Skimming for Dollars

A new and very dangerous method of getting your money has been devised by hackers. Known as ‘ATM Skimming’, hackers have produced a very small ‘skimming device’ which is inserted into the slot of an ATM machine in which you swipe your card. The device is designed to record all of your banking information off of the magnetic strip on your card. A very thin clear, plastic sheeting, which is capable of copying your Personal Indentification Number (PIN), is also being placed over the keypad so that these thieves now have complete access to your bank account.

The scary thing about this is that you will never even know that your banking information was just stolen. Everything will look perfectly normal to you. What’s even worse, is that technology has been developed so that this information can be sent via wi-fi or over the internet. This makes it possible for the crooks to steal the information without ever having to revisit the ATM machine. They could be in a Starbucks down the street or on the other side of the planet and be gathering you personal banking information.

Now, on the plus side, is that the financial institutions are aware of this scam, and are constantly monitoring their ATM’s. Video surveillance at ATM’s is also a somewhat efficient deterent, however these hacks are becoming more and more prevelent. Care should be especially taken when using an ATM at a convenience store, grocery store or any other location that is not a bank and are therfore less likely to be monitored as closely as an ATM at a bank.

The only real defense that you have is to be aware of this, and to constantly monitor your bank account, especially after making a transaction at an ATM. Any fraudulent activity on your account should be reported to the authorities and your financial institution as soon as they are discovered.

Browser Tabs…Friend or Foe?

I’ve written about many of the threats that we face on the internet in many of my past posts. Quite frankly, it just seems to never end. Thankfully, due to the blog-o-sphere, many of us are now aware of what to look for. Phishing, spear phishing, man in the middle, etc. are all terms that, in the very recent past, may not have been familiar to many of us. Because of this fact, many are now aware of the attacks, what to look for, and how to prevent them. As a result, the hackers are forced to come up with new and more devious methods of stealing your personal information. Well they have done it again.

In the past phishing scams have required you to click on links in a malicious email from someone pretenting to be you bank and asking for your personal information in order to fix a “problem with your account”. When you click on the link, it directs you to fake site that will look very much like your bank’s web page, and once you fill in the ‘User Name’ and ‘Password’, you have given away your personal banking log in credentials. But as I said earlier, users are becoming more and more aware of these phishing scams and the use of them is becoming less and less effective.

Tab Napping, or Tab Hijacking is fast becoming the new scourge of our browsing woes according to Aza Raskin, a security expert on Mozilla’s Firefox Web Browser Team. Extra special care is going to be needed when using our browsers, especially if you are prone to using numerous tabs at one time.

This is how it works…..

A hacker can actually detect when a tab, in your browser, has been left idle for a long period of time. By replacing that tab with a fake website that looks just like a real site, such as your banking site, they will ask you to reauthorize your credentials by entering your User Name and Password. Knowing that your bank will often do this when your account has been idle for a period of time, you don’t think anything of it and re-enter your credentials. At that point, they now have your personal banking log on information. They can then actually redirect you to your actual banking site, as you never were really logged out to begin with. Plus, the damage has already been done. By doing this, you will never even realize that you have just had your banking information stolen.

How Can I Protect Myself From Tab Napping?

Even though this is a serious problem, being aware of the signs, can make this a relatively simple thing to avoid.

First off, as always, before entering your personal credentials to any website, look at the actual Uniform Resource Locator (URL) for the page that you are on, and make sure that you are, in fact, where you think you are.

Secondly, while glancing at that URL, make sure that you are on a secure page, one that begins with https:// and not just http://. Never enter any personal information on a page that begins with only http://.

Thirdly, whenever doing any banking, instead of opening a new tab (Ctrl-t) in your browser, open a new window, (Ctrl-n) for your banking log on. This way only one tab will be open in that window, confusion will be less likely, and tab inactivity will be avoided.

Next, avoid leaving tabs open that are asking for your log in credentials. Always close log in pages to your bank, ecommerce sites, or any other site that is looking for any personal identifying information. You can always re-open these pages should you need them again.

I think that making sure you are where you think you are is the most important thing in avoiding these phishing scams. Before entering any personal information on any site, look at that URL and make sure that it is actually from the company or institution in which your are logging into. If unsure of how to do this, check out my two part post on Uniform Resource Locators by clicking HERE and HERE.

For Crying Out Loud….What Now???

