What is Vishing?

What is Vishing?

You’ve probably heard about Phishing, but what about Vishing? If you’re like most people, you probably haven’t heard of it, but it’s a growing method used for fraud, and you should learn more about it before it becomes an issue for you.

Simply put, vishing is like phishing (fraud perpatrated via email), but it’s usually done on the phone, and in particular over a Voice Over IP, or VoIP connection. (Think Skype and other VoIP services) A visher will call a victim and attempt to get sensitive and/or confidential information from them, like a credit card number, Social Security number, bank account information… anything they can use to get access to your money or important info.

Often times the vishing attempt will start out familiar. Here are some examples of how a vishing attempt could be set up:

  • An automated call from your bank claiming there’s a problem with your ATM card. They’ll probably ask you to “confirm” your bank account number.
  • A person on the line claiming to be from a government agency (think: the IRS) with a tax problem they’ve found. A verification of your Social Security number will surely be involved in this case.
  • A department store attempting to clarify a purchase on a credit card. They’re likely to ask you to verify your credit card number, expiration date, and the “3 numbers on the back of the card”. Do that, and you may as well fill up their holiday wishlist for them yourself.

The list could literally go on and on, but I’m sure you get the picture. Anywhere you have, or could have, used your SSN, your credit card, bank account, etc. is a potential front for a fraudster.

Once they have your information, the sky’s the limit. So how can you prevent yourself from being a victim? Well first off, most companies won’t ask for sensitive information over the phone, especially if they initiated the call. In fact, many services and companies have that fact listed on their website and in their documentation. Secondly, if you have a feeling the call may be real, but you’ve got a funny feeling about it, hang up, go through your paperwork to find the right number to call back, and verify things that way. If it was a scam, you’ll know right away, and if it was a legitimate call, you can take care of the problem right there. That extra few minutes double checking could mean the difference between being scammed or not.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Fake FDIC Phone and Email Scams

Fake FDIC Phone and Email Scams

The name of the FDIC continues to be used by scammers to try to get your money or commit identity theft. In the past few months, the FDIC has been receiving increasing reports of fraudulent phone scam attempts by people claiming to be from the FDIC. These calls are, in fact, a vishing scam. (A form of social engineering that takes place over the phone, often through a VoIP connection) According to the FDIC in their September 2010 Consumer Alert:

To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number, and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to “avoid a lawsuit and possible arrest.” In some instances, the caller is said to sound aggressive and threatening.

Source: FDIC

If you get a phone call, email, fax, carrier pigeon, or anything from the FDIC claiming something akin to the aforementioned, it’s a scam, plain and simple. These scam artists aren’t dumb. They’ll craft an email, a phone script, or even a website to look as legitimate as possible in order to fool you, but it’s not from the FDIC. In fact, the FDIC specifically states that:

The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.

Source: FDIC

In short, if it’s a phone call, hang up. If it’s an email, don’t click on anything and delete the email. Then go through your bank and credit card statements to make sure you aren’t already facing an identity thief who is trying to gather more data on you. If you find out that you’ve been swindled already, contact your financial institutions immediately.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Avoiding Nigerian Scam Emails

Avoiding Nigerian Scam Emails

“There’s a sucker born every minute.”

– P.T. Barnum (Attributed)

What is the Nigerian Email Scam?

I’m sure that by now you’ve heard of the Nigerian email scams that are still being emailed out to millions of people every year and claiming new victims. These scams continue to bilk innocent people out of their money and more, even though the basic scam itself has been around for hundreds of years.

These emails are a typical example of how fraud and various scams are easily disseminated among a large group of people. The Internet is a great distribution method for crooks who want to attempt this scam since emails are cheap and getting millions of email addresses to send their letters to is relatively easy.

What Are the Basics of This Scam?

The Nigerian scam emails are a variation on the old “Spanish Prisoner” con and they’re sometimes referred to as “Advanced Fee Fraud” or a “419 scam” (based on the article in the Nigerian Criminal Code dealing with fraud). No matter what name is used, the modern variant of these scams go roughly like this:

  • A Wealthy Foreign Patron

    A rich person from another country, or possibly a representative for said person, contacts you, generally via email (though fax and snail mail aren’t unheard of). Regardless of who contacts you, it’s actually a con artist and not a rich person or their rep.

    • NOTE Although are normally referred to as “Nigerian scam emails”, these emails can technically come from any foreign country.
  • A Large Sum of Money (Trapped)

    The rich person/con artist claims they’re trying to invest their money, or maybe just trying to get it out of the country (often due to political upheaval or pressure), but needs an external bank account to transfer it all to safely. That’s where you come into the equation.

