6 Tips for Cyber Monday

Bad guys know perfectly well that when the online bargains begin after Thanksgiving, specifically, on the Monday after Thanksgiving, you will be providing your credit card number to retailers all over the world.

1. Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

2. Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints.

3. Don’t give out more personal data than necessary. Many retailers require your name, address, phone number, and credit card information. This is normal. But if you are asked for anything beyond that, like bank account numbers or your Social Security number, run hard and fast.

4. Vary your passwords. Often, online retailers will ask you to register with their website when you make your first purchase. Never register using the same password you’ve already used for another website. Otherwise, if one website is hacked, your password could be used to infiltrate your other accounts.

5. Use HTTPS sites. Websites that have a secure checkout process, with “https://” in the web address (as opposed to “http://”) are safer.

6. Print out and save online receipts. Keeping track of what you bought, where, and for how much can become confusing when making multiple purchases online. You need to pay close attention to your purchases in order to reconcile your credit card statements.

Smart retailers are already protecting consumers behind the scenes by implementing multiple layers of fraud protection. One very effective fraud detection technology is the use of device identification and device reputation to alert businesses to known fraudsters on their site. iovation Inc. provides this service, taking it another level to analyzing the device’s reputation by assessing risk on each transaction.

“The most reputable online sites all ramp up their security processes during the holidays,” says Molly O’Hearn, iovation’s VP of Operations & Co-founder. “This is a very good thing for online consumers because this is the time of year that your identity and credit card information is most at risk.”

Whether you are buying electronics as gifts this holiday season, or sports and entertainment tickets for friends and family, iovation is working hard in the background of these sites to keep the bad guys out so you can have a safe and fun experience.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

Serious Considerations When Building a Panic Room

A “fortified environment” is what it is known as. A safe haven or “safe room” buys you time in the event of brutal home invasion where people are tied up, raped and murdered. Like this one.  A safe room is also a layer of protection in the event of manmade or natural disasters.

Envision you are home and the home security alarm goes off because some drug crazed axe, knife and gun wielding bunch of lunatics smash down your door with the intent of doing very bad things to your family. This is when a fortified environment would help you survive.

Features of a safe room include:

Reinforced doors. These may be steal fire rated doors or ones lined with steel plate. The frames are also beefed up with door brace technology.

Reinforced walls, ceiling, floors. This can be anything from extra layers of plywood, sheet metal, steel plate, concrete or bullet resistant acrylic (plastic) or Lexan sheet.

Electronics. What safe room wouldn’t be complete without wireless internet and mobile communications?

Security systems. A monitored home security system complete with security cameras and back up batteries. All of which are in some way protected from intruders.

Self defense equipment. This can be anything from non-lethal to lethal.

Nourishment. You may be in your safe room for hours to days. Non perishable canned foods, and water is a must.

Gas masks. In the event your home invaders (or nuclear fallout) try to smoke you out, a gas mask is a nice touch.

Emergency first-aid kit. And assortment of bandages, ointments etc. Put some trash bags in there too. Trust me.

A simple enough strategy when installing a safe room in an existing home is to either install in your bedroom, basement or retrofit a walk-in closet.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

The Evolution of Holiday Thievery

Black Friday, the day after Thanksgiving, kicks off the holiday shopping season. Retailers advertise Black Friday bargains in order to lure you through their doors.

As far back as I can remember, police have been warning of thieves who target cars in parking lots, smashing windows to steal shopping bags left in plain sight. Then, we’d be warned that as the Christmas lights went up, thieves would target the wrapped gifts underneath the tree. I thought, “It can’t get worse than this?”

Then Cyber Monday came along. It was born as a marketing opportunity that has taken on a life of its own over the past five or six years. Online retailers promote their Cyber Monday offers throughout the fall, creating hype that whips shoppers into a frenzy. It’s become as essential to the retail community as Black Friday.

Now the warnings are different: no longer so focused on crime in the physical world, but instead, on threats in the virtual world.

When shopping online, you risk unintentionally visiting an infected website, which could infect your PC with keylogging spyware, which would be used to steal your data. Or you might provide your credit card information to a legitimate online merchant that later falls victim to a data breach. Another risk is that you might order a particular product but receive something of lesser quality, or a different item entirely, and then have to contend with poor customer service.

And, of course, your identity might get stolen. Lovely. My, how times have changed!

Online retailers would spread more holiday cheer if they did their part to protect the public from credit card fraud by implementing device reputation. Device reputation, offered by iovation Inc., taps into a global device identification network that also contains millions of verified fraud and abuse events such as chargebacks, identity theft, shipping fraud on those devices. The device’s reputation is assessed in real time when a transaction is being attempted on a retailer’s website.  And when the device (such as a computer, phone or tablet) has no prior history, iovation profiles its potential risk for the online retailer, identifying high-risk activity before the transaction is approved or product shipped.

Stopping fraudulent transactions upfront spares many holiday revelers the burden of covering the bill for the gift lists of cyber criminals.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Holiday Headaches Coming for Consumers

Gearing up for the holidays, consumers are getting ready to pull a Wilma Flintstone and, “Charge it!” Many don’t realize that you cannot protect your credit card number. Every time you use a credit card, you increase the chances of that card number being used fraudulently.

  1. When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen.
  2. Shop only at trusted sites. Phantom websites appear online all year round. They look legitimate, resembling well-known online retailers. But only do business those you recognize. Established online merchants are best.
  3. Unsolicited emails that request sensitive data such as credit card numbers or lead you to a too-good-to-be-true offer are most likely phishing emails. Don’t disclose your information, and don’t click unknown links.
  4. Check your credit card statements daily, if possible. Once a week is sufficient. Refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Internet crime schemes steal millions of dollars annually from victims.  If you are looking for more helpful tips, the Internet Crime Complaint Center is a great resource. Their site provides preventative measures that help you be more informed prior to making purchases on the Internet.

Holiday schemes will be in full force this year.  Charge or purchase wisely.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Lonely Hearts Target of Dating Scams

Online dating websites are aware that scammers use their platforms to defraud men and women looking for love. With the holidays around the corner, many unsuspecting people will be used and abused by scammers, who will break their hearts, their bank accounts, or both.

Many of the stories of heartbreak and fraud look like this:

“After chatting via email, they arranged to meet, but their plans ‘collapsed’ when he told her that he had been held by tax authorities over an issue while he was attempting to fly out on business.

The so-called ‘Mr. Fields’ then asked the nurse for financial help, using emails from his fake solicitor to convince the nurse that this was merely an oversight and that his client would pay her back.”

No matter who someone is, what they say, or how they look, don’t automatically trust them.

Discussion of money or loans in any capacity is a red flag.

Don’t let your heart get in the way of basic common sense.

Sometimes loneliness trumps our ability to see the truth. Keep your head up and be attentive to people’s intentions.  In context of the “Color Code of Mental Awareness” this would mean operating in the yellow zone (not in the white zone) while interacting with others on dating and social networking sites.

One company looking out for you behind the scenes is iovation Inc.  They work with dating sites and social networks around the world to rid their sites of bad actors.  They have stopped more than 50 million attempts of online scams and solicitations, spam, identity mining and fake profiles for their clients. All of this happens behind the scenes to keep the site and its customers safe.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Dating Security on E! True Hollywood Stories.  Disclosures

 

Beware of Furnace Scams

To my horror, old man winter is knocking at my door.  There is snow on the ground in Boston accompanied by a howling wind with a wind chill of wicked, wicked, wicked cold. Did I say it’s wicked cold? It’s only 37 degrees but feels like 10 below. Frankly, I should live on an island in the pacific for more than one reason, and avoiding winter is one of them. I’m a very delicate flower.

Anyways, if you are proactive you should have already gone through with your annual maintenance regime with your forced hot air furnace, or forced hot water boiler.

In this process you may change air or water filters, clean out tubes, clean ducts, tighten up any water or air leaks, or flush the system of bad fluids. If you haven’t done any of this or have no idea what I’m talking about you may be a good target for furnace scams.

The most effective way not to be scammed is to do business with those you know, like, and trust. A referral by someone you trust who has a long term relationship with a licensed plumber or pipefitter is often the best way to get a reputable contractor to do maintenance or install a new system. Keep in mind any heat/cooling related work can cost under a $100.00 to several thousands. And if you don’t have an honorable contractor, they can easily fleece you.

Look for a license and confirm its validity with the local registry.

Be especially aware of duct cleaning scams. Do your research on how often they should be done and watch the contractors every single move. You want to see dirt and see dirt removed.

Confirm they are insured.

Don’t do business with anyone who does door to door sales.

Beware of scare tactics.

Always require a full proposal.

Get second and third opinions.

Get references.

Search them online and seek out any complaints with the Better Business Bureau.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Community Comes Together to Fight Burglary

In Rochester New York they are being “plagued” by burglaries which rose by over 13 percent in the last year. As a result they organized a Burglary Prevention Clinic to teach homeowners how to better secure their homes.

WHEC reports one of the residents was quoted saying “It’s so easy to forget that maybe I didn’t lock my window, or I didn’t secure my door, or my lock is a little loose.”

This particular event had more than the standard Neighborhood Watch attendees. In attendance was law enforcement, security professionals, locksmiths, politicians, insurance agents and community members all sharing their experience and best practices to keep safe.

They discussed a number of security issues, people voiced their concerns but one politicians stated very poignantly “I would say the most important thing is that there’s a lot that we can do to protect each other, so communication with your neighbors, and relationship with your neighbors goes a long way.”

Use solid steel or solid wood doors.

Trim shrubs to eliminate hiding spots.

Report suspicious activity in your neighborhood.

Start a neighborhood watch and get to know your neighbors.

Inform a few trusted neighbors of any travel plans to assist in the collection of newspapers and mail.

Install a home security system monitored by law enforcement and consider security cameras too.

Robert Siciliano personal and home security specialist toHome Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Feds Catch Carder

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US.

