Debit cards at risk for fraud

• Tweet

July 31st, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There are 437,000,000 debit cards in circulation, and their use is on the rise. Criminal hackers are paying attention. Credit cards offer some measure of protection, but when a debit card is compromised, the stolen money is taken directly from the victim's bank account.

Federal laws limit cardholder liability to $50.00 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to maintain this $50.00 limit. After that, the maximum liability jumps to $500.00. And if a victim doesn't discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

There are a few known scams that can make you vulnerable to debit card fraud.

There's the bait and switch. When making a purchase online, you may be prompted to make an additional purchase that appears to be a one time fee, but is actually an ongoing monthly debit that is nearly impossible to cancel. That's when canceling your card is the only way out. While this isn't technically criminal hacking, it is very slimy marketing. The best way to protect yourself from this one is to always read the fine print before making an online purchase. Just be smart.

Unless you have been living in a cave, you've probably received a phishing email at some point. Hackers, assisted by teams of psychologists and sociologists, are designing and selling phishing kits to one another. They know what makes you tick and they know what will convince you to click on a link. These people are professionals. They used to give themselves a day with misspellings and obvious discrepancies, but now they are organized and sophisticated. And as more people go paperless and get their bank statements online, it is becoming more common for criminals to take advantage of that process, sending emails that appear to be statement notifications. If you think an email might be phishing, delete it immediately. And don't click on links in emails. Either manually type the link into the address bar, or use your bookmarks menu.

According the the Secret Service, Skimming is one of the financial industry's fastest growing crimes. The ATM Industry Association reports over one billion dollars in annual global losses from credit card fraud and electronic crime associated with ATMs. A skimmer is a hardware device that a thief places on the face of an ATM, which matches the machine itself. It's almost impossible for a civilian to notice the difference unless the skimmer is of poor quality, or the civilian has a unique eye for security. Often, the thieves will mount a small pinhole camera somewhere near the ATM, perhaps in a brochure holder, to record the victim's PIN. Gas pumps are equally vulnerable to this scam. Pay very close attention during ATM and gas pump transactions. If something seems wrong, it is wrong. Look for double stick tape, removable features on the face of the ATM, a card sticking inside the reader, or additional mirrors or brochure holders that could contain a small camera.

You can also try to protect yourself from new account fraud. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses ATM skimming on Fox News and credit card fraud on CNBC.

[youtube]http://www.youtube.com/watch?v=y88SEANRTr8[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

One problem with Internet security: We don't believe the warnings

• Tweet

July 30th, 2009 - Posted by Kent

It seems like just this morning we were writing that people were clicking on false virus warnings propagated by the conficker worm. Now we learn of a Carnegie Mellon study that says that people ignore warnings all-together, even the genuine warnings put out by their browsers and Internet security software. It would seem that these two stories are at odds: in one case we're told a lot of people are clicking on false warnings (thereby enabling real malware intrusions), and in the second case we're told a lot of people are ignoring real warnings (thereby enabling malware intrusion). What can we learn from digging deep into this cognitive dissonance? Are people clicking or not clicking?

The Carnegie Mellon study points out that computer users are desensitized to warnings; they simply see too many of them (out-of-date security certificates, warnings about software installations that they've requested, viruses that have been detected and quarantined). Sometimes ignoring a warning has no discernible consequences. But perhaps another cause of warning fatigue is that people have become wary of warnings because they've read too many warnings that say that some warnings are not really warnings at all (like those activated by the conficker worm). Just to be safe, they won't click on anything, not even a warning from their own Internet security software.

So, some people click on nothing and some people click on everything. That's why and how viruses spread. As the study points out, browsers and Internet security software could do more to highlight just the important warnings so users know what to pay attention to. But that requires that we give up some control.

In the end it's really incumbent on us to understand the machines that we use, and to keep them patched and protected. It does require reading warnings, and discerning between the good and the bad. Good Internet security software, and common sense about the emails you open and the sites that you go to should keep out the bad. If you've been lax in protecting your computer, check out our reviews of Internet security software.

Spying leads to identity theft

• Tweet

July 30th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Most people assume that corporate espionage is just James Bond stuff. However, according to USA Today, even small and medium businesses are at risk. Spying has been going on since the beginning of time, and it's alive and well today. In most cases, spying starts because a person or entity needs or wants information that is otherwise kept confidential or private from prying eyes.

Most people have probably spied at some point in their lives. Maybe as children, rifling through siblings' or parents' closets and drawers. Or as teenagers, spying on a boyfriend or girlfriend in an attempt to determine why a first relationship wasn't working out. Or as parents, hoping to protect children from themselves. Hopefully this type of behavior subsides as we grow older and learn to trust others. But some people find serious reasons to spy as adults. This behavior can eventually culminate in stalking, which is, of course, illegal and can end in tragedy.

There are plenty of tools to facilitate spying. There are more ways of gathering intelligence than ever before. An online search for "spy shop" or "spy store" turns up a vast collection of small wireless cameras, listening devices, software, and hardware that can help the customer collect enough data on their target to do some damage, or uncover sensitive information.

Spyware is commercially available software that can track keystrokes, emails, and instant messages. In the wrong hands, it can be quite damaging. Keycatchers are hardware devices that can be installed in the back of a PC in order to record raw data.

It is necessary to monitor childrens' Internet use, but an open dialogue is equally important.If a person has suspicions about his or her spouse, that's an entirely different scenario, requiring a different set of rules. Be aware that if you spy or cheat on a loved one, you ought to be prepared for the consequences.

Protecting yourself and your business from this type of spying is difficult, but possible. Always keep in mind that those on the "inside," such as friends, family members, employees, or people who have special access and could potentially be paid off, like a cleaning person or a security guard, can access sensitive data.

1. Make sure that there are no mysterious hardware devices attached to your computer.
2. Sweep your home for audio recording devices. You can either hire someone to do this, or do an online search for a tool that will help you.
3. Password protect the administrator account on your computer, to prevent unauthorized software installation.
4. Run a spyware removal program.
5. Never leave file cabinets unlocked, or paper work lying around.
6. Shed any document that may contain sensitive data before throwing it out.
7. Lock down your wireless connections, since they are often the path of least resistance.
8. Don't disclose too much personal information on social networks, since that makes it easy for people to spy on you.
9. Know that identity thieves have access to all these tools as well, so protect yourself. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
10. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses mobile phone stalking and spying on The Tyra Banks Show.

[youtube]http://www.youtube.com/watch?v=bZwJ6LeaO0Y[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

The Conficker Spyware Project 2009

• Tweet

July 30th, 2009 - Posted by Kent

Remember the conficker worm? Last April Internet security experts were monitoring a bit of malware that was set to do something on April 1st, but no one knew what. Now details are starting to emerge. One things it's doing is installing anti-virus software, except that software is a virus itself. This according to bona fide Internet security experts Trend Micro.

Going by the name of Spyware Project 2009, the insidious program tells the user that they have a virus, and for a nominal fee (payable via credit card, natch!) Spyware Project 2009 will gladly remove it. It may remove the warning (at least temporarily), but your credit card number gets shipped off to cyber criminals. With so-called "rogue antivirus" programs, it's a bit like the fox guarding the henhouse, except the fox is dressed up like whatever it is that normally guards a henhouse (not being farm people, we're not sure). Maybe it's a wolf in sheep's clothing.

Either way, never trust virus warnings from software that you did not install. If you already have antivirus software installed (and you really should, you know), don't pay for additional services which pop-up out of nowhere. Get your Internet security software from a reputable source. You can check out our Internet security software reviews here.

Storing thumbprints to prevent check fraud?

