Posts

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at https://www.Coach.com for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //www.C0ach.com, or //www.coachpurse.com.  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is www.C0ach.com legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like SiteJabber.com, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

10 Ways to Prevent Holiday Shopping Scams

The winter holidays: a time for festivities and … fraud-tivities.

Gift Card Grab

Never, ever enter your credit card or other sensitive information to claim a gift card that comes via email.

Never Buy Over Public WiFi

Shopping over public WiFi means your credit card, bank account or login data could get picked up by a cyber thief. Use a VPN.

Coupon Cautious

If a coupon deal seems too good to be true, then assume it is. End of story. Next.

Password Housekeeping

  • Change the passwords for all your sensitive accounts.
  • No two passwords should be the same.
  • Passwords should be a random salad of upper and lower case letters, numbers and symbols – at least 12 total.
  • A password manager can ease the hassle.

Two Step Verification

  • A login attempt will send a one-time numerical code to the user’s phone.
  • The user must type that code into the account login field to gain access.
  • Prevents unauthorized logins unless the unauthorized user has your phone AND login credentials.

Think Before You Click

  • Never click links that arrive in your in-box that supposedly linking to a reputable retailer’s site announcing a fantastic sale.
  • Kohl’s, Macy’s, Walmart and other giant retailers don’t do this. And if they do, ignore them.
  • So who does this? Scammers. They hope you’ll click the link because it’ll download a virus.
  • The other tactic is that the link will take you to a mock spoofed site of the retailer, lure you into making a purchase, and then a thief will steal your credit card data.

Bank and Credit Card Security

  • Find out what kind of security measures your bank has and then use them such as caps on charges or push notifications.
  • Consider using a virtual credit card number that allows a one-time purchase. It temporarily replaces your actual credit card number and is worthless to a thief.

Job Scams

Forget the online ad that promises $50/hour or $100 for completing a survey. If you really need money then get a real job.

Monthly Self-Exam

For financial health: Every month review all your financial statements to see if there is any suspicious activity. Even an unknown charge for $1.89 is suspicious, because sometimes, crooks make tiny purchases to gage the account holder’s suspicion index. Report these immediately.

Https vs. http

  • The “s” at the end means the site is secure.
  • Do all your shopping off of https sites.
  • In line with this, update your browser as well.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Google Alert Scams

If you want to know the latest on “any topic”, just sign up for Google Alerts. Google will e-mail you notifications of new information coming online. I have Google Alerts for “Home Invasion” “Identity Theft” “Burglary” “Computer Security” and many more.

So what could be so harmful about receiving alerts about topics or people who are famous for being famous or your favorite presidential candidate?

  • A scamster creates a website and inserts popular search terms such as “Kate Middleton” or “Donald Trump.”
  • If you signed up for Donald Trump, you’ll not only receive legitimate alerts from Google, but also links originating from the scammer’s site. You won’t know which is which.
  • These fraudsters have figured out a way to circumvent Google’s security.
  • Clicking on these links could download malware into your computer.

In another example Intel Security’s McAfee does the “Most Dangerous Celebrity” survey based on malicious search results. They then determine which searched celebrity sites produce the most malware.

What can you do?

  • A tell-tale clue of a scam is that when you hover over the link inside your e-mail, the URL doesn’t correlate to the alleged source of the news. If it doesn’t match up, skip it. A scammer’s URL isn’t going to have what appears to be a legitimate news outlet address.
  • Narrow your search down. So if you want the latest in Trump’s polls, type “Donald Trump polls” in the Google Alert field. Otherwise, just leaving it as “Donald Trump” will not only flood your in-box, but it will be much more likely that some of those “alerts” will be fraudulent.
  • Another way to narrow the parameters is to set the alerts for “news,” “blogs,” “best results” and “United States.”
  • Be very suspicious of URLs that do not end in a dot-com, net, org or other familiar suffix. Often, scammy URLs come from foreign countries where the suffix is different, such as “fr” for France or .ru for Russia or .cn for China.
  • If a link appears to be fraudulent, report it to Google.com/alerts.

If you’re signed up for Google Alerts for numerous topics, consider cancelling some of these, especially if it’s a hot topic that makes headlines nearly every day, such as the presidential race—which you’re bound to see anyway simply by visiting a reputable news site.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Beware of the CEO E-mail Scam

Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.

emailThe hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.

The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.

Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.

This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:

  • Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
  • Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.

Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.

Next, the victim should file a complaint with the IC3.

How can businesses protect themselves from these scam e-mails?

  • Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
  • Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Security Appreciation lacking

What’s it gonna take for companies to crack down on their cybersecurity? What’s holding them back? Why do we keep hearing about one company data breach after another?

1SWell, there’s just not enough IT talent going around. The irony is that most company higher-ups admit that cybersecurity is very important and can even name specific situations that could compromise security, such as

having multiple vendors vs. only a single vendor; not having quality-level encryption in place; allowing employees to bring their own mobile devices to work and use them there for business; and having employees use cloud services for business.

Many even admit that they lack confidence in preventing a sophisticated malware onslaught and are worried about spear phishing attacks.

So as you can see, the understanding is out there, but then it kind of fizzles after that point: Businesses are not investing enough in beefing up their cybersecurity structure.

Let’s first begin with signs that a computer has been infected with malware:

  • It runs ridiculously slow.
  • Messages being sent from your e-mail—behind your back by some unknown entity.
  • Programs opening and closing on their own.

What can businesses (and people at home or traveling) do to enhance cybersecurity?

  • Regularly back up all data.
  • All devices should have security software and a firewall, and these should be regularly updated.
  • Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first—by phone—to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information.
  • Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait. Find out why they bit and retrain them.
  • Never open e-mails with subject lines telling you an account has been suspended; that you won a prize; inherited money; your shipment failed; you owe the IRS; etc. Scammers use dramatic subject lines to get people to open these e-mails and then click on malicious links or open attachments that download viruses.
  • Install a virtual private network before you use public Wi-Fi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Online Shopping and Counterfeit Goods – The Facts Don’t Lie

As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.

9DWhen you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.

Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:

People are Exposed to Online Counterfeit Goods All of the Time

With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.

In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.

This is a Global Issue

Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.

Attitudes Towards Buying Counterfeit Goods

One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.

As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.

Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:

  1. Check the URL: In a practice known as “typosquatting” fraudulent sites will often be under a misspelled brandname.com, attempting to trick consumers into thinking they are on a reputable website.
  2. Check the Price: Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.
  3. Check the “About” and the “FAQs” pages: Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.
  4. Check for reviews: Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Ensure Safe and Secure Online Shopping this Holiday Season

So, who’s on your holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on your holiday gift list! Here’s how to keep these cyber thieves out of your pocket:

  • Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.
  • If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they very recently purchased from.
  • When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.
  • Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the ransom.
  • Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.
  • Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.
  • Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.
  • Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Infrastructures under attack

It’s been stated more than once that WWIII will most likely be cyber-based, such as dismantling a country’s entire infrastructure via cyber weapons. And don’t think for a moment this doesn’t mean murdering people.

4DA report at bits.blogs.nytimes.com notes that foreign hackers have cracked into the U.S. Department of Energy’s networks 150 times; they’ve stolen blueprints and source code to our power grid as well. Some say they have the capability to shut down the U.S.

The bits.blogs.nytimes.com article goes on to say that cyber warfare could result in death by the masses, e.g., water supply contamination of major cities, crashing airplanes by hacking into air traffic control systems, and derailing passenger trains. So it’s no longer who has the most nuclear missiles.

The list of successful hacks is endless, including that of a thousand energy companies in North America and Europe and numerous gas pipeline companies. The U.S.’s biggest threats come from Russia and China.

So why haven’t they shut down our grid and blown up furnaces at hundreds of energy companies? Maybe because they don’t have the ability just yet or maybe because they don’t want to awaken a sleeping giant. To put it less ominously, they don’t want to rock the boat of diplomatic and business relations with the U.S.

Well then, what about other nations who hate the U.S. so much that there’s no boat to be rocked in the first place? The skills to pull off a power grid deactivation or air traffic control infiltration by enemies such as Iran or Islamic militants are several years off.

On the other hand, such enemies don’t have much to lose by attacking, and this is worrisome. It is these groups we must worry about. They’re behind alright, but they’re trying hard to catch up to Russia and China. For now, we can breathe easy, but there’s enough going on to get the attention of Homeland Security and other government entities.

Recent attacks show that these bad guys in foreign lands are getting better at causing mayhem. At the same time, the U.S.’s cyber security isn’t anything to brag about, being that very recently, some white hat hackers had tested out the defenses of the Snohomish County Public Utility District in Washington State. They infiltrated it within 22 minutes.

Another weak point in our defenses is the component of pinning down the source of major hacking incidents. So if WWIII becomes real, the U.S. won’t necessarily know where the attack came from.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to avoid Online Fundraising Scams

You’ve probably heard of the gofundme.com site, where all sorts of stories are posted of people seeking donations. Some are tragic, others are trite. You may be touched by a particular story, perhaps one in which an entire family is killed in a house fire.