Ransom-ware, we read about it in the past and are appalled at the concept. Similar to scareware, in which a crook tells you that your computer is infected and by buying their worthless software, it is now fixed. Ransom-ware, takes this one step further as some cyber-criminal downloads a Trojan Horse on your computer and voila, your computer is held hostage. You can do nothing until a ransom amount, normally in the $79 range is paid. However, now it seems that they have up’d the ante even more.

With copyright infringement cases gaining more coverage in the news, these criminals are now using the MPAA (Motion Picture Association of America), the RIAA (Recording Industry Association of America), and others to scam money from unsuspecting computer users. While innocently browsing the internet, a pop up will appear on your computer telling you that an “Anti-piracy foundation scanner” has detected some copyright infringed material on your computer. They actually will threaten you with court action. However, they do give you an option to settle to the tune of $399.85, for which they provide an itemized statement of the charges. Oh, and by the way, for your convenience they accept credit cards.

The scary thing is that you cannot get rid of this pop up (which is actually a screen saver), even shutting down your computer and rebooting will result in the pop up appearing again. And if you do shut down, another threatening message appears stating that by taking this action (shutting down) you are stating that you are not cooperating and that they recommend canceling this and agreeing to their settlement proposal (of course they do).You are basically dead in the water at this point. All in all, this is very realistic looking and an unsuspecting user is liable to fall for this scam.

Security companies are saying that the domain is operated out of the country of Moldova, a small landlocked nation near the Ukraine. The Ransom-ware is designed so as to adapt to the user’s computer. It will display messages in the languages of  Czech, Danish, Dutch, English, French, German, Italian, Portuguese, Slovak and Spanish, based on the specific settings on the infected computer. Although, any transactions made does not seem to actually be tied to an actual cash charge, the crooks are still able to collect pertinent credit card information, either to be sold, or for use in future scams.

Security Companies such as F-Secure have an online scanner that will remove this bug. You can get their online scanner by going HERE.

Knowing what to look for is the key in not getting trapped by one of these scams. Here is a listing of some general things to do in order to protect yourself from scare-ware/ransom-ware attacks:

1) Make sure all of your software is up to date. Secunia’s Personal Software Inspector (PSI) does a good job of letting you know whether all your programs, and plug-ins are up to date and secure. PSI is free for consumer use and can be found HERE.

2) Run with the lowest Rights that is possible. Meaning whenever you are not downloading anything and are just surfing the web, do not run with Administrator’s rights, but run under a “Limited” account.

3) Run in a sandbox using Sandboxie. This will keep you protected, should you accidentally click on a bad link or open a malicious web page or PDF, as nothing will be saved, and your computer will revert back to it’s original state, when you leave the ‘Sandbox”.
Sandboxie can be found HERE.

4) Turn off JavaScript. I know that by doing so will break most web pages, but the fact is, that JavaScript is very vulnerable. Using a plug-in like “No Script” is also a viable option. You will need to take the time to configure this so as not to break web pages. You can always turn JavaScript back on should it just become unbearably aggravating. But again, JavaScript is simply not safe.

5) And as always, make sure all of your anti-malware and anti-spyware software is up to date and turned on.

Stay Safe Out There!!!

We All Love Facebook…..but?

The big three…..Facebook, Twitter, and Friend Feed, places where we all go to network socially. But lately it seems that all of these venues for communicating with our friends and family, have come under scrutiny relating to security problems. All of the social networking sites have come under fire regarding privacy issues. Remember when Facebook changed it’s policy overnight and all of your photos and information were changed to a ‘Public’ status, which had to be reset. Bad move, hell, even Mark Zuckerberg had his photos become public, which were quickly changed, but what was going through their minds to change their terms, and not even have the CEO of the company aware of these changes. All this aside, as disturbing as it is, it is not the biggest threat that is being aimed at us through these social networking venues.

Account hacking is fast becoming a serious problem on the sites. Once only limited to email accounts, Spear Phishing is fast growing in popularity among the bad guys and is something that everyone should be aware of. Weak sign on credentials, from users, are making it even easier for these crooks to hack accounts and eventually gain access to places in which no one, in their right mind, would allow them. Check out my post HERE on setting up a more secure password.

