Group items tagged

Beware of web sites offering free money Iain Thomson in San Francisco vnunet.com, 04 Mar 2009 The Federal Trade Commission (FTC) is warning of a rash of online scams offering payouts under the economic stimulus plan passed by Congress. Businesses and individuals are being targeted by the scammers using web sites and emails, the organisation warned. Recipients are typically offered 'grants' from the government, and must either surrender bank details to get the funds or make a small payment. Advertisement"Web sites may advertise that they can help you get money from the stimulus fund. Many use deceptive names or images of president Obama and vice president Biden to suggest that they are legitimate. They are not," said Eileen Harrington, acting director of the FTC's Bureau of Consumer Protection. "Don't fall for it. If you do, you'll get scammed." Several variants have also been discovered that use malware to steal important data. These include pages that purport to offer links to sites that show how to get the federal funds. The pages are loaded with malware that can penetrate an improperly patched browser. "Consumers who may already have fallen for these scams should carefully check their credit card bills for unauthorised charges, and report the scam to the FTC," said Harrington.

Two things to remember as you prepare to file your taxes: If you get an e-mail from the IRS, it's probably a scam. And don't forget the stamp. As the April 15 tax filing date nears, online tax-related scams tend to ratchet up, experts say. If you're not careful, you could lose a lot more than just the refund. "Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, and that your computer is free from any malware. If any of these components are compromised then your data is not safe," Ryan Barnett, director of application security research for Breach Security, said on Friday. "This would be like going to an ATM machine to withdraw money and allowing everyone around you to see your PIN number as you punch it in," he added. Not only do people have to take precautions in storing and transmitting their data over the Internet, but they also have to be wary of social engineering-type ruses that scammers use to trick people into giving out their sensitive data. Probably the most common type of tax season scam is the fake IRS phishing e-mail. These e-mails will either claim to be a tax refund or an offer to help file for a refund, settle tax debt, or other aid. (Not long ago, scammers were offering economic stimulus payments, even before the plan was approved.) They will provide a link to a Web site where the visitor is prompted to type in personal data like a Social Security number. Don't trust it, experts say.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Congrats on your inheritance! Okay, you knew that one's the start of a scam. Here are other come-ons you'll encounter when criminals come knocking. What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks (See: Social Engineering: Eight Common Tactics). Here we look at some of the most common lines these people are using to fool their victims.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

"UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained "temporary access to emails containing their personal information" as a result of a late September phishing scam. The breach occurred about three months ago, and was investigated in mid-October, but wasn't disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF's news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed. UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers. UCSF's Enterprise Information Security unit subsequently identified the breach and disabled the compromised password. UCSF says it conducted an investigation and in mid-October determined that emails in the physician's account ─ including some containing demographic and clinical information and, in a few cases, Social Security numbers ─ may have been exposed."

The PCI DSS standard was released back in December 2004 and was quickly hailed as one of the most important private-industry data security standards ever developed. Over the past few years, however, amid a steady stream of news about breaches and thefts, the PCI DSS standards has been roundly criticized. At a congressional hearing this month, one congresswoman said, "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure." Many would agree. A case in point noted by Network World: The breach at Hannaford Brothers, where hackers installed malware on the grocery store chain's internal servers to seize card numbers as they were swiped by customers. Hannaford was certified a PCI DSS-compliant company as the scam was in progress. Heartland Payment Systems, before its scam broke in the news, was also certified compliant by Visa. Visa defends the standard as a way to minimize theft if properly implemented, and you certainly can't blame PCI DSS entirely for recent thefts. For all we know, there would have been many more if not for the standard. Still, the general view is that the PCI DSS standard has become overly complex and has done little thus far to stop fraud, as fraud artists get sophisticated technologically.

