Card fraud basically involves theft of identity or information on your cards.

The stealing can take place in one of the following ways:

1. Skimming

“This involves attaching a data skimming device in the card reader slot to copy information from the magnetic strip when one swipes the card,“ says Mohan Jayaraman, MD, Experian India.

“They also set up cameras near the machine to get the PIN,“ he adds

2. Card trapping

This is a barb that retains the card when you insert it in the machine and the card is retrieved later.

3. Shoulder surfing

If you find friendly bystanders in the room or outside who try to help you if your card gets stuck or peer over your shoulder, beware.

They are there to get you to reveal your PIN.

4. Leaving card PIN

If you write your PIN on the card and forget it in the ATM kiosk, it’s a virtual invite to be scammed.

5. Online transactions

The ease of e-shopping or online bill payment is matched by the felicity with which identity theft can be carried out on computer or smartphone.

Mumbai-based Girish Peswani knows it well. “I was in my office when I got alerts about online transactions abroad made using my credit card,“ he says. There are various ways this card information could have been stolen.

6. Pharming

In this technique, fraudsters reroute you to a fake website that seems similar to the original.

So even as you conduct transactions and make payment via credit or debit card, the card details can be stolen.

7. Keystroke logging

Here, you unintentionally download a software, which allows the fraudster to trace your key strokes and steal passwords or credit card and Net banking details.

8. Public Wi-Fi

If you are used to carrying out transactions on your smartphone, public Wi-Fi makes for a good hacking opportunity for thieves to steal your card details.

9. Malware

This is a malicious software that can damage computer systems at ATMs or bank servers and allows fraudsters to access confidential card data.

10. Merchant or point-of-sale theft

This is perhaps the most effective form of stealth, wherein your card is taken by the salesperson for swiping and the information from the magnetic strip is copied to be illegally used later.

11. Phishing & vishing

While phishing involves identity theft through spam mails which seem to be from a genuine source, vishing is essentially the same through a mobile phone using messages or SMS. These trick you into revealing your password, PIN or account number.

12. SIM swipe fraud

Here the fraudster contacts your mobile operator with fake identity proof and gets a duplicate SIM card.

The operator deactivates your original SIM and the thief generates one-time password (OTP) on the phone to conduct online transactions.

13. Unsafe apps

Mobile apps other than those from established stores can gain access to information on your phone and use it for unauthorised transactions.

14. Lost or stolen cards, interception

Transactions are carried out using stolen cards, those intercepted from mail before they reach the owner from the issuer, or by fishing out information like PINs and passwords from trash bins.

15. Cards using other documents

New cards are made by fraudsters using personal information stolen from application forms, lost or discarded documents.

Source: http://www.gadgetsnow.com/slideshows/15-ways-criminals-steal-money-from-your-debit/credit-card/Malware/photolist/55414130.cms


Peter Bauer, founder of Mimecast security company, offers some advice for SMEs looking to avoid email-based cyberattacks.

The first mistake that businesses make when it comes to email is to think that it’s a secure way to share information. So argues Peter Bauer, co-founder of Mimecast, an international security company that handles 145 billion emails worldwide.

“Email was never intended to be used in the way it is now. It’s not really kitted out for all of the risks associated with the internet; it was designed for a more trusting environment,” he explains.

And it’s a mistake to think that SMEs don’t present a worthwhile target. In fact, they present attractive opportunities. By simply setting up a free email address and a LinkedIn account for research, a hacker can go far.

“What does worthwhile mean?” asks Mr Bauer. “It’s relative to the cost of putting on an attack, and to the downside of getting caught.” Both are low when it comes to an attack on an SME, which makes them more appealing than larger corporations.

Each time an attempt to hack your company is made via email, there are one of two aims at play: to steal money, or gain information.
Small businesses should bear those purposes in mind, because they can be key to spotting – and stopping – hacks.

Do you really know who’s asking you for information?

“Hey, are you at your desk?” is often the first question an email hacker will ask, says Mr Bauer.

