Cryptocurrency Fraud and Malware Scamming Investors

Cryptocurrency is hot right now, and whenever something is hot, hackers pay attention. Research has recently showing that more than 10 percent of all the funds that were raised through the ICOs, initial coin offerings, simply disappeared.

CryptocurrencyIt is popular for ICO’s to be used as an early-stage investment form. So, instead of buying shares, investors buy digital tokens. However, the companies that sell these ICOs don’t have any product to give investors except a whitepaper. This whitepaper tells them how things could theoretically work, the investment scheme, but it seems, it doesn’t always happen that way.

Sometimes the Money Just Disappears

Ernest & Young took a look at over 370 ICOs. The firm found that out of the $3.7 billion raised through these offerings, about $400 million vanished. Where did it go? Research shows it went to hackers using phishing attacks.

It’s not clear if the researchers looked at companies that didn’t deliver or disappeared. For instance, one company, Tezos, pulled in about $232 million during an ICO. However, investors got nothing. That looks like fraud.

How Malware is Responsible for Missing Money

At this point, you might be wondering how these scams are happening. One way is criminal hackers using malware. Specifically, it’s Satori. Satori, which is the actual malware responsible for this, is definitely wreaking havoc with investors who are looking for a huge return. Netlab 360, a Chinese-based company, released a report recently pointing the finger at Satori, which is affecting the Claymore Miner software.

By using mining software, investors are able to obtain the cryptocurrency. However, the malware is making this impossible getting in the middle of the transaction. After the malware gets control of the software, it replaces the address of the wallet with one that is controlled by the hacker.

So, the user believes that this currency is coming into their wallet, but in reality, they are doing the work and someone else, the hacker, is getting the currency. What’s even worse is that the owners of the wallets don’t even realize this is happening unless they look at their software configuration.

In total, researchers have determined just over one Etherium coin has been hacked, so it’s not extremely profitable at this point, yet. However, there is great potential, and when it comes to cybercriminals, they will certainly find a way.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Beware of Job and eWork at Home Scams

Pandemics can be quite stressful. There are millions of people out of work, and there we really don’t know when the economy will truly bounce back. Those who are out of work are seeking other jobs, at least temporarily, and many are looking for jobs that they can do from home…right from Google.

jobsSince people have been losing their jobs, searches for terms like “laid off,” “unemployment benefits,” and “unemployed” have skyrocketed. Though some people are finding legitimate search results, others are falling for sites that are scams, and Google is allowing these sites to stay.

We have often used Google search data to determine what type of economic anxiety people are feeling, and this is certainly true right now.

Google makes its money through advertising, so it’s not totally surprising that these sites are allowed to stay on. When people are searching for information on unemployment, advertisers are seeing this, and are able to determine where they should market. This includes those working for predatory companies, who are targeting people who are unemployed.

One such example is “unemploymentcom.com.” This is a site that seems, at first, like it might be a good resource for someone who is unemployed. While there are some legitimate links there, in general, the site is trying to get people to sign up for “site profiles” and other things. It also urges people to sign up for access to your credit score…for a fee, and it absolutely sells all of the data it gets to other organizations.

When you look at the privacy policy of this website, you can see that it is owned by OnPoint Global, a conglomerate, which claims it has around 11 million people filling out unemployment surveys each month. However, what people doing this don’t realize is that the information the site is collecting is likely being complied into a package for advertisers, which also includes any other public information they can find about the person filling out the survey.

Keep in mind that it is not just the pages for people looking for information on unemployment that we are talking about. It can really be anything similar, like “unemployment insurance.” Some of these searches can even lead you to sites that can hijack your browser. Other sites simply collect as much data as they can, and then sell the information to marketers.

Everyone who is out there scared and unemployed are still considered to be consumers to these companies, and they still are seen as people who have money to spend. So, Google is still pushing sites like these to the top of search results, and still making a pretty penny from clicks. So, do yourself a favor and start being aware of the ads you are clicking, and better yet…don’t click them at all.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Teen Tragic Love: Lesson for Parents?

