Twitter Hack Reminds Us That David Can Still Fell Goliath

twitter_hack_david

The twitter hack began as a quiet scheme to steal and sell unusual user names, which carry high currency in gamer and hacker circles.

But as the day wore on, the attack took over dozens of accounts belonging to corporations like Apple and celebrities like Joe Biden, Barack Obama, Bill Gates, Elon Musk and Kanye West. The hackers used the celebrity access to appeal to their followers for funds:

twitter hack of Joe Biden's accountAt least $180,000 worth of Bitcoin flowed into the hackers’ accounts.

By the time the hackers were done, they had broken into 130 accounts and dramatically exposed gaping holes in Twitter’s security.

What organized Goliath cybercrime ring was responsible?

Seventeen-year-old Florida resident, Graham Ivan Clark (David, for the purpose of this metaphor).

From the affidavit:

Graham Ivan Clark, 17  without authorization gain [sic] access to Twitter Inc.’s Customer Service Portal. Clark used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal.

Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if Bitcoins are sent to accounts they will be doubled and returned to the victim. 

Despite the hackers’ cleverness, their plan quickly fell apart, according to court documents. They left hints about their real identities and scrambled to hide the money they’d made once the hack became public. Their mistakes allowed law enforcement to quickly track them down.

If Twitter, a company that spends millions on security ever year, can be hacked by a 17-year-old, so can your organization. But it wasn’t the technology that was hacked, it was the people. 

It is no surprise that the twitter hackers used the same tool that leads to a majority of damaging corporate breaches: social engineering. Twitter says that a few employees were targeted in a phone spear phishing attack, which suggests that hackers called Twitter employees while posing as members of the Twitter’s security team, and got them to reveal the credentials they use to access internal systems.

Once inside the system, they had free rein to do anything they wanted with any Twitter account. The next time this breach happens, the criminals will be more organized, and will use their access to launch a much more devious, lucrative scheme.

I hope Twitter invests as readily in their security awareness training and social engineering defenses as they do on their technology. And I hope you do as well, as it’s no fun to be beaten by David.


John Sileo is a cybersecurity expert, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences virtually and around the world and is the CEO of The Sileo Group, a technology think tank based in Colorado

12 Days to a Safe Christmas: Day 8 – What to Give the Person Who has Everything (and Wants to Keep it!)

Holiday Security Tips: On the eighth day of Christmas, the experts gave to me, 8 scam detectors

Most of us are too busy to monitor every form of identity that is at risk. Unfortunately, victims usually get hit when they take their eye off the ball.

 Solution: Purchase a comprehensive identity monitoring service

While a partridge in a pear tree may have been appreciated in 18th century England, it’s not a very coveted item these days!  Instead, help out the ones you love (and yourself!) by giving the gift of identity theft monitoring.

Traditional credit monitoring (which you can do for free at AnnualCreditReport.com) only detects a portion of identity theft. The remaining theft occurs as a by-product of non-credit loan activities (pay-day loans, etc), shared public records (court cases, real estate transactions, government filings, etc.), Internet trading sites (bought and sold on rogue websites), or in relation to medical or criminal records. It is important to monitor these forms of potential identity theft as well as your credit file. The key here is convenience; if you don’t have to do much to monitor a large portion of your identity, the work goes down while peace of mind increases. Make sure that your monitoring service has at least the following features:

  • 3-in-1 Credit Monitoring from each of the bureaus (Experian, Equifax, TransUnion)
  • Court & Public Record Monitoring
  • Non-credit loan monitoring like pay-day loans
  • Internet Surveillance for the buying and selling of your data
  • Sex Offender Reports to make sure crimes aren’t being committed in your name
  • Identity theft insurance to cover costs if you are affected
  • Identity theft restoration services to save you time

Forget the fruitcake; buy them something they’ll truly appreciate and remember long after the holidays! On the ninth day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

10 Times NOT To Use Your Debit Cards this Holiday Season!

As you head into the holiday season, one of the best steps you can take to protect your bank account is to eliminate the use of your debit card. While delivering a keynote speech in Washington DC last week, someone asked me if I could name ten times when you should NOT use a debit card.  I replied, “It’s a trick question because the answer is NEVER!” I seriously do feel that way, but I know there are people who either need to or prefer to use a debit card rather than a credit card or cash, so I want you to be informed about how to use it wisely.

