Top 8 worst Twitter social media hacks

Posted by Robert Siciliano on February 3rd, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger.

In the past year, the use of Twitter has increased dramatically. And so has the criminal hacker’s attention to the opportunity to use it for illicit gain. Here are the top-eight worst types of Twitter social media hacks:

1. Jacked Twitter Accounts: Numerous Twitter (and Facebook) accounts, including those belonging to President Obama, Britney Spears, Fox News and others, were taken over and used to ridicule, harass, or commit fraud.
2. Social Media Identity Theft: Hundreds of impostor accounts are set up every day. Sarah Palin, St Louis Cardinals Coach Tony LaRussa, Kanye West, Huffington Post and many others have had Twitter accounts opened in their names or names similar to theirs.
3. Twitter Worms: Worms infiltrate Twitter sending requests to click on links that, in turn, infect user accounts and begin to multiply the message. Followers of infected accounts get the requests, and then their followers get them, causing more grief than anything else.
4. Twitter DOS Attack: Twitter itself was victimized by a denial-of-service attack that left the site dark for more than three hours. Reports indicated that a politically motivated attack in Russia seemed to be the cause.
5. Twitter used as a Botnet Controller: A Twitter account produced links that led to commands to download code to run a botnet.
6. Twitter Phishing: Cybercriminals use tweets to draw users to spoofed sites and trick them into entering account or financial information. It's a crime that's on the rise.
7. Twitter Porn: Please, “Misty Buttons” stop sending me another invite to chat or see your pics.
8. Twitter Spam: The use of short URLs has made Twitter's 140-character limit the perfect launch pad for spam leading to diet pills, Viagra and whatever else you don’t need.

With Twitter now a part of the daily routines of millions of people, who login from home or work, it will undoubtedly play a big role in the criminal hacking community in 2010.

Protect your identity:

1. If you're a victim of identity theft, get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief, but it also makes it impossible for you to open any new accounts yourself.
2. Invest in social media protection at Knowem.com.
3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in  identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano, identity theft speaker, discussing social media identity theft on CNN.

10 business identity theft risks in 2010

Posted by Robert Siciliano on January 20th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it's mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business.

Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn't work correctly and the constant learning curve we must all endure, the biggest negative is security issues.

So for the SMB (that's you, the savvy businessperson), here are ten considerations for the new decade:

Back up your back up. Numerous reports of cyber-war, thousands of new viruses weekly, and even Mother Nature reeking havoc on the Internet, have caused concern among industry professionals. Doing business in the cloud is fantastic; however, make sure you have redundant local backups of your data.

Protect against all Internet security threats, not just viruses. The sheer volume of attacks and new viruses created will keep the antivirus vendors busy. But there is no way they can keep up the pace 100% of the time. There are numerous technologies that will immunize your PC and make any virus or spyware impotent, and any data typed in your browser useless to a thief.

Social media identity theft is the act of creating a blog or social media site that models your day to day operations. At any time, someone can register domains or social media sites with your brand as the face. They then sell products that they never ship and/or do things to damage your brand. Scoop up your social media identities with Knowem.com.

Social network nitwits. One of the easiest ways into your companies’ networks is via social media. The explosion of “I just made a tuna” communications has brought out the dumb in many people. The simple act of setting up a group on Facebook and getting your employees to join can open up a treasure trove of data that can facilitate social engineering attacks. Create policies and procedures that involve appropriate use.

Social engineering, the ruse of a confidence man, is back in full force. It never really went away, but with the amount of security in place, sometimes the path of least resistance is simply asking your cleaning crew for the keys to the building. By gaining the trust of employees over the phone, via email or in person, a conman can get almost anything he needs in order to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.

Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside. But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information. But preventing bad employees from doing bad things starts with not hiring bad people.

Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like it's coming from another employee is probably the most effective spear phish. Going after the CEO or high level executive, or “whaling,” can often be even more successful. The bigger they are, the harder they fall, as they say. From my experience, it’s often the smartest ones in the room that lack all common sense. Test your employees and see what they will fall for. Then test them again.

Tighten up employee remote access. Allowing Suzy Admin to access the company's VPN from a home PC that Suzy’s son Steve uses to play games on servers hosted in North Korea will end up bad. Malware on a home computer can compromise user names and passwords, resulting in spyware on the network. Set up Suzy with her own laptop that’s fully locked down and prevents Steve from doing anything fun.

Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world. Obama's helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.

Identity theft will get worse before it gets better. And whether it’s your identity, your family's or your employee’s identity that is stolen, it can be a huge time suck and a costly event. The best defense involves a three legged stool. First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a “credit freeze” or “security freeze.” Third is an annual investment in identity theft protection. In today’s cybercrime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Google gets hacked

Posted by Robert Siciliano on January 18th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Last week, Google disclosed that it had been breached by Chinese hackers, who were apparently targeting Chinese dissidents:

"The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator."

McAfee found evidence that the attack exploited a vulnerability in Internet Explorer. Google Enterprise president Dave Girouard blogged to inform Google App clients their data was safe: "This incident was particularly notable for its high degree of sophistication. This attack may understandably raise some questions." Girouad stated, "We believe our customer cloud-based data remains secure."

The most successful techniques of Chinese hackers involve phishing and social engineering. These hackers determine their targets, then send a "spear phish," or targeted email, to a specific employee, in which they pose as a coworker or a vendor. Once the target clicks a link, a remote control or malicious software is automatically downloaded. On a broader scale, hackers may send a blast to everyone in the company and ultimately hook a few employees, giving them access to company accounts.

The recent Google attack indicates that criminal hackers with financial incentives aren't necessarily the only ones attempting to penetrate your networks. There is a strong possibility that hacking is being sponsored by foreign governments with a much bigger agenda.

All the more reason to be aware and alert in regards to your security.

1. Never click on links in the body of an email. NEVER!
2. Always be suspect of any external or internal communications. You could be a target of a phisher.
3. Before divulging a user name and password in response to an email, pick up the phone to verify the legitimacy of the request.
4. Make sure your PC's critical security patches are updated fully and automatically.
5. Antivirus software must be run automatically and kept fully up to date.
6. It's not enough to just run antivirus software. Run a program that also protects against keyloggers.
7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
8. Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Impostor poses as Secret Service agent and police officer

Posted by Robert Siciliano on January 11th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

At a friend's 40th birthday party, we wound up discussing my Craigslist ATM, and that led to a conversation about how easily people can be conned. One friend's new boyfriend began telling us how frequently he is able to con people in order to get into bars and clubs. "I never wait in lines," he claimed, "and I always get VIP treatment." I hate lines, too, but I have a hard time lying to get what I want.

He says he finds the phone number of the bar or club and calls ahead of time, claiming to be the manager of a Boston Celtics player and explaining that he'll be coming to the bar with a few people and that his player will arrive later. He gets the name of the club manager and someone from security. That night, he goes straight to the front of the line and drops the manager or bouncer's name and acts as if he's entitled to enter. He says his success rate is 100%, and I believe him.

When a  couple can crash a formal event at the White House despite Secret Service presence, then almost anything is possible. People successfully pose as health inspectors, police officers, and even Secret Service agents. As I demonstrated on The Montel Williams Show, I once posed as a "water inspector," gaining access to people's homes by saying I needed to "check the colorization of their water." Any kind of fake badge and uniform can do wonders.

One recent example is a Massachusetts man who has been accused of posing as a Secret Service agent in order to enter the U.S. Department of Health and Human Services and pleaded guilty to disorderly conduct, trespassing, and impersonating a public official after attempting to enter a U2 concert without a ticket by impersonating a police officer:

"Authorities say he flashed what appeared to be a gold Massachusetts State Police badge and entered Gillette Stadium in Foxborough, Mass., on Sept. 21. They say he didn't have a ticket to the concert.

He repeatedly asked to see the fire chief and where the ambulances were parked. When he refused to identify himself, stadium security called police, who then arrested him."

A criminal can easily impersonate you online or in person to commit financial identity theft as it relates to new account fraud and account takeover, or to commit social media identity theft. This is why a credit freeze and an identity theft protection service are essential. Because identity theft will flourish until we are properly identified and systems are in place that point towards effective authentication and identification which leads to accountability.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses imposters and home invasions on The Montel Williams Show.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

I wasted four hours with a criminal hacker

Posted by Robert Siciliano on January 6th, 2010

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Lately I've been coming across "advertisements" on forums, posted by criminal hackers looking to sell our stolen information. They are "carders," selling "dumps" and "fullz." Well, I decided to make contact with one of them to see what the deal is. It turns out the one I connected with was less than forthcoming, but was very persistent and more than likely has and will continue to scam people. Here is an example of a post advertising illegal services.

The hacker I contacted immediately returned my email. I told him I was a journalist and wanted to do a story on him. I couldn't have been more upfront with my intentions. I even provided him with a link to my website, but that didn't seem to matter. He just wanted my money. First he wanted me to open up an instant message and connect with him via his Yahoo email. That way we could chat. But I wasn't about to let him in via IM, because there are known hacks that can allow a bad guy into your PC via an IM service. So instead, I set up a private chat at tinychat.com.

What follows is an abridged version of our conversation. (The full version is here.) I am robertsicili, and the scammer is dskimmed2009 (how appropriate).

[11:50] robertsicili: who is here?
[11:51] dskimmed2009: yes its me man
[11:52] robertsicili: nice meeting u
[11:52] robertsicili: where are you from
[11:52] dskimmed2009: I Have told you already man
[11:52] dskimmed2009: or have u forgotten that man
[11:53] robertsicili: you havent told me
[11:53] dskimmed2009: oh okay man

He avoided the question.

[11:55] robertsicili: why did you agree to speak to me?
[11:55] dskimmed2009: what do u mean ?
[11:56] robertsicili: well, your business isnt a normal one and usually guys like you try to stay 100percent under the radar
[11:56] dskimmed2009: ahahaha
[11:56] dskimmed2009: very good man
[11:56] dskimmed2009: so u too which country are u from ?
[11:57] robertsicili: US
[11:57] dskimmed2009: VERY GOOD

"VERY GOOD" in all caps tells me right away he thinks I'm an idiot.

[11:57] dskimmed2009: I'm 27 years of age and u?
[11:57] robertsicili: im 41
[11:58] dskimmed2009: wow…….then am small boy to u right
[11:58] robertsicili: youll be 40 before you know it

More small talk, getting used to each other.

[11:59] robertsicili: what country? your english is fine
[11:59] dskimmed2009: CVV,FULZ,DUMPS,BANKLOGINS,BANK TRANSFER,WU TRANSFERS,SKIMMING,ETC

And it's down to business.

[12:00] dskimmed2009: What do you need to buy now man?
[12:00] robertsicili: all business, i get it.
[12:00] robertsicili: i want to tell your story. you are very interesting.
[12:01] dskimmed2009: yes am interesting man ok
[12:01] dskimmed2009: dont be serious let finish the deal at least today now ok
[12:01] robertsicili: i write for numerous US papers and find what you do facinating. Id like to understand your process.

This seemed to have gone right over his head because he never acknowledged it.

[12:06] robertsicili: so its not a problem for you to be public? how do you keep from being traced?
[12:06] dskimmed2009: i have many securities upon me so u dont need to be worried about that at all man ok
[12:07] dskimmed2009: becoz i do genue and valid business here with many and more costumers man
[12:07] dskimmed2009: so no one will traced upon me ok
[12:07] robertsicili: not worried, just curious, youre very smart
[12:07] dskimmed2009: why are u saying that am smart
[12:08] robertsicili: because you are able to be public, but still anonomous
[12:08] dskimmed2009: of course man becoz if i were to be bad i will never be in public annoucenment forums
[12:09] robertsicili: what is your "valid business"
[12:10] dskimmed2009: My valid business is to just do long term business with the other costumers man

He begins to tell me how honest he is with his customers.

[12:10] dskimmed2009: always i do give them what they will paid me for ok
[12:10] dskimmed2009: i dont dissapoint them as some ppl's are doing to the other costumers
[12:10] robertsicili: so you are an hoinest business man who doesnt stiff his customers.
[12:11] dskimmed2009: i never stiff my costumers ok
[12:11] robertsicili: i see you take pride in that. and you should.
[12:11] dskimmed2009: am not interesting to do that to my costumers to loose my market man
[12:11] dskimmed2009: i always want to do long term business with my costumers
[12:12] robertsicili: there must be a lot of dishonest people in your business who stiff people
[12:12] robertsicili: how long have you been doing it?
[12:12] dskimmed2009: of course and they are those who used to spoiled most of the hackers business man
[12:13] robertsicili: so you are a "hacker", do you get the data directly?
[12:13] dskimmed2009: i have been in this business for very good 17 years of age man

He loosens up a little and begins to give me history and a bit about his process.

[12:14] dskimmed2009: i use to go to Ho Minh Chin…Vietnam to hack softwares and come back to russian again man
[12:15] dskimmed2009: i have 3 types of softwares i use for my work man
[12:15] robertsicili: what are they called?
[12:15] dskimmed2009: One if for use to skimmed dumps
[12:15] dskimmed2009: software to skimmed dumps called Skimmer
[12:16] dskimmed2009: i have one too hacking software it used to hack credit card numbers and bank logins man
[12:16] dskimmed2009: i have western union bug software version 2010 with an activation code
[12:17] dskimmed2009: used to do online western union wireing and also hacking an mtcn numbers out from fullz man
[12:17] dskimmed2009: i have all types of skimming
[12:18] robertsicili: "hacking software" so on other peoples computers?
[12:18] dskimmed2009: OH YES

He's all happy now.

[12:22] robertsicili: are you russian?
[12:23] dskimmed2009: am not a russian man
[12:23] dskimmed2009: i have been there for good 8 years just to study how to hack very experiencely and perfect way man
[12:26] robertsicili: in the US we are hacked by many countries. The chinese are great hackers, Romanians too.
[12:27] robertsicili: I have heard of vietnamese hackers too but not as often.Ukraine have many good hackers
[12:27] dskimmed2009: oh yes man
[12:27] dskimmed2009: RUSSIAN,VIETNAM,THIALAND,ROMANIA,UKRAINE,NIGERIA ,GHANA
[12:28] robertsicili: Yes. All hacking Americans or all over the world?
[12:28] dskimmed2009: All those countries i just mention they contain alot of fake and good hackers
[12:29] dskimmed2009: they hack EUROPE,UK,US,CANADA,ASIA,WESTERN PART OF AFRICA

We discuss family!

[12:29] robertsicili: do you have kids?
[12:29] dskimmed2009: they hacked all over the world man
[12:29] robertsicili: ok
[12:29] dskimmed2009: i have 2 kids and my personal wife

Back to business.

[12:35] robertsicili: how do you get paid?
[12:35] dskimmed2009: they are sooo many ways of means to get money easy but they dont like it on that way
[12:36] dskimmed2009: Through Western Union,Money Gramm,Liberty Resrve and Web Money
[12:38] dskimmed2009: u can also do western union online transaction money transfer with fullz
[12:39] robertsicili: define fullz
[12:39] dskimmed2009: fullz contain , SSN : SOCIAL SECURITY NUMBERDOB : DATE OF BIRTHDL : DRIVING LINCENSEMMN : MOTHER MAIDEN NAME
[12:40] robertsicili: I now understad fullz, but how do I turn that data into money?
[12:40] dskimmed2009: i will teach u if u buy either the fullz or the software ok
[12:40] dskimmed2009: u will just process and operate the software thats all
[12:41] robertsicili: how much for the software?
[12:41] dskimmed2009: 700$
[12:41] robertsicili: damn!~
[12:42] dskimmed2009: Don't make noise
[12:42] dskimmed2009: i can reduce the price for u if u are ready at any time ok
[12:42] dskimmed2009: am not difficult hacker ok\

Such a great guy and all around good business man. Now I want more details. I want raw data, I want proof.

