Shoulder surfing.  Tech writers love using non-words like VPN in a sentence, but often the biggest risk comes from the simplest attack.  You probably glance over your shoulder before you enter your PIN code at an ATM. You should bring some of that healthy paranoia to coffee shops, too.  Someone could easily look over your shoulder and spot critical personal information while you sip your warm beverage and stare out the window.  One low-tech investment that might be worth your while is a privacy filter for your screen that cuts down severely on the viewing angle.

3.) HTTP vs. HTTPS. Even if you are using a wide-open hotspot, you can still scramble those radio transmissions for safety.  Make sure you login to websites like Facebook and Amazon only when there’s that familiar "https" prefix in the address where your browser is headed. That means the information you transmit won't be readable by someone who plucks it out of the air.  In fact, it will be encrypted at every step between your computer and the website's servers.

Note, however, that you might find yourself switching between https and https as you surf, particularly if you click on outside links. That means before you type something critical, like a login or a credit card, you should check again that your browser is pointed at an https site.

Generally, Web mail programs allow safe https logins, but some switch back and forth depending on how you are using the site. One tip: In Gmail, visit settings and click "always use https."

4.) Avoid "Free Public Wi-Fi." Often, when you are looking for a hotspot, your helpful computer will indicate there are five or six networks nearby. Don't pick the first one, or even the one with the strongest signal. Pick the one that belongs to the establishment you are visiting.  Anything else could be a trap.  You should double-check the name of the network with the store, and stores should place the name prominently behind the register. Connecting to random accounts -- and having your computer connect automatically to networks with names like "linksys" -- sets you up for what's called an "evil twin" attack. (No, this is not a reference to a book of the same name). Criminals can set up rogue access points with attractive-sounding names, connect to your computer and then honor most Web browsing requests -- all the while logging your activity. The only way to avoid this is to manually connect to networks you know are provided by reputable firms.

5) VPN.  Finally, the advice given by professionals to professionals is to use virtual private network tools -- VPNs -- when connecting to the Internet through public wireless networks.  VPNs offer an encryption-lined tunnel between your machine and a server somewhere else on the Internet which keeps your data free from prying eyes along that pathway.  Firesheep is powerless against VPNs. 

The problem is VPNs require two pieces, and most consumers can't be bothered with setting up both.  A VPN client must be installed on the coffee drinkers' computer, and a VPN server must be set up elsewhere to accept the connection. People who work at security-conscious companies often have these installed for them.  It's possible to use your home computer as a VPN server, which would mean you'd essentially be surfing the Web from that machine when you were in your local coffee shop. But that's a bridge too far for most consumers.

(Here's a great article with more on setting up VPNs)

Several commercial companies have stepped up to fill this gap.  HotSpotVPN.com, for example, offers tunneling service for under $10 per month.  HotSpotShield uses a different model, providing free tunnel service in exchange for serving advertisements to users.

But most average surfers won't want the ads or the subscription because they don't realize what's at stake, said Merritt, the Symantec  safety advocate. She thinks hotspot providers should shoulder a little more responsibility.

"They should recommend that consumers look into using VPNs, perhaps right on their login pages," said Merritt. "They should provide information that consumers don't even know to ask about .... If consumers had greater awareness, they would be more concerned."



"Five Red Tape Traps” is an occasional series which will focus on answering the most important questions consumer face in the 21st Century economy. Previously:

Getting a credit score

Avoiding checking account fees


Click here to follow Bob Sullivan on Facebook

| Comments (10) Email thisEmail this | Link to thisLink to this

Lawsuit: Credit score sites mislead consumers

Posted: Friday, April 8 2011 at 05:00 am CT by Bob Sullivan

Confused about your credit score and where to get it?  That’s intentional, according to a new lawsuit filed in a California federal court.

Many consumers who think they are buying a peek at their credit scores are being defrauded, according to a lawsuit against credit bureau giant Experian. The case, which seeks class action status, claims that Experian is intentionally confusing customers, engaging in false advertising and not giving consumers what they pay for when they sign up for services at the firm’s popular FreeCreditReport.com and FreeCreditScore.com Web sites.

"It's a classic consumer fraud case," said David Woodward, one of the lawyers who filed the case. "The law is designed to prohibit exactly this kind of egregious advertising practice. ... The defendant is profiting from deception."


| Comments (144) Email thisEmail this | Link to thisLink to this

Experian glitch temporarily sinks credit scores

Posted: Wednesday, April 6 2011 at 11:24 am CT by Bob Sullivan

Customers received this alarming message.

A credit reporting glitch has temporarily torpedoed an undisclosed number of consumers' credit scores, msnbc.com has learned. The error came to light after many consumers who pay for credit monitoring services received alerts about the drop. 

Credit bureau Experian erroneously reported HSBC credit card customers as having balances exceeding their credit limits, causing scores to plummet. One consumer said his score dropped 60 points.

