Online Auto Sales Often Involve Scary Scams

/in /by

Online auction and classifieds websites are unwittingly participating in car sale scams. Ads gain credibility by appearing on eBay, Craigslist, and other online automobile sales websites, but some are either completely phony or have been copied and pasted from other websites.

The FBI’s Internet Crime Complaint Center received nearly 14,000 complaints from 2008 through 2010, from consumers who have been victimized, or at least targeted, by these auto sale scams. Of the victims who lost money, the total dollar amount is staggering: nearly $44.5 million.

The FBI explains how the scam works:

“Consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.”

Consumers should watch out for the following red flags:

  • Cars are advertised at too-good-to-be true prices
  • Sellers want to move transactions from the original website to another site
  • Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website
  • Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time
  • Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story
  • Sellers who ask for funds to be wired ahead of time

Online classified and auction websites could work together, and share information on the devices running these scams, through the device reputation service provided by iovation Inc. Their fraud detection service, called ReputationManager 360, is a B2B SaaS solution incorporating complex device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and behavioral abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

iovation’s “living shared database” is used by fraud analysts daily and shares the reputations of devices from literally every country in the world. This reputation is a combination of fact-based evidence (such actual chargebacks, identity theft, online scams and account takeovers), plus what risk can be inferred at transaction time.  Fraud analysts take this fight seriously and submit 10,000 events of fraud or abuse into the shared database each day.

Performing a device reputation check on a scammer attempting to create a new account at a sale or auction website would stop him before he has a chance to post advertisements for scams, preventing damage to the business and its customers. And when one of your good customers has been scammed, you can submit that evidence back into the iovation database to make sure it does not happen again, whether from the same device, or a related device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

82 Year Old Man Shoots Burglars, Faces Charges

/in /by

Guns, guns, guns. Americans love their guns. Guns definitely are a layer of security. They can save your life and they can also be used against you and they can also get you in lots and lots of trouble.

An elderly man is now facing two counts of armed assault with intent to murder, two counts of assault and battery with a dangerous weapon and discharging a firearm within 500 feet of a building for shooting 2 people outside of his home. He believed they were trying to get in, and his belief was affirmed when one of them tossed a boulder through one of his windows.

His attorney stated “This is the victim here, an 82-year-old man with no criminal record. He defended life and property.”

The Assistant District Attorney was quoted saying “We don’t live in a place where you can just fire from a window. It is fortunate no one died.”

True.

It definitely isn’t a good idea to shoot someone outside of your home even on your property. However in some states the laws side with homeowners when shooting trespassers.

I appeared on the Maury Povich show to discuss weaponry and self defense. The premise was the shows subjects were facing jail time or in jail because they killed their attackers, which almost happened in the above scenario.

Some of the subjects were victims of domestic violence where others were victims of home invasions or stalking.

So maybe the guy “jumped the gun”, maybe he was legitimately at risk.

The first layer of protection should always be locked secure doors and windows. A monitored home security alarm should run parallel to a secure perimeter. In the above situation with a proper alarm that included glass break sensors, law enforcement would have been alerted the moment the glass broke. The piecing alarm may have also made the burglars think twice.

Robert Siciliano personal and home security specialist toHome Security Source discussing Home Invasions on Maury Povich. Disclosures

International Credit Card Hackers Hammered

/in /by

Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings.

The Register reports, “After investigations that began in 2009, the police executed three search warrants in metropolitan Sydney, retrieving EFTPOS terminals, computers, cash, mobile phones, skimming devices, and several Canadian credit cards. Other seizures in the two-year investigation have included 18,000 blank and counterfeit credit cards, stolen EFTPOS terminals, and skimming devices. The men arrested are Malaysian and Sri Lankan nationals, and are accused of coordinating the fraud operation in Australia, North America and Europe.”

Meanwhile, “a Brooklyn man has pleaded guilty to aggravated identity theft for his role in an operation that defrauded credit card issuers of almost $800,000 in bogus charges. FBI and Secret Service agents recovered data for 2,341 stolen accounts on his computer and on the magnetic stripes of cards, according to court documents.”

Cooperation between U.S. law enforcement agencies and international governments can be credited in taking down these thieves. However, studies show there are plenty of other criminals involved in fraudulent acts from countries like China, Nigeria, Vietnam, Ukraine, Malaysia, Thailand, Indonesia, Saudi Arabia and South Korea to take their place.

There is an anti-fraud company in Oregon, called iovation Inc., that helps online businesses connect the devices used in fraud rings across geographies, by associating them with the accounts they access. Whether the device is a PC, smartphone, tablet or other Internet-enabled device, iovation’s device identification technology recognizes new and returning devices touching their client’s sites within multiple industries.

