Gold Farming A Chinese Full Time Job

/in /by

Gold farmers play massive multiplayer online games, not for fun, but to accumulate virtual currency, or “gold,” which can then be sold to other players, despite the fact that most game operators explicitly ban the exchange of in-game currency for cash. Gold farming is so lucrative, people in China and other developing nations can support themselves by working full-time operating gold farming rings.

About.com reports “most gold farmers are from developing countries such as China and Vietnam. According to World Bank estimates, there are currently over 100,000 people working as full-time gamers in China. They toil away for 12 or more hours a day in internet cafes, abandoned warehouses, and small offices, making about 25 cents an hour, or roughly $75 a month. There are quotas in place and work performances are heavily evaluated. The workforce is dominantly made up of migrant teenagers and young adults who come to the cities looking for work. These “virtual sweatshops” resemble the thousands of toy and appliance factories that have opened in China in the past several decades to take advantage of China’s abundance of cheap labor.”

Many leading MMOs are finding it increasingly necessary to deploy a layered defense to protect against gold farming, chargebacks and increasingly, account takeovers within gaming environments.  By leveraging the power of device reputation, which looks at the computer, smart phone or tablet connecting to the games, the gaming publisher can easily connect together players working together and shut down entire rings in one sweep.  In one case, a major gaming publisher saw the marvel of Oregon-based iovation’s fraud protection service and took action against 1,000 fraudulent accounts shortly after implementing the SaaS-based service.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

What is mCommerce and how do you keep transactions safe?

/in , /by

mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present. In other words, “present” might mean your mobile is equipped with an application that you use to make a purchase in person, such as to buy a cup of coffee or a train ticket. “Not present” could be when you use another application or your mobile browser to make a remote purchase over the Internet or another type of mobile network.

There are several different forms of mobile commerce:

Mobile shopping: You comparison shop or purchase something online using your mobile device (and its browser or a mobile app)

Mobile banking: You interact with your bank account (actions such as check the balance, transfer between accounts, make payments) using your mobile device

Mobile wallet (mobile payments): The mobile device itself is used to authorize payment (via a stored credit card)

Mobile point-of-sale (POS): Specialized card swiping attachments let your mobile device be used to collect payment from a credit card

All of these forms of mobile commerce require a wireless connection to the internet over Wi-Fi or your carrier’s 3/4G connection. Always use a like Hotspot Shield when engaging in mCommerce. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop or iPhone and your Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Craigslist Robbery By Appointment

/in , /by

It’s springtime. You put an ad on Craigslist to get rid of some things, clean out your garage and make a few bucks while you are at it. Maybe you have an old diamond ring to sell. Or that truck you are driving isn’t what it used to be, so you decide it’s time to sell. 
The ad goes out, people call and you make the appointments. But, unfortunately, things don’t always go as planned, do they?

The Spec reports, The odds of being physically harmed from using an online classified service are not high, but a blend of cybercrime and physical crime is common enough in the U.S. that one police force there has offered consumers the opportunity to conduct online transactions in person at their police station.

“People believe that because it’s there online, and that someone is reaching out, that it must be legitimate … There’s a reason your mom always told you not to talk to strangers.”

Use Craigslist with caution. Don’t think for one second you can’t be robbed, burglarized, scammed or killed. Some people’s homes have been invaded, and it can happen to you too. Be very careful who you contact; you never know who the person is or what his motivation may be.

Get identification details pre-meeting. Make sure to get the full contact details of the other person and call back to verify. A little white lie like, “My brother is a cop and will be here” will make the person you’re dealing think twice about harming you.

Meet at a public location. Coffee shops, malls, police stations—anywhere but your home that involves lots of other people. The more eyeballs, the better.

Trust your instincts. Don’t discount any weird feelings you might have about meeting with this person. If something seems wrong, then it IS wrong. Cancel if you don’t feel right about it.

Enlist a buddy. Strength in numbers makes predators think twice. Predators thrive on isolation. By pairing up, you reduce the chances of being attacked.

