Protect Your Gaming Account As You Would Your Bank Account

Most people are aware of the need to protect their financial accounts, and generally take at least some degree of care to prevent criminals from accessing their money. Protecting your online game account, on the other hand, might not be such an obvious priority, but when accounts created for playing massively multiplayer online games are not properly secured, but connected to credit card accounts, gamers set themselves up for fraud.

PCMech offers some insider tips for MMO players. The fundamentals of account protection include:

Password protection: Never give out your password. If you contact customer service and they ask you to verify your account by providing a “knowledge-based answer,” such as the name of your pet or high school, it’s okay to answer. But never provide any identifying information in response to an unsolicited phone call or email from someone who may be posing as a representative of the MMO.

Beware of infected downloads: Add-ons and modifications downloaded from unofficial sources may be infected with spyware. PCMech’s Nick Greene suggests checking out a game’s online forum to get recommendations for reputable download sources.

Secure connected accounts: For example, if your social networking or email accounts are in any way connected to your MMO account, they both need to be equally secure, with unique passwords.

And, as always, it’s vital to keep your PC up-to-date with antivirus, anti-spyware, anti-phishing, and firewall protection. Remember to update your critical security patches, as well.

While players must do what they can to protect their accounts, the more mature gaming publishers employ multiple layers of defense behind the scenes, to protect their valued members. One proactive anti-fraud technology that doesn’t interrupt the player experience and keeps the bad guys out, is called device reputation, which examines computers, smartphones, and tablets being used to connect to a game, and helps gaming publishers know who to trust in order to keep their players safe and in a fun environment.

 Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Ode to the Nigerian Scammer

Most of us would never fall for a Nigerian email scam. The obvious “scammer grammar” and outlandish requests would tip us off, as would the supposed Nigerian origin of the message, since we’re probably familiar with the typical claims about Nigerian royalty. So you might wonder why these scammers persist in such an obvious ruse, rather than tweaking their stories to make them more believable.

According to a recent study by Microsoft researcher Cormac Herley, the Nigerian scam is designed to tip off all but the most oblivious recipients. The intended targets are people so unaware of common online scams that they must have been living in a cave without Internet access until, like, yesterday.

In Why do Nigerian Scammers Say They are from Nigeria? Herley explains, “Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.”

In other words, scammers are disqualifying the majority of potential victims in order to pinpoint the most gullible as quickly as possible. Anyone naïve enough to respond to such ridiculousness is far more likely to willingly empty their bank account.

Unfortunately for consumers, the #1 method of prevention is education—knowing when something looks too good to be true, not accepting friend connections from people you don’t know, not publishing your personally identifiable information (Teens: please stop posting photos of your freshly-printed driver’s permits and licenses on Facebook), and of course, changing passwords often and not sharing them with others. Installing anti-phishing technology on one’s computer or other device is also known to prevent many of the messages from reaching you in the first place.

On the business-side, banks, retailers, dating sites and social networks help prevent scams by identifying known scammers and spammers the moment they touch their website. By using iovation’s device identification service, ReputationManager 360, which shares the reputations of more than 975 million devices from all countries in the world, they not only know a device’s rap sheet (which could include online scam solicitations, spam, identity theft, credit card fraud and more), they know about devices related to it, and are alerted to other forms of suspicious behavior in real-time as well.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Mobile Security Apps and Tips

Nearly three-quarters of Americans have never installed any type of data protection or security software on their mobile devices, leaving themselves completely open to data loss, viruses, and malware. 72% of us, to be exact, have unsecured smartphones, even as they take on an increasingly important role in our digital lives.

Update your OS: The expanding selection of mobile devices results in more complex operating systems and applications, which ultimately increases attack opportunities. One hopes that, as criminal hackers and security researchers expose new vulnerabilities, OS manufactures will role out timely updates to fix flaws.

Most OS updates require a USB connection to your Mac or PC and a desktop application that bridges the connection between your device and the manufacturer’s website. Newer OS updates can sometimes be downloaded directly to a phone through a Wi-Fi connection or your carrier’s network.

Update your applications: Just as an operating system can have a security or privacy vulnerability, so can an application. Most applications require functionality updates in order to remain compatible with OS updates. Updating an application should be fairly straightforward. Apps can usually be updated from the phone by accessing the official app store through the carrier’s network. Depending on the size of the download, a Wi-Fi connection may sometimes be necessary.

