Grey Charges Are Upsetting—and Legal

Disclosure notices on websites, advertisements and in the terms of an agreement when making a product purchase are often complicated and confusing. Companies know this and take advantage of consumers, figuring potential purchasers don’t have the time, inclination or knowledge of the legalese that goes along with the fine print. Embedded deeply in the disclosure is the exact nature of credit card charges—and really, has anyone ever read that? My best guestimate is that 95 percent of the population hasn’t, which is why 95 percent of unwanted credit card charges are considered “grey charges.”

Because the legalese spells it all out (and trusting consumers sign on the dotted line),grey charges are not illegal—which by default makes them legal. However you slice it, I’m sure we can all agree that grey charges are upsetting, sleazy, sneaky and deceptive. More than once I’ve yelled and screamed at a customer service representative who gave me a million reasons under the sun as to why I wasn’t entitled to a reversed charge on my credit card. Grey charges cost more than time and money; they also cost users personally through the very expensive commodity of emotional bandwidth.

Companies exercising their grey charge rights (however wrong they may seem to the rest of us) are well-known legal entities that many of us do business with every day. They make billions of dollars confusing and deceiving customers into paying, and consumers are mostly uninformed—until now.

Companies engaged in this behavior know levying grey charges is legal, but unethical. But when they are making so much money, they aren’t about to stop. Consumers are ultimately responsible for checking their credit card statements and looking for grey charges. But according to BillGuard, few credit card holders—1 in 10—rarely, if ever, look at their statements.

Don’t get taken! Here’s how to outwit the grey chargers:

  • Scrutinize your statements carefully
  • Demand refunds when grey charges occur
  • Threaten a “chargeback,” which is a transaction in which a bank pulls money back out of a merchant’s account
  • Get BillGuard to do all the worrying for you—and get back your peace of mind

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Identity Theft on the Rise…Again

CaptureAccording to a report released by Javelin Strategy and Research and another by the FTC, the incidence of identity fraud increased in 2012 for the second consecutive year, affecting 5.26 percent of U.S. adults. This increase was driven by dramatic jumps in the two most severe fraud types, new account fraud (NAF) and account takeover fraud (ATF).

Key findings from the FTC’s report:

  • Over one million complaints were fraud-related. Consumers reported paying over $1.4 billion in those fraud complaints; the median amount paid was $535.
  • Fifty-seven percent of all fraud-related complaints reported the method of initial contact. Of those complaints, 38 percent said e-mail, while another 34 percent said the telephone. Only 9 percent of those consumers reported mail as the initial point of contact.

Key findings from Javelin’s report:

  • Identity fraud incidents and amounts stolen have increased. The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion—a three-year high, but still significantly lower than the all-time high of $47 billion in 2004. This equates to one incident of identity fraud every three seconds.
  • One in four recipients of a data breach notification became a victim of identity fraud. This year, almost 25 percent of consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. The study found consumers who had their Social Security number compromised in a data breach were five times more likely to be a fraud victim than an average consumer.
  • Small retailers are losing out. Fraud victims are more selective where they shop after an incident, and small businesses were the most dramatically impacted. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants. This is a much greater percentage than those that avoid gaming sites or larger retailers.

With iovation’s services, when computers or mobile devices with fraudulent histories connect to a retailer’s website, the business is alerted in real time. If velocity or geolocation alerts are triggered, the retailer knows that too, also in real time. The company maintains a living database of device intelligence, sharings the data across its global base of finance, gaming, travel, shipping, dating, and retail clients. Information is shared in order to detect fraudulent activity as soon as possible—before a product is shipped and chargebacks and fees are incurred. iovation calls it device reputation; I call it another bit of common sense for retailers.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Fighting the Cyber Intelligence Sharing and Protection Act (CISPA)

All my life I’ve been hearing about Big Brother. For those unfamiliar with the term, coined by George Orwell in his 1949 masterpiece, Nineteen Eighty-Four, Big Brother is the embodiment of a society under complete surveillance by its government. But it’s not fiction; infact, our everyday activities are being monitored, today, right now, either by self-imposed technology or the ever-present Big Brother.