  • The Deal

    In exchange for transferring a large sum of money and “helping” the con artist, you are guaranteed a percentage of the transaction. This is normally a large enough percentage that it’d be like winning the Lottery.

  • A Problem Arises

    If you should be so… unfortunate… as to accept the offer, you’ll no doubt be contacted and told that there is some kind of problem: Some official needs to be bribed, perhaps a transfer fee is needed, new or underestimated attorney fees, or something along those lines. The con will ask you to front a certain amount of money to take care of the problem and will assure you that you’ll either be compensated at the end of the transaction or that the amount you’re getting in exchange for the deal once it all goes down will overshadow the “small” amount of money you’re asked to put up.

    This is the part where they try to part you from your money.

  • Goodbye Money

    After you’ve fronted the money for the problems that arise, you’ll very likely be told of more problems that require additional money to be transferred until you’re either tapped out of money or the con artists decide to move on. Either way, you end up the loser in this con game.

Who Are Typical Victims of This Scam?

Unfortunately confidence scam victims come from all walks of life. Rich, poor, old, young… who you are and where you come from doesn’t matter to a Nigerian email scam artist. Out of the millions of emails they’ll send, they only need a handful of marks (e.g. victims) to make their email scam a success; the FBI estimates that millions of dollars are lost every year to these Nigerian/419 scams. They’ll take whomever they can get.

How Can I Protect Myself?

The first rule of Don’t Get Scammed Club is… use common sense. If it’s too good to be true, it probably isn’t true. Secondly, always be wary of any email, IM, or other communication from a stranger that involves money or personally identifiable information. If you think that you, or someone else you know, is currently being targeted by a Nigerian scam email proposition here in the US, contact the FBI or the Secret Service.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

6 Must-Do Tips for Avoiding Credit Card Scams

6 Must-Do Tips for Avoiding Credit Card Scams

When times get tough, the crooks start coming out of the woodwork. The last thing you need is to be hit by a Visa, Mastercard, etc. credit card scam when you’re already having a hard time making ends meet. With the current world economy, scammers are stepping up their game so you’ve got to be aware of what they’re up to and keep your credit, your money, and your identity safe.

There are probably a million ways to keep from being the victim of a credit card scam or fraud attempt, but the following six habits (and these are good habits to have) will go a long way in protecting you from Visa scams, Mastercard maliciousness, and Amex anomalies.

  1. Trust but Verify:

    If you receive a phone call from your credit card company, make sure you’re actually talking to your credit card company. Cardholders are increasingly reporting calls from “representatives” who sound official (even going so far as to present “badge numbers” and other official-sounding information) but end up being scam artists. If someone calls your home claiming to be from your card company, politely hang up and call the number on the back of the card itself and verify. At that point you’ve made sure you’re talking to a real credit card company rep and can address any issue they called about in the first place.

  2. Review Your Credit Card Statements:

    This is a no-brainer, right? I don’t even know why I mentioned this because you keep monthly tabs on your credit card activity, looking for odd charges, inconsistencies, and anything else unfamiliar. Reviewing your credit card statement may be the only indication you have that something’s wrong, so do it every time.

  3. Keep Your Card Hidden:

    At restaurants, the grocery store, or anywhere that a stranger might see your card, be sure to keep it under wraps. Visa debit card scammers (and other cards, too) have been known to sneak into legitimate businesses and install cameras to pick up either your card number or your PIN number. Keep them covered as much as possible. And don’t forget to be sure that, at a restaurant, your server actually picks up the “Merchant Copy” of your bill. Many places, but restaurants especially, print out the card number on the signed receipt.

  4. Use a Secure Site (https):

    We’ve already discussed how to spot a fake website, but now you’ve also got to tie that into the first item in our post “5 Simple Tips to Staying Secure Online“. The basic gist is this: When you’re submitting sensitive information, be sure to look in the address bar to make sure you’re on a secure, or “https” site.

  5. Keep One Card for Online Purchases:

    Using one credit card for online purchases will not only help keep your transactions easy to account for (“Honey, why did you put that flat screen TV on the Visa at Amazon?”), but it will also help reduce the hassle you’ll have if/when your card info gets stolen.

  6. Shred Old Credit Cards & Statements:

    It’s not enough to just toss out old cards and to put your old card statements in the recycling bin. Invest in a shredder, preferably a cross-cut shredder. They’re relatively inexpensive, safe, and easy to operate. And as an added bonus, they make it darn near impossible for crooks to get/read your credit card statements.

