Tips for secure online holiday shopping

• Tweet

December 11th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

UK officials shut down more than 1,200 online retailers who scammed millions from unsuspecting shoppers. Most of the sites, which appeared to be legitimate retailers selling jewelry and other high end items from brands such as Tiffany & Co. and UGG Australia, were created by identity thieves in Asia.  When victims entered their credit card data or bank details, or sent checks, their money was stolen. Some victims did receive counterfeit versions of the merchandise they ordered, while others were left with nothing. Nobody responsible for the fake websites has been caught.

Criminals who set up fake websites go through the same process as legitimate online retailers, using search engine optimization and marketing, and online advertising via adwords. They use keywords to boost their rankings on Internet searches, which means they show up alongside legitimate sites. These same techniques are being used to infect victims' computers with malicious software. Many victims are lured to scam websites after recieving phishing emails offering high-end products for low prices.

It's easy enough to avoid spoofed websites when phishing is the gateway. Common sense says to automatically be suspicious whenever you recieve an unsolicited offer through email. The same goes for offers recieved through tweets or other social media messages. Scammers commit social media identity theft every day.

If you aren't familiar with a particular online retailer, don't even bother clicking the links, especially if an offer seems too good to be true. And if the email does come from a known website, make sure the address is legitimate before clicking on a link. Beware of cybersquatting and typosquatting, which trick you into believing you're headed to a legitimate site.

When placing an order, look for "https" and an image of a closed padlock in the address bar, signifying that it's a secure page. Scammers don't generally bother to set up secure sites.

Beware of emails coming from eBay. I've been getting ten a day lately. It's difficult to tell if these are real or fake, and you may be directed to a spoof of the eBay website. If you're looking for deals on eBay, disregard emails and go directly to the site. You can use the search function to look for deals that were advertised in emails. And when you do decide to make an eBay purchase, check out the seller's history. eBay works based on an honor system, and if the seller has a pattern of great feedback, they are probably legitimate.

Pay close attention to your credit card and bank statements. Check them at least once every couple of weeks, and refute any unauthorized charges within two billing cycles. Don't use debit cards online, since they offer less protection and more liability than credit cards. And avoid paying buy check, since it's difficult if not impossible to put that money back into your account once it's gone.

Do business with people or companies you know, like, and trust. On occasion, I do buy from online retailers with the best deals, but only cheaper items, generally under $50.00. When I'm buying something more expensive, I stick to companies that also have brick and mortar locations.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses holiday scams on Fox's Mike and Juliet Show.

Read the rest of this entry »

What can I do if a child has been a victim of identity theft?

• Tweet

December 10th, 2009 - Posted by Caitlin

The following post in our Reader Question series is an actual user submitted question.

Q: I found out that someone used my grandson's Social Security number to get phone service. How can I stop this? He's only 11 years old.

A: If someone has used or is using a child's Social Security number to secure a service, the child is a victim of identity theft. You should file a report with a local police department immediately. Having a police report will make it easier to have the fraudulent item or items removed from the child's credit report. You should also file a complaint with the Federal Trade Commission.

You should also call the phone company to inform them that the service has been fraudulently obtained using a minor's Social Security number. If you are your grandson's legal guardian, you can request a copy of his credit report from all three credit bureaus, and ask that fraudulent items be removed and that his credit report be frozen until he turns 18. If you are not your grandson's legal guardian, one of his parents will need to make this request.

When a parent or legal guardian contacts a credit bureau on their child's behalf, they need to provide the child's complete name, address, and date of birth, and copies of the child's birth certificate and Social Security number. The parent or guardian must also provide a copy of their own drivers license or other government-issued proof of identity, including their current address, and a utility bill containing the current address.

Here is the contact information for the three credit bureaus:

Experian
(888)397-3742
http://www.experian.com

Experian
PO Box 9532
Allen , TX 75013

Equifax
(800) 658-1111
http://www.equifax.com

Equifax
P.O. Box 105069
Atlanta , GA 30348

TransUnion
(800) 916-8800
http://www.transunion.com

TransUnion
PO Box 6790
Fullerton , CA 92834

To protect children from becoming victims of identity theft in the future, you may consider investing in an identity theft protection service, such as TrustedID, which offers protection to children. You may also be interested in our Child Identity Theft Protection Guide.

NextAdvisor launches Internet fax reviews

• Tweet

December 10th, 2009 - Posted by Kent

NextAdvisor is proud to announce that it has added Internet fax reviews services to its portfolio of online reviews. Internet fax services allow individuals to send and receive faxes from just about any computer with Internet access. Technologies like email and the World Wide Web have not replaced the fax; they've actually made it more practical and easy-to-use.

Registration forms, car rental agreements, and health care authorizations are often sent via fax. Just today I had to fax a credit card authorization to my self storage unit. I used an Internet fax service. Since we reviewed six services, I had plenty of options to chose from.

While eFax has long dominated the space, we found it had many worthy competitors, a few even outclassed it. Check out our reviews and comparisons to see how it all turned out.

NextAdvisor.com reviews online dating services

• Tweet

December 10th, 2009 - Posted by Caitlin

Online dating is one of the most popular Internet-based services, and for good reason. Plenty of people are looking for love, but don't have the time or the inclination to meet people in bars. For the price of a few drinks a month, you can browse through a database of available matches in your area. Some matchmaking websites even predict compatibility based on detailed personality tests – good luck finding that in a bar!

But with so many dating websites to choose from, how do you decide where to begin? Committing to an online dating service shouldn't be more difficult than committing to a date! Fortunately, NextAdvisor.com has reviewed and compared the most popular online dating services. These are the services with the largest user bases, which means that the offer the most potential matches for you.

We've broken down the most important features of an online dating service in order to make it as easy as possible for you to decide which one is right for you. If you've ever considered looking for love online, check out our new reviews, comparison chart, and frequently asked questions.

Do you know anything about an online product called Registery Booster by Microsoft?

• Tweet

December 10th, 2009 - Posted by Kent

The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.

Q: Do you know anything about an online product called Registery Booster by Microsoft?  You can download it for 30 dollars to help clean up your computer. Is it also a security software?  Thanks for you help.

A: RegistryBooster is a program by UniBlue and it is designed to clean up and repair your Windows registry. We don't have any experience with that software,  but  it claims to speed up your computer by getting rid of data fragments that can bog down your computer. It's more like spring cleaning for your computer, but it It will not protect it from malware, spyware, viruses, or other attacks. For that you will need dedicated Internet security software.

Facebook updates its privacy policy, once again

• Tweet

December 9th, 2009 - Posted by Caitlin

Facebook unveiled its latest privacy policy today, as well as changes to the privacy settings. Facebook's privacy policy and settings must continuously evolve with the addition of new features that involve third-party applications and websites. But this time, Facebook has also discontinued its regional networks, and instead, the new default privacy settings are set to broadcast your data to "Everyone." If you had previously tweaked your settings to allow for more privacy, those settings should be maintained, but if you had been allowing certain data to be seen by everyone within your regional network, it will now be visible to everyone on the Internet.

If you have never checked out the "Privacy Settings" section on Facebook, now is the time. If you do choose to make your entire Facebook profile visible to everyone, including search engines, it should be a conscious choice, and you should always be aware of the possible ramifications of any information that you choose to share. But if you use Facebook with the assumption that you are sharing information with a select group of friends, you will almost certainly want to change the default privacy settings to restrict who can see what you post.

Making too much personal information easily available puts you at an increased risk for identity theft. Identity thieves can use seemingly harmless revalations to guess your passwords, or the answers to your password reminder questions. So be smart, be careful, and, for an additional layer of defense, consider investing in identity theft protection.

Holiday temps make the best scammers

• Tweet

December 9th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

This is the absolute best time of the year to be a dishonest temporary worker. Holiday hustle and bustle overwhelms managers and supervisors and they can't possibly see everything their employees are doing. It has been said that only 10% of employees are honest, 10% of employees will always steal and 80% will steal based on circumstances. Hiring temps during the holidays becomes the perfect storm for employee theft.

Estimates reveal that 40-50% of all business losses are due to employee theft. Employers need to first vet potential hires so as not to invite a thief into the workplace.

Prescreening

• Either use a prescreening service or become a master interviewer. Watch for incongruities.
• Resumes are often "false advertising," sometimes including outright lies. Look for red-flags and exaggerations.
• Appearance is telling. To be disheveled and unkempt at an interview is a reflection of one's character.
• Interviewees who are well-spoken and ace the interview process may have had lots and lots of jobs.
• Use employment applications, and check and verify everything.
• Background checks are only one small, but necessary, element of the screening process.
• Criminal records checks are insufficient and do not detect employee theft unless prosecuted and convicted.
• Juvenile convictions do not show on a criminal records check.
• Drug and alcohol testing.
• Reference checks.
• Credit reports.
• Physical exams.

Hire honest people.

Honest people live by the golden rule, "Do as to others as you would have them do unto you." Honest people see stealing as demeaning. Honest people believe in karma. Honest people think of the consequences of their actions over a lifetime, not just in the moment. Hire honest people.

Perception is reality.

Assume that after an apparently honest person has been hired, there is still potential for stealing to begin. Orientation is the first place to discourage this behavior. Policies must be openly discussed. Employees are shown aspects of loss prevention and physical security in place. They are further told incidences of theft will be prosecuted under the fullest extent of the law. They are reminded that previous employees were caught and the expenses in fines and to lawyers in a criminal defense cost far more than the goods or cash that were stolen. In Singapore, Iran, Saudi Arabia, they put an average of 500 people a year to death for various nonviolent crimes. That's perception equaling reality.

Understand the theft probability equation.

Chance of getting caught + consequences of action taken = Level of risk & probability of theft.

• Low risk: high probability of theft
• High risk: low probability of theft
• A reputation for non-action breeds theft. If you fire thieves without prosecution, you will hire thieves in the future.

Increase technology to reduce threats.

ComputerWorld suggests bolstering physical security around temporary cash registers and handheld scanners. It's easy to install a card-skimming device on a satellite register. Install additional video cameras to monitor the use of such devices.

Review log data daily. System and transaction logs can reveal a lot of information about the security of a payment system. Check them daily for red flags.

Implement "hard" firewall policies. Use a white list of known good addresses to preclude the possibility of card and payment data going anywhere outside the enterprise firewall except to your payment processor.

For your own personal security, protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses holiday scams on Fox's Mike and Juliet Show.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Phishers target web hosting customers

• Tweet

December 9th, 2009 - Posted by Kent

You might want to be especially cautious about emails that purport to come from your web host. A new phishing scheme is underway, and it's targeting customers of popular web hosting services. The bait is an email that says the following: "Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details."

Following the included link sends users to a facsimile of the popular cPanel web hosting interface which asks users for their FTP login information. Once that's done, the login info is transfered to the phishers.

Where it goes next is unknown, but  granting access to your website's directory to person or persons unknown is a scary thought. Your site could potentially be used to spread malware or launch attacks.

According to Gary Warner, who uncovered the scheme, the phishers are sending emails with the following subject lines (substituting the name of your web host for "targeted hosting company"):

(targeted hosting company) webhosting update
(targeted hosting company) web hosting update
(targeted hosting company) webhosting user
(targeted hosting company) web hosting update
for (targeted hosting company) webhosting user
for (targeted hosting company) web hosting use

Since phishers change their M.O.s frequently, it's best to exercise the same caution you would with any solicitous email. Anytime you get an email asking you to confirm login credentials you should be wary. Don't trust the links in emails, even if they look to be legitimate. If you really think your web host (or bank, for social network) requires you to log in and make changes, always go directly to the site via a previously bookmarked url that you trust.

Tiger Woods malware attacks!

• Tweet

December 8th, 2009 - Posted by Kent

Think twice before clicking on a video that purports to show the Tiger Woods car accident (humorously dubbed a 'Caddy Smack' by the San Francisco Chronicle). No such video exists, but like other hot celeb stories that have come before, the Woods story is being used by hackers to infect the PCs of curiosity seekers. In fact, it looks very similar to the Erin Andrew faux Flash update that hit PCs a few months ago (and can still be found in the wild).

As always, be careful about which sites you visit and make sure you have current Internet security software installed with your virus definitions freshly updated. If your Internet security software has a built-in link warning mechanism, you should pay it heed. In past tests we did, they often warned us away from similar sites. Check out our reviews to see which ones we think did the best job.

Twelve Scams of Christmas (part 4)

• Tweet

December 7th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

As cybercriminals begin to take advantage of the holiday season, McAfee has revealed "The Twelve Scams of Christmas," the most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports' 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.

Since I'm on McAfee's Consumer Advisory Board, I'm advising you to beware of the following scams.

Scams 1-9 are here, here, and here.

10. Password Stealing Scams

Password theft is rampant during the holidays, as thieves use low-cost tools to uncover a person's password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they gain vast access to consumers' bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user's account to their contacts.

11. E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. Then they often sell this information through an underground online black market.

McAfee Labs believes cybercriminals are more actively scamming consumers with this tactic during the holidays since people are monitoring their purchases closely.

12. Your Files for Ransom – Ransomware Scams

Hackers gain control of people's computers through several of these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user's files ransom by demanding payment in exchange for getting them back.

McAfee advises Internet users to follow these five tips to protect their computers and personal information:

Never Click on Links in E-Mails: Go directly to a company or charity's Web site by typing in the address or using a search engine. Never click on a link in an e-mail.

Use Updated Security Software: Protect your computer from malware, spyware, viruses and other threats with updated security suites. McAfee^® Total Protection software provides fully-featured protection from current and emerging threats. It also comes built in with McAfee SiteAdvisor® technology, a safe search toolbar to warn consumers of a Web site's safety rating as well as phishing protection. It uses intuitive red, yellow and green checkmarks to rate potentially dangerous Web sites when searched on Google, Yahoo! or Bing.

Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. WiFi networks should always be password-protected so hackers cannot gain access to them and spy on online activity.

Also, remember to only shop on Web sites that begin with https://, instead of http://, and seek out Web sites with security trustmarks, like McAfee SECURE^™.

Use Different Passwords: Never use the same passwords for several online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it. Cybercriminals are behind many of the seemingly "good" deals on the web, so exercise caution when searching and buying.

If you think you may be a victim of cybercrime, visit McAfee's Cybercrime Response Unit to assess your risks and learn what to do next at www.mcafee.com/cru.

Get a credit freeze. Go online now and search "credit freeze" or "security freeze" and go to ConsumersUnion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses Cyber Monday on Mike and Juliet.

[youtube]http://www.youtube.com/watch?v=Ixn26vVTfns[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.