FBI reminds you to be wary of online fraud this holiday season

from http://www.fbi.gov/news/news_blog/holiday-shopping-tips

In advance of the holiday season, the FBI’s Internet Crime Complaint Center reminds shoppers to beware of cyber criminals and their aggressive and creative ways to steal money and personal information.

Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, sale of fraudulent or stolen gift cards through auction sites at discounted prices, and phishing e-mails advertising brand name merchandise for bargain prices or e-mails promoting the sale of merchandise that ends up being a counterfeit product.

Here are some tips you can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the web address link you are directed to and determine if they match.
  • Log on directly to the official Web site for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
  • If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively.


Latest Infosec Controversy Highlights the Real Issue: We are Getting Hacked.

This blog post was inspired by You Dirty, Shady RAT, a feature article at infosecurity-magazine.com which contains a very thorough accounting of the threat and the pursuing industry controversy.

In August, a McAfee analyst detailed Operation Shady RAT, a hacking operation that targeted more than 70 organizations across at least 14 nations.

Infographic: Industries affected by Shady RAT

Researcher Dmitri Alperovitch characterizes the operation as commonplace, not unusual at all.  ”This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing,” he wrote.

Eugene Kaspersky, founder and CEO of the extremely capable Kaspersky Labs, criticized the disclosure by McAfee.  He characterizes the malware behind Shady RAT as a “lame piece of homebrew code that could have been written by a beginner.”
Read More »

How to speed up a PC that has lost it’s pep.

Being the personal IT professional for about 30 family members, many friends and of course my clients, I get a lot of calls asking for advice.  ”You know computers, right?”  Yes, computers I know.  The primary complaint I hear is that the machine has just lost it’s former pep. “You know, it just seems slower.”

Here a few tips to try regain that spring in your PC’s step.  Perform the following suggestions at your own risk, but if you follow the directions carefully, you should be ok.

The actions we take depend on the exact symptoms, but if the machine is usable we usually follow variations of the procedures below….  When the machine is unusable, extremely slow, we usually do the same type of stuff, but in a different order, booting into safe mode for some of them, etc.  Sometimes, we completely reinstall the operating system.

These directions are specifically for Windows XP.  Other flavors have slight differences.  You can usually figure it out or just google what you are trying to do with windows vista home or whatever you are using at the end… let me know in comments and I’ll try and help.

Read More »

Do Criminals have your ATM Card number and PIN? Skimming is big business in Dallas and Austin.

I recently read “Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground”(Google Books Preview, Library, Amazon), a well-written and exciting read about the dark and festering hacker subculture boiling beneath the surface of the world wide internet.   Author Kevin Poulsen is an ex-hacker and is very well tuned in to what is happening in the criminal wing of the public network. I think we all realize that the internet is a hotbed of criminal activity, but Kingpin shows step by step how ‘carding’ or the use of the internet for the trafficing of stolen credit card information, happens on an unimaginable scale.  For anyone who has an interest in how the criminals pull off the credit card fraud we hear about in the media, I highly recommend picking up this book.  I also recommend the blog ThreatLevel at wired.com, of which he is co-founder and a frequent contributor.

There are a multitude of ways the internet makes us personally vulnerable to criminal activity.  I have covered these issues in many posts previously, summarized at the end of this post.

The internet, however,  is not the only way the criminals can get our account details – and sometimes they use techniques that are plain old school, doing it the old fashioned way – with new technology twists. Read More »

What version of TLS are your servers using?

Is infection a reality?
A new hacking tool called BEAST cracks TLS 1.0/ SSL in under 10 minutes.

The attack is very specific and the attacker needs access to the network, however most servers are using version 1.0 of TLS required for the crack to work.

Read More »

Do you know what Phone Phishing (or Vishing) is? Beware of the Debit Card Vishing Scam!

Many of the electronic fraud schemes in use today are plays on scams that have been around for years, way before the internet and some even before phones. Updated to use today’s technology, the fraudsters use new innovations to trick their victims.

The technology may be new, but the scams still play upon the same age-old weakness in human nature: our trust. Read More »

HIPAA Auditor Involved in Own Data Breach

Data leaks out of every hole possible.  It happens electronically.  It happens physically.  It happens to firms that understand all the issues and should have better safeguards in place: HIPAA Auditor Involved in Own Data Breach.

Don’t let it happen to you!

International Cybercrime Ring Targets Android

Who’s writing all these apps anyway?  Well, criminals are writing some of them and getting them on the Android Market!  Once installed, the app described here forwards your SMS messages to a remote server via HTTP POST requests.

Next breach victim: citibank.


Researcher finds new security flaws in SCADA PLC systems, decides not to expose them at TakeDownCon.

In a blog post today at nsslabs.com, NSS CEO Rick Moy lauded the infosec acumen of researcher Dillon Beresford, saying “In the course of his research, significant additional vulnerabilities in industrial control systems have been identified, responsibly disclosed and validated by affected parties.”


Read More »