Is PayWave picking your pocket at the checkout?

Tweed Daily News 3 September 2014:

PAYWAVE card payments have improved efficiency at the checkout, but the experience of one South Grafton man suggests you should be vigilant near one of the terminals.

Last week, Don Booth, of South Grafton, was waiting behind another customer at the cash register of a Grafton business.

As he watched the cashier, he noticed she did something different and asked her what happened.

He was shocked to find that instead of billing the customer in front of him, the terminal had picked up the card in his wallet and completed the transaction with his money.

"Because the girl at the checkout noticed it, we were able to fix it up straight away," Mr Booth said.

He said the girl at the checkout told him it was not her first experience of a payWave transaction going wrong.

"She said it happened in Coles to a customer, in the same way it happened to me," Mr Booth said.

Mr Booth said he would be taking extra care to check his next card statement.

Perhaps the rise in credit card fraud NSW Police Coffs Clarence Police Command has recently complained about may also be a result of flaws in wireless near field communication technology.

In October last year Among Tech posted this information on electronic pickpocketing:

The fact that you can use your smartphone to pay at a restaurant or a store is great and with NFC (Near Field Communication) technology you can do just that, but what else? Several months back a report from CBC showed us how easy it is to steal credit card credentials using an App and NFC technology which is integrated in most of the high end Android smartphones, but even after 6 months it is still possible to download one of these Apps and hack someone’s credit card and Google has made no changes to its software in order to make it harder for people to steal someone else’s credit card info.

Apps like SquareLess allow users to see a credit cards number, security code and expiration date which later can be used by hackers to purchase products online without the credit card holder to give them permission to do so. SquareLess is just one of the many apps available on the Play Store that allow you to do just this, which is a very serious issue. A study done by xdadevelopers that any of the following credit cards can be hacked using NFC:

American Express Blue Cards

Barclaycard

Chase Credit Cards

MasterCard PayPass

Visa payWave Cards

So, How can an App and NFC read credit card credentials? NFC technology is also what is used in stores to read our credit card, a credit card will give its information which allows you to make the transaction once it finds a valid payment terminal device but the credit card doesn’t look at what type of terminal device this is (since it doesn’t know this information), it is just interested in finding one. Making the smartphone function like a payment terminal can allow you to “fool” the credit card making it think it is what it is looking for, easily allow the app to read all the necessary credentials. In order to do so, all that is required is for the smartphone with NFC to be approximately 10cm close to the credit card. Here is a video demonstrating just how easy it can be done……

Channel 7 Today Tonight also broadcast an item on this subject in July this year.

Internet websites are now offering RFID-shielding passport holders/wallets/sleeves to prevent remote scanning and skimming of Paywave or touch-and-go-credit cards, although the effectiveness of these products is open to question.

Attorney-General George Brandis and his bravura performance as Pot-Kettle-Black

Australian Attorney-General George Brandis in opposition and government on the subject of members of parliament and honest/ethical conduct.

In Hansard 17 August 2011:

Finally, it was only yesterday, when this matter was brought to light, that the member for Dobell sought to amend his register of a member's interests by lodging with the Register of Members' Interests for the House of Representatives a letter that identified the payment of a sum of money in May 2011 by the Australian Labor Party's New South Wales branch, in settlement of a legal matter to which I was a party. Why was that amendment made only after its disclosure was revealed?

On ABC The Drum 29 August 2011:

Senator Brandis has pursed the ALP backbencher Thomson with a vigour that is disturbing on a number of levels.

Firstly, there are the telephone calls to ministers and police commissioners. Senator Brandis called New South Wales Attorney-General Greg Smith, a fellow Liberal, in early August. Smith says that Brandis was alerting him to a forthcoming media story which would reveal Brandis had asked the New South Wales DPP to look at the Thomson matter.

Then a couple of weeks later Brandis was on the phone again, this time to speak with New South Wales Police Minister Michael Gallacher to again alert him to the fact that Brandis would be sending a brief to the Police Commissioner Andrew Scipione. Gallacher himself alerted Scipione to look out for the Brandis brief.