This story is kinda dark. Recently the ID Channel ran an episode called “Forbidden: Dying for Love — Together Forever, Forever Together.”

The 19-year-old was Tony Holt. Let’s call his 15-year-old girlfriend Kristen.

Kristen, 14, Falls Hard for Tony, 18

She met him when he was working at a grocery store. But he also happened to be a senior at her new high school. Prior to meeting him, Kristen knew her mother wouldn’t allow dating till she was 16.

Kristen’s mother eventually learned of the secret relationship and forbad it. The girl and Tony kept seeing each other on the sly. Mama learned of this and again, forbad it. Kristen then pretended the relationship was over and even talked of how she now hated Tony. Her mother was thrilled.

Meanwhile the teens kept sneaking around.

Forbidden love can be funner! Anyway, Mama found out again, stormed into the grocery store and angrily announced to Tony that if he ever went near her daughter again, she’d have him arrested for statutory rape. Which, is in fact statutory rape in many states.

The threat had him really scared about going to prison. He appeared at Mama’s house soon after and apologized for upsetting her and said that he and Kristen were going to cool it and just be friends.

But they continued seeing each other, and Mama discovered photos in Kristen’s bedroom of the two making out. More furious than ever, she forbad any contact. (Kristen’s father was out of the picture.)

Not long after, she got a call at work to come to the house. The police were there. Tony and Kristen were both dead from a gunshot wound to their heads.

A suicide note left by Kristen explained that the only way they could be together was to die and go to heaven where they could live happily ever after. Kristen had also left a suicide message on the answering machine, apologizing for the suicide pact. I’ll bet you didn’t see that one coming. Neither did I.

Questions to Wonder About

  • Why didn’t the teens decide to just avoid sex for three years, after which they could then marry and have up to 70 years of glory together? Abstinence is hardly an extreme move when you pit it against a murder-suicide.
  • What if Kristen’s mother permitted the relationship and even had Tony over every week for dinner? But what if, at the same time, she expressed her disapproval over their sexual relations?
  • What if she had said, “If you get pregnant, you’ll be grounded – by your baby. I won’t report statutory rape, but I also won’t help you out with the baby, either.”

That last warning may sound harsh, but it’s a crapshoot type of warning: It just might work.

Lessons Learned

  • You can’t stop two love-struck teens from seeing each other, so you may as well be civil to the unapproved young man.
  • While it’s important to stand your ground as a parent, there also comes a time when a sweet spot needs to be figured out. After all, not only might there be a suicide pact, but there are quite a few documentaries in which the forbidden young man murdered his girlfriend’s disapproving parents.
  • It’s never too early to teach your children the virtues of delayed gratification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Conference Invitation Scams

Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

Spotting a Scam

There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

  • The invitation has typos or bad grammar
  • The invitation seems very random or out of no where
  • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
  • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
  • Payment options don’t include credit cards
  • The invitation is overly flattering
  • There is a sense of urgency pushing you to send personal information
  • The greeting on the invitation is questionable, i.e. “Salutations.”
  • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
  • The conference is held in a different country, i.e. Asia or the Middle East
  • The landing page doesn’t have a physical address or landline number
  • The invitation sounds too good to be true

How Do These Scams Work?

In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

Protecting Yourself from Invitation Scams

Here are some tips and tricks that you can use to protect yourself from these types of scams:

  • If you get an email similar to ones described here, don’t respond.
  • You should investigate any invitation that you are not sure of.
  • Do not agree to send money, and only pay with a credit card.
  • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
  • Research the event and try to match up the information that you were given in the invitation email.
  • Copy and paste some of the email into Google to see if others have reported that this is a scam.

What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant.  Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

WARNING: You or Your Members Could be Targets of List Scams

There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

Robert Siciliano, CSP, SAFR.ME

These Lists are Lies

Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

More Conference Invitation Scams

Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards. 

But Wait…There’s More

Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

Know Your Options

  • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
  • If in doubt, confirm with the company that the offers from third-party claims are correct.
  • You can also get an official exhibitor list of official vendors.
  • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
  • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

Wi-Fi Hacks

Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Access that Old Email Account

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

10 Ways to Prevent Holiday Shopping Scams

The winter holidays: a time for festivities and … fraud-tivities.

Gift Card Grab

Never, ever enter your credit card or other sensitive information to claim a gift card that comes via email.

Never Buy Over Public WiFi

Shopping over public WiFi means your credit card, bank account or login data could get picked up by a cyber thief. Use a VPN.

Coupon Cautious

If a coupon deal seems too good to be true, then assume it is. End of story. Next.

Password Housekeeping

  • Change the passwords for all your sensitive accounts.
  • No two passwords should be the same.
  • Passwords should be a random salad of upper and lower case letters, numbers and symbols – at least 12 total.
  • A password manager can ease the hassle.

Two Step Verification

  • A login attempt will send a one-time numerical code to the user’s phone.
  • The user must type that code into the account login field to gain access.
  • Prevents unauthorized logins unless the unauthorized user has your phone AND login credentials.

Think Before You Click

  • Never click links that arrive in your in-box that supposedly linking to a reputable retailer’s site announcing a fantastic sale.
  • Kohl’s, Macy’s, Walmart and other giant retailers don’t do this. And if they do, ignore them.
  • So who does this? Scammers. They hope you’ll click the link because it’ll download a virus.
  • The other tactic is that the link will take you to a mock spoofed site of the retailer, lure you into making a purchase, and then a thief will steal your credit card data.

Bank and Credit Card Security

  • Find out what kind of security measures your bank has and then use them such as caps on charges or push notifications.
  • Consider using a virtual credit card number that allows a one-time purchase. It temporarily replaces your actual credit card number and is worthless to a thief.

Job Scams

Forget the online ad that promises $50/hour or $100 for completing a survey. If you really need money then get a real job.

Monthly Self-Exam

For financial health: Every month review all your financial statements to see if there is any suspicious activity. Even an unknown charge for $1.89 is suspicious, because sometimes, crooks make tiny purchases to gage the account holder’s suspicion index. Report these immediately.

Https vs. http

  • The “s” at the end means the site is secure.
  • Do all your shopping off of https sites.
  • In line with this, update your browser as well.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect Yourself From Gift Card Scams

So maybe Christmas now means the very predictable gift card swap, but hey, who can’t use a gift card? But beware, there are a ton of scams. This includes physical, not just digital, gift cards.

Regardless of who gave you the card, you should always practice security measures. Below are two common ways that fraudsters operate.

Transform Gift Card to Cash Twice.

If someone gives you a $200 gift card to an electronics store and then it’s stolen, you technically have lost money, as this is the same as someone stealing a wad of cash from your pocket.

Nevertheless, you’ll feel the loss just as much. Crooks who steal gift cards have numerous ways of using them.

  • Joe Thief has plans on buying a $200 item with your stolen gift card from your gym locker.
  • But first he places an ad for the card online, pricing it at a big discount of $130 saying he doesn’t need anything, he just needs money.
  • Someone out there spots this deal and sends Joe the money via PayPal or Venmo.
  • Joe then uses the $200 gift card to buy an item and sells it on eBay
  • And he just netted $130 on selling a stolen gift card that he never shipped.

Infiltration of Online Gift Card Accounts

Joe Thief might also use a computer program called a botnet to get into an online gift card account.

  • You must log into your gift card account with characters.
  • Botnets also log into these accounts. Botnets are sent by Joe Thief to randomly guess your login characters with a brute force attack: a computerized creation of different permutations of numbers and letters – by the millions in a single attack.
  • The botnet just might get a hit – yours.

Here’s How to Protect Yourself

  • Be leery of deals posted online, in magazines or in person that seem too good to be true and are not advertised by reputable retailers.
  • Buy gift cards straight from the source.
  • Don’t buy gift cards at high traffic locations, at which it’s easier for Joe to conceal his tampering.
  • Change the card’s security code.
  • Create long and jumbled usernames and passwords to lessen the chance of a brute force hit.
  • The moment you suspect fraudulent activity, report it to the retailer.
  • Spend the card right away.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.