Most Unwanted Criminals: Phishers, Shoulder Surfers and Keyloggers

/in /by

McAfee’s most unwanted criminals have included pickpockets, Trojan viruses, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. Identity theft can happen online or on the ground to anyone with a pulse, and even to the deceased.

The key is awareness, vigilance, and investing in products and services that are designed to protect you.

Tony “Big Phish” Morgan sends emails that appear to come from a trusted source, soliciting login credentials or sending recipients to spoofed websites. Either way, he wants to take over existing accounts and gain access to more data on the server or your PC. Phishing emails may look like a legitimate monthly statements or obvious Nigerian 419 scams laced with scammer grammar. Phishers have stolen over a quarter billion from victims and counting.

The first rule for protecting yourself from phishing is never click on links in emails. Use your bookmarks menu or manually type in the address of the website you’re looking for. McAfee Site Advisor software provides risk ratings for websites that come up when you do a search.

Wandering Eyes” Willie is a shoulder surfer, using his eyes, binoculars, hidden cameras, or more likely, a phone with video capabilities to peer over shoulders in Internet cafes or checkout lines, capturing account data and PINs. If you are standing in a checkout line and someone nearby seems to be looking at his phone, which happens to be a camera phone pointed in the direction of your credit or debit card, he may be shoulder surfing.

Watch out for “wandering eyes.” Cover your phone’s keypad when entering usernames or passwords. In an Internet café, choose a seat with your back to the wall.  Use complicated passwords that are harder to crack.

Francis Scott Keylogger can smoothly infect your computer and track all your online activity, recording every username and password you type. An outdated browser is more vulnerable to picking up keylogging software when surfing an infected website.

Keyloggers can hide in hardware or software, so run antivirus and anti-spyware programs to eliminate viruses, but also check the back of your PC for devices that may be piggybacking on your keyboard.

To ensure peace of mind and have a fraud resolution agent assist in identity theft restoration, —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

10 Tips to Secure Online Shopping

/in /by

Worried about shopping online safely? Shopping online is unquestionably more convenient and efficient than traditional commerce. However it can be scary when entering your personal information on sites you aren’t familiar with.

The McAfee SECURE™ Shopping Portal lets you shop on thousands of trusted McAfee SECURE sites, so you don’t have to worry about identity theft. At McAfee SECURE Shopping, you’ll find a wide assortment of stores, every one of which has passed McAfee SECURE service daily checks for identity theft, credit fraud, online scams, spam, and adware.

Every merchant in the McAfee SECURE Shopping Portal undergoes daily security scans that address online safety concerns. Each site is tested for phishing and other online scams, as well as affiliations with risky sites, excessive pop-ups, and browser exploits. Only when the merchant’s site has passed each test can they display the “live” McAfee SECURE trustmark.

  1. Offers via an unknown person or offers that are too good to be true should be suspect.  The same goes for offers via tweets and in social media.
  2. Don’t click the links in emails. Always go to the source. Use your favorites menu or manually type in the address in your web browser with a safe search plug-in.
  3. Beware of cybersquatting and typosquatting which may look like the domain of the legitimate eTailer.
  4. Use secure sites. https in the address bar signifies it’s a secure page.
  5. Beware of eBay scammers. Don’t respond to eBay email offers. Review eBayers history. Established sellers should have great feedback.
  6. Pay attention to your billing statements. Check them every two weeks online and refute unauthorized charges within 2 billing cycles.
  7. Don’t use a debit card online. If your debit card is compromised that’s money out of your bank account. Credit cards provide more protection and less liability.
  8. Avoid paying by check online/mail-order. Credit cards have more protection and less liability.
  9. Do business with those you know, like and trust. It’s best to buy high ticket items from eTailers that also have a brick and mortar location.
  10. 10. Secure your PC. Update your critical security patches and anti-virus and only shop from a secured Internet connection.

For more safe online shopping tips, download our e-guide on how to Shop Online with Confidence.

Get three friends to visit the McAfee SECURE Shopping Portal for a chance to win an Apple iPad 2! For every three friends you get to visit McAfeeSecureShopping.com, you’ll get one entry into winning an iPad 2.

Whether you are shopping for yourself or buying a gift for someone, secure shopping online has never been easier with thousands of trusted McAfee SECURE sites.

Go to McafeeSecureShopping.com and start shopping securely today.