Traditionally, documenting our existence went like this: You’re born, and you get a medical and a birth record. These documents follow you throughout your life, filed and viewed by many. You must present these records in order to be admitted to a school, to be hired, or to be issued insurance. You get a Social Security number shortly after birth, which serves as your national identification. These nine digits connect you to every financial, criminal and insurance record that makes up who you are and what you’ve done. Beyond that, it’s all just paperwork.

And now comes CISPA, a proposed law in the United States that would allow for the sharing of internettraffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill—which has been revived after being defeated last year in part because of widespread public protest– is to help the U.S. government investigate cyberthreats and ensure the security of networks against cyberattacks.

The Electronic Frontier Foundation adamantly opposes CISPA and calls the proposed legislation “apoorlydefined ‘cybersecurity’ exception to existing privacy law. CISPA offers broad immunities to companies who choose to share data with government agencies (including the private communications of users) in the name of cybersecurity. It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency (NSA).”

I’m all for more security. But I’m not sure the CISPA bill has been well thought out. The implications for this bill and the potential for abuse are scary. Whether CISPA is passed or not, consumer privacy is eroding on a daily basis. Every time we connect to the internet, our IP address is revealed. An IP address is kind of like an online social security number which can be tracked or traced back to you. Masking this address with a virtual private network (VPN) is the first step toward locking down your online identity and personal information.  The second is to call, write, or tweet your congresspersonurging them to vote “No” on this bill.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

More Than 30% of People Don’t Password Protect Their Mobile Devices

Are you guilty as charged?

Whenever I bring this up in a group setting, it astonishes me how many people raise their hands. I wonder if they realize that they are putting all the personal information contained on their mobile device at risk. The unfortunate reality is that everyone loses things, and our devices can get stolen. And when that happens to your smartphone or tablet, it can be devastating.

Many of us use upwards of ten apps on our devices during a typical week. The majority of these apps are logged into our most critical accounts including email, text, banking, social media, payment apps and others that are linked to our credit cards. And because mobile app developers know that we are more apt to use their programs if they are easy to access and convenient to use, a lot of apps are programmed to automatically keep you logged in for days, weeks, months, or until you manually revoke access.

If your devices are not password protected and are then lost or stolen, your accounts are 100% accessible to whoever has control of your device. This is bad—and yet, 36% of us still do not use password protection!

According to a recent global survey by McAfee and One Poll, consumers seem largely unconcerned about keeping data on their mobile devices safe. For example, only one in five respondents have backed up the data on their smartphone and tablet, and more than one in ten (15%) save password information on their phone. This means that if their phone falls into the wrong hands, they risk opening up all sorts of personal information such as bank details and online logins to whoever finds the device.

Setting up a password or PIN is no guarantee that data will stay safe, and over half (55%) of all respondents admitted that they have shared these details with others, including their kids.

What’s particularly interesting is that men and women also behave differently with their mobile devices, not only in terms of how much risk they are willing to take, but also in terms of what they value.

Here are a few steps to make sure you and your mobile devices stay protected:

Password protect all your devices (and don’t use easy ones like 1234 or 1111)

Never use the “remember me” function on your apps or mobile web browser, and take care to log out of your accounts

Consider not sharing your PIN/password—this might be a tough one, but in the long run it will save you from possible heartacheUse a mobile security product like McAfee Mobile Security (and also McAfee All Access), that has not only anti-malware, but web protection and app protection. With app protection, not only are you warned if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, you can ensure your personal information remains personal by locking some or all of your apps

Stay educated on the latest ways to protect your mobile device. For a fun quiz to help you learn about mobile security, visit the McAfee Facebook page. Play the Mobile Mythbusters quiz and get a chance to win a Galaxy Tablet or Kindle Fire!

And if you’re at Mobile World Congress, stop by and see McAfee in Hall 3, Stand C34. If you show our team in the red shirts that you’ve liked them on Facebook or followed them on Twitter, you’ll get a prize!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!Disclosures.

Europol: Credit Card Fraud Spells Low Risk and High Profits

Capture 1report from Europol states that payment card fraud is a low-risk and highly profitable criminal activity that brings EU-based organized crime groups a yearly income of around 1.5 billion euros. These criminal assets can be invested in further developing criminal techniques, used to finance other criminal activities, or even facilitate the start-up of legal businesses.

Payment card data is the ideal illicit Internet commodity, as it is internationally transferable. Europol, in its report on Internet-facilitated organized crime (iOCTA), concluded that organized crime groups (OCGs) clearly benefit from globalization, using foreign payment card data to purchase goods and services online. Credit card information and bank account credentials are the most advertised goods on the underground economy’s servers; according to Europol’s intelligence, around 60 percent of payment card fraud losses, totaling 900 million euros, were caused by card-not-present (CNP) fraud in 2011.

Within the major card-not-present fraud investigations supported by Europol, the main sources of illegal data were data breaches, often facilitated by insiders and malicious software. In most of these cases, the quantity of compromised card details was substantial, reaching hundreds of thousands or millions, and enabling criminals to sell the data in bulk on tonline.

In the US, the FFIEC updated the security requirements recommended for banks. One of the recommendations encourages financial institutions to employ complex device identification. Oregon-based security firm iovation goes a step further by offering device reputation technology, which builds on device identification by offering real-time risk assessments. The technology exposes any history of fraud associated with a particular device or group of devices, and investigates relationships between devices and accounts that have been associated with fraud to expose fraudsters working in cahoots to steal from online businesses.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Risky Mobile Applications Plague Users

Once you own a smartphone or tablet, you are not likely to give it up. But it is essential that you can understand where the risks are and steer around them as you enjoy your mobile digital life.

With the growth in mobile exploding, it is only natural for cybercriminals to move towards that device as a means for profit since it has such large numbers. And for us as consumers this means learning about these new ways hackers can trick or deceive us.

Part of the education process is understanding where and how all this malicious activity happens. Unlike PCs where infections typically happen through email (attachments or links) or from visiting an infected website, for mobile devices, malicious software (malware) is distributed primarily through infected apps.

In their Mobile Security: McAfee Consumer Trends Report, McAfee analyzed data from McAfee Mobile Security users on Android devices and found:

16% (or 1 in 6) of apps are infected with malware or contain links to risky URLs

40% of malware do more than one malicious activity (for instance it may not only send your mobile # and device ID to the hacker, but it may also open a “door” so the hacker can get future information from other apps)

The #1 malicious activity the malicious apps did was send handset and personal information to the hacker

Spyware represents about 1/3 of all malware families in our zoo and 23% of mobile spyware joins a botnet or opens a backdoor, increasing the risk of data loss or device abuse

What does this mean for you?

It means you better be careful with your mobile device and especially what apps you download and use. I don’t know about you, but my smartphone has become an extension of me and without it I’d be lost. And if all the data that was on my phone got into the wrong hands, I shudder to think of what could happen.

That’s why it’s critical that you are careful when using apps. Here’s some tips to stay safe:

Watch where you download: Only download apps from reputable app stores

Investigate the app: Researching it by reading reviews and checking its ratings

Check the permissions: Make sure the app is only accessing data it really needs to function- studies have shown that 1/3 of apps ask for more permission than they need.

Don’t store your logins: Do not choose the “remember me” option for apps and mobile browser for your login information, even though this is not as easy. This way, if a stranger accesses your device they cannot log into your accounts as you.

Use security software: Software such as McAfee® Mobile Security can also help protect your phone against malware, bad apps and other mobile threats. It also allows you to remotely locate, track and lock your device in the case of loss or theft.

Even though 51% of us would rather lose our wallet than our smartphone, only 4% use mobile security software.  It’s time….save yourself the hassle later and make security a priority for your mobile device and yourself.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

FTC and Consumers Want Companies to Take Privacy More Seriously

A recent Wall StreetJournal article drew attention to the fact that, “Companies are watching you. They want to know where you go on the web, what you buy and what causes you support—with the hope of sending you targeted offers based on your preferences and lifestyle choices.”

