What Can We Expect in 2013?

The cybercrime landscape is always growing and changing as hackers look for new ways to make money from us. And 2012 was no different as McAfee Labs™ found huge growth in malicious software and activities.

As the year closes, McAfee Labs looks ahead to see what is on the horizon for 2013. Here’s the areas they predict that we’ll see growth in and that consumers should be aware of.

Malicious app proliferation
As mobile malware grows, we expect to see malicious apps that can buy additional apps from an app store without your permission. Buying apps developed by malware authors puts money in their pockets. We also expect to see attacks that can happen without you having to install an app, so no interaction on your part is needed to spread the malicious app.

Mobile “tap and pay”
Phones with near-field communications (NFC) enabled are becoming more common. As users are able to make “tap and pay” purchases in more locations, they’ll carry their digital wallets everywhere. That flexibility will, unfortunately, also be a boon to thieves Thieves will also use the “bump and infect” method to steal money from your digital wallets in large, crowded areas like airports, malls and theme parks.

Mobile ransomware
Ransomware is quickly moving from the PC to mobile devices. Criminals hijack your ability to access data on your phone or use of your phone, so you are faced with losing your contacts, calls, photos, etc. or paying a ransom; and even when you pay the ransom you don’t always get your data back.

Regaining control of botnets
Botnets are networks of infected computers, that are controlled by a criminal for malicious activities and they are one of the largest sources of spam emails. As cooperation to shut down these botnets grows, the criminals that control these botnets lose money. We anticipate that hackers will find ways to regain control of their botnets (a larger group of computers they have control over) once they are taken down.

Hacking services traded online
Online criminal forums have always been used by cybercriminals to buy and sell malicious services, but they still did most of their actual dealings face to face. In 2013, the growth of traditional e-commerce methods are being used, and anonymity on these sites has improved. Buyers can make their choices with the click of a mouse, use an anonymous online payment method, and receive their purchases without any negotiations or direct contact with the seller.

 

 

 

 

 

 

 

 

 

 

Here’s some 2013 security resolutions:

Install security software on your mobile device—With the growing amount of mobile threats that we’re seeing, you want to make sure that your smartphone is protected, just like your computer. Consider installing security software such as McAfee Mobile Security, which can guard against viruses and malware, as well as protect your device and information in the case of loss or theft.

Strengthen your passwords—If you’re still using easy to remember passwords that include your home address and pet’s name, it’s time to get serious about creating strong passwords that are at least eight characters long, and a combination of numbers, letters and symbols. Don’t include any personal information that can be guessed by hackers.

Make sure that all of your software is up-to-date— Software updates often include fixes to security holes and other vulnerabilities so you want to make sure that you have the latest version of all your software programs, especially security software. Also, make sure to download application updates when prompted.

Check your bank statements and mobile charges regularly—This way, you can discover and report any suspicious charges.

Finally, as cybercriminals continue developing new attacks, realize that you need to stay up-to-date on the latest threats and how to protect yourself.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Why Elderly Are Targeted By Scammers

It has long been believed that elderly, which depending on your definition, are people over the age of 60 years old, are targeted by scammers due to their generations naïve upbringing. But from my perspective, a 65 year old grew up in the 60’s and there’s nothing naïve about the Vietnam war/Woodstock generation. My dad’s one of them, and we have this ongoing conversation about how there isn’t a day that goes by when someone isn’t trying to pick our pocket.

Apparently based on a recent UCLA study, a potential reason why the elderly are scammed is because of “a particular region of the brain that influences the ability to discern who is honest and who is trying to deceive us.

Older people, more than younger adults, may fail to interpret an untrustworthy face as potentially dishonest, the study shows. The reason for this, the UCLA life scientists found, seems to be that a brain region called the anterior insula, which is linked to disgust and is important for discerning untrustworthy faces, is less active in older adults.”

So the anterior insula disseminates good verses evil and as we age it doesn’t work so well. Worse, the study states, “It looks like their skills for making good financial decisions may be deteriorating as early as their early-to-mid-50s.” Which means a lame anterior insula coupled with deteriorating financial decision capabilities leads to a diminished ability to connect the gut to the head.
With this study, if I was a scammer, I’d be hyper focusing my market with the baby-boomer generation in mind.

Protect yourself.  Like mom said, if it’s too good to be true it is.

Scammers use incoming communications including phone, email, text and snail mail to fleece their victims. Just hang up, or delete the email or text. Responding only means engaging in their activities and cannot lead to a good outcome.