Then there was Brandis's call to Australian Federal Police Commissioner Tony Negus last week. Brandis apparently wanted to clarify whether the AFP would be investigating the matter.

On Channel 7 Sunrise:

"Shadow Attorney-General George Brandis has provided information to police in relation to a number of matters concerning a federal Labor MP," police said in a statement on Tuesday.

"This correspondence has now been referred for internal assessment to determine whether a criminal offence has occurred."

In Hansard 5 February 2013:

Meanwhile, in the coming week there are the fraud charges against the other man upon whose vote the Gillard government depends, Mr Peter Slipper.

In The Sydney Morning Herald 23 September 2013:

he regarded the wedding as a chance to ''foster collaboration'' over Mr Smith's work covering the then prime minister and the Craig Thomson scandal

In the Herald Sun 30 September 2013:

Yesterday, Senator Brandis said he would repay the money to avoid any uncertainty about the circumstances of Mr Smith’s wedding in December 2011.

But he said he still considered he was within parliamentary entitlements to make them.

“I considered that those costs were within parliamentary entitlements, since they were incurred in the course of attendance at a function primarily for work-related purposes. I remain of that view,” he said in a letter written today to the Finance Department.

George Brandis’ July-December 2011 Parliamentarian’s Expenditure Record covering the period in which he travelled to and from the private Smith wedding at taxpayers’ expense:

                                

Domestic Travel 4 Dec 11 Brisbane Sydney 5 Dec 11 Sydney Brisbane $1,191.06

Com Car Brisbane 4 Dec 11 $82.83 Brisbane 5 Dec 11 $44.23

Hire Car Sydney 4 Dec to 5 Dec 11 $143.40

TOTAL $1,461.52

News.com.au 8 April 2013:

Mr Slipper, who stood down from the role of Speaker of the House of Representatives amid controversy last year, faces charges relating to three occasions in which he allegedly dishonestly used Cabcharge dockets to visit Canberra wineries in hire cars in 2010, amounting to $1194 in charges to the taxpayer.

It would appear that the more a member of parliament or senator owes the Department of Finance, the less likely he or she will be held accountable at law.

While the Attorney-General’s attitude seems to be that it is fraud when someone considered a political enemy makes a dubious claim for expenses over and above his/her parliamentary salary or fails to accurately record financial details, but it is perfectly alright when he or a member of his party does so. Additionally, Brandis appears to believe he is entitled to use his expense claims to hide the cost of actively pursuing such a perceived enemy.

The rules relating to parliamentarians' travel allowances/entitlements can be found here.

Fracking PsyOps. Yesterday America, today New South Wales?

For all those NSW Northern Rivers 'insurgents' out there.........

http://youtu.be/vJwAXTxPIXo

DRIVING FORWARD A UNITED INDUSTRY FRONT TO EDUCATE THE PUBLIC, ENGAGE NGOs AND LEVERAGE MASS MEDIA, SOCIAL MEDIA AND GRASSROOTS ADVOCACY TO OVERCOME PUBLIC CONCERN OVER HYDRAULIC FRACTURING, Houston, Texas USA 2011

CNBC 8 November 2011:

CNBC has obtained audiotapes of the event, on which one presenter can be heard recommending that his colleagues download a copy of the Army and Marine Corps counterinsurgency manual. That’s because, he said, the opposition facing the industry is an “insurgency.”....

Another told attendees that his company has several former military psychological operations, or “psy ops” specialists on staff, applying their skills in Pennsylvania....

In a session entitled “Designing a Media Relations Strategy To Overcome Concerns Surrounding Hydraulic Fracturing,” Range Resources communications director Matt Pitzarella spoke about “overcoming stakeholder concerns” about the fracking process.

“We have several former psy ops folks that work for us at Range because they’re very comfortable in dealing with localized issues and local governments,” Pitzarella said. “Really all they do is spend most of their time helping folks develop local ordinances and things like that. But very much having that understanding of psy ops in the Army and in the Middle East has applied very helpfully here for us in Pennsylvania.”