Several consumers claim the glitch dropped the last two digits of the HSBC cardholders’ credit limits. For example, a consumer with a $1,500 credit limit suddenly was reported as having a $15 limit -- which in turn caused the consumer to have a balance far larger than the limit. That in turn spiked the consumer's so-called  credit utilization, which has a big impact on scores.


| Comments (32) Email thisEmail this | Link to thisLink to this

What is Epsilon, and why did it have your e-mail?

Posted: Tuesday, April 5 2011 at 05:00 am CT by Bob Sullivan


CLICK TO PLAY VIDEO: On MSNBC cable discussing the data leak.
Before this weekend, you'd probably never heard of Epsilon Data Management. But the Texas-based marketing firm had almost certainly heard of you. 

In fact, the company behind the high-profile leak of data belonging to Best Buy, Target, The College Board, Walgreens and other big-name firms probably has an intimate relationship with you.  It says it holds information on 250 million worldwide consumers, and its company credo is to offer a "complete 360 degree view" of customers.  Getting a 360-degree of Epsilon is a bit harder.

"People are saying, 'Who is this company and why should they have my personal information?'” said Larry Ponemon, a privacy consultant who runs The Ponemon Institute.

They also might wonder why at least one company executive thinks Americans are overly prone to "indignation" about unwanted e-mails.


| Comments (129) Email thisEmail this | Link to thisLink to this

Report: Child ID theft on the rise

Posted: Friday, April 1 2011 at 03:53 am CT by Bob Sullivan

Child ID theft, among the more tragic and vexing 21st Century crimes, is much more common than previously thought, suggests a report being published Friday by a Carnegie Mellon University fellow.

Data examined by Richard Power, a distinguished fellow at the school’s CyLab research center, offers hints that identity thieves are specially targeting children when picking victims.

"They make perfect targets because they have no records and don’t discover the crime for years,” he said. 

Using data supplied by identity monitoring company Debix, Power examined 40,000 children's profiles and found more than 10 percent had identities that were tainted in some way.

"These were 4,000 kids in there with gun licenses, mortgages, car loans and driver’s licenses. That's crazy," Power said. 


| Comments (160) Email thisEmail this | Link to thisLink to this

New $5 ATM fee just the latest checking trap

Posted: Tuesday, March 29 2011 at 07:00 am CT by Bob Sullivan

RedTape-fivetraps "Total Checking." "Value Checking." "MyAccess Checking." What do they all have in common?   The word "free" is missing from the name.

You are likely painfully aware that big banks like Chase, Wells Fargo, and Bank of America have ended no-strings-attached free checking accounts.  But if you had any questions about how restrictive -- or expensive -- those strings can be, consider Chase bank. Scarcely two years ago, we marveled at banks’ efforts to inch fees up to $3 per withdrawal. Chase bank is now test-piloting $5-per-withdrawal fees for non-customers in Illinois. That's in addition to fees the consumers' bank charges. Soon it may cost $10 to grab $20 in a pinch.

Once upon a time, consumers could expect to earn money by leaving their cash sitting in a bank.  Today, consumers must worry about their bank slowly bleeding money out of the account. The change is happening swiftly. Chase says it's converted around 8 million free accounts -- many former customers of Washington Mutual -- into "follow-our-rules-or-pay-up-to-$144-annually" accounts.


| Comments (556) Email thisEmail this | Link to thisLink to this

Another nail in the coffin of price tags

Posted: Friday, March 25 2011 at 06:00 am CT by Bob Sullivan

E_Shapiro Esther Shapiro

While price tags are showing their age, Esther Shapiro sure isn't. The 93-year-old consumer advocate still visits grocery stores in Detroit to make sure they are pricing items accurately.  But an important arrow in her quiver is about to disappear. The Michigan Legislature voted to kill the state’s grocery store price tag law last week, after Michigan's Gov. Rick Snyder attacked it in annual his State of the State address.  That means in all likelihood the little stickers will soon disappear, replaced by shelf tags. 

While a few other states still have mandatory price tag laws, Michigan's was by far the most consumer-friendly.  The Michigan Retailers Association is rejoicing, but Shapiro sees the reversal as a sad event for consumer rights. 

"For many people, (the price tag law) is the only interaction they ever have with consumer protection law,” said Shapiro, who once headed Detroit’s Consumer Affairs office. She still lives in downtown Detroit, and still complains loudly when she's overcharged at her local grocery store.  “A very basic thing I always come back to is consumers’ right to know. Times are getting tighter, the value of peoples’ income is shrinking, and now they will be even more confused about what things cost.”


| Comments (117) Email thisEmail this | Link to thisLink to this


StopGettingRippedOff Bob Sullivan's new book tells you why American consumers are such easy targets, and how you can always get a fair deal. Order it here.

Or, learn about Bob's other books by clicking here.