Wednesday, November 23, 2011

Scammers Skim Your Data While You Eat!

Notes taken by: Theresa Payton, Fortalice, LLC. Also featured in WBTV's segment, Protecting Your Cyberturf, with Kristen Miranda and Theresa Payton

We have warned you before to watch for skimmers at the ATM or gas pumps. Those little devices criminals add on that you almost can’t see and the device silently steals your credit or debit card data. Well there’s a new twist tonight and you’ll be surprised to learn how high tech meets low tech in this latest scam.

We have talked about how sophisticated technology is becoming and it all fits in the palm of your hand. But when you go to a trusted place, like a restaurant, you expect the staff to treat your card with great care but what happens when hand held technology is placed in the hands of bad guys and unwitting wait staff? Well over 50 diners found out the hard way in New York when various locales were hit by cybercriminals. Cyber expert, Theresa Payton, describes what happened.

HOW THE SCAM WORKED:
1. Cybercriminal convinced someone on the inside to use hand held skimmers -- the devices were only 3 inches long!
2. Some wait staff claimed they were told to do this extra step and had no idea why
3. Cybercriminals collected all the information they needed via the skimmers
4. They used it to steal money from bank accounts and to make high dollar purchases by forging all the information onto duplicate forged cards


HOW TO PROTECT YOURSELF:
1. Chip and pin cards are hard to counterfeit - ask your card company if they offer this option
2. Avoid using the debit card at restaurants where you lose sight of your card
3. Ask if you can pay at the front
4. Keep your card limits low to make your card a less attractive target
5. Memorize the 3 digit number on the back of the card and then draw over it with a sharpie to make it more difficult to counterfeit your card credentials

WORD OF THE WEEK:
BUFFY: This is the code name for the alleged phone being created by Facebook. Nicknamed for Buffy the Vampire and a play on the words “Social Layer”...Slayer. The rumor says that Facebook and HTC have joined forces to develop an Android based phone. It hasn’t been confirmed yet by HTC or Facebook...stay tuned!

STEPS TO TAKE IF YOU ARE A VICTIM:
1. Contact your card company to alert them so you will not be liable for charges. Ask them to cancel and reissue you a new card with a new account number.
2. After you contact your card company, contact www.AnnualCreditReport.com to sign up for your free annual credit report. It will send it to you from all three credit bureaus.
3. Contact your local law enforcement to alert them.
4. For tips on how to protect your credit, check out tips at the Scam Busters site: http://www.scambusters.org/CreditCardFraud.html

Monday, November 21, 2011

Nothing Funny About Caller Id Faker

Notes taken by: Theresa Payton, Fortalice, LLC. Also featured in WBTV's segment, Protecting Your Cyberturf, with Kristen Miranda and Theresa Payton

Remember the old days when kids would prank call their neighbors asking questions like, “Is your refrigerator running? Well you better go catch it!” Well, those calls were annoying but harmless fun, those pranks were low tech compared to what’s out there today! We have told you before about phone spoofing, where someone can disguise the phone number they are really calling from. Sometimes this technology can be used for a harmless prank or to protect your identity but in the wrong hands, this feature can be scary.


Just when we thought we’d seen it all, companies are coming up with new technologies to not only spoof your number but to also disguise your voice. This could be funny but it could also be scary in the wrong hands. One software product, CallerIdFaker, asks you to use the product, tape the call as it happens and then share it on their website. Are you laughing yet?

They even have some calls on YouTube if you will where other users can listen to your call and rate it as “Today’s Hottest” call. Cyber Expert, Theresa Payton, is very concerned about this technology being used by abusive people and criminals to take advantage of their victims.

SECURITY WARNING:

This technology has been used to hack high profile celebrities, tricking them into talking and telling information about themselves.

We are concerned that criminals, including physical abusers and fraudsters, will use this technology as another way to dupe their victims.

If you think this is far fetched, look at the case of Zachary Daniels who was arrested by the Hernando County Sherriff’s office. According to their report, he used caller ID spoofing software, including Caller ID Faker, and made nine phone calls to harass his wife. He spoofed the calls to say he was calling as an FBI Agent or he used the persona of a Deputy of the Sherriff’s office. You can read the report at:
http://www.hernandosheriff.org/applications/pressreleases/PressReleases/20110526_Daniels-35%20Charges-FRAUD%20WARNINGS.pdf

TIPS TO STAY SAFE:
1. Watch where you post your home and mobile number.
2. Trust but verify - if a person calls you, even someone you know, pay close attention to queues that might mean they are just reading information about you online and do not really know you. Ask if you can call them back at the number displayed on your phone.
3. Talk to your kids about this feature so they cannot get tricked. Make sure you discourage using it too.

WORD FOR THE WEEK:

Qakbot: The word is pronounced “kwak-bot” but there’s nothing ducky about it. The Qakbot first appeared on the scene in 2009 stealing your bank account information off of your computer. Security researchers have seen a new surge as cybercriminals issued a new release in April. Their main target - your bank account. Many of the software protection companies like Symantec and McAfee are trying to stay ahead so keep those antivirus software products up to date!


WEB RESOURCES:

If you think you have been the victim of a crime where they used spoofing software, or any other means via the internet, please contact the FBI’s Internet Crime Complaint Center at www.ic3.gov

Recent criminal use of caller id spoof software:
http://www.hernandosheriff.org/applications/pressreleases/PressReleases/20110526_Daniels-35%20Charges-FRAUD%20WARNINGS.pdf


How caller id faker rates calls that used their software:
http://calleridfaker.com/public/

A Youtube video describing how it works.
http://www.youtube.com/watch?v=CAXEL3hAk8Y

Tuesday, November 15, 2011

Upcoming Webinar Hosted by TP 11/28

Theresa Payton will be hosting a webinar, The Game Changed: Biggest threats for banks and their customers changed on us and what Eve from Wall-E has to do with it, Monday November 28th, 2011 at 2:00pm. The webinar will be approximately one hour with time for a Q&A session at the conclusion. The discussion aims to illustrate an updated threat picture for banks to help them recognize how to adapt and best protect their customers. Find out what Mr. Incredible and Eve from Wall-E have to do with the new security threat vector and why businesses are completely unprepared!
To attend: https://bankerstuff.ilinc.com/join/yzzkfbf
Primary Dial-In: 1-866-502-8312
Passcode: 933472

Thursday, November 10, 2011

Apple phone and Ipad Alert

Written by Theresa Payton and featured in WBTV's Protecting Your Cyberturf segment with Kristen Miranda and Theresa Payton

Do you have an iPhone and/or an iPad? Then you better spend the next two minutes with us to hear a warning that you need to know so you can protect yourself. The good news is that cybsecurity experts still feel the iphone is safe but a warning tonight that no device is ever 100% safe from cybercreeps! We talked to  a cyber expert to learn more about the iPhone issue.


Theresa has told you before that there is no 100% security solution. No device, no software is completely safe. This is about managing risk...

THE FLAW:
1. A researcher found a flaw in the operating system that could allow a cybercreep to take control of your iphone or ipad.
2. He created a sleeper app which once on his phone, connected back to a computer, and then downloaded malicious software
Once the cybercreep gets into your Iphone, he can take your information and even send text messages

This is very unusual because Apple has a process that reviews software for malicious code before it can go into the App Store.

The flaw works around the App Store because it installs the malicious software later.


WORD OF THE WEEK:
Sloppy clicker: Do you have someone that borrows your tablet, smart phone or computer and every time they use it and walk away your icons are all messed up? It’s because your device was hijacked temporarily by a sloppy clicker!

WEB RESOURCES:
To keep up to date on security concerns, track them at the Apple website at www.Apple.com

The iPhone Help site is also a great resource at http://iphonehelp.in

If you are worried about your iPhone or iPad or any smart phone catching a virus, software security companies, Sophos and McAfee, offer mobile protection.

Hacking Your Way Out of Jail

Written by Theresa Payton and taken from the WBTV Protecting Your Cyberturf segment featuring Kristen Miranda and Theresa Payton

We have warned you before about how hackers can take over your phone, your computer, and maybe one day your car. Tonight we have another threat to worry about, hackers could take control of the systems used to control prisons and essentially unlock the prison.


