Tag Archives: bank

Online Banking Do’s and Don’ts

banking2 While it’s true that the Internet, despite its fundamental design flaws, has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices, and decisions, that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the positive hype surrounding financial institutions’ system security, we have learned, much to our detriment, that there are no absolutes in computer system security.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, the active security features offered by your financial institution.

Online banking 1

Examples of security features offered by financial institution:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that resembles a lock, or a key, when you conduct secure transactions online. Look for this symbol so that you have reason to believe your connection is, in fact, secure.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words, that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your password in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly.

Online banking 2

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer, even at home, unattended, once you have signed in to online banking.

After completing your transactions, ensure that you sign out, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly, many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party, or website, other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, (absolutely NOT recommended), to be safe, change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by someone else. The best passwords are made up of an alpha-numeric combination that are more than eight characters long, and a combination of capital and lower case letters.

Bank of America email scam

This is an example of an Online Banking email phishing attempt.

Final words – don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under cybercrime, Don't Get Scammed, Interconnectivity, Online Banking, Online Safety, Windows Tips and Tools

PandaLabs Trojan Warning – FakeWindows.A, and UrlDistract.A

Courtesy of Panda Security: This week’s PandaLabs report looks at two new Trojans (FakeWindows.A, and UrlDistract.A), that try to trick users in order to steal their data.

FakeWindows.A is a Trojan that resembles a Windows XP activation process.

image

This malware can reach computers through email, or can be downloaded from a malicious Web page.

It tries to get users to believe that the operating system is requesting their data to activate the account.

image

In addition to personal data, the Trojan also requests bank details. On entering them, the program displays an error screen indicating it was impossible to
connect to the server. Consequently, in addition to making data theft
easier, users’ computers are blocked.

The UrlDistract.A Trojan, reaches computers through emails with an icon that resembles a video. When run, the Trojan silently steals users’ information, while it distracts them by opening a YouTube video called “Little Superstar” where an actor dances to the music.

image

The Trojan then connects to an address in Atlanta, and sends all the data
stolen from the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on PandaLabs Trojan Warning – FakeWindows.A, and UrlDistract.A

Filed under Don't Get Scammed, Don't Get Hacked, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, trojans, Windows Tips and Tools, Windows XP

Online Banking Safety Tips

banking2 As use of the Internet continues to expand exponentially, banks and other financial institutions have increased their use of the Internet to deliver products and enhanced financial services, or simply to improve communications with consumers.

The Internet, despite its fundamental flaws, does offer the potential for safe, convenient, and new ways to shop for financial services and conduct banking business, any day, any time.

While it’s true that the Internet has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices and decisions that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the hype concerning inpenetrateable system security, we have learned, much to our detriment, that no such inpenetrateable systems exist. The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, security features offered by your financial institution.

Online banking 1

Some examples are:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Online banking 2

(Click pic for larger)

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer unattended once you have signed in to online banking.

After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, to be safe change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Bank of America email scam

(Click pic for larger)

This is an example of an Online Banking email phishing attempt.

Don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

5 Comments

Filed under Don't Get Hacked, Encryption, Interconnectivity, Internet Safety, Malware Advisories, Online Banking, Online Safety, Phishing, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools

Public Proxy Server Danger – Web Site Spoofing

spoofing In the article immediately following this article, “OperaTor and XeroBank – Surf the Internet Anonymously”, I stated, “You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!”

Well, there’s no time like the present, so here is that article.

In some cases public proxy DNS’s, the database that associates numeric IP addresses, e.g. (206.4.XX.XXX) with URLs, have been known to have been modified.

The modification consists of changing the legitimate association for a fraudulent one, so that when users type a specific URL, they are redirected to a fraudulent page. For example, if users try to log onto their banking web site, the server could redirect them to a phishing site which resembles the legitimate page, but which is designed to steal their bank details.

The following graphic shows a spoofed banking site.

spoof

(Click pic for larger)

The danger of this type of attack is – even users with malware-free, up-to-date computers with a good firewall, etc. could easily fall victim to these attacks.

To reduce the risk of phishing attacks it’s important not to use anonymizer services if you’re accessing sites on which confidential data (e.g. online banks, pay platforms, etc.), is being transmitted.

It’s equally as important that you use a browser add-on such as WOT (Web of Trust), so that you have a first line of defense against this type of attack. I strongly recommend that you use WOT as your primary Internet Browser protection. For more information, read “Love WOT And It Will Love You Right Back!” on this site.

If you’re interested in learning more about web spoofing, there is an excellent article at Princeton University’s web site entitled Web Spoofing: An Internet Con Game.

4 Comments

Filed under Anonymous Surfing, Browser add-ons, Don't Get Hacked, Firefox Add-ons, Freeware, Interconnectivity, Internet Safety, Internet Safety Tools, Malware Advisories, Online Banking, Online Safety, Phishing, Safe Surfing, Software, Spyware - Adware Protection, System Security, Windows Tips and Tools

IRS Tax Notification Refund Scam – Don’t be Victimized!

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $939.40. – Fraudulent IRS email

Now who wouldn’t be thrilled to receive an email informing them that U.S. Internal Revenue Service is going to play Santa Clause and give them $939.40? Well I wouldn’t object, and I suspect you wouldn’t either. Like you, I can think of a few places where this unexpected windfall could be put to good use.