[12:48] robertsicili: when you get a chance send me samples of what I can get with the software. CVV2?
[12:49] dskimmed2009: all my software are containing security password and codes so i cant just give out like that man
[12:49] dskimmed2009: unless u have make payment for it
[12:49] dskimmed2009: b4 i can give u man

He is refusing to send me samples of data he hacked. I'm beginning to think he has nothing.

[12:50] robertsicili: if im going to make an investment in your softwareI need to understand what it does.
[12:51] dskimmed2009: it will hack the amount on the fullz as mtcn numbers for u to get out with the rest of the infomations man
[12:51] robertsicili: what is mtcn
[12:52] dskimmed2009: Money Transfered Control Number

But he never tells me what it does or how it works. I spend the next hour trying to pull that from him.

[12:54] robertsicili: you sell logins, how do you get them?
[12:55] dskimmed2009: bank logins ?
[12:55] robertsicili: is that what you sell?
[12:55] dskimmed2009: i have software to hack that from bank personal and company account's
[12:55] dskimmed2009: yes i sell bank logins too man
[12:55] dskimmed2009: CVV,FULLZ,DUMPS,LOGINS,TRANSFERS
[12:56] dskimmed2009: I Do bank transfer,western union transfer and paypal verified account transfer toooo
[13:12] robertsicili: How do you get login data?
[13:14] dskimmed2009: i hack from online banking with software
[13:14] dskimmed2009: i have boa,rbc,wamu,wachovia
[13:14] dskimmed2009: icici,hsbc,abbey
[13:37] dskimmed2009: u need banking software for bank login date?\
[13:38] robertsicili: if im to start a business of hacking data I want to know what to buy from you.
[13:38] dskimmed2009: yes man
[13:38] dskimmed2009: please give me ur western union infomations now ok
[13:38] dskimmed2009: with ur phone number
[13:39] robertsicili: and what will you do with my western union info?
[13:39] dskimmed2009: i want to send some money for u to cash it out and send it to me on my infos in ghana man ok

Now he wants my Western Union account data so he can send me money, so I can send his partner money in Ghana. He's beginning to try an "affinity" scam on me.

[13:39] dskimmed2009: one of my business patner man
[13:39] dskimmed2009: he is online now am talking with him
[13:40] dskimmed2009: so i want to give him us infos to send the money
[13:40] dskimmed2009: through money gramm
[13:40] dskimmed2009: becoz right now all the banks is close
[13:40] dskimmed2009: here in ghana now
[13:41] robertsicili: why do you want to send me cash?
[13:41] dskimmed2009: i want him to send the money to us country so that u cash it out send it to me here in ghana now man ok
[13:41] dskimmed2009: becoz right now all banks is close in ghana now ok
[13:44] robertsicili: OK so he sends me money and i send it back to you because the banks are closed?
[13:44] dskimmed2009: oh yes
[13:44] dskimmed2009: that is it my brother
[13:45] robertsicili: In the US we call that an "advanced fee" scam. At least thats what someone told me.
[13:46] dskimmed2009: okay then stop ok
[13:46] dskimmed2009: don't do it again ok
[13:46] dskimmed2009: we continue our business now

"Don't do it again," he tells me. Hilarious.

[13:47] robertsicili: I want to buy your software that hacks online banks. Tell me what it does and how much money it will cost me.
[13:49] dskimmed2009: it cost 1300$ for online banking software to hack bank logins both personal and company account
[13:51] robertsicili: tell me how it works, I want to undersyand the technology. Is it sql-injection, spyware? Password hacks, Phishing?
[13:52] dskimmed2009: 2 COMERSUS SOFTWARE WITHOUT BANK LOG IN AND BANK CREDIT CARD CODE ==========1000$
[13:52] dskimmed2009: 3 NEW WESTERN UNION HACKING BUG FOR WORLD WIDE TRANSFER ==========700$4 NEW PAYPAL LOG IN HACKWARE FOR HACKING FRESH PAYPAL ==========250$
[13:53] dskimmed2009: 7 NEW CREDIT CARD VALIDATOR FOR VALIDATING ANY FULL CC INFO ==========120$
[13:53] dskimmed2009: WESTERN UNION ONLINE SOFTWARE(WESTERN UNION BUG)VERSION 2009/2010PRICE:700$

I begin to get confused as he describes his process, because it makes no sense.

[14:22] robertsicili: explain to me me how it brings the infos and what the software hacks
[14:22] dskimmed2009: it will hack the bank u will choose on the list of the software processor
[14:23] dskimmed2009: then u will wait for 30 minutes for that bank u choose it's infomations
[14:23] dskimmed2009: every infomations that will appear within that 30 minutes if valid infomations
[14:25] dskimmed2009: It's not difficult to understand but if u understand i will be very happy man ok
[14:25] robertsicili: so the software is hacking the banks processor and getting consumer logins?
[14:28] dskimmed2009: it's like bank transfer
[14:36] robertsicili: explain how th bank transfer works?
[14:36] dskimmed2009: a'm worry about how u dont understand man
[14:36] dskimmed2009: infact its pains me

Too funny: "infact its pains me"

[14:36] robertsicili: Im skilled in software but want to understand how it works. is it a sql injection?
[14:38] robertsicili: if I am to spend thousands of dollars I needd to know how the tech nology works. you are selling hacking softeware but wont tell me how it works
[14:38] dskimmed2009: it will bring that bank u choose all its infomations will appear on it within that 30 minutes time man

None of this makes sense.

[14:40] dskimmed2009: u see someone's bank account
[14:40] dskimmed2009: he is from usa
[14:40] dskimmed2009: his account was hacked by the software last weeks monday
[14:41] dskimmed2009: 38k was withdraw from it by one of my costumer who come to buy the software man
[14:43] robertsicili: ok
[14:43] dskimmed2009: u see ?
[14:44] robertsicili: soft of. I think there mayt be a language barrier here
[14:45] dskimmed2009: what do u mean by that man?
[14:45] robertsicili: so the software gives me access to the server and shows the banks customers accounts?
[14:45] robertsicili: then I can withdraw from the account and make a transfer?
[14:46] dskimmed2009: oh yes man
[14:46] dskimmed2009: that is it
[14:46] dskimmed2009: u can make the transfer ur self to ur account either company or personal account

So I ask him how he hacks Paypal. It can't possibly be as easy as he claims.

[14:50] robertsicili: ok. how does it work with paypal?
[14:51] dskimmed2009: We have Verified and Non Verified Account
[14:51] dskimmed2009: just the id and the password
[14:51] dskimmed2009: we have ones with an empty balances and with ones with founds tooooo
[14:59] robertsicili: how does it work?
[15:00] dskimmed2009: for that one is not difficult man
[15:01] dskimmed2009: u will just put the id on it,it will show the password and the amount in the account

What? He says that his software just needs an account number and it shows the password? I smell a rat.

[15:01] dskimmed2009: then u transfer to ur bank account or ur paypal account or uur personal account or any of ur company accout man
[15:02] dskimmed2009: that'sall
[15:02] robertsicili: serious? you have software that will show a persons user ID and their passwords and whats in the account? How does it do that?
[15:03] dskimmed2009: the software self will show the password and the amount on it
[15:03] dskimmed2009: infact i have sell this to 2 costumers only
[15:03] dskimmed2009: it's too cost but simple to operate
[15:05] robertsicili: This sounds to good to be real. How can you prove this works before i send you money?
[15:05] guest-14953 entered the room
[15:06] dskimmed2009: i dont have any thing to show man

So he's got nothing. Or at least won't give up anything.

[15:07] dskimmed2009: if u are ready u go to send money now so that i send u the software man
[15:07] dskimmed2009: becoz with the software u will make alot of money
[15:07] dskimmed2009: and am going to do long term business with u for ever man
[15:07] robertsicili: if what you say is true then the entire banking and paypal security is non existent.
[15:08] dskimmed2009: so u must to trust me and to be honest with me that alll
[15:08] robertsicili: dude, i find it hard to trust in this situation.
[15:09] dskimmed2009: ok
[15:09] dskimmed2009: any way thanks for contacting me ok
[15:09] dskimmed2009: bye

I learned he wasn't much of a hacker, or at least didn't have a very good handle on his technology, or he just didn't want to tell me. But the mere fact that he is sitting in a hut or Internet café somewhere and communicating like this tells me someone somewhere has sent him money.

Protect yourself from scammers and hackers. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses credit and debit card fraud on CNBC.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Profile of a real hacker

Posted by Robert Siciliano on December 28th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The wild, wild web never ceases to amaze me. My daily routine includes a tremendous amount of research, keeping me on top of what's new in information and personal security. Every day, I spend about three hours simply "consuming" information via news alerts, feeds, and subscriptions, then breaking it down for others.

Recently, I was shocked to come across a website created by a self-declared "real hacker," advertising his services.

"I SELL CCV2,tracks+ ATM PIN,FULLZ, BANK LOGIN, BANK TRANSFER… PRICE FOR CCV us (visa or master)= 2$ us (amex or dis)= 3$ uk (visa or master)= 4$ uk (amex or dis )= 6$ US Amex 3 $ UK master/visa 6$ … All Our PayPa Acc Have Full Info And With Email Access and With All Security Answer . And With Orginal Ip And A Program For Fake Your System Ip To Orgina Ip For Full Access To PayPal Acc. Ebay Login : Fresh And Verified And Unlimited Ebay Account"

This guy is a "black hat hacker," a carder selling stolen credit card data, referred to as "fullz" and "dumps." His website includes live examples of his wares, including names, address, phone numbers, bank account numbers, credit card numbers, CCV2 numbers, Paypal account logins, you name it.

On his "Rates and Services" page, he states:

"We are a group of Ethical Hackers based in the Turkey but our staff comprises of Experienced hackers around the world, we have over the years strategically recruited the best hackers from the UK,USA,Russia,India,Philippians,Vietnam and Egypt.