Keeping yourself free from the headache of identity theft, stolen credit cards, and unwanted purchases is your job. Sure, your card company may have monitoring in place, but only you truly care about the security of your account, so get proactive and learn to protect yourself from credit card scams.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Rise of the LSO, AKA the “Super Cookie”

Rise of the LSO, AKA the “Super Cookie”

Since the dawn of the first web browsers dragging themselves from the sea to the land and gasping air for the first time (or something like that), there has been someone who wanted to track what’s happening in the browser. Whether it’s for remembering settings, keeping items in a shopping cart, or aiding in online marketing, the ubiquitous browser cookie has been a staple of the Internet since the early days of the Mosaic browser.

Today, however, there has been an evolution in the browser cookie life cycle, and it’s known as the LSO (Local Shared Object, AKA a “Flash cookie”). It’s not called the Super Cookie because it can leap buildings in a single bound, but rather because, like the Man of Steel, super cookies are pretty darn close to impervious when normal humans like you or I attempt to get rid of them.

What’s the difference between a browser cookie and a super cookie?

The super cookie is both scary and fascinating. Unlike its cousin the browser cookie, the super cookie is a Flash-based cookie that is stored in a different location on a computer than a browser cookie, can be much larger than the 4K allotted the browser cookie, and is much more difficult to uninstall (or even find on your PC) than the cookies you’re used to dealing with. In short, it’s a nightmare to deal with and opens up all kinds of privacy concerns.

What can I do about the super cookie?

Now, whether you want to keep or kill the super cookie is up to you. Like the browser cookie, a super cookie is only as evil as its creator, and most developers will likely use the LSO to make things like tracking general customer information easier vs. attempting to waylay your privacy and sell your data to the highest bidder. However, there are enough differences between browser cookies and Flash super cookies that it’s kind of a “Wild West” situation right now in the Land of Cookies.

If you’re afraid of someone using super cookies for evil (and lets face it, that’s a possibility), there are several ways to suppress or remove the LSO super cookie:

  • Manual deletion:

    The most tech savvy method to remove the super cookie, manual deletion is probably best suited for the technically minded. A super cookie is usually found in the “Flash Player” directory on your computer, but can be stored elsewhere. Use the search tool on your PC an look for the *.sol file extension.

  • Better Privacy (Firefox addon):

    If you use Firefox you can add the Better Privacy plugin to your install and let the addon work its magic on your LSOs.

  • Disable/remove Flash:

    Not a fan of Flash in the first place? Don’t care about certain videos or online games? If so, just disable or full-on remove the Flash player from your computer. If it works for iPhone users, it might work for you, too.

  • Visit Adobe:

    Adobe has a tool that you can use to update your settings quickly and easily. Just go to http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html and set the “Global Storage Settings” to “Zero”. This will prevent new flash cookies from being put on your computer, but if you have any right now you’ll still have to remove them as described above.

As you can see, updating, removing, or changing the behavior of Flash super cookies is kind of a pain right now. But like always, we have to roll with the punches, right? Now that you know about the LSO, check them out every now and again and see if you want to keep them around or not.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

National Cyber Security Awareness Month 2010.

National Cyber Security Awareness Month 2010.

The month of October 2010 is the 7th annual National Cyber Security Awareness Month (NCSAM) here in the United States. Internet (cyber) security continues to be at the forefront of our minds as we push further into the 21st century, and once again President Obama has made a presidential proclamation regarding the need for increased cybersecurity:

America’s digital infrastructure is critical to laying the foundation for our economic prosperity, government efficiency, and national security. We stand at a transformational moment in history, when our technologically interconnected world presents both immense promise and potential risks. (Read more)

We all have a part in taking cybersecurity seriously and addressing it in our every day lives. The staff of StopSign Internet Security software is proud be be part of the solution by providing excellent antivirus, antispyware, and firewall software as recommended by the Department of Homeland Security for every computer user in the US.

Special Offer: Once again we’re offering a special discount of 20% off our StopSign Internet Security software (which includes antivirus, antispyware, and firewall software [downloaded separately]) for anyone using the coupon code “NCSAM” during National Cyber Security Awareness Month. To take advantage of this money saving offer, visit the StopSign shopping cart and enter the code to get your special price. (The site will open in a new window.) Please note that the discount will not be applied to T4C game items or the StopSign CD box.

If you don’t see the coupon entry form right away, click on the coupon code link in “Step 2” on the cart to enter your coupon code before you order!

StopSign is proud to endorse NCSAM by helping raise awareness regarding Internet security-related topics. For more information on National Cyber Security Awareness Month or government recommendations on cyber security, please visit StaySafeOnline.org.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.