Cyber criminals with a history of fraud or abuse are obviously flagged by iovation’s ReputationManager 360 service, but even more interesting are the real-time checks that happen within a fraction of a section as the user is interacting with the website. This might include assessing risk for activities such as setting up an account, logging in, changing account information, or attempting to make a purchase or transfer funds. Real-time checks differ for each website integration point as businesses customize and continually fine-tune them to detect fraudulent and risky behavior so that they can identify and keep bad actors off their site for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses organized criminal hackers busted on Good Morning America. Disclosures

Back to College Campus Security

/in /by

Whether getting out of high school and entering college, or if you’re a veteran starting another year of college, there are 2 absolutes remain true: 1. You will more than likely get into a situation where your security will be at risk and 2. You aren’t fully prepared to react or respond to the situation.

Why? First, life can be hard and a hard life makes people a little nutty and they do bad things to other people. Second, your mom and dad really didn’t get a formal education on personal security so they sent you off into the world with the limited information they had. Most people regardless of age aren’t prepared. Throw lots of alcohol into the mix and it gets even dicey-er.

September is National Campus Safety Awareness Month. The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (20 USC § 1092(f)) is the landmark federal law, originally known as the Campus Security Act, that requires colleges and universities across the United States to disclose information about crime on and around their campuses.

Do your research into the crime climate of the learning institution you plan on attending.

Don’t sit idly back and hope everything will be OK.

Educational institutions aren’t meant to be secure fortresses, which makes them vulnerable to predators

Directly call the institutions security office and get statistics for on and off campus crimes. You want to know exactly what has taken place in the last 3-5 years.

If you go to the campus have an onsite meeting with the security office. It is in your best interest, and required by law for colleges to offer personal security training for their students.

Determine what campus security personnel and technology systems are in place to head off danger.

 

Whether living on or off campus invest in your personal security. Wireless home alarms and portable home security systems are cost effective and add an additional layer of protection. Security cameras are inexpensive and can greatly enhance your security too.

 

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News. Disclosures

In Hurricane Season Get the Facts

/in /by

Hurricane Irene killed over 40 people, did millions to billions of dollars in damage and left millions without power for over a week.

I live on the east coast, right on the coast, and battened down in anticipation of getting whacked. Well that day never came because the storm missed us.

The local and national news channels continued to spout out information that devastation was on the way even though NOAA kept telling me the storm was downgraded to a tropical storm. I’ve had 75 mile an hour winds here and that’s not devastation. But it definitely means you need to remove anything from your porches and yard that can be flung through a glass window.

Anyway, in the days after the event many people locally complained to me that the media exaggerates things and in the future they will not pay any attention to the boy who cried wolf.

I repeat: Hurricane Irene killed over 40 people, did millions to billions in damage and left millions without power for over a week. While the media definitely sensationalizes things it is better to be over prepared than underprepared. Further it is even better to get the FACTs from NOAA and get a local perspective with a grain of salt when watching what’s going on in the news.

The Red Cross along with NOAA have great tips on how to prepare.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Psychic and Fortune Tellers Are Scammers

/in /by

A quick break here from security and security solutions to include you in on a little secret.

People all over the world, in addition to people I know and love spend money (sometimes mine) on “readings” thinking they are getting inside information on something such as an unforeseen life event or drummed up answers to questions about the past.

Mostly, the motivations behind a “normal” person going to a fortune teller or psychic are purely for fun. I have been to a few in the past, often pulled in while walking a boardwalk at a touristy event or when someone brings a psychic to a party to bring the party up a notch.

Generally the psychic provides a degree of information that when told, gets the listeners attention because the “inside info” couldn’t possibly be known otherwise.

But that inside information is often generic, or standard. Meaning chances are “there is a family member you are having a very difficult time with” and “you love them and have tried to patch things up but can’t” and “they just don’t understand you”

WHO ISN’T IN THAT SITUATION???!!!

One psychic told me she saw “red blood” in my future “from a type of accident”. I was wearing a leather vest with a long leave shirt that said “Harley Davidson” and carrying a helmet. She was insightful.

So when people get sucked into this they will often get rolled into spending more money to get more information so the fortune teller can solve all their problems.

Recent news of an educational foundation of sorts offered up a million dollar challenge to anyone who could prove they are a psychic. Nobody has taken the bait. Know why? Because anyone who takes the challenge would be discredited on a national stage.

Just this week in Florida a family of multi million dollar fortune tellers were arrested for using magic tricks claiming they were talking to the dead, and curing disease. Victims were giving up luxury cars, cash and gold coins to have the scammers fix all their problems.

There is a scam for everyone. Everyone is a mark, it’s just a matter of finding that persons scam spot.

PS, there is no such thing as UFO’s or ghosts either. Since billions of people now carry smartphones that record pictures and videos we have yet to see a ghost or UFO on camera.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

Username and Passwords Are Facilitating Fraud

/in /by

In 2005, the Federal Financial Institutions Examination Council stated:

“The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation.  Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.”

Here we are in 2011, six years later, and well over half a billion records have been breached. And while it is true that not all of the compromised records were held by financial institutions, or were accounts considered “high-risk transactions,” many of those breached accounts have resulted in financial fraud or account takeover.

Back in 2005, you might have had two to five accounts that required you to create a username and password in order to log in. Today, you may have 20 to 30. Personally, I have over 700.