Our policy is simple "making the world a better place by creating an equal balance" in other words, hack the rich and give to the poor, Robin Hood style

The way we do this is to sell Carding Stuff and hacking softwares and tools at really cheap prices so that everyone can afford it and also be able to hack.You can definitely be a hacker with our new approach tutorial. We can offer you pre-written tutorials but we will also allocate you your own specialist hacker, who you can add to your yahoo messenger and will give you a more hands on approach by teaching you everything you want to know over instant messenging.

We are ethical hackers and here to help not make money, we only charge because of the cost,time and effort involved in the services and products we offer.

Enjoy your stay and we hope we can help. Thank you!! :-"

And on his "About Us":

"GOOD HACKER WITH GOOD PRODUCE HIEN_HACK IS A GOOD HACKER WITH FRESH PRODUCE…ALL STUFFS HAVE THEIR PRICE AND ALL STUFFS GOT GOOD LIMIT AND GOOD BALANCE..WE HAVE MANY SOFTWARE FOR HACKING STUFFS…HE IS A GOOD HACKER AND NEVER RIPP HATE RIPPERS IN IS LIST…HE DO GOOD DEAL FOR LONG ….WITH GOOD CUSTOMER WHO IS READY TO HAVE GOOD DEAL…ANY THING U NEED CONTACT HIM AND HE WILL HELP GET ANY STUFFS…HE DO BANK TRANSFER FOR REAL AND WESTERN UNION TRANSFER,GOT FRESH CC ETC…TRY HIM AND YOU WILL BE HAPPY OF HIM….IF U NEED HIM JUST GO TO IS CONTACT AND GET IS YAHOO ID OR EMAIL ADDRESS ALSO HE HAVE IS NUMBER THERE CONTACT HIM AND CALL HIM FOR GOOD DEAL OKAY..BE FAST SO THAT STUFFS WILL NOT GET FINISHED….."

This is the epitome of scum. He and his band of delusional criminals have convinced themselves they are good and their victims are bad. Unfortunately, this is what we have to contend with. Hackers have been selling raw, stolen data to one another for a while now. But the fact that this type of underground activity is so prevalent that it's begun showing up in my Google News Alerts is alarming, and indicates that it isn't getting any better any time soon.

Most of the raw data being sold online is used for account takeover, but can also lead to new account fraud. In many cases, it's your own computer that's compromised, while other hacks target retailers or banks. Either way, you are ultimately responsible for the charges made in your name, unless you do something about it.

• Check your bank and credit card statements frequently, and refute unauthorized charges within 60 days.
• Be alert for phishing emails asking for personal information, credit and banking data, etc. These emails may appear to come from a trusted source, but look more closely and delete them if they are at all questionable.
• Install Internet security software, and keep it updated. If your computer becomes infected with a virus that allows it to be controlled remotely, a criminal can access all your important files and financial data.
• Get a credit freeze at ConsumersUnion.org. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
• Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses credit and debit card fraud on CNBC.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

2010 Identity Theft Resource Center predictions

Posted by Robert Siciliano on December 18th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I've joined forces with the Identity Theft Resource Center to expand the pool of knowledge about identity theft issues. As nationally recognized experts in this crime, we have come up with ten predictions for what the nation can expect in the area of identity theft in 2010 and beyond.

1. More Scams: The recession will lead to more scams. Whenever our nation has faced a difficult time, thieves have found a way to use the problem to their advantage. In my adult life, I've never seen more variations of old scams and the degree of sophistication in newer scams.

2. Job Scams: Criminals will take advantage of increasing unemployment rates by tricking desperate people searching for job listings. These fake job listings and work-at-home scams will eventually end with the job seeker providing Social Security numbers to criminals. If the job description is not one that you would see printed on a business card or you are asked to front money, it's a scam.

3. Newbie Low Tech "Desperate" Identity Theft: Additionally, there will be an increase in the number of individuals – who have no criminal history – beginning to explore the crime of identity theft for financial gain. For these thieves, it will be about quick money. Once desperate people max out their credit limits and wreck their own credit histories; they will start to use Social Security Numbers that they can easily access.

These new identity thieves will take advantage of low tech methods – stealing credit card numbers, dumpster diving, making phone calls, or phishing for credit card numbers. These techniques may also include placing ads in auctions and Craigslist for phantom products for sale to get either credit card numbers or cash.

4. All-in-the-Family ID Theft: Desperation will lead to more child identity theft and "all-in-the-family" cases, as well as the fraudulent use of numbers belonging to close friends, roommates and fellow workers. It has long been documented that a significant percentage of identity theft cases are perpetrated by people close to the victim. We predict that this number will increase during these tough economic times.

5. Child Identity Theft: The ITRC has noted that nearly 10 percent of its case load, for the past six months, involved child identity theft issues. These cases often involve more varied components of identity theft than ever before. Some people have finally realized that a child's SSN can be used for more than just opening a line of credit.

6. Medical Identity Theft: While not a new crime, this will reflect the distress of those who have become unemployed. High COBRA premiums, growing individual medical insurance costs, or the inability to afford insurance or medical care will cause a spike in this area of identity theft. The Social Security Administration has noted an increase in uninsured people using the coverage of a friend, relative or even a stranger to get medical care.