Having researched a company on Linkedin – or if they are already in the system, having read emails between colleagues to garner a sense of tone and topic – the attacker will build a dialogue and wait a realistic amount of time before sending responses.

Someone pretending to be the chief executive emailed the head of HR and said they needed the data

The only way to combat this, says Mr Bauer, is to make sure that two-step procedures are in place around transfers of business to confirm a person’s identity (known as a two-step verification). Ways to do this include an SMS message or a phone call with the person in question.

But beware smart hackers’ attempts to overcome security protocols with a carefully-tailored statement. “They will say that it’s confidential; it’s board-only knowledge, so don’t tell anyone. Not breaking those procedures becomes very important,” says Mr Bauer.

And having a process in place is only effective if it’s used every single time, he adds. “Many businesses fail to follow their own protocols.”

Small data leaks can cause a flood

The security costs of letting someone have access to financial or personal data can be epic. Mr Bauer cites Snapchat, which had the equivalent of its entire P60 data stolen. “Someone pretending to be the chief executive emailed the head of HR and said they needed the data for a review. It was just sent over. It was leaked,” says Mr Bauer.

Attackers aren’t always asking for big chunks of data or banking details. The request can be smaller and more subtle. A good example of this, says Mr Bauer, is the recent hacking of an email account of a key person in Hillary Clinton’s presidential campaign. The attacker sent someone an email saying that suspicious activity meant that they needed to change their login details as a precaution.

In this instance, even a cautious user wasn’t safe. “They forwarded the email to their IT department to check it was okay. The expert said it looked fine,” says Mr Bauer. “They followed the email link and entered their password. The attacker got into the inbox and stole emails before the person realised their password change hadn’t worked.”

Get security on the agenda and keep it there

As an evolving and costly threat to business operations, Mr Bauer believes that it’s time to get cybersecurity on the meeting agendas of SMEs. “There should be a [dedicated] section on it. Give a voice to people who know your [IT] vulnerabilities.

“You might not even realise that a laptop was stolen from a worker the week before with unencrypted information on it. Out of sight, out of mind.”

For businesses unsure of where to begin with their email security efforts, a good start is to educate users by showing them what scams look like. This will, he says, teach them to scan for “red flags”.

Any business that is alarmed will also be troubled by Mr Bauer’s prediction for the future cybercrime opportunities posed by the Internet of Things. “The biggest cybersecurity threat that’s coming up is from the number of devices that are being connected to the internet,” he says.

“We’ve grown up thinking of the web as something that’s on servers and displayed on screens, and the security industry has matured around that. But my new car is a computer on wheels. If someone hacks an electric car, which is permanently connected to the internet, they could crash it. It’s entirely plausible.”

Source: http://www.telegraph.co.uk/connect/small-business/business-solutions/what-is-email-security-and-how-can-SMEs-get-it-right/


Mobile security risks remain a serious concern for marketers and consumers alike now that a new report has shown that more than 200 different mobile applications and Web sites were leaking personally identifiable information over the course of the last year.

The data comes from a new report on data security from Wandera. The report studied mobile apps and sites from 20 different countries and found significant evidence of leaked information.

“Mobile is well and truly the new frontier for data security,” said Eldar Tuvey, CEO of Wandera. “It’s clear that security and compliance risks are far more formidable threats than previously thought.”

Personally identifiable information
With mobile increasingly being the preferred digital medium through which we live our lives, consumers are putting more and more personal information into their mobile apps and mobile Web sites.

screen-shot-2016-12-13-at-11-16-44-am
Email addresses were the most likely to be leaked

Wandera wanted to put a rough estimate on how much of this information remains insecure. To do this, the company took a look at nearly four billion requests from across hundreds of thousands of devices in 20 countries.

The results showed that more than 200 different mobile apps and sites were vulnerable to leaked personally identifiable information, or PII.

