Bryan Rutberg's daughter was among the first to notice something odd about her dad's Facebook page.

At about 8 p.m. on Jan. 21, she ran into his bedroom and asked why he'd changed his status to: "BRYAN IS IN URGENT NEED OF HELP!!!"

Rutberg initially thought little of it, and lay down for an after-dinner nap. But an hour later, when his wife woke him to ask what was wrong, he took a second look and realized his Facebook account had been hacked. Within minutes, his cell phone was ringing non-stop, with concerned friends calling to offer help. Many had received an e-mail with the story that Rutberg had been robbed at gunpoint while traveling in the United Kingdom, and needed money to get home. One even sent $1,200 to a Western Union branch in London.

The Seattle resident and Microsoft employee then spent the next 24 hours in a frantic search for a way to contact Facebook and stop the hackers. But he was locked out of his own account and locked into a Catch-22; criminals had changed his login credentials so he couldn't access his own Facebook page. That meant he couldn't remove the dire status message. He tried to use his wife's account to put a message on his "wall" indicating he was fine, but the scammer had "de-friended," his wife, so that didn't work. And he had no outside-of-Facebook way to contact many of his friends. Before he succeeded in getting his account deactivated, a friend's impulsive generosity had cost him big-time, and Rutberg was left wondering how carefully Facebook protects its users from these kinds of crimes.

"It was all over by Thursday (the next day) but not without a hell of a lot of drama," Rutberg said. By then, friends had filled up his cell phone with text messages of concern, sent endless e-mails, and one even called Microsoft to warn the firm that an employee was in trouble.

(Microsoft, which owns msnbc.com in a joint venture with NBC News, also holds a minority stake in Facebook.)

Rutberg was the victim of a new, targeted version of a very old scam -- the "Nigerian," or "419," ploy. The first reports of such scams emerged back in November, part of a new trend in the computer underground -- rather than sending out millions of spam messages in the hopes of trapping a tiny fractions of recipients, Web criminals are getting much more personal in their attacks, using social networking sites and other databases to make their story lines much more believable.

In Rutberg's case, criminals managed to steal his Facebook login password, steal his Facebook identity, and change his page to make it appear he was in trouble. Next, the criminals sent e-mails to dozens of friends, begging them for help.

Bryan Rutberg

"Can you just get some money to us," the imposter implored to one of Rutberg's friends. "I tried Amex and it's not going through. ... I'll refund you as soon as am back home. Let me know please."

Like all Facebook messages, the pleading note appeared right next to a picture of Rutberg, making it all the more convincing.

One of his friends, Beny Rubinstein -- a fellow Microsoft employee -- fell for the story. At 10:30 p.m. that Wednesday night, he sent $600 via Western Union using an online service. The following morning, Rubenstein received a phone message from the imposter, asking for more money. So he went to a local retail store and wired another $600.

In an e-mail to Rutberg, Rubenstein explains how he got taken in.

"I thought the whole story was weird but given the circumstances my instinct was to help you out," Rubenstein wrote. "I was afraid it was a scam, but since I transferred using your name and given the emergency situation, I did it."

No Facebook phone number
Facebook confirmed Rutberg's identity theft story and says it's beefing up security in reaction to the new scam. But Rutberg isn't sure how effective the social networking company has been. His main complaint: There is no way to call the firm and sound the alarm that a crime is in progress. The company confirms it doesn't accept phone calls.

"We don't offer phone support. We would love to do that but with 150 million users worldwide we are just not staffed to do that," said company spokesman Barry Schnitt. "I don't know any free Web service that does."

Instead, Ryan McGeehan, a member of Facebook's security team, said the firm responds quickly when consumers fill out forms on its Web site complaining about account takeovers and other privacy concerns.

But Rutberg said he tried that, almost immediately, and got no response. He received no reply to e-mails sent to privacy@facebook.com, either.

"Facebook has been no help through normal channels," he said. Only a message sent to a cousin who has a friend that's a Facebook employee got results. Thanks to this personal, internal contact, Rutberg said, the account was disabled.

How to find out who's been hit?
But one week later, Rutberg still couldn't get into his old account, meaning he had no way of knowing which friends had been contacted by the scammer.

McGeehan said Rutberg's experience was unusual; identity theft victims normally have their accounts restored quickly through a process that involves e-mails from customer support with challenge questions like "What was your pet's name." Then, users can quickly track down friends who might be potential victims.

McGeehan confirmed that other victims had wired money in response to similar pleas for help, though he said the scam has impacted a very small number of users. Facebook won't refund any of the victims, McGeehan said.

Part of a chat dialog between the imposter and one of Rutberg's friends. Her information has been intentionally obscured.

Facebook is also adding tools that automatically detect suspicious behavior typical of a Nigerian scammer and warns users, McGeehan said.

"We are trying to improve the process," he said.

But Facebook has had several months to find a solution to the Nigerian scam – at least since the initial reports back in November – and it's still failing to protect users, says Mark Neely, a Facebook user who lives in Australia, and was hit by the same identity theft scam on Jan. 14. He said he found the online security report form fruitless.

"(I) heard nothing from Facebook for over 40 hours," he said. "The hackers were still active in my account -- I was receiving phone calls and SMSs (text messages) from concerned friends throughout."

Only after he posted a note that got the attention of Wired magazine did he get a response from the company. His account was disabled, but when asked for data showing him which friends had been contacted by the criminals, Facebook officials refused.

"Facebook told me that they could not disclose those details for privacy reasons and that I should consult a lawyer and obtain a court order for disclosure," he said. Because his imposter de-friended nearly everyone in his account, two weeks later, he has no idea how far the scammers got. He wasn't shy about his frustration with Facebook.

"Absolutely pathetic response times, and even worse 'support' in remedying the problem and ensuring none of their customers lost money," he said.

'Easier to pretend you're someone else'
Kevin Haley, a director at Symantec Corp.'s Security Response team, said his firm is seeing a sharp uptick in attacks on social networks, though he could provide no precise data.

"It's easier to pretend you're someone else in the Facebook environment," he said. "We are seeing a tremendous amount of phishing for login credentials for social networks."

Rutberg isn't sure how criminals got his password, but he thinks he probably did fall for a phishing e-mail. Because Facebook regularly contacts its users through e-mail, and includes links in those e-mails to login pages, the format is ripe for phishers. It's easy to imitate Facebook e-mails and simply send users clicking to a look-a-like login page that steal passwords.

Haley said there really isn't a way for antivirus software to stop such a scam.

"There's no malware involved," he said. "Some of it can be caught with spam filters ... but really, this is just an instance of people talking to each other through e-mail, you can't stop that."

RED TAPE WRESTLING TIPS
Facebook's security team recommends use of an anti-phishing filter to weed out Facebook phish. It also recommends that users pay close attention each time they log on, to make sure they've landed on the authentic Facebook site.

The firms also made a number of other recommendations:
• Be suspicious of anyone – even friends – who ask for money. Verify their circumstances independently, preferably by direct telephone contact.
• Don't use the same password for all Web accounts -- something many Web users do. Because Facebook is so popular, criminals who manage to steal any user's password will surely try it on Facebook.com.
• Have more than one contact email address, in case one is compromised.

Victims of the scam -- or any bout with Facebook identity theft -- should fill out the form at this Web site, Facebook says. Keep the link handy: It's very hard to find using normal methods from Facebook's home page. http://www.facebook.com/help/contact.php?show_form=account_compromised.

Leave a comment below or become a member of the Red Tape Raiders and be a consumer advocate!

Few noticed on Christmas Eve when the news broke that electronic payment services firm RBS WorldPay had been hit by hackers who stole personal data on 1.5 million consumers. After all, that's small potatoes these days. But when Heartland Payment Systems announced on Inauguration Day that it had suffered a serious security breach, some experts noticed a pattern -- and not just the companies' standard penchant for releasing bad news on days while the public is distracted.

"I have heard that the payment processers are the main target for hackers now," said Avivah Litan, security expert at consultancy firm Gartner.

Heartland has not released an estimate of the number of accounts impacted by the attack, but Litan said it might be the biggest data leak ever: The firm handles 100 million transactions every month for 250,000 clients. Heartland has said it was alerted by Visa and MasterCard to a pattern of fraud on its networks last fall, but only discovered the security hole in its network last week . That gave hackers access to potentially hundreds of millions of transactions over several months.

