Tag Archives: Identity theft

  • 0

Beware of Good Ole Scammer Claus

Category:Information Security,Infosec Communicator,Internet Safety,Privacy,Risk Tags : 

I’m sharing the contents of an advisory I sent out to the RIT community regarding holiday scams and phishing attempts. I think you’ll find the information helpful.

scammer-clausBeware of Good Ole Scammer Claus!

As we head towards our holiday break, remember that there are many scammers trying to trick you into revealing credit card numbers and other Private information–information that can be used for Identity Theft. As part of their attempts, we’re seeing an increase in phishing attempts–some disguised as delivery confirmations.

Follow these guidelines to help ensure your Private information (and your money) stays secure on the Internet.

Use a Secure Computer

Use Strong Passwords

  • Use a strong, unique password or passphrase where allowed. See our How to Create a Strong Password brochure for tips on choosing strong passwords.
  • Take advantage of any additional security features offered by your bank.

 Be alert for phishing and scams

  • Never respond to an e-mail requesting that you reply with your login information. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.
  • Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Research the Company and Website

  • Investigate any  retailer you are considering using. How trustworthy are they?
  • Check the company’s privacy policy.
  • Check for negative reviews using a search engine.
  • If you’re shopping at an auction site, check out the seller’s feedback.

Make Sure the Website Uses Encryption

  • The address bar should begin with https (not just “http”) and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Monitor Your Accounts

  • Keep track of all your purchases and account history from start to finish and beyond.
  • Save copies of your orders and receipts, as well as e-mail confirmations and product descriptions.
  • Follow up on your purchases by monitoring your bank account and credit card statements for any unauthorized transactions.
  • You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Problems and Complaints

Identity Theft

Online Shopping Complaints

Additional Links

Have a good (safe) holiday!

Enhanced by Zemanta

  • 3

Avoiding Phishing

Category:Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : 

phishing

What’s the easiest way to break into a computer account?

Cracking the password? Putting a trojan on the computer? Hacking? Unfortunately, it’s simply tricking you into giving up your password through a technique known as phishing.

Computers have vulnerabilities that can be exploited by attackers using different types of malware. However, your attacker is as likely to come after you through “social engineering” as they are through malware. Just as our computers have vulnerabilities, we too are susceptible to attack!

Social Engineering Attacks

Social engineering attacks are attempts to trick you into revealing private information. Successful attacks may result in identity theft and loss of funds. Social engineering attacks take a number of different forms, including phishing attempts, work at home scams, and Nigerian 419 schemes. Attackers often take advantage of current events, such as the tsunami that hit Japan.

Phishing

This article deals with one type of online scam—phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and web sites are designed to capture personal information, such as bank account passwords, social security numbers and credit card numbers. Losses to phishing attempts are estimated to be as high as $500M every year.

How Phishing Works

  1. Phishers send out millions of emails disguised as official correspondence from a financial institution, e-tailer, ISP, etc.
  2. You receive the phishing attempt in your email.
  3. After opening the email, you click on the link to access your financial account.
  4. Clicking on the link takes you to a web site that looks just like a legitimate site.
  5. At this point, you enter your account and password information, which is captured by the person who sent out the phishing attempt.

Phishing emails used to be easy to recognize because of their poor spelling and grammar. Now, phishing emails are often indistinguishable from official correspondence. Anyone can put together a phishing attack using resources (or kits) purchased on the Internet.

Practice Safe Computing

Safe computing practices are the best defense against phishing. Here are a few safety tips:

  • Never click on links directly from an email. Type the address into the address bar or go to the institution’s web site and navigate to the correct location.
  • Use File/Properties to find out which website you’re really on. You can check the properties from the file menu or by right-clicking on the web page and selecting Properties.
  • Look for the proper symbol to indicate you’re on a secure web site. Secure web sites use a technique called SSL (Secure Socket Layer) that ensures the connection between you and the web site is private. This is indicated by “https://” instead of “https://” at the beginning of the address AND by a padlock icon which must be found either at the right end of the address bar or in the bottom right-hand corner of your browser window. A padlock appearing anywhere else on the page does not represent a secure site.

Browser Helpers and other Software Solutions

Although avoiding phishing attempts is typically a matter of following safe practices, there are a number of browser helpers available to help warn you of suspicious web sites. Browser helpers normally work as another toolbar in your browser. Use one or more for your protection:

  • The Netcraft Toolbar displays information about a web site including whether it is a new site (typical of phishing) and which country hosts it. If you’re visiting a United States banking site and the Netcraft Toolbar displays a Russian flag, you’re probably at a phishing site. The Netcraft Toolbar also works like a neighborhood watch community, blocking access to member-reported phishing sites.
  • McAfee Site Advisor adds icons to your search results indicating the relative safety of sites you’re visiting.
  • Internet Explorer and Firefox also provide limited protection by denying access to many known phishing sites. Firefox and Chrome integrate Google Safe Browsing technology.
Enhanced by Zemanta

Site Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,762 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner