Tag Archives: Bank of America

Think You’re Immune From Online Fraud? Maybe Not!

Guest writer Dave Brooks, a vastly experienced computer Tech from New Hampshire, who is an expert at online safety, shares this chilling story on why even exercising proper security measures won’t guarantee your online financial safety.

image Bill is constantly trying to pound security into his reader’s heads, and with good reason, but unfortunately, no matter how careful you are, there are things that are beyond your control when buying stuff online.

Case in point: at Bill’s request I’m going to relay a recent unnerving personal experience, if only to show that even the most security conscious are still at risk.

I’m very online safety/security conscious and I buy online only from reputable, well known stores. My online bank account password looks like an alien language, my ATM pin is 8 digits long (compared to 4 or so many people use), and I monitor my account closely.

Even so my ATM card number was recently used, in the middle of the night, in Georgia, while I was sound asleep in New Hampshire. Luckily Bank of America has decent monitoring, and I have a ton of alerts set up to email me when certain things happen with my account.

I woke up in the morning to find an alert that my card was used while I was asleep, and an email from Bank of America that they had detected suspicious activity on my account, had frozen the transaction, and placed a lock on my account to prevent further activity.

image

The charge was for the amount of $1.22; it’s apparently common practice by those that use stolen card numbers to make a small charge such as this to confirm that the number is good before using it to make larger purchases.

Thanks in part to my diligent monitoring, and Bank of America’s account monitoring system, the thieves were never able to get to step two and spend my hard earned cash on god knows what.

A call to the number provided in the alert email I got from the bank (after confirming it was in fact their number by matching it up on the Bank of America website; phishing emails are pretty convincing nowadays!), confirmed the illegal activity. Bank of America cancelled my ATM card, and cancelled the charge, and a trip to my local bank branch netted me a new ATM card.

image My number was likely stolen from a hacked online database of a company that I had made an online purchase from in the past, but there’s no way to confirm this – it could have just as easily been a dishonest employee from a local store where I used my card.

I have since opened a second account with an ATM card, and use only that account for online purchases, (I had been contemplating doing this for a year or more or more, but never did),

I keep a balance of about 5 bucks in it, and when I want to buy something online, I transfer the purchase amount from my main account to the “internet” account to cover it. At least that way, my main account is less exposed, and if it happens again I’ll be able to determine if it was the “internet” or “local purchase” that led to the compromise.

Bottom line here is, even though you think you’re safe, if you purchase stuff online, your bank or credit card info is out there for the taking. The best you can do is keep a close eye on your accounts for suspicious activity, and try to minimize possible damage that might be done if your card number is stolen.

Guest Writer: This is a guest post by Dave Brooks a professional computer technician from New Hampshire, USA. Dave has become a regular guest writer, who’s articles are always a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Guest Writers, internet scams, Online Banking, Windows Tips and Tools

Online Dangers – Even a Tech Can Get Taken

Think you’re immune from online fraud? Do you believe – “It could never happen to me”? Read what guest writer Dave Brooks, a vastly experienced computer tech from New Hampshire, has to say about what happened to him.

image Bill is constantly trying to pound security into his reader’s heads, and with good reason, but unfortunately no matter how careful you are, there are things that are beyond your control when buying stuff online.

Case in point: at Bill’s request I’m going to relay a recent unnerving personal experience, if only to show that even the most security conscious are still at risk.

I’m very online safety/security conscious and I buy online only from reputable, well known stores. My online bank account password looks like an alien language, my ATM pin is 8 digits long (compared to 4 or so many people use), and I monitor my account closely.

Even so my ATM card number was recently used, in the middle of the night, in Georgia, while I was sound asleep in New Hampshire. Luckily Bank of America has decent monitoring, and I have a ton of alerts set up to email me when certain things happen with my account.

I woke up in the morning to find an alert that my card was used while I was asleep, and an email from Bank of America that they had detected suspicious activity on my account, had frozen the transaction, and placed a lock on my account to prevent further activity.

The charge was for the amount of $1.22; it’s apparently common practice by those that use stolen card numbers to make a small charge such as this to confirm that the number is good before using it to make larger purchases.

Thanks in part to my diligent monitoring, and Bank of America’s account monitoring system, the thieves were never able to get to step two and spend my hard earned cash on god knows what.

A call to the number provided in the alert email I got from the bank (after confirming it was in fact their number by matching it up on the Bank of America website; phishing emails are pretty convincing nowadays!), confirmed the illegal activity. Bank of America cancelled my ATM card, and cancelled the charge, and a trip to my local bank branch netted me a new ATM card.

My number was likely stolen from a hacked online database of a company that I had made an online purchase from in the past, but there’s no way to confirm this – it could have just as easily been a dishonest employee from a local store where I used my card.

I have since opened a second account with an ATM card, and use only that account for online purchases, (I had been contemplating doing this for a year or more or more, but never did),

I keep a balance of about 5 bucks in it, and when I want to buy something online, I transfer the purchase amount from my main account to the “internet” account to cover it. At least that way, my main account is less exposed, and if it happens again I’ll be able to determine if it was the “internet” or “local purchase” that led to the compromise.

Bottom line here is, even though you think you’re safe, if you purchase stuff online, your bank or credit card info is out there for the taking. The best you can do is keep a close eye on your accounts for suspicious activity, and try to minimize possible damage that might be done if your card number is stolen.

Guest Writer: This is a guest post by Dave Brooks a professional computer technician from New Hampshire, USA. Dave has become a regular guest writer, who’s articles are always a huge hit.

This article is Dave’s response to today’s article “How to Conduct Online Banking Safely”.

Thank you Dave for such a quick response – a great article, crafted quickly.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Internet Security Alerts, Online Banking, Online Safety, Tech Net News, Windows Tips and Tools

Hey Sucker – Read This! Michael Jackson’s Not Dead!

image The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

image

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

12 Comments

Filed under Don't Get Hacked, Email, email scams, Google, Interconnectivity, internet scams, Malware Advisories, Online Safety, Safe Surfing, social networking, Spyware - Adware Protection, Twitter, Windows Tips and Tools

Email Spammers Are Smarter Than You Think

image I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Gmail Spam

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

– In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

– To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Web Forgery

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

19 Comments

Filed under Browsers, Don't Get Hacked, Email, email scams, Firefox, Interconnectivity, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools

Bank of America Alert – Update Your Account Scam!

I must admit that I get very tired of opening my email accounts only to see spam email after spam email, designed to sell me something I don’t want and that I have absolutely no interest in. While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails that cause me the most frustration.

It seems that more and more often, these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money. This morning was no exception when I received a Bank of America Alert requesting that I update my account information.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people. So phishing is considered an opportunistic attack, rather than the targeting of a specific person.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, the Bank of America. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

According to this email my online banking privileges with Bank of America have been blocked due to security concerns. This looks like an official email to me and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

The reality is of course; your bank or any other legitimate financial organization will on no account, ask you to divulge account information or passwords via email. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to find out the current status of your account.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

  • Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.
  • When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.
  • Don’t open emails that come from untrusted sources.
  • Don’t run files that you receive via email without making sure of their origin.
  • Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.
  • Never click on embedded cell phone links.
  • Keep your computer protected. Install a security solution and keep it up-to-date.

6 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Banking, Online Safety, Phishing, Privacy, Spyware - Adware Protection, System Security, Windows Tips and Tools