When browsing the internet, consumers without proper protection are unknowingly sharing lots of personal information they probably wouldn’t if they knew they were being watched.

Now Google Inc., another company known for watching over our shoulders, has reached a  $7 million settlement with some 30 U.S. states over a 2010 “Wi-Spy” incident in which its Street View mapping cars collected passwords and other personal data from home wireless networks.

The chairman of the Federal Trade Commission Edith Ramirez recently remarked, “Over the last three years, the FTC has issued more than 50 enforcement actions on privacy and data enforcement, and no fewer than five major policy reports giving guidance to companies.”  Concern about data privacy is reaching critical mass.

It’s no wonder why AnchorFree, the provider of the world’s most popular consumer virtual private network (VPN), is Forbessixth most promising company in America.

The Silicon Valley start-up has provided over 100 million global users with Hotspot Shield—a free app that enables secure browsing, online privacy protection, mobile data compression, and freedom to access all internetcontent across iPhones, Android devices, PCs and Macs.

Companies taking consumer privacy seriously are getting the attention of consumers and government agencies alike.

According to AnchorFree’s CEO, David Gorodyansky, “Being selected as the sixth most promising company demonstrates the importance of empowering consumers with choice and control over their personal information online. From safeguarding personal privacy to protecting against hackers and identity theft, VPNs such as AnchorFree’s Hotspot Shield arm us with the tools we need to enjoy all the information and communication benefits that the internethas to offer—safely.”

I couldn’t have said it better myself.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Devil is in the Details

In unwanted credit card charges, the details are the fine print—and the fine print often results in devilish “grey charges.”Grey charges are those credit card charges that appear on your statement from out of the blue, charging us small or large fees—or sometimes a single charge—monthly or annually.

The fine print can sometimes be expensive. And with unwanted credit cards, charges happen when we think we are paying attention or a sleight-of-hand action by a scammy retailer hooks us.

Boldface lies.The fine print may begin with lies. A website might look professionally done, complete with a believable story based on a plausible scenario andphotos representing real people with genuine-sounding comments. But in reality, it’s smoke and mirrors meant to deceive you.

Bogus trial periods.Trial periods with 30-day money-back guarantees are often rife with lies ending in grey charges. The fine print might read, “Delivery time is subtracted from your trial period”—in other words, if the package takes two weeks to get to you, you only have two weeks to try the product. But the clock starts ticking from the moment the package leaves the facility. After thinking you have 30 days from the delivery date, you decide to return the unwanted item—and you learn too late that you are out of time and out of luck.

Twice-bought scams. You buy a product in January, and when you receive it the product is damaged or of poor quality, so you immediately return it and get your money back. Then six months goes by and you see the same ad. You still want the product and figure you’ll give the company a second try; perhapsthey’ll have their act together by now. But when you get the product a second time, it’s just as bad as the first—and in the fine print it says, “We do not honor refunds to customers who have purchased the same product in the past.”

Free trials. Like Mom said, “There is no free lunch” and “If it’s too good to be true, it is.” This applies to free trial periods as well. Often, the upfront cost of the item is just a few dollars. You make the purchase,and the free trial begins the same day you purchased the product—not when you receive it—so themerchant weaves in the bogus trial period. Then, after the free trial period expires, you learn the actual cost of the item might be 10 to 20 times the initial charge.

Outwit the devil by paying attention to the details:

  • Pay attention to the fine print, as hard as that may be
  • Ask as many questions as you need to before laying down your credit card number
  • Use a credit card and not a debit card
  • Watch your statements closely
  • Get BillGuard to watch the grey charges for you

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Phony Identities Result in $200 Million Fraud

Recently, the FBI arrested 13 people in four states. Their crime? Allegedly creating thousands of phony identities with which to steal at least $200 million in one of the largest credit card fraud schemes ever charged by the Department of Justice.