 

Breaches Upon Breaches, Sony, X-Factor, LastPass, bin Laden Scams

/in /by

When a major corporation like Sony gets hit then you know we are all vulnerable. Sony is a great company and like many great corporations is under constant attack. The landscape of information security is changing every day and criminals are aiming their cyber-weapons at the biggest targets in the world.

TechNewsWorld reports LastPass, the password manager was under attack last week. “Users rely on it to store the myriad user names and passwords they inevitably collect as they go about their business on the Web. With LastPass, they only have to remember one single master password. LastPass handles the rest — including, presumably, security.”

Simon Cowells X-Factor show was hit too. The Daily Star reports “Closely guarded secrets about media mogul Simon Cowell and his new US ­ X Factor show have been “stolen” by sneaky cyber crooks. The personal information and act ­details of more than 250,000 wannabes have also been exposed”.

In an email to the victims of the breach it stated: “This week, we learned that computer hackers illegally accessed information you and others submitted to us to receive information about The X Factor auditions It is possible, however, that the information you did provide to us, which included your name, email address, zip code, phone number (which was optional), date of birth, and gender, may have been accessed”.

Cybercrooks are jumping on the news of Osama Bin Laden’s demise. Spam campaigns and malware that piggy back on the news and seek to trick unwitting computer users into clicking links or opening attachments are making the rounds and McAfee Labs expects to see more over the coming days. Computer users should be cautious and especially on guard when they receive messages that purport to offer photos of Bin Laden’s body, funeral at sea or any additional details.

It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Most Unwanted Criminals: Dumpster Divers, Sly Spies, and War Drivers

/in /by

There is no shortage of bad guys, identity thieves, and hackers trying to separate you from your money. They range from previously discussed pickpockets, Trojan viruses, and ATM skimmers to dumpster divers, spies, and wireless hackers.

Dumpster Diver Dan is a liar who poses as a garbage man and turns trash into cash. Dan dives into dumpsters and trashcans seeking financial statements, credit card applications, and any other personally identifiable information he can piece together. Once the puzzle is complete, he may have enough data to take over existing accounts or create new ones in your name.

Invest in a quality crosscut shredder and shred everything with any information that can be used against you.  Names, account numbers, statements etc. Consider turning off paper statements and going entirely digital. Invest in identity protection, too, because even if you shred sensitive documents, your accountant, school, or doctor may toss your data in the trash.

Sly Spy the Silver Fox may pretend to be a free Wi-Fi hot spot, acting as an “evil twin,” providing wireless Internet access through her laptop while sniffing your account information, logins, and personal data. If you have file sharing turned on, she can browse your PC’s folders and files, and even plant a malicious program that gives her backdoor access whenever you connect to the web in the future.

Never choose an “ad-hoc” computer-to-computer wireless network that may imitate a legitimate wireless connection. It’s best to invest in a cell-based Internet, requiring a username and password. Always wait until you’re on a secure network before doing any banking or shopping. And turn off file sharing whenever you do connect to a hotspot.

Derek the Driver (as in war driver) navigates your neighborhood and local office parks on foot or in a car, seeking out unprotected, unsecured wireless connections to exploit. He hops on your Internet and looks through your data. Worse, he can use your Internet connection and your IP address to conduct illegal activities like downloading child porn, sending spam, or launching hack attacks. It gets scary when the law knocks on your door, blaming you for what a war driver did using your Internet connection.

Learn how to secure your wireless Internet connection at www.McAfee.com/wireless. It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider a McAfee Identity Protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com. (Disclosures)

McAfee’s Most Unwanted Identity Theft Criminals

/in /by

McAfee has created a tongue-in-cheek list of the most unwanted identity thieves, describing the various techniques thieves use to steal your information. It’s clever and, unfortunately, very real.

Pauly the Pickpocket & Sally Sticky Fingers work as a team to lift wallets and mobile devices from pockets and purses, often in broad daylight. Sally creates a distraction by dropping a shopping bag, crying for help, or stopping suddenly in your path, and then Pauly bumps into you from behind and picks your pocket.

To avoid having your pocket picked, keep your wallet in your front pocket, or keep your purse closed and hold it in front of you. Thin out your wallet and skip the backpack. Lock your cell phone with a password. And consider investing in McAfee’s Lost Wallet Protection service.

Trojan Sea Biscuit is a two-faced liar who sneaks malicious files into emails and hides viruses in PDFs and other downloadable files. He’s the champion ringleader in the ultimate identity theft derby of phishers, hackers, botmasters, and keyloggers.

To avoid a Trojan infiltration, use comprehensive security software, and be sure it’s set to update automatically. If a popup window prompts you to update software, hit escape or shut down the program. Go directly to the manufacturer’s website for the update.

Tim “The Skim” McCash is known for installing skimming devices and tiny cameras that can read your card data and PIN code. He targets ATMs at banks, concerts, arenas, convenience stores, and gas stations with the goal of draining your account of cash or credit before you or your bank recognizes the fraud.

To avoid having your credit or debit card data skimmed, use the same, familiar ATM whenever possible, and beware of ATMs with devices covering the card slot. Look for external devices like mirrors, brochure holders, or light bars that may hide a camera. Always cover the keypad with your other hand as you enter your PIN. And check your bank and credit card statements online at least once a week.

McAfee, the most trusted name in digital security includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Reporter’s Identity Stolen

/in /by

It doesn’t matter if you are young or old, rich or poor, if you have good credit or bad credit, pay with cash or credit card, whether or not you use the Internet, or even own a computer. You can be a maintenance worker or a scientist. It doesn’t matter.

Whether you are alive or even if you are dead, as long as you have a Social Security number, you are a potential identity theft victim.

Reporters tend to be fairly savvy and well informed. Identity theft, however, is a complicated issue, and anyone can be stumped, regardless of your level of security intelligence.

One reporter received an alert about “irregular check card activity.” It was sent late one weeknight, and she didn’t see the email until the following night. At first, she couldn’t believe her bank account could have been compromised, and suspected it was a phishing email designed to trick her into disclosing her account information. But when she called her bank, she learned that nearly all her money had already been stolen.

“I soon discovered I was a victim of identity theft and that a woman posing as me in California was allowed to spend and withdraw all of my family’s money in two linked accounts from my bank, without stealing my debit or credit cards. She took more than $40,000.”

The thief used a fake driver’s license, which replaced the victim’s ID in the bank’s computer, signed documents with a signature that looked nothing like the victim’s, and gave the bank a new phone number and address. She took over and cleaned out two accounts, one of which was a checking account used for family expenses, and the other was an investment account.

After a great deal of stress and aggravation, the victim and her husband managed to get their stolen savings reimbursed by their bank. She still doesn’t know how the thief managed to steal her identity, or if she was ever caught.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee puts victims first and provides live access to fraud resolution agents who work with victims to help restore stolen identities, even from thefts that occurred prior to subscribing to McAfee’s service.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss scambaiting on Fox News. (Disclosures)

What Identity Theft Protection Looks Like

/in /by

You hear a lot about identity theft protection these days. But what does it look like? I’ve subscribed to no less than six different services in the last decade.

Most of them make their presence felt in the form of a charge on your credit card statement, and that’s about it. One thing I like about McAfee is the fact that, when you get an alert, they’ll hold your hand through the process.

When a check was made on my credit file, I received the following message:

Dear Robert Siciliano,

As a McAfee Identity Protection member, you are receiving this automatic notification email because activity recently has been posted to your account through one or more of our industry leading services:

A. 3-Bureau Credit Monitoring

B. Internet Scanning, including chat rooms

C. Change of Address monitoring

Posted account activity doesn’t necessarily indicate identity theft. However, it can be an early indication of fraudulent activity. That’s why it’s important to always review any alerts you receive from us.

Please take the following steps immediately to examine this information and determine if this activity is authorized.

Check Your Alert – To view your complete alert report, please login here and click on “Unviewed Alerts.”

Verify The Activity – If you are aware of the change(s) and agree with the items on your alert, no action is needed on your part.

Contact Us – If you have any questions or concerns regarding your alert, including information you believe to be either inaccurate or fraudulent, please contact Customer Support immediately at 1-866-622-3911. For your convenience we are here for you daily from 6:00 AM – 6:00 PM (Pacific Time).

Remember, McAfee Identity Protection is with you every the step of the way. In the event you suspect identity theft, our dedicated Fraud Resolution Team will work closely with you to help you understand and investigate your alerts immediately.

Thank you for choosing McAfee Identity Protection to help protect your identity.

Sincerely,

McAfee, Inc.

This alert was triggered when a mortgage broker checked my credit report, with permission. I got this alert within a day of the credit check. When I logged into my McAfee account, I was able to see the actual credit check on McAfee’s dashboard.