The biggest problem today is people most often use the same username and password combination for all 20 to 30 accounts. So if your username is name@emailaddress.com, and your password is abc123 for one website that ends up getting hacked, it will be easy enough for the bad guy to try those login credentials at other popular websites, just to see if the key fits.

The quick and simple solution is to use a different username and password combination for each account. The long-term solution is for website operators to require multifactor identification, which may include an ever-changing password generated by a text message, or a unique biometric identification.

Until that time, the three best tips to create an easy to remember but hard to guess string password are as follows:

Strong passwords are easy to remember but hard to guess. “Iam:)2b29!” consists of ten characters and says, “I am happy to be 29!” (I wish).

Use the keyboard as a palette to create shapes. “%tgbHU8*” forms a V if you look at the placement of the keys on your keyboard. To periodically refresh this password, you can move the V across the keyboard, or try a W if you’re feeling crazy.

Have fun with known short codes or sentences or phrases. “2B-or-Not_2b?” says, “To be or not to be?”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Apple’s iCloud Means for All of Us

/in /by

If you use Gmail, Hotmail or Yahoo, you know your email is accessible from any computer or smartphone. That’s because your messages are stored “in the cloud.”

What is iCloud? Apple puts it like this: “iCloud stores your music, photos, apps, calendars, documents, and more. And wirelessly pushes them to all your devices — automatically. It’s the easiest way to manage your content. Because now you don’t have to.”

If you take a picture on your iPhone, it appears on your Mac. If you write a document on your iPad, it appears on your iPhone. If you buy a song on iTunes, it becomes available on all your devices.

The cloud isn’t new, but when Apple pushes out a product, they often find a new and improved way to utilize existing technology.

iCloud was designed with three things in mind: convenience, portability, and consolidation. It allows you to keep your devices in sync, to access your data from anywhere, and do it all within a single, central hub. That last design feature gives Apple a certain degree of control over the user base.

Apple’s iCloud and its consumerization of centralized, cloud-based data and services will undoubtedly result in even more consumers connecting to even more devices.

Better yet, iCloud will spur even more innovation among Apple’s partners and competitors. Soon, we will see more products and services consolidated in “the sky,” which other cloud services will connect to. Consumers will also have more options for creating their own personal clouds, in the form of smarter home-based servers, making it easier to manage all of their devices and keep them secure.

And for all you PC lovers, there will surely be many more offerings to keep your digital life in sync, because, well, not everybody likes apples.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Hackers Target Small Business

/in /by

Big companies and big government get big press when their data is breached. And when a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often left in the dark, regardless of the various state laws requiring notification.

One reason for this is that smaller businesses tend not to keep customer names and contact information on file, and credit card companies discourage them from recording credit card data.

This is serious cause for concern. The Wall Street Journal reports that the majority of breaches impact small businesses:

“With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.”

If 95% of breaches affect small companies, it’s anyone’s guess how many times my or your credit card numbers have been compromised. I’ve received four new cards in the past three years as a result of major companies being breached. But I use credit cards at more than a hundred different retailers in a year. And it isn’t only credit card numbers that are stolen, but also usernames and passwords, Social Security numbers, email addresses, and more.

Check your credit card statements online weekly and refute any unauthorized charges. As long as you dispute charges within 60 days, federal laws limit your liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

Change up your passwords at least once every six months. If a business is hacked, they may not know for years, and can’t possibly notify you until it’s much too late.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

10 Things To Put In A Fire-Resistant Safe

/in /by

Your house isn’t going to catch on fire, right? Well, you hope not, so maybe you even fool yourself into believing it can’t happen. But I’ll bet you have fire insurance, and maybe a collapsible escape ladder, and a fire extinguisher or two. I have all this, and I also back up all my digital data in the cloud, including pictures and documents.

And I have a fire-resistant safe.

All this preparation is so that if there ever is a fire, I can reduce or eliminate any risks to lives and valuables.

Most documentation is replaceable, but certain things are not. Sometimes, when documentation is replaceable, getting duplicates can be a nightmare.

Mementos: Photos, love letters, children’s drawings, and so on. You probably have a box full of things that you like to browse through every ten years or so. Or photo albums on a shelf. If these items were incinerated, you’d be very unhappy.

Insurance papers: Home, auto, life, health, and business insurance papers should be protected.

Health related information: if you have health issues and multiple files, records, and prescriptions, they should be protected.

Financials: Documentation regarding investments, bank account numbers, stocks, bonds and coins should be protected.

Wallet: Photocopy everything in your wallet front and back and put the copy and extra credit cards and cash should be protected.

Identification: Birth certificates, passports, driver’s licenses, Social Security cards, insurance cards, and any other identifying documents should be protected.

Titles: Deeds, boat, and automobile titles should be protected.

Wills: Any and all documentation related to a will should be protected.

Jewelry: Most insurance providers require a safe in order to obtain insurance coverage.

Extras: I have an extra passport, extra credit cards, extras set of keys, extra emergency cash, and extra identification, all protected in my safe.

Robert Siciliano is a Personal and Home Security Expert for SentrySafe. See him Discussing burglar proofing your home on Fox Boston. Disclosures.