Bloomberg reports that after using 7,000 false identities to obtain 25,000 credit cards, the conspirators ran the scam through real businesses such as jewelry stores, and at least 80 sham companies under more than 1,800 addresses. Capture

The defendants charged in the complaint allegedly used fake Social Security numbers to fabricate identities and obtain credit cards, doctoring credit reports to pump up the cards’ spending and borrowing power. They would then borrow or spend as much as they could (based on their fraudulently-obtained credit history) and proceed to default on the debts, robbing businesses and financial institutions of more than $200 million in confirmed losses. When the credit card balances went unpaid, there was no one to hold responsible. In the end, however, retailers, merchants, banks, and credit card companies paid the bills.

According to a statement by the FBI, “This elaborate network utilized thousands of false identities, fraudulent bank accounts, fake companies, and collusive merchants to defraud financial institutions of hundreds of millions of dollars in order to facilitate extravagant lifestyles they could otherwise not afford.”

It appears that this scam was particularly lucrative for the criminals because there were no actual flesh-and-blood victims of identity theft to take notice.  One device may be opening a new credit card account—then going to an online retailer and applying for instant credit—all within minutes. Frauds like this, while highly sophisticated in nature, can be detected early with the right tool in place. Through velocity triggers and shared experience across multiple businesses, iovation can proactively detect the activity, alert affected businesses, and thwart the attacks. This is great news for the protected businesses, and also great news for the consumers who would otherwise be dealing with fraudulent charges made under their identities.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mobile Security Myths

Mobile computing is the new frontier of personal technology. Whether you are on a phone or tablet, if you have a carrier connection, you are mobile.

Today, most of us can’t live without our mobile devices. We live in an always on, always connected world. While this is convenient in many ways, it also brings about new security risks that many people don’t think about.

For example, most of us know that we need to use security software on our PCs. But how many of us know to use security on our mobile devices? Mobile devices are our most personal computers, yet they open the door to many vulnerabilities that don’t exist on a traditional PC.

Here’s some fact vs. fiction around mobile devices:

Mobile Myth #1: The best way to locate my lost phone is by calling it.

False. While “Call Me Maybe” may be your theme song, and this is sometimes a viable option, it’s much easier to use security software that lets you locate your phone by GPS or make it “scream” so you can find it (this is much louder than your ring tone). You can also display a message on your lost phone if anyone does find it, so you can tell them how to get in touch with you.

Mobile Myth #2: It’s ok to have my apps automatically log in to my accounts if I have my phone protected with a PIN.

False. Even though a PIN is a good start, this is not complete protection. Hackers are often able to guess PIN codes and also have programs to help them quickly figure out your 4 digit combination. Make sure you use a PIN that is not 1111 or 1234 and that you do not set your apps or mobile browser to use the “remember me” function. If your phone falls into the wrong hands, that gives the person easy access to your accounts.

Mobile Myth #3: Phishing is just for PC users.

False. In fact, one study showed that mobile users are 3x more vulnerable to phishing scams than PC users. Hackers can use phishing attempts via email (if you access your email via your phone or tablet) but also via text and social media apps. Also, it is much harder to tell if links are “real” in a mobile browser or email, so you should use mobile security software that warns you if you are going to a malicious site.

These are just a few mobile myths that exist out there. To really test your mobile knowledge, play ourMobile Mythbusters quiz on Facebook, where you can also enter to win great prizes like a Galaxy tablet, Kindle Fire, or a copy of my e-book “99 Things You Wish You Knew Before Your Mobile Device Was Hacked,” all with a 1-year subscription to McAfee Mobile Security.

Capture

In addition, share you’re your mobile myths with @McAfeeConsumer using the hashtag #MobileMyths to help debunk mobile security myths and protect yourself and others. Top tweeters will win a copy of McAfee All Access or McAfee Mobile Security.

And if you’re going to be at Mobile World Congress, stop by to visit McAfee and see our product demos. We’re in the Intel booth in Hall 3, Stand C34. You may even get a small gift if you show that you’ve liked McAfee on Facebook or followed us on Twitter when you come see the people in the red shirts!

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)