Posts

5 Mobile Internet Security Lessons

Do these things every day religiously and you will be more secure using your mobile devices:

  1. Be careful on social sites: When logging on via mobile, know that among Facebook’s billion users, thousands or hundreds of thousands of criminals are out there too and targeting its users. Hackers are creating viruses that specifically target Android users on Twitter, LinkedIn and YouTube on wired and wireless connections.
  2. Beware of keyloggers that steal online passwords and take over accounts of your friends so they can send out malicious links that will have a good chance of being clicked. Scams like these prompt you to click malicious links. Mobile versions of social sites make it easy to post content and status updates and make it especially easy to click before you think.
  3. Change up your passwords: Don’t use the same password for your accounts. If a criminal gets your Facebook password and email address, he will try it on other sites. Use different user names and passwords on your different accounts, especially on accounts where you keep personal information, credit cards, bank account data and so on. Use a mobile password manager to help yourself out.
  4. Protect yourself wirelessly: Attacks on PCs work the same on mobiles, so if you use a laptop to connect to a free WiFi or a mobile, you are equally vulnerable. Install a virtual private network such as Hotspot Shield VPN that allows you to tunnel in through a protected internet connection.
  5. Keep software up to date. Automatically update programs on every device you own, including your smartphone and tablet. Outdated operating systems, software and antivirus are useless against new attacks.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Robert’s FREE ebook text- SECURE Your@emailaddress -to 411247.

Federal Investigators Bust Credit Fraud Ring

A federal investigation dubbed “Operation Open Market” recently yielded 19 arrests in nine states, for crimes including identity theft and counterfeit credit card trafficking. The defendants allegedly participated in “Carder.su,” a Las Vegas-based transnational ring that bought and sold stolen personal and financial information and manufactured counterfeit IDs and credit and debit cards in order to commit fraud. This criminal organization has also been known to host online forums wherein members are encouraged to buy and sell counterfeit documents and stolen data.

Executive Director of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations James Dinkins commented, “The actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be understated.”

According to the Federal Financial Institutions Examination Council’s latest update, “Fraudsters use keyloggers to steal the logon ID, password, and challenge question answers of financial institution customers. This information alone or in conjunction with stolen browser cookies loaded on the fraudster’s PC may enable the fraudster to log into the customer’s account and transfer funds to accounts controlled by the fraudster, usually through wire or ACH transactions.”

The FFIEC recommends that financial institutions incorporate device identification into their layered security approach in order to thwart attacks like these, but smart financial institutions are going a step further by employing device reputation analysis approach.

iovation, an Oregon-based firm helping to fight cybercrime, offers device reputation, which builds on its complex device identification technology. It does this by offering real-time risk assessments which look at evidence of past fraud attacks, risk profiles, detects anomalies, and uncovers relationships between devices and accounts that have a history of working in collusion to stealing from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses the latest data breach on Good Morning America. (Disclosures.)

FFIEC Mandates “System Of Layered Security” to Combat Fraud

For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands.

Black hat hackers, who break into networks to steal for financial gain, are wreaking havoc on banks, retailers, online gaming websites, and social media. Black hats cost these companies and their clients billions of dollars every year. They are using stolen usernames and passwords to transfer money through wire transfers, Automated Clearing House (ACH) and through billing fraud.

The Federal Financial Institutions Examination Council (FFIEC) has repeatedly implored that come January 2012, any lagging financial institutions will be required to significantly upgrade their security protocol. Since any existing form of authentication can be compromised, the FFIEC recommends that financial institutions should institute systems of “layered security.”

Previous FFIEC recommendations discussed authentication, suggesting that the security issue takes place when a user logs in. But in fact, not all the danger occurs at login. Other website integration points are vulnerable to security issues, particularly at the point when money is transferred.

According to the FFIEC’s recent update:

“Fraudsters use keyloggers to steal the logon ID, password, and challenge question answers of financial institution customers. This information alone or in conjunction with stolen browser cookies loaded on the fraudster’s PC may enable the fraudster to log into the customer’s account and transfer funds to accounts controlled by the fraudster, usually through wire or ACH transactions.”

One of the FFIEC’s recommendations for financial institutions involves complex device identification. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments, the history of fraud on groups of devices, and their relationships with other devices and accounts which exposes fraudsters working together to steal from online businesses.

Smart financial institutions aren’t just complying with the FFIEC’s security recommendations, but are going beyond by incorporating device reputation into their layered security approach.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Most Unwanted Criminals: Phishers, Shoulder Surfers and Keyloggers

McAfee’s most unwanted criminals have included pickpockets, Trojan viruses, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. Identity theft can happen online or on the ground to anyone with a pulse, and even to the deceased.

The key is awareness, vigilance, and investing in products and services that are designed to protect you.

Tony “Big Phish” Morgan sends emails that appear to come from a trusted source, soliciting login credentials or sending recipients to spoofed websites. Either way, he wants to take over existing accounts and gain access to more data on the server or your PC. Phishing emails may look like a legitimate monthly statements or obvious Nigerian 419 scams laced with scammer grammar. Phishers have stolen over a quarter billion from victims and counting.

The first rule for protecting yourself from phishing is never click on links in emails. Use your bookmarks menu or manually type in the address of the website you’re looking for. McAfee Site Advisor software provides risk ratings for websites that come up when you do a search.

Wandering Eyes” Willie is a shoulder surfer, using his eyes, binoculars, hidden cameras, or more likely, a phone with video capabilities to peer over shoulders in Internet cafes or checkout lines, capturing account data and PINs. If you are standing in a checkout line and someone nearby seems to be looking at his phone, which happens to be a camera phone pointed in the direction of your credit or debit card, he may be shoulder surfing.

Watch out for “wandering eyes.” Cover your phone’s keypad when entering usernames or passwords. In an Internet café, choose a seat with your back to the wall.  Use complicated passwords that are harder to crack.

Francis Scott Keylogger can smoothly infect your computer and track all your online activity, recording every username and password you type. An outdated browser is more vulnerable to picking up keylogging software when surfing an infected website.

Keyloggers can hide in hardware or software, so run antivirus and anti-spyware programs to eliminate viruses, but also check the back of your PC for devices that may be piggybacking on your keyboard.

To ensure peace of mind and have a fraud resolution agent assist in identity theft restoration, —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)