It is hard work looking for a job, Matt Sawyer said. "Well with the economy being down right now, it's pretty hard," said Sawyer. Like most job hunters, Matt is posting his resume on various online job sites. But you have to be careful when sending out your personal information over the Internet, privacy expert Pam Dixon said. "The problem is, if you don't use it correctly, it can come back to haunt you," she said. Dixon runs the World Privacy Forum and warns job hunters to be cautious with their personal information when posting their resume. "In fact any competent job site will give you the option of hiding your personal information," said Dixon. Scam artists have been known to steal personal information from resumes and use it to apply for credit. That is why Dixon said you should only include your first initial and last name, no full names, when writing your resume. She also said not to include your phone number or address. Dixon said you should create an email address that is temporary and just use it for your job search. Dixon said scam artist will even call people from their resume and ask for detailed information like a copy of their driver's license or social security number or even their credit card information. The scammers will claim it's for a background check but it's only to steal from the job seeker. Matt admits if he was approached for a job he might give away too much information. "I think when people first get that call and they're real excited about it, they might just jump into it and go ahead and do it," he said.

The latest phishing scam on Facebook has raised the question yet again as to whether the social networking site is dropping the ball on security measures and properly responding to privacy complaints. Facebook faced consumer fraud charges was investigated by New York Attorney General Andrew Cuomo in 2007 for allegedly responding too slowly to user complaints about harassment, pornography, or nudity from the social networking site. As a result, Facebook agreed to settlement requirement requiring it to respond to such complaints within 24 hours. But in a recent string of phishing attacks in which hackers have broken into a user's Facebook account and hit up his or her friends for money with the online chat tool, pretending to be stranded or robbed, a complaint has emerged that the privacy team at Facebook hasn't responded to users in a timely manner. Mark Neely, a Sydney-based management consultant, became aware that his Facebook account was hacked when friends called him to see if he was all right - the hacker had contacted them via Facebook chat saying that Neely had been robbed at gunpoint in London and would need them to wire him money so he could return to Australia. Neely says he filled out two online complaint forms and e-mailed the privacy team at Facebook, but it took them more than 40 hours to respond to him. In the meantime, his friends continued to call him about being contacted by the hacker. Facebook spokesman Barry Schnitt disputes Neely's figure, saying it only took 30 hours to respond. "In this case, we have restored access to the account to the rightful owner, are identifying the means by which the account was compromised (likely malware), and building in technical protections in the Facebook system to address this particular type of scheme," Schnitt said

Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet. Web Privacy Protect yourself and your data online by choosing a secure Web browser, understanding the dos and don'ts of wireless security, and correctly managing passwords.

Fraud on the Internet reported to U.S. authorities increased by 33 percent last year, rising for the first time in three years, and is surging this year as the recession deepens, federal authorities said on Monday. Internet fraud losses reported in the United States reached a record high $264.6 million in 2008, according to a report released on Monday from the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center. Online scams originating from across the globe -- mostly from the United States, Canada, Britain, Nigeria and China -- are gathering steam this year with a nearly 50 percent increase in complaints reported to U.S. authorities in March alone. "2009 is shaping up to be a very busy year in terms of cyber-crime," the report's author, John Kane, told reporters in a telephone briefing. Last year's losses compared with $239.1 million in 2007 and dwarfs the $18 million of losses of 2001.

Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street. In addition to his passion for teaching people about social engineering cons, Brushwood is also a touring magician who frequently performs on college campuses and has appeared on the Tonight Show. He first became interested in social engineering years ago as a means to enhance his performance and pull off secret moves successfully. Brushwood said his understanding and use of the term social engineering goes beyond the security industry perception. "When I use the phrase, I am actually talking about an older version of it. Social engineering just basically means the application of social science to the solution of social problems," he said. "In other words, it's getting people to do what you want by using certain sociological principles."