PII consists of any information that can be used to link digital activity to a specific person. This can be account numbers, email addresses, physical addresses, transaction data or any number of data points that might be tie something to a specific person.

Mobile security
No one industry or category of mobile program is to blame for these vulnerabilities. The leaked data ranged from a wide variety of sources, including news, travel, sports, entertainment and mobile shopping.

Some types of Web sites were more prone to leakage than others. A shocking 80 percent of the top 50 adult Web sites were found to be leaking information.

Almost 60 percent of all leaks came from one of three categories: news/sports, business/industry and shopping.

Another potentially surprising detail is that despite its sharing-oriented nature and outsized popularity compared to other mobile services, social media accounted for only 2 percent of all leaks.

The silver lining is that the most valuable of data – things such as credit card information – was the least likely to be leaked, accounting for less than 3 percent of all leaks.

This data is important for mobile brands and marketers who want to gauge their audience’s response to security concerns.

A recent study found that more consumers would be willing to sacrifice some functionality or convenience for better protection and security (see story).

Taken together, these two reports show that brands and marketers may need to adjust their priorities in the balance between convenience and security to be more in line with consumer desire.

“With the reported cost of remedying a mobile breach in the US falling between $250,000 to $400,000 in many cases, enterprises need to take concrete steps to routinely monitor the data that flows to and from each individual device, identify potential security gaps and dynamically respond,” Mr. Tuvey said.

Source: http://www.mobilecommercedaily.com/more-than-200-mobile-apps-and-sites-leaked-personal-information-last-year-report


Ninety percent of shoppers will use their smartphones in-store this holiday season, and that puts them at particular risk for cybercrime, according to a new report from Skycure.

As mobile continues to become the primary method of digital commerce for many shoppers, the threats to their financial safety grow. This holiday season, shoppers and retailers need to be on the lookout for both malicious applications posing as retail apps and for potential Wi-Fi hacking.

 

Security matters
This holiday season will be one of the biggest and now, more than ever, mobile will be leading the charge for shoppers who want to make smarter decisions.

But that new power that comes from increased mobile presence in the retail world comes with a few caveats that both consumers and retailers need to be on the lookout for.

For one, mobile as a channel is still vulnerable to threats from hackers.

Skycure looked at two ways that hackers could target mobile shoppers this holiday season.

The first is through tampering with Wi-Fi. As users continue to use their mobile devices in-store to make purchasing decisions, many of them will be looking for Wi-Fi to connect to to save on data costs.

Hackers can take advantage of this need in two ways. They can hack into a store or mall’s Wi-Fi and gather data from the connected devices, or they can set up their own Wi-Fi networks, misleading customers into thinking they are safe networks set up by the retailer they are currently visiting.

Once a shopper connects to one of these networks, the hackers now have a way in to their devices and the opportunity to steal valuable data.

Skycure compiled a list of which malls around the country were the most dangerous in this regard, with the highest amount of risky Wi-Fi networks. The top spot, a mall in Las Vegas, had 14 different Wi-Fi networks that could put customers at risk.

Malicious apps
The other problem that mobile shoppers face is the prospect of malicious apps posing as official retail apps.

Skycure found a number of examples of apps available on mainstream app stores that posed as official apps for well-known retailers. Brands such as Amazon and Starbucks were impersonated by apps that intentionally misrepresented themselves to appear reputable.

In reality, these apps contain malicious code that can work its way into a mobile device’s vulnerable areas.

One example, an app posing as an Amazon Rewards program, sent malicious code from the victim’s phone to others through SMS once it had been ingrained.

While shoppers are the ones who stand the most to lose from these types of scams, the impetus falls on both customers and retailers to take measures to fight these crimes. If not, they risk losing customers’ precious trust in both them and the mobile channel, shutting off an entire source of revenue and brand goodwill.

