Archive for the ‘Consumer Security Tips’ Category

Identity theft in the UK is rising at an alarming rate. A study has shown that “60,000 cases of impersonation related to criminal activity have been reported in the 9 months to date of this year, a huge increase of around 35% from the same period last year.”

The hardest hit areas are London and Birmingham.

Britons are understandably worried about being affected by identity theft but it doesn’t appear that they realize what they can do to protect themselves. A recent study showed that more than 80% of Britons are concerned about becoming victims of the crime, but a fifth of them continue to do their internet banking from public computers.

Even more surprising, however, is the fact that 80% of businesses admitted to not having a secure way of destroying sensitive legal documents. That’s taking a huge risk with personal information!

The National Identity Fraud Prevention Week has been launched by the Metropolitan Police in the UK in an effort to help raise awareness about the seriousness of the crime. Hopefully, this will help Britons realize how risky some of their choices are while informing them on how to protect themselves.

Whenever a new version of Windows comes out, I usually avoid buying from that first batch, since there always seems to be glitches to work out.  It appears that Windows 7 is no exception since it was shown to be vulnerable to 8 of the 10 “freshest” viruses circulating around the internet.

SophosLabs used a copy of Windows 7 on a clean machine that was configured to follow system defaults without loading any anti-virus software.  Of the 10 viruses that they introduced to the machine, 2 would not operate correctly under the newest version of Windows. So that leaves 8 that you need to protect against.

Their article basically reinforced the warning that, even though many are heralding Windows 7 as being better than Vista, it doesn’t mean that you can throw caution to the wind and don’t need anti-virus software. 

But this research raises the question: should Windows 7 be able to protect you from the newest viruses fresh out of the box?

I recently wrote an article about the available patches for Windows 7 which could be helpful if you’ve recently updated your software.

image:Microsoft

Cell phones are used for a lot more than making calls these days.  We listen to music, keep track of our schedules and, of course, surf the internet using mobile browsers.  Naturally, criminals see this as an opportunity to tap into our personal information.

An article published by CBC demonstrated how risky it can be to hand out our cell phone numbers without considering the ramifications.

Cell phone numbers are being used as identification on some websites and, in some circumstances, is almost as good as a credit card. 

Canadians are reporting that they’ve been tricked into signing up for high-priced text message services that cost as much as $5 per text simply by entering the phone number when using games and quizzes.

David Fewer, the director of the Canadian Internet Policy and Public Interest Clinic drove the point home.  “We give out our cellphone numbers willy-nilly. This is information that is not treated with particular sensitivity,” said Fewer.  “I don’t think most cellphone users think that their wireless service provider is going to act as a middle man [in these premium texting schemes],” said Fewer.

In Europe they are already using cell phone numbers to pay for things like parking and restaurant bills, so it’s only a matter of time before we see that in Canada.  Sites such as MobileGivings.ca even allow Canadians to donate to charities using their cell phone numbers, and I can see how that could easily be exploited.

As Marc Choma, a spokesman for the Canadian Wireless Telecommunications Association, put it, “your cell number is really a personal piece of information and your cellphone is more than a phone.  It’s a computer in your hand.”

image: Amazon

It seems like it’s getting harder and harder for spam filters to differentiate between true spam and regular emails.  There are times when legitimate emails get flagged while malicious content slips through the cracks.  As such, consumers might need to adopt some habits to ensure that they can spot scams without relying on their filters.

Switched.com created a list of 10 Ways to Spot an E-mail Scam and I thought it would be good to discuss some of their suggestions (click here to read their whole article).  The site also has an article about the top email scams which, although things are always evolving, is definitely worth reading.

The first and most important warning sign is the request for personal information.  If someone is asking for your log-in or bank account number, it’s probably not safe to reply.  I have never had a legitimate business ask me for important information through email so make sure you verify the source of the email before you reply.

Look out for multiple typos, generic greetings (“hello friend”), red-flag phrases (”verify your account” and “you have won the lottery,” etc…), wordless emails, attachments from unfamiliar senders and outdated information. 

You should also be suspicious of surveys and market research that require you to log in to your account to fill out forms or enter a contest.

And if it does look like a legitamite email and there’s a link to log into your account, be safe and type in the url for the website you want to log in to. If it turns out to be a spoof, you at least know that you didn’t click a link that could have been hijacked.

Again, trust your gut instincts.  If something doesn’t feel right, it’s better to investigate than to be duped into sharing personal information. 

image: Flickr/B Rosen

Informed and vigilant consumers have probably gone through a number of steps to protect their personal information by becoming familiar with the common threats.

Phishers try to collect “usernames, passwords and credit card data by posing as a legitimate, trusted party.” Almost everyone can relate to getting an email from a trusted email address (perhaps, an online banking or social networking site) asking users to confirm their login information.

Most security software and browsers will alert users of the fact that a site contains potentially harmful or malicious content, which has prompted these criminals to come up with a new approach – fake antivirus products. We recently wrote about how this manifested on the New York Times website, which is an indication of how common the problem is becoming.

Another tactic being used is the fake “online chat” option promising customer service assistance over the internet. Criminals posing as real customer service representatives have been duping people into divulging personal information by saying that they are using it to confirm the account holder’s identity.

PC World offered some great tips for staying safe in today’s ever-changing online world. Among the suggestions are using strong browser, malware-resistant platforms including Mac OS and Linux, using anti-malware software, and ensuring that your software is up-to-date.

Of course, it’s important to trust your instincts. If something doesn’t feel right, err on the side of caution.

image: Flickr/Creative Commons

Windows users who have been unimpressed by the features (and problems) offered by Vista have been rushing out and buying Windows 7.  The reviews, so far, have been largely favourable but, as is the case with any brand-new version of the software, a large number of vulnerabilities were discovered – 34 to be exact.

In order to address the issues, Microsoft released a record number of patches earlier this month, including the first critical update for the program.

Some of the more serious problems included an SMB (Server Message Block) flaw that allowed attackers to remotely take control over the computer.  That’s pretty serious!

Fortunately, the patches were released before the October 22, 2009 release date for consumers (although, some large businesses have been using Windows 7 since this summer).

If you are concerned or are interested in learning more about the patches, there is a great article on CNet News outlining the vulnerabilities and fixes.  Otherwise, Windows 7 users are advised to visit the Microsoft website to ensure that they have the most recent updates.

image: Best Buy

PC World recently wrote a story about Wi-Fi cable modem routers and how a security hole left thousands of Time Warner customers vulnerable to hackers.  Incredibly, the company isn’t responsible for uncovering the problem.

A customer needed help with his Wi-Fi network and asked a friend for help with the configuration.  His friend, David Chen who writes the Chenosaurus blog, was surprised to discover the issue and wrote: “from within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks.  Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.”

That’s a very scary thought!  Most subscribers trust the equipment installed by their service providers and would never imagine that a router they have been given could leave them open to attack.  Time Warner has implemented a temporary patch but prior to Chen’s discovery, administrative access to the routers was allowed and attackers were free to run programs against them.

A permanent fix for the SMC 8014 wireless router and cable modem is expected sometime in the near future.

image: SMC.com

Twitter has become a great way for friends and family to keep in touch throughout the day.  It’s become so popular that even celebrities provide daily updates so that they can keep track of each other and connect with their fans.

As is the case with many social networking sites, predators have been trying to capitalize on the weaknesses associated with using Twitter.  Whether someone has created an account for the sole purpose of befriending potential identity theft victims or the profile just pumps out spam, not everything on the popular site is as it seems (read about how scammers are abusing Twitter).

Twitter has decided to take action by adding a “report as spam” feature which can be found under the “Actions” section of a profile’s sidebar.

Once a user has been reported, Twitter’s Trust and Safety team investigates the situation and makes decisions regarding what action, if any, should be taken.  Users who click the “report as spam” button will automatically have the profile blocked from following or replying to them.

I think this is a step in the right direction and, hopefully, will help deter spammers and scammers from using Twitter as a way of hurting others.  It’s important since cybercrime on social networking sites is on the rise.

We’ve been talking a lot lately about Facebook, particularly as Facebook aims to improve its security and privacy measures. A new article from Switched has laid out 5 common Facebook social engineering scams and how to avoid them. It’s a great primer on how to avoid being duped by any scan.

Aside from never clicking on suspicious or shortened links from friends (unless you expand them first), the article outlines these 5 common scams and how to avoid them:

1. 419 Scams - your friends’ accounts may be hijacked if you receive any message from them claiming to be desperate for cash. Always talk to your friend by some non-web-based means to confirm if they really are in need first!
2. Hidden Fee Apps – You should never have to submit your cell phone number or other personal information in order to unlock features or receive quiz results from any application
3. Fake Login Pages - they may look real, but if you get an email asking you to log into Facebook, make sure you’re actually at Facebook, not following some link (particularly if the link leads to anywhere other than Facebook.com).
4. Malware Links - If you receive messages from friends with links, beware. There is a chance that account has been hijacked and you’re being sent to malicious sites that could then steal any personal info on your computer.
5. Facebook Apps that are Malware – Yes, even the applications themselves can be dangerous! Some may even mimic valid applications, sending you realistic messages such as a notification that someone has left a message on your wall. Like with #3, their goal is to get you to a fake login page. So, look for anything weird in these emails (odd icons, poor grammar, invalid links).

There are many websites featuring this list. For more comprehensive details about these scams and how to avoid them, you can check out PC World. Another variant of the same theme can be found at CSO Online, which also includes tips to avoid Twitter scams.

If you do find yourself a victim of a scam on Facebook, it’s best to alert Facebook administrators with all of the details of the scam.

Almost every internet user has encountered “scareware,” those fake anti-virus warnings that pop up with the intent of scaring people into believing that their computer is at risk of being infected or compromised in some way. 

Often, users are offered some sort of program (for a fee, of course) that will protect their computer from threats.  As if shelling out good money for these scams isn’t bad enough, it’s worsened by the fact that many of these products actually prevent real antivirus programs from operating properly.  In fact, some even block users from being able to access websites and tools that could help them remove the bad program.

Since there are legitimate online virus scanners on the internet, how is it possible to distinguish them from the fake ones?

Typically, you won’t come across a real virus scanner accidentally since they usually require people to agree to a variety of terms and conditions before they are given access to the tool.  Also, if you are a Mac user, a major clue might be that the scanner includes a “My Computer” window or some other pop up that is specific to Windows (for some reason, these scams tend to target PCs more often than Macs). 

There are a number of great resources for more information. 

• Mark Hyslop wrote a more in-depth article about scareware
• ZDnet offers a great guide to scareware protection

Here is a list of some legitimate online scanners:

• TrendMicro’s Housecall
• Kaspersky’s Online Malware Scanner
• F-Secure’s Online Malware Scanner
• ESET’s Online Malware Scanner
• BitDefender’s Online Malware Scanner
• PandaSecurity’s Cloud Antivirus
• McAfee’s Online Malware Scanner
• Rising’s Online Malware Scanner
• Dr. Web’s Online Malware Scanner
• Symantec’s Online Malware Scanner
• CA’s Online Malware Scanner

image: sxc.hu/svilen001