Despite the fact that I am a Canadian, and I reside in Canada, it seems the U.S. Government is eager, and determined, to give me money for the third time in just a few months. Yes, this is the third such scam email I have received in just the last few months.

Since I am a Canadian I do not file U.S. income tax returns and I do not qualify for a refund from the IRS. Despite this, the cyber-criminals responsible for this fraudulent email were optimistic that I would click on the enclosed email link.

Clicking on the link would have redirected me to a spoof IRS page, comparable to the original site, and I would then have begun a process in which the scammers would have stripped me of all the confidential information I was willing to provide.

Information requested on the spoof IRS page includes; social security number, credit card and debit card numbers, postal address, and date of birth. The financial and personal details entered into this fraudulent web site are harvested by cyber-crooks who would have used this information to commit identity and financial theft.

The reality is of course, the IRS doesn’t send out unsolicited emails asking for personal or financial information. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to discover the current status of your tax return, or your tax refund.

According to the IRS there are over 1600 IRS phishing sites operating, or online, at any given time in search of potential victims willing to hand over sensitive financial data. It’s easy to see that the emails I received are not isolated incidents. The IRS confirms that by their estimates, 1% of all spam email is an IRS phishing scam.

What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses. As well, giving the time of year, the timing is right. Be warned, IRS scam emails always ramp up before tax day and continue for some time afterwards.

You know what to do right? Follow the tips below to protect yourself against these threats:

  • Your bank, the IRS, or any other legitimate organization will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
  • Don’t open emails that come from un-trusted sources.
  • Don’t run files that you receive via email without making sure of their origin.
  • Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an un-trusted source, simply ignore them.
  • Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, I recommend that you scan your computer with a second-opinion security solution, such as NanoScan.

Be kind to your friends, relatives, and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

To help you fight back, the following information has been taken from the official IRS web site and provides instructions on how to assist the IRS in shutting down these schemes.

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov.

Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

IRS reporting site

2 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Banking, Online Safety, Phishing, Windows Tips and Tools

Bogus IRS Tax Notification Email – Don’t Be a Victim!

Despite the fact that I am a Canadian it seems the U.S. Government, by way of the Internal Revenue Service, wants to give me money for the second time in just a few months.

Back in February of this year, I received an email indicating I could expect a tax refund of $873.20, and just in the last few days I received an IRS Tax Notification email informing me that an additional $184.80 was mine if I just clicked on the enclosed email link.

Unfortunately, since I am a Canadian I will not be getting a refund from the IRS, but the cyber-criminals responsible for this email were hopeful that I would click on the enclosed link.

Clicking on the link would have redirected me to a spoof IRS page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide. Information requested on the spoof IRS page includes; social security number, credit card and debit card numbers, postal address, and date of birth.

The financial and personal details entered are harvested by cyber-crooks who would then have used this information to commit identity and financial theft.

The reality is of course, the IRS doesn’t send out unsolicited emails asking for personal or financial information. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to find out the current status of your tax return, or your tax refund.

According to the IRS there are over 1600 IRS phishing sites operating, or online, at any given time in search of potential victims willing to hand over sensitive financial data. It’s easy to see that the emails I received are not isolated incidents. The IRS goes on to say that by their estimates, 1% of all spam email is an IRS phishing scam.

What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses. As well, giving the time of year, the timing is right. Be warned, IRS scam emails always ramp up before tax day and continue for some time afterwards.

You know what to do right? Follow the tips below to protect yourself against these threats:

  • Your bank, the IRS, or any other legitimate organization will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
  • Don’t open emails that come from un-trusted sources.
  • Don’t run files that you receive via email without making sure of their origin.
  • Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an un-trusted source, simply ignore them.
  • Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, I recommend that you scan your computer with a second-opinion security solution, such as NanoScan at www.nanoscan.com.

Be kind to your friends, relatives and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

To help you fight back, the following information has been taken from the official IRS web site and provides instructions on how to assist the IRS in shutting down these schemes.

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov.

Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

IRS reporting site: phishing@irs.gov

3 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Phishing, Privacy, Safe Surfing, Windows Tips and Tools

Online Banking Security – Be Safe – Know the Rules!

As use of the Internet continues to expand, banks and other financial institutions are using the Internet to offer products and services, or otherwise enhance communications with consumers.

The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices; decisions that will help you avoid costly surprises, or scams.

You are your own best protection. So learn about and take advantage of security features offered by your financial institution.

Some examples:

Encryption is the process of scrambling private information to prevent unauthorized access. To show that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

· Never leave your computer unattended once you have signed in to online banking.

· After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.

· Keep your password and card number safe.

· Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information.

· Do not save your bank card number or password on a publicly accessed computer.

· If using a public access computer such as an Internet café or public library, change your password after completing your session by calling your bank’s telephone banking number.

· When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Don’t use:

· A password you use for any other service.

· Your name or a close relative’s name.

· Your birth date, telephone number or address, or those of a close relative.

· Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. Giving your password answers to another person or company places your finances and privacy at risk.

4 Comments

Filed under Encryption, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Privacy, Windows Tips and Tools