Phishers target PayChoice customers

• Tweet

October 5th, 2009 - Posted by Caitlin

Hackers recently breached the online systems of PayChoice, a payroll processing firm. Shortly after the hackers accessed customer account information, including email addresses, login IDs, and partial passwords, PayChoice customers began receiving targeted phishing emails prompting them to download a plug-in. The emails, which  addressed recipients by name and referenced their usernames and passwords, explained that the plug-in was necessary for continued access to PayChoice's online payroll service at OnlineEmployer.com. But the download was actually malicious software designed to steal even more account information. The phishing emails also included links to malicious websites, which would attempt to exploit vulnerabilities in Internet Explorer, Adobe Flash, and Adobe Reader to install even more malware. Unlucky victims wound up with a Trojan horse program that attempted to download even more malware and disable security software. This particular Trojan horse slips under the radar of many anti-virus scanners. Security experts believe that this attack was primarily designed to steal online banking credentials.

PayChoice is still investigating the extent of this unusually complex attack. A data breach, phishing emails, malicious websites, and numerous malicious applications including a Trojan horse. All with the likely end goal of identity theft.

How can you defend yourself against such sophisticated hackers? The best course of action is to be wary when clicking on links or downloading files, to keep your browser and Internet security software updated, and to invest in identity theft protection.

8 ways to prevent business social media identity theft

• Tweet

October 2nd, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There are hundreds, or maybe even thousands of social media sites worldwide, such as Facebook, MySpace, Twitter, and YouTube. Social media networks are quickly becoming the bane of the IT manager. Twitter phishing and Facebook jacking are growing rapidly.

Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has become a big target. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.

Computerworld reports that "Twitter is dead." Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force. And history tells us that once they sink their teeth into something, they do not let go. Ever.

1. Implement policies: Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.
2. Teach effective use: Provide training on proper use and especially what not do to.
3. Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
4. Limit social networks: In my own research I've found 300 to 400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
5. Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
6. Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
7. Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
8. Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

And invest in identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

[youtube]http://www.youtube.com/watch?v=JwFC0jfxTco[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Lingo goes global with World Max plan

• Tweet

October 2nd, 2009 - Posted by Kent

VoIP provider Lingo has a new offer, and we thought we should let you know what's changed. They're clearly taking aim at Vonage's World Unlimited plan, undercutting them by a dollar and offering to serve more locations. Lingo lists over 100 to Vonage's sixty-plus, but Lingo's numbers include mobile lines, so it's closer to 80 countries (including Vatican City, in case you have to put a call through to His Holiness).

Lingo charges $24.95 per month for the unlimited world calling plan, and your first month is $4.95 (they used to give you three months at that price, but they also weren't giving you the world). All the setup, shipping, and equipment fees are also waived.

So does this mean Lingo comes out on top? Its after-30-days cancelation fee is still higher than Vonage's ($99.95 to $39.99), but the true measure of its value will be if it covers the countries you call most.

Andorra
Argentina
Australia
Austria
Bahamas
Bahamas – Mobile
Bahrain
Bahrain – Mobile
Bangladesh
Bangladesh – Mobile
Belgium
Brazil
Brunei
Brunei – Mobile
Bulgaria
Canada
Canada – Mobile
Chile
China
China – Mobile
Colombia
Croatia
Cyprus
Czech Republic
Denmark
Dominican Republic
Estonia
Finland
France
French-Antill
French-Guiana
Georgia
Germany
Greece
Guadeloupe
Guam
Guam – Mobile
Hong Kong
Hong Kong – Mobile
Hungary
Iceland
India
India – Mobile
Indonesia
Iraq
Ireland
Israel
Italy
Japan
Jordan
Kenya
Laos
Laos mobile
Latvia
Lithuania
Luxembourg
Macao
Macao – Mobile
Macedonia, Republic of
Malaysia
Malaysia – Mobile
Malta
Mauritius
Mexico
Monaco
Netherlands
New Zealand
Norway
Panama
Peru
Poland
Portugal
Puerto Rico
Romania
Russia
Saipan
Saipan – Mobile
San Marino Saudi Arabia-Jeddah
Singapore
Singapore – Mobile
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan
Thailand
Thailand – Mobile
Trinidad
Turkey
U.S. Virgin Islands
U.S. Virgin Islands – Mobile
United Kingdom
United States
United States – Mobile
Vatican City
Venezuela
Zambia

National Cyber Security Awareness Month

• Tweet

October 1st, 2009 - Posted by Kent

October is National Cyber Security Awareness Month and the big question is: How will you celebrate? The Department of Homeland Security and the National Cyber Security Alliance want you to learn how to keep yourself safe online. According to their press release, "just 40% of Americans have had any formal type of online security or safety training."

Really? That number seems rather high. A brief and unscientific study of our office showed that no one here could remember ever attending any kind of "online security or safety training" but we all know not to click on unknown email attachments, download strange programs from LimeWire, or pay attention to web pages that warn us that our computers are infected. And we all have Internet security software installed.

The feds have a vested interest in cyber security because bot-infected computers have been used to run denial of service attacks on government web sites.

As a digital society relying on the Internet for nearly everything from financial services to supply chain management to an increasingly smart electric grid, to name a few, America's ability to fortify the security of the Internet is critical to the nation's economic success, the government's ability to deliver critical services, and every American's access to information.

The focus of NCSAM is to make people aware that infected PCs are not just potentially dangerous for bank accounts, they're also dangerous to us on a larger scale. Plus, a DoS attack can totally knock out Twitter, and Senator McCain loves to Twitter.

New virus steals from online bank accounts

• Tweet

October 1st, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

A new kind of Trojan horse infiltrates your online bank account, and not only steals your log-in information, but also siphons funds directly out of your account. The virus is known as URLZone, is controlled by servers in the Ukraine, and it determines how much money to steal from a victim's account depending on the initial balance, all in real time, while the user is logged in, displaying a fake balance so the victim isn't aware that it's happening. URLZone targets Firefox, Opera, and the last three versions of Internet Explorer. Currently, the virus is only targetting computers in Germany. But it's only a matter of time until URLZone, the most sophisticated worm of its kind to date, spreads further.

Like most viruses today, URLZone generally infects a PC when the user clicks a link or visits an infected site. Once the virus is installed, it waits for the user to access an online banking website. That's when it goes to work. While the user is banking online, the virus communicates with the bank's server in the background. Transactions are being processed and the user doesn't see any of it happening. Frankly, this doesn't even sound possible to me. But it's happening. The virus then erases its tracks by displaying a bank balance on the infected computer that doesn't reflect the funds that have been stolen. The victim will only recognize a discrepancy in the balance when using an uninfected computer or an ATM, or receiving a paper statement. Or when the checks start to bounce.

A virus with the sophistication to hijack the victim's browser, steal money during an online banking transaction, and then cover its own tracks by modifying the information displayed to the victim, all in real time, is not good, to say the least.

White hat hackers are struggling to stay one step ahead of the criminals, but black hat hackers are out in full force. There are more ways to compromise data today than ever before. From 2007 to 2008, the number of viruses quadrupled from 15,000 to nearly 60,000.

Recently, a couple's bank account was compromised as a result of their own insecurity. The bank claimed no responsibility and held the couple accountable for the loss. Now they are suing the bank. Depending on how this case pans out, you may be held responsible for the loss if you're hacked.

To prevent these types of situations, make sure your Internet security software is updated and set to run automatically. Keep your web browser updated to the latest version, since an out of date web browser can provide holes that worms can crawl through. You should also set your operating system to update critical security patches automatically.

Check your bank statements at least once a week, and invest in identity theft protection, which employs a number of different techniques to prevent, detect and, if necessary, resolve identity theft.

Robert Siciliano, identity theft speaker, discusses online banking insecurity.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.