The largest known data leak to date involved retailer TJ Maxx, which lost the data on 45 million credit cards in 2007. But this time, there are signs the haul, and the targets, might be astonishingly large.

In its release, Heartland said it was the victim of a "widespread global cyber fraud operation." CFO Robert Baldwin told the Wall Street Journal that the firm had been targeted by malicious software that was "light-years more sophisticated" than standard computer viruses. Those ominous statements, combined with the news about RBS WorldPay, suggests to Litan that hackers have now trained their relentless keyboards on payment processing firms.

Few American consumers have ever heard of Heartland or RBS WorldPay. But these firms -- and others including First Data, TSYS, and Nova Information Systems -- regularly capture and transmit personal information about nearly every American.

Payment processors handle credit-, debit- and gift-card transactions from the moment you swipe your card at a store until your bank debits your account and adds the money to the store's account. These are complicated processes -- the processor must make sure you have the money (or the credit limit) to afford the purchase, then tell your bank to send money to the store's bank. Often, third-party firms – such as software companies that manage store cash registers – add to the complexity.

Right now, consumers have no way of knowing if their data was stolen RBS WorldPay or the Heartland attacks; they may never find out. Retailers rarely advertise which payment systems they use. Heartland has said publicly that nearly half of its transactions come from restaurants, but has declined to identify its clients. It's also declined to identify consumers who might be victims.

That's where the data is
It makes sense for hackers to target processing companies -- that's where the most data is. A firm like Heartland has access to far more credit and debit card numbers on a given month than any single retailer.
But there's another factor that makes processors vulnerable, Litan said. While payment industry rules require that credit card data be encrypted while it's stored by retailers, processors, and banks, there is no requirement that the data be encrypted while in transit over private networks. That's a weakness which hackers have now targeted, she said.

Heartland isn't saying how a computer virus was able to get onto its systems. But once there, its makers would have had a fairly easy time sniffing out credit card data, Litan said.

"The likelihood is that there was malicious software sitting on a server (at Heartland) looking for transmissions that represented authorization requests, and then the malware would turn on and capture that data," she said.

In August of last year, Visa issued a warning to payment services companies predicting exactly that kind of attack.

"Visa has noticed an emerging trend in which computer hackers use packet sniffers to intercept and collect cardholder data," it said in a security alert sent to clients. "Recent investigations have uncovered evidence of packet sniffers being used by network intruders to capture payment card data as it is transmitted over the network during authorization. This threat involves compromising the system and then installing a sniffer program or installing a hardware sniffer. …. Once network intruders gain entry into a merchant's system, the packet sniffer programs are installed and can be difficult to detect."

Adding encryption tools would foil such packet sniffing, but doing so is a logistical challenge; all the various parties would have to agree on encryption key management. Still, Litan said, such a step would not be impossible -- and she criticized banks as "lazy" for not requiring encryption.

"They could do it. It's just very costly," she said.

Then again, so is a major security breach.

Leave a comment below or become a member of the Red Tape Raiders and be a consumer advocate!

In the 1960s and early 1970s, U.S. consumers who found themselves in a maddening battle with corporate America had a friend in the White House. That friend was Esther Peterson.

As White House special assistant for consumer affairs, Peterson worked under both the Johnson and Carter administrations for consumer protections that still have an impact on every trip consumers make to the grocery store. For example, she was largely responsible for a series of food labeling improvements that led to unit pricing, which allows apples-to-apples comparison shopping. She also worked to establish new requirements for nutritional information that we take for granted today. Peterson lived to be 91, and before her long career was over she was granted the Presidential Medal of Freedom.

Sadly, when Peterson died in 1997, the concept of consumer advocacy in the federal government largely died with her. At about the same time, during the Clinton administration, Peterson's old job -- White House special assistant for consumer affairs -- was unceremoniously eliminated.

That hasn't panned out very well.

We can't bring back Peterson, but we can restore her spirit. The time has come to put a consumer advocate back in the White House.

A coalition of consumer groups has petitioned President-elect Barack Obama, asking him to restore Peterson's old office. Doing so would be a respectable down payment from the new president on campaign promises he made about restoring fairness to America's marketplace.

