Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Phishing Scams

The Best Gmail Phishing Scam Ever!

If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect. According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for…

Phishing is Getting Fishier

…passwords. Phishing “in the middle” – With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website. Phishing by Pharming – With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site. Phishing leading to a virus – This is probably the worst phish as it…

Top 3 Social Engineering Scams

…ntage of people and “tricking” them into giving information. There are four main ways that hackers use social engineering: Phishing – where hackers use email tricks to get account information Vishing – similar to phishing, but through voice over the phone Impersonation – the act of getting information in person Smishing – getting account info through text messages Phishing accounts for 77 percent of all social engineering…

Be aware of all these Confidence Crimes

…other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms. A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look very much like the typical company e-mail that the real person uses. Example: The thief sends a trick e-mail (phishing) to a company employee he found on LinkedIn, making it…

Phishing attacks Two-Factor Authentication

Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail. How a hacker circumvents two-factor authentication: First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile. Or sends a preliminary phishing e-mail tricking the recipient into revealing login credentials for an…

Phishing Protection 101

Phishing-type e-mails are designed to trick the recipient into either downloading a virus (which then gives the hacker remote control of the computer) or revealing enough information for the thief to open credit cards in the victim’s name, get into their bank account, etc. There are many ways the crook can trick the victim. Here are telltale signs: The message wants you to “verify” or “confirm” your password, username or other sensitive…

Security Appreciation lacking

…dated. Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first—by phone—to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information. Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait….

Look out for Shipping E-mail Phishing Scams

…er even gave their e-mail address to UPS. The last time I sent something via UPS, I don’t even recall being asked for my e-mail address. But people so freely give out their e-mail address, that when they receive one of these phishing e-mails by crooks, they think it’s legitimate. They believe that the attachment is a new shipping label to print out. They even believe the threat that if they don’t use this new label right away, they’ll be charged…

Protect Yourself from Phishing

…ndents reported malware infections, thanks to hasty clicking. However, employees were more careful when the e-mail concerned gift card offers and social media. The report also reveals: 67% were spear phished last year (spear phishing is a targeted phishing attack). E-mails with an employee’s first name had a 19% higher click rate. The industry most duped was telecommunications, with a 24% click rate. Other frequently duped industries were law,…

How to prevent IRS scams

…o claim other people’s refunds as their own. Over 450,000 SSNs were involved, and over 100,000 of them enabled the hackers to access an E-file PIN. Endless scams are directed towards SSNs, like the classic phishing attack. A phishing attack basically goes as follows: An e-mail arrives with an alluring or threatening subject line, which may actually be a warning to protect your SSN. The e-mail looks legitimate, complete with logos and privacy…

How to recycle Old Devices

…ets cut down further when you consider that the device goes to a recycling plant at all vs. a trash can. Thieves pan for gold in dumpsters, seeking out that discarded device. Few people, including those who are very aware of phishing scams and other online tricks by hackers, actually realize the gravity of discarding or reselling devices without wiping them of their data. The delete key and in some cases the “factory reset” setting is worthless….

Phishing works and here’s why

…areness training at companies is lacking. Perhaps the company simply tosses a few hardcopy instructions to employees. Perching them before videos isn’t enough, either. Security awareness training needs to also include staged phishing attacks to see which employees grab the bait and why they did so. With a simulated phishing attack approach, employees will have a much better chance of retaining anything they’ve learned. It’s like teaching a kid…

Beware of Apple ID Phishing Scams

…points, especially after words like “payment.” This e-mail really reeks of rotten phish. Another red flag is that when you hover over the link, you get an unintelligible URL, or one that’s simple not Apple.com Forward Apple phishing links including their headers to reportphishing@apple.com. Unfortunately, many people are ruled by shot-gun emotional reactions and promptly click links inside e-mails. Once they’re taken to a phony website, most…

Finding out which Employees keep clicking on Phishing E-mails

…t just lecture what it is and the different types. Actually have each employee come up with five ways they themselves would use social engineering if they had to play hacker for a day. Once or twice a month, send them staged phishing e-mails and see who bites. But let your employees know that they will receive these random phishing tests. This will keep them on their toes, especially if they know that there will be consequences for making that…

Phishing Scams: Don’t Click that Link!

