Archive for May, 2011
The Federal Trade Commission is getting serious about helping educate consumers about protecting themselves against Internet fraud and identity theft – so the FTC is playing games.
Well, the agency is inviting consumers to play games. Taking advantage of the love people have for video games, the FTC has developed a site, onguardonline.gov, which uses games to teach. The games include “The Case of the Cyber Criminal,” “Phishing Scams” and “Invest Quest.”
In the first game, a techie spy backed by his crew attempts to get his hands on your personal information. In order to protect yourself, you have to know what to o to prevent him from getting it.
in the game, “ID Theft Face-Off,” players become victims of identity theft and must work to get their identities back by correctly answering questions about identity theft protection. In “Beware of Spyware,” gamers are challenged to keep their computers free of spyware, which can give scammers access to personal information, including credit card numbers and bank account information.
Other games on the site educate consumers on smart investing decisions, how to protect their laptops, spotting risky shopping offers online, understanding health products and information online, and peer-to-peer file sharing understanding.
Who knows where identity theft and Internet scammers will strike next? It’s hard to say – so the best defense is a good offense.
Online scams are rampant. One of the most common way people get scammed is through phishing. These scams involve e-mails that claim to be from a legitimate source, asking the recipient to “verify” all or a portion of their personal information. There is often a link which the recipient is asked to click on, which often contains malware that will allow the thief to access the information stored on the victim’s computer.
No legitimate bank is going to send an e-mail of this nature to one of its customers. Your bank will already have this information on file. If you take your mouse and hover over the link and look at the status line, you’ll find that it doesn’t really go to the bank. That’s a huge red flag.
Another common scam involves fake news sites which sell Acai berries or other diet products. Ten of them were recently shut down by the Federal Trade Commission.
The best advice you can take regarding these phishing scams and fake news sites is to just not click when you’re not sure. If you don’t know for sure the origin of the link or site, don’t click on the link.
If you receive a link or suspicious e-mail, copy the URL and send it to the FTC. Delete the link – do not click on it. If you’ve opened an e-mail that you find to be suspicious or fraudulent, don’t panic. Just delete it.
Once you’ve receive such an e-mail or link, be sure to keep a close eye on your bank and credit card statements, as well as your credit report, paying special attention to any questionable or fraudulent entries. if you find any, contact the appropriate agency and report it immediately.
The Federal Communications Commission has announced the launch of a new website designed to help small businesses protect against cyberattacks.
The site – fcc.gov/cyberforsmallbiz – includes links to vendor, nonprofit and government resources, including materials from the National Cyber Security Alliance, and a PowerPoint presentation from the National Institute of Standards and Technology.
There’s also posted a list of tips for small businesses, which includes information on training employees, installing patches, limiting access and regularly changing passwords.
Small and mid-size businesses have been hit hard in recent years by hackers who use malware to steal corporate bank account credentials, which they use to wire out large amounts of cash.
Businesses in the mid-size to small range often lack the resources needed to take additional steps to protect themselves from hacking attacks. But considering the risks and possible financial ruin, business owners can no longer afford to ignore this hazard. Here are some tips for small business owners to help fight against hacking.
• Go beyond traditional antivirus software and implement a complete security system on servers.
• Make sure you have a backup and recovery system in place.
• Buy a complete security software package from a reputable buyer.
• Enact and enforce Internet policies with employees, and train employees about what they can and can’t do, as well as changing passwords and protecting mobile devices. Employees should be trained to never open unfamiliar links or go to unfamiliar websites.
If your child is receiving pre-approved credit card offers in the mail, it could be a sign that your child’s information has been compromised. If you suspect there is a problem, you should contact the three credit reporting bureaus to find out if there are credit reports attached to your child’s Social Security number.
Please note that this request should be made in writing, and the letter should include the child’s name, SSN, and parents’ names and addresses. You should also send the correspondence via certified mail, with return receipt requested. This is the only way you can prove you sent the information. If you are divorced, you should include proof that you have legal custody of the child.
If you do not receive an answer from the credit bureaus within 30 days, file a complaint with the FTC at 1-877-FTC-HELP.
To write to TransUnion, send correspondence to P.O. Box 6790, Fullerton, CA 92834. You should include a copy of the child’s birth certificate and SS card, as well as a copy of your own driver’s license or ID card.
To write to Experian, send correspondence to P.O. Box 932, Allen, TX 75013. Include a copy of the parents’ driver’s licenses, proof of address, such as a utility bill or credit card statement, and a copy of the child’s birth certificate and SS card.
To write to Equifax, send correspondence to Equifax Information Services LLC, Office of Consumer Affairs, P.O. Box 105139, Atlanta, GA 30348. Include a copy of the child’s birth certificate and SS card.
The FBI released today an alert about new cyber scams currently circulating on the internet.
In the reshipping scam, criminals hire individuals to receive, readdress and forward or “reship” packages to addresses generally found in the United Kingdom or Nigeria, but also sometimes Russia.
The reshipped merchandise is purchased with compromised credit cards. Those being used in the scam are a mixed lot – some recognize that what they are doing is a crime, while others are completely unaware there’s any funny business going on. The scam gets busted, usually, when reshippers get calls from the companies that sold the merchandise or from the owners of the stolen credit card numbers.
There’s also a new version of the scam, in which people are hired as “gift wrapper associates” to receive and gift wrap merchandise, then ship it to a given address. Those who were hired in this instance most often said they were hired through Craigslist ads. During their interview process, they were required to provide personal identification information and, after hiring, were provided with the supplies to wrap the merchandise.
Another scam involves counterfeit checks. Subjects attempt to convince victims to cash checks or money orders, then wire a portion of the funds overseas. After wiring the funds, the victim discovers the check was fraudulent, and he is now responsible for the check amount.
The latest version of this scam targets realtors and real estate attorneys. People claiming to be overseas have contacted U.S. realtors and real estate attorneys, indicating they’re interested in purchasing property. Once the deal is done, the realtor or attorney receives a check, only to find out the check is fake. During the transaction, before the check has cleared the bank, the attorney or realtor is instructed to wire a portion of the funds to the “buyer’s” overseas account.
The FBI is warning consumers to be wary of these scams.
The news of data breaches causes ripples of panic among consumers – and the threat of a possible data breach has business owners sitting up and taking notice as well. At any given moment, an employee may be accessing confidential information, either by accident or dishonestly. This presents a unique challenge for businesses today.
Fortunately, through some simple management procedures, your human resources department can help prevent leaks from happening. These procedures will help protect employee and customer information from being exposed to unauthorized parties.
First of all, be aware of where critical employee and customer information is located and who has access to this data. Develop acceptable use policies for all employees that clearly outlines appropriate use of this information. You should include procedures as to what will take place should a violation occur. Be sure to consistently enforce these policies and procedures.
You should regularly review and revise these policies to make sure all changes and additions have been addressed, and that the procedures stay current with changing laws.
Make sure your company has an internal incident plan, and the appropriate resources in house to handle any incidents of employee or customer data loss or unauthorized access by an employee or outsider.
The worst thing your company can do is to compromise any investigation of a breach. Don’t turn on an suspect employee’s computer to “look around.” This may destroy potential evidence.
Don’t make the mistake of assuming your IT department will figure things out. Your IT guys are not forensic specialists. A professionally trained computer forensics expert should be retained for this purpose.
Be sure to report the breach as soon as possible, to both the public and, most importantly, those who may be potentially affected. Not doing so puts your customers at risk, and can potentially be suicide for your business. Be proactive and transparent.