Online Shopping and Counterfeit Goods – The Facts Don’t Lie

As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.

9DWhen you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.

Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:

People are Exposed to Online Counterfeit Goods All of the Time

With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.

In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.

This is a Global Issue

Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.

Attitudes Towards Buying Counterfeit Goods

One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.

As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.

Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:

  1. Check the URL: In a practice known as “typosquatting” fraudulent sites will often be under a misspelled brandname.com, attempting to trick consumers into thinking they are on a reputable website.
  2. Check the Price: Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.
  3. Check the “About” and the “FAQs” pages: Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.
  4. Check for reviews: Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Ensure Safe and Secure Online Shopping this Holiday Season

So, who’s on your holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on your holiday gift list! Here’s how to keep these cyber thieves out of your pocket:

  • Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.
  • If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they very recently purchased from.
  • When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.
  • Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the ransom.
  • Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.
  • Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.
  • Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.
  • Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Online Shopping Warnings and Advice

Shopping online can be just as dangerous to your security as leaving your car unlocked in the mall parking lot.

2CConsumer Reports notes the following:

Don’t judge a website by its cover. A malicious website can look legitimate, even though it aims to nab your personal data, even identity, or sell counterfeit products.

Others aim to lure you in “with low prices they honor only if you buy extra items, or quietly adding unexpected charges based on fine-print disclosures they know you won’t read.”

  • Look up any unfamiliar online store on bbb.org (Better Business Bureau). Check the rating, any adverse reviews and confirm its address. Search it out with keywords like “complaints.”
  • Carefully read the seller’s fine print.
  • Don’t use a debit card; use a credit card, so that the dispute process is easier.

Defective products. Read the fine print; it may say that all goods “are sold as is.” This means you won’t have the right to receive a replacement for bad merchandise.

You may be able to get a refund within 30 days of purchase, but beyond that, many sites say you must deal directly with the product’s manufacturer (you’ll need to pay for return shipping). Another problem is when the website is not an authorized dealer for the product you bought.

  • Make sure the site is an authorized dealer. Contact the manufacturer if necessary. Read the terms and conditions.
  • Be suspicious of sites that you know or believe will send you tons of spam after your purchase.
  • Understand the site’s privacy policy before giving personal data. “Many retailers let you elect to receive offers or have your info shared.” Others will automatically spam you or share your information unless you uncheck the pre-checked option boxes. “And limit the info you provide to what’s critical for completing the purchase.”

Infected computer, or your payments are disrupted.

  • Never give out credit card information unless the Internet connection is secured.
  • Don’t peruse the Web unless the computer (or smartphone) is protected.
  • Make sure the retailer’s URL begins with a “https” (the “s” is necessary) preceded by a padlock icon.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Hectic Holidays Heavenly for Hackers

Ahhh, it’s that time of the year again: the hustle and bustle of the holiday season—parties, gift giving, travels and get togethers with friends and family. But it also brings up the question of how and when are you going to have time to shop and get everything done in time?—let alone fight those crowds at the mall for that elusive parking space.

online-shopping
With online shopping, not only can you shop any time of day (or night if you’re like me and a night owl), from the comfort of your couch or recliner and can easily compare prices without walking up and down the mall or driving all over town. You can even get things online that you simply just can’t buy locally. But while online shopping provides you with a high level of convenience, it also provides cybercriminals with opportunities to steal your money and information through various online scams.

That’s why as Black Friday and Cyber Monday (which has become one of the biggest online shopping days of the year) approaches, you need to make sure you’re being smart when shopping online. Besides making yourself familiar with the 12 Scams of the Holidays, here’s some tips to stay safe online:

Be wary of deals. Like Mom said, “if it’s too good to be true, it probably is”. Any offer you see online that has an unbelievable price shouldn’t be believable. I saw a 25-foot camper on Craigslist for 10% of the list price, and it was within 10 miles of me. My endorphins rushed and I was filled with excitement—I wanted it! Then I found out it needed to be shipped from Chicago (I live in Boston) and I calmed down. But I can see how when a person’s endorphins peak, hasty decisions can ensue.