Source: http://www.mobilecommercedaily.com/mobile-shoppers-at-risk-from-malicious-apps-and-wi-fi-this-holiday-season-report


The chip card (EMV) era has arrived with the promise that data in retail environments will be better protected. Cardholders will have much greater security at the point of sale with their own card data. But, while it will be much more difficult for thieves to steal card data at the point of swipe, the hackers are still hacking and data is still being lost – almost daily.

Fast-food chain Wendy’s is facing a class-action lawsuit over a recent breach of its existing point-of-sale (POS) system. The Wendy’s breach comes on the heels of numerous other POS attacks at major retailers in recent years, including breaches at Michaels, eBay, Neiman Marcus, Target, and the largest of them all, Home Depot (56 million cards). Retailers have been shaken by these events; a recent study found that 100% of retailers cite cybersecurity as one of their top business concerns, up from only 55% in 2011, according to BDO, a business advisor to consumer business companies for over 100 years.

Retail customer data breaches can result in a company losing millions of dollars to class action lawsuits, possibly facing penalties for Payment Card Industry Data Security Standard (PCI DSS) violations, and irreparably harming its reputation. However, PCI compliance is not a guarantee that a retailer’s infrastructure is immune to breaches. It merely means minimum standards have been achieved.

Following are five steps merchants in any industry can take to prevent their POS systems from being compromised:

1. Have Store Personnel Monitor Self-Checkout Terminals/Kiosks

There are two methods by which POS data is stolen: by compromising the POS system itself using stolen credentials or by physically installing “card skimmers,” usually on self-checkout terminals that are not monitored. These devices, which take only seconds to install, steal payment card data and PIN information directly off the card’s magnetic stripe.

While the introduction of new chip cards will eliminate the threat of card skimmers, 42% of retailers are yet to update their payment terminals to accept chip cards – and even some retailers who have EMV-enabled terminals cannot accept chip cards because the POS software cannot yet handle them. It is imperative that such terminals not be left completely unattended. Every store should have on-site personnel who are trained to spot card skimmers and assigned to monitor self-checkout terminals for their presence.

2. Ensure that Both POS and OS Software Is Up-to-Date
Because cybersecurity is a constant “Spy vs. Spy” battle where experts find ways to patch vulnerabilities while hackers find new ways to access systems, POS software systems release frequent updates to address the most recent security threats. For maximum protection, these updates must be downloaded and installed as soon as they are released, not on a monthly or quarterly schedule. The same concept applies to operating system software; retailers and restaurants that are running Microsoft Windows should ensure that patches are installed as soon as they are available.

3. Always Change Default Manufacturers’ Passwords
Retailers and restaurants should always change the default password provided by the manufacturer as soon as a new piece of hardware is hooked up to their POS system. Default passwords are publicly available, and thus widely known to hackers; in fact, the first thing an attacker will attempt to do is access the device using the default password.

Changing default passwords is required as part of an organization’s compliance with PCI DSS standards. Likewise, software system passwords should also be changed upon installation, and then on a regular basis afterwards.

4. Isolate the POS System from Other Networks

Many retailers, restaurants, and hotels offer free Wi-Fi to their customers. The POS system should never be hooked up to this network, as a hacker can use it to access the system. Likewise, if an organization’s POS system is not separated from its corporate network, a hacker who compromises the organization’s main network will be able to access its POS system. There are two ways to achieve this: by actually segmenting the two networks or by using multifactor authentication for communication between the organization’s main network and its POS system.

The correct solution for a particular organization depends on its size and resources, so it’s best for organizations to consult a managed security services provider (MSSP) to determine which solution would best fit their needs.

5. Always Purchase POS Systems from Reputable Dealers

Retailers and restaurants have extremely thin profit margins, and the individually franchised restaurants that are popular in the fast-food industry tend to operate on particularly tight budgets. As the industry automates for the first time, it may be tempting for these small operators to seek out the best “deal” on self-checkout systems – but a POS system purchased from a manufacturer who turns out to be fraudulent is no “deal” at all, and it could result in financial ruin for that location. POS systems should be purchased only from known, reputable dealers, and if a “deal” on a system seems too good to be true, it probably is.

