cyber-crime « WordPress.com Tag Feed

Cyber Crime di Hari Natal

koresh07 — Tue, 24 Nov 2009 05:59:02 +0000

Sebentar lagi natal, hari yang sangat ditunggu-tunggu umat kristiani diseluruh dunia. Hari yang dipe

Assistants some scams to be aware of.

virtuallyyourspa — Sat, 21 Nov 2009 13:28:46 +0000

Virtual assistants and job seekers are always on the look out for new opportunities and sometimes th

Safest Web Browser - IE8

techpaul — Fri, 20 Nov 2009 19:40:46 +0000

Internet Explorer 8 Tops Safety Testing Test The primary way cyber-criminals do their dirty deeds

Thank you Monster!

scamvictimsunited — Fri, 20 Nov 2009 14:16:34 +0000

I have been wanting to see this happen for YEARS! Monster just sent out a warning about work at home/employment scams to all of their members! Here is a copy of the information.

If it looks too good to be true, it probably is.” Whether you are searching for a new job through Monster or other websites, keep in mind that the same technological innovations that help in your job search may be used by cyber-criminals looking to lure job seekers into questionable job “opportunities.”

Monster, the worldwide leader in the online recruitment industry, makes protecting job seekers a top priority. While Monster continually monitors its network and database to detect and terminate fraudulent access or job postings, keep in mind that Monster’s primary purpose is to serve as an open forum for employers to advertise open positions and a service for job seekers to broadcast their qualifications to interested employers. We work hard to ensure that only appropriate parties (such as employers) have access, but neither we nor any other online recruitment company can guarantee that inappropriate parties will not gain access to a posted resume. Accordingly, we’d like to remind you of what you can do to help keep yourself safe during a job search.

Know What to Avoid

Some employment scams appear as job postings or classifieds while others may target victims with an offer through an unsolicited email. Below are the most common scams you may see:
Money-Laundering Scams
Money launderers often create job descriptions that offer commissions or pay as high as $2000 per day to process checks on behalf of foreign nationals. They are recruiting local citizens to “process payments” or “transfer funds,” because as foreign nationals, they can’t do it themselves. The image below is an example of a money laundering scam hidden behind what appears to be an offer of employment. Learn more about money laundering scams here. »

Reshipping Scams
Reshipping, or postal forwarding, scams typically require job seekers to receive stolen goods in their own homes– frequently consumer electronics — and then forward the packages, often outside the United States. Those who fall for reshipping scams may be liable for shipping charges and even the cost of goods purchased online with stolen credit cards. Read more about reshipping scams here. »

Pre-pay/Work at Home Scams
Although there are genuine jobs working at home, many “offers” are not valid forms of employment and may have the simple goal of obtaining an initial monetary investment from the victim. Using claims such as ‘be your own boss’ and ‘make money quickly’, Work at Home scams will not guarantee regular salaried employment and almost always require an “up-front” investment of money for products or instructions before explaining how the plan works. Find out more about avoiding these scams. »

Protect Yourself

What seems like a lucrative job offer could cost you your savings and more. Learn to identify the signals of an employment scam to protect yourself. When conducting a job search:

Look for signals in a job posting or email offer, which could serve as an indicator that what is being presented as employment is not legitimate. Don’t get involved with an employer that can’t make its business model perfectly clear to you or one that’s willing to hire you without even a phone interview. Do your own research on any employer that makes you feel at all uneasy.

Never put your social security or national ID number, credit card number, bank account number or any type of sensitive personal identification data in your resume. You should never share any personal information with a prospective employer, even if they suggest that it is for a “routine background check”, until you are confident that the employer and employment opportunity is legitimate. Use Monster’s resume visibility options to ‘Be Safe’.

Do not engage in any transaction in which you are requested to transfer or exchange currency or funds to a prospective employer. Remain alert for the Work at Home employers who require you to make an up-front investment.
Be cautious when dealing with individuals/companies from outside your own country.
If you see a questionable job posting or suspect misuse of the Monster website or its brand, please report the suspected fraud to Monster.

If you think you have been a victim of fraud, immediately report the fraud to your local police and contact Monster, so steps can be taken to ensure your safety. We also recommend that you file an online report with The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). For more information on how to conduct a safe job search, visit Monster’s Security Center. You can also check out LooksTooGoodToBeTrue.com.

Best regards,

The Monster Team

Quebec woman alleges sick leave benefits cut off because of Facebook

mistercooke — Fri, 20 Nov 2009 01:46:07 +0000

By Marianne White , Canwest News ServiceNovember 19, 2009 6:02 PM

A Quebec woman on long-term sick leave is taking her insurer to court over a decision to cut her benefits based, according to her, on photos she posted on Facebook.

Nathalie Blanchard, 29, is on leave from her job at IBM in Bromont, Que., since she was diagnosed with severe depression in February 2008.

But her benefits were suddenly cut off at the end of October. When she called to inquire with Manulife, her insurance company, she was told they established she was ready to go back to work based on photos they saw on Facebook.

Blanchard had posted photos her herself enjoying the beach at a sunny destination and partying in bars with her friends.

“They didn’t ask her to explain those photos before making their decision,” said Blanchard’s lawyer Thomas Lavin.

Lavin said the Eastern Townships woman was encouraged by her doctor to take small vacations and go out more to try and forget about her worries and integrate herself back into her social network.

Blanchard is going to file a claim in Quebec Superior Court for wrongful dismissal and to seek damages against Manulife.

