12 Awful Reasons Why Impostors Commit Social Media Identity Theft

/in , , , , , , , , /by

Imagine if someone used your name and image, or the name and logo of a business you own, to create a profile on Facebook, Twitter, or any other social networking website. Then they start posting blogs and sending out links while pretending to be you. They may contact your acquaintances, colleagues, or clients, or they may simply show up when others search for your name. Either way, their intentions are fraudulent. Establishing an online presence using someone else’s identity creates unlimited opportunities for a scammer.

Traditional phishing, in which scammers send a fake email that appears to come from a trusted entity, is no longer as successful as it used to be. So identity thieves are taking advantage of social networking sites to build a home base. Once established, they seem as legitimate as any other user. There are few, if any, checks and balances to prevent this.

Social media identity theft occurs for a number of reasons:

  1. An impersonator may be attempting to steal your clients or potential clients.
  2. He or she could be squatting on your name or brand, hoping to profit by selling it back to you or preventing you from using it.
  3. They could be criminal hackers posting infected links that, if clicked on, will infect the victim’s PC or network with a virus that gives hackers backdoor access.
  4. An impersonator may intentionally pose as you, and even blog as you, in order to damage your name or brand. Anything they say to the world that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.
  5. He or she may be using your identity to harass someone you nkow.
  6. The impersonator may wish to harass you, perhaps as revenge over a percieved slight or because you sold them a defective product or service.
  7. They may wish to use a name or brand that has leverage, such as a celebrity or Fortune 500 company, as a form of social engineering, to obtain priveledged access.
  8. If you or your business sell products or services, identity thieves might pose as you and offer deals with links to spoofed websites, in order to extract credit cards numbers.
  9. They may pose as a government entity for the purpose of extracting data and committing new account fraud.
  10. An impostor may be obsessed with you or your brand, and simply want to be associated with you. Posing as you could yield attention and satisfaction.
  11. They could be parodying you or your brand, by creating a tongue in cheek website that might be funny and obvious, but will most likely not be funny to you.
  12. They could be posing as you to elicit contact from others for the purposes of a relationship, sexual or otherwise, either in person or virtually. A young man was recently caught posing as an attractive girl in his school. He contacted guys in his class through a fake Facebook account and requested naked photos of them. When he revealed who he was, he used the incriminating photos to extort sex from them.

Social media is just a baby. All of the above stems from real world examples over the past few years. Unfortunately, this list is going to keep growing. Varieties of fraud that can occur via social media are only up to the imagination of the thief. Submit your own findings. Let’s hear what other whacked out social media identity thieves are doing.

To prevent social media identity theft, register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube. (Disclosures)

Join Us for National Protect Your Identity Week October 17-24

/in , , , , , , /by

See us at the the Identity Theft Protection Blog and the 2009 National Protect Your Identity Week. In order to solve this massive problem, it is absolutely essential that you – the public, corporations, associations and government agencies, all take responsibility and do what is necessary to protect yourself, your clients and your constituents.

Identity theft isn’t going away any time soon and therefore we are here to provide a comprehensive resource to help educate, inform and hopefully empower you to prevent this crime from happening under your watch. Like any problem that we may face in life, we do our best to find a speedy and efficient solution. However identity theft is one of those problems that acts like a 10 headed monster that we keep chopping the head off but it keeps growing a new head, a new leg and a new arm.

Because we are a persistent and resilient people, and we never never never give up, we will prevail. The solution requires a coordinated effort between every single citizen, company and government official to see the big picture and to do what’s right and put the necessary systems in place that prevent the bad guy from doing his job. The solutions are near. Some of them are already in place. It’s just a matter of everyone getting on the same page and coming to an agreement.