First, make sure you understand the difference between a credit and debit card.  While they appear identical and can often be used interchangeably, remember that a debit card is a direct line to your bank account.  If a thief gets ahold of your debit card information, they essentially have access to your account.  One of the biggest differences comes to light when fraud occurs.  Credit card users can simply decline the charges and not pay the bill.  Debit card fraud comes straight out of your bank account and is much harder to fight or reclaim the money that as been debited. In the meantime, while you prove it was fraud, you’re out the cash.

Here is a Top Ten List of times to choose credit over debit.

10. Booking future travel

If you book your travel with a debit card, they debit your account immediately,. So if you’re buying travel or making a reservation that you won’t use for several months, you’ll be out the money immediately.  Also consider that many large hotels have suffered data breaches.

9. Hotels

Many hotels follow the practice of using your debit card to place a hold on your money (sometimes hundreds of dollars) to make sure you don’t run up a long distance bill, empty the mini bar or trash the room. The practice is almost unnoticeable if you’re using credit, but can be problematic if you’re using a debit card and have just enough in the account to cover what you need.  Be sure to ask about their “holding” policy if you are using a debit card.

8. Expensive purchases

This one is simple.  If something goes wrong with the merchandise or the purchase, a credit card offers rights to dispute and stop payments much easier than a debit card. You have a much shorter window for reporting and resolving an issue and may even be responsible for all charges if you wait too long.

7. Rental or security deposits.

Say you want to rent a car or borrow a Bobcat from your local home improvement store.  Remember that when you use a debit card to put down a deposit, that money is temporarily unavailable to you.  Of course, you’ll get the money back when you return the car or equipment, so this is no big deal if you have the money to spare until that time. But with a credit card, the money is just “frozen” and not actually charged so you won’t ever notice it’s gone.

6. Regular/recurring payments

You’ve heard about someone who quit a gym or discontinued a magazine subscription only to find that they kept getting billed. If you used a debit card for those payments, they’ll just keep coming right out of your bank account.  (Using a credit card is also a good way to ensure you don’t forget to make that monthly debit in your check register!)

5. Wi-Fi hot spots

Never use your debit card for an online purchase while at a coffee shop or other business that offers free wi-fi access.  Many of those businesses have unsecured wireless connections, so it’s much easier for hackers and scammers to log on and steal your data.

4. Restaurants

Anytime the card leaves your sight, you should NOT use your debit card. The waiter coming to your table has alone time with your card, giving them the opportunity to copy your card information.

This also applies to ordering food for delivery.  Restaurants that deliver tend to keep customer payment information on file in order to make future orders more convenient.

Another problem with using a debit card at restaurants is that some establishments will approve the card for more than your purchase amount because, presumably, you intend to leave a tip. So the amount of money frozen for the transaction could be quite a bit more than the amount of your tab. And it could be a few days before you get the cash back in your account.

3. Outdoor ATMs

Outdoor ATM machines provide the perfect opportunity for thieves to skim users’ debit cards.  Skimming is the practice of capturing a bank customer’s card information by running it through a machine that reads the card’s magnetic strip. Criminals place these machines over the real card slots at ATMs and other card terminals.  If the public has access to it, so do data criminals.  Use the ATM just inside the bank where it is under constant surveillance. And no matter what, look for devices or cameras on the ATM machine that aren’t normally there.

2. Gas stations

Every gas pump asks, “Credit or Debit?” these days.  Don’t choose the debit option!  Go inside and pay cash if you choose not to use your credit card!  There are three reasons.  One, it’s fairly easy for a thief to insert a skimmer and then sit nearby with a laptop accessing your information.  Even if the thief doesn’t manage to get your debit card personal identification number, or PIN, from such a device, he still may be able to duplicate the card’s magnetic strip and use it for “sign and swipe” Visa or MasterCard transactions.

Thieves can also sit nearby using small cameras to capture footage of debit card users entering their PINs. Finally, similar to the hotel example above, your debit card may be used to place a hold for an amount larger than your actual purchase.   So, even though you only bought $10 in gas, you could have a temporary bank hold for $50 to $100, says Susan Tiffany, director of consumer periodicals for the Credit Union National Association.

1. Online

Using you debit card online is like asking for your bank account to be emptied. There is just way too much potential for hacking at many different points in a transaction.  It could occur due to malware on the computer, someone could be “eavesdropping” via a wireless network, or it could happen once in the hands of the merchant due to a data breach.  If you have a problem with the purchase or your debit card number is stolen, it’s a huge hassle to get the money restored to your account and make your card number safe and secure again.