When participating in online communities, it is not necessary to disclose so many personal details. Disclosing your street address, date of birth, and identifying your relatives is unnecessary. Remember, if a cybercriminal targeting you is missing certain details needed to steal your identity, they just might ask one of your “specified” relatives. Don’t make it easy for them.

Many social networks, dating sites, gaming sites and online auctions are one step ahead of such bad actors.  By employing identity, credit and device reputation checks provided by online fraud prevention companies, these layered approaches proactively detect and thwart cyber scammers in their tracks.

Credit Card Fraud Really Isn’t Identity Theft

With the holiday shopping season and after holiday season sales over, it’s time to review our credit card statements and make sure that everything that is on there was something you purchased. With most of us using our card a lot more during this time, there’s more chance of fraud or identity theft.

When most of us think of identity theft and being a victim of identity theft, we are really referring to credit card fraud. This form of credit card fraud is called account takeover and it occurs when a thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps you simply hand it over when paying at a store or restaurant.

Another form of credit card fraud is called new account fraud. This occurs when someone gains access to your name, address and, in the US, your Social Security number. With this data, a thief can open a new account and have the card sent to a different address. This is true identity theft as the thief has access to your personally identifiable information.

Once the identity thief receives the new card, he or she maxes it out and doesn’t pay the bill. Over time, the creditors track you down, hold you accountable for the unpaid bills, and demand the owed funds. New account fraud destroys your credit and is a mess to clean up.

Victims of account takeover are likely to discover the fraud in numerous ways. They may notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits.

Credit card companies have anomaly detection software that monitors credit card transactions for red flags. For example, if you hand your credit card to a gas station attendant in Boston at noon, and then a card present purchase is made from a tiny village in Romania one hour later, a red flag is raised. Common sense says you can’t possibly get from Boston to Romania in one hour. The software knows this.

Victims of account takeover only wind up paying the fraudulent charges if they don’t detect and report the crime within 60 days. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00.

After 60 days, though, you are out of luck. So pay attention to your statements. As long as you do, account takeover should not hurt you financially. Protecting yourself from account takeover credit card fraud is relatively easy. Simply make sure you pay attention to your statements every month and refute unauthorized charges for purchases you did not make.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

 

“Operation Game Over” Purges Sex Offenders From Online Gaming

Over 2,100 accounts of registered sex offenders have been purged from online gaming platforms as part of “Operation: Game Over,” a first-of-its-kind initiative to protect children from predators on online gaming networks.

An additional 3,500 accounts of registered sex offenders purged from major online gaming companies earlier this year.

“The Internet is the crime scene of the 21st century, and we must ensure that online video game platforms do not become a digital playground for dangerous predators. That means doing everything possible to block sex offenders from using gaming systems as a vehicle to prey on underage victims,” said Attorney General Schneiderman. “I applaud the online gaming companies that have purged registered sex offenders from their networks in time for the holiday season.

Together, we are making the online community a safer place for the children of New York.”
Under New York State’s Electronic Securing and Targeting of Online Predators Act (e-STOP) law, convicted sex offenders must register all of their e-mail addresses, screen names, and other Internet identifiers with the state. That information is then made available to certain websites so that they have the option to purge potential predators from their online worlds.

Gaming sites use multiple layers of defense in their fight against cybercriminals, predators and other bad actors. One of the more effective layers is the use of device reputation by iovation. By identifying the devices being used for chat spam, gold farming, account compromise and other abuses, gaming sites can stop them from opening new accounts under stolen identities to further cause damage to their brands and customers. In one particular case, a gaming publisher using iovation ReputationManager 360 took action against 1,000 fraudulent accounts shortly after implementing the fraud prevention service. In addition to keeping repeat offenders out, clients of iovation share fraud intelligence so that when a bad actor comes in from another global gaming site, the new site knows upfront that it’s dealing with high risk activity from the start.

Online gaming has come a long way.  I’m pleased to see that most of the major gaming publishers are taking a serious stand against cybercriminals, predators, and the like, to keep honest consumers, players, and in many cases—our children—safe.

Enacted Maryland Child Identity Lock Bill, is Useless

This week the Maryland Child Identity Lock bill, went into effect. CBS Baltimore reports “Maryland State Delegate Craig Zucker is behind a new state law that just went into effect designed to protect a child from identity theft. “It will be the first time parents or guardians can proactively contact any of the three credit agencies and freeze their child or dependent information to protect against identity theft,” Zucker said. By freezing a child’s credit, crooks are out of luck.

Not quite Craig, but A for effort.  I mean that, and I hope you follow through and finish what you started.

The Huffington Post reported back in April “Under current Maryland law, credit agencies must place a security freeze on the credit of anyone who requests it. However, they can refuse to lock the credit of those who do not have a pre-existing credit report. That’s a problem for children. If they have a credit report, it likely means they’re already a victim of fraud.” Which is kind of exactly where we are today. Not much has changed.

Unless all 3 bureaus offer a proactive credit freeze then the bill fails, and it fails further if ALL children can’t get one, not just Maryland kids.

I contacted all 3 credit bureaus and only Experian offers a credit freeze for children and only if your child is a victim,  no matter what state you live in.  First go to Experians Credit Freeze Center then click “Add A Security Freeze” then Continue then “Place a Security Freeze on a Minor’s Credit File”

As of this writing, a phone call to Equifax at 1-800-603-9430 (a phone number only available by initiating a chat session) reveals the customer service agents have no knowledge of the Maryland Child Identity Lock bill, and will only freeze credit if the child is currently a victim of identity theft. Once a credit report is generated for a minor the damage is done and then a credit report can be frozen.

Transunion was a little more helpful in that they offer what they call a “Minor Supression” by going online seeking out “child identity theft” then calling 800-680-7289. The operator will then open a case and forward you to the fraud department. You should make sure to get a “Minor Supression File#” on each child and then send in the required documentation to the address they provide. But no credit freeze.

Being in the trenches and working with child identity theft victims I can tell you first hand that child identity theft is extremely damaging to a childs future. Most kids who are victimized have a hard time getting started as adults at the age of 18, when their credit makes them look like deadbeats. Their reputation is already damaged and getting credit, getting into schools or getting a job becomes 100 times harder than it already is.

The credit bureaus are in the best position to prevent child identity theft by simply tweaking their systems to allow a credit freeze BEFORE THE CHILD IS A VICTIM OF IDENTITY THEFT.

Us parents aren’t asking a lot. We just want to do our jobs and protect our children from what harm can come to our kids.

Robert Siciliano is personal security and identity theft expert and speaker. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Country Overrun By Identity Theft Ring

A week’s worth of news reports shows law enforcement all over the country are battling identity thieves who are stealing our personal information and opening various accounts under our names or taking over existing accounts. From every corner of the U.S. from Ft Lauderdale to Anchorage and San Diego to Queens, busts are happening but more work needs to be done.

Queens NYCBS New York reports: A South Ozone Park man who portrayed himself as a Harvard graduate with plans to open a medical facility has pleaded guilty to identity theft, the Queens District Attorney’s office announced.

San Diego CAImperial Beach Patch reports: Authorities said the defendants ran the ID theft and mail theft ring out of their home. Most of the personal information is believed to have come from stolen real estate files. Investigators found numerous items involved in the ID theft ring at the defendants’ home, including computers, printers, dozens of stolen credit cards and lists describing how to make counterfeit IDs.

Ft Lauderdale FLSun Sentential reports: The scheme unraveled after Erskine met with a confidential informant in March to discuss filing for fraudulent income tax refunds. She said Johnson could get a person’s Social Security number, date of birth, and driver’s license information for $150, according to court documents.

Anchorage AKKTUU.com reports: An Anchorage man is facing 36 federal charges, including aggravated identity theft, in a case involving more than $150,000 in losses to individuals and businesses he allegedly defrauded. Rogers allegedly created fake documents for nearly two years, from late 2007 until mid-2009, which federal authorities say he then used to make fraudulent purchases.

Consumers must:

  • Protect themselves from account takeover by monitoring their accounts closely, protect their passwords, and refute unauthorized charges.
  • Protect themselves from new account fraud by locking down their credit with a credit freeze or identity theft prevention services.
  • Protect their devices with antivirus, antispyware, antiphishing and a firewall.

Identity theft will continue to plague citizens until smart systems are put in place to mitigate new account fraud and account takeover. Businesses are engaging an emerging device identification technology by Oregon-based iovation Inc. that spots cybercriminals by analyzing the reputation of computers and mobile devices used to connect to online businesses. They proactively investigate for suspicious activity and check for characteristics consistent with fraudulent users.

In one major case, iovation helped bust a fraud ring that victimized over 15 people where tens of thousands of fraudulent charges were racked up. The case started when a report of $5,000 in fraudulent credit card charges at a large electronics store and two department stores was reported. It just so happens that the credit issuer was using iovation to flag fraudulent credit card applications and tracking that back to the specific computers and mobile devices used. This information, combined with surveillance photos and other offline detective work, provided the perfect blend of digital and physical data that law enforcement needed to bust the crime ring.