At another session, Matt Carmichael, the manager of external affairs for Anadarko Petroleum , spoke on the topic of “Understanding How Unconventional Oil & Gas Operators are Developing a Comprehensive Media Relations Strategy to Engage Stakeholders and Educate the Public.”

He said he had several recommendations for the oil industry media professionals at the event, one of which, he said, involved the military.

“Download the U.S. Army-slash-Marine Corps Counterinsurgency Manual, because we are dealing with an insurgency,” Carmichael said. “There’s a lot of good lessons in there and coming from a military background, I found the insight in that extremely remarkable.”

Audio here.

Approximately 472 page U.S. Army -Marine Corps Counterinsurgency Field Manual (December 2006) here.

Excerpt from U.S. Army - Marine Corp Counterinsurgency Field Manual: Afghanistan Edition here.

Saffin encourages increasing awareness of identity fraud

Media release from the Federal Member for Page on the NSW North Coast:

Page MP Janelle Saffin is encouraging people in her electorate to gauge how well they protect their identity, during National Identity Fraud Awareness Week which runs from 17-23 October 2011. 

“Our community needs to realise just how serious identity crime is and to understand the devastating effects it can have on an individual’s life,” Ms Saffin said.

A survey is available on the Australian Federal Police website as an innovative way of educating the general public on importance of being aware of identity crime.

The survey covers safety tips such as checking ATMs for any signs of tampering before using, shredding bank statements and other documents instead of putting them in the recycling bin, and deleting spam emails from the deleted email folder. 

 “This survey allows members of the public to test how vulnerable they are to identity crime and take remedial measures if they need to,” Ms Saffin said. 

“Many local people contact me about receiving unsolicited phone calls and emails claiming to be from the Australian Tax Office or other Government office seeking bank account details or other personal information.

“I can confirm that no Government department will ever ask people to offer confidential identity or financial information over the telephone.”  said Ms. Saffin.

“I encourage people interested in taking steps to protect their identity to complete the short survey and to also report any suspicious phone calls or contact to SCAMwatch.”

The survey is available at http://www.afp.gov.au/what-we-do/campaigns/national-identity-fraud-awareness-week.aspx.  

To find out more about identity fraud scams and how you can protect yourself from identity crime, visit SCAMwatch or call 1300 795 995.

John Xavier Berlin jailed for fraud - history of child sex-offences revealed in court

THERE is no way John Xavier Berlin could have been a police officer, after being convicted of child-sex offences and spending two years in a Queensland jail.

That was the conclusion drawn by magistrate David Heilpern when he sentenced Berlin to 12 months behind bars at Grafton local court yesterday.

“Mr Berlin, you have never been a police officer,” he said.

“That is the source of all these problems.” Source: The Daily Examiner, 24/8/11

Today's Examiner gives Berlin much more attention than he'd ever like. Berlin is front-page material, gets more coverage on page 5 and is also the subject of an opinion piece written by the paper's chief-of-staff. Topping things off is a front page photograph of Berlin.

Read The Daily Examiner's report here.

More on identity theft - a warning about a so-called ATO website

A scam email doing the rounds again purports to be from the Australian Tax Office.

The email states:

"Subject: Please submit your tax refund
After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund . Please submit the tax refund request and allow us 3-6 days in order to process it.
See your refund status by downloading attachment."

The email's attachment leads to a webpage that looks very much like an official ATO page, but it's not! The page seeks tax file numbers, date of birth and other personal details.