"Today, the Federal Trade Commission opened new areas of a "virtual mall" with content that will help kids learn to protect their privacy, spot frauds and scams, and avoid identity theft. The FTC Web site, www.ftc.gov/YouAreHere, introduces key consumer and business concepts and helps youngsters understand their role in the marketplace. The FTC is the nation's consumer protection agency. "YouAreHere presents practical lessons about money and business in a fun and familiar setting," said David Vladeck, Director of the FTC's Bureau of Consumer Protection. "The new content takes kids behind the scenes to raise their awareness of advertising and marketing, pricing and competition, fraud and identity theft. At the FTC's online mall, visitors play games, watch short animated films, and interact with customers and store owners. They can design and print advertisements for a shoe store, investigate suspicious claims in ads and sales pitches, learn to identify the catches behind bogus modeling schemes and vacation offers, and guess the retail prices of various candies based on their supply, demand, and production costs. At the Security Plaza, visitors can build a social networking page and see the unintended consequences of posting personal information. They also get tips on how to keep their computers safe while they're online. In the arcade, visitors can play Info Defender 3 and protect Earthlings from Cyclorian invaders who would steal their identities. The game teaches the importance of protecting personal information, including Social Security numbers. For parents and teachers, the site offers detailed fact sheets with ideas for related activities. Teachers can use the site to complement lessons in consumer economics, government, social studies, language arts, and critical thinking. The National Council for Economic Education has developed a lesson plan that prominently features YouAreHere; it is available on the Parents and Teachers page. "

IT directors are adding multiple layers of protection to their networks and constantly upgrade those measures to adjust for new threats. Is this good? Is the Internet too broken to fix? Is there a better path to enterprise network security? One option is a new "gated community" Internet, where users give up their freedoms and anonymity for safety. My initiation to the Internet and the World Wide Web occurred in 1994 in a large meeting room at an Atlanta hotel. Most of the 100 or so seats were empty. Those in attendance seemed fairly rabid about this new network and took exception to one speaker's prediction that the Web would become a major marketing vehicle. "Not gonna happen," said one attendee. "We'll spam them into submission if they try. We won't let this become commercialized." I kind of chuckled to myself. Those early adopters were mainly concerned with protecting the Internet from commercialization and marketing. Security was not even part of the discussion. Now, it is threatening to dismantle the Internet as a communication and commerce tool. Cyber attacks on U.S. government computer networks increased a reported 40 percent in 2008, according to data from the U.S. Computer Emergency Readiness Team. More than 100 million credit card accounts at Heartland Payment Systems were compromised last year. In November, the Pentagon suffered from a cyber attack in the form of a global virus or worm that spread rapidly throughout a number of military networks, and caused the agency to ban the use of external storage devices, such as flash drives and DVDs. And this is just the tip of the Internet security Relevant Products/Services iceberg. Enterprise networks are being used to launch phishing Relevant Products/Services and other Internet scams, such as the Conficker worm that infected 12 million computers late last year. IT directors everywhere are adding multiple layers of protection to their networks and constantly having to upgrade those measures to adjust fo

Social media is on the rise, and so are the privacy and security risks. Is it time to dial back on the whole Web 2.0 'friend' thing? The social media honeymoon is officially over. While it may not yet be time to fly to Reno for a quickie divorce, you might want to start thinking about sleeping in separate bedrooms for a while. Example du jour: Over the weekend, a rogue application spread across Facebook, warning users about bogus errors in their profiles. Clicking on the "Error Check System" app causes it to send false warnings to your entire FB posse, per the unofficial AllFacebook blog. There doesn't seem to be any payload associated with that app besides driving traffic, but the potential for abuse is obvious. But a bigger problem on social nets is an old familiar one: spam. So far, spam only accounts for about 5 to 25 percent of all e-mail passed on social networks, versus 90 percent of regular e-mail, says Adam O'Donnell, director of emerging tech for Cloudmark, which filters spam for some large social nets (but won't identify which ones). As more people start tweeting about what their cats ate for lunch and share their Facebook profiles with near-total strangers, though, that number will only grow. The type of spam on social networks is different too, says O'Donnell. Think fewer fake Viagra come-ons, more social engineering scams. In other words, the junk you get on social networks is more likely to be aimed at stealing your credentials or your identity -- and thus much more dangerous than garden-variety spam.

" One of the biggest security risks that companies face is employees who fall victim to phishing e-mails, which can lead to stolen log-in credentials and virus infections. SocialPET is a simple Web-based testing tool that lets businesses run their own phishing tests to find out which employees understand security procedures and which are at risk to falling prey to real phishing scams. "