…r emails from FedEx or UPS requiring you to click a link. This link may be infected. Aside from the ridiculousness of some subject lines (e.g., “You’ve Won!” or “Urgent: Your Account Is in Danger of Being Deactivated”), many phishing e-mails look legitimate. If you receive an e-mail from a company that services you in any way, simply phone them before you click on any link. If you click any of the links you could end up with malware. Watch this…

How to Recognize a Phishing Scam

…ess to security occurs all the time when a person is tricked by a “phishing” e-mail into typing in the password and username for their bank, or it may be the login credentials for their PayPal account or health plan carrier. Phishing e-mails are a favorite scam of cyber criminals. THEY WORK. When a cyber thief goes phishing, he uses a variety of bait to snag his prey. Classic examples are subject lines that are designed to get the recipient to…

Phishing 101: How Not to Get Hooked

…your information. Some scammers are more sophisticated than others and their emails look like the real thing: no typos, perfect grammar, and company logos. The quiz showed ten actual emails to see if all of us could spot the phishing ones. Out of the 19,000 respondents, only 3% correctly identified every email. 80% thought at least one phishing email was legitimate. On average, participants missed one in four fraudulent emails. The biggest issue…

3 Ways We are Tricked into Cyber Attacks

…mpany’s security. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers. To check if a link is going to a phishing site, hover your cursor…

Bank Account depleted, Company sues

…which is why it’s not worth it to sue unless the amount stolen is considerable. Businesses and consumers should: Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails. Stage phishing attacks to see how well everyone learned their security training Retrain those who fell for the staged attacks Make it a rule that more than one person is required to sign off on large…

How to recognize Online Risks

…s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers. One of the most common ways this is done is through phishing. The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait. The bait may be a notice you’ve won a prize; a warning that your…

Watch Out for Tax Scams!

…. Remember, the IRS generally does not send emails, text messages or social media posts to request personal or financial information. If you receive any unsolicited communication that appears to be from the IRS, report it to phishing@irs.gov. Identity Theft. If a cybercriminal gets access to your Social Security number (SSN), they can pose as you and file a tax return under your name, but have the refund sent to them. When you file your tax…

Hacking Humans: How Cybercriminals Trick Their Victims

…. This could be the company CEO, the IRS or the manager of your bank. Providing you with something so that you feel obligated to return the favor. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from…

How your Brain is affected by Phishing Scams

A recent study says that people are more mindful of online safety issues than what experts had previously believed. An article on phys.org says that Nitesh Saxena, PhD, wanted to know what goes on in users’ brains when they come upon malicious websites or malware warnings. Saxena points out that past studies indicated that users’ minds are pretty much blank when it comes to malware signs. Saxena and colleagues used brain imaging (functional…

Protect your Data during Holiday Travel

…yption as stated above. Leave as much personal data behind when you travel. Before embarking on your vacation, make sure that your devices are equipped with comprehensive security software such as antivirus, antispyware, antiphishing and a firewall so that you can have safe online connections. If your device has a virtual private network (VPN), this will encrypt all of your transmissions when you use public Wi-Fi. Hackers will see gibberish and…

What is Pharming?

…obics video. For a lot of kids today, mash-ups are all the rage—whether it’s combining two videos, two songs, or two words. Mash-ups have even caught on in the tech world. The word pharming is actually a mash-up of the words phishing and farming. Phishing is when a hacker uses an email, text, or social media post asking for your personal and financial information. On the other hand, pharming doesn’t require a lure. Instead of fishing for users,…

How to win the War on Phishing

…y says, “Hi there!” and then there’s a link? This is likely an e-mail from the victim’s e-mail account (which the hacker knows how to get into), and the thief copied everyone in the victim’s address book. Recipients of these phishing attacks are 36 percent more likely to fall for the ruse than if the attack comes as a single message from an unfamiliar sender. Fast adaption. Phishing specialists are good at quickly changing their strategies to…

5 Reasons why You will get Hacked

…ll never get hacked” camp. Do you really think it won’t happen to you? If so, it’s: Because you think no phishing e-mail could get past your radar. Just because you can spot a Nigerian scam doesn’t mean you can’t be tricked. Phishing campaigns today are ingenious and sophisticated, and include information about the recipients, fooling them into thinking these e-mails are from their friends or associates. These messages will blend right in with…

