From an article titled "ATM Fraud Gets Even More Brazen"
by Karen Blumenthal, November 27, 2010
Fraud involving debit cards and personal-identification numbers is on the rise as criminals go where the cash is—even targeting banks' own automated teller machines.
Techniques such as "skimming," in which criminals capture card information and personal-identification numbers, have existed for years, often on a small scale. Though the dollar losses still are relatively modest, organized gangs now are pulling off more-sophisticated attacks.
They also are targeting bigger players: Whereas most of the fraud in previous years took place at independent ATMs or at retail points of sale, fraud at bank-owned ATMs made up more than 80% of the breaches in the first six months of this year, says Fair Isaac, which provides fraud-detection software.
Europe, which has faced a bigger problem than the U.S., saw card-skimming ATM attacks jump 24% in the first six months of this year, to 5,743, the largest six-month number since data-gathering began in 2004, according to the European ATM Security Team, a nonprofit group. (Losses from skimming fell 8%, to €144 million, or $197 million.)
Attacks on retailers continue to climb as well. Last month, supermarket chain Aldi said it had discovered that payment terminals in major U.S. cities in 11 states had been altered to allow the skimming of card numbers, cardholder names and PINs between June 1 and Aug. 31 this year.
Avivah Litan, fraud analyst at Gartner, a research firm, estimates that fraud involving debit cards, PINs and point-of-sale equipment has surged 400% over the past five years. One tactic, she says, has been "flash attacks": Using the stolen information, gangs create thousands of counterfeit debit cards and then dispatch cronies to at least 100 ATM machines in several cities at once. Each withdraws a small dollar amount from several accounts to avoid fraud-detection software, adding up to tens of thousands of dollars in losses.
Until recently, skimming equipment was relatively crude and clunky, attached to card-readers with double-stick foam tape and relying on small cameras to record hands punching in PINs. Newer devices include equipment that fits inside card readers, pinhead-sized cameras and well-crafted attachments that sit snugly on top of ATM card readers and PIN pads, looking just like the real equipment. Bluetooth technology allows the fake card reader and PIN pad to talk to each other, and data drives or wireless technology can make downloading of stolen information quick and easy.
Given such clever engineering, consumers may not be able to tell that a machine has been compromised. Banks may not know either: Fair Isaac says that perpetrators of such fraud often place skimmers on outdoor ATMs on Saturday mornings and remove them before the bank opens Monday. The data is typically passed to crooks in another country within hours.
Better technologies are available: Canada and several European countries, among others, have adopted so-called chip-and-PIN debit cards, with chips built into the card, adding a layer of protection. But American banks and retailers have resisted adopting the technology because it is expensive to replace cards, ATMs and point-of-sale machines.
The chip-and-PIN technology isn't foolproof, and experts say U.S. banks and retailers may instead leapfrog that technology, possibly by using the capabilities of smartphones to verify transactions or to actually make the transactions instead of using a card.
Given scammers' growing sophistication, consumers are at a disadvantage. But there are some steps you can take—beyond becoming an expert in equipment design and appearance—to avoid the traps or lessen the impact if your information is stolen:
• The simplest protection, says the American Bankers Association, is to get in the habit of covering up your hand when you enter your PIN so that a camera can't record what you are typing.
• Use an indoor ATM. Because they are less isolated, indoor ATMs are less likely to be tampered with than outdoor machines.
• Use your PIN sparingly at retailers, and choose the signature option—or a credit card—instead, Ms. Litan says.
• If you don't have time to check your bank account regularly, set up email or text alerts to send you balances weekly or, if you are particularly paranoid, daily, so that you will know sooner if something is amiss. Most banks will refund your losses promptly, but you need to report the violation quickly, preferably within two days and no later than 60 days after receiving a statement showing the fraud.
• You should add your bank's and credit card's customer-service numbers to your contacts so you can access them from both your email and cellphone. Having the numbers at hand will eliminate the frustration of trying to find them when you are traveling or at a public computer.
• If your bank suspects fraud, it needs to be able to reach you quickly. Make sure it has your cellphone number as well as your email address and that your other information is up to date. Taking my own advice, I discovered that my bank had home and work phone numbers that were more than a decade out of date.
Sunday, November 28, 2010
Tuesday, November 23, 2010
Internet Security - The 12 Cyber Scams of Christmas
Christmas Season is upon us,...let's not let down our guard. Be safe by being informed.
By Suzanne Choney from msnbc.com November 16, 2010
http://www.msnbc.msn.com/id/40218820/ns/technology_and_science-tech_and_gadgets/
Shoppers looking for holiday bargains are already scouring the Web as well as incoming e-mails and text messages for deals — and cyber criminals are quite busy, too, hoping to lure you in with a deal that seems too good to be true.
