Tag Archives: credit

Panda Security’s Latest Survey Shows Small Business Fails At Data Security

image I’ve been working on an article for some time, investigation whether small business is up to the task of protecting your personal information; particularly your financial data (credit card, debit card, details), following a consumer transaction.

The background research has revealed a sobering reality – many small and medium sized businesses really suck at protecting their customers’ critical financial information.

So, when I had the opportunity to read Panda Security’s study (released yesterday), of security in SMBs (including 1,500 US SMBs), which showed that a startling percentage of US based SMBs just don’t get the security equation, I was not in the least bit surprised.

Look at these stats from the survey:

The infection ratio at U.S. companies has slightly increased since last year (46 percent in 2010 compared to 44 percent in 2009). It has dropped in Europe (49 percent in 2010 compared to 58 percent in 2009).

Viruses are the most popular threat SMBs are encountering (45 percent), followed by spyware (23 percent).

Thirty-six percent of US SMBs use free consumer security applications.

Unbelievably, 13 percent have no security in place!

Thirty-one percent of businesses are operating without anti-spam

Twenty three percent have no anti-spyware.

Fifteen percent have no firewall.

Participants: The survey consisted of companies with between 2 and 1,000 computers. 1,532 in the United States participated in the survey, and nearly 10,000 in total across the U.S., Europe, Latin America and North America.

The next time you use your credit/debit card at your local Butcher, Baker, or Candlestick Maker, consider carefully the risks involved. It might be prudent to inquire whether the business operates in a twenty first century security environment.

Yes, I know, you might see this as an overreaction – but it’s hardly that. Unless we, as consumers, force the issue, many SMBs will continue to operate with their heads up their in the cloud – unfortunately, not in the security cloud.

I’ll tell you a little secret – I never use my credit, or debit card, when transacting business with a small local merchant. It’s not the small monetary loss that concerns me, since the card issuer sets my liability limit at $50. Instead, it’s the more critical information that can be stolen and used in identity theft.

About Panda Security;

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology.

For more information, visit Panda US.

A PDF version of the full report is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Free Anti-malware Software, Interconnectivity, Malware Advisories, Panda Security, Point of View, Windows Tips and Tools

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

4 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools

Cell Phone Fraud – Protect Yourself from Vishing

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting your PII as a scam.

Never click on embedded email or cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

You can read more on this issue at the Internet Crime Complaint Center.

2 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Windows Tips and Tools

Internet/Cell Phone Fraud – Vishing, Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

  • Consider every email, telephone call, or text message requesting your PII as a scam
  • Never click on embedded email or cell phone links
  • When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

3 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Privacy, Uncategorized, Windows Tips and Tools

Visa Credit Card Scam – Don’t Be a Victim!

The more things change the more things remain the same, right? Well perhaps not always, but when it comes to Internet credit card fraud that definitely seems to be the case.

In 2003 cyber criminals ran an Internet scam that preyed on Visa credit card holders that used scam e-mail in conjunction with a specially designed Web site to gather both customer account numbers, personal identification numbers and other personal information. It has since been estimated that 5 percent of recipients responded to this scam e-mail – an incredible number.

Just this past week, I reported on this Blog on an email scam that involves MasterCard. In this scam an email link redirects to a site that looks very similar to MasterCard’s site. Those who fall victim to this scam are persuaded to input their credit card and other personal information. Carole Theriault, a senior security consultant at Sophos, a leading developer and vendor of security software and hardware, has pointed out that the average person would have difficulty in determining that this fraudulent site is not the authentic MasterCard site.

Well, here we go again. Now comes additional news from Sophos of a new Visa credit card scam in which Visa’s Verified by Visa website has been fraudulently replicated. Similar to the MasterCard scam, this one relies on the victim being persuaded to provide credit card details including their Visa card number, security ID, ATM pin number, Social Security Number, mother’s maiden name, full address, and phone number.

The information obtained would then allow criminals to make fraudulent charges, or use the victim’s credentials on online services, such as eBay, Amazon and others, with little risk of being caught.

A number of Internet security experts have told me this morning that this phishing scam is not designed particularly well, and that various aspects of the scam should raise potential victims’ suspicions. On the other hand, in my view any scam that alerts 95% of potential victims to fraudulent activity but still manages to trick 5% of its target audience is an unqualified success by any measure.

In this escalating battle with cyber criminals there are ways to protect your money and identity, but in the end we all need to use a little common sense.


Follow the tips below to protect yourself against these and other threats.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.

Share this post :

9 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Safe Surfing, Windows Tips and Tools

Protect Yourself – MasterCard SecureCode Phishing Attack!


Phishing can be defined simply as the act of tricking people into revealing sensitive or private information. It relies for its success on the premise that asking a large number of people for this information, will always fool at least some of those people.

Most of this activity is automated, and the targets are, as stated earlier, large numbers of Internet users. So phishing is considered an opportunistic attack, rather than the targeting of a specific person.

In a phishing attack, the attacker creates a situation where people are convinced that they are dealing with an authorized party; in this case MasterCard.

As described by MasterCard, SecureCode is a secure method for payment at thousands of online stores which uses a private code known only to the customer and the bank. Using this system offers protection against unauthorized card use online, at participating online retailers.

According to Carole Theriault, a senior security consultant at Sophos, a leading developer and vendor of security software and hardware, “MasterCard has been very successful in positioning SecureCode as the answer to online fraud.

However security experts, including Sophos, are now warning of an email phishing scam that attempts to entice MasterCard customers to signup for this service with a promise of discounts on future purchases.

The email link redirects to a site that looks very similar to the MasterCard site, where the cyber crooks then persuade the victim to input their credit card information. Sophos’ Theriault makes the point that “to the undiscerning eye, it’s almost impossible to tell this isn’t the real MasterCard site.”

The information obtained would then allow criminals to make fraudulent charges, or use the victim’s credentials on online services, such as eBay, Amazon and others, with little risk of being caught.

There are ways to protect your money and identity from preying cyber criminals but in the end, we all need to use a little common sense – if it seems too good to be true, it probably is.

Follow the tips below to protect yourself against these and other threats.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, scan your computer with a second-opinion security solution, like NanoScan.

Elsewhere in this Blog you can download freeware anti-malware solutions that provide excellent overall security protection. Click here.

Share this post :

5 Comments

Filed under Anti-Malware Tools, Email, Freeware, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools