For starters, go to Google Maps and search on your name to see if they have a picture of your home mapped out. If so, you can request to be removed. Next, set up a Google alert for your name (and company name if you’re a business owner). Google will e-mail you any time something is posted about you with a link so you can keep an eye on reviews, photos, etc. Next, go to www.Spokeo.com and search on yourself – you might be shocked at how much information is posted about you, your home, your income and personal life. You can request to be removed from this site by going to www.spokeo.com/privacy.

While it’s not uncommon for employees to waste a bit of work time on relatively harmless activities, such as shopping or visiting a favorite sports site, times have changed; employers are learning the hard way that employee use or abuse of a company’s Internet system can lead to significant liability and time wasted if not monitored.

For example, one business owner (who will remain nameless) shared that they received a panicked phone call from the office while traveling. The police had shown up and arrested one of their staff for soliciting a minor online. Since he was doing this during work hours from the office, that’s where the police showed up to arrest him – clearly a PR nightmare. And stories like this are happening EVERYWHERE.

Then there’s the wasted time. Social media sites like Twitter and Facebook are addictive. If your employees are constantly “plugged in” to those sites, they won’t be nearly as productive at work as they should be.

Protecting your company requires two simple steps at a minimum. The first is to have a written company policy that details what employees can and can’t do with company resources or during company hours. Next, you’ll want to have a content filtering system in place that will enforce your policy by automatically “policing” your company e-mail and Internet usage, blocking sites and content you don’t want your employees to access without hindering their ability to work online.

Online porn hunters are the latest target. Visitors to certain web sites are led to believe they can download a free video player when in fact they are installing malicious code onto their Macs.

Once the users authorize the transaction, the hackers can redirect the users future browsing to fraudulent web sites and possibly steal the user’s information or passwords. Sometimes they simply send ads for other pornographic web sites. This results in thousands of dollars in income for the criminals.

While you may think that Macs are essentially more secure than PCs because they are built better, security experts would argue differently. They believe that the Mac is actually no more secure than a PC. In fact, they note that the relatively low number of viruses, exploits and other cyber attacks directed at Mac users is due to Apple’s relatively small share of the computer market.

“I don’t think that the Mac OS is more secure than Windows — I think it is safer than Windows because there are less people trying to attack it. There is a big difference,” Natalie Lambert, a senior analyst at Forrester Research recently shared with MacNewsWorld.

With that said, the fact remains that for every single attack on a Mac, there are at least 100 attacks on Windows-based systems.

So what should you do if you own a Mac? Use the same safe online surfing practices as PC users, keep your anti-virus software up-to-date, never open strange e-mails from unknown sources, and only verify user names and passwords by phone with your bank or other financial institutions.

o Use a passcode
Although it’s not 100% hacker-proof, it will block unauthorized users from accessing your information.

o Consider enabling automatic data erasing
You can configure your iPad to erase your data after 10 failed passcode attempts. Clearly this is not a good solution for anyone who constantly forgets a password or those who have kids who might try to endlessly log in to use your iPad.

o Sign up for MobileMe
As mentioned opposite, this software will allow you to locate a lost iPad and, if it’s not recoverable, you can remotely wipe the device of your private information. (This service will soon be replaced by Apple Inc with a service called iCloud.)

o Limit its capabilities
You can set your iPad to restrict certain functions such as access to Safari, YouTube, installing applications and explicit media content using a passcode. In the corporate world, an IT administrator could set these restrictions for company owned devices. At home, you can use this to restrict what your children can do with your iPad.

o Install software updates
As with all software, make sure you have the latest security updates and patches installed to protect against hackers and viruses.

o Only connect to trusted WiFi networks
Public WiFis are open territory for hackers and identity thieves. Whenever you connect, make sure it’s a legitimate, secure connection.

Epsilon was in charge of maintaining the e-mail databases and campaigns of some of the largest corporations in the country, including 1-800 Flowers, Best Buy, Walgreens, JPMorgan Chase, Capital One, and more. In fact, there’s a good chance that you’ve received multiple “apology” e-mails from these vendors.

While some said the breach didn’t cause a whole lot of damage, we disagree. Essentially, these cyber criminals now have the ability to invent highly sophisticated phishing attacks by creating e-mail offers that look like legitimate promotions coming from companies they (the people whose e-mail addresses were stolen) buy from and trust.

And though it’s already common for cyber thieves to impersonate credible organizations with what appears to be legitimate e-mail messages that seek to verify account information, this recent breach of security allows cyber thieves to be smarter and even more targeted with their scams.

Two Key Lessons

First, you need to be a lot more wary of e-mail promotions and communications that ask you to provide your credit card information or to validate your account information (username, password, social security number, etc.). No valid company will ever ask you to send important, confidential information in that manner.

Second, this breach serves as a warning to all businesses that they must have the MOST up-to-date security systems in place for their computer network, especially if you handle client data such as credit cards, bank accounts, social security numbers, passwords, client lists and more. Epsilon has responded to the security breach, apologizing to all of those affected, but the damage is done to their organization, not to mention their clients.

That’s why we urge all of our clients to enroll in our ITEZ Care Program. This service allows us to monitor your network’s anti-virus, firewall and security settings to make sure your network is fully protected against these damaging events.

2. Lack of Education. Most viruses and spyware are invited by the user; therefore, if you want to make sure your employees don’t download viruses, take the time to educate them on what new viruses are circulating and about common scams.

3. Lack of Maintenance. No software is perfect, which means security loop holes will be exploited by hackers the minute they are discovered. That’s why it’s critical to keep your security patches up to date.

4. Plug and Surf. Computers are NOT designed “ready to go” out of the box. Before a phone line, ethernet cable or wireless card is anywhere near a new computer, certain security needs to be installed and/or configured. Ideally, this should include virus protection, multiple spyware scanners and a program that runs in the background to prevent malicious software from ever being installed.

5. Do It Yourself. Setting up a network, applying proper security measures and downloading and installing software can be tricky. Large companies have IT departments. Small business owners should also ask for advice or even hire help. It’s worth the extra cost.

How are these myths established?

There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true.

Why is it important to know the truth?

While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits. If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack.

What are some common myths, and what is the truth behind them?

* Myth: Anti-virus software and firewalls are 100% effective. Truth: Anti-virus software and firewalls are important elements to protecting your information. However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.

* Myth: Once software is installed on your computer, you do not have to worry about it anymore. Truth: Vendors may release updated versions of software to address problems or fix vulnerabilities. You should install the updates as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.

* Myth: There is nothing important on your machine, so you do not need to protect it. Truth: Your opinion about what is important may differ from an attacker’s opinion. If you save personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people.

* Myth: Attackers only target people with money. Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage.

* Myth: When computers slow down, it means that they are old and should be replaced. Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, it may be compromised by malware or spyware, or you may be experiencing a denial-of-service attack.

Safe computing!

Information provided by the US-Cert Cyber Security

If this has happened to you, please take the appropriate measures.

————————————————————————————————————-
By Woody Leonhard
2/3/2011

“I’m from Microsoft and I’m here to help.” At least, that’s what reader MP thought he heard when he answered the phone. It wasn’t.

Con artists all over the world are bilking big bucks out of unsuspecting Microsoft customers — including savvy Windows users.

In this new epidemic, the scammers are sophisticated, glib, and oh-so-convincing. Know the warning signs. You may be next.

Inside one con that almost succeeded

Here’s how MP describes his experience:
 “I was having a problem with Windows XP and posted an inquiry on one of the [presumed to be] Microsoft support sites. My wife received a call from someone wanting to talk to me about my computer. She gave a time when I would be home. I was expecting a call from my ISP. The call came at the arranged time, but it was not the ISP. The caller said he was working on behalf of Microsoft and directed me to a very convincing website for confirmation of his company and his credentials. The caller knew my name and telephone number.

“We talked about the problems I’ve been having with Windows XP. He said it sounded like a virus. He guided me into Windows XP’s Event Viewer and showed me a number of red and yellow flags for applications and systems, which he said were indicative of a malware attack.

“He offered to get a technician to sort the problem for free and directed me to a website, where I had to enter some contact information and my Windows activation code, from the sticker on my PC. He talked me through the process — we were on the phone for almost an hour at that point — and it all went smoothly until I had to enter some sort of warranty code that I didn’t have. He told me to hang on while he checked with his boss.

“A few minutes later, he was back and gave me the unfortunate news that my free support period had ended. He told me I would have to pay $99 for extended support and directed me to a place on the website to enter my credit card information. I’m not sure why, but I smelled a rat, so I hung up on him.

“The caller knew what he was talking about, knew my name and phone number, knew that I was running Windows XP, and knew that I was having problems. I’m a professional electrical engineer and fully aware of phishing and other scams, but I was nearly taken in.”
MP sent me the address of the site the caller used for a reference. I won’t repeat it here because, to this day, I’m not sure whether it’s a legitimate consulting firm site or whether it exists only to provide a backstory for swindlers.