My colleagues in the business section often remind me, correctly, that it's impossible to pin today's economic disaster on one single cause. But poor consumer choices -- stemming from both bad judgment and fraudulent advice -- would be the first suspect I'd bring in for questioning if I were prosecuting the case.

The inability of federal agencies to protect consumers in recent years is obvious. It hasn't helped that budgets for many of these agencies have been continually slashed -- the Federal Trade Commission has about half the employees it had during the late 1970s. Still, consumers really have nowhere to go when locked in an entrenched battle with a company, save the few who have the time and money to pay for their day in a civil court. Consumer rights in America today have been reduced to millions of David vs. Goliath battles, and unfortunately, David can't always win.

Instead, bankers, credit card companies, cable TV firms and other large corporations have been given a clear signal: bullying is good business. Punitive fees, sneaky charges and anti-competitive practices are fine, as long as they don't go too far. Selling mortgages that all involved know won't possibly be repaid? Well, that was just good business, too.

Once in a while, a company that misbehaves egregiously, like the credit bureau Experian with its FreeCreditReport.com site, is forced to return its ill-gotten gains. But even then no other punishment is levied. So there is really no risk for bad behavior.

'A megaphone'
A "consumer czar," as some have called it, couldn't change this environment overnight. The job, as it's been described by the Public Interest Research Group, Consumers Union and other interest groups making the request, wouldn't have any direct regulatory oversight. The office couldn't fine anyone or make law. Legally, it would be simply be a voice in the White House. But symbolically, it would be a lot more.

"The person would have a megaphone to go on television about consumer protection issues, and say I will tell the president 'That's unfair,'" said Edmund Mierzwinski, consumer program director at the Public Interest Research Group. "We don't want just be somebody in a little cubby hole in the White House."

Mierzwinski said the office should have a single hot line that consumers with problems could call and be directed to the appropriate federal agency for help.

During his campaign, Obama promised that the Consumer Product Safety Commission and the Food and Drug Administration, agencies with budgets that have long been neglected [or reduced?], would be reinvigorated. More food and toy safety inspectors are obviously necessary – remember, at the height of the lead toy scare last year, the New York Times reported that the CPSC had only one inspector for all imported toys.

But the problem of consumer protection is so vital to the economy that it needs more than just a tune-up. It needs a new home.

Ultimately, Mierzwinski favors the creation of a full-fledged federal consumer protection agency. An effort to create such an agency during the 1970s, spearheaded by Ralph Nader, fell short.

"We have an Environmental Protection Agency. ... With the financial meltdown and the health care mess, the lives of American consumers are just as much at risk as environment," Mierzwinski said.

Protecting consumers is good business
Restoration of a White House consumer affairs advisor would be a baby step toward that rather ambitious end. With perhaps a few dozen employees, it would necessarily be more a policy office than an advocacy office. It would hardly be in a position to fix individual consumers' problems. But it would put companies on notice that the environment for taking advantage of consumers is changing.

It's important to understand that basic fairness in the marketplace isn't a liberal or conservative goal, and neither is the notion of protecting consumers. The influence of Esther Peterson's old office had wilted under Republican presidents, but it was then scuttled by a Democrat. Instead, protecting consumers is simply good business.

No one would benefit from relaxed rules allowing automakers to produce cars without trustworthy brakes; even if you are an incredibly careful driver, you'd end up paying for the increased number of car accidents. Ditto for food safety rules in restaurants; maybe you wouldn't mind eating at places that never have to face a health inspection, but you'd end up paying for all the illnesses that resulted. And today, we all are paying the bill -- an enormous bill - for the hazardous mortgage marketplace that was allowed to fester.

For years, many have been seduced by the notion that consumer protection was a merely a pesky impediment to the forward march of profitable companies and the Dow Jones Industrial Average. Now, we should know better. Obama has many, many interest groups lining up to make their cases about what his priorities should be. But restoring faith and trust in the American marketplace deserves one of these top slots, and a respected public advocate deserves a seat at his table in the White House.

Let's review where things stand a little more than one month from DTV-Day -- the day that old-fashioned analog TVs will stop working -- currently set for Feb. 17.

• There's a waiting list for government coupons so people can buy converter boxes so they can continue to watch television on those old TVs. A waiting list! Sounds almost like a breadline. Church groups are actually being enlisted so people with unused coupons can donate them to "needy" TV watchers. Rome fell after just such a coupon shortage.