Use credit cards and not debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. Some credit card companies even offer extended warranties on purchases. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Even better is a one-time-use credit card, which includes a randomly generated number that can only be used for a single transaction. While this may be an extra step in your shopping process, it can go a long way to protecting yourself online and it’s a good way to #HackYourLife.

shopping-deels

Beware of fake websites. When searching for a product online, you are likely to end up clicking on something within the first few pages of your search results. Cybercriminals often setup up fakes sites that look real at URLs that are common misspellings or typos of well-known shopping sites (also known as typosquatting).Instead of typing in the URL of your favorite site, make sure you have a safe search plug-in installed on your browser, like McAfee® SiteAdvisor®, and search for that site. SiteAdvisor will then give you color-coded safety ratings in your browser search results and give you a warning before going to sites that are known to be malicious.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

mCrime; Hacking Mobile Phones for Identity Theft

Robert Siciliano Identity Theft Expert

History indicates that we are at the forefront of an era in which criminal hackers develop tools and techniques to steal your money using your own cell phone.

Fifteen years ago, cell phones were so bulky and cumbersome, they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Calls dropped every other minute. Clearly, cell phones have evolved since then. Today’s cell phone is a lot more than a phone. It’s a computer, one that rivals many desktops and laptops being manufactured today. A cell phone can pretty much do everything a PC can do, including online shopping, banking, and merchant credit card processing.

The personal computer started out slow and stodgy, and was mainly used for things like word processing and solitaire. Today, PCs are fast, multimedia machines, capable of performing amazing tasks.

There are consequences to the rapid evolution of these technologies.

A decade ago, during the slow, dial up era, hackers (and, in the beginning, phreakers) hacked for fun and fame. Many wreaked havoc, causing problems that crippled major networks. And they did it without today’s sophisticated technology.

Meanwhile, the dot-com boom and bust occurred. Then, as e-commerce picked up speed, high speed and broadband connections made it easier to shop and bank online, quickly and efficiently. Around 2003, social networking was born, in the form of online dating services and Friendster. PCs became integral to our fiscal and social lives. We funneled all our personal and financial information onto our computers, and spent more and more of our time on the Internet. And the speed of technology began to drastically outpace the speed of security. Seeing an opportunity, hackers began hacking for profit, rather than fun and fame.

Now, iPhones and other smart phones have become revolutionary computers themselves. For the next generation, the phone is replacing the PC. AT&T recently announced that they’ll be upping the speed of the latest version of their 3G network, doubling download speeds. It has been reported that the next iPhone will have 32 gigabytes. That’s more hard drive than my three year old laptop.

So naturally, criminal hackers are considering the possibilities offered by cell phones today, just as they were looking at computers five years ago.

Two things have changed the game: the speed and advancement of technology and spyware. Spyware was created as a legitimate technology for PCs. Spyware tracks and records social network activities, online searches, chats, instant messages, emails sent and received, websites visited, keystrokes typed and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. Parents can use spyware to monitor their young children’s surfing habits and employers can make sure their employees are working, as opposed to surfing for porn all day.

Criminal hackers created a cocktail of viruses and spyware, which allows for the infection and duplication of a virus that gives the criminal total, remote access to the user’s data. This same technology is being introduced to cell phones as “snoopware.” Legitimate uses for snoopware on phones do exist: silently recording caller information, seeing GPS positions, monitoring kids’ and employees’ mobile web and text messaging activities. Criminal hackers have taken the snoopware and spyware technology even further. Major technology companies agree that almost any cell phone can be hacked into and remotely controlled. Malicious software can be sent to the intended victim disguised as a picture or audio clip, and when the victim clicks on it, malware is installed.

One virus, called “Red Browser,” was created specifically to infect mobile phones using Java. It can be installed directly on a phone, should physical access be obtained, or this malicious software can be disguised as a harmless download. Bluetooth infared is also a point of vulnerability. Once installed, the Red Browser virus allows the hacker to remotely control the phone and its features, such as the camera and microphone.

While this may sound improbable, I’ve consulted and appeared on television (Tyra Banks and Fox) with an entire family that seems to have been victimized by every aspect of snoopware. The Kuykendalls, of Tacoma, Washington, found that several of their phones had been hijacked in order to spy on them. They say the hacker was able to turn a compromised phone on and off, use the phone’s camera to take pictures, and use the speakerphone as a bug. Ever since the program featuring the Kuykendalls’ story aired and continues to repeat, I’ve received dozens of emails from people around the world who have experienced the same thing. Many of these people seem totally overwhelmed by what has happened to them, and some are beginning to suffer financial losses.

If history is any indication of the future, mobile phones, just like computers, will soon be regularly hacked for financial gain. Prepare for mCrime in the form of credit card fraud, identity theft and data breaches.