We see the technology to remotely lock and secure things everywhere we go. Special computers help us set our alarms on our homes when we’re away. Well, prisons use a more sophisticated technology, called supervisory control and data acquisition or SCADA systems. SCADA protects our energy companies and keeps the bad guys locked in prison. But now, Cyber Expert, Theresa Payton says hold on a minute, we are not as safe as you might hope.


THE CONCERN:
A research team demonstrated at the Hacker Halted conference they had found a vulnerability in SCADA to take over the systems used in prisons.

HOW IT WORKS:
The control systems within the prison, if connected to a network that eventually talks to the internet, that’s where the hackers can squirm in.

Even if they are not connected, if someone manages to connect an infected thumb drive or install and infected file on the system, it could have the same effect.

The good guys demonstrated that they just needed that avenue and then sent an attack that would overload the computers and then allow them to open the doors at a prison.

This should be a wake up call for all organizations that use SCADA to inspect their systems and make sure they do not talk to the internet. Even an innocent connection to the internet for email creates a weak point that can let the bad guys in!

WORD FOR THE WEEK:

Netizen: A mashup of internet and citizen, you might be one of these if you spend most of your life on the internet between your smart phone, computer and tablet

Don't Let the Grinch Steal Your Holidays!

Written by Theresa Payton and featured on WBTV's Protecting Your Cyberturf with Kristen Miranda and Theresa Payton

It’s that fun time of year, shopping for the special people in your life for the holidays. You have so many options now. You can hit the early bird sales at the mall, shop in your jammies at your home computer and now you can even shop from your smart phone while sitting in a boring meeting at work! But remember, cybercrooks go where the action is.


We are going to be telling you how to get the best deals using social media, your phone, the internet - ways to stretch the dollar to bring everyone the most joy. A recent study from the National Retail Federation said that over 50% of you plan to use your smart phone this year to help you with your shopping and many of you plan to avoid the crowds and shop online. But Cyber Expert, Theresa Payton, is especially concerned about you this holiday season as she watches both old and new tricks putting the Grinch between you and the holidays.

Theresa is concerned about many scams coming your way and she has highlighted the 6 worst for you here.

ONLINE SCAMS COMING YOUR WAY:
1. Mobile Madness: Cybercriminals know that the phone is the place to be for coupons, social networking deals, and purchases. If the deal on your phone sounds too good to be true or needs personal and credit card data, think twice.
2. QR Codes: Quick Response Codes - Those funny looking codes on boxes might be tempting but we have warned you before about counterfeit QR codes and malware hiding behind them. Be careful about scanning these using your phone or tablet.
3. Facebook Gift cards: Every day seems to have a new deal offering “free” gift cards on Facebook and they look pretty convincing. Since many merchants have moved to “Facebook only” or “Web only” deals it makes it hard to verify. Check your merchant’s home page or call and ask.
4. Online holiday greeting cards: Sorry to be a Grinch but don’t open unless you can call the person to make sure they really sent it to you.
5. Free online holiday screensavers, ringtones, or games: Free on the internet ALWAYS has strings attached. It might just be annoying pop up ads but it could also include spyware. If you must download the free games or screensavers, only download them from sites you know very well.
6. UPS / DHS / USPS / FedEx: Be on the lookout for any email notifications about missing packages, package status, or other notices. If they ask you to click on a link or open a file, be very suspicious

HOW TO STAY SAFE:
  • Update your Browser software, Operating System, and Antivirus Software
  • Practice good digital hygeine:
    • be wary of links and attachments
    • don’t fill out forms asking for personal or credit card information
    • do not share too much information about your holiday plans



WORD OF THE WEEK:
Camoflauge. In this case, it’s a way to disguise the fact that your phone is ringing. You can use a ringtone like a cough, or someone saying, “Shhh!” If you are going to an outdoor event, you can pick a bird tweeting or bee buzzing ringtone.

RESOURCES:
For cell phone safety tips, go to the National Crime Prevention Council at:
http://www.ncpc.org/topics/cell-phone-safety-1
Keep track of Facebook scams at www.Facecrooks.com

Trust but verify those great deals through the Better Business Bureau at www.BBB.org

If you are a victim of an internet crime, notify your local law enforcement and your banks first and then contact the FBI at www.IC3.gov and the Federal Trade Commission at www.FTC.gov to file a complaint.