Lock your mobile device: 4-digit PINs for iPhones; or pattern recognition for Androids, are the current standard security measures. These flimsy defenses need to be updated to a more secure alternative, or at least a longer alphanumeric string, especially for the phones used for business purposes.

A very high percentage of owners lock their devices with a short PIN, and may be unaware of the alternatives to this bare minimum, such as a “non-simple” security option on the iPhone. And most PINs are weak as well as short. Five basic combinations ¾ “1234,” “0000,” “1111,” “2580,” or “0852 ¾ make up more than 10% of all PINs.

Install antivirus protection: Just like on a PC, mobile antivirus products should provide real-time protection against viruses, worms, spyware, Trojan horses, and battery-sapping malware. Adequate mobile antivirus protection guards against threats that originate via email, instant messaging, and Internet downloads. It detects data received from multiple entry and exit points, including email, instant message attachments, Internet downloads, SMS, MMS, WiFi, and Bluetooth.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

70% of Teens Hide Online Activities from Parents—Why We Should be Concerned

Most major media picked up on a study that McAfee released called “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” that shines a scary light on how much trouble kids are getting themselves in online and how clueless most parents are.

Many people commented saying “I don’t need McAfee telling me kids lie” and I get that. But those who recognize the obvious may not realize the actions and consequences of those lies.

I’ll be the first to admit, and I’ve said this on national TV and radio, I should be buried 6 feet under based on the way I lived my teen years. I lied as a means of survival to cover up my various acts that would have surely got me the belt. But what I did compared to what teens are doing today was a different kind of trouble.

People snicker when they learn that almost half of teens are looking at porn weekly. Really? This is no big deal? It’s true they say “we become what we think about” and a 13-year old isn’t in an emotional or physical position to be consuming hard core violent porn.

Another example is that more than 10% of 13-17 year olds are meeting strangers online then actually meeting them in the real world. I doubt before social media there were as many teenage girls meeting 30-year old men on the street and then getting in his car. But with the Internet these “friends” can seduce teens girls via text or social networking sites and fill her emotional needs until he’s “got her.”

Are you really aware what this hidden behavior and lying is concealing? From the study, McAfee revealed that teens readily admitted to:

Breaking into others’ social media accounts

Hacking and manipulating grades in school

Downloading illegally pirated movies, music and software

Bullying, whether it was actively being a bully, being bullied or witnessing bullying

All of these activities could potentially get you, as parents, involved in numerous lawsuits because of these illegal activities.

This study more than anything points out how outrageous kids are acting online and how oblivious and overwhelmed their parents are. Perhaps Kevin Parrish, journalist and parent of teens from Toms Guidesummed it up best when he said:

“The Internet can be a dangerous place, and allowing teens to run free in a virtual new frontier seemingly run by hackers is just downright insane. Allowing children to do whatever they want online is a huge security risk to your personal data, and a potential legal risk for them. Bottom line, the Internet is a privilege, not a right. Teens should be allowed to express themselves, but not to the point where predators come calling or the FBI comes knocking at the front door. Teens are propelled by emotion, not knowledge and experience, especially early on.”

At least one parent gets it.

Here’s the top 10 ways teens fool their parents. Are you aware of all these?











Robert Siciliano is an Online Security Expert to McAfee

Dutch Hacker Extradited From Romania, Charged With Credit Card Fraud

A 21-year-old Dutch hacker known within the online hacking community as “Fortezza” was arrested in Romania in March, and extradited to the United States in June.

U.S. Attorney Jenny A. Durkan, who chairs the Attorney General’s Advisory Committee on Cybercrime and Intellectual Property Enforcement, said, “This defendant has wrought havoc on victims and financial institutions around the world, this indictment alleges that in just one transaction he trafficked in as many as 44,000 stolen credit card numbers resulting in millions of dollars in losses to financial institutions. Cybercriminals need to know: We will find you and prosecute you. I commend the cyber investigators at the U.S. Secret Service Electronic Crimes Task Force and Seattle Police Department for tracking down these international criminals.”

Hackers like “Fortezza” employ a variety of methods to obtain credit card data. One technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. “Smishing” is similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs, while others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

All this stolen data is ultimately used to steal from financial institutions, which lose $40 billion a year to credit card fraud, and from retailers. These business fraud targets must employ multiple layers of protection to thwart cybercriminals.