Details about the sender of the email are linked to the e address info@stout-associates.com

Advance Australia the Plastic

I was having a yarn with a local shopkeeper the other day when he remarked that most of his over-the-counter sales involved plastic.
I was rather surprised, being addicted to the feel of a roll of readies myself, but it was an observation borne out by the Australian Crime Commission’s latest report this year:

“Card transactions have continued to increase substantially over the past decade.
For example, during that period credit card transactions have increased from 42.8 million to 118.8 million per month.
Australians spend A$17.8 billion per month on credit cards and A$11.3 billion per month on EFTPOS transactions, and they withdraw A$12.4 billion per month from ATMs……
More than 657 000 cases of card fraud on Australian issued credit and debit cards were reported in Australia during 2009.
The value of credit card fraud was estimated at 57.15 cents per $1000 transacted in 2009. The value of debit card fraud during that year was estimated at 9.43 cents per $1000 transacted.”

Be prepared for the Twelve Scams of Christmas

Bluddy 'ell it's almost December.
What do those scouts say? Be prepared......
With the festive season starting to gear up and thoughts of present buying beginning to creep into idle moments, it was probably timely that someone passed these emails on to me as examples of what may come down Teh Netz and land on your PC to snatch up your hard-earned readies, raid your credit card or wreck your home computer:

Xmas Promotion‏
From: Microsoft Award (cleohfn@bellnet.ca)
Sent: Friday, 20 November 2009 10:22:20 PM
To:
£750,000.00 has been award to you,send us your Names/Tel/Country to slyvester_howard@gala.net. Tel: +44-70-24-030-541

read and reply now‏
From:united state postal inspection service (uspostal@noreply.com)
Sent:Sunday, 22 November 2009 10:43:51 PM
To:
1 attachment delivery.doc (26.0 KB)

Here's a reminder from McAfee by way of CNet News:

1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
2. 
   Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
3. 
   Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
4. 
   Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.
5. 
   Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
6. 
   Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."
7. 
   Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
8. 
   Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
9. 
   Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.
10. 
    Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
11. 
    E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.
12. 
    Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.

Update:

On the SCAMwatch radar this month:
Overcharged bank fees scam
November 2009: SCAMwatch is warning consumers about hoax offers of assistance to reclaim overcharged bank fees.
Bogus anti-virus alerts
November 2009: Scamwatch is warning consumers to be wary of bogus security software or 'scareware'.
Travelling to the USA?
November 2009: SCAMwatch is warning all prospective travellers to the United State of America to be wary of unauthorised third party websites.
Comcover non-refundable loan email
November 2009: SCAMwatch is warning about an email from Comcover that offers a non-refundable loan
Steer clear of sports investment schemes
November 2009: SCAMwatch is warning you to be very careful if you think you can improve your odds with the aid of sports ‘investment’ opportunities.

A case of the biter bit, but few are chortling over AFP intelligence fiasco

I was watching ABC Four Corners last Monday when this little comment came up:
"ANDREW FOWLER: The site was called root-you.org, and for the last two weeks the Australian Federal Police in cooperation with the South Australian Police have run the perfect sting.

TIM DAVIS, FEDERAL AGENT, HIGH TECH CRIME OPS. AFP: We've infiltrated that site and so now we've got control as well.

NEIL GAUGHAN: What we've done with that particular network is we've captured all the identities of all the people that've been using that network. We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration.....

ANDREW FOWLER: In the case of root-you.org, the Federal Police decided the best result was to effectively blow up the site by posting a notice that it was under law enforcement control.

TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum.

MAN (on phone): Yep.

TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great."

I did idly wonder if there would be a cyber response and thought - "Naw, won't happen".
Then it well and truly did and F-Secure has links to this not so funny episode of counter-hacking, which was the almost inevitable result of all that televised bragging by the boys in blue (this also saw police computer files of actual bank, building society and corporate credit card details exposed to the view of at least one other hacker).