• The president-elect thinks we need to postpone the event, but the head of the FCC thinks we need to move forward. After all, think of all the posters that have been printed up!
• Electronics stores are making a killing selling $800 TVs to consumers who walk in looking to buy a converter box.
• The cable TV industry has made a killing by using the issue to market its products to confused consumers. Meanwhile, the industry is undergoing its own painful analog-to-digital conversion.
• Despite all the publicity about the conversion -- and more than $1 billion spent on coupons -- tens of millions of viewers are likely to see their televisions turn into bricks on Feb. 17. These will include TV watchers in remote places like rural New Jersey and in dense cities like New York. And there has been virtually no publicity around the "other" issues facing over-the-air TV viewers come DTV-Day, including the fact that even if their TVs and converter boxes work, their antennae won't.

This is why I keep saying that Feb. 17 is the real Y2K. I know those of you with satellite or cable television have been watching this story with bemused detachment, but trust me: You don't want to be wandering the streets of American cities the day 10 million or 15 million televisions go dark.

About 20 million Americans rely on over-the-air broadcasts for their television service, and another 15 million have at least one antenna TV in their homes, according to the National Association of Broadcasters. Dallas and Los Angeles alone, there are 1 million over-the-air households, according to Consumers Union's Chris Murray.

The truth is more people should consider getting their TV over the free airwaves. Cutting out pay TV can easily save a household $1,000 a year, and it's probably the single easiest way to find extra money for the monthly budget. Also, many electronics aficionados will tell you that over-the-air HD channels are higher quality than their pay TV counterparts, because the signal is not compressed as much in delivery. And when you do get your digital TV working correctly, you'll be pleased at the extra offerings you'll discover. Because of extra bandwidth available, many local network stations broadcast multiple channels, sometimes called "sub" channels. Those new to over-the-air digital might find a channel 4.1, 4.2 and 4.3. NBC, for example, has made good use of its extra bandwidth in the digital TV world, adding a 24-hour sports channel called Universal Sports to its lineup. Each local station makes its own decision on what to broadcast.

But getting digital television to work with over-the-air sets is going to be a lot harder than most people realize.

The antenna is the big problem
After spending billions of dollars getting the nation ready for this silly game of coupon ordering and box buying, the FCC has entirely dropped the ball on the real issue with the transition: the antenna. As Consumer Reports antenna expert Claudio Ciacco told me, "Many more people will be screaming than most people expect."

The problem comes down to simple physics. When DTV-Day comes, TV stations will permanently move their transmissions from the VHF band (channels 2-13) to the UHF band (channel 14 and above). Ultra High Frequency transmissions have some serious drawbacks. Namely, their shorter wavelengths mean they don't travel as far, and they are susceptible to interference from objects like tall buildings. They also are much more sensitive to direction.

RCA

The upshot is that rabbit-ear antennae will be useless, at least for now. Rabbit ears only capture the longer VHF wavelength signals. To receive UHF signals used in digital broadcasts, you'll need that round-ish antenna which came with your rabbits ears (sometimes it's a bowtie-shaped clip-on). Let's hope you didn't throw the UHF antenna out.

If you're using an indoor antenna right now, there's a little good news and a lot of bad news. You can retract those ugly rabbit ears once and for all. But you'll have to spend a lot more time rotating the UHF antenna: To tune your TV, you'll have to literally pick it up and rotate it until you find the channel you seek. Each channel may require a different direction. And now for the really bad news: If there's a building in your way, you're out of luck.

In the old rabbit-ear days, you could fiddle with your antenna positioning, hang the thing out the window, and perhaps get reception that was less than perfect but better than nothing. Thanks to the intolerance of digital technology, you will now get nothing. The Federal Communications Commission has given this phenomenon the rather cute name of the "cliff effect." I guarantee that on Feb. 17 people will have other names for it. I can also promise you that people in cities who have never had trouble picking up TV signals will find themselves falling off this cliff.

I recently experimented with the cliff effect while visited a remote area of the U.S. – a building three miles from the U.S. Capitol in Washington, D.C. In my unscientific test, half the channels either "cliffed" or were occasionally interrupted by pixilation – or digital decay -- without extensive antenna manipulation.