• Tweet

July 29th, 2009 - Posted by Caitlin

Apparently, if you do not have an account at Bank of America, but attempt to cash a check at one of their branches, they require you to provide a fingerprint. After years of denying the practive, they have finally admitted it to a local newspaper. The bank wouldn't reveal where the prints are stored, how long they're stored, or who has access to them. The policy was developed in order to fight check fraud, but naturally, privacy advocates are concerned. American Banking Association President Doug Johnson dismissed privacy concerns in the name of protecting against identity fraud, saying, "I think some of the privacy concerns are overstated to a certain degree." But critics worry that compiling a database of biometric information leaves open the possibility of a particularly dangerous data breach, putting consumers at an even greater risk of identity theft.

These types of issues are unlikely to be resolved anytime soon. In the meantime, perhaps you should consider investing in identity theft protection?

Protecting your email account while traveling

• Tweet

July 29th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

You're traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

"While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I'm stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!"

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she's engaging in an email conversation with you, but it's actually a scammer who's jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can't happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it's happening more frequently. I'm amazed that I'm not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an "evil twin," a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The "S" in "https" indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

And you should always protect yourself from identity theft. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses wireless hacking on Fox & Friends.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Your cash is no good here

• Tweet

July 29th, 2009 - Posted by Caitlin

A popular Manhattan restaurant has issued a press release announcing its new "credit cards only" policy:

Carrying around cash is a thing of the past. Leave it to Commerce, Harold Moore's West Village hot spot, to modernize and go "paper-free," now only accepting credit cards as a convenience to its patrons. With robberies on the rise in the West Village, owner Tony Zazula also sees the switch as a safety precaution. It will eliminate the dangerous situation that employees face when walking to local banks with large sums of cash. So forget about that last-minute trip to the ATM and head to Commerce for a relaxing meal.

Could this be the start of a new trend? It is difficult, but still technically possible, to live without the convience of credit cards. But it doesn't look as though cash will be making a comeback any time soon. As our reliance on credit increases, so do the risks. It's important to use credit responsibily and to guard against credit card fraud. You may be interested in our reviews, comparisons, and FAQs if you'd like to learn more about credit cards, credit report monitoring, or identity theft protection.

The "Whac-A-Mole" approach to identity theft prevention

• Tweet

July 28th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Computerworld illustrates the current state of information security by citing a childhood arcade game: "If you've ever played the silly, maddening game known as "Whac-A-Mole," you know what futility feels like. As you smack one mole with the mallet, up pops another one. Their speed and number escalates as you flail away, trying to keep up. At some point, you realize there's no hope of winning." That's why I hated that game. I was attracted to it at first, because, like Barney Rubbles' son Bam Bam, I liked hitting stuff with blunt instruments. But that only takes you so far. To win, you need skill and precision.

In today's world of cyber security and identity theft prevention, it isn't enough to chase the next mole and whack it with another patch, or shred your own data and hope that someone doesn't hack your cell phone company. You need to understand the problem and proactively implement a solution.

In the late 90's and early 2000's, hackers hacked for challenge, fun, and fame. It made them popular among other hackers. Soon after, consumers began spending more time online. They used their PCs to shop, bank, and manage personal affairs. Now, hackers aren't just wreaking havoc, deleting files, or making IT administrators miserable, they're also stealing proprietary data. Now, the real game is illegal financial gain. Hackers' motivations have changed, which means that you need to change your perceptions of what a computer is, and how to operate it. It's no longer something to just play Solitaire, or a play where you socialize with friends. Now, it's a cash register to a hacker. It's a bank. And it should be treated and respected like a vault.

