Posts

Holiday Hacking is Very Risky for You and Your Family

It’s the holidays once again, and each year, people flock to the internet to do online shopping. Hackers know this, and they set themselves up to steal your data.

Every year there is a big hack, and this year will likely be no different. Here are some tips to protect yourself shopping online now and in the future:

Do Business With Trusted Sites

There are zillions of websites that look perfectly legitimate even using HTTPS in the URL. Many of these sites utilize perfect grammar, they incorporate an online “chat” feature where someone engages you immediately, and they even have a functional shopping cart. But they are in fact built specifically to scam you. You will generally stumble upon these sites in Google search when looking for a specific hard to find item.

To prevent being scammed, only pay by a credit card which you can be refunded upon learning of the scam, never wire money, or use Zelle or PayPal or Venmo etc. And search the name of the company and its URL to see if anybody else has been scammed. You might find references via the Better Business Bureau, “Scam detector” or other reputation based sites, or various forums revolving around that specific product category.

Only Use Strong Passwords

You should have a different password for every site you use. Keep in mind that this password might be the only thing stopping someone from accessing your personal information including your address, credit card information, and more. The best passwords should contain upper and lower case letters, symbols, and numbers. Also, avoid choosing anything obvious like the name of your pet, and never, ever use the same password for more than one account.

Update All Device Software

All of us are probably guilty of not updating our software when it needs to be updated. However, there is one type of software you never, ever want to skip updating: your anti-virus software. Anti-virus software helps to prevent hackers from getting access to your accounts, and make sure to update your operating system and other software on your devices.

Always Use Two-Step Verification When You Can

Many companies offer two-step verification for customers If this is available, choose it! This adds one more layer of security that a hacker has to get through, and it’s quite difficult to do because not only do they need access to your account, but also need access to your device. Most major retailers allow this, including Amazon and eBay.

Ignore Strange Looking Emails

Also, keep an eye out for strange looking emails. Many companies send holiday sales emails, for instance, and some hackers will take advantage of this. They will send an email that looks like it comes from a legitimate source, like Macy’s, but it’s actually a fake email that is coming from a weird email address and not Macys.com.

Watch Your Credit Card Statements

It is also important to watch your credit card statements, and if something looks strange, report it immediately. Consider getting notifications and alerts for any charges.

Keep Your Devices Locked

Another thing you can do is make sure all of your devices are locked. A device that is unlocked can easily expose your personal info to hackers, so keep those devices locked with a biometric option, like a finger print, or a strong password.

Don’t Use Unsafe Apps

If you are shopping from an app, make sure it’s a trusted one. You should only download apps from the Apple App Store, the Google Play Store, or Amazon App Store. Also, make sure that you are looking into what permissions you are giving these apps. For example, does an app need access to your contact list? No, it doesn’t.

When Shopping From Your Computer, Stay Safe

Even if you are shopping from a computer or mobile phone, you need to be connected to a safe and secure network. Don’t use public Wi-Fi unless you are also using a virtual private network, or a VPN.

Though it should be the responsibility of online retailers to ensure their sites are safe, but we all know that this just doesn’t always happen. So, make sure you are taking these extra steps to stop hacking.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Scrooge’s 12 Scams of the Holidays

They’re baaaack! Actually, they never left—Scrooge’s little trolls work hard all year, scheming and scamming to steal holiday presents—or at least valuable information—from good girls and boys. From the North Pole to the South Pole, they target every one of us through phishing, SMiShing (text phishing), shipping and gift card scams. If you aren’t paying attention, they will hack your devices, spy on your surfing and empty your bank account.

12-scamsThe holidays are supposed to be a fun-filled time for celebrating with family and friends, so make sure you keep the cheer in your holiday and learn about the “12 Scams of the Holidays,” the dozen most dangerous online scams to watch out for this holiday season, revealed today by McAfee.