“She’s in a fragile position to begin with and this has certainly not helped her recovery,” her lawyer said Thursday.

Lavin said Blanchard also saw her mortgage insurance cut off because either Manulife or her employer called her financial institution to let them know what they saw on Facebook.

“That forced her to sell her house because she can’t afford to pay her mortgage, her credit has gone down the tubes and her reputation has been damaged. She’s not having a good time,” he said.

What people post on social networking sites like Facebook is increasingly being used against them in legal proceedings or criminal investigations.

Manulife acknowledged they are using information on such sites to investigate clients.

“We carefully assess and pay all valid claims, plus we would not deny or terminate a valid claim solely based on information published on websites such as Facebook,” the insurer noted in a written statement sent to Canwest News Service.

Lavin said despite repeated requests from him and Blanchard, Manulife has refused to give them the evidence to back up their decision.

Earlier this year, a British Columbia court ruled that a woman who claimed that a car accident left her unable to enjoy her favourite activities should have removed her Facebook photos that proved otherwise.

Photos of Mirae Mayenburg hiking and cycling were entered as evidence in her court case against the Insurance Corp. of B.C.

Victim tracks down attacker on Facebook

mistercooke — Fri, 20 Nov 2009 01:42:36 +0000

From Sky News

news.com.au

November 20, 2009 05:13am

A UK woman who was slashed in the face at a bar used Facebook to track down her attacker.

Jennifer Wilson, 20, was dancing in the Walkabout bar northwest of London when a drunk woman lashed out at her, Sky News reported.

“She kept giving me dirty looks and then she pulled me off the stage onto the floor and pushed the glass into my face,” Ms Wilson said.

“It’s disgusting that anyone could attack someone like that,” she said.

The woman ran off after the incident. After searching through 200 people on Facebook, a popular social networking website, Ms Wilson found her attacker, identifying her as Ashleigh Holliman.

Ms Wilson said: “I went on Facebook and looked at a mutual friend’s profile and searched his friends list. As soon as I saw her picture I knew it was her. She is quite distinctive, with red hair.”

Police arrested Holliman, 22, at work the following day. They took her to a police station where Jennifer picked her out of a line-up.

A court awarded Jennifer £2400 ($4352) as compensation and ordered Holliman to do 120 hours of unpaid work.For a photo of the victim, visit Sky News.

Großer Kreditkartenrückruf nach Datenleck im Rechenzentrum

Guido Strunck — Wed, 18 Nov 2009 17:23:04 +0000

Mal wieder rauscht ein größerer Datenskandal durch den Blätterwald. Banken lassen Zehntausende Kreditkarten ihrer Kunden einziehen und austauschen, weil die Kartendaten in die Hände von professionellen Gaunern gefallen waren. „Die Austauschaktion betrifft alle Banken in Deutschland gleichermaßen“, so ein Sprecher des Zentralen Kreditausschusses (ZKA), der Dachorganisation der Banken. Doch was ist tatsächlich geschehen?

Ein Großteil der betroffenen Kreditkarten wurde in den letzten Monaten in Spanien benutzt. Dort liefen die Kartentransaktionen über einen sog. „Prozessor“, d.h. einen externen Dienstleister zur Zahlungsabwicklung. Anscheinend gab es dort ein Datenleck, durch das Kartendaten abgezogen wurden. Unklar ist derzeit, um welches Unternehmen es sich handelt und wie die Kartendaten gestohlen wurden. Auf entsprechende Nachfragen der Presse reagieren die Banken nicht oder verweisen auf noch offene Verfahren.

Es können aber auch Kreditkarten betroffen sein, die in Deutschland benutzt wurden, wenn der Handelspartner seinen Zahlungsverkehr über spanischen Dienstleister abgewickelt hat. Insbesondere bei Großunternehmen gibt es den Trend, Dienstleistungen wie den Zahlungsverkehr zu zentralisieren, um bei Zahlungsabwicklern Volumennachlässe zu erhalten.

Obwohl es bereits in den letzten Monaten mehrmals Probleme und Rückrufaktionen mit Kartendaten gab (z.B. im Oktober als die KarstadtQuelle Bank 15.000 Karten austauschen lies), scheinen die Banken vom Ausmaß des Angriffs überrascht zu sein. Tatsächlich agieren Cyber-Kriminelle bereits seit Jahren immer professioneller und trickreicher. Sie machen sich die Hauptschwäche moderner Geschäftsprozesse zunutze: Die Komplexität, die durch das Zusammenwirken zahlreicher Dienstleister, Subunternehmer und Outsourcing-Partner entsteht. Da große Unternehmen seit Jahren danach streben, ihre Fertigungstiefe durch Auslagerungen und Fremdvergabe an Dritte zu verringern, sind komplexe Wertschöpfungsnetzwerke und Prozess entstanden, die – im Gegensatz zu komplexen Maschinen und Anlagen – oftmals kaum einer einheitlichen Qualitätssicherung unterliegen. Und oftmals auch kein einheitlich hohes Sicherheitsniveau über die ganze Prozesskette und alle beteiligten Firmen hinweg gewährleisten können.

Mit Hilfe der entwendeten Daten könnten die Datendiebe Karten fälschen und mit ihnen einkaufen oder die Datensätze weiterverkaufen. Die Kreditinstitute halten dagegen, indem sie Kartenkonten zum Teil verhaltensbasiert überwachen (ungewöhnliche Transaktionen an ungewöhnlichen Orten oder zu ungewöhnlichen Zeiten) und eine Karte auch schon mal vorbeugend sperren, bis der Kunde anruft.

Den Kartennutzern entsteht zwar meist kein konkreter Schaden, da sie jede über ihre Karte laufende Transaktion nachträglich rückgängig machen können. Der Reputationsschaden der Kreditinstitute durch Vertrauensverluste in das Zahlungssystem Kreditkarte sowie in die dahinterstehende Arbeitsteilung dürfte aber beträchtlich ausfallen.

Gleichzeitig zeigt dies, dass sich IT-Sicherheit zwar durch Auslagerung (z.B. als Managed Security Services über ein externes Security Operations Center) stärken lässt. Das dies aber kein Ersatz für eine interne Beherrschung aller Geschäftsprozesse einschließlich deren Absicherung und Qualitätssicherung ist. Zudem rückt so beim Thema Kreditkarten die konkrete Abwicklung der Kartenzahlungen ins Licht der Öffentlichkeit. Denn während die Banken Kreditkarten offensiv bewerben, haben sie große Teile der Zahlungsabwicklung an Dritte vergeben, ohne dass dies den Kunden wirklich klar ist. Die vertrauen so ihrer Bank, leiten ihre Daten aber bei jedem Bezahlen mit der Kreditkarte über ein ihnen unbekanntes anonymes Rechenzentrum irgendwo auf der Welt. Globalisierung eben.

Firefox Add-ons for Safer Web Surfing

techpaul — Wed, 18 Nov 2009 17:01:15 +0000

Folks, it appears I only have time today to recommend to you that you take a quick look at Internet

Scams and the Holidays

scamvictimsunited — Sun, 15 Nov 2009 18:48:50 +0000

Thanksgiving is just over a week away, and it is time to start thinking about the Holiday Season. We at Scam Victims United usually see an increase in the number of scam victims during this time of year. Many people are looking for a way to make some extra money to pay for the gifts that they want to give to family and friends, so they may sell something they own at an online classified ad site, like Craigslist, or they may look for an extra part-time job. It is because of this need for the extra money to get through the Holidays that some people may let their guard down and become more vulnerable to online scams.

Common online scams include the overpayment scams, in the form of counterfeit cashier’s checks and money orders, or work at home job offers such as the Secret Shopper Scam. Let’s review the signs of both.

Counterfeit Cashier’s check or Money Order Scam

You are selling an item over the Internet – it could be a used car or motorcycle, jewelry or even bred animals. You receive an email offer to purchase your item and the buyer says he’ll send a bank cashier’s check. The buyer is from Nigeria or “West Africa”, but has a business associate in the United States who will send you the cashier’s check. Then you are told that for some reason the check was already made out to you for an amount larger than your asking price. The buyer asks you to please deposit the check, wait for it to clear, and then send him the difference — “but only after the cashier’s check clears, of course.”

You are skeptical – but, sure enough, the bank cashier’s check arrives by Fed Ex, it looks real, your bank accepts the check, and the bank assures you the funds are in fact available. So you wait the time the bank recommends to verify that the check is clear and then you wire the difference to your buyer in Nigeria and prepare to ship your item.

A week later your bank calls: “We’re very sorry, but the cashier’s check was counterfeit” — a superb copy, but worthless. Your account is frozen. You must pay the bank back the entire amount of the cashier’s check. You may even be considered a fraud suspect yourself.

Secret Shopper Scam

The scammer will either place an ad in a legitimate classified listing, online or in print, or they will collect their victim’s names and email addresses off of resumes posted online. Some of them are even making “copy cat” websites of legitimate Secret Shopper companies to use in their scam to help convince the victim that this is all legitimate. For a listing of legitimate Secret Shopper companies, go to http://www.mysteryshop.org/

The victim will be told that they have been hired as a Secret Shopper and will be sent a cashier’s check or money order to cash and use on their assignments. One of the assignments is to review the service at a Western Union or Money Gram location. They are given a name and address to wire money to, from the check that was sent to them, and told to fill out an evaluation form on the service received and email or fax that back to the company they are working for.

Everything seems fine, and some victims may even complete a few “assignments” before the check is discovered to be counterfeit. On average, it takes about 10 business days for the bank to realize that the check is counterfeit, but we have seen some cases where it has taken over 6 months. Once the bank dose find that the check is counterfeit, they will contact you demanding the return of the money and deduct the full amount of the check from your bank account. This sometimes leaves the victims with negative bank accounts.

For more information on the check clearing process and the banking terms, please read http://scamvictimsunited.blogspot.com/2009/08/banking-terms-not-as-clear-as-they.html

Shawn Mosch

Co-Founder of ScamVictimsUnited.com

There is strength in numbers!

Find us on Twitter, Facebook and more through http://www.retaggr.com/page/ShawnMosch

Support Scam Victims United by shopping at http://shopittous.blogspot.com/

Bagaimana Password Facebook kita bisa DICURI

M. Arief B. — Sun, 15 Nov 2009 17:31:25 +0000

Tadi saya dapat sms di fb dari grup, maaf ya nama grup-nya nggak saya tulis. ini isi smsnya: Jangan

Ein Kaffee von Microsoft

Guido Strunck — Sun, 15 Nov 2009 17:06:04 +0000

Microsoft unterstützt Ermittlungsbehörden bei der Bekämpfung von Computerkriminalität. Beispielsweise durch die Entwicklung von Analysewerkzeugen für forensische Untersuchungen an beschlagnahmten Rechnern. Im Idealfall soll ein Ermittler nur noch einen USB-Stick mit vorinstallierter Software an einen zu untersuchenden PC anstecken und automatisch werden wichtige Systemdaten zusammengesucht, aufbereitet und auf dem Stick gespeichert – Bundestrojaner zum Mitnehmen für den Einsatz vor Ort gewissermaßen.