Be street smart. Expensive jewelry and provocative clothing can invite an attack. Scarves around your neck give attackers something to grab and choke you with. Wear sneakers that you can run and fight in.

Be on guard. Just like Mom said, there is risk in meeting strangers. Being on guard can keep you from getting into a compromised position.

Stay in communication. Let your spouse, friends, family or coworkers know where you are going, who you will be meeting and when you will be back. Stay in contact on your mobile while you are meeting.

Use your panic alarm. If you are crazy enough to meet the other party at your home, have someone stand guard at your home security alarm’s panic button to summon the police if things go wrong.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.

Graduates: 10 Stupid Things You Don’t on Facebook

/in /by

You’ve done it. You’ve graduated at last. Your whole life is in front of you. Now is the time to make plans, embrace the world, take responsibility, make a statement, do some good and make this place better than how you found it.

And this should go without saying, but please don’t be stupid.

I’m not preaching here; the fact is I am fully qualified to discuss this topic because every day when I wake up, I tell myself, “Today I’m not going to say something stupid.” But, being human, I often do or say stupid stuff. However, rarely do I make it public online.

Listen. I know it’s hard. I know you can’t help yourself. I know you think you know everything and I know you are telling me to shut up. But in the words of the lovely and talented Fire Marshal Bill: “LET ME TELL YA SOMETHING!”

What you say, do, post, like and even whom you friend on social networks will affect every moment of your life going forward. Social is the new norm, and even adults are guilty of the stupidity of putting something online that gets them busted.

With graduation coming and millions of you getting ready to enter the workforce, you need to be aware of what is and isn’t appropriate in the professional world. While many employers expect that their employees will maintain social media profiles and even support work initiatives via those channels, as a new grad, you need to be aware that your missteps in social media could taint your employer’s image and damage your professional reputation. When people do not use good judgment when posting and share the wrong content with the wrong people, they can jeopardize their careers.

According to McAfee’s Love, Relationships and Technology study, 13.7% of millenials (18-24 year olds) know someone who was fired because of personal images or messages that had been publicly posted and 13% of adults have had their personal content leaked to others without their permission

 GradGraphic_LRT1

It’s time to face the facts.

  1. Don’t deny this fact: YOU ARE BEING JUDGED EVERY SECOND OF THE DAY BY PEOPLE WHO ARE IN A POSITION TO HIRE AND FIRE YOU.
  2. Don’t do that! Learn from other people’s mistakes. When you see someone get in trouble, fired or arrested, DON’T DO THAT.
  3. Don’t friend people you don’t know. You have 3ooo friends? Seriously?
  4. Don’t take or allow others to photograph/video you with alcohol in your hands, drinking, smoking, doing anything illegal, scantily clad (or less) or making those stupid selfie fishy faces. You are an adult now.
  5. Don’t like, share or retweet racist, homophobic or off-color media or comments that make you look like a jerk.
  6. Don’t swear. EVER. It’s OK to say flippin’, freakin’, heck, maybe even effing, and shite. But once you start dropping F bombs, you look like an angry, uncouth juvenile delinquent. And seriously, I swear like cage match fighter—but not online. And I don’t care what your privacy settings are.
  7. Don’t log on while amorous or inebriated. Nothing good can come of that. Revenge porn anyone?
  8. Don’t ever talk about anyone in authority—your boss, coworkers, teachers, students, the president or anyone, for that matter—in a negative tone. Seriously. Unless the person is a serial killer or oppressive dictator, play nice.
  9. Don’t be so public. Lock down your settings. Most social networks have privacy settings that need to be administered at the highest level. Default settings generally leave your networks wide open to attack.
  10. As Howard Stern’s dad used to say to him: “I told you not to be stupid, you moron.”

