Posts

Celebrities Are Lures For Scammers

“Just Google it.” You’ve probably heard this phrase a thousand times before, and for good reason—search is one of the top activities we do online[1]. But while you are searching online for information and content, keep in mind that scammers are also searching for victims.

Scammers have been very productive in creating fake or infected websites, which are designed to do harm to your computer, your finances or your identity. The bait that lures us to these infected websites may be the latest Twitter trend, a breaking news story, a significant world event, downloads, and even celebrity pictures or gossip. And, the more popular the search, the more likely you are to run into dangerous results.

For the 6th year in a row, McAfee researched popular culture’s most famous people to reveal which ones are the riskiest to search for online. Emma Watson has taken over the #1 spot from Heidi Klum as the Most Dangerous Celebrity to search for on the Web (#riskyceleb). This year also marks the first time that the entire Top 10 list is comprised of all women. The top 10 celebrities from this year’s study with the highest percentages of risk are:

Cybercriminals often use the names of popular celebrities to tempt viewers to visit websites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of the trendy content they were expecting.

And beware of “free” things. Scammers know that this is a word that can get a lot of attention and will use this as a way to get to you. This year, when searching for “Emma Watson and ‘free’ downloads,” and “Emma Watson and hot pictures” and “Emma Watson and videos” you run the risk of running into online threats designed to steal your personal information.

Here’s some tips to help you stay safe while searching online (whether it be from your PC or mobile device):

Use common sense: if it sounds too good to be true, it probably is.

Always double-check the web address (URL) that you are going to. For example, if you are searching for Amazon.com and get a result for “Amazzon.cn”, you should know not to click.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green ratings in search results, warning you to potential risky sites before you click on them.

Use comprehensive security software to protect against the latest threats.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Preventing Slip and Fall Scams in your Business

In a down economy people are acting strangely. Desperation makes people do desperate things and insurance fraud is on the rise.

The Middletown Journal reports  “Slips and falls are one of the leading causes of injury to customers and employees, and liability awards for customers who are injured can be tens of thousands of dollars or more, according to insurers. Nationwide, about 2,168 insurance claims last year were submitted to the National Insurance Crime Bureau for referral because they were questionable, according to the organization. This was up 12 percent from 1,944 questionable claims in 2010.”

While most slip and falls are legitimate claims, slip and falls accidents are an old scam that can be lucrative for a professional scammer.

One of the most effective tools to combat slip and falls is video surveillance. Video is the single most effective teller of the truth.

Cameras are everywhere. Some people call this an invasion of privacy. I say the more cameras the better. We are on camera at most retails stores, banks, ATMs, busy intersections, highways, downtown areas and in neighborhoods. We are a video camera soaked society and it’s a good thing. It keeps the honest people honest and the bad guys in-check or in jail.

The good news for small business is cameras are now affordable than ever. Peace of mind comes from knowing there are security cameras strategically placed inside and outside your business. Best of all, with security camera systems, you can watch video from any room in the facility, on any connected TV or dedicated monitor. And when you’re on-the-go, keep an eye on your business with remote video security using any web-enabled computer, smart phone, or iPad.

*Content expressed in Security For Small Business does not represent the thoughts and opinions of ADT Security Services, Inc. unless explicitly indicated.

Scams Are a Sport This Summer

Scammers tend to follow an editorial calendar much like journalists do. For example when the holiday season is coming journalists often write about bargains to be had while scammers use the season as an opportunity to try and entice users with deals that are “too good to be true.”

This same practice is also used for high-value news items such as a natural disasters, celebrities and high-profile sporting events. Many of us are not aware of the risks and threats associated with such high-profile sporting events and the impact this could have on you, your devices and your personal data. In fact, in a recent survey done by OnePoll for McAfee, only 13% of Brits are worried about a cyber threat spoiling their enjoyment of the summer’s sporting events.

As the world descends into a sporting frenzy this summer, it can be easy to become a little sloppy about keeping your mobile devices safe and secure. However, now is the time when we need to be more cautious.

McAfee has recently identified several scams related to sports which encourage consumers to share their personal details. These can take the form of text messages, social network spam or emails offering fake tickets or lottery wins.

In order to help you keep your mobile devices protected during this summer of sport, you should:

Heed the advice of too good to be true
Be wary of phony websites, emails, texts and pop-ads offering “too good to be true” deals on tickets to sporting events, autographed merchandise, and “winning” a trip to events.

Back-up your data
Before you leave on a vacation to a major sporting event, make sure you’ve made a replica of your data from your smartphone, tablet, laptop or any other devices you’re taking with you. That way in case your device is lost or stolen, you still have all our data. Also consider deleting any personal information on the device that isn’t absolutely necessary.

Disable location services
Before posting photos on sites like Facebook, turn off GPS to avoid having your location information falling into the wrong hands.

Don’t let your apps remember your user names and passwords: Also make sure you don’t store credit card information or passwords on websites. If your smartphone or laptop is lost criminals can easily access these accounts

Be careful when using Wi-Fi networks
Avoid using public or free Wi-Fi networks when trying to access information online. Your information could easily be stolen without your knowledge and you should log in to any financial or shopping sites.

Use “safe search” technology
Make sure that install software the alerts you to risky sites that you may receive via email, texts, IMs or social networking sites. This will prevent you from going to a site that could download malicious software on your mobile device that could steal your identity and financial information.

The world’s biggest sporting event is something to be enjoyed by all and by following these tips, you can stay safe and just enjoy the event!

Robert Siciliano is an Online Security Expert to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Ode to the Nigerian Scammer

Most of us would never fall for a Nigerian email scam. The obvious “scammer grammar” and outlandish requests would tip us off, as would the supposed Nigerian origin of the message, since we’re probably familiar with the typical claims about Nigerian royalty. So you might wonder why these scammers persist in such an obvious ruse, rather than tweaking their stories to make them more believable.

According to a recent study by Microsoft researcher Cormac Herley, the Nigerian scam is designed to tip off all but the most oblivious recipients. The intended targets are people so unaware of common online scams that they must have been living in a cave without Internet access until, like, yesterday.

In Why do Nigerian Scammers Say They are from Nigeria? Herley explains, “Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.”

In other words, scammers are disqualifying the majority of potential victims in order to pinpoint the most gullible as quickly as possible. Anyone naïve enough to respond to such ridiculousness is far more likely to willingly empty their bank account.

Unfortunately for consumers, the #1 method of prevention is education—knowing when something looks too good to be true, not accepting friend connections from people you don’t know, not publishing your personally identifiable information (Teens: please stop posting photos of your freshly-printed driver’s permits and licenses on Facebook), and of course, changing passwords often and not sharing them with others. Installing anti-phishing technology on one’s computer or other device is also known to prevent many of the messages from reaching you in the first place.

On the business-side, banks, retailers, dating sites and social networks help prevent scams by identifying known scammers and spammers the moment they touch their website. By using iovation’s device identification service, ReputationManager 360, which shares the reputations of more than 975 million devices from all countries in the world, they not only know a device’s rap sheet (which could include online scam solicitations, spam, identity theft, credit card fraud and more), they know about devices related to it, and are alerted to other forms of suspicious behavior in real-time as well.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Woman Scammed of 400K

Police are warning elderly and those who have elderly parents that not all scams are done online. Some are executed using good ole’ snail mail and the telephone.

An “80-year-old woman received a letter in the mail claiming she had been awarded a large amount of money, but was required to pay fees and complete paperwork before the money would be released. According to police, the woman, without the knowledge of her children, started sending money. She started receiving notices indicating she would be awarded more money, and the scam went on for about a year. She sent about $400,000, police said.”

Scams like these are extremely easy and very lucrative for criminals. Elderly or those in your life that may be considered naïve are often the target because of their gullible nature. But other times it’s the time and culture they were raised in. There are numerous ways in which criminals pull at the heart strings of their victims to get them to open their bank accounts. Often it’s the same people who are targeted over and over again.

The most effective way to prevent these crimes from happening to all those concerned is to get better control over the release of funds from any of their financial accounts. Meaning if they have a big bank account set it up so two signatures are required for a check to be written. If the person is concerned they don’t want to be inconvenienced with every check they write then set up two accounts. One with a little money and one account with more funds effectively locked down.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Beware of Charity Scams This Holiday Season

Hackers, scammers, cons and thieves take advantage of citizens’ generosity by sending e-mails, making phone calls or even setting up shop on a street corner and try to appear to be legitimate charitable organizations. 

Do not donate cash: Anyone asking to come to your home or office and pick up cash is a scammer. Any phone calls or emails received requesting cash or to wire money transfers is a scam.

Be suspect of all emails requesting donations: I would never click on a link in an email, especially short URL’s. Always manually enter the domain name into the address bar. The best thing is to go directly to the organization’s website.

Check with the Better business Bureau: The first thing you should always do prior to making a donation to any charity is to check their credibility with the BBB. Go online to http://www.bbb.org/us/Charity-Reviews/ and search out the charity.

Give only to charities, not individuals: Any communication from someone requesting money because of their hardship is an obvious scam. But some people are saps for an emotional sob story. While you may be savvy enough not to fall for these scams, someone in your life who may be naïve could.

Consider giving to the Red Cross: The American Red Cross is the most known and credible organization on the planet for helping out those in despair. Give now and give as much as you can.

Never give out credit card numbers via an unsolicited email.

Never give out PIN or account numbers to anyone for any reason

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

Holiday Headaches Coming for Consumers

Gearing up for the holidays, consumers are getting ready to pull a Wilma Flintstone and, “Charge it!” Many don’t realize that you cannot protect your credit card number. Every time you use a credit card, you increase the chances of that card number being used fraudulently.

  1. When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen.
  2. Shop only at trusted sites. Phantom websites appear online all year round. They look legitimate, resembling well-known online retailers. But only do business those you recognize. Established online merchants are best.
  3. Unsolicited emails that request sensitive data such as credit card numbers or lead you to a too-good-to-be-true offer are most likely phishing emails. Don’t disclose your information, and don’t click unknown links.
  4. Check your credit card statements daily, if possible. Once a week is sufficient. Refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Internet crime schemes steal millions of dollars annually from victims.  If you are looking for more helpful tips, the Internet Crime Complaint Center is a great resource. Their site provides preventative measures that help you be more informed prior to making purchases on the Internet.

Holiday schemes will be in full force this year.  Charge or purchase wisely.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Identity Theft Ring Targeted Banks

In what is considered “the largest identity theft takedown in U.S. history,” 111 individuals were indicted for “stealing the personal credit information of thousands of unwitting American and European consumers and costing individuals, financial institutions and retail businesses more than $13 million in losses over a 16-month period.”

The five different identity theft and forgery rings involved in these crimes targeted banks using a variety of techniques. From inside jobs to robberies and credit card fraud, this criminal network, based in Queens, New York but with ties to Europe, Asia, Africa, and the Middle East, was organized and profitable.

The criminals’ primary focus was on credit cards. Many of the defendants are accused of using stolen credit card numbers to purchase “tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry,” not to mention staying at five-star hotels Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.”

“Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years,” explained Queens district attorney Richard Brown.

Police Commissioner Kelly commented, “These weren’t holdups at gunpoint, but the impact on victims was the same. They were robbed. We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credit cards and their vulnerability to identity theft have grown along with the Internet.”

More financial institutions could protect their clients and themselves by incorporating device identification upfront in their fraud detection processes to keep scammers out, as the recent FFIEC guidelines suggest. Oregon-based iovation Inc. offers the world’s most advanced device identification service, which is already in use at many major financial institutions offering commercial and retail banking as well as credit issuance.  The device recognition service, called ReputationManager 360, is used alongside other risk-based authentication tools for a layered defense against organized crime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Phone Scammers Have No Shortage of Targets

Scammers call as a grandchild with a bad crackly phone connection in another country on vacation hoping the victim will believe they are their grandchild who needs to get bailed out of jail. Other scammers call informing the victim they won the sweepstakes or lottery and only need them to pay by credit card or wire money to insure the winnings end up in their back account.

Sometimes the caller will say they are a lawyer from a foreign land and a long lost relative just died and left a large amount of money that desperately needs to get into the victims back account. All that needs to happen is the victim coughs up bank routing numbers and authorizes a cash transfer. And if the phone ever rings and it’s someone telling you they are selling stocks, bonds or gold or can get you a tremendous rate on your mortgage, chances are they are just another scammer trying to separate you from your money.

Amazingly, Alexander Graham Bells little invention has allowed scammers for well over 100 years to use his tool of technology to fleece unsuspecting citizens, and rob them of their personal security. Just like the internet today, people believe that the anonymous person on the other end of the communication is who they say they are.

The naïve and false belief to trust the authoritative figure who informs you that you either stand to gain or lose something based on your compliance is a tried and true method of scammers.

Really, the key to preventing phone scammer: hang up.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Searching for Hotties Leads to Hacked PCs

Five or ten years ago, it was relatively easy for scammers to trick people into opening email attachments that would launch malicious programs on victims’ PCs. Nowadays, most email providers won’t permit .exe attachments, so viruses may be saved as compressed files, or hidden behind links that appear to lead to PDFs or word documents.

Scammers have been very productive in creating spoofed or infected websites, which are designed to infect your web browser with viruses. More than three million of these websites were born in 2010 alone.

The bait that lures victims to these infected websites may be the latest Twitter trend, a breaking news story, significant world event, ringtone downloads, pornography, or celebrity pictures.

Cybercriminals often use the names of popular celebrities to tempt viewers to visit websites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of the trendy content they were expecting.Hot stuff model/television host/Seal’s wife Heidi Klum is this year’s “Most Dangerous Celebrity.” Heidi herself may be sweet as pie, but the allure of her looks has captured scammers’ attention, leading them to exploit her fame to draw in victims.

McAfee found that searching for the latest Heidi Klum pictures and downloads yields more than a 9% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware.

McAfee security experts urge consumers to surf safely by using McAfee Total Protection security software, a security suite that offers consumers antivirus, anti-spyware, identity, and firewall protection, plus a feature called SiteAdvisor, which displays red, yellow, or green web safety ratings within Internet search results pages. It also blocks risky websites, adds anti-phishing protection, and helps users surf, shop, and bank more safely.

Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert.(Disclosures)