Genau das leistet ein Produkt von Microsoft, das offiziell nur an Strafverfolgungsbehörden abgegeben wird und für diese kostenlos ist: Der „Computer Online Forensic Evidence Extractor“ (COFEE).

Damit soll die Lücke zwischen den Kenntnissen krimineller Anwender und denen ermittelnder Beamter vor Ort geschlossen werden. Wenn Computer beschlagnahmt werden, müssen sie dazu meistens ausgeschaltet, abgebaut und zur forensischen Laboruntersuchung mitgenommen werden. Dadurch geht aber bereits wertvolles Beweismaterial verloren, wenn Speicherstände verschwinden, temporäre Dateien geschlossen und Verbindungen zurückgesetzt werden. Cofee soll es Ermittlern ohne IT-Fachwissen ermöglichen, diese Beweise direkt vor Ort am laufenden Rechner zu sichern.

Naturgemäß hatte die weltweite Hacker-Community ein großes Interesse an dem Tool, schon um seine tatsächliche Leistung experimentell ausloten zu können. Daher war es auch nur eine Frage der Zeit, bis es durch undichte Stellen in eine Tauschbörse hineinleakte.

Dort fischten es die stets neugierigen Tester von Heise Security heraus und untersuchten es gründlich. Das Ergebnis war eher ernüchternd, zumal Cofee auch nur mit Windows-Versionen bis XP läuft und aus Linux-Rechnern gar nichts herausbekommt:

COFEE startet via Autorun direkt beim Anstecken des USB-Sticks und führt dabei ein Kommandozeilenskript aus. Tools wie whoami, autoruns und so weiter erstellen dabei einen Schnappschuss mit Basisinformationen, die danach für den Web-Browser hübsch aufbereitet werden. Raffinierte Tools, um etwa gelöschte Dateien oder anderweitig versteckte Informationen wiederherzustellen fanden sich nicht in der Sammlung. Der eigentliche Mehrwert liegt in der einfachen Bedienbarkeit und dem Schwerpunkt darauf, Beweise zu erheben, die auch vor Gericht stand halten.

Tatsächlich ist die Software in erster Linie eine besonders bequeme Möglichkeit, etliche zum Teil betriebssystemeigene Analyse-Werkzeuge direkt hintereinander ablaufen zu lassen und ihre Ergebnisse gesammelt in eine Datei auf dem USB-Stick zu schreiben. Allerdings könnte die Toolsammlung jederzeit erweitert und verbessert werden. So wie es die Heise-Autoren ja regelmäßig mit ihrer frei verfügbaren Version des ct‘-Helpers tun, mit dem jeder interessierte PC-Nutzer ganz ähnliche Dinge tun kann, wie es den Forensikern mit Cofee versprochen wird.

Und darin steckt auch das größte Risiko von Cofee. Wer es sich der Neugier halber aus einer Tauschbörse zieht und ausprobiert, kann nicht wissen, was die Verbreiter daran verändert und an Schadcode eingebaut haben. Jederzeit könnten ein paar zusätzliche Dinge eingebaut, Hintertüren geöffnet und Rootkits reingeschmuggelt worden sein, die tatsächlich Daten vom Rechner saugen. Allerdings nicht für die Polizei sondern für kriminelle Datendiebe im Internet. Und da Microsoft dieses Tool für Privatnutzer offiziell gar nicht anbietet, sind von dort auch weder Hilfen noch Sicherheitspatches zu erwarten.

Von diesem „Käffchen“ sollte man daher besser die Finger lassen.

Zur Befriedigung von experimenteller Neugier sind freie Toolsammlungen wie der ct-Helper allemal besser geeignet.

Skype Chats Use Scare Tactics To Install Rogues

techpaul — Sat, 14 Nov 2009 19:23:31 +0000

Chat Message Tries To Scare You Into Installing Malware Folks, after a brief quiet period, criminals

The Season of Spam*

techpaul — Fri, 13 Nov 2009 18:00:32 +0000

The Internet Is Not Disneyland Folks, we are now in the time of year (and will be through New Years)

Raise Your Voices

scamvictimsunited — Thu, 12 Nov 2009 01:27:48 +0000

Consumers Invited to Raise Their Voices at the Consumer Empowerment Conference and Expo on November 21, 2009 in Hollywood, FL

Hollywood, FL, Nov. 9, 2009- Don’t let the big banks dominate the conversation any longer; join with consumers and advocates at the Consumer Empowerment Conference and Expo on November 21st and raise your voice against abusive and predatory lending practices.

“We can’t pick up a newspaper or turn on the radio or the TV these days without hearing yet another story about fraud, identity theft, spiking credit card interest rates, or foreclosure nightmares,” says Denise Richardson, co-host of the event. “The current financial crisis and mortgage industry meltdown has affected this entire nation, but the state of Florida is one of the hardest hit. Now, we finally have a way to do something about it.”

The upcoming event, to be held at the Crowne Plaza in Hollywood Florida, will be hosted by Americans for Fairness in Lending (AFFIL) and Denise Richardson on Saturday, November 21st, 2009 from 1-5 pm. It is free to the public.