"We’re all looking for a great deal online, but some sites offer electronics or luxury goods at prices that are too good to be true," said Alison Southwick of the Better Business Bureau.
"Every holiday season BBB hears from holiday shoppers who paid for a supposedly great deal online, but received nothing in return." (For more tips on shopping safely online, see the BBB's list here.)
Security software company McAfee recently released its "12 Scams of Christmas" list, and offers of "free" iPads — among this year's most coveted tech gadgets — comes in at No. 1.
"With Apple products topping most shopping lists this holiday season, scammers are busy distributing bogus offers for free iPads" via e-mail spam, McAfee said.
In the e-mail, "consumers are asked to purchase other products and provide their credit card number to get the free iPad. Of course, victims never receive the iPad or the other items, just the headache of reporting a stolen credit card number."
Meanwhile, in the Facebook, Twitter or other social media version of the rouse, users are asked to "take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality they are signed up for a cell phone scam that costs $10 a week," McAfee said.
Here's the rest of the company's "12 Scams of Christmas" list:
2. "Help! I’ve Been Robbed" — "This travel scam sends phony distress messages to family and friends requesting that money be wired or transferred so that they can get home."
We and other news organizations have written about this before, especially as an issue on Facebook, where people feel like they trust information that's posted. With so many people traveling during the holiday season, though, it's easy to fall prey to this one.
3. Fake gift cards — Social media (Facebook, Twitter, MySpace as examples) are used by no-goodniks to "promote fake gift card offers with the goal of stealing consumers’ information and money, which is then sold to marketers or used for ID theft," says McAfee.
"One recent Facebook scam offered a 'free $1,000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a lookalike. To apply for the gift card they had to provide personal information and take a series of quizzes."
4. Holiday job offers — Maybe for some, the recession is over, but not for many of us still. Which is why "as people seek extra cash for gifts this holiday season, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your e-mail address, home address and Social Security number to apply for the fake job."
5. "Smishing" — You've heard of phishing? "Smishing" is when a phishing SMS, or text messages, arrives on your cell phone, wanting you to bite.
"These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets," McAfee says.
"Cyber crooks know that people are more vulnerable to this scam during the holiday season when consumers are doing more online shopping and checking bank balances frequently."
6. Suspicious holiday rentals — Many of us are looking to save on that Christmas-y cabin in the mountains or chic vacation apartment in the city of our dreams. "During peak travel times when consumers often look online for affordable holiday rentals, cyber crooks post fake holiday rental sites that ask for down payments on properties by credit card or wire transfer."
7. Recession scams continue — "Scammers target vulnerable consumers with recession related scams such as pay-in-advance credit schemes. McAfee Labs has seen a significant number of spam e-mails advertising pre-qualified, low-interest loans and credit cards if" — that emphasis is mine —"the recipient pays a processing fee, which goes directly into the scammer’s pocket."
8. Grinch-like greetings, involving e-cards — Electronic cards can save paper and postage, but "cyber criminals load fake versions with links to computer viruses and other malware instead of cheer ... Computers may start displaying obscene images, pop-up ads, or even start sending cards to contacts that appear to come from you."
9. Low price traps — Discussed above, as the "too good to be true" deals, which are promoted on some auction sites and fake websites, McAfee says, "with the goal of stealing your money and information."
10. Charity scams — "Common ploys include phone calls and spam e-mails asking you to donate to veterans’ charities, children's causes and relief funds for the latest catastrophe."
11. Dangerous holiday downloads — "Holiday-themed screensavers, jingles and animations are an easy way for scammers to spread viruses and other computer threats especially when links come from an e-mail or IM that appears to be from a friend."
12. Hotel and airport Wi-Fi vulnerabilities — This is an anytime risk with thieves who are savvy enough to hack into public networks being used by hurried travelers. Hacker-thieves can steal credit card numbers, bank accounts and other forms of personal identity; try not to access bank accounts, for example, or give your credit card number online while using public Wi-Fi. It's a good anytime rule — not just for the holidays.
By Suzanne Choney from msnbc.com November 16, 2010
http://www.msnbc.msn.com/id/40218820/ns/technology_and_science-tech_and_gadgets/
Shoppers looking for holiday bargains are already scouring the Web as well as incoming e-mails and text messages for deals — and cyber criminals are quite busy, too, hoping to lure you in with a deal that seems too good to be true.
"We’re all looking for a great deal online, but some sites offer electronics or luxury goods at prices that are too good to be true," said Alison Southwick of the Better Business Bureau.
"Every holiday season BBB hears from holiday shoppers who paid for a supposedly great deal online, but received nothing in return." (For more tips on shopping safely online, see the BBB's list here.)
Security software company McAfee recently released its "12 Scams of Christmas" list, and offers of "free" iPads — among this year's most coveted tech gadgets — comes in at No. 1.