WE DO NOT SELL DUMPS

“Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet. “Dumps” is a term for the batches stolen credit card data they buy and sell.

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud.

It’s in the retailer’s best interest to put online fraud prevention measures in place to thwart credit card fraud use on their sites. This not only helps them keep their chargebacks and fees low, but it also protects their brand reputation with their loyal customers.  But how can retailers detect when fraudsters are stealing from their websites in the first place?

Before verifying identity and credit information, first make sure that the computer, tablet or smartphone connecting to the site is not a known fraudulent device – one used to steal from your business in the past, or from other online businesses.

Would you like to know if the device is acting suspicious such as masking its IP address or constantly changing its characteristics between transactions?  Is it opening an excessive number of new accounts, or are new countries suddenly accessing your customer’s existing accounts?

There are many indicators of risk and companies like Oregon-based iovation Inc. helps online businesses set up fraud and risk rules in advance so that as transactions come in, the rules run and all checks in a fraction of a second. This device identification service can stop the transaction right then and there.

Carders are just one piece of the cybercrime puzzle.  Having a defense-in-depth approach to fraud prevention is essential.  And sharing fraud intelligence with other businesses can only help you catch more fraud, and meanwhile, take more business with confidence.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Identity Theft Ring Targeted Banks

In what is considered “the largest identity theft takedown in U.S. history,” 111 individuals were indicted for “stealing the personal credit information of thousands of unwitting American and European consumers and costing individuals, financial institutions and retail businesses more than $13 million in losses over a 16-month period.”

The five different identity theft and forgery rings involved in these crimes targeted banks using a variety of techniques. From inside jobs to robberies and credit card fraud, this criminal network, based in Queens, New York but with ties to Europe, Asia, Africa, and the Middle East, was organized and profitable.

The criminals’ primary focus was on credit cards. Many of the defendants are accused of using stolen credit card numbers to purchase “tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry,” not to mention staying at five-star hotels Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.”

“Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years,” explained Queens district attorney Richard Brown.

Police Commissioner Kelly commented, “These weren’t holdups at gunpoint, but the impact on victims was the same. They were robbed. We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credit cards and their vulnerability to identity theft have grown along with the Internet.”

More financial institutions could protect their clients and themselves by incorporating device identification upfront in their fraud detection processes to keep scammers out, as the recent FFIEC guidelines suggest. Oregon-based iovation Inc. offers the world’s most advanced device identification service, which is already in use at many major financial institutions offering commercial and retail banking as well as credit issuance.  The device recognition service, called ReputationManager 360, is used alongside other risk-based authentication tools for a layered defense against organized crime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Approaching Holidays Bring “12 Scams of Christmas”

Whether you like it or not, whether you’re ready or not, the Christmas machine has arrived—well before Thanksgiving—at least as far as stores and advertisers are concerned. And there’s no question that scammers, identity thieves, and criminal hackers have already begun setting traps for holiday shoppers.

So whether they’re using PCs, Macs, or mobile devices, consumers should be looking out for “The 12 Scams of Christmas”: the dozen most dangerous online scams this holiday season, as revealed by McAfee.

1. Mobile Malware: McAfee cites a 76% increase in malware targeting Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform. New malware has recently been found that targets QR codes, digital barcodes that consumers might scan with their smartphones to find good deals on Black Friday and Cyber Monday.

2. Malicious Mobile Applications: These are mobile apps designed to steal information from smartphones, or to send out expensive text messages without a user’s consent. Dangerous applications are usually offered for free, masquerading as games.

3. Phony Facebook Promotions and Contests: Cyber scammers know that contests and free offers are attractive lures, and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information.

4. Scareware: This fake antivirus software tricks recipients into believing their computers are at risk, or have already been infected, so that they will agree to download and pay for phony software. An estimated one million victims fall for this scam every day.

5. Holiday Screensavers: A Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious, too.

6. Mac Malware: Cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10% from month to month.

7. Holiday Phishing Scams: Cyber scammers know that most people are busy around the holidays, so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.

8. Online Coupon Scams: When consumers accept an offer for an online coupon code, they are asked to provide personal information, including credit card details, passwords, and other financial data

9. Mystery Shopper Scams: Mystery shoppers are hired to shop in a particular store and report back on their customers. Sadly, scammers are now using this appealing job to lure people into revealing personal and financial information.

10. Hotel “Wrong Transaction” Malware Emails: Scammers have designed travel-related scams in order to tempt us to click on dangerous emails. Once opened, an attachment downloads malware onto the victim’s machine.

11. “It Gift” Scams: When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t actually have the popular items.

12. “Away From Home” Status Updates: Posting information about your vacation on a social networking website could actually be dangerous. Thieves may see your post and decide that it sounds like a good time to rob you.

Be sure you have active, comprehensive protection for all of your devices. McAfee All Access is the only product that lets individuals and families protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets, and netbooks, for one low price.

Robert Siciliano is an Online Security Evangelist for McAfee. See him discuss identity theft on YouTube. (Disclosures)