Keep it simple and just always use a credit card. I realize that it is easier to spend more money when it’s not coming directly out of your account, but it’s better to resist the temptation to spend for the added security provided. 

John Sileo is an author and highly engaging keynote speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: How do I prevent & resolve it?

The past two blogs have outlined why seniors are targeted, what signs to watch for, and some common schemes.  Now for the truly important info: How to prevent elder fraud from happening and what to do if it does happen!

  • Report actual or attempted elder fraud (or any type of fraud) via Fraud.org’s Online Complaint Form.
  • Change the phone number if a senior is receiving excessive sales calls.
  • Change the bank account or credit card numbers if they have fallen into the hands of thieves.
  • Avoid getting on sucker lists. Don’t fill out contest entry forms at fairs or malls—they are a common source of “leads” for con artists. Ask companies you do business with not to share your personal information with other marketers.
  • Know your “Do-Not-Call” rights. Under federal law, you can tell a telemarketer not to call you again and you can file a complaint on the Do Not Call website.
  • Make sure you know the company you are dealing with. If it’s an unfamiliar company or charity, check it out with your state or local consumer protection agency and the Better Business Bureau.
  • Screen your calls. Use an answering machine, Caller ID, or other services that may be available from your phone company to help you determine who you want to talk to and who you want to avoid.
  • Never sign blank insurance claim forms.
  • Never give blanket authorization to a medical provider to bill for services rendered.
  • Ask your medical providers what they will charge and what you will be expected to pay out-of-pocket.  Get it in writing.
  • Carefully review your insurer’s explanation of the benefits statement. Get an annual “Benefits Request Checkup” from your insurance provider to see a list of all benefits and services paid in your name.  Call your insurer and provider if you have questions.
  • Do not do business with door-to-door or telephone salespeople who tell you that services of medical equipment are free.
  • Give your insurance/Medicare identification only to those who have provided you with medical services.
  • Keep accurate records of all health care appointments.
  • Use caution when purchasing drugs on the Internet. Do not purchase medications from unlicensed online distributors or those who sell medications without a prescription. Reputable online pharmacies will have a seal of approval called the Verified Internet Pharmacy Practice Site (VIPPS), provided by the Association of Boards of Pharmacy in the United States.
  • Always ask for and wait until you receive written material about any offer or charity. If you get brochures about costly investments, ask someone whose financial advice you trust to review them.  Remember, even a classy brochure can be a hoax!
  • Always take your time making a decision. Legitimate companies won’t pressure you to make a snap decision.
  • Don’t pay for a “free prize.” If a caller tells you the payment is for taxes or shipping fees, he or she is violating federal law.
  • Never send money or give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons.
  • Get a second opinion!  When filling out important forms or making a big financial decision, ask someone you trust to look it over and talk it over before giving away any personal information.
  • Get help when using the internet, especially concerning financial transactions.  NEVER give out personal information such as SS numbers or credit card information. Remember that older grandkids make great resources when it comes to using the Internet because they are true digital natives.

Remember, you’ve worked hard to reach a point where you can enjoy your golden years.  Don’t let someone else enjoy the fruits of your labor.  Be vigilant and be protected!

John Sileo is an author and highly engaging speaker on business fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: What are the Most Common Schemes?

In our previous blog we talked about why senior citizens have become such a target for con artists and even unscrupulous relatives to commit elder fraud and take their hard-earned money.   We also talked about signs that they may be being duped.  Today, we want to make you aware of the variety of schemes that are out there.  This is by no means a complete list, but will give you a pretty good idea of what to watch for.

Common schemes:

  • The “Grandparents Scam”: someone phones or e-mails and pretends to be a grandchild in trouble. The elderly person, who may not have much contact with their grandchild, might be convinced and may wire money or send a prepaid debit card to help.
  • Offers of “freebies”: the Better Business Bureau of eastern Michigan reports that scammers now are offering seniors $3,000 in “free groceries savings certificates” along with a free medical alert bracelet. The scam may lure people to give away bank account information.
  • Enticing links on websites lure inexperienced seniors into divulging personal information.
  • Con artists may attend the funeral service of a stranger claiming that the deceased had an outstanding debt with them.
  • Reverse mortgage scams: the FBI reports that victims are offered free homes, investment opportunities and foreclosure or refinance assistance.
  • Thieves steal personal information and contact the Social Security Administration to change the payment routing information to the thieves’ own bank accounts or prepaid debit cards.
  • Fake lottery/sweepstakes: seniors are enticed into buying inexpensive knick-knacks or magazine subscriptions (which they do receive) in order to be entered into a contest.  Another variety is they receive an official looking check saying they’ve won a foreign lottery.  In both cases, they are asked to give up personal information to proceed.
  • The discount prescription scam: seniors are offered prescription drugs at a significant discount, but are required to pay a $200 membership fee or give up their credit card information.
  • The “credit card company” calls:  a polite caller says he’s from the senior’s credit card company and is investigating a possible fraudulent purchase. He even IDs the last four digits of the charge card as proof. When the senior denies making the purchase, the caller offers to reverse it immediately, but asks for the verification code on the back of the credit card.
  • Door-to-door solicitors ask for donations on behalf of charitable organizations.
  • Telemarketing fraud: according to the National Consumers League, nearly a third of all victims are age 60 or older. Studies by AARP show that most older telemarketing fraud victims don’t realize that the voice on the phone could belong to someone who is trying to steal their money.
  • Medical Equipment Fraud: equipment manufacturers offer “free” products, such as wheelchairs or oxygen tanks, to individuals. Insurers are then charged for products that were not needed and/or may not have been delivered.
  • “Rolling Lab” Schemes: unnecessary and sometimes fake tests are given to individuals at health clubs, retirement homes, or shopping malls and billed to insurance companies or Medicare.
  • Services Not Performed: Customers or providers bill insurers for services never rendered by changing bills or submitting fake ones.

This list truly only scratches the surface of what is out there, but it gives you a good idea of just how vigilant seniors and their caretakers need to be.  In our next blog, we will provide a list of what seniors need to do to prevent becoming a victim of scams and what to do if it does happen to them.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: Why Are Senior Citizens Targeted?

 

Imagine spending your whole life working hard, saving wisely and spending conscientiously—only to have your comfy “nest egg” taken away by unscrupulous scammers or even your own greedy relatives in your golden years.  Sad to say, this is a scenario that is far too common; up to 80% of scam victims are over 65, according to the U.S. Federal Trade Commission. A 2009 study by MetLife’s Mature Market Institute estimates that seniors lose approximately $2.6 billion per year to elder fraud, or what they call financial abuse, meaning fraud by outside scammers or theft by family members and acquaintances.

And this issue will take on even more importance in the years to come as the senior population in America grows.  According to the U.S. Census Bureau, there were 37.3 million people 65 and older in the United States as of 2006.  This group is expected to double in size within the next 25 years. By 2030, almost 1-out-of-5 Americans – some 72 million people- will be 65 years or older.

A scan of recent alerts from the Senior Journal shows a wide variety of areas that require constant vigilance:

By definition, Elder Fraud targets seniors, but why?

  • Senior citizens are most likely to have significant savings, to own their home and/or to have excellent credit—all very desirable to criminals.
  • People who grew up in the 1930s, 1940s, and 1950s were generally raised to be polite and trusting.  They are less likely to be suspicious of a nice salesperson, say no or hang up on pushy telemarketers.  There is even a study showing that we get more trusting as we age.  Through MRI testing, researchers at  the University of California, Los Angeles found that the area known as the anterior insula, which is associated with “gut feelings,” became more active in the younger subjects at the sight of an untrustworthy face. Older subjects, however, showed little to no activation in this area.
  • Seniors can be less comfortable with technology and inadvertently share information online or click on links that makes them vulnerable.
  • Criminals know that seniors are less likely to report a fraud.  This could be either because they don’t know who to report it to, are too ashamed at having been scammed, or don’t even know they have been scammed. Many are afraid to appear as if they have lost the ability to make sound decisions to their relatives, so they just keep it to themselves.
  • If an elderly victim does report the crime, scammers know that they often make poor witnesses.   The effect of age on memory combined with the amount of time that often passes between the crime, the realization, and actually acting on it makes it difficult for elderly victims to supply enough detailed information to investigators.
  • Senior citizens are more interested in and susceptible to products promising all sorts of wonderful results, from anti-aging creams to improved memory to medical cures.  In a world full of the miracles they’ve witnessed in their lifetimes, nothing seems too good to be true.  And if they can get a bargain on it, so much the better!

