Tag Archives: financial

Will The Epsilon Data Breach Affect You? Don’t Be Surprised!

imageThe damage yet to be realized from the Epsilon Data Management breach, in which 250 million consumers names and e-mail addresses were compromised, has the potential to be staggering.

With 2500 client customer databases residing on their servers, Epsilon likes to characterize itself as the world’s premier email marketing service. Since they are responsible for over 40 billion (generally unwanted) emails annually, I tend to characterize Epsilon less favorably.

To this point, all of the companies involved in this breach (and the list is growing daily), are aggressively making the point that customer financial and confidential information, remains secure – and, has not been stolen. However, in a cover their ass move, many of the affected companies slip in a caveat – “based on everything we know”, or words to that effect.

Now, if one fell off the turnip wagon yesterday, that response might seem acceptable, or even encouraging. Personally, I’ll be guided by what experience has taught me in relation to situations such as this; and that is – there’s a very good chance that what we’re  seeing today, is no more than the tip of the iceberg.

In the short term we can expect the following:

The incidence of targeted spam (since names, addresses, and most importantly, company affiliations are available), is sure to rise dramatically;  with a corresponding increase in malware laden email.

Based on the same information accessibility, spam phishing attempts will move up the list of cybercriminals’ preferred scams. Unfortunately, the success ratio is likely to increase dramatically.

Long term impact has yet to be determined with any accuracy – but, since the type of companies impacted by this breach tend to operates in the Twilight Zone when it comes to safeguarding their customers privacy, heightened vigilance on the Internet, particularly not responding to unsolicited emails, takes on a new urgency if you are one of those who has had previous, or current dealings, with any of the affected companies.

Quick questions: Why wasn’t this enormously sensitive customer information encrypted? Have things gone so far, that we need to legislate common sense?

Internet security provider Kaspersky, has put together a list of the companies impacted by Epsilon’s data breach which is worth reviewing – if you’re unsure of a relationship with an affected company.

From Kaspersky Lab’s Threat Post:

The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour.

Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.

There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. Here is a list of companies known to have been affected so far: List of Companies Hit By Epsilon Breach.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, Online Safety, spam, Windows Tips and Tools

I’ve Got 10 Kilos Of GOLD I Want To Share With You!

image My Australian friend Rod, a security developer executive, regularly forwards copies of scam emails that his company detects, through their various Internet  resources.

I’m very appreciative that Rod takes the time to do this, since it keeps me in the loop at the company level on email scams and malware threats. And,  it gives me a chance to LMAO – some of these emails are outrageously funny.

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails similar to the one below, recently forwarded by Rod – this one is particularly ridiculous. But, that’s the point in using it as an illustrative example.

Anyone with an email address is bound to be bombarded with this type of scam email (including the misspellings, lack of punctuation, incorrect grammatical usage, etc.).

How are you doing sir/madam? My name is Mr. Twum a 25 year old man, please dont be surprise i got your email from yahoo. i have 10kilogram of AU RAW GOLD, i got this Gold as a beneficiary from my parent as their only son . i dont know much about Gold so i am here looking for someone who can lecture me on how i can sell the Gold and how much it worth at the market.

please note that i have all legal documentation from my late dad before he passed away and on one of the documents, It is said the specification of the gold is,

QUALITY : 22+Carat with a minimum

PURITY : 96% Or Better

Origin : Ghana.

And i am ready to send sample to you to test and see if it is Gold as i can read clearly.

if you so interested. have a nice day and enjoy your day

hope to hear from you soon

Opening this type of email is definitely not recommended (despite the humor), since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers, being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money and your identity. As well, they can be designed to install various types of malware  that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the type of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click.

Despite every warning under the sun, there are people who will open this type of email. And, in that group, there will be people who will respond. If you’re having trouble believing this – believe it. If this type of scam didn’t show results, we wouldn’t have to deal with them on a constant basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Online Safety, spam, Windows Tips and Tools

Spam is a Pain in the Ass!

The following statistic bears repeating – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

Botnets or not, personally, I don’t really care where the spam comes from – it’s a major pain in the ass!

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily spam going to my long established accounts.

Generally, the spam aimed at my older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in.

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration.

The following graphic (this is only one day), clearly illustrates just how pervasive this type of phishing Spam is. Most of this spam has the following in common: notification that the reader has won a huge sums of money, or that they will have access to a huge sums of money but only after a payment of  hundreds of dollars.

Spam is pain in the ass

Click for larger.

As well, in almost every case the spammer requests the following type of personal information:

Your name

Your current address

Your phone number – both land line and cell

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not?

In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience. Without a doubt, there are some people, somewhere, who will respond to this nonsense.

Opening this type of email is definitely not recommended since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files and emails that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click on unsolicited emails.

Not clicking will ensure your safety and that these email will remain nothing more than a pain in the ass.

2 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, Interconnectivity, internet scams, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools

You Won $1,230,310! Still Believe in Fairy Tales?

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails just like this. Anyone with an email address is bound to be bombarded with this type of scam email.

Spam Lottery

(Click graphic to view larger)

Opening this type of email is definitely not recommended since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, (Wikipedia), rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money. As well, they can be designed to install various types of malware on your computer that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on but I think the message here is clear. Think carefully before you click.

Minimum Security Precautions:

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you are unsure of you current security software, then checkout “Need Free Security Programs? – 10 Of The Best!” on this site.

4 Comments

Filed under Don't Get Hacked, Email, email scams, Freeware, Interconnectivity, internet scams, Malware Advisories, Online Safety, Phishing, System Security, trojans, Viruses, Windows Tips and Tools, worms

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

4 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools

Is It You in This Video? – You Don’t Want to Find Out!

If you receive an email that asks you “is it you in this video?”, and you’re curious – go ahead and click. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – your probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

As is usual with malicious emails, (and this is a malicious email), clicking on the embedded link will begin the process of infecting your computer with malware, which could put at risk, your financial and other confidential information, not to mention your computer and its operating system.

Scam emails like this are designed, and crafted, to seek out financial information on your computer that can be used to steal your money, or they can be designed to install various types of malware on your computer that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none to successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on but I think the message here is clear. Think carefully before you click.

As I have pointed out in the past (I’m sure regular readers of this Blog must be tired of seeing this), the following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.

As an addition to your existing malware applications, download and install ThreatFire 3 (provided free by PC Tools), which blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. This is one of the security applications that forms part of my front line defenses. I have found it to have a high success rate at blocking mal-ware based on analysis of behavior.

In addition:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you are unsure of you current security software, then checkout “Need Free Security Programs? – 10 Of The Best!” on this site.

2 Comments

Filed under Browser add-ons, Email, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Safety, Internet Safety Tools, internet scams, Malware Advisories, Online Safety, Phishing, Safe Surfing, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

Greetings! – Another Email Banking Scam

There is a good chance that this morning you received an email that stated in part, “Greetings! Yesterday I received a message from your bank with your account statement”.

Now after your heart started beating again, how long did it take you to realize that this email was just one more, in a long line of such emails you are forced to deal with on a regular basis.

Scam emails like this may have several purposes; they can be crafted to trick you into revealing financial information that can be used to steal your money, or they can be designed to install various types of malware on your computer.

“Greetings!

Yesterday I received a message from your bank with your account statement.

I don’t need problems with the police because of your bank’s error!!!

Please contact your bank and ask them to not mistakenly send me your personal data to me.

For the proof of my non-participation in obtaining your personal data, I am attaching the copy of the message containing your account statement which I had received via e-mail!!!!

You must print the copy of the message and pass it on to the bank, so that they wouldn’t mistakenly send me your personal bank account data.

Message contains attachments

BANK_DETAILS.zip (52KB)”

This particular email contains the Banker Trojan, X.Trojan.Win32 as part of the attachment, which according to the ThreatExpert website, contains characteristics of an identified security risk which can:

Communicate with a remote SMTP server and send out email.

Download/request other files from Internet

Modify system settings that may have negative impact on overall system security

Create a startup registry entry

Contains characteristics of an identified security risk

Now while you may be aware of this type of Internet scam, I can assure you that a sufficiently large number of people are not. Scams such as this rely on the principal, that exposing a large number of people to this type of scam email, will always deceive at least some of those people.

Although it may be true that the Internet has the potential for safe, and secure, financial transactions, safe banking online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

Despite all the publicity concerning inpenetrateable system security, we have learned, much to our detriment, that no such inpenetrateable systems exist. The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance), has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Never click on embedded cell phone links.

Keep your computer protected. Install a security solution and keep it up-to-date.

Don’t use:

A password you use for any other service.

Your name or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

Discover one way these cyber-crooks obtain your email address in the first place. Read SEND THIS E-MAIL TO EVERYONE YOU KNOW! by TechPaul.

Elsewhere on this site there are additional articles dealing with other current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

5 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Banking, Online Safety, Phishing, Safe Surfing, Spyware - Adware Protection, trojans, Viruses, Windows Tips and Tools

Cell Phone Fraud – Protect Yourself from Vishing

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting your PII as a scam.

Never click on embedded email or cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

You can read more on this issue at the Internet Crime Complaint Center.

2 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Windows Tips and Tools

Internet/Cell Phone Fraud – Vishing, Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

  • Consider every email, telephone call, or text message requesting your PII as a scam
  • Never click on embedded email or cell phone links
  • When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

3 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Privacy, Uncategorized, Windows Tips and Tools

Online Banking Security – Be Safe – Know the Rules!

As use of the Internet continues to expand, banks and other financial institutions are using the Internet to offer products and services, or otherwise enhance communications with consumers.

The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices; decisions that will help you avoid costly surprises, or scams.

You are your own best protection. So learn about and take advantage of security features offered by your financial institution.

Some examples:

Encryption is the process of scrambling private information to prevent unauthorized access. To show that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

· Never leave your computer unattended once you have signed in to online banking.

· After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.

· Keep your password and card number safe.

· Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information.

· Do not save your bank card number or password on a publicly accessed computer.

· If using a public access computer such as an Internet café or public library, change your password after completing your session by calling your bank’s telephone banking number.

· When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

Don’t use:

· A password you use for any other service.

· Your name or a close relative’s name.

· Your birth date, telephone number or address, or those of a close relative.

· Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. Giving your password answers to another person or company places your finances and privacy at risk.

4 Comments

Filed under Encryption, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Privacy, Windows Tips and Tools