One layer that businesses put upfront in their fraud detection process is based on device intelligence—what that device is doing right now on the site, and what fraud or abuse that device has caused with other businesses, even in other geographies. The leader in device identification technology is iovation, and they offer a fraud prevention service that allows online businesses to create customized business rules for identifying potentially risky transactions, and those rules can be adjusted on the fly as new threats emerge.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

June Was National Internet Safety Month

The Internet is an indispensable tool that citizens, corporations and governments all over the world have come to rely on. There are tremendous benefits to the World Wide Web including: having the information highway at your fingertips, being able to find and purchase products and services from anywhere, working from home, connecting with distant friends and family and saving time by conducting various transactions right from your couch.

The problem of course, is that all these conveniences have led to gaping security holes that allow criminals from all over the world to compromise your computer and various accounts which of course leads to identity theft and financial loss.  Even scarier is when criminal predators use the Internet to exploit children in various ways.

What this means is that all of us need to increase our security intelligence by understanding what to look out for and what systems need to be put in place so we can reap the benefits of the Internet safely and securely.

Since June is Internet Safety Month, it’s a good time to review essentials that all of us should be aware of every day.

Protect your personal information. Don’t give out personal data unless it is a trusted source requesting it and a secure site accepting it.

Look for httpS in the address bar when you are shopping online or on a site where you are entering personal information.

Update your browser with the latest version and use the highest security settings.

Update all your devices’ operating systems whenever a new version or critical security patch is available.

Beware of requests coming in via email asking you to update personal information. It’s best to go directly to sites instead of clicking on links in emails, or text messages.

Teach your children the “rules of the road” for the Internet and make sure they understand what is and isn’t acceptable online.

Think before you post online. It’s always good to use this rule of thumb—everything you post online is public and available forever—even if you use the highest security and privacy settings.

Keep your devices updated with the latest version of antivirus, anti-spyware and anti-phishing and make sure to have a 2-way firewall.

And remember, if something sounds too good to be true—it usually is, so don’t fall for the scam.

We can all do our part to stay safe and be better digital citizens by staying educated on the latest threats and scams.

Robert Siciliano is an Online Security Expert to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Watch for New Attacks Aimed at Mobile Devices

A mobile device is an indispensible extension of your life, containing some of your most private conversations and confidential information. It’s your phone book, email, photo album, social life, and even your wallet, all rolled into one device. Chances are if you own a smartphone or tablet, it is connected to your money or financial accounts. For many, it’s like a right hand (or in my case, left hand), so it’s essential to secure your device and the information it holds.

The phone is moving in to replace the PC for the next generation. Carriers are increasing network speeds, cutting download time in half, and new phones have capacities of up to 64 GB ¾ that’s more hard drive space than my three-year-old laptop.

Software application developers are responding to this shift by focusing primarily on mobile devices, with PCs demoted to a secondary consideration. And as with any major transition to a new technology, the uncertainty and newness fosters a perfect opportunity for scammers to launch attacks.

In McAfee Labs’ report, “Securing Mobile Devices: Present and Future,” Dr. Igor Muttik states, “Despite steady progress in securing desktop computers—using safer hardware, operating systems, and applications—malware is not going extinct. With today’s explosive proliferation of smartphones, tablet computers, and other mobile devices, we have to wonder whether our pocket devices can also be secured. We might assume from our extensive knowledge in protecting desktop computers that the new wave of mobile hardware should be relatively secure because we shall benefit from the lessons we have already learned.” But so far, many have neglected to consider the security of their mobile devices.

As new tablets and smartphones are released, along with thousands of new mobile applications, hackers are working to create bugs and viruses that modify the legitimate software industry’s processes. The burgeoning ubiquity of these mobile devices offers criminals the same sorts of possibilities today that they found in PCs several years ago.

Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read to app’s privacy policy on what data of yours it is accessing and sharing.

Don’t do any mobile transactions over unsecured Wi-Fi connection. It’s much more secure to use your mobile data network.

Keep your mobile software current. This includes the latest updates for your operating system, mobile browser and mobile security software

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

On July 9th Millions May Lose Access To Internet

As reported in March, the FBI has uncovered a network of rogue DNS servers and has taken steps to disable them. DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.

