Posts Tagged ‘hacking’

Beware of like jacking in Facebook

Tuesday, January 3rd, 2012

Beware of tricksters on Facebook.

This is not a new warning, but at year’s end, 2011 was the year of social engineering tactics being used to trick Facebookers into going to affiliate marketing sites in order to fill out surveys. And users of the social media site did just that by the millions.

In the past, online criminals used Facebook for identity theft or phishing scams. But these days, it’s much more profitable to use the site for the defrauding of affiliate businesses. These scammers directed their victims toward the affiliate marketing sites in three out of every four scams attempted last year.

The scam works like this: links are posted on Facebook, asking Facebook users to go to the fake sites to fill out various surveys. These surveys generate affiliate payments for the scammers, and cost the legitimate businesses that pay the fees.

Legitimate affiliate sites are big business, and a popular way to generate user traffic. Businesses pay sites a fee for referring visitors to the site, often offering rewards. When a scammer gets in on the action, they get paid and the business gets nothing.

The catch is that when a person fills out one of these surveys, the scammer can hack in and get the personal information found there, and use it to commit identity theft.

And the scary part is that the cybercriminals are getting smarter about how they conduct this scam. They’re now tricking users into sharing the link, called “like jacking.” By clicking on the link, a user unknowingly unleashes a malicious script which makes it appear that he or she has “liked” the link, and shares it with his or her Facebook friends.

Be careful when it comes to these links. Don’t click on any links that are unsolicited. Better safe than sorry.

Tags: , , , ,
Posted in identity theft risk | No Comments »

Small business owners must take steps to prevent hacking – and the FCC wants to help

Wednesday, May 18th, 2011

The Federal Communications Commission has announced the launch of a new website designed to help small businesses protect against cyberattacks.

The site – fcc.gov/cyberforsmallbiz – includes links to vendor, nonprofit and government resources, including materials from the National Cyber Security Alliance, and a PowerPoint presentation from the National Institute of Standards and Technology.

There’s also posted a list of tips for small businesses, which includes information on training employees, installing patches, limiting access and regularly changing passwords.

Small and mid-size businesses have been hit hard in recent years by hackers who use malware to steal corporate bank account credentials, which they use to wire out large amounts of cash.

Businesses in the mid-size to small range often lack the resources needed to take additional steps to protect themselves from hacking attacks. But considering the risks and possible financial ruin, business owners can no longer afford to ignore this hazard. Here are some tips for small business owners to help fight against hacking.

• Go beyond traditional antivirus software and implement a complete security system on servers.
• Make sure you have a backup and recovery system in place.
• Buy a complete security software package from a reputable buyer.
• Enact and enforce Internet policies with employees, and train employees about what they can and can’t do, as well as changing passwords and protecting mobile devices. Employees should be trained to never open unfamiliar links or go to unfamiliar websites.

Tags: , , , ,
Posted in Data breach | No Comments »

Former students charged with hacking into university’s system

Tuesday, November 30th, 2010

Two former University of Central Missouri students have been charged with computer hacking and identity theft.

Daniel J. Fowler, 21, of Kansas City, and Joseph A. Camp, 26, a New York resident, each face charges of conspiracy, fraud, computer intrusion, illegal interception of electronic communications and aggravated identity theft.

Camp has also been charged with trying to sell the personal information of more than 90,000 people to an undercover FBI agent.

For three months, beginning in October 2009, the duo hacked into the university’s computer network and downloaded large databases of faculty, staff, alumni and student information.

Data breaches such as this are becoming more and more common, and many of them aren’t even reported. What happens if you become a victim? Should you be worried? Here are some things to consider.

Seventy percent of all data breaches come from an attack by an external third party. This includes system hacks or intercepting e-mail. The variety and creativity of cyber criminals is greater than ever.

Seventy-five percent of all mid-size companies in America cut their security budgets in 2009 – but criminals don’t suffer during a recession; instead, they thrive. If you’re a small or medium-size business owner, don’t assume you won’t be hit. Thieves know businesses this size are an easy target.

The No. 1 cause of data breaches is human error. Forty-eight percent of all breaches occurred as the result of misuse, compared to 40 percent due to direct hacking. If businesses recognized this and acted accordingly, it would likely cut the number of data breaches by 50 percent.

Simple or intermediary controls would make 96 percent of all data breaches avoidable. But this doesn’t mean businesses must adopt complicated solutions to keep their data safe – simple basic protection would suffice.

Data loss can affect any business at any time. But the vast majority appear to be due to lax controls and the resulting human error. Human error isn’t necessarily something you can ever get rid of, but you can protect your business’ data so that should it be lost, misplaced or intercepted, the confidential business and client information won’t be compromised.

Tags: , , ,
Posted in Data breach | No Comments »

Express Scripts hackers update: 1,700 added to victims list

Tuesday, September 22nd, 2009

Apparently, hackers stole even more of Express Scripts’ member information than was initially revealed last fall. An additional 1,771 New Hampshire residents are being sent data breach notification letters this week, according to a September 14 letter from Express Scripts.

Express Scripts, one of the world’s largest pharmacy benefits management companies, revealed in November 2008 that hackers demanded ransom in exchange for stolen customer information. Unless the ransom was paid, the hackers threatened to reveal the members’ information.

To strengthen their threat, the hackers sent personal information–including names, birth dates, Social Security numbers and some prescription details–of 75 of the firm’s 50 million customers.

Express Scripts publicly refused to pay the ransom, even after some of their customers received similar letters, extortion attempts and sample employee information. Toyota, government agencies and labor unions were among those contacted by the hackers. (more…)

Tags: , , , , , ,
Posted in Data breach | 1 Comment »