Exids IT Solutions

“War driving”… Making the transition from “online CyberCrime” to “onsite CyberCrime”

I’ve been ranting for some time now about how the world of online security has taken a dramatic turn for the worse, but what about other means of stealing identities and information?

I was reading this article today and started thinking about how much easier it is for cyber crooks to get away with different types of crimes with the advent of wireless networks.  The article describes how a child porn hacker used a group of students wireless internet connection for downloading child porn.

These types of incidents are bad for everyone – individuals and businesses.  War Driving has become wildly popular amongst hackers these days – so popular that websites on war driving have begun springing up all over the place.  WarDriving.com provides resources on how to secure your wireless networks, and how hackers can exploit wireless networks.

As more and more people go wireless, war driving is bound to become another major security threat – Especially since recent research shows that over 50% of all wireless networks being used by consumers are vulnerable to hackers and thieves. 

Many people simply don’t understand how wireless works and make the assumption that their network is secure immediately after it has been installed.  For more information on how to keep your wireless network secure, please visit http://www.getwirelesssecure.org/

Popularity: 1% [?]

…How Phishing Works: An example of an email phishing scam from Chase Bank

As promised yesterday, I have uploaded my video with an example of a real life phishing scam that explains exactly how an email phishing scam works.  Click here to watch it now!

I received this phishing email in my Hotmail account which is weird since these types of emails are usually caught. The email appeared to be from support@chase.com.  When I opened it I recognized that it was a phishing scam that was enticing me to update my account information with chaseonline because I, or someone else had tried to access my account 3 times unsuccessfully.

This video explores the three elements of bait a phishing scam uses and how CyberCriminals end up walking away with all of your personal and financial information with the simple click of a button.

I have written more information on phishing here if you would like to read it, or you could check out the tips section of the PCsecurutySecrets website to see how to avoid phishing scams.

Popularity: 1% [?]

…eBay scams and scammers can be identified before it’s too late

I’m sure some of you have been victim of an eBay unpaid item scam, or at least heard of such an incident.  This is where you sell an item on eBay to someone and they never pay you; they seem to disappear off the face of the earth.  The good thing about this scam is that you can usually re-list for free and it doesn’t cost you anything.

But what happens when you buy something on eBay and you think something fishy is going on?

I friend asked me the other night about what she should do about an auction she won on eBay for a $1200 laptop.  This was one of her first times buying something that cost this much and she didn’t want to become another eBay / PayPal fraud statistic.

I asked her a bit about who she was buying the laptop from and we determined that the seller would have to be crazy to try to rip her off.  I started thinking about this conversation and realized that there are probably quite a few people out there asking the same types of questions so I created this list of tips on how to avoid eBay / PayPal fraud:

1. Try buying from sellers with a lot of feedback that have high positive feedback ratings. 
2. Look into the seller’s sales history to see if they have had positive feedback on similar items to what you are purchasing.  Some sellers will “disclaim” themselves from knowing anything about the product which can be bad if you are sold a defective product.  Buying for sellers with a history in the product category ensures they know what they are selling.
3. Check to see how much they have sold previous items on auction for.  If they have sold fairly expensive items, and they have good feedback on the transactions then you can feel more confident you are dealing with a legitimate seller.
4. Find out the ratings of people who have purchased from the seller.  If the purchasers have large number of feedbacks, and a high positive feedback rating you can assume these individuals also have a lot to lose by dealing with untrustworthy sellers.
5. See if the seller is verified in PayPal before sending them money.  If they are serious sellers on eBay, they should have a PayPal account, even if they don’t use it for processing transactions.
6. Use credit cards for payments.  eBay / PayPal fraud comes in many different flavors and using a credit card ensures that your credit card company will pick up the tab if you are ripped off or scammed.  If the seller refuses to accept a credit card or PayPal, tell them you will pay the fees (if that is what they are worried about).  If they still refuse investigate why – if PayPal has closed their account there might be a reason.

Sign up for the PCsecuritysecrets Newsletter  for more information on eBay PayPal fraud, and how to identify eBay scams and scammers before it’s too late

Popularity: 1% [?]

…Google patches it quickly

A 14 year old has discovered a flaw in the Gmail email service that has caused a bit of a stir in the security community yesterday.  He discovered this flaw by sending an email from his yahoo account to his Gmail account with a piece of JavaScript code in the subject line. 

He states in his blog ”Apparently JavaScript will run if it is within the preview of the message,”.  This would mean that if you put the code into the subject line or the first few lines of the body of the email the code would run because the code was “visible” in message preview mode. 

He elaborates further by stating that this problem does not occur when a message is constructed and sent from one Gmail account to another because Gmail filters out the code when you send the message.

Google confirmed the flaw in an email to security companies shortly after the flaw was patched – approximately 3 hours after the blog posting went up.

Popularity: 1% [?]

..March annouced as “Fraud Prevention Month” by the FTC

The FTC met today to officially launch March as “Fraud Prevention Month”.

Fraud Prevention Month if a combined effort internationally to create awareness of the dangers of fraud and how to recognize and deal with it.

It’s great to finally see that many different federal governments recognize that the issue of fraud is so much more than a local, isolated problem.  The days of collecting credit card slips from dumpsters are becoming obsolete due to the sheer numbers of people shopping online – criminals are now turning to devious new methods to gather information.

Cybercrime, internet fraud, and cyber fraud numbers have been climbing dramatically as more and more people connect their PC’s to the internet.  It’s just a matter of time before we see credit card companies making individuals more responsible for their actions.  Because of this, I encourage everyone to be proactive in knowing about the latest scams and fraud technologies criminals are using, it’s the only sure fire way to avoid being a victim of fraud. Read the rest of this entry »

Popularity: 1% [?]

…But will they catch anything - at all? 

AOL has announced today that they have filed suit against 3 different identity theft rings, pursuing damages totaling over 18 Million dollars against the notorious “phishers”.

The suits were filed in Virginia under a new “Anti-Phishing” law implemented last July.  Apparently, the lawsuits also have reference to federal law pertaining to trademark and antispam rules.

The Anti-Phishing Working Group has claimed to have found more than 50,000 phishing sites in 2005, which is being used by AOL to re-enforce the need to bring down phishers before the problem gets any worse.

Filing suit against these groups and tracking them down us quite different.  It’s not known where exactly all of these groups reside; it has been suggested that they may consists of members in the US and reaching as far as Germany and Romania.

Is this attempt to “catch” these phishers just a waste of time?  In many security experts, the answer differs.  Some believe that while the perpetrators may not be captured, the act of filing such a high profile suit may make individuals partaking in phishing scams think twice.  On the other hand, it could drive the industry further underground, forcing criminals to devise much more complex and devious methods of stealing personal information.

For more information on what phishing is, please read this post about Phishing and how to avoid it.

Popularity: 1% [?]

…And what you can do to keep your computer safe

Here’s a post you should take to heart; especially if you are reading this on Windows computer in Internet Explorer.

The few years of my life I have been up to my knees wading through 0′s and 1′s in people’s computers looking for suspicious processes, process modules, handles, hooks, hidden API’s, Alternate data Streams and all the other geeky areas I may find bits of code designed to run amuck in your system with intentions unbeknown to many users. I am going to share a few spyware facts, and what you can do to keep clean and secure.

I’m talking about Malware (AKA viruses, spyware, adware, trojans, worms). Just so there isn’t any confusion of what I am ranting about, “malware” is a general term to describe all the aforementioned software – it is malicious software; therefore the term: “MALWARE”.

It has become painfully obvious that we are fighting a losing war against individuals and corporations that are hell bent on gathering information about everyone last one of us. One of the reasons adware and spyware is so prevalent is because adware and spyware are designed to collect information about where we visit, what we click on, and what we search for to construct media campaigns that maximize advertisers spending. Of course, this is only one reason why someone would want to infect your system.

I intend to give you some tips on how to stay clean, but before I do I want to share some troubling information about spyware and malware facts: Read the rest of this entry »

Popularity: 1% [?]

PC users are the “weakest link” in computer security

IBM has recently suggested that PC users are the weakest link in the security chain in its Security Threats and Attack Trends Report for 2005.

Ironically, this has happened from the fact that computer systems have become more secure, queuing criminals and fraud experts to bypass security in other ways.

Computer Email Scams: Hook, line and sinker

This brings to mind tactics like Phishing, where an individual masquerades as a trustworthy person and sends you an email with a link to click.  This link is supposed to take you to their website, and for all intents that is exactly what it appears to do.  The thing about these computer email scams is that you aren’t taken to the site you think you should be taken to – instead, you are taken to a “clone” site. But the site looks real, perhaps because you have been there before – so you enter in all the personal information that it requires to update, or login to your profile.

What just happened is that you have submitted ALL of that sensitive information to someone, somewhere in the world that is now collecting it and preparing to use it fraudulently. This computer email scam is a very quick method of gathering information, and is usually much more profitable than installing spyware on a computer if the information is used effectively.Watch what you click.  If you click a link in an email, and it takes you to a page requesting personal information, think twice.  Any financial institution, government, or online business should not provide you with a link to update personal information.

What’s the current email scam on the internet that is the most popular?

Two of the most popular phishing scams are for Chase bank online phishing, and Paypal.  These companies will not ask you to update information in an email.  Avoid becoming a victim by learning to identify phishing emails and knowing how to defeat phishing.

So what should you do when you receive a suspicious link?

The answer is simpler than you think.  Type the web address into your web browser manually to get to the web site in question.  This is the only method to beat phishing, and ensures that you are directed to the legitimate company’s website.  There are also other things you can do to help become a victim of phishing, but the method of typing in web addresses manually is currently the only fail safe method. Read the rest of this entry »

Popularity: 1% [?]