Some Internet security software providers are beginning to offer software specifically for mobile phones. In the meantime, identity theft protection services are one line of defense against the latest cybercrime techniques.

Robert Siciliano, identity theft speaker, discusses hacked cell phones.

Privacy Is Dead, Identity Theft Prospers

My information is in lots and lots of different places. I sacrifice a lot of privacy because of the nature of my business. If I wasnt so dependant on eyeballs I’d live much differently. However to participate in society on any level, privacy becomes a dead issue. Accept it. Or live in the jungle in Africa.

A CEO of a major software company declares, “You have zero privacy, get over it.” In response, the FTC states, “Millions of American consumers tell us that privacy is a grave concern to them when they are thinking about shopping online.”

Do you agree? Is privacy dead? Do you share your “status” on Facebook? Twitter? Do you have a MySpace page? A blog? Do you post your family photos on any of the above, or on Flicker?

The statement, “You have zero privacy, get over it,” was made by Scott McNealy, former chief executive officer of Sun Microsystems, in 1999. That was 10 years ago. Before the phrase “social networking” or the word “blog” entered our lexicon.

Here we are in 2009, when that statement is 100 times more true than it was 10 years ago. When you ask people if they are concerned about online privacy, they respond with a big, loud, angry “YES!” Then they hypocritically use their Facebook pages to inform the world that they are about to go on vacation. Which means that the lights are off and nobody’s home.

It isn’t just web users voluntarily giving up their privacy, it’s also corporations and government agencies gathering data as a form of intelligence. This data might be used to sell you something or it could be used to protect us in the form of Homeland Security.

Our personal information can be bought and sold. “Information brokers” sell our data to anyone with a credit card. One of the largest publicly traded information brokers in the world is a company called ChoicePoint. Last time I checked, they had 19 billion records on file. And one of their biggest customers is the US government.

So even if you don’t update your Facebook status to tell the world you just made a tuna sandwich, chances are, your phone number, your most recent address, or even your anonymous chat handle can be found on Zabasearch.com or iSearch.com. If you’ve ever committed a felony, your data may be on CriminalSearches.com Heck, just Google yourself.

At least head to Facebook and lock down your privacy settings. You get to them from the Settings –> Privacy Settings menu.

If you are reading this, you are participating in society. The price you pay is sacraficing your personal identifying information in order to get an Internet connection, credit, a car, medical attention, to go to school or buy a pair of shoes. While many citizens scream against Big Brother and corporate America abusing their trust, many will also give up all their privacy for ten% off a new pair of shoes.

All this makes it very easy for criminal hackers to commit identity theft. They use this available data to become you. Since your data is already out there, you’d better invest in identity theft protection and make sure your PC is up to date with Internet security software.

For more information, I recommend You Have Zero Privacy – Enjoy It! by Mike Spinny, and Cyberwar’s First Casualty: Your Privacy by Preston Gralla and Why give up Privacy? by Bob Sullivan

Robert Siciliano, identity theft expert, discusses background checks.

Is the security community selling fear?

Robert Siciliano Identity Theft Expert

Cyber crime profits are running into the trillions.

Weekly, and often daily, I remind readers of how potentially screwed they are once they boot up their PCs and access the Internet. Identity theft is a real problem that messes up people’s lives. When someone’s PC is hacked and their passwords are compromised, account takeover can be financially devastating. Even though a financial institution may resolve the errors, victims still lose money.

Most are beginning to realize that the only secure PC is one that is powered off.

Many view these rants as selling “FUD”: fear, uncertainty and doubt. And selling fear is what gets people to buy your security product. Many have accused the Internet security companies of being fear mongers peddling their wares during the Conficker scare.

Fear-based selling has been going on since the beginning of time and will always be a part of the sales cycle. But am I really selling fear? Do those I work with sell fear? I don’t think so. But feel free to disagree with me.

The fact remains that there are scumbags out there, trying to figure out how to get you to part with your money in thousands of different ways, every day, all day. And if reminding readers of all these scams and then selling a solution to the problem is selling fear, then so be it. The question is, is the fear real or made up? Is there a legitimate scare that needs to be brought to light, and a solution that will fix it? Or is this just selling snake oil and false promises, and taking advantage of people?

Information Week states, “The computer security industry has failed computer users, and the Internet has become so unsafe that average users can’t protect themselves.” The Internet is not a safe place for everyday folk. The online world is like Iraq and Afghanistan (dangerous), the Taliban (criminals) are everywhere. Most people do not have the capacity to secure their networks or the technical know-how to surf safely. Studies show that 40% of web surfers haven’t updated their browser’s security, or their Windows-based computers don’t have their critical security patches updated.

The threats are real. The Washington Post reports that Senate lawmakers are advancing legislation to create mandatory computer security standards for government and private sector operators of critical infrastructure. This is legislation that will force standards in security,  ensuring that we keep the lights on, the fields plowed, the water clean, and the engines running.

If there was ever a time to be “fearful” and to make an investment in identity theft protection, Internet security software such as McAfee, or any other protective hardware or software as a result, now is that time.

Robert Siciliano Identity Theft Speaker discussing online security here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert and Speaker on Personal Security Urges Holiday Shoppers to Beware of Malicious, Continually Growing Online Threats to Computer Security

(BOSTON, Mass. – Nov. 29, 2007 – IDTheftSecurity.com) Reports during November indicated that online threats such as spyware continue to increase in frequency and maliciousness. Robert Siciliano, a widely televised and quoted personal security and identity theft expert, said that even though computer users may hear more about computer threats during the shopping season, they must always exercise caution online.

“As the holiday shopping season sets into full swing,” said Siciliano, “news of dangers to online consumers will increase. This is a good thing; everyone needs a constant reminder of the security threats that lurk on the Web. But the vigilance must also be constant, evident throughout the year, and not just between Thanksgiving and the New Year.”

CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report’s editorial board, Siciliano leads Fortune 500 companies and their clients in workshops that explore consumer education solutions for security issues. An experienced identity theft speaker and author of “The Safety Minute: 01,” he has discussed data security and consumer protection on CNBC, on NBC’s “Today Show,” FOX News, and elsewhere.

As reported by darkREADING on Nov. 27, the Computing Technology Industry Association (CompTIA) surveyed 1,070 organizations and found that 55 percent had experienced an increase in spyware over the past year.

Also on Nov. 27, the SANS (short for “SysAdmin, Audit, Network, Security”) Institute, a self-described cooperative research and education organization, posted in a news release its picks for the “Top 20 Internet Security Risks of 2007.” One of the scenarios that SANS cited was a type of phishing attack known as spear phishing, which, by targeting specific individuals using company machines, infects those machines. This transforms the compromised machines to portals that give hackers access into organizations’ entire networks. (Keyloggers, zombies, and other threats with similarly exotic-sounding names also made SANS’ list.)

One new threat, reported in SC Magazine on Nov. 7, has masqueraded itself as a solution. According to the article, a banner ad prompts those who click on it to purchase putative anti-spyware software. But the landing page instead collects victims’ money and credit card information in exchange for a program that downloads a virus that collects the personal information from the infected computer over time.

Bogus sites with URLs similar to presidential campaigners’ have been reported as well. A Nov. 1st news release from Webroot Software, Inc. urged Internet users to use caution when searching online for information on presidential candidates. According to the release, the company has detected links to malicious software downloads from spoofed presidential candidate Websites.

Spoofed Websites, just as the term implies, are bogus. The same day of Webroot’s announcement, a ComputerWorld article speculated that hackers might use the fake sites to obtain a portion of campaign contributions, which increasingly take place online.

“Just as predicted, hackers are getting more and more sophisticated and clever,” said Siciliano. “Computer users can install all the antispyware, antivirus, and other software they want — and they should. But the ingredient really needed is common sense. Just because a computer has the latest, greatest protection installed doesn’t render it untouchable; a smart user does.”

Readers may view YouTube video below of Siciliano on “FOX News,” explaining how the ubiquity of Social Security numbers as universal identifiers helps thieves online and off-line. Those wishing to learn how to protect themselves against identity theft, a major concern for anyone who has fallen prey to online scammers, may view video of Siciliano at VideoJug.


###

About IDTheftSecurity.com
Identity theft affects us all. Robert Siciliano, CEO of IDTheftSecurity.com and member of the Bank Fraud & IT Security Report’s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients.

A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” CNN, MSNBC, CNBC, “FOX News,” “The Suze Orman Show,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “The Howard Stern Show,” and “Inside Edition.” The Privacy Learning Institute features him on its Website. Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others.

Visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with Siciliano directly:

Robert Siciliano, Personal Security Expert
CEO of IDTheftSecurity.com
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
www.idtheftsecurity.com

The media may also contact:

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.biz
www.STETrevisions.biz