Some of the hacker chatter {A little **** covers words which offend those bluidy filters}:
"After the authorities FINALLY posted their little "ohhh, we have been monitoring this website", we finally said "Enough is enough, we are sick of these f**ks acting like they are hackers, lets see what they really know".
So After writing another FTP report yesterday.. I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff.
Lo and behold, their server was windows! I couldn't stop laughing at the sight of this, but I soon moved on. After visiting a 404 page, I instantly noticed that they were using Xampp. Those lazy f***s
can not even just install apache, and php themselves. So instead, they download some application to do it all for them.
Figures.
Now, of course.. they were just SO F***KING SMART, that they left the MYSQL password BLANK! After screwing around with their database, I dumped a vulnerable query into a php file, thus giving me full access to their servers.
After taking a look at the r00t-y0u database, lookie what we find.
User: "h1t3m" (Administrator)
Email: macrobber@gmail.com
These dipsh*ts are using an automatic digital forensics and incident response tool.
They can't do sh*t all themselves, because like I have said before, they have no skill. Anyways, after looking on their win32 machine for a while, I noticed some really awkward stuff. They have credit cards, and bank accounts all on a seperate drive (G:\)."

Four Corners transcript

Pic from Google Images

Phishing lures received this week

St. George Group

Dear Customer,

Due to recent account takeovers and unauthorized listings, St.George Bank is requesting a new account verification procedure. From time to time, randomly selected accounts (seller and/or buyer) are placed under an advanced updating process based on merchant accounts/bank relations and on-file credit cards. St.George Bank may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account has expired, or if you have changed/replaced your credit card without letting us know about the change.

An email one doesn't reply to!

Dear costumer ,

For your security, we have temporarily prevented access to your account. We have reasons to believe that your access may have been accesed by someone else than you. You may be getting this message because you are signing on from a different location or device.
If this is the case, your access may be restored when you return to your normal sign on method.
For immediate access, you are required to follow the link below to secure your personal account informations.
https://ibanking.stgeorge.com.au/InternetBanking/welcome.jsp?loginattempt=max&resetid=emailID29953291
Thank you for helping us protect your account.

© St.George Bank Limited ABN 92 055 513 070 AFS Licence No. 240997

The spelling gives this attempt at Internet fraud away.

Church of Scientology on trial in France on charges of organised fraud

... and the case could lead to the nationwide dissolution of the controversial organisation.

The so-called church is accused of targeting vulnerable people for commercial gain.

France, which categorises Scientology as a sect, has previously convicted several individual Scientologists of fraud over the past decades – most notably its science fiction-writing creator, L Ron Hubbard, in 1978.

The Guardian reports that the case stems from the testimony of a French woman who filed an official complaint against the organisation in 1998.

Lawyers for Aude-Claire Malton claim Scientologists preyed upon her at a time when she was "very psychologically fragile", pressuring her into spending €21,000 (£18,000) – her life savings – on products including "purification packs" and vitamins.

The investigating magistrate in charge of bringing the case against the church, Jean-Christophe Hullin, said the church, which has been glamourised by Hollywood members such as Tom Cruise and John Travolta, made a profit by placing individuals in a "state of subjection". The organisation, he argued, is "first and foremost a commercial business" whose actions reveal "a real obsession for financial remuneration".

Another low-life email scam

In our electronic global village it won't be long before this email surfaces again in Australia.

According to Network World on Monday:
"You've been let go. Click here to register for severance pay. " With the economy in the state it is in now, people are afraid for their jobs and criminals are taking advantage of that fear, said Rubinoff. A common tactic includes sending an email to employees that looks like it is from the employer. The message appears to relay news that requires a quick response.
"It can be an email that appears to be from HR that says: 'You have been let go due to a layoff. If you wish to register for severance please register here,' and includes a malicious link."
No one wants to be the person that causes problems in this economy, so any email that appears to be from an employer will likely elicit a response, noted Rubinoff. Lares' Nickerson has also seen cons that use fake employer emails.
"It might say, 'In an effort to cut costs, we are sending W-2 forms electronically this year,'" said Nickerson"
* Eight other scams are here.

2009 Internet scams, hoaxes and threats and the NSW North Coast

E-Victims has released its top 10 Internet scams expected to plague users this year.

ScamBusters also has a similar top ten list:

10. Travel and vacation scams. Travel scams have always been around. But this year we expect to see more Internet-based ruses like bogus offers of cheap airfare and event tickets. The huge Olympic Games Internet tickets scam of 2008 was just the start.