People with rooftop antennae will face the same problem. You may have spent years optimizing your antenna for VHF channels. If so, that work is wasted. If your antenna is equipped a UHF grabber and a device that allows you to rotate it from your living room, you are in luck. Otherwise, you won't know your capacity to receive DTV signals until you perform the climb-on-the-roof-and-yell-to-your-buddy routine.

Unfortunately, February typically doesn't present the best weather conditions for such trial and error.

"If I'm in Minnesota, do I really want to be on my roof fiddling with an antenna right now?" Murray said.

The sad truth, say Murray and other experts, is that millions of consumers will probably have to buy new antennae to deal with the digital TV changeover. For them, there are no swanky coupon programs or marketing explanations. In fact, there is not even agreement over what equipment will work best. In other words, the 35 million over-the-air consumers are on their own.

How big is the problem?
How many people will be hit by antenna problems? It's impossible to say, but here some food for thought. Nielsen, the TV ratings service, says 8 million U.S. TV watchers are "totally unprepared" for DTV-Day, meaning they haven't even gotten a converter box yet. We can only assume they haven't bothered to get new antennae either. If we modestly double that number and say that 8 million of the other 27 million over-the-air users will have antenna problems, that means 16 million households will no longer have working televisions on Feb. 17.

There is very limited real-world data to predict what could happen. Beginning on Sept. 8, the FCC conducted a DTV test in the Wilmington, N.C., market. Within five days of the moment that local broadcasters switched off their analog signals, the FCC received close to 2,000 telephone complaints, about half related to antenna issues or converter box installation.

There's two ways to look at that number. FCC Chairman Kevin Martin called the test a success, noting that less than 1 percent of Wilmington's 400,000 customers had problems. On the other hand, only 14,000 households in Wilmington were using antennae in the first place. One in seven of them had complaints.
And remember, Wilmington isn't exactly in the Rocky Mountains or Manhattan's Canyon of Heroes. It's easy to imagine much higher complaint ratios in rural, mountainous areas or dense urban areas.

Bruce Kushnick, who runs consumer advocacy group Teletruth, said he's run extensive tests in rural New Jersey -- about halfway between New York and Philadelphia -- and found high rates of digital failure. More than half of the consumers his organization visited lost access to at least a few channels.

"I believe it's going to be 50 (to) 80 percent of rural fringe areas (will lose some channels). The way it worked in Jersey is that most people lost something, but as we're finding out, there's other variables like which wiring the current TV set uses, even whether you're on the top of the hill or the bottom," he said. "Our belief is that no regulator wants to admit that this is going to be a nightmare."

There are many other unknowns about the DTV crossover. Ciacco, the Consumer Reports expert, said some of these issues could be mitigated because broadcasters plan to boost power in the digital signals after their analog broadcasts are shut down. It's unclear which stations will do so, and how much that will help, however.

RED TAPE WRESTLING TIPS
Antenna: The only way analog TV viewers can know what will happen on Feb. 17 is to plug in a converter box and try it out with their existing antenna. If it doesn't work, don't run out and buy a Cadillac-model $100 antenna right away. First, try a cheap loop or bowtie indoor model, and fiddle with its direction. That might solve your problem. If you have a little free time, you can even build your own DTV antenna for free using wire hangers by following these simple directions viewable on YouTube.

Coupon: If you don't have a coupon and you need a box, don't pay full price. Get on the government waiting list. I expect that the FCC and Congress will reach a compromise and make more coupons available. If you spend $60 on a box now, you won't get a refund.

As a last resort, sign up for "limited basic" cable for the short-term. This shouldn't cost you much more than $10 a month (you'll have to ask for this very cheap rate by name; most cable firms don't advertise it). You'll get all the over-the-air channels. Just make sure you aren't required to sign a contract. Within a few months, converter boxes will be nearly free, after the price subsidy from the government coupons dries up.

I predict you'll be able to get one for $10 by June, so a temporary cable subscription will tide you over.
If you don't yet have a converter box and you want to get some idea of how precarious your reception will be, try tuning your set to UHF channels in the 30s, 40s, or 50s. Your success at pulling those stations is a pretty good predictor of your ability to pull in DTV signals.