Malware and Phishing Warnings in Chrome Browser to be changed by Google

Google normally displays a malware and phishing warning in the Chrome browser. There are plans, though, to alter the display. Currently it’s a white warning against a red background. The new display will be an entirely red page, with a big X at the display’s top. These warnings tell the user that the site they’re about to visit may try to install malware or con you into giving up personal information. The new warning, like the current one,…

Phishing Alert: 8 Tips to protect yourself from Attacks

…rus to your device that will steal your online banking information, then forward it to a remote server, where the thief will obtain it. Very clever. But that ingenuity is contingent on someone being gullible enough to open a phishing e-mail, and then taking that gullibility one step further by clicking on the link to the malicious site. 10 Phishing Alerts An unfamiliar e-mail or sender. If it’s earth-shaking news, you’ll probably be notified in…

6 Ways to remove Junk mail forever

If you’re sick of junk mail, stop putting off putting a stop to it, because you can actually make a difference by implementing the following 6 strategies. Though you won’t be able to completely eliminate junk mail, the following approaches will considerably de-clutter your mail box. Get off marketing lists. This is done by having the Direct Marketing Association contact direct mail companies and instruct them to stop sending you mail. Go to…

10 Ways to protect your Gmail Account

Protecting your Gmail account means you must activate some tools that Google offers, and you must increase your scam savvy intelligence in order to spot phishing scams. If you do both, you can have a very well-protected Gmail account. #1. Google 2 Step Verification. This is the Holy Grail of account security. Not really, but it’s the best they have available. With 2 Step you get a onetime log in code to a secondary device like a mobile phone…

Phishing Alert: 10 Tips To Protect Your Business From Attacks

…ter confidential financial (or personal) data in a form inside the email. A special toolbar, installed in the Web browser, can help protect you from fraudulent sites. The toolbar compares online addresses with those of known phishing sites and will provide a prompt alert before you have a chance to click or give out private information. The latest versions of Chrome, Firefox and Internet Explorer have optional anti-phishing protection. Bank,…

Protecting Your Business’s Data From Organized Crime

…to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns. How Hackers Hack Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come…

Online Tax Time Scams: How to Avoid

…tting phish. The IRS will never contact you via email, text message or social media. Make sure you don’t click on any links or open or download any attachments if you even suspect that the message is fake. Report any time of phishing to phishing@irs.gov. The fake IRS agent: Crooks will pose as IRS agents and contact you by email or phone. They’ll already have a few details about you, probably lifted off your Facebook page, using this information…

How Likely Am I to Be a Victim of Mobile Crime or Data Theft?

…, they also like the Mac. Spam and phishing: Believe it or not, spam volume has decreased to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click. In 2012, nearly all targeted attacks started with a spear phish cast. Botnets:…

Criminals Prefer Pheasting on Phish Over Spam

…of phishing sites found each day, increase by 70% between January and September of 2012. They also found 3-1/2 times more phishing URLs than spam URLs for the first time ever. This means spam is losing favor (and flavor) to phishing as cybercriminals are tossing out wide phish nets. Here’s a graphic that explains how phishing works: There are no depleted phish stocks in the sea of scamming, so to protect yourself from phishing you should: Be…

Protect Yourself from Tax Time Scams

…a phone or email, and are often prepared with a few personal details (most likely garnered from your trash or social media sites), which they use to convince you of their IRS affiliation. If you are suspicious, check the IRS phishing page at IRS.gov/phishing to determine if it is a legitimate IRS notice or letter. Rogue tax preparers. Be careful who you use if you have someone prepare your tax return for you. Some of these return preparers have…

Mobile Security Myths

…ction. If your phone falls into the wrong hands, that gives the person easy access to your accounts. Mobile Myth #3: Phishing is just for PC users. False. In fact, one study showed that mobile users are 3x more vulnerable to phishing scams than PC users. Hackers can use phishing attempts via email (if you access your email via your phone or tablet) but also via text and social media apps. Also, it is much harder to tell if links are “real” in a…

What Threats Are Unique To My Mobile Device?