POS system security requires expertise in both information security and PCI DSS compliance, the latter of which is mandatory for any organization that processes, stores, or transmits cardholder data. Retailers and restaurants that do not have sufficient in-house IT staff to handle data security and PCI DSS compliance should partner with an MSSP to ensure that their POS systems are both safe and compliant. MSSPs are flexible and can tailor their solutions to fit each company’s needs, from remote monitoring to on-site security staff, either in conjunction with existing staff or on their own.

Automation has lowered labor costs and improved efficiency and the customer experience in the retail industry – and will do so in the restaurant industry – but the security of POS technology should not be disregarded. As POS data breaches continue to multiply, and especially as large fast-food chains plan to install brand-new ordering kiosks at a rapid pace, retailers and restaurants need to take proactive steps to protect their customers’ card data – and themselves from lawsuits, government penalties, and reputation damage.

Source: http://www.chainstoreage.com/article/five-ways-prevent-data-hacks-point-sale


It’s not only large companies that face cyberattacks – there are affordable steps small companies can take to protect their business data and IT systems.

You can’t assume that your small business is not a target for hackers. As many as three-quarters of smaller businesses are at risk, according to the latest Government Security Breaches Survey, with the worst breaches costing up to £300,000.

Small companies face attack from multiple angles. “Like [larger] enterprises, they face targeted attackers who are interested in intellectual property and other confidential data, as well as using smaller organisations as a way into larger ones,” says David Emm, principal security researcher at Kaspersky Lab. “And like consumers, they face random, speculative attacks that make up the bulk of the threat landscape and are distributed indiscriminately by cybercriminals.”

That’s problematic for SMEs, which are less likely to have a dedicated IT department staffed with security professionals. “SMEs typically don’t allocate resources to cyber security, and they allocate very few resources to IT,” says Andy Patel, senior manager for technology outreach at F-Secure. “This leaves them open to attack in a variety of ways. A cyber security incident is likely to cost an SME proportionally more to recover from than a well-prepared company.”

Improving the security situation at your small business doesn’t need to be expensive, and it could well save you money in the long run. We asked experts across the security industry for their tips on how small businesses can stay secure without breaking the bank.

Adopt two-factor authentication

Take security into your own hands and enable two-factor authentication on any service or device used by the company for email accounts, social media feeds or more sensitive systems. Anyone using these accounts will need an extra credential to gain access from a new device, or to change profile settings, which stops hackers from breaking in even if passwords are leaked.

“Multi-factor authentication reduces the risk of a compromise, since a password alone is not enough to gain access to an online account,” says Mr Emm. “At the very least, multi-factor authentication should be mandatory for changes to account settings.” He adds that it’s essential for companies to shut down accounts, or change login credentials, when someone leaves employment.

Two-factor authentication does add steps to employees’ login procedures, so avoid frustrating them by taking it one step at a time. “Start with the critical accounts and scale up from there as it becomes a habit,” advises F-Secure security advisor Sean Sullivan.

Get smart with email

Email is a weak point for smaller enterprises, with criminals targeting companies with malware via phishing attacks. This is where an email is crafted to look like it’s coming from a trusted source, such as a supplier or bank, but is loaded with dodgy attachments or links to malicious pages, says Trustwave’s threat intelligence manager, Karl Sigler. “Our research has found that the vast majority of companies have been targeted with a phishing attack at least once over the past year, and the number is set to increase over the next 18 to 24 months.”

Phishing messages can be sent to any email address at random, but clever hackers can also use information gleaned online – from social networks, data breaches, or even your company website – to make attacks more effective (a trick called spear phishing).

To avoid becoming a victim, Mr Patel says staff should be trained to pay attention when reading an unexpected email. “Check the sender address carefully. Don’t open attachments you weren’t expecting. If you’re unsure, ask the sender. Be suspicious of certain file types – most people don’t use zip files nowadays. If you are asked to ‘enable content’ on an office document, don’t.”