9DYou click the “Donate Now” button and donate $50. So just how do you know that family who died in the fire really existed?

Gofundme.com and similar sites are loaded with “campaigns,” just tons of them. Think of the logistics involved if these sites hired people to verify every campaign. This would require enormous amounts of time and a lot of people and expense.

People don’t think. They just assume every campaign is for real. Do you realize how easy it is to start a campaign? Gofundme.com, for instance, only requires that you have a Facebook account with a valid-looking profile picture of the campaign starter, and at least 10 Facebook friends (last I checked, anyways).

  • Who at Gofundme.com and similar sites verifies that the profile picture is that of the campaign starter?
  • Who at these sites verifies that the “friends” are legitimate, vs. all phony accounts or “friends” purchased from seedy overseas companies that create fake profiles?
  • Even if the avatar and friends are for real, how do these crowdfunding sites confirm the authenticity of the campaigns?

It’s all based on the honor system. You take their word for it, though some campaigns are high profile cases. People have given money to fake campaigns. How can you prevent getting conned?

  • Check the news to see if the campaign story really happened. But a house fire in a small town doesn’t always hit the Internet. Nor is it newsworthy that some housewife is trying to raise money to buy her disabled son a set of golf clubs. So stay with campaign stories that you know have occurred.
  • But again, a scammer could take a real story, pretend to know a victim and scam donators. So see if there’s a legitimate pathway to donate to the real people involved in the story, such as through their local police department.
  • Stick to reputable charity sites. Offline, never give money solicited over the phone.
  • Be leery of charity solicitations for very high profile cases, as these attract scammers.
  • If donations are solicited by snail mail, check the Better Business Bureau. Any scammer could create a legitimate sounding name: “American Association for Autistic Children.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Beware of these 10 Nasty Scams

Let’s look at the top 10 scams (random order).

9DCharity

  • A fraudster claims to represent a charitable organization.
  • Such scams can operate ring-style, such as one out in Colorado some years ago in which women wearing crisp white dresses that resembled the dresses nurses used to wear, and also wearing white caps (like a nurse), solicited motorists for money by walking around at stoplights holding out tin cans that had a label on them like “Help Fight Drugs.” Many people were fooled by the white outfits and labeled cans.
  • Check out the legitimacy of the organization at bbb.org or charitynavigator.org.

E-mail

  • You receive an e-mail that seems to be from a legitimate company, like your bank, the IRS, UPS, etc. In the message is a link that you click. You just downloaded a virus.
  • Never click links inside e-mails. Contact the company by phone.

Cell Phone

  • Your cell phone rings once. You don’t recognize the number. You call back. You then get charged about $20. Whatever happens after a connection is made, you’ll also be charged a high fee per minute.
  • Ignore one-ring calls. If it’s important they’ll call back.

Credit Card Fraud

  • Ever see a tiny charge on your credit card but have no idea what it was for? It’s probably by a crook.
  • Always report even the smallest charges if they’re unfamiliar.

Sob Story

  • You get an e-mail that seems to be from someone you know. They’re overseas, got mugged, sob sob…and need you to wire them money.
  • Don’t send them a penny; it’s a scam.

Sweepstakes and Lottery

  • “You’ve Won!” shouts your new e-mail. So you click the link in the e-mail to claim your prize—which is a nice fat virus that infects your computer.
  • Run like the wind if the message tells you that you need to pay a fee to claim your winnings.

Jury Duty

  • Your phone rings. You answer. The caller tells you that you’ll be subject to fines because you didn’t show up for jury duty. But relax, you can avoid the fines by providing personal information or paying a fee.
  • Courts have better things to do than to call people who missed jury duty (do you realize how many calls that would be?!).
  • Though failing to report for jury duty does have consequences, the action is never initiated via phone.

Computer Lockout

  • You turn on your computer and see a message stating the device is locked.
  • To unlock it, you’re told to provide sensitive information.
  • Contact your security software provider or a local geek.

WiFi Hacking

  • You connect to free WiFi thinking your secure. But waiting in the wings is a hacker to sniff out your data.
  • Always use a VPN such as Hotspot Shield to encrypt your data over free WiFi.

Home Improvement

  • Someone appears at your door wearing a workman’s outfit and offers to do a job for a dirt cheap fee. They want the money upfront and will return later to do the work, or some variant of this.
  • Stick with bonded, insured, reputable companies. Refer to Angie’s List or the BBB.

Health Care

  • Someone calls you offering to help you sign up for health care.
  • Hang up; it’s a crook because government officials don’t do this.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.