…ls, which appear to have been sent by a legitimate, trusted organization and request that you click on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.”Once you understand how it works, you are better positioned to recognize SMiShing, and to avoid clicking links within text messages or otherwise responding to such ruses. Premium SMS fraud McAfee…

Credit Card Processors Targeted In Hacker Attacks

…he criminal hacker backdoor access to all the data in the server and provides remote control functionality. Other hacker attacks targeting credit card processors are called “spear phishing”. When an employee receives a spear phishing email and clicks the link, a program beings to download disabling the company’s anti-virus and defeating all network security measures. This is why one must never click links in the body of an email. There are…

Phishing Remains Popular and Effective

…ues to be a successful and widely used as a method of stealing bank credentials and other personal information. Cyber security experts recently reported to the House Financial Services panel that criminals have tweaked their phishing tactics. Until recently, most phishing messages purported to be from a bank. But in the latest versions of this scam, the phony emails claim to be from the National Automated Clearing House Association, the…

Malicious Websites – The Web is a Dangerous Place

…posed to malicious things that can do harm to your computer, mobile device, finances or identity. Websites with bad reputations are influenced by the hosting of malicious software (malware), potentially unwanted programs, or phishing sites. By the end of June 2012, the total number of bad URLs referenced by McAfee Labs™ overtook 36 million! This quarter McAfee recorded an average of 2.7 million new bad URLs per month. Of the new bad-reputation…

Phisher Use Olympic Lottery Scams For Summer Games

…st way to avoid being scammed. Knowing what the bad guys are doing to hook their victims and learning not getting caught is your best protection. Here’s a video that explains what phishing is and how to detect if an email is phishing. You should also be aware of phishing when reading emails on our mobile phone. For more information about mobile phishing, read this. Invest in security software that includes antivirus, anti-spyware anti-phishing

Mobile and Phishing – Why It’s More Dangerous

…hing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for…

Dirty Dozen Tax Scams for 2012

…addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes. Phishing Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial…

Be Aware of Tax Time Scams

…: Phishing scams. If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov. Never respond or click on links within unsolicited emails requesting that you enter personal data or visit a website to update account information, especially from the IRS as they do not send emails out to…

Underground Forums Selling Stolen Credit Cards

…redit cards are bought and sold. Hackers rely on a variety of techniques to obtain credit card data. One such data theft technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on…

75 Million Unique Malware Samples By 2012

…adily from February through August of 2011, but dropped somewhat in September. Bad URLs: Website URLs, domains, subdomains, and particular IP addresses can be “bad” or malicious, either because they are used to host malware, phishing websites, or potentially unwanted programs. Phishing websites: McAfee identified approximately 2,700 phishing URLs per day during the second quarter of 2011, a slight decrease from the same period in 2010, when they…

Phishing Scammers Target Macs

On Christmas Day, 2011, Apple product users were targeted by a major phishing attack. The Mac Security Blog reported, “A vast phishing attack has broken out, beginning on or around Christmas day, with emails being sent with the subject ‘Apple update your Billing Information.’ These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with…

Feast of the 7 Phishes 2011

…raditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used. 1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus. “From: LinkedIn linkedXXX@em.linkedin.com Temporary FDIC insurance coverage news. To obtain…

Protect From Holiday Phishing Shipping Scams

A common holiday shipping phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer. Often the email asks to download a label and the risk there may be downloading a virus. Scammers are sending emails that look like they are coming from the United States Postal Office,…

Think You’re Protected? Think Again!

…Internet by 10%, resulting in loses totaling 38 billion dollars. In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year. By 2010, 54…

How Phishing is Like a Home Invasion

…ve a fraud based email designed to trick you into clicking links and entering your personal information. In some cases when clicking those links you may download a virus. Their intention is to bypass your computers security. Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside or companies you may do business with. The…

Bad News For Banks: Courts Side With Customers

…cking on a link within a phishing email, which appeared to have been sent by Comerica but was in fact sent by a scammer. He then responded to a request for his Comerica account data, despite Comerica’s regular warnings about phishing scams and advice to never provide account information in response to an email. In doing so, the customer offered the scammer immediate online access to his company’s Comerica bank accounts. Naturally, the scammer…

Spear Phishing Leaves a Bloody Wound

…the specific product websites where consumers registered. GlaxoSmithKline provides medications that help victims of HIV and mental health disorders. The possibility of the stolen data being used to target the ill with spear phishing attacks is a major concern. These kinds of breaches will have long-lasting effects on the public. Never disclose personal information or login credentials in response to an unsolicited email. Never click links in an…

Twitter Scam Hooks Thousands

…to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected. Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft. Social media sites could go a long…

Epsilon Breach Will Impact Consumers for Years

…ty for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords. Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing or spear phishing ones. Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel…

Slam Online Scams

…tive, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 out of the districts accounts. #5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link,…

A Good Decade for Cybercrime

…ups that prompt the victim to purchase antivirus software to fix the problem. When victims enter their credit card information, it is stolen and, instead of security software, they wind up downloading malware. Phishing scams Phishing, or trying to trick users into giving up personal information, is one of the most common and persistent online threats. Phishing messages can come in the form of spam emails, spam instant messages, fake friend…

Twitter Crime on the Rise

…by Russian hackers targeting a blogger in the Eastern European country of Georgia. Botnet Controller: One Twitter account produced links pointed to commands to download code that would make users’ computers part of a botnet. Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of…

Criminal Hackers: The Soldiers of the Web Mob

…ration of the Russian and Italian mafias, the Irish mob, the Bandidos, and the Hells Angels. The Anti-Phishing Working Group has noted the success of Avalanche, a particularly large and successful web mob with an emphasis on phishing: “Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche phishing

Spear Phishers Know Your Name

…e. Scammers may even weave in names of your contacts, making the ruse appear that much more legitimate. Knowing how spear phishers operate allows you to understand how to avoid being phished. Never click on links within the body of an email, for any reason. Bypass the links and go directly to the website responsible for the message. Any unsolicited email should be suspect. If you manage employees, test their ability to recognize a phishing

Top 5 Scams to Watch Out For

…more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2, 2010. #5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link,…

Five Ways Identities Are Stolen Online

…knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments. Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish….

Typosquatting for Fun and Profit

…McAfee report, which studied 1.9 million typographical variations of 2,771 of the most trafficked websites.” Last year Scammers created a website imitating Twitter.com called tvvitter that’s t-v-v-itter, cute huh? They sent phishing emails to millions of users, many of whom clicked on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in. When doing a…

Criminal Hackers Create 3 Million Fraudulent Websites Annually

…om, PayPal, HSBC, and the United States Internal Revenue Service. People are typically directed to these scam sites in one of three ways: 1. Often, potential victims end up visiting these spoofed websites via phishing scams. Phishing, of course, occurs when you receive an email that appears to be sent from your bank or other trusted entity, and a link in the email brings you to a website that is designed to steal your login credentials. 2….

iTunes a Platform for Phish Scammers

iTunes users all over the world are being hooked in a possible phishing scam that siphons cash out of their PayPal accounts. Phishing scams, of course, consist of emails that appear to be coming from a legitimate, trusted business. These emails are often designed to trick the victim into revealing login credentials. Once the phishers have access to the account, they begin withdrawing funds. In this case, scammers used victims’ iTunes accounts…

Phishing Scams

Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food

Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait. Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take the bait. A phisher can send thousands of phish emails a day and eventually someone will get hooked. Phishing is a $9 billion business. Unlike the ongoing…

Published Articles

…ATM, Setelah Simjian Menemukannya) JANUARY http://ivan-mybloxx.blogspot.com/2010/01/artikel-atm-1.html http://www.ehrbloggers.com/2010/01/annals-of-security-phishing-scam-at.html (quoted January 2010 Annals of Security: The Phishing Scam at UCSF) http://www.ama-assn.org/amednews/2010/01/25/bil20125.htm (quoted January 2010 Phishing schemes are becoming sneakier in targeting doctors)…

Facebook + Hackers – Privacy = You Lose

I’m as sick of writing about it as you are sick of reading about it. But because Facebook has become a societal juggernaut : a massive inexorable force that seems to crush everything in its way, we need to discuss it because it’s messing with lots of functions of society. We should all now know that whatever you post on Facebook is not private. You may think it is, but it isn’t. Even though you may have gone through all kinds of privacy…

Beware of Facebook Dangers

Robert Siciliano Identity Theft Expert Danger!! How ’ s that for a blog title that screams fear , uncer tainty and doubt! ? Fact is Facebook boast 400 million users and is in so many ways seems out of the control of its founder, and is looking dangerous. This is a company that has grown faster than fast and has a (very intelligent) 20 something CEO just out of puberty calling the shots. It seems the amount they (his Board? CIO? ) let s him run…

Phishers Ties Up Victims Phones, Killing Notification

…hen $82,000-transfer followed two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000. The thieves withdrew the money in New York. Most likely the initial compromise was via a phishing email that he responded to. Once he responded to the phish , the criminals beg an the process of setting up VOIP telephones systems to bombard his telephone lines so he couldn’t answer the phone to receive the…

10 Ways To Prevent Phishing

…ty Theft Expert Robert Siciliano The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖…

Social Media Security: Using Facebook to Steal Company Data

…nefits portal. When he emailed the employees as “human resources,” they were redirected to a Web page, such as https://www.xyzcompany-benefits.com. He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the…

New Facebook Phish Steals Passwords

I got an email from a colleague today: Subject: “My Facebook account got hacked . ” I wonder if you could give me some guidance here – I received the followi ng email from Facebook: ——————————————————————– From: Facebook [ XXXXXX@facebook.com] Sent: Wednesday, March 17, 2010 5:58 AM To: XXXXXXXXXXX…

Fostering Awareness & Improving Security Education

…d no record of the communication or any issues with her account. At the conclusion of the call the bank rep said, “I don’t know why you received this email, your account information is in order.” Click. That night she saw my phishing clip and wondered why the bank never mentioned a single word about phishing. Her bank failed her. They failed to educate her and therefore failed to protect her. She is no longer a client of that bank. The mindset…

Crimeware: Do It Yourself Criminal Hacking

…isticated in marketing their wares and doing it openly online. Just because they sell crimeware, doesn’t mean the software is illegal. It only becomes illegal when it’s used to scam people. The fundamentals of how to prevent phishing are presented here by the Anti Phishing Work Group Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed, you can’t be sure it wasn’t forged or…

10 Ways to Prevent Social Media Scams

…Council, says, “Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy.” MarkMonitor, a company that tracks online threats for its clients, determined that phishing attacks on social networking sites increased by 164% over the past year. And in a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams…

How to Prevent Phishing Scams

…action, contact your bank and all card issuers Ensure that your browser is up to date and security patches applied Always report “phishing” or “spoofed” e-mails to the following groups: forward the email to reportphishing@antiphishing.org forward the email to the Federal Trade Commission at spam@uce.gov forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)…

Operation Phish Phry Nabs 100 Identity Thieves

Identity Theft Expert Robert Siciliano US and Egyptian officials have charged 100 people with orchestrating a phishing scam that robbed a$1.5m from Bank of America and Wells Fargo customers. 53 criminals from CA, NV and NC were named in an indictment. This is the largest ever charged in a cybercrime case. Officials in Egypt nabbed another 47 people. Egyptian criminals phished account numbers and accessed bank accounts. The Egyptians and the US…

Up to 1 Million email Accounts Phished for Identity Theft

…ommon, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be. Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate…

Twitter Phishing Leads to Identity Theft

…Theft Expert Robert Siciliano Twitter phishing is a growing problem and is spreading through a virus. Twitter accounts that have been hacked are spreading a link with a request to click on and download a video. Some Twitter phishing involves Twitter porn. Today Ena Fuentes, who’s definitely a hot little number, started following me on Twitter and wants me to check out her new pics. Problem is Ena is probably controlled by a dude from some…

Carders, Dumps, and Identity Theft

…significant increase in counterfeit fraud. Hackers rely on a variety of techniques to obtain credit card data. One such technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on…

Another Identity Theft Ring Busted

…psmarket and, probably, in chat rooms. “Dumps” is a criminal term for stolen credit cards and “carders” are the scammers who buy and sell them. Kovelin was a criminal hacker who stole victims’ financial information via phishing emails and more than likely used the victims’ own account information against them. Protect yourself: Check your credit card statements often, especially after using an online auction site. Refute unauthorized…

Scams Happen to Smart People Who Do Stupid Things

…#8217;s clothing was able to bilk so many investors. So it looks like we aren’t as savvy as we should be. The root of the problem is the sheer number of scams. There are investment seminars, smoke and mirror charities, phishing emails and even text messages. I got a “phext” (phishing text message) from “r.yahoo.com” that said, “changed secret question, log in to update, or text HELP or to end STOP.”…

Criminal Hackers Clean Out Bank Accounts Using Spear Phishing

…ccounts being completely drained. Criminal hackers waited until Pennsylvania schools administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2. Much of the phishing that occurs today is “spear phishing,” in which the spammers concentrate on a localized target, generally an individual with control over a company’s checkbook. This insidious type of phishing occurs when a…

Debit Cards at Risk for Identity Theft

…purchase. Just be smart. Unless you have been living in a cave, you’ve probably received a phishing email at some point. Criminal hackers, assisted by teams of psychologists and sociologists, are designing and selling phishing kits to one another. They know what makes you tick and they know what will convince you to click on a link. These people are professionals. There used to be a day when phish emails contained obvious misspellings and…

Tweets Link to Identity Theft

…ose you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news…

ATM Fraud Increases Identity Theft Risk

…. If your card sticks, odd looking configurations on the ATM, wires, two sided tape. 2. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking. 3. Don’t reply to phishing or phexting emails. Just hit delete. 4. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere. 5. Make sure your McAfee anti-virus is up to date. 6. Invest in…

Identity Theft Scammers Targeting Online Classifieds

Robert Siciliano identity theft expert Throughout the past week or so, scammers from Nigeria, Belgium and the UK have been coming after me in full force, via Craigslist. Unfortunately, the popular online classifieds website has become a launchpad for criminal activity. Everything from online affinity or advance fee scams to baby killers and the Craigslist killer have hampered the website’s reputation. I use Craigslist to find renters for…

Typosquatting on Twitter and other social networks

…typo two V’s, but it’s certainly a creative ruse by the criminal hackers. This website is currently live. Assuming that your browser is up to date, it should alert you to the fact that Tvviter.com is a suspected phishing site. Tweet.ro is another phishing website, which my up to date browser did not warn me about. Notice that neither web address is hyperlinked here. I would not suggest playing around on these sites. At any time, the…

Phishers Getting Smarter

…but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be. Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Recently, the usernames and passwords for 700 Comcast customers were posted on a document-sharing website, possibly…

Government Agencies Engaging in Criminal Hacking Techniques

Identity Theft Expert Robert Siciliano This article may be a little political. However bad guys are trying to win a cyberwar against us and it’s important to understand what’s being done to protect us. The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s…

Identity Theft Expert; Organized Webmobs Focused on Cyber Crime

…urity patches or anti-virus definitions often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks. The same study shows computer users were hit by 349 billion spam and phishing messages. Many were tricked into giving up personal information. It is common sense not to plug data into an email that appears to be from your bank, asking to update your account. Attacks directed towards mobile…

Identity Theft Expert; Scareware Scares You Into Paying

…; “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value. A report by the Anti-Phishing Working Group, released in March 2009, found 9,287 bogus anti-malware programs in circulation in December 2008 – a rise of 225% since January 2008. That’s simply because the scam works so well. Teams of…

Phishing Attacks Rise Dramatically in 2008

…enough “real-time” to avoid detection. Criminals like real time fast cash. Much of the success of phishers is that they are in fact getting smarter using “flax flux” attacks. *Fast flux is a technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load…

CEO "Identity Theft Expert"?? ID compromised 90 times

The press has recently taken issue with CEO of an identity theft prevention company who has given his SSN out for all the world to see. His identity theft protection service is designed to protect the consumer from identity theft. Because he used the marketing gimmick to drive sales, it has resulted in a never ending battle where identity thieves and others are using his ID to prove a point, that giving out your SSN is never a good idea. His…

Identity Theft Expert and Speaker on Personal Security Reacts to Data Breaches That Have Left More Than 10 million Records Lost in Just One Month

…uter hackers had somehow used log-on and password information to obtain the e-mail addresses of 1.6 million members of Monster.com. Authorities remarked that the bounty from Monster.com represented a bonanza for spammers and phishing rings. An unrelated breach of data at Fidelity National Information Services’ subsidiary, Certegy, put 8.5 million consumer records in the hands of thieves, According to an Aug. 9th report in DM News. Against…

Identity Theft: Phishers May Use Recent College Shootings to Solicit Donations—Identity Theft Expert and Speaker on Personal Security

…rding to the U.S.-CERT warning, the organization “has received reports of an increased number of phishing sites set up in the wake of tragedies and natural disasters.” U.S.-CERT recommended Web visits to the Anti-Phishing Working Group, an organization that tracks and documents known phishing scams. Readers may view Siciliano’s most recent appearance on “FOX News,” during which he provided insight regarding the…

 

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in