P.S. FOR THE GOVERNMENT
• First off, fix the coupon program. Why do these things expire in 90 days? Why do they take six weeks to arrive? So far, only about half the coupons sent out have been redeemed; the rest are just floating around. Congress needs to fully fund the program. It's basically an accounting trick anyway, as the unspent coupons will eventually be returned to the government's balance sheet.
Right now, 360,000 people each day are asking for government coupons, and they're all being hung out to dry. I know people shouldn't wait until the last minute, but more than a month before the changeover is hardly last-minute.
While we're on the subject of coupons, what a terrible system. All converter boxes are the same. The faux market created by the $40 government coupons has artificially propped up the price to $60 to $80. This should be a lesson in what happens when the government creates a faux market with heavy subsidies. Why should converter boxes cost more than DVD recorders?
• Delay the deadline. A DTV delay is tricky. Broadcasters will have to spend extra money to keep pushing out analog broadcasts past Feb. 17. I've heard estimates that this will cost local stations about $10,000 per month. That's serious coin, and I understand their opposition. But the sudden loss of millions of viewers will hurt even more. A more rational approach, suggested by Consumers Union's Murray, is to sequentially roll out the conversion around the country, rather than as a single switchover, so consumers and regulators can learn from their mistakes along the way.

It happens every year: As soon as consumers begin gathering their tax information, tax preparation companies begin trying to talk them into taking out costly loans against any refunds they might have coming. The so-called refund anticipation loans are controversial in the best of times, but critics are turning up the heat on the practice this year, saying that taxpayers' money – courtesy of the $700 billion banking bailout by Congress -- is helping to fund the business.

A consortium of consumer groups recently complained that nearly $200 million in federal bailout money has been given to the bank responsible for most of the tax refund loans marketed by Jackson Hewitt Corp., the nation's second-largest tax preparation company.

"That taxpayer bailout money is being used to fund these high-priced loans is simply outrageous," said Jean Ann Fox, director of consumer protection for the Consumer Federation of America.

Refund anticipation loans, or RALs, are a lucrative business for the tax preparers. In 2006, 9 million consumers obtained such loans, paying $1 billion in fees.

Santa Barbara Bank & Trust is a small bank, but it is a big player in refund loan business. It made nearly 2 million refund loans last year, earning fees of $118 million – nearly half the company's after-tax income, according to the consumer consortium.

Meanwhile, more than one-third of Jackson Hewitt's revenue last year came from arranging the pricey loans, according to a recent article in Barron's.

Jackson Hewitt spokeswoman Sheila Cort confirmed that the Santa Barbara bank is the "majority provider" for its refund loan program, but directed other questions about the program to the bank.
Pacific Capital Bancorp, the holding company for Santa Barbara, said in a statement that it isn't using bailout money to expand its refund loan program.

"The company is utilizing this additional capital to support all of its lending programs, under the spirit of the (bailout). This capital was not intended to nor is it being used to build, to increase, or to fund the company's Refund Anticipation Loan program," it read.

But Fox countered that the bank's refund loan program would not continue if the firm didn't have the money to back such loans – providing the required "capital ratio" needed to continue to pass muster with regulators.

"Money is fungible," she said. "We can't say they are loaning out TARP (bailout) money for refund anticipation loans but (the bailout money) certainly assists the bank in maximizing the number of refund anticipation loans they can make."

How refund anticipation loans work
RALs work like this: When customers of storefront tax preparation companies learn that they have a tax refund coming, they are offered the chance to get the money almost immediately. For a fee, the tax preparer arranges a bank loan for the refund amount. The bank then keeps the refund when it arrives from the government.

IRS rules prevent tax preparation firms from directly granting the loans, so each partners with a third-party bank. H&R Block, the nation's largest tax preparation firm, works with HSBC Bank.

The loan fees are steep when viewed through the lens of a traditional bank loan. Expressed as an annual percentage rate, as required by Truth in Lending requirements, Santa Barbara charges customers an effective annual percentage rate of 113 percent.

Consumers usually are not sensitive to this fee, however, because they don't pay it directly; it is simply deducted from their refund.