Elder Fraud Warning Signs:

  • You notice an excess amount of ATM or bank account withdrawals, perhaps even exceeding the daily maximum allowed on that account.
  • The senior is bouncing checks, which might indicate an unexpected loss of money.
  • There are debit transactions that don’t seem to make sense for an older adult.  Also, there may be debits that the person can’t remember or explain.
  • The older adult may be suddenly wiring large sums of money or writing large checks.
  • He or she may close a certificate of deposit, even though a large penalty would be paid for early withdrawal before that CD matured.
  • The bank is unable to speak directly with the older adult, despite repeated attempts to contact him or her.
  • A “new friend” suddenly begins handling the money for a senior.
  • The senior receives excessive amounts of junk mail.  (Once a senior takes the bait for one scam, thieves sell the person’s name, address and telephone number, and fake mailings proliferate.)
  • The phone rings excessively with sales calls.
  • He or she may be having difficulty buying groceries and paying bills.
  • They seem to receive lots of cheap items such as costume jewelry, beauty products, water filters, and knick-knacks that they bought to win something or received as prizes.

Tomorrow, we will outline common schemes that are used to prey on senior citizens.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Check washing & check fraud can dirty your spring cleaning

Check washing is so simple, you must learn to prevent check fraud

Are check fraud and check washing still relevant in the age of digital payments? If you’re like the average person, chances are you don’t write too many checks anymore. With the convenience of online payment options, nearly universal acceptance of credit and debit cards, and the proliferation of ATMs offering you easy access to money at every turn, why resort to the archaic, labor-intensive method of writing a check?

The simple answer—sometimes we have no other choice!  Some places still don’t accept credit cards (Costco if you don’t have an American Express), or they charge an extra fee for them.  Some retailers don’t offer online payment options.  And frankly, sometimes it’s just an old habit and we haven’t made the effort to find a safer option because we’re stuck in the mindset of “it’s never happened to me” when thinking about check fraud.

Yet, according to a recent AFP Payments Fraud and Control Survey, checks remain the payment type most vulnerable to fraud attacks. In an American Bankers Association Deposit Account Fraud Survey, 73% of banks reported check fraud losses totaling approximately $893 million. And perhaps scariest of all, the imprisonment rate for check fraud is only 2% according to a statement made by the Department of Justice.  So although it’s not as glamorous or high tech as some other forms of fraud, check fraud is very tempting to criminals. It’s often as easy as taking an afternoon stroll down a street looking for vulnerable mailboxes, and then doing a little bit of “laundry”.

Check Washing Check Fraud

One form of check fraud that hits home for businesses and individuals alike is check washing.  It is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means. We conducted our own experiment to see just how easy it is to alter a check.  Take a look at our results in the video above.

What can you do to prevent this form of check fraud from happening to you?  There are many steps you can take:

  • Always use high security checks with multiple check fraud and check washing countermeasures
  • Use security gel-based pens with dark ink 
  • Don’t leave mail containing checks in an unattended or unlocked mailbox  (i.e. w/ red flag up)
  • Buy a locking mailbox (one large enough for a postal carrier to put mail through, but not large enough for a hand)
  • Shred voided checks
  • Check your bank statements regularly and immediately when you receive them.  You have a limited time in which to report check fraud.
  • Put clear tape over important fields when mailing a check
  • Do not leave blank spaces on payee or amount lines
  • Have new checks delivered to your bank if possible so they are not sitting in your unattended mailbox

Businesses are highly susceptible to massive check fraud via check washing, because the balances in their accounts tend to be higher and more vulnerable. This simple change from regular checks to high security checks can drastically reduce your risk of check washing and check fraud.

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Stop Check Fraud with Security Checks

How to Stop Check Fraud and Check Washing

Check washing, a highly common form of check fraud, is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means.  One of the many ways to protect yourself against check fraud is so important that it deserves its very own article.

A foolproof way to protect your checks from being altered, whether by washing or by electronic means, is to use security checks offered by most companies.

Here are some of the features to look for when you’re purchasing High Security Checks.  These features will safeguard you not only against check washing, but other high tech forms of check fraud as well:

  • Safety security paper (visible and invisible fluorescent fibers, chemical-sensitive)
  • Foil hologram (cannot be reproduced by copiers or scanners)
  • High resolution border elements (intricate design is difficult to reproduce)
  • True watermark (cannot be reproduced by copiers or scanners)
  • Toner adhesion  (damage is visible if toner is lifted or scraped)
  • Void element (the word void appears if photocopied or chemically altered)
  • False positive test area (instant authenticity test with black light or counterfeit pen)
  • Complex pantograph background pattern and high-security colors
  • Thermochromatic ink (reacts to heat to deter copying)
  • Original document backing (deters cut and paste alteration attempts)
  • Chemical wash detection area (shows chemical alteration attempts)
  • Security warning box (becomes visible when photocopied)
  • Padlock icon (signifies that checks meet industry standards)

One more vital tip to foil the check washers: use a dark ink, gel-based pen, preferably one that states it is a security pen. Take a look at the video to the left to see how easy it is to wash a check if you are not using a high security gel-based pen. 

Yes, you may spend a few extra dollars for security checks and pens, but compared to the staggering cost of recovering from check-washing schemes (small businesses lose more than 7%  of their annual revenue to check fraud  – over $600 billion), it’s a drop in the bucket!  Your peace of mind and saved recovery time are worth it.

Checks Unlimited provides personal Securiguard checks with 7 advanced security features including chemical protective paper, microprint signature lines, and a 2 dimensional holographic foil that is irreproducible on copiers or scanners.  Their Security Center also offers fraud prevention tips and security products!

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

“Clickjacking” and “Likejacking” – Be Aware!

None of us wants to be part of a scam that allows links to be forwarded as if from a friend, invading their privacy and endangering their sensitive  information. It’s not always easy to avoid bad sites but by just being aware of the problem, you can become more adept. The following article is a summary of an original post By Rob Spiegel, E-Commerce Times.

In its on-going effort to mitigate spam activity, Facebook filed a lawsuit against a company that allegedly ran a “likejacking” operation. “We’re hopeful that this kind of pressure will deter large scale spammers and scammers,” said Facebook spokesperson Andrew Noyes. The state of Washington is also applying pressure, having mounted a similar lawsuit against the same company. Both suits were filed citing violation of the CAN-SPAM Act, which prohibits the sending of misleading electronic communications.  Facebook and Washington state filed federal lawsuits on Thursday against Adscend Media for “clickjacking,” a form of spamming that fools users into visiting advertising sites and divulging personal information.


“Likejacking” is similar; victims are tricked into using Facebook’s Like button to spread spam. Users believe links to spam sites are being sent to them by friends, and the advertiser collects money from clients for every user misdirected. A prominent example is the indictment in California of self-proclaimed “spam king” Sanford Wallace in August, Noyes said. “Two years ago, Facebook sued him, and a U.S. court ordered him to pay a (US)$711 million judgment. Now he faces serious jail time for this illegal conduct.” Facebook also secured a $360.5 million judgment against spammer Philip Porembski, said Noyes, which “followed an $873 million spam judgment in 2008 against Adam Guerbuez and Atlantis Blue Capital for sending sleazy messages to our users.” The Guerbuez judgment was the largest award ever under the CAN-SPAM Act, he noted.

Clickjacking is a programming technique that employs a seemingly innocent button to trick users into visiting sites unintentionally. Likejacking is a similar technique that utilizes Facebook’s Like button. The technique is also referred to as “UI redressing.” Clickjacking is “quite well understood,” Roger Kay, founder and principal of Endpoint Technologies, told the E-Commerce Times. “It is used by both legit and illegit programs.” Both clickjacking and likejacking are designed to trick users.

“When someone browsing clicks on a site, the site can execute arbitrary code in the browser,” said Kay. “It can set a cookie, say, for Amazon (Nasdaq: AMZN), or do more nefarious things, like inject malware designed to call other malware later.” Clickjacking has been prevalent for years, and likejacking has become similarly entrenched. Many users of Facebook have likely experienced it in the form of a product-related message that seemed to be from a friend. “The use of the technique is widespread,” said Kay. “Consumers need to use better judgment about which links they click on.”

Links can be forwarded as if from friends, and some come-ons are pitched just right to get around the user’s suspicions he noted.”If you’re the target of a spear phish, then the attack is tailored to you,” said Kay. “So, avoiding bad sites becomes a kind of ninja art everyone must learn.”

 

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.