You have been warned.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Safety Tips for Online Dating

/in /by

By Angie Picardo

According to identity theft expert Robert Siciliano, “Millions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.” When seeking friends or dates via the internet, people often tend to be overly optimistic or trusting, but it is important to remember that some people may take advantage of the your trust. Here are some tips for staying safe while making friends online.

  • Keep your personal information personal. Details about where you live and work, your phone number or email address, or details that would lead someone to you with minimal effort should not be put in an online profile or shared with someone you’ve barely started communicating with. When selecting a profile name, don’t use your first and last name. Instead, choose a nickname or other title for yourself so that potential dates don’t have the key information for looking you up and learning too much about you in advance. If you’ve started talking to someone you feel you would like to exchange personal information, consider offering a secondary email account (email addresses are free and nothing stops you from having more than one) that isn’t directly linked to you or your work.
  • Trust yourself. Use common sense and your instincts to stay away from risky situations. If you feel nervous about someone or something, don’t go; you probably feel that way for a reason. If the person is really interested in you, she or he won’t hate you for rescheduling for a later time. Another part of trusting yourself is knowing what speed feels right for you. Don’t feel obligated to go somewhere private or unfamiliar just because the other person wants to. Again, you know yourself best and you have enough life experience to know when something could end badly: listen to yourself.
  • Meet new people in public. It seems obvious, but you shouldn’t bring total strangers back to your house (nor should you go to theirs). When scheduling a first meeting, plan to go somewhere public where a lot of people will be milling around. A park, restaurant, or museum can be great areas for public first dates not only because they are public, but because they are places where you can actually talk to your date and get to know him or her in person. When you have a first date with someone, make sure that you are in control of your own transportation situation by driving yourself, taking a trusted form of transit, or arranging a ride with a good friend. Don’t rely on your date to take you somewhere. Getting in a car with someone you barely know is not a great idea!
  • Tell somewhere where you are going. In case the worst does happen (it probably won’t, but it never hurts to be prepared), make sure someone knows where you are going and when you expect to be back. Let a good friend know that you are going on a date with someone new and agree to check in with them by a certain time so that they know you are okay. You might also set up a pick up spot in case you need your friend to pick you up if you need to bail on your date for any reason.

Online dating isn’t all about being cynical and mistrusting, of course, but taking precautions when meeting someone new will make it all the better when you meet someone who you want to get to know better. Anyone who is worth getting to know will be empathetic to your safety concerns and willing to work with you within your comfort zone.

Angie Picardo is a writer for NerdWallet, a personal finance website dedicated to helping you protect and save your money whether in online dating or finding the best options for LAX parking

Take Privacy Seriously When Transferring Money Overseas

/in /by

According to a study done by the World Bank, money sent home by expatriates last year totaled a staggering £335 billion (about $509 billion) – or three times the amount of global aid budgets. It’s common for workers all over the world to supplement the incomes of their families back home, but the current amount and frequency has also given rise to transfer fraud.

The most common methods are notifications of fake awards, a bogus money inheritance or requests for bank account information (there are countless – often imaginative – stories that fraudsters use to extract this data).

For example, an individual dressed as a policeman may approach you, saying that a relative or friend of yours has been in an accident and then request that you send money immediately for his or her hospital fees. Another example is an email request for proof of funds to make reservations for your holiday accommodation overseas. Thousands of people fall for these scams every year; use these tips to avoid falling foul of wire transfer fraud.

Secure your online banking
Obviously, the easiest way to avoid a scam is to verify the identity of the recipient. If you trade in different countries and pay suppliers all over the world, however, it can be difficult to verify every single party before transactions can be made. One way to secure payments is to work with a bank that’s linked with your home branch and which provides secure online banking. Remember that your bank will never ask you to verify your details via email.

A healthy dose of skepticism
Some of the best-known scams are those that claim you’ve won a prize in a foreign lottery and that you need to send over your bank details to receive it. Similar are the “Nigerian Prince” or “419” scams that offer non-existent rare pets, unclaimed properties – even romance – in exchange for your details and payments. Apply common sense when someone you don’t know contacts you – especially if you haven’t played the lottery in Nigeria recently.

It’s too good to be true
Another common type of financial scam is an offer to sell something at an incredibly attractive price through classified ads. The recipient will accept your money but you won’t receive the item in return. Remember that if an item seems too good to be true, it probably is.

Every day, scam artists are thinking up sneakier ways of scamming you out of your hard-earned cash, but they require a certain amount of trust from you to make a sale or obtain information. As long you remain skeptical and aware that these scams exist, you can avoid most of the common pitfalls. Keep up to date with the latest scams to ensure you don’t fall victim to wire fraud.

If you think you have been a victim of fraud or want to learn more about digital life, you can read more information here.

Highschooler Opens Bogus Twitter Account In School Directors Name

/in /by

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, Linkedin and others have morphed into much more than just recreational websites, it’s not just unacceptable, it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of stupid 18 year olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Enacted Maryland Child Identity Lock Bill, is Useless

/in /by

This week the Maryland Child Identity Lock bill, went into effect. CBS Baltimore reports “Maryland State Delegate Craig Zucker is behind a new state law that just went into effect designed to protect a child from identity theft. “It will be the first time parents or guardians can proactively contact any of the three credit agencies and freeze their child or dependent information to protect against identity theft,” Zucker said. By freezing a child’s credit, crooks are out of luck.

Not quite Craig, but A for effort.  I mean that, and I hope you follow through and finish what you started.

The Huffington Post reported back in April “Under current Maryland law, credit agencies must place a security freeze on the credit of anyone who requests it. However, they can refuse to lock the credit of those who do not have a pre-existing credit report. That’s a problem for children. If they have a credit report, it likely means they’re already a victim of fraud.” Which is kind of exactly where we are today. Not much has changed.

Unless all 3 bureaus offer a proactive credit freeze then the bill fails, and it fails further if ALL children can’t get one, not just Maryland kids.

I contacted all 3 credit bureaus and only Experian offers a credit freeze for children and only if your child is a victim,  no matter what state you live in.  First go to Experians Credit Freeze Center then click “Add A Security Freeze” then Continue then “Place a Security Freeze on a Minor’s Credit File”

As of this writing, a phone call to Equifax at 1-800-603-9430 (a phone number only available by initiating a chat session) reveals the customer service agents have no knowledge of the Maryland Child Identity Lock bill, and will only freeze credit if the child is currently a victim of identity theft. Once a credit report is generated for a minor the damage is done and then a credit report can be frozen.

Transunion was a little more helpful in that they offer what they call a “Minor Supression” by going online seeking out “child identity theft” then calling 800-680-7289. The operator will then open a case and forward you to the fraud department. You should make sure to get a “Minor Supression File#” on each child and then send in the required documentation to the address they provide. But no credit freeze.

Being in the trenches and working with child identity theft victims I can tell you first hand that child identity theft is extremely damaging to a childs future. Most kids who are victimized have a hard time getting started as adults at the age of 18, when their credit makes them look like deadbeats. Their reputation is already damaged and getting credit, getting into schools or getting a job becomes 100 times harder than it already is.

The credit bureaus are in the best position to prevent child identity theft by simply tweaking their systems to allow a credit freeze BEFORE THE CHILD IS A VICTIM OF IDENTITY THEFT.

Us parents aren’t asking a lot. We just want to do our jobs and protect our children from what harm can come to our kids.

Robert Siciliano is personal security and identity theft expert and speaker. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Classified Ad Scams Target Pet Lovers

/in , /by

Classified Ad Scams Target Pet Lovers

I love my dog, 60lb German Shepherd. Small for a shepherd, but she was the runt. I’ve always rooted for the underdog. The underdog has more heart, more passion and often tries harder.

Anyway people love their pets, which is why it’s a multi-billion dollar a year business. Scammers know this too and they prey upon classified ad users who are seeking their next pet.

This story caught my eye, “A warning for internet users: an online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet.”

An ad was posted to a local online classifieds website by a man who claimed he was living in Florida. The seller said he had recently moved to Miami, and couldn’t keep his dog due to his new living conditions. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.

The couple sent a delivery service $220 by way of Western Union. The delivery service told the family to send another $820 or risk losing the dog. That’s when the couple realized they’d been scammed. They told the person on the other end of the phone the deal was off. But the caller kept calling, becoming more aggressive each time.

“He kept calling me saying the dogs here,” said the victim. “Making me feel like this poor dog is sitting somewhere unattended.” When the caller realized the couple wasn’t sending the extra $820 he threatened to turn them into authorities and charge them with animal abandonment. Officials determined the entire thing was a scam.

Scammers will say and do anything to get a person to part with their money. At first they had a sob story that sounded like a legitimate issue, new housing that wouldn’t allow a pet. When posted as a classified ad, it looks legitimate. Then they involved a “shipping company” that was a front for the scam. Once the victims were asked to send a money transfer, this should have been a red-flag.

It’s usually best to do business like this locally.

Never automatically trust anyone over the phone or via the internet.

Unless the business is one that is well established online, don’t ever send money that you can’t get back.

Many classified sites stop fraudulent ads from being published in the first place by incorporating device-based intelligence that helps them assess risk upfront. Fraud prevention technology offered by iovation Inc. not only helps these sites identify repeat offenders coming in under multiple fake identities, but they also detect when scammers are attempting to place multiple fraudulent ads using a variety of computers, tablets and smartphones to do so.  This greatly helps rid these sites of undesirables and protect their valued members.

Fraud analysts review thousands of transactions per month on auction sites. They watch for emerging schemes such as the popular “advanced fee schemes” where bad actors posing as sellers require down payments to be wired to them, and “text message fraud” where the legitimate sellers receive text messages that starts the process of being scammed.

Online businesses can see what kind of fraud records are associated with a device touching their website before accepting a new account registration, by tapping into iovation’s cybercrime intelligence network with over 10 million fraud events and more than 1 billion devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesidentity theft  in front of the National Speakers Association. (Disclosures)

Are Your Mobile Apps Up To No Good?

/in /by

Most of us have heard the saying “It’s 2am, what are your kids doing?” and you may know, but do you know what your mobile apps are doing? I know before I started working in the industry, I would not have given a second thought to this, but consider this.

Why would an app designed to monitor your mobile’s battery need to know your location via your GPS? How come some gaming applications ask users for their phone numbers? Mobile applications, especially free ones, require some level of your personal data in order to supplement development costs. This means “free” isn’t exactly free.

Unsurprisingly 97% of users don’t understand how permissions correspond to the risk of an app. The consequences of not knowing is once you share your personal data, it now can be use and sometimes abused and is out of your control forever. Check out this infographic…

 

If it’s digital then that means it’s also “repeatable” and can be copied, pasted, duplicated and sent an infinite amount of times. For example 18.3 million US adult Smartphone owners have looked up medical information.  32.5 million US adult Smartphone owners access banking information. Using applications that don’t care much about your privacy can expose this data.

Android applications can ask for 124 types of permissions and with these permissions someone can turn on your camera, monitor or modify or even kill outgoing calls, record images of your screen while you enter personal information, monitor and view texts or pictures and even scarier capture conversations in the room when no call is active!!

What’s troubling is 33% of apps ask for more permissions than they need, 42% of users don’t know what these permissions are and 83% of users don’t pay attention to permissions when installing an app. This all adds up to needing to know what your apps are doing.

To help you protect your privacy and identity when using apps you should:

Research apps by checking their ratings and reviews before you download

Only download apps from reputable apps stores

Read the Terms of Service (TOS) to determine what data the app is going to access on your mobile device.

Use comprehensive  mobile security app with app privacy features, such as McAfee Mobile Security, that will provide insight into the activity and safety of your apps

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)