“Whether you have questions about fair lending practices, want to know what’s being done about abusive credit card interest rates, or need advice about how to deal with identity theft, this event is for you,” says Richardson. Advocates on site will also be speaking on panels, talking with consumers at tables, and answering questions about credit scores and reports, mortgages, short term loans, medical debt, debt collection, and will be providing information about current legislation that is furthering the fight to create a fair lending system.

Sarah Byrnes, Director of AFFIL says “It is our hope that by attending this event, even more consumers can become part of the solution in the fight against predatory lending and help shine the spotlight on the problems caused by abusive loan products. By working together, we can raise the volume on our collective outrage and the need for better consumer protections.”

This event will give consumers a unique opportunity to interact face-to-face with local and national advocates who are working to reform the lending industry. It’s a chance for people to connect over the issues, speak one on one with consumer attorneys and advocates on issues that matter most to them, and to find new ways to work toward a common goal: a more fair financial system for all.

Confirmed participants include:

Americans for Fairness in Lending

Credit Union Strategic Planning and American Debt Relief Challenge

Florida AARP

Florida CHAIN

Florida PIRG

GiveMeBackMyCredit.com

Identity Theft Victims Support Group of North America

Robert Murphy, Attorney and Law Professor

National Organization of Victims Assistance

Ira Rheingold, Executive Director of the National Association of Consumer Advocates (NACA.net)

Scam Victims United

John Watts, NACA Attorney … and more!

Visit www.givemebackmycredit.com for an updated listing of attendees.

Event details:

Consumer Empowerment Conference and Expo

November 21, 2009

Speakers/panels start at 1:00 pm.

Open to the public 1-5 pm

Crowne Plaza, Hollywood Beach Hotel, 4000 South Ocean Drive, Hollywood FL

Quinceanera Beware - Online Safety

quinceaneraconnection — Wed, 11 Nov 2009 09:55:19 +0000

I want to share with each Quinceanera and her mom what I experienced this week on the Internet. I had my first fraudulent customer. This customer started out sending me emails with a story that got my attention. His emails were written like he was a friendly person, but the very large order he wanted to place on my www,Quinceanera wish.com site. It made me sit up and think maybe this person was a fraud.
There were a few things that got my attention:

He said he was from Australia
AND He couldn’t place his order through my Yahoo shopping cart
He changed his story as the emails continued

Since I am aware of fraud on the Internet I did some investigation on my own.

I checked out his email address to see if it was from Australia
Would you believe…it was identified coming from India – red flag #1
I did a Google search to check if the address he gave me was listed.

there was no such a listing on the Internet. – red flag #2

With this amount of information it made me realize that my first hunch was correct. So, I emailed him and told him what I uncovered with my search and if he wanted to proceed with his order he needed to produce matching identification before I would move forward.
You guessed it…he never responded.

Ordinarily I wouldn’t share my story with you, but a few weeks ago I attended a program ‘Cyber Crime Prevention’ sponsored by the Inter-Agency Council On Child Abuse and Neglect – County of Los Angeles, F.B.I., Los Angeles Sheriff’s department and the Los Angeles County Board of Education.

The speakers were terrific and the information and stories they shared was alarming. Usually only when something happens to us do we think, I AM SAFE IT WON’T HAPPEN TO ME. However, after my experience this week with the apparent fraudulent person, I decided to share some of the important information and links I learned at the Cyber Crime Prevention Symposium with you.

We all know that the Internet is filled with good as well as bad information

Teens spend a lot of time online…emailing, blogging, chatting, and IM

The speakers shared the following information:

1 in 5 teens under the age of 17 have been sexually approached online

In 15% of the cases the predator attempted to meet the teen in person

89% of sexual solicitations of teens were made in chat rooms or by IM’s

Things to do for your own safety or the safety of your teen:

Never arrange to meet face to face with someone you have meet online

Never upload or post pictures to anyone on the Internet you don’t know.

Never give out your name, home address, school name, or phone number.

Never respond to messages or bulletin board postings that are suggestive or harassing.

Most important what you are told online may or may not be true by a stranger

Never respond to an email from someone you don’t know

For more information check out the following sites:
www.learnthenet.com- in Spanish and English
www.wiredsafety.org – An Internet safety help group
www.software4parents.com - spyware and computer software
www.cybercitizenship,org - Educates about cyber crime.
BE SAFE NOT SORRY…

Phishing-Angriff auf die Arbeitsagentur

Guido Strunck — Tue, 10 Nov 2009 17:41:56 +0000

Datendiebe können sehr kreativ sein, wenn es um das Abschöpfen von finanziell verwertbaren Datenbeständen geht. Oft wird es ihnen aber auch sehr einfach gemacht. So wurde erst kürzlich bekannt, dass die Bundesagentur für Arbeit Probleme mit ihrer Stellenbörse sowie mit dem Handling interner Datenbestände hat. In der Stellenbörse kann jeder als „Arbeitgeber“ auftreten, eine Überprüfung (Gewerbeschein, Handelsregister …) erfolgt nicht. Sozialdaten von Hartz-IV-Beziehern waren bis vor kurzem allen Beschäftigen der Arbeitsagentur zugänglich, nicht nur den dafür zuständigen Fallmanagern am Meldeort des „Kunden“.

Die Mängel im Sicherheitskonzept der Arbeitsagentur sowie in Teilen ihrer Software sind anscheinend so gravierend, dass sie sich kurzfristig nicht beheben lassen. Das muss sich wohl auch eine Berliner Personalvermittlungsfirma gedacht haben, als sie mehrere Tausend Stellenanzeigen in die Stellenbörse einkippte. So viele in so kurzer Zeit, dass es bei einer internen Prüfung den Betreibern bei der Arbeitsagentur auffiel und man der Sache nachging (was für die Wachsamkeit der Agentursystemadmins spricht). Tatsächlich existierte keine einzige Stelle wirklich. Die ausgeschriebenen Positionen für Facharztstellen über pädagogische Berufe bis hin zu Ingenieuren und Managerposten waren ein Phishing-Angriff auf die Vermittler der Arbeitsagentur sowie die Nutzer der Stellenbörse. Sie sollten ihre Bewerbungsunterlagen an die Berliner Firma schicken, so dass diese ihre Datenbestände damit aufstocken und möglichen Firmenkunden eine Datenbank mit Tausenden von Profilen anbieten kann.

Das ist für Personalvermittler an sich nichts Ungewöhnliches. Firmen wie Hays, Datos oder Progressive bieten interessierten Stellensuchenden die Möglichkeit an, ein Profil in einer Datenbank zu hinterlegen und regelmäßig gegen dort ausgeschriebene Stellen von Firmen gegenchecken zu lassen. Auf Projektvermittlungsbörsen wie Gulp oder Projektwerk können Freelancer Profile einstellen und Angebote von daran interessierten Firmen erhalten. Werben gehört zum Geschäft und wer als Stellensuchender einem Personalvermittler seine Daten gibt, um dessen Stellen mit in seine Stellensuche einzubeziehen, tut das i.d.R. bewusst. Das ist eine übliche Praxis an der es grundsätzlich nichts auszusetzen gibt.

Anders diejenigen Arbeitssuchenden, die sich auf eine konkrete Stelle bewerben, die jedoch gar nicht existiert. Sie würden in einem solchen Fall nur eine Textbaustein-Absage erhalten und das Angebot in der Datenbank des Personalvermittlers zu verbleiben, in der Hoffnung das nochmal eine ähnliche Stelle reinkommt. Seriöse Personalvermittlung sieht anders aus.

Und so sieht auch Anja Huth, Sprecherin der Bundesagentur darin einen eindeutigen Missbrauch des Systems und einen Verstoß gegen die Nutzungsbedingungen. Einen Missbrauch dieser Dimension hat man in der Jobbörse der Bundesagentur noch nie erlebt, so die Sprecherin. Mal sehen, ob das mehr als nur die Sperrung des Accounts zur Folge hat.

Inzwischen ist man damit beschäftigt, die zahlreichen fingierten Stellenangebote zu finden und zu löschen. Was aber noch einige Tage dauern kann, so Frau Huth. Schließlich werden täglich etwa 20.000 Stellenangebote neu erstellt oder abgeändert. Verantwortlich für diese Angebote war demnach die Firma Econsulting24, wo jedoch bislang weder die Arbeitsagentur noch die mittlerweile darauf aufmerksam gewordene Presse jemanden erreichen konnte.

Einen ähnlichen Fall hatte es bereits im Winter letzten Jahres gegeben. Ein privater Jobvermittler hatte immer wieder fingierte Stellen ins System gestellt. Wenn sich Bewerber bei dem Vermittler meldeten, erhielten sie stets die Auskunft, dass die Stelle bereits anderweitig besetzt war. Das Unternehmen bot den Bewerbern jedoch an, gegen Bezahlung Bewerbungen für sie zu verfassen. Und obwohl die Arbeitsagentur den Account des Vermittlers löschte, meldete er sich stets einfach neu an und spammte fröhlich weiter. Das Problem der mangelhaften Kontrolle vermeintlicher „Arbeitgeber“ in der Jobbörse ist also bereits seit langem bekannt.

MySpace Scam

scamvictimsunited — Tue, 10 Nov 2009 00:20:40 +0000

There is a MySpace Scam email going around that asks you to update your account information. Do not click on any of the links in the email!

Dear MySpace user!

Please be informed that you are required to update your MySpace account.

Please update your MySpace account by clicking here:

If you’re unable to click on the link above, copy and paste it into your browser’s address bar.

————————-

At MySpace we care about your privacy. This email is never sent unsolicited.

If you think you’ve received this email in error, or if you have any questions or concerns regarding your privacy, please contact us at:

privacy@myspace.com

MySpace, Inc.
8391 Beverly Blvd. #349
Los Angeles, CA 90048
USA

Global Cyber News Bits, November 9, 2009 from CommunityDNS

CommunityDNS — Mon, 09 Nov 2009 21:26:23 +0000

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Bot herders hide master control channel in Google cloud

Google’s “AppEngine” application was used by cybercriminals to act as the master control channel, feeding commands to large networks of infected computers.

Also, it was found that the Koobface botnet was using Google Reader to spam malicious links to social networking sites; one of which being Facebook.

Click here for more information.

Gumblar Botnet Resurges

Known as one of the largest botnets that grew dramatically this year, Gumblar has reappeared.

Gumblar works in two ways. The first is to load malware onto sites. When users visit the sites malware is downloaded onto their computers. The second way Gumblar works is to populate websites with I-frames pointing to websites containing the malware.

Click here for more information.

