Beware of the Green Dot scam

Scammers are at it again, this time with green dot cards: a pre-paid debit card available at stores. It can work like this:

9DLet’s say you run a small business. You’re out and about, then return to find an employee informing you that the electric company called about an unpaid bill. So you return the call. The person on the other end says you need to pay that electric bill of (fill in the blank) dollars. The stranger on the other end says you can get a green dot card from, say, Walmart, and that you can give that person the number within the next 20 minutes.

Otherwise, the electricity in your business will be shut off. Your business depends on electricity; you have customers; you don’t have time to really think about what just happened over the phone; so you hurry out to Walmart and get that green dot card, call the stranger back and give him the number.

You just got scammed!

There are more and more cases mounting like this, with the scammers tricking victims with an assortment of tall tales, convincing them to obtain the green dot cards. This scam is difficult to trace back to the thief.

Take time to reflect upon a situation before rushing out to do something that involves your money. No legitimate business like a utility company will ever request that you go out and get a prepaid card and then give them the card’s number, especially within the constraints of a very short time period. If it smells fishy, it IS fishy.

The scammers use stories to charge up the victim’s emotions, because they know that people don’t think logically when under the duress of emotions (e.g., fear of electricity shutting down in their shop).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Social Engineering?

No, it’s not some new engineering field to develop social media sites. Social engineering has been around as long as the con artist has been around. The terms stems from the social science world where social engineering is deemed as an act of psychological manipulation.

social_engineeringIn our tech-laden world of today, social engineering still involves deceit but it’s used to deceive you into giving up personal or sensitive information for the bad guys’ financial gain. Social engineering can take many forms from an email, phone call, social networking site, text messages, etc., but they all have the same intent—to get you to part with valuable information.

Any one of us can be a target. And social engineering continues to be a tool that cybercriminals use because it works. They play on our emotions and our innate sense to want to trust others and be helpful. The also rely on the fact that many of us are not aware of the value of the information we possess and are careless about protecting it.

For instance, after major natural disasters or major news topics, like a hurricane or earthquake, cybercriminals sent out scores of bogus emails, calling for sympathy and donations for the victims, just so they could line their pockets.

In addition to sympathy, the bad guys also barter in fear, curiosity and greed. From emails offering fake lottery winnings (greed), to dangerous download sites advertising a preview of the latest Lady Gaga song (curiosity), to devious popup messages that warn you that your computer is at risk (fear), today’s cybercriminals are masters at manipulating our emotions.

And because their tricks often look legitimate, it can be hard for you to identify them. You could wind up accidentally infecting your machine, or sharing personal and financial information, potentially leading to monetary loss and even identity theft.

How can you protect yourself?

  • Never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages, and any time the phone rings and they are requesting personal information consider it a scam.
  • Be suspicious of any offer that seems too good to be true, such as the lure of receiving thousands of dollars just for doing a wire transfer for someone else.
  • If you are unsure whether a request is legitimate, check for telltale signs that it could be a fake, such as typos and incorrect grammar. If you are still unsure, contact the company or organization directly. Financial institutions, and most sites, don’t send emails or text messages asking for your user name and password information.
  • When using social networking sites, don’t accept friend requests from people you don’t know, and limit the amount of personal information you post to your profile.
  • Consider using a safe browsing tool such as McAfee® SiteAdvisor® software, which tells you whether a website is safe right in your search results, helping you navigate away from phony sites.
  • Make sure your all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that protects all your PCs, Macs, smartphones and tablets.

So remember to ask yourself if this is really legit, the next time you get a message that plays on your emotions. Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

13 ways Protect your Credit Cards from Fraud

Here are a number of ways you can protect your credit cards from fraud.

2C1. Keep a sharp eye on your credit card accounts. Read through the purchases for every monthly statement to see if any unfamiliar or odd items show up. Don’t just skip past small purchases; a charge for $9.95 could still be fraudulent. A crook knows you’re less likely to pay attention to small numbers. Consider checking your statements online weekly or even better, download your banks mobile app and check them daily.

2. Immediately contact your bank. By law, credit card companies have to give you 60 days to refute unauthorized charges. And with “zero liability policies”  fraudulent charges are often squashed as long as a year later. However the sooner you contact the bank upon suspecting fraudulent activity, the more likely the credit card issuer will reverse the fraudulent charges. The compromised account should be closed and a new card and account issued and opened, respectively.

3. Credit card monitoring services. These are free or fee based and often included in identity theft protection services and will keep an eye on your credit score as well as inquiries for new credit, and balance charges.

4. Implement activity alerts. Your accounts should have these; the alerts can come via e-mail or text for various card related activity, such as based on amount or frequency. You can text messages for every card present (in person) and card not present (online) transaction.

5. Go virtual. If your bank offers it, use a virtual credit card number online. These are card numbers that change every time you use them.

6. Skimming awareness. Credit card skimming is when a thief sabotages the card reader (such as an ATM’s), allowing him to get your card’s data. Look for signs of tampering like loose parts on the keypad or a camera looking down on the console. Conceal the keypad with your other hand when you enter your PIN. A skimmer can also use a handheld device and skim your card right in his hand. Be very careful whom you give your card to for a purchase.

7. Don’t save. That is, your credit card information with an online merchant. Instead, manually enter it every time you shop. The hassle of this means more security.

8. Financial tracking apps. These are free and can alert the cardholder to odd activity, such as an unusually large purchase. I like Mint by Intuit. BillGuard is great too.

9. Be alert. In addition to unauthorized charges showing on your card’s statement, be on the lookout for strange bank account withdrawals, collection notices for debts you’ve never heard of, being rejected for credit applications, among other red flags.

10. Shop securely on Wi-Fi. Use an encrypting software such as Hotspot Shield VPN. VPN is virtual private network and will prevent snoops and crooks from spying on your online activities.

11. Use reputable sites. Make purchases only from reputable sites you’ve already shopped at or otherwise trustworthy sites like eBay (check sellers ratings) and Amazon.

12. Updates. Set your computer’s or device’s critical security patches to automatically update; these patches help correct newly-discovered vulnerabilities. And speaking of updates, make sure you update your antivirus and your browser to the latest version, to correct vulnerabilities.

13. HTTPS.  The HTTPS at the beginning of the browser before the URL, means that the site is secure. Never input your credit card number on a site that does not have the HTTPS in the URL field. The HTTPS means there’s encryption on that particular page.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Courts side with Consumers in Data Breach

In general, courts don’t tend to side with consumers in data breach incidents. However, a federal court in Florida is the apple among the oranges. It approved a $3 million settlement for victims whose data was on a stolen laptop in December 2009, that contained personal health information.

2D

The laptops belonged to AvMed, a health insurer, and the unencrypted data involved records of tens of thousands of the company’s customers.

Though the consumer-plaintiffs suffered no identity theft or other direct losses, they blamed AvMed of breach of contract and fiduciary duty, negligence and unjust enrichment.

These claims were dismissed by the U.S. District Court for the Southern District of Florida, but the plaintiffs appealed. The U.S. Court of Appeals for the Eleventh Circuit remanded the case.

AvMed’s attempt for another dismissal went down the tubes, prompting the company to enter into settlement talks with the plaintiffs.

The agreement says that each victim will get up to $10 for every year they made an insurance payment to AvMed, with a cap at $30. This is money, say the victims, that AvMed could have spent on better data security. The agreement also requires AvMed to pay damages to anyone who gets stung with identity theft.

AvMed will also employ encryption and new password protocols, plus GPS technology for its laptops.

Apparently, this settlement is the first in which the awarded victims didn’t have to show tangible evidence of loss.

Traditionally, courts nationwide don’t take on such claims, and that a claim lacks merit if it’s based on the possibility of future damages rather than actual concrete losses that have already occurred.

The ruling serves as a precedent for future data breach cases, to support customers’ stance that a segment of their health insurance premiums should fund data security placements.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.