Understand there has always been, IS, and will always be a criminal element looking to take from those who have. The bad guy (and gal) persistently looks for their next victim all day, every day. Your job is to become informed and know what it means to become a tougher target. And in the meantime those who are responsible on a higher level to protect us, and our critical infrastructures, methods of commerce, and ways in which we identify ourselves will continue to work on the big stuff. But they need you to be aware and alert and actively participate in the process. We are all in this together.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Become an expert in identity theft and information security. Be the go-to-person in your home or organization who has all the answers to the problem.

Please check us out daily and plug us into your RSS feeds. Please add us to your favorites menu. Please feel free to submit questions and let us know what we are doing right and where we need to improve. It is an honor to be able to serve you.

Thanks to a number of national organizations are also putting their weight behind this initiative, joining the NFCC and CBBB as Supporting PYIW Coalition Members. This Coalition includes: the American Bankers Association Education Foundation, AFSA Education Foundation, Consumer Action, Consumer Federation of America, Credit Union National Association, Federal Trade Commission, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Council of LaRaza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriff’s Association, Office of the Comptroller of the Currency, and the National Association of Triads. MSN Money is once again the national online media sponsor.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News.

Robert Siciliano

CEO IDTheftSecurity.com

Robert@IDTheftSecurity.com

http://twitter.com/RobertSiciliano

Identity Theft Is Really No Big Deal. Idiot.

/in , , , , , , , , /by

Robert Siciliano Identity Theft Expert

I make a portion of my living talking about identity theft. Admittedly, I profit from the crime. I don’t steal identities of course, but I get paid because others steal. I’m not FBI, CIA, Secret Service or a cop. But you wouldn’t disparage any of those entities for doing their jobs to protect you from bad guys.

I talk about this issue all day, every day to whoever will listen. I’m obsessed with this and all issues regarding personal security. It’s what I do, and it seems to be “my purpose.” I may sometimes go a bit overboard in my take on these issues and what people need to do to protect themselves, but sometimes that’s what it takes for people who think it can’t happen to them get off their duff and be proactive.

All that said, it bothers the heck out of me when someone looks me straight in the eye and tells me that identity theft is no big deal, that I should get over it. That’s exactly what Julia Angwin does in this Wall Street Journal article. And she uses a prominent industry professional as the anchor of her article, to confirm her beliefs and trivialize this heinous crime.

The fact is, crime happens all day, every day. Some crimes are more or less common. Some are more or less invasive. All crimes have victims and all victims suffer the consequences of others actions. To trivialize those victims and make little of their burden is a completely incomprehensible act.

I responded to this article with the following comment:

“The author hides under the guise of The Decoder and will not give her name in this article. In another article she is Julia Angwin at julia.angwin@wsj.com. Why not sign your name here?? [Angwin’s name now appears under the article.]

A person is more likely to be a victim of some form of identity theft than to be injured in a motor vehicle accident. But I’ll bet she wears a seat belt and doesn’t trivialize that. A person is more likely to be a victim of identity theft than have their home broken into or car stolen. But I’ll bet she locks up. A person is more likely to be victim of identity theft than be sexually assaulted. But she dare not trivialize that. A person is more likely to be a victim of identity theft than have their child abducted. But I’ll bet she watches her kids close at the park. Sister, just because you don’t understand something doesn’t give you the right to make little of it. Identity theft victims suffer the consequences of fraud every day. Some much more than others. For the victims, identity theft is a living hell. I wouldn’t wish any of the above on anyone and hope identity theft never happens to you. If it does you will sing a different tune and be appropriately empathetic to the victims of this heinous crime.

And Bruce, really, the contrarian thing is very obvious. To say you’re not worried and don’t do anything is a slap in the face to everyone who has been victimized and everyone who cares to prevent it. Your credibility just slipped a notch in this fan’s opinion.”

And because I care and because I’m being paid and because I believe in the following, I’m going to make a couple suggestions to you as to how you should protect yourself. But really, identity theft is no big deal.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News.