When you enter a domain name, such as, in your browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website.

DNSChanger is malicious software created by cybercriminals to redirect the Internet traffic of millions of unsuspecting users to websites where the thieves have profited from advertisements. All computers still infected with DNSChanger malware will no longer be able to access websites, email, chat, or social networking sites like Facebook after July 9th.

Most of us will have a difficult time manually changing these settings on our own. To help with this, McAfee has released a free tool to you find out if you are infected or not.

To see if you are infected with the DNSChanger virus visit then click on the “Check Now” button. If your computer is fine, you will receive a green check message and if your computer is infected you will see a red X mark. You can then download a free update to clean up your PC and restore your Internet settings.

It is quite possible that if your computer is infected with this malware, it may also be infected with other malware. To protect yourself you should:

 Make sure your PC has comprehensive protection with antivirus, antispyware, anti-phishing, antispam and a firewall

Set up regular updates of your operating system so you get critical security patches and keep your browser updated too

Be cautious of clicking links in the body of an email

Stay safe!

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Mobile Payment Update: Who Will Take the Lead This Summer?

As summer heats up, so does mobile payment  – a hot topic between major credit card companies, mobile carriers, and mobile manufacturers.

First, to give you some perspective, let’s cool down and cite some statistics from November of last year, when “Cyber Monday” was the most successful ever; and mobile purchases skyrocketed on Black Friday. U.S. shoppers made nearly two and a half times as many purchases through eBay Mobile on Black Friday 2011 compared to 2010, U.S. mobile sales were up 234% overall, and Paypal Mobile reported a global increase of 516% from Black Friday 2010 to 2011. Naturally, marketers and advertisers are now positioning themselves for a 2012 “Mobile Tuesday.”

This spring, at the London 2012 Olympics, Samsung introduced a new mobile payments system in collaboration with Visa. Near-field communication technology is taking a leap forward in the form of the Samsung GALAXY S III with mobile contactless payments.  With Visa’s payWave service, users can pay for a purchase by tapping a button on the phone and then holding it to a contactless payment terminal.

Meanwhile, Wired reports that Isis, a mobile payment system developed by AT&T, T-Mobile, and Verizon, has reached agreements with a number of major retailers including Coca-Cola, Food Locker, and Macy’s to implement their system in stores nationwide later this year. Google Wallet works at hundreds of MasterCard terminals, found in locations like Macy’s, Toys “R” Us, and Old Navy, but for now, the service is only available through Sprint, on four devices (not including the iPhone). And now, Apple has come up with Passbook, an elegantly simple new app for iOS 6 that works with retailer’s existing apps and QR codes rather than NFC technology.

It’s tough to say which will come out on top. We’ve been there before – remember  Betamax versus VHS and HD DVD versus Blu-ray?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Using Tech Support to Set Up Your New Devices

There are some things in life that require a “professional” to get the job done properly. You wouldn’t let your cousin Larry who’s a landscaper reset a broken bone in your hand right? You can certainly go to a hardware store and buy all the wood to build a deck, but just because you know how to swing a hammer doesn’t mean the deck will be safe, or even up to code.

Frankly, I’m a big time “DIY” or Do it Yourselfer” and take on most tasks myself. However, some things I know are beyond my expertise and I usually hire someone to do those tasks. So even though painting my house is a relatively simple task, I hire someone because they often get it done faster, better and cheaper than I can do it myself.

With technology I hire out for many tasks because some things can be done much better and more efficiently by a recognized expert. When I first started computing in the early 90’s I was on the phone with tech support all the time and learned an awful lot from these experts. Just figuring out how to use your new device can be challenging. So why not leave the process of getting your new devices to work with your existing ones, setting up connections, printers, etc. to someone else?

Consider getting help with tedious tasks such as:

Configuring your device out of the box

Customizing your desktop, screensaver, icons, profile picture, folders and tasks

Setting up your browser, homepage, bookmarks, and optimize the security settings

Creating user accounts

Installing all your software

Setting up printers and scanners

Configuring your email

One thing I learned is that even though I have a general working knowledge of technology, like painting, sometimes it’s easier to have the experts do the job. You’ll save yourself a ton of time and reduce headaches over the life of the device if you hire a professional to walk you through setting it up. Check out McAfee TechMaster Services which can help you with all this and more!

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)