Had the alert been triggered by anything other than a legitimate credit check, I would have called McAfee’s fraud resolution agents, who would have immediately begun a process of alerting any creditors to possible fraud. That’s comforting.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Phishers Using Holidays and Social Media to Target

/in /by

Recent reports of “The Oak Ridge National Laboratory, home to one of the world’s most powerful supercomputers, has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.”

The sophisticated cyber attack was reported to be the lowly unsophisticated phishing email.

Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside.

The criminals behind these emails are doing their research on company websites finding key individuals to model and following up their research on Facebook and LinkedIn to make their phish emails more personal.

And while criminals are still targeting “whales” or CEOs of major corporations and their officers, they are using similar attacks on consumers, as well.

McAfee Labs discovered an attack this week with the subject line “Easter Greeting” that was spammed broadly and is currently hitting inboxes around the globe.  The e-mail that depicts a colorful picture of a bunny, chicks, and eggs has the subject line, “Easter Greeting From Alex.”  The clickable text at the bottom of the message reads “Download Animated Greeting Here” which is a booby trapped message that leads directly to malware and puts an infected PC under the control of the attacker who attempts to steal passwords and other personal information.

Since the threat has already been identified by McAfee Labs, McAfee software will protect customers against it.

This event is a good reminder for consumers to keep these basic computer safety rules in mind:

Don’t click on links in e-mail messages and be extra suspicious of messages like this Easter Greeting.  If you think it is legitimate, ask the supposed sender by sending a separate e-mail if they sent you a greeting.

Run a full, up-to-date suite of security software.

Ensure your operating system and other applications have the latest patches.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Pickpockets, a Dying Breed

/in /by

If there were a criminal hall of fame with an award for the coolest criminal, it would have to go to the pickpocket. Pickpockets are sneaky creatures who manage to function exactly one degree below the radar.

Pickpockets whisper through society, undetected and undeterred. They are subtle and brazen at the same time. They are like bed bugs, crawling on you and injecting numbing venom that prevents you from detecting their bite until it’s much too late. They aren’t violent like a drug-crazed mugger, or confrontational like a stick-up robber. They have more gumption than criminal hackers, since they don’t hide behind the anonymity of the Internet.

NPR reports that nowadays, picking pockets has become a rare and increasingly difficult crime, thanks to “stepped-up surveillance in most public places,” the dismantling of systems of apprenticeship, heftier sentences, and the widespread use of debit cards.

One pickpocket is quoted as saying, “When people stopped carrying money, that was the beginning of the end of pickpocketing…Pickpockets have no respect for thugs or robbers. We consider them ancient. Prehistoric. We feel that anybody can stick a gun in a person’s face — that’s not hard to do. But to take a person’s money and them not knowing it’s gone — that’s the art of it. That’s the cleverness of it.”

Identity thieves serve as the modern incarnation of pickpockets. They slip into your mailbox or hack into your PC while you sleep. They are daring, cunning, and have ample choice of targets.

There was a time when pickpockets could make a couple thousand dollars in a day. Identity thieves can now make tens of thousands of dollars in a single day.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, McAfee will help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (See McAfee’s guarantee for details.)

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Lawmakers Push To Shield Last 4 Social Security Numbers

/in /by

Most of us have become accustomed to giving out the last four digits of our Social Security numbers. But this customary request is becoming increasingly problematic, and two Rhode Island lawmakers are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, including the first five digits, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. This, of course, makes the last four digits vulnerable.

NBC 10 Rhode Island reports, “The lawmakers say identity thieves can often determine an entire Social Security number from just a few digits. They called the bill ‘a seemingly small, but vitally important way for government to further protect its citizens from the financial and emotional devastation of identity theft.’”

The nine-digit Social Security number is composed of three parts. The first set of three digits is the Area Number. The second set of two digits is the Group Number. The final set of four digits is the Serial Number.

The Area Number is assigned by geographical region. Prior to 1972, when cards were issued in local Social Security offices around the country, the Area Number represented the State in which the card was issued, but not necessarily the applicant’s state of residence.

The Group Number ranges from 01 to 99, but numbers are not assigned in consecutive order. For administrative reasons, odd numbers from 01 through 09 are issued first, followed by even numbers from 10 through 98.

Serial Numbers run consecutively from 0001 through 9999.

This numbering scheme was designed in 1936, before the existence of computers, primarily for the purpose of tracking Social Security benefits. It was not designed to be used as a national identification number, as it arguably is used today. And once a criminal gets your Social Security number, he has extensive access to your identity.

To avoid becoming an identity theft victim, consider subscribing to an identity theft protection service that offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News. (Disclosures)