Mr Sullivan takes a different approach. “Almost everybody can spot phishing during training,” he says. “Phishing works when people are distracted – and people are distracted by tools they don’t use well. Pay for productivity training and you will end up with better email hygiene.”

Avoid ransomware threats – and don’t pay up

Ransomware is where hackers gain control of your data, encrypt it and demand a payment to hand over the key. Research by Kaspersky Lab found that 49pc of SMEs believed such “crypto-malware” was one of the most serious threats they faced , with two-thirds of SMEs reporting complete or partial data loss from such attacks.

To mitigate the threat, follow the the email security tips above, as malicious messages are a common delivery method for crypto-malware, says Mr Emm. And, ensure your company has up-to-date, secure backups, so you aren’t forced to pay criminals to get your data back.

Beyond these steps, control access to files to those who need them, to help limit the spread of malware, and ensure staff don’t have administrator rights, as that makes it easier for malware to spread more widely across your network.

If you don’t have a backup, should you pay the demand? Mr Sigler says: “We would advise against paying the ransom as there’s no reason for the attacker to keep their promise and restore the system. Communicating with cyber criminals also provides them with more information, such as IP or email addresses, which can be used in future attacks – very likely if a company is willing to pay up.”

Undertake regular assessments

It’s an industry cliché, but the weakest link in any network is the people – and this applies to company leaders, as well as the IT department. “Security assessments should not be treated as a one-time event. It’s vital to perform regular testing to keep track of the fast-moving security landscape, especially if the business expands or implements new technology,” notes Mr Sigler, adding that Trustwave research revealed that one in five companies hadn’t done any testing in the past six months, “leaving them blind to new vulnerabilities and threats”.

So, what new threats are looming on the horizon? Kaspersky’s Mr Emm warns SMEs to keep an eye on the Internet of Things (IoT), which includes everything from smart CCTV cameras to connected children’s toys. “The IoT is bringing not only risks to privacy, but also the danger that connected devices will be used as a weak link to gain access to other systems,” he warns. Perhaps think twice before buying that web-connected coffee machine for the office kitchen.

Source: http://www.telegraph.co.uk/connect/small-business/business-solutions/how-to-improve-your-cybersecurity/


Using the internet to make payments to utility, phone, credit card, insurance and other companies saves considerable time and effort. It is also a simple and convenient way to contribute to charity either directly or sponsoring participants in money-raising activities. There are, however, risks associated with online payments and you need to take care when making them.

The Risks

  • Fraud resulting from making payments over unsecured web pages.
  • emails directing you to fake websites set up to collect your payment card details.

Safe Payments

Online payments are normally part of your arrangement with a service provider as an alternative to payment by Direct Debit or cheque. In most cases, therefore, the payee will be familiar to you, but you must take care to ensure that you are on the provider’s genuine site.

  • Remember that paying by credit card offers greater protection against fraud than with other methods.
  • Double check all details of your payment before confirming.
  • Before entering payment details on a website, ensure that the link is secure, in three ways:
    • There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself … this will probably indicate a fraudulent site.
    • The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.
    • If using the latest version of your browser, the address bar or the name of the site owner will turn green.
  • When making a payment to an individual use a secure payment site – never transfer the money directly into their bank account.
  • Check the website’s privacy policy.
  • Always log out of sites into which you have logged in or registered details. Simply closing your browser is not enough to ensure privacy.
  • Keep receipts – electronic or otherwise.
  • Check credit card and bank statements carefully after payment to ensure that the correct amount has been debited, and also that no fraud has taken place as a result of the transaction.
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

Source: https://www.getsafeonline.org/shopping-banking/online-payments/


The average sale price for a stolen credit card paired with personal information on the cardholder is $15.

“Criminals have a clear incentive to target internet retailers,” says Brett McDowell, executive director of the FIDO [Fast Identity Online] Alliance, an interindustry group aimed at developing specifications for better internet security.

That’s because merchants often keep valuable data on their networks—networks that criminals can, and do, break into to steal information and resell it. There were 3,141 confirmed data breaches last year, according to the Verizon 2016 Data Breach Investigations Report. Of those, 370, or about 12%, were of retailers’ systems, and 182 of these retailers confirmed data was stolen. The report did not track whether the breaches were of retailers’ websites or store networks. The more recent major security breaches, such as Target Corp. in 2013 and The Home Depot Inc. in 2014, involved compromised point-of-sale terminals in stores.

Payment data is the prize that most thieves are seeking when they hack into networks, says Al Pascual, senior vice president and research director for the fraud and security practice at Javelin Strategy & Research. Customer data—email addresses, birth dates, shipping addresses, passwords, etc.—is also valuable. The average sale price for a stolen credit card paired with personally identifiable information, such as the card owner’s billing address, was $15 in 2015, according to Intel Corp.’s McAfee Labs research, or about double the price of the credit card information alone.

Obtaining customer login credentials also can prove fruitful because of consumers’ penchant for using the same usernames and passwords on multiple websites, and e-retailers’ hesitation to apply more stringent authentication methods. Internet retailers “are always fighting to reduce their shopping cart abandonment rates, which historically required them to sacrifice some proven user authentication practices to reduce the number of steps required for a customer to complete a purchase,” McDowell says. Those practices include two-factor authentication, wherein a customer provides two means of verifying his identity such as a password and identifying information that might be the name of their first pet, for example, before allowing the consumer to complete a purchase.

63% of confirmed data breaches (across all industries) in 2015 involved leveraging weak, default or stolen passwords, according to the Verizon investigation report. Once these credentials are in hand, experts say the most common target for their use is to access payment information consumers store with merchants or financial institutions.

Source: https://www.internetretailer.com/2016/08/17/payment-and-personal-data-are-what-hackers-seek-most


Thanks to the ever-growing reliance on computers and the Internet, Internet fraud has been an increasing concern for civilians and law-enforcement agencies. Because tracking hackers is difficult and catching Internet frauds is even more challenging, the best protection is to avoid fraud attempts. The first part of sidestepping identity theft, viruses and other intrusions is being able to identify fraud when you see it.

Internet Auction Fraud and Non-Delivery of Merchandise

Internet auction fraud is a prevalent scam that targets consumers on auction websites such as eBay. Typically, this scam will consist of someone posting a product for sale on an auction site to “sell” the product to the highest bidder. The product, however, is either nonexistent or not the product described on the auction site. Scammers will try to collect the full funds from the winning bidder before shipping the product. This is typically facilitated via a money wire transfer, and the seller will ask for funds to be sent to a third party. In the instances where scammers ship a product to the buyer, the scammer will send a product of vastly lower value than what was purchased. The shipment will need to be signed for, which obligates the buyer to pay in full for the product, even though it isn’t the promised item. This is known as the Non-Delivery of Merchandise scam.

Spam and Identity Theft

Spam is implicated in a common form of fraud, in which bulk emails are dispersed to millions of email addresses in an effort to corrupt people’s computers, steal identities or pull unknowing individuals into paying for fraudulent products or services. A spam message will offer any number of false dealings to recipients. Popular offerings including low-interest loans, free credit report checks, sweepstake winnings and relationships with “local” singles. These types of scams require people to open a message and click on a link. This opens up the computer to a virus, worm or other “bug” that will corrupt the computer. In cases of identity theft, the bug will attempt to retrieve passwords, Social Security numbers, credit card information, home addresses and telephone numbers. Other bugs will embed themselves in the computer’s registry and damage system performance.

Credit Card Fraud

This scam requests that a consumer registers or inputs credit card information on a fraudulent website. The site may sell products or services. When a reputable, trustworthy vendor asks for credit card information, it won’t save the data without user permission and will take steps to keep user information safe. Fraudulent sites will ask for the same information as does a reputable site, but will steal the information and make purchases using the data the credit card owner gave to the website.

Forms of Investment Fraud

Various investment schemes typically target stock investors, trying to steal money and investors’ identities. Some of these scams will come in the form of an online newsletter. In these newsletters, frauds will offer inside information on stocks, for a fee, and offer false data instead of real information. Online bulletin boards have also become a hotbed of fraudulent activity. Companies often use online bulletin boards to publish information; however, a bogus board will release disinformation. A pump and dump scheme can start with a fraudulent newsletter or bulletin board where secret or private information is offered. The object of this scheme is to alter stock values. After effectively hindering a stock, the schemer will sell his or her own stock in a timely fashion for personal gain.

Source: http://smallbusiness.chron.com/types-internet-fraud-work-61078.html


We all love free WiFi, don´t we? At work, at a friends’s place, in a hotel lounge when on a vacation. While the idea of superfast WiFi in a random coffee shop at no extra cost is tempting, there are chances you are putting your smartphone at potential risks including malfunctioning due to virus, loss of private data, and even hacking.

The cost of internet browsing over mobile carriers is still expensive and using open WiFi, especially when on roaming, makes for a sensible choice. While not using your smartphone when on a vacation sounds like a nice digital detox, there are ways you can still use that free and fast hotel WiFi and still be safe from possible hacking or virus attack.

1. Don’t Trust

Some WiFi networks could be completely bogus and set up purely for nabbing data. Don’t be afraid to question a network’s legitimacy. Mostly the data asked by these networks include email address along with mobile number. It is extremely tempting to simply fill in the details to login the network just to send that one quick official mail or post a selfie, these are often followed by promotional emails and advertisements. In cases when you do end up receiving newsletters or promotional emails or messages from the hotel you stayed in or the coffee shop you visited, it is best to immediately unsubscribe from their mailing list and alongside also inform your network carrier to activate DND service. Also, it is extremely important to keep an eye for emails which ask you for a feedback which include specific and unrelated queries.

2. Sign Out After Use

If using free WiFi, make sure you’ve signed out of all apps before doing so. This ensures that the network doesn’t bypass the security and make the apps vulnerable to external access. Many a times we keep logged into apps permanently, especially social media apps like Facebook, Twitter, YouTube, etc., so that we don’t have to put in login credentials again and again. But doing so only makes the accounts prone to hacking and misuse. While using public WiFi, it is more critical as most of these accounts are interlinked and branch out of a single email address.

3. Browse Securely

A user’s internet browsing behavior is closely monitored by the network as well as the sites you visit which are interlinked. For example, if you are visiting a shopping site while browsing through your social media account, chances are you will be shown advertisements related to your previous searches. So it is wiser to stick to using a browser, don’t visit sites that require a login and only visit those that you know are legitimate, think twice before clicking on any link. At times seemingly harmless links are booby-trapped and lead you to unsafe websites which can in turn plant virus into your device or get unauthorized access to personal data. To thwart this, one can consider using a VPN app (Virtually Private Network) for secure browsing. Usually, to have a secure browsing experience over VPN the end user has to pay for extended subscriptions or restrict their usage. But Opera has recently integrated free and unlimited VPN to its browser making public WiFi usage more secure.

4. Use Mobile Data for Transactions

Make it a rule to never use public WiFi when making financial transactions. If you have to access financial information, accept the roaming fee and do it over 3G or 4G/LTE even if it costs you more. Also, make sure to use a secure browser while making online payments and opt for multi-level authentication process to be fully sure of security.

5. Use Updated Apps

Having updated app not only makes the user experience smoother, it also cleans the app of bugs or issues which may put the device data at risk. Make sure all apps and operating systems are fully up to date. You can also have a form of anti-virus app running on your smartphone to be aware of any malicious activity.

 

Source: http://www.news18.com/news/tech/tips-tricks-5-ways-to-stay-safe-while-browsing-on-free-wifi-1263539.HTML