"With Apple products topping most shopping lists this holiday season, scammers are busy distributing bogus offers for free iPads" via e-mail spam, McAfee said.
In the e-mail, "consumers are asked to purchase other products and provide their credit card number to get the free iPad. Of course, victims never receive the iPad or the other items, just the headache of reporting a stolen credit card number."
Meanwhile, in the Facebook, Twitter or other social media version of the rouse, users are asked to "take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality they are signed up for a cell phone scam that costs $10 a week," McAfee said.
Here's the rest of the company's "12 Scams of Christmas" list:
2. "Help! I’ve Been Robbed" — "This travel scam sends phony distress messages to family and friends requesting that money be wired or transferred so that they can get home."
We and other news organizations have written about this before, especially as an issue on Facebook, where people feel like they trust information that's posted. With so many people traveling during the holiday season, though, it's easy to fall prey to this one.
3. Fake gift cards — Social media (Facebook, Twitter, MySpace as examples) are used by no-goodniks to "promote fake gift card offers with the goal of stealing consumers’ information and money, which is then sold to marketers or used for ID theft," says McAfee.
"One recent Facebook scam offered a 'free $1,000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a lookalike. To apply for the gift card they had to provide personal information and take a series of quizzes."
4. Holiday job offers — Maybe for some, the recession is over, but not for many of us still. Which is why "as people seek extra cash for gifts this holiday season, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your e-mail address, home address and Social Security number to apply for the fake job."
5. "Smishing" — You've heard of phishing? "Smishing" is when a phishing SMS, or text messages, arrives on your cell phone, wanting you to bite.
"These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets," McAfee says.
"Cyber crooks know that people are more vulnerable to this scam during the holiday season when consumers are doing more online shopping and checking bank balances frequently."
6. Suspicious holiday rentals — Many of us are looking to save on that Christmas-y cabin in the mountains or chic vacation apartment in the city of our dreams. "During peak travel times when consumers often look online for affordable holiday rentals, cyber crooks post fake holiday rental sites that ask for down payments on properties by credit card or wire transfer."
7. Recession scams continue — "Scammers target vulnerable consumers with recession related scams such as pay-in-advance credit schemes. McAfee Labs has seen a significant number of spam e-mails advertising pre-qualified, low-interest loans and credit cards if" — that emphasis is mine —"the recipient pays a processing fee, which goes directly into the scammer’s pocket."
8. Grinch-like greetings, involving e-cards — Electronic cards can save paper and postage, but "cyber criminals load fake versions with links to computer viruses and other malware instead of cheer ... Computers may start displaying obscene images, pop-up ads, or even start sending cards to contacts that appear to come from you."
9. Low price traps — Discussed above, as the "too good to be true" deals, which are promoted on some auction sites and fake websites, McAfee says, "with the goal of stealing your money and information."
10. Charity scams — "Common ploys include phone calls and spam e-mails asking you to donate to veterans’ charities, children's causes and relief funds for the latest catastrophe."
11. Dangerous holiday downloads — "Holiday-themed screensavers, jingles and animations are an easy way for scammers to spread viruses and other computer threats especially when links come from an e-mail or IM that appears to be from a friend."
12. Hotel and airport Wi-Fi vulnerabilities — This is an anytime risk with thieves who are savvy enough to hack into public networks being used by hurried travelers. Hacker-thieves can steal credit card numbers, bank accounts and other forms of personal identity; try not to access bank accounts, for example, or give your credit card number online while using public Wi-Fi. It's a good anytime rule — not just for the holidays.
Wednesday, November 17, 2010
Internet Security - FEDEX, UPS or USPS E-Mail Virus
It has came to our attention that there is a new e-mal virus making the rounds,...
United Parcel Service, U.S> Postal Service and/or Federal Express E-Mail Virus
With Christmas coming up, I can see where this could be a real problem.
The newest virus circulating is the UPS/Fed Ex Delivery Failure. You will receive an e-mail from UPS/Fed Ex Service along with a packet number. It will say that they were unable to deliver a package sent to you on such-and-such a date. It then asks you to print out the invoice copy attached. DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS!
*Pass this warning on to all your PC operators at work and home.*
This virus has caused Millions of dollars in damage in the past few days.
United Parcel Service, U.S> Postal Service and/or Federal Express E-Mail Virus
With Christmas coming up, I can see where this could be a real problem.
The newest virus circulating is the UPS/Fed Ex Delivery Failure. You will receive an e-mail from UPS/Fed Ex Service along with a packet number. It will say that they were unable to deliver a package sent to you on such-and-such a date. It then asks you to print out the invoice copy attached. DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS!
*Pass this warning on to all your PC operators at work and home.*
This virus has caused Millions of dollars in damage in the past few days.
Subscribe to:
Posts (Atom)