7. Insider Identity Theft: In the coming year, this will increase due to the failure to follow simple security protocols in the workplace. This will create opportunities for thieves to gain access to personal identifying information retained in databases or paper files. Additionally, the lack of computer security measures and the increasing skill levels of hackers will lead to larger and more financially harmful breaches. Although a few sophisticated hackers have been arrested recently, these large, extremely damaging hacking events will continue to occur. These thieves are educating young protégées on high tech methods to access "secured" information and will likely continue to coordinate malicious attacks from their jail cells.

8. Governmental Identity Theft: More individuals will discover that they have become identity theft victims as they apply for government assistance and/or benefits. Not only will their own SSNs be used, but they may be temporarily denied benefits due to the use of their child's SSN, which has been used fraudulently. This type of identity theft, identified as "Governmental Identity Theft," may be associated with complications with the IRS, Social Security Administration, Departments of Motor Vehicles, Medicare and Welfare.

9. Criminal Identity Theft: The number of cases of criminal identity theft will continue to grow. This type of crime is defined as the use of an individual's personal information to avoid being tied to their own criminal record. In the current environment, the effects of criminal identity theft on the victims will be more apparent with the loss of employment, loss of benefits and the increased number of arrests of victims ranging from failure to appear warrants for traffic citations all the way to felony level crimes. Criminals will continue to exploit the weaknesses of the current system and revictimize the individual whose information has been used.

10. Social Media Identity Theft: The meteoric rise in social media use has also created a launch pad for identity thieves. Social media identity theft happens when someone hacks an account via phishing, creates infected short URLs or creates a page using photos and the victims identifying information. My prediction for 2010 is that the increase in social networking activity, along with a user's failure to implement security and privacy settings and protocols, will lead to an increased exposure of not only the user's personal information but possibly that of their "friends."

Bottom line, there will be an increase in identity theft crimes and the number of victims over the next two years unless significant changes are made in information security. Our most important asset is our identity. And we are functioning under a completely antiquated system of identification with wide open credit and few safeguards to protect the consumer. When state governments agree with federal agencies on effective identification and industry comes together, not to profit from the problem but to solve it, only then will we prevail.

Protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

My Craigslist ATM causes industry stir

Posted by Robert Siciliano on December 16th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Apparently I raised a hackle or two. Seems my little stunt got the attention of industry insiders, and not all of them believe that I bought a used ATM on Craigslist, which turned out to contain thousands of credit card numbers. Well, it did actually happen, and despite what many say, that the ATM couldn't have contained 16-digit credit and debit card numbers on it, it did.

The most intense resistance to my experiment came from one Boston cop who watched me plant this thing in Downtown Crossing. He crossed his arms, glared at me, and when I walked away from the ATM, asked what I was doing. When I told him, he yelled for the women who were already using my ATM to stop, then took down my information while screaming at me. He later told me that his main concern was the possibility that the ATM might have contained a bomb!

According to ATMmarketplace.com, the ATM industry is braced for a backlash in the face of security concerns. There should be a backlash. We definitely need some regulation as to who can or can't buy an ATM. And according to Mike Lee, the chief executive of the ATM Industry Association, "while ATMIA does not condone the auctioning of ATMs, online or otherwise, the association has little control over how they are sold."

Personally, I think that the association needs to start establishing some control, and throwing your hands up in the air is lame. Both eBay and Craigslist have prohibited certain items. Why can't I buy an old credit card off eBay, but I can buy an ATM with thousands of credit and debit card numbers on it? I can't buy a "traffic signal control device" off eBay either. Because someone recognized in the wrong hands, the device can wreak havoc.

James Phillips, director of North American sales for ATMGurus, a Triton company, says that "an ATM that has old software or one that retains card numbers does not provide enough information for the owner to compromise consumer accounts," but that my experiment still "has the potential to be so damaging to the industry's reputation." First of all, a 16-digit number is enough to turn data into cash. Even without a PIN, the 16-digit number can be used to buy goods online, or encoded on a blank card to buy goods in a store. This is why Visa and MasterCard require new software to block out the numbers. Second, Jim, you're right, this is damaging. So please, fix it, and don't allow lame excuses. And my machine is a Triton 9100. She's a beauty by the way. Works nice off a 12-volt car battery, too.

Wendy Amaral, an account manager at Nationwide Money Services, says that while it's possible that some companies could provide processing without collecting the required background information about the ATM owner, Visa, MasterCard, and other financial institutions are firm about the rules, and that audits are unlikely but possible. I think "possible audits" sounds like another cop out. For those of us who use ATMs, the idea that we are protected by "possible audits" is a slap in the face.

George McQuain, chief executive of ATM ISO Global Axcess Corp., which provides ATM processing, says he's skeptical that I was able to set up my ATM for processing without a background check or even any questions. I haven't revealed the processors who agreed to set up my ATM because they seemed to be small shops, and I don't intend to destroy their livelihoods in my attempt to point out the inadequacy of the industry's regulations. But the first processor set me up over the phone, and all I had to do was fill out a PDF and fax it back. The second showed up to my house in a pickup truck to service the ATM in my garage.

McQuain also says that it is rare for an ATM to have such outdated software that it would allow the owner to print so much customer information. But it was easy for me to find one. And even when they are replaced with newer models, where do they go? Where does the data go? I'll tell you. On Craigslist, and then to the criminals.

There have been tons of reports on my story:

• Fox Boston video
• Extra TV video
• Boston Globe article
• The Register article
• SC Magazine article
• NBC Boston video
• Dvorak Uncensored
• The Consumerist
• Digital Journal
• Tom's Guide

You can protect yourself from ATM scams by paying attention to your statements and refuting unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the machine's appearance, such as wires, double sided tape, error messages, a missing security camera, or if the machine seems unusually old and run down, don't use it. Don't use just any ATM. Instead, look for ATMs in more secure locations. Cover your pin!

And invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, rolls an ATM around on Fox.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Laptop insecurity leads to identity theft

Posted by Robert Siciliano on December 14th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

In 2003, an estimated 1.5 million laptops were stolen worldwide. Today, that number has climbed to 2.6 million. That's a 70% increase in just a few years. That's one stolen laptop every 12 seconds.

Laptop computers have been the source of some of the biggest data breaches of all time. 800,000 doctors were recently put at risk for identity theft when a laptop containing their personal data went missing from the Chicago-based Blue Cross and Blue Shield Association.

As the years pass, laptop prices come down and their computing power goes up, making them increasingly vulnerable.

According to yet another interesting Ponemon Institute study, more than half of IT and security professionals worldwide believe their companies' laptops and other mobile devices pose security risks, and only half of them have CEOs who are strong advocates and supporters of data security efforts. Kelly Jackson Higgins' article at Dark Reading gives a good summary of these findings.

In the United States specifically, the situation is even worse, with only 40% of IT and security pros believing their CEOs to be security supporters. When it comes to compliance with regulations, "US firms were also less inclined to consider compliance helpful to security of their endpoints."

This report is both quite troubling and yet unsurprising. It models the philosophies that produce what we see in the real world: data breaches are quite commonplace, decent security is quite achievable, and most businesses just don't really care, at least until they learn the hard way. It's akin to a widespread lack of interest in wearing seat belts, with only those who experience accidents deciding that, sure enough, it's not very hard to buckle a seat belt and the benefits are enormous.

Many businesses have a department, or at least a group or individual, that handles security. (Note that the report also exposes a woeful lack of collaboration with this section of the business.) Yet "the security department," or the IT department in general, tends to find that upper management just doesn't "buy in" with security efforts.

Dan Yost, Chief Technology Officer of MyLaptopGPS, states, "It seems good to let the upper management take a serious fall when (not if) breaches happen. They choose not to support the buckling of seat belts, because it's 'not important' or at least not a priority. It's only fair that their necks be on the line during the next 'accident'."

Unfortunately your security, or lack thereof, is in the hands of others. Take control. Protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses laptop security on The Today Show.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Tips for secure online holiday shopping

Posted by Robert Siciliano on December 11th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

UK officials shut down more than 1,200 online retailers who scammed millions from unsuspecting shoppers. Most of the sites, which appeared to be legitimate retailers selling jewelry and other high end items from brands such as Tiffany & Co. and UGG Australia, were created by identity thieves in Asia.  When victims entered their credit card data or bank details, or sent checks, their money was stolen. Some victims did receive counterfeit versions of the merchandise they ordered, while others were left with nothing. Nobody responsible for the fake websites has been caught.

Criminals who set up fake websites go through the same process as legitimate online retailers, using search engine optimization and marketing, and online advertising via adwords. They use keywords to boost their rankings on Internet searches, which means they show up alongside legitimate sites. These same techniques are being used to infect victims' computers with malicious software. Many victims are lured to scam websites after recieving phishing emails offering high-end products for low prices.

It's easy enough to avoid spoofed websites when phishing is the gateway. Common sense says to automatically be suspicious whenever you recieve an unsolicited offer through email. The same goes for offers recieved through tweets or other social media messages. Scammers commit social media identity theft every day.

If you aren't familiar with a particular online retailer, don't even bother clicking the links, especially if an offer seems too good to be true. And if the email does come from a known website, make sure the address is legitimate before clicking on a link. Beware of cybersquatting and typosquatting, which trick you into believing you're headed to a legitimate site.

When placing an order, look for "https" and an image of a closed padlock in the address bar, signifying that it's a secure page. Scammers don't generally bother to set up secure sites.

Beware of emails coming from eBay. I've been getting ten a day lately. It's difficult to tell if these are real or fake, and you may be directed to a spoof of the eBay website. If you're looking for deals on eBay, disregard emails and go directly to the site. You can use the search function to look for deals that were advertised in emails. And when you do decide to make an eBay purchase, check out the seller's history. eBay works based on an honor system, and if the seller has a pattern of great feedback, they are probably legitimate.

Pay close attention to your credit card and bank statements. Check them at least once every couple of weeks, and refute any unauthorized charges within two billing cycles. Don't use debit cards online, since they offer less protection and more liability than credit cards. And avoid paying buy check, since it's difficult if not impossible to put that money back into your account once it's gone.

Do business with people or companies you know, like, and trust. On occasion, I do buy from online retailers with the best deals, but only cheaper items, generally under $50.00. When I'm buying something more expensive, I stick to companies that also have brick and mortar locations.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses holiday scams on Fox's Mike and Juliet Show.

Read more »