9. Phony auction and classified sales. Yes, eBay, Craigslist, etc. scammers continue to reel in the victims. Despite attempts by the sites themselves to clamp down on the con artists, we expect the tricksters to re-double their deception efforts.

8. Investment and pump and dump scams. We've broadened this category after reporting on a number of failed or phony investment schemes that have cost victims tens of millions of dollars.

7. Work at home and job scams. With unemployment on the rise and the growing popularity of working from home, we think this scam will become more prevalent in 2009.

6. Grandparent, family tragedy and death threat scams. These are extremely common scams where people ask for money by claiming a relative is in trouble or that a murder contract has been taken out. Mostly, they come by phone but increasingly are seen in emails.

5. Viruses and spyware.

4. Nigerian scams, again with lots more new twists.

3. Lottery scams. You've won! New ones are appearing from Canada, the Caribbean, inside the US and from the Far East.

2. Economy related scams. We predict huge growth in loan- and credit-related scams, but foreclosure scams may ease slightly as pressure eases on banks. We'll see.

1. Identity theft and phishing. Despite tougher counter-measures, this scam is still way too easy for the criminals.

Currently in Australia a phishing email is doing the rounds which falsely alerts the recipient to an Australian Tax Office refund.
Surprisingly, by last Wednesday morning this scam was not yet posted on the ACCC-managed Scam Watch .

Australians reportedly lost up to a billion dollars in these scams in 2006-07, but what is more worrying is that identity theft is often being used for purely malicious ends in email attacks mounted as 'payback' for some form of personal disagreement.

There is some evidence that emails of this sort may have be sent from the NSW North Coast over the last 6-12 months.

So, if you receive an email with content or language that appears out of character for the named sender:

• First, contact the sender directly (not via email reply link) and attempt to verify the suspect email;
• Secondly, contact the local police if the email is fraudulent as identity theft can be an offence under Australian law if it involves stealing, fraud, forgery, uttering, computer hacking and misuse, or personation.

Ponzi scheme promoter bites the dust

"Investment manager" (and that term is used very loosely) Bernard Madoff, the former Nasdaq chairman, was charged on Thursday with massive fraud.

Time reports that according to the U.S. Attorney's office in the southern district of New York, Madoff admitted to defrauding clients for up to $50 billion in a massive Ponzi scheme that was committed over a number of years. (See the top 10 scandals of 2008.)

Forbes reports that Madoff, known to his mates as Bernie, informed “senior employees,” possibly his sons, that his investment advisory business was a fraud. (See "Mad Madoff.")

Madoff reportedly said he was “finished,” that he had “absolutely nothing,” that “it's all just one big lie.” He allegedly stated that the business was insolvent, and that it had been for years.

His estimated losses from the fraud clocked in at $50.0 billion. The U.S. Securities and Exchange Commission said regulatory files showed that the firm had more than $17.0 billion in assets under management at the start of the year and that virtually all of that is missing.

The 70-year-old Madoff is being charged with one count of securities fraud, which carries a maximum penalty of 20 years in prison and a maximum fine of $5.0 million. Madoff was released on his own recognizance after posting a $10.0 million bond secured by his Manhattan apartment.

The Securities and Exchange Commission asked the federal court in New York to freeze Madoff’s assets. The commission also appointed a receiver who will try to gather all the assets and will try to determine whether anyone else was complicit in the fraud. “The process takes years,” said Powers. “Although these frauds may appear simple, forensic accountants must go through the various transactions that occurred to understand the full extent.”

Powers said Ponzi-like schemes typical start when the scamster made a bad investment decision or dipped into clients' funds, and instead of admitting to the mistake or paying back the losses, uses new money from investors to meet redemptions.

Some are considering Madoff’s scheme the biggest fraud case in Wall Street’s history. Madoff’s clients, which reportedly include Lombardier, the Loeb Family, Banco Santander, and a slew of charities, will likely seek civil lawsuits or other legal action to try to recover the money they’ve invested.