Bad Guys are targeting individual accounts by hacking into their friend’s accounts. What happens, is that a bad guy gains control of someone’s Facebook account, and now has access to all of that person’s friends. They will then send a targeted message which states something to the effect of, “You Should See The Photo I Got Of You Last Night”. Of course, you think you know this person so you click on the link which will take you to a fake website, one that looks exactly like one that is very familiar to you, such as Fickr.com. Now keep in mind that this web page will look very much like a real Flickr page, and will ask you to click on a link to view this photo. When you click on this link, a message will display telling you that a new version of Adobe’s Flash Player, or a different Codec is needed in order to view this photo. Conveniently, a link is supplied so that you can get these new versions in order to make it easier for you to view this much anticipated photo. But what we don’t do, is look at the URL, to see where we really are. You are not at Fickr.com but are at a bad guy’s page. When you click on that link to get that new version of Flash or that new Codec, your computer is immediately infected with what will most likely be, a Trojan Horse. This Trojan will now open up your computer to all sorts of new infections, like Keyloggers, and Worms. This could open you up to identity theft, stolen personal data, such as credit card info, banking credentials, and possibly even Social Security Numbers, which could allow the bad guys to open up new credit card accounts in your name.

The point is that as long as you are aware of these issues, you can safely post and communicate with friends via these venues. However, it is critical, that whenever you click on a link, that you keep an eye on the URL (Uniform Resource Locator). For more information on URL’s you can check out my two part posts by clicking on Part 1 HERE, and Part 2 HERE.

Now I use Facebook, Twitter, and Friend Feed, however I like to keep my accounts buttoned down, and only communicate with friends, family, and some friends-of-friends, but that is it. I have seen accounts that are completely public, meaning anything that is posted is visible to everyone. More and more employers are turning to these venues to check on your back round. Imagine a potential employer seeing the photo of you at that party 2 years ago, lying on the floor drunk. That would definitely make me think twice about hiring you. Keep your most personal information PRIVATE.

Now even more devious than the above mentioned hacking of an account starts in exactly the same way. You get your account hacked. Well now you take your computer to work and connect to the network there. Well now the bad guys can see the same things that you can see on your work’s network. Keep in mind, that there is no way that you will know that this is happening.  So you say, well I don’t have any high clearance access to any critical information. No, you may or may not, but someone that you network with at work may, and your computer being infected may allow this worm to spread higher and higher up the chain. This has just happened recently. An occurrence, such as this, could cost you your job.

This is all the more reason to make sure that you keep information on all of your Social Networking accounts private. At the very least, you want to make sure that any that could cause embarrassment (or worse) is, without a doubt, kept private.

Enjoy this new technology, but keep yourself safe. Social Networking is enjoyable and is very useful, however always remember, that what you do and post today, may come back and haunt you years from now. Once it is public, it just never goes away.

WOT……

With Thanksgiving now behind us and the Holiday Season fast approaching, we are all looking at finding that perfect gift. Using the web, you can usually find it but can you get it at that bargain basement price. Well, unfortunately scammers know what we are looking for too. Fraudulent and malicious sites are popping up all over the internet, at this time of year, promising to ship the items you are looking for at real cheap prices. We all know about looking for TLS (Transport Layer Security), formally known as SSL (Secure Socket Layer) certificates before entering any personal information on any e-commerce site. We all know about checking URL’s to ensure that the site we are entering our personal information is, in fact, the site we intended to visit. But sometimes in the hustle and bustle that comes with the season, we forget, and get careless. Well, this is what the scammers are depending on. With phishing, scareware, browser hijacking, and malware on the rise, we could use all the help that we can get.

This is where WOT (Web Of Trust) comes into play. It is a lightweight plug-in that works in either Firefox or Internet Explorer and will alert you should you visit a known malicious site due to the “spirit of the season”. But this is not a certified authority, like VeriSign, that is a singular authority that verifies sites. WOT is made up of a large team that has checked over 25 million websites and will alert you before you click where you should not. WOT works with Google, Yahoo, and other search engines. Before you click on a search result, you will notice either a green, yellow, or red indicator as to the websites safety rating.  Green means that the site is safe, yellow indicates that caution should be taken, and red is telling you that the site you are about to enter is known as a malicious site.  WOT will also warn you should you click on a link to download software from a known malicious site. It will give you the option to over-ride the warning, but I would take the recommendation seriously.

To use WOT, download the add-on for your browser of your choice. Once it is installed, and you do a search, you will notice colored circles to the right of the search result. By hovering your mouse over the circle, a drop down window will appear showing the rating for the site in various categories including trustworthiness, vendor reliability, privacy, and child safety. Should you click on a known malicious site, a large warning will appear on your screen. Think carefully about clicking on a site in which you get this warning. You do get the option to proceed, but again, I would seriously consider against the click on the link. Sites, in which, WOT does not have sufficient information will be marked with a question mark.

Especially, during this festive season, it is imperative that we get all the help that we can in order to keep our computers malware free. But more importantly, it is imperative to keep our personal information out of the hands of the cyber-criminals.  WOT is a great tool that is lightweight and will aid you in ensuring that you do not click on something that could harm either yourself or your computer. This is not fool proof, and should be used along with your best weapon…..common sense!!!!

To view a video about the Web Of Trust, click HERE…

To download the Web Of Trust, click HERE…..

Just another tool to help keep you safe.

Happy Holidays!!!

It Is Only Getting Worse!!!!

Scareware, I have talked about it before.  You are warned that your computer is infected with a myriad of infections and that for $49.95, this miraculous software will fix all of these problems.  The site looks legitimate so you decide to download the software and fix this, seemingly, serious problem. However, what appears to be a problem is really a scam, you pay the money and what makes a bad situation worse, is that by downloading this software, that is supposed to fix all of your problems, you are actually downloading malware.  So you basically just paid a scammer to infect an otherwise healthy computer.  Well, just when you think that this could not get any worse……it does!!!  Panda Security has just found a new and nastier way in which the bad guys are taking advantage of innocent users.  This new technique is more invasive and can be more costly than anything that has been seen in the past.  Known as “Total Security 2009”, this new scam not only wants you to purchase their software, but will take your computer hostage in order to get it.  By clicking on their warning, software is installed on your computer which makes your file system useless.  Meaning that you cannot do anything, nothing will work on your computer, except you browser.  You have two choices at this point, either pay them the ransom, which by the way has increased, from the $49.95 to around $79.95, or reformat your drive and reinstall Windows.  So we pay the ransom.  This is a bad idea, as not only have you wasted your money, but the malware is still on your computer.  Yeah, you can now scan with a legitimate anti-malware software now and hopefully clean your computer, but I would not put a lot of hope in that.

Luis Corrons, the Technical Director of PandaLabs states that “Users are often infected unknowingly, in most cases, through visiting hacked websites, and once a computer is infected it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge. Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake antivirus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake antivirus”.

So you see, this is a serious new threat to users everywhere.  This new threat is probably being implemented by scammers as users have become more aware of the previous threats and thus make them less effective.  This is just another example of how the scammers are staying one step ahead of the providers of malware protection.  Panda Security has a real nice overview of this new threat.  You can find it HERE and get the serial numbers at Panda’s Blog Site  HERE.

Keep this in mind when web surfing and checking emails.  As always, never click on links in emails, unless you are sure they are safe, and never open any media files (movies, photos, audio) from sites that you are not 100% sure are secure.  Also make sure that the site you are searching for is, in fact, the site that you are going to.  Always check the URL to make sure you are pointed at the site that you are really looking for.

Here is an article entitled “The Business of Rogueware” written by Sean-Paul Correll and Luis Corrons from Panda Security. (download the PDF)

By doing these things, it may prevent you from being held ransom from some hacker who just wants your money.  Ransom-ware is fast becoming a serious threat to regular users and not just large organizations and corporations anymore.

What are your thoughts…..Leave a comment!!!!

Fan Check Virus….Fact or Fiction

Within the past week, my Facebook account has been seeing a lot of posts warning people of the dreaded Fan Check virus.  But is this really a true virus?  Well after a bit of investigation, it turns out that according to security experts at Sophos, the dreaded Fan Check virus is, in fact, not a virus at all.  It will not download any malicious software to your computer or turn your computer into a Zombie and become part of a Botnet.  However, that does not mean that this bit of software is completely benign and can be used without fear.  Although it is not a virus, it is an incredibly poorly written application that can cause chaos on your Facebook page.  Your Wall could become all jumbled and be unusable as well as other problems to your account.  But again, this is not a malicious software, aka virus. But don’t fear as, as of the date of this post, Facebook has taken Fan Check down and is investigating.

The fact that it could cause unwanted things to occur on your Facebook page is not the real ominous evil behind this application.  Because of the increased chat regarding this subject on the internet, it has opened the eyes of scammers and as a result, malicious sites are popping up all over the place.  By doing a Google, Yahoo, or Bing search for “Facebook Fan Check”, you will receive a large number of hits regarding this subject. But do NOT click on these returns. Why? Because a large number of these pages that are returned from the search, point you to malicious websites.  Scareware is the primary concern and danger.  Clicking on one of these sites will cause a pop-up to occur, which states that your computer is infested with viruses and that you should download their software to clean your computer. THIS IS A SCAM!!!  You are not downloading a virus scanning software, but instead, you are downloading malware, specifically, a Trojan Horse.  This will now open your computer for all kinds of annoying pop-ups, or even worse, other Trojan Horses, spyware, and worms to get into your system.  So stay away from the temptation of searching for “Facebook Fan Check”, as it could spell the beginning of the end of your computer happiness.

HERE is what Snopes.com has to say about it……

Are You Kidding Me??!!

On line shopping…..we all do it, and we all agree that it is safe.  SSL encryption keeps our transactions safe……right?? Well, not if the companies we are purchasing from are doing something that is, let’s say, not in our best interest.  OK, you are looking to purchase something and you go to a trusted site like Buy.com, Orbitz.com, Fandango.com or any other from a list of hundreds of other sites.  Voila, you find what you are looking for and at a bargain price.  Great!!  You then add it to your shopping cart and proceed to check out.  During the process, though,  you are presented with an add which is offering, among other things, a coupon.  Along with a bunch of legal jargon, there really is nothing else there, except a field asking for your email address, so you think “what’s the harm?, I’ll just give them my junk email address, plus I just want to purchase this item.”  Now there is an option on this add to opt out but it is not very obvious, so being in a rush, you just enter your email address, and proceed.  The checkout goes flawlessly from there and you receive your object a week later at the bargain price.  You made a great deal.  Well a few months now go by, and one night (while bored), you decide to check your bank statements and to your bewilderment, you notice a monthly charge of $12 on your statement that you have no idea what it is for.

Well, when you made that purchase and filled in your email address, you gave the web site (Buy.com, Orbitz.com, etc) permission to give your personal information, including your credit card info to a post transaction marketing company such as WebLoyalty.com, Vertrue.com or Affinion.com to mention a few.  These are companies in which e-commerce sights PAY to watch what you are clicking on when visiting their sights and feeding the information back to them and if you have an account with them, which you now do, you will receive offers from this company, such as deals and coupons.  This is done without your knowledge.  Now, in all fairness, when you were on the advertisement pop up when checking out, if you had read all the legal jargon, you would have seen that, by filling in your email address, you gave them the permission to make this charge to your credit card.  My problem with this, is that the opting out option was obscure, at best. Plus who reads all that stuff anyway.  It may not be a bad idea to start, at least, glancing at the legal jargon. This is a direct quote from Buy.com’s Privacy Policy…….

“We may also share your personally identifiable information with third parties who provide services to us, our customers and web site visitors. Those third parties include authorized contractors, temporary employees and consultants and other companies working with us (collectively, “agents”). Where we believe it to be appropriate (in our sole discretion), we will ask our agents not to disclose or use your personal information for purposes other than to provide services to you or Buy.com.”

These statement are similar on all the other major e-commerce sights.  Basically, this $12 charge is legit and there is nothing you can do about.  However, according to CNET (who originally posted a comprehensive story on the internet), the U.S. Senate Commerce Committee has taken this seriously and is now taking what started as a “preliminary inquiry” into these companies (WebLoyalty, Vertrue, Affinion, etc), and has now turned it into a “full blown” investigation. In my opinion, this is a scam.

I took the liberty of checking two of these companies out with the Better Business Bureau and there scores where not good.  To see WebLoyalty’s score, click HERE……To see Vertrue’s score, click HERE.  It is not good.

Bottom Line……although these e-commerce sights are very handy, and the prices may be very good, it is always a good idea to check out what is stated in their EULA’s (End User’s License Agreement), and their Privacy Policy’s.  As boring as it may be, I always (well, maybe not always) read them and have even found some startling things from some sights, like loading malware, specifically spyware, onto your computer.  Caution needs to be taken.  And most importantly, always take your time when checking out, making sure that all your i’s are dotted and t’s are crossed.  Do not offer any additional information to an add, and if you get yourself stuck then back out of the transaction completely.

This is a serious problem and hopefully this will be stopped.  Use Caution!!!

Your thoughts??