Archive for September, 2013

Home Networking Explained

In this 7 part series, CNET editor Dong Ngo explains frequently asked home networking questions and answers about the technology.

Home Networking Explained Series

Part 1 – Basic Terms

Part 2 – Optimizing your WiFi Network

Part 3 – Taking control of your wires

Part 4 – WiFi vs. Internet

Part 5 – Setting up a home router

Part 6 – Keeping your network secure

Part 7 – Power line connections explained

More Ways That Scam Artists Use Technology to Rip People Off

Identity thieves and cyber crooks are getting better at coming up with ways to rip us off. A  Consumer Reports study reveals various ways hackers and crooks are using technology to steal from unsuspecting people. Here are just a few examples:

  • “Win an iPad!” links and cramming. If a pop-up ad lures you with a bid to win a hot new piece of technology, but you must include your cell-phone number to play, think twice! Submitting your bid sends a text message to your cell phone that, whether you respond or not, may authorize an unwanted $9.99 a month subscription to some useless service. The charge gets tacked onto your cell-phone bill, where you’re unlikely to notice it. Instead, guard your cell-phone number like a credit card and demand a refund from your cell provider if you’ve been crammed. Tell your wireless and landline carriers to block all third-party billing to your account, and check previous bills for cramming charges.
  • Social media ploys. Consumer Reports points out that social-media networks are “fertile ground for fakery” especially when it comes to fake apps that claim to let you see who’s checking out your profile. Such messages can be spam in disguise, leading to “bait pages” or a link that collects personal information. According to the study, “don’t reveal personal information online to anyone who initiated contact with you unless your trust is certain. Look for the survey company’s name and go to its website independently by reopening your browser, or call it. Ignore product promos from Facebook friends. Use caution in granting access to your profile. And think before you ‘like’.”
  • Smishing. In this type of fraud, a phony link from a major retailer appears in a text message offering, for instance, a $1,000 gift voucher. The goal? Grabbing your sensitive personal information.
  • Email phishing. These scams look like an email from a legitimate company or person but lure unsuspecting consumers into clicking on malicious links or providing personal information like date of birth or Social Security number. Never click on links in emails from banks, or other financial institutions — go directly to their URL and enter your log-in information from their homepage.
  • Old-fashioned scams. This could be a phone call offering a too-good-to-be-true deal, assuming a fee is paid or sensitive financial information is disclosed.

Thieves have their own research and development departments looking into the latest technologies and figuring out new ways to trick you, and the Internet makes it’s easier to reach and market their schemes to people than ever before.

Which path to Internet banking is safest? Your browser (on any device) or an app on your mobile device?

Most users want easier and more convenient access to their bank accounts, but they are not aware of how safe it is to use a mobile banking app. In reality, banking via a mobile app is the safest way to bank via the Internet, because banks can control the security on an app much easier than through a browser.

When customers use their browser to do their banking, they leave themselves open to malware and man-in-the-middle attacks. As we’ve seen in recent bank breaches, hackers can gain valuable information about users’ bank login credentials, even their two-factor authentication credentials in some cases, by keylogging and stepping in between a user and his or her bank’s website. Even when a bank has strong security, if users’ computers are infected with malware or a virus, they may be vulnerable to attack. This same threat is also possible on mobile browsers.

Mobile apps, on the other hand, provide a direct link from the device to the bank, without having to go through any software such as a browser or third-party application. This means banks have much better control over the security and connection of customer interactions. Because these apps are built specifically for a particular bank and its customers, the bank can provide a secure connection using SSL encryption and two-factor authentication that meets the institution’s unique needs.

A consumer may ask: “What if someone gets a hold of my phone? Can’t they then access my account?” Even if someone is able to obtain a customer’s phone, they will still be required to put in a username and password, and if available, provide a second factor of authentication, in order to gain access to the accounts.

According to the Federal Reserve, only about 20 percent of mobile phone users have used mobile banking applications in the past year. Yet most major financial institutions have mobile applications available for popular mobile phones. So why is only one in every five smartphone users utilizing those apps? Fear.

A recent study by Google found that many customers are worried about mobile banking security. This is mostly due to a misunderstanding or lack of knowledge of mobile banking security. Hopefully, this short article clears things up a bit.

Just make sure you download the correct app authorized by your financial institution. There are fakes out there, so don’t make that mistake. Another benefit is that the recent spate of ‘Denial of Service’ attacks launched by hacktivist organizations on major banking websites do not affect the app access channel.

A Reminder That Risks of Online Banking are different for Businesses vs. for Consumers

A $170,000 cyberheist last year against an Illinois nursing home provider starkly illustrates how (especially smaller) businesses are at risk of attacks by cybercriminals.

On Monday, Dec. 17, 2012, computer crooks logged into Niles Nursing’s online banking accounts using the controller’s credentials and tunneling their connection through his hacked PC.

At the beginning of the heist, the miscreants added 11 money mules to Niles’ payroll, sending them ACH (Automated Clearing House) payments totaling more than $58,000, asking each mule to withdraw their transfers in cash and wire the money to individuals in Ukraine and Russia.

Niles’ financial institution — Ft. Lauderdale, Fla. based Optimum Bank— evidently saw nothing suspicious about 11 new employees scattered across five states being added to its customer’s payroll overnight. From the bank’s perspective, the user submitting the payroll batch logged in to the account with the proper credentials and with the same PC that was typically used to administer the account. The thieves would put through another two fraudulent payment batches over next two days (the bank blocked the last batch on the 19th).

In total, the attackers appear to have recruited at least two dozen money mules to help haul the stolen loot. All but two of the mules used or opened accounts at four out of five of the nation’s top U.S. banks, including Bank of America, Chase, Citibank, and Wells Fargo. No doubt these institutions together account for a huge percentage of the retail banking accounts in America today, but interviews with mules recruited by this crime gang indicate that they were instructed to open accounts at these institutions if they did not already have them.

Banking online remains a legally and financially risky affair for any business, regardless of which bank it uses. Businesses do not enjoy the same fraud protections as consumers; if a Trojan lets the bad guys siphon an organization’s online accounts, that victim organization is legally responsible for the loss. The financial institution may decide to reimburse the victim for some or all of the costs of the fraud, but that is ENTIRELY UP TO THE BANK.


Spreading Malware By Torrents

Torrents of applications are often laden with malware. The application files may be unaltered, but the “crack” which provides a license code is where the danger lies. Videos, on the other hand, are safe. According to experts, embedding malware into a video file would be difficult, if not impossible. So how, then, do the bad guys distribute malware via popular video downloads such as TV episodes and movies?

Tactics vary, but the primary method of distributing malware via torrents of video files depends upon on getting downloaders to download additional files. This would likely tip off most people that something was up, but usually people become less alert when it comes to something they are eager to watch or play for free.

Several other common tactics include using an archive format like .rar or .zip to store malware disguised as a compressed file. or requiring you to download a specific codec, which could itself be a vehicle for malware.

Another tactic involves Torrenting a password protected file and then having to retrieve a password from another site or via email. This email scenario could be used to gather enormous numbers of legitimate emails, perhaps to be used for phishing attacks later on.

What might happen if one of your Facebook ‘Friends’ gets their account hacked

Whoever now controls your friend’s account not only has complete access to the Facebook information of the original account owner, but they can also access all of data on the people the owner was friends with.

Even the most privacy conscious individuals with everything set to ‘Friends Only’ are now exposed and at risk. Think of all the information they can collect and the damage they can do in just a short period of time.

Here are just a few ways they can exploit the ‘friends’ of the newly hacked account:

  • Monitor status updates of friends to know where they are and when they are not at home – for purposes of burglary.
  • Collect personal and private information to be used for phishing attempts (social engineering).
  • Use Photos and data obtained to create other fake profiles.
  • Install rogue Facebook applications and send spam and scam links to all of the friends of the original account owner.

If you are too complacent to protect your account for your own good, do it for your friends. Change your password to a very strong one, and not one that you use for any other on-line account. …..And while you are at it, why not ask your ‘friends’ to do the same to protect you.

 Page 1 of 2  1  2 »