To make sure your holidays are not stolen by the Grinch, here are some tips on how to protect yourself against scams during the holidays, and year-round:

  • Educate yourself—Keep up-to-date on the latest scams and tricks cybercriminals use, so you can learn to recognize scams and avoid potential attacks.
  • Use strong passwords— Make sure your passwords are at least eight characters long and contain a variety of upper and lower case letters, numbers and symbols.
  • Be careful when clicking—Don’t click on links in messages from people you don’t know, and use a URL expander to know what site you are going to before clicking on a shortened URL.
  • Stay suspicious—Like mom said, be wary of any offer that sounds too good to be true.
  • Practice safe surfing—When searching for holiday gifts, use a safe search plug-in such as McAfee® SiteAdvisor®.
  • Practice safe shopping—Make sure you stick to reputable e-commerce sites that have been verified as safe by a trusted third-party, like the McAfee SECURE™ mark. Also look for “https” at the beginning of a site’s URL, which indicates that the site is using encryption to protect your information.
  • Use comprehensive computer security—Make sure you have comprehensive security protection for all your devices, including your mobile phone and tablet, that also protects your data and identity protection, like McAfee LiveSafe™ service.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Feast of the 7 Phishes 2011

Every year at the Siciliano household, we have a holiday tradition based on the Italian Feast of the Seven Fishes, which is, as you probably guessed, a meal consisting entirely of fish. There’s lobster, mussels, clams, scallops, shrimp, smelt, and cod, all either fried or cooked in red sauce, spicy sauce, or white sauce. This year we’re dedicating our feast to “Miles for Miracles,” a fundraiser for Children’s Hospital Boston. I’ll be running the Boston Marathon this coming April in support of the cause.

Another of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used.

1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus.

“From: LinkedIn linkedXXX@em.linkedin.com

Temporary FDIC insurance coverage news. To obtain more information about temporary FDIC insurance coverage of transaction accounts, please refer to http://www.xxxxxx. Yours faithfully, Federal Deposit Insurance Corporation.”

2. In this phish, the sender claims to be Canadian, but the email suffix “.cn” is Chinese, and the scammer grammar is clearly East African in nature.

“From: Mrs.Martha Chery tesXXX@k.cn

Dear Beloved,

I am Mrs.Martha Chery from Canada,I am 58 years old,i am suffering from a long time cancer of my brain,from all indication my conditions is really deteriorating and it is quite obvious that i may not live for the next two months.”

3. Wow, my “email address has won.” Lucky me?

“From: payofficeXXX@aim.com

WINNING NUMBER: OL/656/020/018

OUR DEAR WINNER, THIS IS TO NOTIFY YOU THAT YOUR EMAIL ADDRESS HAS WON ONLINE LOTTO AND GAMING CORPORATION SUM OF (ONE MILLION EURO).”

4. This scammer responded to a Craigslist ad I had posted. Apparently I “sounded gorgeous in the ad.” I probably did!

“From: Justina Serini justinaXXX@hotmail.com

Hi Robert, I found your posting and wanted to ask you something essential. I am in a relationship and caught my partner cheating on me so I decided to get even! My co-worker said Craigslist list would be the best place to find someone nearby who I can be with for one time only so thought the hell, I would email someone I thought sounded gorgeous in the ad and came across yours!”

5. In this phish, I’m being scammed in Hebrew!

“החינמון!!! info@free2XXX.co.il

יכול לחסוך לעצמו עשרות או מאות אלפי שקלים – ובקלות! גם אם לקחתם משכנתה והשגתם את התנאים הטובים ביותר,”

6. Oh, wow, the United Nations is contacting me directly. How exciting!

“From: UNITED NATIONS bankimoonXXX@yahoo.com

Attn: Beneficiary, This is to inform you that the International Community has received series Complaints from Beneficiaries who are yet to receive their outstanding Contract/Inheritance Funds.”

7. Download this report, and you’re as doomed as a boiled lobster.

“From: Jerry Bush benoit.metzger@XXXueamachine.com

This report applies to the ACH transfer (ID: 963623905410) that was recently sent from your banking account. The current status of the referred transfer is: failed due to the technical error. Please find the detailed information in the report below.”