How to Prevent Phishing Scams

/in , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Recent reports abound of consumers email account being phished and American and Egyptian authorities arresting  dozens of people in an online fraud crackdown for phishing scams.  Its time to revisit the fundamentals of how to prevent phishing. Nobody can do this better than the Anti Phishing Work Group

Phishing Defined

Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social‐engineering schemes use spoofed e‐mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical‐subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords ‐ and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher‐controlled proxies used to monitor and intercept consumers’ keystrokes).

How to Avoid Phishing Scams

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
    • Phishers are now able to ‘spoof,’ or forge BOTH the “https://” that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
    • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ‘safe’ site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
  • Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login.htm?” Be aware of where you are going.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
    • The newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2
    • EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users – download at http://www.earthlink.net/earthlinktoolbar
  • Regularly log into your online accounts
    • don’t leave it for as long as a month before you check each account
  • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
    • if anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers
  • Ensure that your browser is up to date and security patches applied
  • Always report “phishing” or “spoofed” e-mails to the following groups:
    • forward the email to reportphishing@antiphishing.org
    • forward the email to the Federal Trade Commission at spam@uce.gov
    • forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
    • when forwarding spoofed messages, always include the entire original email with its original header information intact
    • notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

In addition you must:1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News

Operation Phish Phry Nabs 100 Identity Thieves

/in , , , , , , , /by

Identity Theft Expert Robert Siciliano

US and Egyptian officials have charged 100 people with orchestrating a phishing scam that robbed a$1.5m from Bank of America and Wells Fargo customers.

53 criminals from CA, NV and NC were named in an indictment. This is the largest ever charged in a cybercrime case. Officials in Egypt nabbed another 47 people.

Egyptian criminals phished account numbers and accessed bank accounts. The Egyptians and the US phishers transferred money into mules accounts.

This is an example of the sophistication of criminal identity theft rings and organized global web mobs fully ramped up and knocking off victims by the thousands.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said the FBI in Los Angeles.

The New York Times recently reported the bust of a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

It’s great seeing criminals getting busted. And the fact remains there are lots more cybercriminals than there are law enforcement. But keep up the good work guys/gals!!

  1. Check your credit card statements often. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from what looks like a trusted source but is actually a phish.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing money mules on Fox News

Up to 1 Million email Accounts Phished for Identity Theft

/1 Comment/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised.

News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com. Internet users are urged to change their passwords regularly and ensure anti-virus software is up to date to protect themselves from fraudsters.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

Change passwords often. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases

Never click links in the body of an email that are coming from a bank, Paypal or any enterprise that may be leading to a request to enter data. Go to your favorites menu or manually type the address in.

Pay attention to phishing filters. Most updated browsers have built-in phish filters that toss up a red flag warning of a potential ruse.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Obama; Cybersecurity and Identity Theft Protection Starts at Home

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful and not particularly secure. It is powerful enough to bring people together, to educating, inform, and make life easier. But it’s also used to hurt, scam, and debilitate in so many ways.

The Pentagon’s computer systems are probed 360 million times per day, and one prominent power company has acknowledged that its networks see up to 70,000 scans per day. Every single day, utilities, banks, retailers and just about every computer network are faced with attacks. Many of these hacks are insignificant. Many are conducted with intent to commit crimes such as espionage, financial data theft, or the destruction of crucial information. The criminal hackers could be cyber-terrorists attempting to destroy the U.S. or its economy, malcontents simply wreaking havoc for its own sake, or opportunists looking for a profit.

The U.S. is a prime target for a number of reasons. The most obvious is that we’ve made mistakes that have many in the world hating us. Then there’s our financial system, which offers instant credit to anyone with a Social Security number. And of course, credit card security is an oxymoron, since anyone can use any credit card at any time. We have a bullseye on us and we put it there.

“Weapons of Mass Disruption” are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
  • Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

Government Tries to Thwart P2P Identity Theft

/in , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Computerworld reports the House Energy and Commerce Committee passed the Informed P2P User Act, a law that supposedly makes it safer to use peer-to-peer, or P2P, file-sharing software. Yawn.

The bill now goes to the House for one more round of  approval. If passed, the bill requires developers to explain to users how their files will be made available for sharing with others on a P2P network.

The bill would make it illegal for P2P developers to make software that causes files from a computer to be inadvertently shared over a P2P network without a user’s knowledge.

Peer to peer file sharing allows Internet users to access other P2P users PCs and share files such as music, movies, software, games, and documents. Unfortunately many people don’t set up P2P programs correctly and they end up sharing their most important files including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Information on a U.S. Secret Service detail for the First Family was discovered via P2P.

Even if P2P were made illegal, P2P file sharing is a wild animal that can’t be tamed. There are already millions of P2P programs in circulation that can easily be set up inappropriately, and plenty of developers flying under the radar programming from countries all over the world unregulated by the US government.

There are millions of PCs loaded with P2P software, and users/parents/employers are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

Savvy users lock down P2P to prevent someone else from tooling around with thier settings. If your IT abilities are scant then:

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.

New Identity Theft Virus Steals from Online Banking

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

A new kind of Trojan horse infiltrates your online bank account, and not only steals your log-in information, but also siphons funds directly out of your account. The virus is known as URLZone, is controlled by servers in the Ukraine, and it determines how much money to steal from a victim’s account depending on the initial balance, all in real time, while the user is logged in, displaying a fake balance so the victim isn’t aware that it’s happening. URLZone targets Firefox, Opera, and the last three versions of Internet Explorer. Currently, the virus is only targetting computers in Germany. But it’s only a matter of time until URLZone, the most sophisticated worm of its kind to date, spreads further.

Like most viruses today, URLZone generally infects a PC when the user clicks a link or visits an infected site. Once the virus is installed, it waits for the user to access an online banking website. That’s when it goes to work. While the user is banking online, the virus communicates with the bank’s server in the background. Transactions are being processed and the user doesn’t see any of it happening. Frankly, this doesn’t even sound possible to me. But it’s happening. The virus then erases its tracks by displaying a bank balance on the infected computer that doesn’t reflect the funds that have been stolen. The victim will only recognize a discrepancy in the balance when using an uninfected computer or an ATM, or receiving a paper statement. Or when the checks start to bounce.

A virus with the sophistication to hijack the victim’s browser, steal money during an online banking transaction, and then cover its own tracks by modifying the information displayed to the victim, all in real time, is not good, to say the least.

White hat hackers are struggling to stay one step ahead of the criminals, but black hat hackers are out in full force. There are more ways to compromise data today than ever before. From 2007 to 2008, the number of viruses quadrupled from 15,000 to nearly 60,000.

Recently, a couple’s bank account was compromised as a result of their own insecurity. The bank claimed no responsibility and held the couple accountable for the loss. Now they are suing the bank. Depending on how this case pans out, you may be held responsible for the loss if you’re hacked.

1. Make sure your anti virus up to date and set to run automatically.

2. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

3. Update your operating systems critical security patches automatically

5. Check your bank statements often, online, at least once a week.

6. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

High-Tech Harassment in Social Media

/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.

Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone’s camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.

In an even more shocking instance of high tech harassment, a hacker took over a woman’s Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, “My only friend is the handgun in the back of my closet,” and, “I don’t want a funeral or memorial, I want it to be like I never existed.” After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do “anything drastic.” By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.

In this incident, the victim was the mother of a Navy Seal who died in Iraq. It’s believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.

But this can happen to anybody.

  1. Strengthen your passwords; use upper/lower case, numbers and characters. Don’t use easily guessed words from the dictionary or pets, kids, birthdates etc.
  2. Don’t access social media from libraries, internet cafes or any public computers that could have spyware.
  3. Make sure your own PC has updated virus definitions and security patches. Don’t bother with all the 3rd party apps in social media. Many are risky.
  4. Don’t click on links in emails from “friends” asking you to download a video or see pictures. This is becoming a common ruse in social media.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses high tech harassment on the Mike ad Juliet Show on FOX