Panda Security’s Latest Survey Shows Small Business Fails At Data Security

I’ve been working on an article for some time, investigation whether small business is up to the task of protecting your personal information; particularly your financial data (credit card, debit card, details), following a consumer transaction.

The background research has revealed a sobering reality – many small and medium sized businesses really suck at protecting their customers’ critical financial information.

So, when I had the opportunity to read Panda Security’s study (released yesterday), of security in SMBs (including 1,500 US SMBs), which showed that a startling percentage of US based SMBs just don’t get the security equation, I was not in the least bit surprised.

Look at these stats from the survey:

The infection ratio at U.S. companies has slightly increased since last year (46 percent in 2010 compared to 44 percent in 2009). It has dropped in Europe (49 percent in 2010 compared to 58 percent in 2009).

Viruses are the most popular threat SMBs are encountering (45 percent), followed by spyware (23 percent).

Thirty-six percent of US SMBs use free consumer security applications.

Unbelievably, 13 percent have no security in place!

Thirty-one percent of businesses are operating without anti-spam

Twenty three percent have no anti-spyware.

Fifteen percent have no firewall.

Participants: The survey consisted of companies with between 2 and 1,000 computers. 1,532 in the United States participated in the survey, and nearly 10,000 in total across the U.S., Europe, Latin America and North America.

The next time you use your credit/debit card at your local Butcher, Baker, or Candlestick Maker, consider carefully the risks involved. It might be prudent to inquire whether the business operates in a twenty first century security environment.

Yes, I know, you might see this as an overreaction – but it’s hardly that. Unless we, as consumers, force the issue, many SMBs will continue to operate with their heads up their in the cloud – unfortunately, not in the security cloud.

I’ll tell you a little secret – I never use my credit, or debit card, when transacting business with a small local merchant. It’s not the small monetary loss that concerns me, since the card issuer sets my liability limit at $50. Instead, it’s the more critical information that can be stolen and used in identity theft.

About Panda Security;

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology.

For more information, visit Panda US.

A PDF version of the full report is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Online Banking Do’s and Don’ts

While it’s true that the Internet, despite its fundamental design flaws, has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices, and decisions, that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the positive hype surrounding financial institutions’ system security, we have learned, much to our detriment, that there are no absolutes in computer system security.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, the active security features offered by your financial institution.

Examples of security features offered by financial institution:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that resembles a lock, or a key, when you conduct secure transactions online. Look for this symbol so that you have reason to believe your connection is, in fact, secure.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words, that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your password in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer, even at home, unattended, once you have signed in to online banking.

After completing your transactions, ensure that you sign out, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly, many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party, or website, other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, (absolutely NOT recommended), to be safe, change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by someone else. The best passwords are made up of an alpha-numeric combination that are more than eight characters long, and a combination of capital and lower case letters.

This is an example of an Online Banking email phishing attempt.

Final words – don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Nigerian Spammers Take On the FBI

Times must be tough in Spammer Land (Nigeria). Or, it could be, that the poor air and water quality, in this infamous country, is beginning to rot a few brains.

How else to explain, spammers giving a deliberate “poke in the eye” to, of all organizations, the FBI. On the other hand, I suppose it’s possible to be both bold, and dead stupid, at the same time.

In any event, it’s obvious the spammers who are responsible for a ludicrous email currently making the rounds, do not subscribe to the philosophy of “choose your enemies carefully, for they shall kick your ass”. In this case, I suspect, it won’t be very long before that happens.

Most of us learned, in kindergarten, that appearances can often be deceiving. In the unlikely event that you didn’t; checkout, “All I Really Need To Know I Learned In Kindergarten”, by Robert Fulghum. This book continues to be a phenomenal bestseller; with good reason. The following is a teeny, tiny excerpt:

“And then remember the Dick-and-Jane books and the first word you learned – the biggest word of all – LOOK.”

Unfortunately, not all of us, when we are on the Internet, LOOK – really look. Not all of us recognize, “the wolf in sheep’s clothing” email scam. Spam scammers rely on this to defraud those of us who don’t.

According to a recent email I received (a perfect example of the “wolf in sheep’s clothing” scam), the FBI has interceded on my behalf, to allow me to complete an illegal transaction with Mr. Sanusi Lamido, of the Central Bank Of Nigeria.

The FBI (according to the email), kindly points out “During our Investigation, it came to our notice that the reason why you have not received your payment is because you have not fulfilled your Financial Obligation given to you in respect of your Contract/Inheritance Payment”.

“So therefore, we have contacted the Federal Ministry of Finance on your behalf and they have brought a solution to your problem by coordinating your payment in the total amount of $5,000,000.00 USD which will be deposited into an ATM CARD which you will use to withdraw funds anywhere of the world”.

The email goes on to say – “We have confirmed that the amount required to procure the Approval Slip will cost you a total of $196USD which will be paid directly to the ATM CARD CENTER agent via western union money transfer / money gram Money Transfer”.

Not a bad deal huh? $5,000,000.00 USD for an investment of a measly 196 Bucks – and all of it guaranteed by the FBI! Jeez, how could a rational, thoughtful person, pass up an opportunity like this?

I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are. Believe it or not, there are some people, somewhere, who will believe this nonsense.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

Ask your friends, relatives, and associates to keep the following tips in mind while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.Keep your computer protected.

Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

FBI Spam – Spammers Go One Step To Far

Times must be tough in Spammer Land. Or, it could be, that the poor air and water quality, in this well know country, is beginning to rot a few brains.

How else to explain, spammers giving a deliberate “poke in the eye” to, of all organizations, the FBI. On the other hand, I suppose it’s possible to be both bold, and dead stupid, at the same time.

In any event, it’s obvious the spammers who are responsible for a ludicrous email currently making the rounds, do not subscribe to the philosophy of “choose your enemies carefully, for they shall kick your ass”. In this case, I suspect, it won’t be very long before that happens.

According to this recent email, the FBI has interceded on my behalf to allow me to complete an illegal transaction with Mr. Sanusi Lamido, of the Central Bank Of Nigeria.

The FBI (according to the email), kindly points out “During our Investigation, it came to our notice that the reason why you have not received your payment is because you have not fulfilled your Financial Obligation given to you in respect of your Contract/Inheritance Payment.

So therefore, we have contacted the Federal Ministry of Finance on your behalf and they have brought a solution to your problem by coordinating your payment in the total amount of $5,000,000.00 USD which will be deposited into an ATM CARD which you will use to withdraw funds anywhere of the world”.

The email goes on to say – “We have confirmed that the amount required to procure the Approval Slip will cost you a total of $196USD which will be paid directly to the ATM CARD CENTER agent via western union money transfer / money gram Money Transfer”.

Not a bad deal huh? $5,000,000.00 USD  for an investment of a measly 196 Bucks – and all of it guaranteed by the FBI! Jeez, how could a rational, thoughtful person, pass up an opportunity like this?

Too Funny! I’m now a little unsure as to what I should do – I’m used to watching YouTube to get my daily chuckles, but maybe I’ll give that up, and just focus on this type of email instead.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Online Banking Safety Tips

As use of the Internet continues to expand exponentially, banks and other financial institutions have increased their use of the Internet to deliver products and enhanced financial services, or simply to improve communications with consumers.

The Internet, despite its fundamental flaws, does offer the potential for safe, convenient, and new ways to shop for financial services and conduct banking business, any day, any time.

While it’s true that the Internet has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices and decisions that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the hype concerning inpenetrateable system security, we have learned, much to our detriment, that no such inpenetrateable systems exist. The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, security features offered by your financial institution.

Some examples are:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

(Click pic for larger)

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer unattended once you have signed in to online banking.

After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, to be safe change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

(Click pic for larger)

This is an example of an Online Banking email phishing attempt.

Don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

Cell Phone Fraud – Protect Yourself from Vishing

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting your PII as a scam.

Never click on embedded email or cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

You can read more on this issue at the Internet Crime Complaint Center.

Internet/Cell Phone Fraud – Vishing, Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

• Consider every email, telephone call, or text message requesting your PII as a scam
• Never click on embedded email or cell phone links
• When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

Online Banking Security – Be Safe – Know the Rules!

As use of the Internet continues to expand, banks and other financial institutions are using the Internet to offer products and services, or otherwise enhance communications with consumers.

The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices; decisions that will help you avoid costly surprises, or scams.

You are your own best protection. So learn about and take advantage of security features offered by your financial institution.

Some examples:

Encryption is the process of scrambling private information to prevent unauthorized access. To show that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

· Never leave your computer unattended once you have signed in to online banking.

· After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.

· Keep your password and card number safe.

· Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information.

· Do not save your bank card number or password on a publicly accessed computer.

· If using a public access computer such as an Internet café or public library, change your password after completing your session by calling your bank’s telephone banking number.

· When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Don’t use:

· A password you use for any other service.

· Your name or a close relative’s name.

· Your birth date, telephone number or address, or those of a close relative.

· Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. Giving your password answers to another person or company places your finances and privacy at risk.

Visa Credit Card Scam – Don’t Be a Victim!

The more things change the more things remain the same, right? Well perhaps not always, but when it comes to Internet credit card fraud that definitely seems to be the case.

In 2003 cyber criminals ran an Internet scam that preyed on Visa credit card holders that used scam e-mail in conjunction with a specially designed Web site to gather both customer account numbers, personal identification numbers and other personal information. It has since been estimated that 5 percent of recipients responded to this scam e-mail – an incredible number.

Just this past week, I reported on this Blog on an email scam that involves MasterCard. In this scam an email link redirects to a site that looks very similar to MasterCard’s site. Those who fall victim to this scam are persuaded to input their credit card and other personal information. Carole Theriault, a senior security consultant at Sophos, a leading developer and vendor of security software and hardware, has pointed out that the average person would have difficulty in determining that this fraudulent site is not the authentic MasterCard site.

Well, here we go again. Now comes additional news from Sophos of a new Visa credit card scam in which Visa’s Verified by Visa website has been fraudulently replicated. Similar to the MasterCard scam, this one relies on the victim being persuaded to provide credit card details including their Visa card number, security ID, ATM pin number, Social Security Number, mother’s maiden name, full address, and phone number.

The information obtained would then allow criminals to make fraudulent charges, or use the victim’s credentials on online services, such as eBay, Amazon and others, with little risk of being caught.

A number of Internet security experts have told me this morning that this phishing scam is not designed particularly well, and that various aspects of the scam should raise potential victims’ suspicions. On the other hand, in my view any scam that alerts 95% of potential victims to fraudulent activity but still manages to trick 5% of its target audience is an unqualified success by any measure.

In this escalating battle with cyber criminals there are ways to protect your money and identity, but in the end we all need to use a little common sense.

Follow the tips below to protect yourself against these and other threats.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.

Share this post :