Hey, that reminds me, I have fish to fry!

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses phishing on Fox Business Disclosures

4 Tips to Prevent Auction Holiday Fraud

Auction fraud refers to fraudulent transactions that take place through auction and classifieds websites.  Either a product advertised may be misrepresented by the seller or the items sold are never delivered at all.

This holiday season, as you seek out hard-to-find gifts and look for the best prices, keep in mind that not everyone out there on the wild, wild web has good intentions.

Auction sites are ground zero for scammers. It’s very easy to set up a free auction page from anywhere in the world, collect people’s money, and run.

Here are four tips to keep you safe when shopping through auction websites.

  1. Use strong passwords: Use complex passwords that are hard to crack but easy to remember. Passwords should include upper and lowercase letters as well as numbers, and, if possible, other characters.
  2. Look out for phishing emails: Any email that appears to have been sent from an auction site should be considered suspect. Certainly there are legitimate communications being sent by eBay and similar sites, but none of them should require a direct email response. To confirm that a communication is legitimate, always go to the website directly via your favorites menu, log into your account normally, and check your “My Messages” folder, rather than clicking any links within the email.
  3. Secure your device: Whether you shop using a tablet, smartphone, PC, or Mac, they all need some form of antivirus protection. At the very least, the operating system should be kept up to date with all the latest security patches. Any website can potentially pose a threat. Never respond to pop-ups that claim your computer or other device has been infected and instruct you to install antivirus software. This is actually “scareware.”
  4. Buy from trusted sources: Some may not like my saying so, but buying from sellers with no track history is risky. If sellers have less than five transactions under their belt, they may be scammers. My rule of thumb is never but from anyone with fewer than ten transactions, and even then I take all their feedback into account before purchasing. If a seller has ten transactions but all those purchases are less than a dollar in value, that seller is still suspect.

Online classified and auction websites can do more to protect legitimate buyers and sellers by identifying fraudsters faster with advanced device identification.  iovation Inc.’s fraud prevention service is called ReputationManager 360 and incorporates device identification, device reputation analysis, and geolocation, velocity, and anomaly checks in its real-time risk profiling. iovation is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computers, smartphones, and tablets being used to connect to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Black Friday/Cyber Monday Scams on Mike and Juliet Show  Disclosures

6 Tips for Cyber Monday

Bad guys know perfectly well that when the online bargains begin after Thanksgiving, specifically, on the Monday after Thanksgiving, you will be providing your credit card number to retailers all over the world.

1. Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

2. Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints.

3. Don’t give out more personal data than necessary. Many retailers require your name, address, phone number, and credit card information. This is normal. But if you are asked for anything beyond that, like bank account numbers or your Social Security number, run hard and fast.

4. Vary your passwords. Often, online retailers will ask you to register with their website when you make your first purchase. Never register using the same password you’ve already used for another website. Otherwise, if one website is hacked, your password could be used to infiltrate your other accounts.

5. Use HTTPS sites. Websites that have a secure checkout process, with “https://” in the web address (as opposed to “http://”) are safer.

6. Print out and save online receipts. Keeping track of what you bought, where, and for how much can become confusing when making multiple purchases online. You need to pay close attention to your purchases in order to reconcile your credit card statements.

Smart retailers are already protecting consumers behind the scenes by implementing multiple layers of fraud protection. One very effective fraud detection technology is the use of device identification and device reputation to alert businesses to known fraudsters on their site. iovation Inc. provides this service, taking it another level to analyzing the device’s reputation by assessing risk on each transaction.

“The most reputable online sites all ramp up their security processes during the holidays,” says Molly O’Hearn, iovation’s VP of Operations & Co-founder. “This is a very good thing for online consumers because this is the time of year that your identity and credit card information is most at risk.”

Whether you are buying electronics as gifts this holiday season, or sports and entertainment tickets for friends and family, iovation is working hard in the background of these sites to keep the bad guys out so you can have a safe and fun experience.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures