Archive for November, 2009

Identity theft in the UK is rising at an alarming rate. A study has shown that “60,000 cases of impersonation related to criminal activity have been reported in the 9 months to date of this year, a huge increase of around 35% from the same period last year.”

The hardest hit areas are London and Birmingham.

Britons are understandably worried about being affected by identity theft but it doesn’t appear that they realize what they can do to protect themselves. A recent study showed that more than 80% of Britons are concerned about becoming victims of the crime, but a fifth of them continue to do their internet banking from public computers.

Even more surprising, however, is the fact that 80% of businesses admitted to not having a secure way of destroying sensitive legal documents. That’s taking a huge risk with personal information!

The National Identity Fraud Prevention Week has been launched by the Metropolitan Police in the UK in an effort to help raise awareness about the seriousness of the crime. Hopefully, this will help Britons realize how risky some of their choices are while informing them on how to protect themselves.

Holiday season is quickly approaching and many people will be traveling to visit family and friends.  Whether it’s a cross-country road trip or a flight, this is also a risky time to be traveling with a laptop, since it’s busier than usual and theft is more common.  Therefore, if you’re planning to travel with your computer, it might be a good idea to review some suggestions for keeping your machine safe.

In-flight Tips

Avoid storing your laptop in the overhead compartment, close and put away your laptop if you leave your seat and during service times (to avoid having a drink accidentally spilled on your computer), try to keep your laptop within your own seating area and don’t angle it into the aisle which makes it vulnerable to being knocked to the ground or stolen.

International Travel

Before you leave home, back up all your data before and  remove any private information, including anything that might be considered espionage or adult in nature, since your laptop could be searched by Customs. And be prepared to decrypt any encrypted files. Another option is to keep files on a service that you can access remotely, like Google Docs, so you don’t have to keep any information on your computer. Also, bring your receipt if your laptop is new and remember to bring a voltage adapter. 

Install LoJack for Laptops or Computrace

Since you cannot predict or prevent every scenario, it’s best to make sure that your laptop is protected with a good software.  Read the article Absolute Recovers Laptop After Flight Attendant Loses It En Route to get a better idea of how useful LoJack for Laptops and Computrace can be in the unfortunate event that you lose your laptop.

For more great tips, read any of the following articles:

Hackers are always trying to find flaws that they can exploit to get to your personal information. Therefore, the experts need to always be a step ahead when it comes to finding and identifying any weaknesses.

PhoneFactor, a phone security firm, discovered a problem with the SSL (Secure Sockets Layer) protocol that protects mail servers and e-commerce sites from attacks. They tried to prevent the discovery from becoming public while they worked with the Industry Consortium for Advancement of Security on the Internet (ICASI) to fix the issue, but an engineer posted the details online last week after discovering the flaw independently. He apparently was looking for help with fixing the problem but, unfortunately, only made it worse and forced ICASI and PhoneFactor to address the issue publicly.

This is an example of someone trying to do the right thing but, as a result of their poor judgment, the personal information of millions of people could be at risk. While it is true that consumers must trust that the experts are watching out for their safety, it’s also important to make sure that we take the basic precautions to protect ourselves on an individual level.

The Fast Track to Unemployment

A Pennsylvania company noticed a hole in their laptop inventory, prompting them to report a theft to police and Absolute. The Absolute Theft Recovery Team had no problems identifying the stolen laptop’s unauthorized user– a familiar name to the victim company. It seems that a long-time staff member felt he was owed a little extra compensation, and so helped himself to a company computer. As a police visit to his residence revealed, the laptop was not the only company ‘gift’ he heisted – in a stash resembling the company’s supply closet, the man had also taken a number of monitors, handhelds and other electronic goodies.

This laptop (which, along with the other items, has since been returned to the company) is now better known as a ‘parting gift’, as, needless to say, the suspect is now a former employee.

Proving Laptops Get Stolen Just About Everywhere

This laptop was stolen out of a Michigan church. Absolute identified the laptop’s new location soon after– a residence just a stone’s throw away from the churchyard. Police visited the residence the following weekend, resulting in a group of adolescents facing some serious scrutiny…The laptop has since been returned to the church.

Have Laptop, Will Travel

A recent residential burglary left one of Absolute’s New York customer sans laptop. The next day, Absolute was able to pinpoint the stolen machine’s location to a nearby neighborhood, although soon after, the laptop had jumped to a bordering state. Within days of this move, the laptop began connecting to the Absolute Monitoring Center from the opposite coast – its last stop before travelling to Korea.

Meanwhile, Absolute collected information on the laptop’s unauthorized user, and passed this over to police. As further investigation revealed, the unauthorized user had purchased the stolen machine on eBay before heading to Korea on business. A little coaxing from police resulted in the laptop being shipped back to New York to be reunited with its rightful owner.

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

Whenever a new version of Windows comes out, I usually avoid buying from that first batch, since there always seems to be glitches to work out.  It appears that Windows 7 is no exception since it was shown to be vulnerable to 8 of the 10 “freshest” viruses circulating around the internet.

SophosLabs used a copy of Windows 7 on a clean machine that was configured to follow system defaults without loading any anti-virus software.  Of the 10 viruses that they introduced to the machine, 2 would not operate correctly under the newest version of Windows. So that leaves 8 that you need to protect against.

Their article basically reinforced the warning that, even though many are heralding Windows 7 as being better than Vista, it doesn’t mean that you can throw caution to the wind and don’t need anti-virus software. 

But this research raises the question: should Windows 7 be able to protect you from the newest viruses fresh out of the box?

I recently wrote an article about the available patches for Windows 7 which could be helpful if you’ve recently updated your software.

image:Microsoft

Most Recoveries by One Officer
Location: CA, USA
Scenario: Working alongside Absolute to track and recover stolen laptops, a California officer recently made his 277th recovery of a Computrace equipped machine.

In a rather dramatic recovery, Absolute identified an adolescent as this laptop’s unauthorized user, and so the officer visited the boy’s house to discuss the matter with his father. The father was not home at the time, although the officer was advised that he would be arriving soon. And he did – although fled upon seeing police. The officer then visited the boy’s school, where the father reappeared – this time to frantically direct his son into the car before fleeing again. Talk about suspicious…

A determined officer was able to track the father down – a parolee, as it turns out – and recover the stolen machine. We expect this officer will reach the 300 recoveries mark soon – great work!

Quickest Recovery
Location: BC, Canada
Scenario: An auto theft left a BC customer without a laptop – but not for long. The computer came online the next day, allowing it to send valuable user and location information to the Absolute Monitoring Center. The Absolute Theft Recovery Team was able to positively identify the machine’s unauthorized user and whereabouts, and passed this information to police. Just 8 days later, police were able to recover the machine and return it to its rightful owner.

Least Believable Story
Location: CA, USA
Scenario: After a laptop was stolen from a school district’s office, Absolute was quick to identify its unauthorized user, who, of little coincidence, was employed by said district. Police followed up with the suspect by phone, only to have her adamantly deny having any laptop in her possession. Absolute’s evidence contradicted these claims however, spurring police to visit the suspect’s residence. Again, she denied any knowledge of the case, but was then presented with the evidence. Suddenly, her story changed.

This time, she actually did have the laptop in her possession – though it was not stolen, of course. A friend had found it, she alleged, in a trashcan. Conveniently, the power cord also happened to be in the same trashcan, making for a great find. Needless to say, police did not buy the story and charges will be laid. The laptop was recovered and returned – marking the 49th Computrace-equipped computer that the involved officer has recovered. 

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

Cell phones are used for a lot more than making calls these days.  We listen to music, keep track of our schedules and, of course, surf the internet using mobile browsers.  Naturally, criminals see this as an opportunity to tap into our personal information.

An article published by CBC demonstrated how risky it can be to hand out our cell phone numbers without considering the ramifications.

Cell phone numbers are being used as identification on some websites and, in some circumstances, is almost as good as a credit card. 

Canadians are reporting that they’ve been tricked into signing up for high-priced text message services that cost as much as $5 per text simply by entering the phone number when using games and quizzes.

David Fewer, the director of the Canadian Internet Policy and Public Interest Clinic drove the point home.  “We give out our cellphone numbers willy-nilly. This is information that is not treated with particular sensitivity,” said Fewer.  “I don’t think most cellphone users think that their wireless service provider is going to act as a middle man [in these premium texting schemes],” said Fewer.

In Europe they are already using cell phone numbers to pay for things like parking and restaurant bills, so it’s only a matter of time before we see that in Canada.  Sites such as MobileGivings.ca even allow Canadians to donate to charities using their cell phone numbers, and I can see how that could easily be exploited.

As Marc Choma, a spokesman for the Canadian Wireless Telecommunications Association, put it, “your cell number is really a personal piece of information and your cellphone is more than a phone.  It’s a computer in your hand.”

image: Amazon

It’s almost unbelievable but hackers have found a way to steal personal information through electrical outlets.  It sounds implausible to many but, unfortunately, the threat is actually real.

I read an article about how hackers have found a way to “steal information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected.”

How is that possible?  Typing on a regular keyboard sends an electrical signal through the unshielded cable to the computer which then leaks the information into the ground wire on the computer’s power supply.  All a thief has to do is set up in a nearby location and use a power socket in order to detect and grab the information in the ground leakage.  This is possible up to 15 meters away.

I never would have thought this sort of thing was possible but that’s why hackers are so good at what they do – they find ingenious ways to get other people’s vital information.  If only they used those skills to do something good for the world…like find a solution to this problem.

It seems like it’s getting harder and harder for spam filters to differentiate between true spam and regular emails.  There are times when legitimate emails get flagged while malicious content slips through the cracks.  As such, consumers might need to adopt some habits to ensure that they can spot scams without relying on their filters.

Switched.com created a list of 10 Ways to Spot an E-mail Scam and I thought it would be good to discuss some of their suggestions (click here to read their whole article).  The site also has an article about the top email scams which, although things are always evolving, is definitely worth reading.

The first and most important warning sign is the request for personal information.  If someone is asking for your log-in or bank account number, it’s probably not safe to reply.  I have never had a legitimate business ask me for important information through email so make sure you verify the source of the email before you reply.

Look out for multiple typos, generic greetings (“hello friend”), red-flag phrases (”verify your account” and “you have won the lottery,” etc…), wordless emails, attachments from unfamiliar senders and outdated information. 

You should also be suspicious of surveys and market research that require you to log in to your account to fill out forms or enter a contest.

And if it does look like a legitamite email and there’s a link to log into your account, be safe and type in the url for the website you want to log in to. If it turns out to be a spoof, you at least know that you didn’t click a link that could have been hijacked.

Again, trust your gut instincts.  If something doesn’t feel right, it’s better to investigate than to be duped into sharing personal information. 

image: Flickr/B Rosen

Informed and vigilant consumers have probably gone through a number of steps to protect their personal information by becoming familiar with the common threats.

Phishers try to collect “usernames, passwords and credit card data by posing as a legitimate, trusted party.” Almost everyone can relate to getting an email from a trusted email address (perhaps, an online banking or social networking site) asking users to confirm their login information.

Most security software and browsers will alert users of the fact that a site contains potentially harmful or malicious content, which has prompted these criminals to come up with a new approach – fake antivirus products. We recently wrote about how this manifested on the New York Times website, which is an indication of how common the problem is becoming.

Another tactic being used is the fake “online chat” option promising customer service assistance over the internet. Criminals posing as real customer service representatives have been duping people into divulging personal information by saying that they are using it to confirm the account holder’s identity.

PC World offered some great tips for staying safe in today’s ever-changing online world. Among the suggestions are using strong browser, malware-resistant platforms including Mac OS and Linux, using anti-malware software, and ensuring that your software is up-to-date.

Of course, it’s important to trust your instincts. If something doesn’t feel right, err on the side of caution.

image: Flickr/Creative Commons