Thursday, February 28, 2008

Vishing - The Newest Weapon for Phishing

As Internet users learn not to divulge confidential information on websites, phishers move to new, uncharted territories. Their newest weapon is called “vishing”, as in “Voice Phishing”. It relies on Internet telephony to trick users to hand over their private data.

People trust phone transactions more than they trust the Internet, because the traceability and cost of landline or cellular phone service make mass phone fraud impractical. Moreover, vishing mimics the legitimate ways people interact with their financial institutions - one that has been touted as being safer. After all, many institutions advise calling by phone when in doubt. So victims are more likely to respond without hesitation to a vishing trap.

But VoIP service has brought together the Internet and telephone worlds, and makes such attacks easy and more cost-effective.

Internet-based phone companies make it easy to obtain an anonymous account and to handle large call volumes at little cost.

Inexpensive software lets thieves create an interactive voice response system that sounds exactly like the one your bank uses—even matching the on-hold music.

Traditional anti-phishing tools cannot easily detect a false telephone number within an email text, so protection against vishing is up to the user.

How to protect yourself

Common sense is the only true universal weapon when ID theft is involved!

Never respond to an email or voice mail that asks you to go to a website or to call a phone number to resolve an account problem. These are never legitimate.

If there is any question, call the merchant or institution at a number you know is genuine - either one found on the regular website (after having entered the address yourself!) or in the Yellow Pages.

Sunday, February 17, 2008

Why you probably aren’t practicing good password security

Most of the online users are not practicing good security practices in respect of password policies and other security habits. It’s common sense for most people on the hacking side of computer security as we know how easy it is to break a password when it’s only a few characters long or it uses a dictionary word. I think, the following are the reasons why most of us are not practicing good password security.

Strong passwords are difficult to remember.
Juggling a multitude of passwords is a pain.
Updating passwords compounds the memorization problem.

Due to vulnerabilities in Operating System and other application software users' online accounts can become compromised through phishing schemes, viruses, and spyware.

I suggest the following good security practice for you:

Strong passwords that are hard to guess.
Different passwords at each site.
Periodically changing existing passwords.

Tuesday, February 12, 2008

How to Protect your online accounts

Due to vulnerabilities in Operating System and other application software users' online accounts can become compromised through phishing schemes, viruses, and spyware. Users can secure their own account and their online identity quickly and easily by following the online safe practices. Some of the safe practice I regularly follows are listed below. You may look into these steps and take a decision today itself to safe guard from Online frauds.

1. Don't share: Keep your username, password and personal information secret. You are requested to change your password regularly. Password must be alphanumeric with special character and greater than 8 character in length.

2. Don't click: Never click on any link you suspect to be malicious, even if sent by someone you trust. Scan your computer regularly for viruses, spyware and adware. Updates your Operating System and other application software regularly.

3. Don't click: Never click on links in emails that claim to be from mail provider (gmail.com, yahoo.com), bank authorities (hdfcbank.com, icicibank.com), auction sites (ebay.com, amzone.com) or social networking sites (orkut.com, myspace.com). Scan your computer regularly for viruses, spyware, and adware.

4. Don't spread: Never enter your account login and password on sites other than the original site. Never check remember me when you're using a shared computer.

5. Don't Share Personal Data: Avoid posting sensitive personal data, such as email addresses, phone number or pictures, in public places.

6. Don't forget to click the Logout link of the page when you're done using an online account.

7. Don't script: Never paste a URL or script into your browser while logged into a account especially social networking site viz. orkut.com, mysapce.com no matter what it claims to do.

Saturday, February 9, 2008

Over 1 Million Potential Victims of Botnet Cyber Crime - FBI News

The FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with their industry partners, viz. Microsoft Corporation, the Botnet Task Force and the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers and referring criminal botnet activity to law enforcement. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

Protect your PC from being hijacked - Norton AntiBot

“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”

Cyber security tips include updating anti‑virus software, installing a firewall, using strong passwords, practicing good email and web security practices. Although this will not necessarily identify or remove a botnet currently on the system, this can help to prevent future botnet attacks.

The following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);

* Jason Michael Downey of Covington, Kentucky, is charged with an Information with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)

Protect your PC from being hijacked - Norton AntiBot

More information on botnets and tips for cyber crime prevention can be found online at www.fbi.gov. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.

Protect your PC from being hijacked - Norton AntiBot

Tuesday, February 5, 2008

Identity Theft one of the increasing security risk of 2008

Identity Theft continuous to become an increase threat to security. Identity theft is a catch-all term for crimes involving illegal usage of another individual's identity. The most common form of identity theft is credit card fraud. While the term is relatively new, the practice of stealing money or getting other benefits by pretending to be a different person is thousands of years old.

The major type of identity thefts are Financial Identity Theft (using another's identity to obtain goods and services), Criminal Identity Theft (posing as another when apprehended for a crime), Identity Cloning (using another's information to assume his or her identity in daily life) and Business/Commercial Identity Theft (using another's business name to obtain credit).

We must be address by using regular awareness sessions with end-users to secure about their identity from fraudsters. Here is an Identity theft security awareness training session by Mr. Jorge, Founder and CEO www.esgulf.com, Limassol, Cyprus. Jorge helps organizations and individuals understand and get the best out out of latest in Information and Communication Technology.

You can also download the audio of this Identity theft security awareness training session by clicking here.Download this episode (21 min)  

Monday, February 4, 2008

Orkut Trends - Indian women are among the world’s heaviest receivers of ‘scraps’

According to a new report from Orkut, Indian users are among the top five countries to get the maximum number of scraps posted on their Web pages. While globally, women receive just under half (48 per cent) of all scraps, Indian women score a higher percentage than men. Women from the Cayman Islands receive the most and Albanian women had the fewest scraps.


Another interesting fact is that the scraps are usually very brief. According to Orkut’s research the most popular scrap is ‘Hi’, which occurred 1,131 times out of a sample of 1 lakh short scraps. Short words such as ‘Ok’, ‘hello’, and ‘congratulations’ are the other most commonly used scraps.


Indian users on Orkut receive as many as 345 scraps on an average, which is quite impressive when compared to 423 scraps per user in the US. More than 16 per cent of members on Orkut are from India, which is the second largest community from a single country after Brazil.

Source: Orkut Blog, TheHinduBusinessLine

Recent Comments