Fees vary based on the size of the refund, but a consumer expecting a $2,600 refund could expect to pay about $95 in interest charges plus nearly $40 in processing fees, Fox said. Most must wait a day or two to receive their funds.

Refund anticipation loan consumers may not realize that taxpayers who file electronic returns get their refunds – for free -- in an average of 11 days.

For years, consumer advocates have criticized the loans as unfair and targeted toward the poor. The National Consumer Law Center says that two-thirds of refund loan applicants are recipients of the Earned Income Tax Credit, a special program designed to help poor working families.

"Refund anticipation loans take $600 million out of taxpayer-provided poverty assistance that's supposed to go to working families with children and instead goes to banks," Fox said.

Firms that issue the loans have also attracted the attention of regulators and faced a series of lawsuits. Earlier this month, H&R Block agreed to pay $5 million to settle charges by the California Attorney General's Office that the firm unfairly marketed the loans as early tax refunds. H&R Block admitted to no wrongdoing in agreeing to the settlement. In 2007, Jackson Hewitt paid $5 million to settle charges by the state that it unfairly marketed the loans to low-income consumers. The firm denied any wrongdoing.

Social networking tool Twitter was hit by a major hacker attack on Monday, with several "high profile" accounts -- including that of President-elect Barack Obama -- taken over by computer criminals, the firm said.

The hackers then impersonated a series of famous users by sending out fake, sometimes embarrassing messages.

Among them was a Twitter message posted on CNN anchor Rick Sanchez's blog that said Sanchez "might not be coming into work today," because of drug use. The message was quickly removed.

A later message on Sanchez's Twitter account said, "Sorry loyal followers. Someone hacked us for a moment there." Sanchez is among Twitter's most popular users, and incorporates the service into his afternoon show on the cable network.

A spokeswoman for CNN said the network would issue a statement on the situation shortly.

Obama's Twitter page urged visitors to take an online survey and win a gas card, but the link actually sent visitors to a site that pays commissions to affiliates who generate traffic.

Other Web surfers suggested that several other high-profile users also were hit by hackers. Britney Spears' Twitter page included obscene language. A note critical of anchor Bill O'Reilly was apparently posted on the Fox News Twitter page.

Twitter acknowledged the hack, posting on its corporate blog at about 1:30 ET that "we have identified the cause and blocked it."

The San Francisco-based company said that 33 accounts were compromised "by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck." Sanchez and Obama are now back in control of the accounts, Twitter said. The company also said that Obama had not posted to the Twitter page since the Nov. 4 election.

Also, a phishing attack
That high-profile hacks weren't the only problem Twitter had on Monday. The firm also suffered a first-of-its kind phishing attack over the weekend.

The firm said the phishing attack was "unrelated" to the high-profile Twitter impersonation.

Thousands of Twitter users reported receiving messages urging them to visit a Web page with the message: "Check out this funny blog about you." Others received a similar message that said, "Hey, i found a website with your pic on it. … LOL check it out here twitterblog." On Monday, another phishing message said users could win an iPhone by clicking on the message.

Users who clicked on the link were asked to log in to Twitter. The site they were directed to mimicked the real Twitter site, but was actually controlled by hackers and apparently designed to steal Twitter passwords. At least some of those who fell for the ruse had their accounts hijacked and used to send out more phishing e-mails.

Phishing e-mails are hardly new, and many Web users have become too sophisticated to fall for traditional e-mail phishing scams. But the Twitter phishing messages were more believable, for several reasons. They appeared to be sent by a trusted user. And Twitter users can log in using third-party sites.

"If you are a Twitter subscriber you should be aware of these recent phishing efforts and how to protect yourself," said Marian Merritt, a security expert at Symantec Corp.

Twitter allows users to connect with each other through short, 140-character messages similar to cell phone text messages. The service says it has 6 million registered users, though the number of active users is less. Similar to Facebook or MySpace, users agree to subscribe to each other's "feeds," and can follow each other's daily lives through the short notes.

While having a Twitter account hijacked might not seem that dangerous, it obviously can be detrimental to high-profile users. Also, nearly half of all Web users use the same password at all Web sites they use, according to security firm Sophos, meaning Twitter users who fell for the phishing attack may also have put their online banking accounts and other financial accounts at risk.

Twitter is urging users to change their passwords in response to the attack.