1. Run Windows Update, or it may also be labeled "Microsoft Update," on your PC. If you have Windows XP, you want "Service Pack 3" installed. You can also go to "Control Panel" and then "Security Center" and turn on automatic updates, so Microsoft will install the latest security upgrades automatically. If you have Vista, the process is similar, but you want "Service Pack 1."
2. Install antivirus software. Most PCs come bundled with software that runs for free for up to a year. Once it expires, you need to renew the license. If you don't, every day that your software isn't updated provides more opportunity for criminal hackers to turn your PC into a zombie that sends viruses to other PCs or sends spam shilling Viagra.
3. Install anti-spyware software. Most antivirus providers define spyware as a virus now. However, it's still best to run a spyware removal program once a month or so, to ensure that your PC is rid of software that could allow a criminal hacker to remotely monitor your data, keystrokes, and the websites you visit.
4. Use Firefox. Internet Explorer is clunky, and the most frequently hacked software that exists. Mozilla's Firefox is more secure.
5. Secure your wireless. If you're running an unsecured wireless connection at your home or office, anyone can jump on the network and access your files from up to 500 feet away. Your router should have instructions on how to set up WEP or WPA security. WPA is better. If this is a foreign language to you, you should either hire someone, or ask your 15 year old for help.
6. Install a firewall. Microsoft's operating system comes with a built-in firewall, but it isn't especially secure. Go with a third party firewall that comes prepackaged with antivirus software.
7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
8. Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses criminal hackers targeting wireless devices on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Windows users prepare for more patches

• Tweet

July 28th, 2009 - Posted by Kent

Microsoft will be releasing new Windows security patches today. No, this is not a reprint of an old story. Additional vulnerabilities were discovered, prompting Microsoft to take the unusual step of asking its researchers not to discuss them until the patches come out. Coincidentally, it just so happens that there's a big hacker conference going on in Las Vegas right now. If you've been putting off buying or upgrading your Internet security software, that bit of news alone should make you want to check out our Internet security software reviews.

Imagine, a whole hotel full of hackers…

Is it wrong to lie on your whois info?

• Tweet

July 28th, 2009 - Posted by Kent

When you register a domain with a web host, you're asked for your name, address, and telephone number. And, as we've pointed out before, this becomes part of the public record (which is why we talk about domain privacy in our reviews). But maybe you're wondering why you should bother putting down the correct information anyway. Why not register every domain to "Jon Doe at 1234 Anystreet, Anytown, anystate 99999"? In other words, do you have to tell the truth when you register the domain?

Sure, most of us have given a purposefully incorrect piece of personal information to someone when we feel it doesn't matter (just why does the Pottery Barn need my zipcode, anyway?). But there are times when it does matter (i.e., every April 15th when the Government wants to know your real income). If you lie to the IRS you can go to jail. What if you lie to the people who collect whois info? And who is asking for that whois info anyway?

Contrary to popular belief, the Internet is not a lawless land. Not entirely. All domain registration is governed by ICANN, the International Corporation for Assigned Names and Numbers. One of their big jobs is governing the creation of tld's (top level domains) such as .org, .com, .biz. Here's what they say about themselves:

"It is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet's unique identifiers."

Part of that "keeping the Internet secure" involves an interest in domains being registered to real people at real places. Whois info is used to keep people accountable for their websites. Even if you've privatized your whois info, law enforcement can go to your web host with a subpoena to get that information.

Truth be told, there's nothing stopping anyone from lying on their registration info. If someone's going to illegally distribute pirated copies of Harry Potter and the Half-Blood Price, they're probably going to lie. So, why shouldn't you, the honest and upstanding website owner, lie and hold onto the $10 per year you're paying your web host for domain privacy?

Besides that it's just "the right thing to do" (whatever that's worth in this day and age), it does go against ICANN's rules and can have consequences. Now, ICANN isn't out knocking on doors and taking away domains when no one answers. But violators can be reported, and in such cases they can lose their domains. If someone wants your domain, and they find out that you're reporting false whois info, they may report you. Also, since ICANN requires your domain registrar to collect the correct info, your web host probably requires it too. Putting down the incorrect information probably violates your terms of service with them.

Now, the web is full of stories of people who have been successfully lying about their domain registration for years. But keeping your whois info up-to-date (and private) is probably the best way to stay out of entanglements. It at least keeps you on the right side of the ICANN policies, keeping you in a good position if your domain is ever under dispute.

Check out our web hosting reviews for more on domain costs, web hosting, registrations, and domain privacy.