New Spamming Botnet On The Rise

Currently sending 2.5 billion spam messages globally a new Botnet, known as “Festi” has quickly jumped to the rank of 5% to 6% of all spam generated. The jump means more bots (or compromised computers) were added into its botnet with 60% located in Asia, 18% in Europe and 9% in North America.

Click here for more information.

Practical Analysis: The Fastest-Growing Security Threat

Having grown from a few thousand a day a year ago to more than 500,000 a day SQL Injection is the fastest-growing security threat. Through the use of automated tools cybercriminals are searching for which sites are vulnerable to SQL injection. Such attacks allow hackers to break into networks that can lead to the breach of sensitive data.

Click here for more information.

UK to push for law to retain all communications data

Citing the EU Data Retention Directive does not go far enough and to prevent serious crime and terrorism the British government is pushing for its ISPs to capture and hold data regarding instant messages, e-mail and other electronic communications. The data retained would also include data from third-party services. The data is to be retained by the respective ISPs and not in a centralized database.

Click here for more information.

FBI Warns That ACH Fraud Is Rising

dono — Mon, 09 Nov 2009 16:53:59 +0000

A new FBI alert has been issued that warns small businesses, municipal governments, and schools about a significant increase in automated clearinghouse (ACH) fraud, in which cybercriminals are stealing millions of dollars from organizations through an ongoing cyber attack. As part of this attack, cybercriminals send an email to a business or organization’s bookkeeper or financial officer that aims to trick them into downloading keylogging software. If the business or organization uses an online banking service, the cybercriminal can use the software to steal the victim’s login credentials and create ACH transfers to “money mules,” or people who are tricked into transferring the money overseas where it cannot be found. As part of the scam, cybercriminals also are launching distributed denial-of-service attacks against ACH processors in order to prevent them from recalling transfers before the funds can be sent overseas. The FBI says cybercriminals have attempted to steal roughly $100 million through this scam. The bureau notes that cybercriminals are primarily attacking organizations that tend to work with smaller regional banks, which are often not capable of stopping the fraudulent ACH transfers. Compounding the problem is the fact that some banks do not have proper cybersecurity measures in place to protect against this attack, the FBI says.

“FBI Warns of $100M Cyber-Threat to Small Business”
IDG News Service (11/03/09) McMillan, Robert

Junk E-mail Quick Tip #12

techpaul — Sun, 08 Nov 2009 21:28:22 +0000
Folks I invite you to look at the screenshot below and ask yourself, “why did he highlight tho

NASSCOM wakes up after 15 months

Anuraag Sanghi — Sat, 07 Nov 2009 13:45:26 +0000

A team of researchers including professors of University of Brighton published a report in July 2009 titled “Crime online — Cybercrime and illegal innovation”. It was picked up by online news channels and quoted in news items to propagate lies about so-called cybercrimes in the business process outsourcing (BPO) industry of India. The report tries to present data from the annual reports of the Indian Computer Emergency Team, and Symantec in a way that suits its story, of India being a centre of cybercrimes and in general being a weak state. (via Phishing study: Bunch of lies).

Plodders – all of you!

I got bad news for you, Mr. Kamlesh Bajaj!

Nasscom, your team and maybe you should include yourself. Plodders! All! The report you quote came out in July – and you are responding to it it after 3 months. What more, if you had dug deeper, you would have come out with more – dirt, that is.

The ‘prequel’

Nearly 15 months ago, a Scottish newspaper, The Sunday Herald ‘revealed’ that an Indian hacker had broken into the credit card database and stolen some 8 million records. The supposed ‘victim’, Best Western Hotel immediately rejected this claim, and revealed that 10 (ten only) records had been stolen. If you check this story today, The Sunday Herald has (of course), removed the Best Western rebuttal of this story. How did the newspaper identify the nationality of the hacker? A journalist’s ‘secret’ sources!

Indian Media

The serious part of the story was that only a few (all from the largest media house in India, in fact) Indian newspapers picked up this story. No other significant newspaper in the world picked it up. India’s premier business newspaper The Economic Times featured this story prominently in their print edition. The Times of India, which says it the largest English newspaper, dutifully carried this IANS report. The challenger to Times Of India, DNA also carried this report. Looking at these reports just a little deeper, and the source of all these reports is a IANS (India Abroad News Service) report.

So, it was evidently planted and created for the Indian media. The story was dated August 23rd, 2008, Saturday, and carried the next day, on a Sunday for maximum impact – and for the business press to pick up and run the story on Monday morning. The story was planted through IANS, a supposed ‘pro-Indian’ news agency. Did anyone come back and retract this story? Of course, not!

Every aspect of this hoax was planned in great detail.

Within the next 3 days, on August 27, 2008 the 2ndlook blog uncovered this hoax ‘Indian hacker’ story. The prequel to the report that you are rebutting after 3 months. The secret – the ‘provincial’ mind’ (aka मोटी, देसी और मंद बुद्धि) of 2ndlook knows …

What they don’t know …

What these English speaking, Westernized journos, dont know and cant care about are some inconvenient facts. How can India have a low prison population, with a poor police-to-population ratio and a crime rate which is not above the average – in spite of a large civilian gun population.

All the 5 indices (below) create a bias for a lawless Indian society and rampant crime. With these five indices, going against a stable social system, how does current day India manage low-to-average crime rates.

India has the lowest per capita prison population in the world. (‘put more criminals behind bars’)

India also has the lowest police-to-population ratio in the world. (‘increase police force’)

India has the second highest national gun stock in the world. (‘more guns means more crime’)

India has the largest number of poor in the world. (‘it is poverty which the root of all crime’)

Capital punishment in India is again at low levels. (‘kill enough criminals to instill fear’)

Western thinking and systems of law and order predict that India should have the highest crime rate in the world – which is not true. India has low-to-average crime rate compared to the Rest of the World.

Historically, trade in India is governed by शुभ लाभ ‘shubh labh’ – and hence Indians have not been major players in drugs proliferation (unlike Japan, the West in which traded Opium in Korea and China) or in slave trade. In modern times, though India is a power in computing industry, India is not a big player in spamming or in software virus.

Indian ethical system

More than 2000 years ago, Megasthenes a Greek traveller to India wrote,

Theft is of very rare occurrence. Megasthenes says that those who were in the camp of Sandrakottos, wherein lay 400,000 men, found that the thefts reported on any one day did not exceed the value of two hundred drachmae, and this among a people who have no written laws

Interesting it is. Surprising it is not!

The Facebook Email

scamvictimsunited — Fri, 06 Nov 2009 02:19:57 +0000

More Facebook login scam emails . . . I had 19 of them in my SPAM folder!

Below are the email addresses from this scam email. I like to post these in case someone does a google search on them.

Subject: New login system
From: update+rgogqpctttsr@facebookmail.com
Reply To: disorient47@sira.net
From: update+dliugby@facebookmail.com
Reply To: codependent465@sssheet.com
update+lnncltkgyzup@facebookmail.com
From: update+ghswbfz@facebookmail.com
From: update+ljeuhyagcq@facebookmail.com
update+yvesfftsiqywhv@facebookmail.com
update+wraywxbjjgz@facebookmail.com
update+mzbdzhlqdfz@facebookmail.com
update+pzgxnjof@facebookmail.com
update+gmgnlbscafdv@facebookmail.com
update+ibwxqcwwrlfnm@facebookmail.com
update+aqcavrtnuzbik@facebookmail.com
update+oinecjo@facebookmail.com
update+opuhqlwsknknf@facebookmail.com
update+mxwiwbc@facebookmail.com
update+vbizdtnyxnt@facebookmail.com
update+gpksidnvuak@facebookmail.com
update+ydvejcd@facebookmail.com
update+clvwaojhtxpilz@facebookmail.com

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.

Please click on the link below to update your account online now:

If you have any questions, reference our New User Guide.

Thanks,
The Facebook Team

Global Cyber News Bits, November 5, 2009 from CommunityDNS

CommunityDNS — Thu, 05 Nov 2009 22:21:09 +0000

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Vendors Scrambling to Fix Bug in Net’s Security

SSL (Secure Sockets Layer) is widely known as the indicator that, when invoked, ensures users their session is encrypted and the contents being transmitted is secure. The security protocol is used highly in e-commerce applications.

Recent discoveries have pointed out the vulnerabilities associated with SSL and that it is not as secure as one may think.

While there have been bugs that have dealt with the management of the SSL’s digital certificates, this flaw is with the protocol itself.

Subject to the vulnerability are shared hosting environments, databases, mail servers, and other secure applications. Fixes will need to be applied to Web browsers, Web load balancers, Web servers, mail servers, ODBC drivers, SQL servers and peer-to-peer protocols.

Click here for more information.

Cybercriminals down five British police forces in a year

With nearly all of police daily operations depending on IT systems, five British police forces have been impacted by cybercriminals. The Internet attacks of the respective police forces caused outages lasting three or more days. It is unclear if any date was lifted through the five different breaches.

Click here for more information.

Swedish spooks knocked offline by hack attack

Thought to be an attack due to Sweden’s new law allowing the country’s intelligence agency, FRA, to monitor all Internet traffic coming through the country. The outage began Monday night, lasting until Thursday morning.

An apparently separate denial-of-service attack was aimed at police and media outlets.

Click here for more information.

EU offers hope to file-sharers

In an amendment applied to a larger telecoms bill verbiage regarding action against illegal file-sharers was watered down. Fearing that basically declaring the internet as a fundamental right for its citizens would conflict with how to go after illegal file-sharers, the Commission watered down the language giving ultimate responsibility to the member states on policing illegal content downloaders.

Click here for more information.

Data at Risk

tmenadier — Wed, 04 Nov 2009 21:08:48 +0000

Cyber security is a shared responsibility

You store important assets in the form of documents, financial information, and proprietary intellectual property electronically. Unfortunately your important assets are only as safe as the weakest link in your network. To secure your electronic assets a holistic approach must be taken. This holistic approach depends as much on business policies and procedures as it does on technology. For this reason it is important for the managers, executives and business owners who are ultimately responsible for the information stored electronically take proactive steps to reduce risk and liability.

A major breach in security can happen easily, especially if your company uses portable devices with unencrypted data. For example, at the beginning of Oct, 2009, a Blue Cross and Blue Shield employee had laptop stolen containing unencrypted confidential information for 850,000 doctors. A breach like this can have serious consequences to a business’s relationships and bottom line.

90% of data loss occurs due to employee error or data theft!

A major factor in securing your network is end user/employee training is critical to protecting IT assets.

Facebook Kembali Diserang Trojan

Harz — Wed, 04 Nov 2009 03:05:00 +0000
Serangan masif botnet dilaporkan menerjang sekitar 750.000 user Facebook. Menurut vendor sekuriti Cl