The website certainly had an air of legitimacy. It identified the caller’s company as a “Microsoft Registered Partner” with an official Microsoft logo. “This company is a Technical Support Provider,” the site says. “As computers have become more popular and sophisticated, the job of keeping them running has fallen to an ever-expanding group of specialists, collectively known as Solution Engineers.”

The site went on to say, “The first point of contact is generally the manufacturer’s tech support. However, as manufacturers and others scale back on in-house technical support to control costs, innovative and entrepreneurial technical support companies are building a robust business of providing help and a sense of security to consumers.”

Then I noticed that the site’s mailing address is in Kolkata and the domain is registered in Jharkhand, India — a long, long way from MP’s stomping grounds.

Robust? You could call it that.

Be aware of tricks of the con artist’s trade

I wish MP’s story were unique, but it isn’t.

How in the world did the con artist take him in? It’s easier than you think.

In MP’s case, it’s possible that somebody milked his name from a Microsoft tech-support site and looked him up in a phone book. But it’s far more likely that the con artist simply called phone numbers randomly. Think about it. If you called 100 people and told them (with a ring of friendly authority in your voice) that you were from Microsoft and wanted to help them with the PC problem they reported, what percentage would take you up on the offer? I’d guess it’s at least 10%.

Tricking users such as MP (or his wife) into revealing names or PC problems is a con artist’s stock in trade: if you aren’t immediately suspicious, casual banter will often reveal a wealth of personal information. For example, it can take a scammer all of five seconds to find out whether you’re using Windows XP or Win7: “Do you see the big circle in the lower-left corner? Oh, sorry, I meant do you see the word ‘Start’ in the lower-left corner?”

Everybody’s Event Viewer has red and yellow flags. Check yours right now and you’ll see them:
 Windows XP: Click Start, Control Panel, Performance and Maintenance, Administrative Tools; then double-click Computer Management.
 Vista: Do the same, except for the final step. Double-click Event Viewer instead.
 Win7: Click Start, type Event, click Event Viewer.
On the left of the Event Viewer window, expand the Windows Logs/System branch. See the ocean of colored flags? They’re mostly harmless, although they look alarming — which is why Windows makes it difficult to find them. It’s good fodder for a flim flam.

The website used for establishing the caller’s credentials may be completely legit — or maybe not — it’s very, very hard to tell. Anybody can become a Microsoft Partner; it takes maybe two minutes, and all you need is a Hotmail account or other Windows Live ID. (Don’t believe it? Go to the Microsoft Partner Network site and fill out the forms.)

As for the “Technical Support Provider” claim on the website — the term has no official meaning, as far as I can tell. The site’s owners may be guilty of puffery, but that’s a widespread defect among consultancies. The fact that the site’s based in India, and MP lives halfway around the world from there, isn’t a definitive sign — but it certainly doesn’t inspire confidence. Although Microsoft has tech support offices overseas, it’s a stretch to think that an overseas Microsoft affiliate would be assigned to follow up on a tech support issue on the other side of the planet. Is the site legit? I don’t know.

The overwhelming con give-away — the big red flag — in all of this? Microsoft doesn’t work that way. Think about it. Microsoft isn’t going to call you to solve your problems unless you’ve received a very specific commitment from a very specific individual within Microsoft — a commitment that often comes only after repeated phone calls on your part, generally accompanied by complaint elevation to second- or third-level support engineers. Microsoft typically doesn’t respond to random online requests for help by calling a customer and spending a lot of time with them. Sorry, it just doesn’t happen.

What to do if you think you’re being scammed

You think you’re on the receiving end of a Microsoft Tech Support scam phone call?

If you aren’t sure whether you’re being conned, ask the person on the other end of the line for your Microsoft Support Case tracking number — every MS tech support interaction has a tracking number or Support ID. Then ask for a phone number and offer to call your caller back. Con artists won’t leave trails.

If you think a con is being run from overseas — much more common in these days of nearly-free VoIP cold-calling — your chances of nailing the perpetrator slide from extremely slim to none. It’s prudent to be suspicious of any Microsoft expert who doesn’t seem to be calling from your country.

Whatever happens, don’t give a stranger with unverifiable credentials full access to your computer. I see reports of people who were talked into setting up a Remote Desktop connection, allowing the ersatz expert unfettered permission to download and install any program that suited his criminal fancy. If that has happened to you, my best advice is to restore a complete backup of your PC made before the call or completely reinstall Windows.

If you believe you’re being conned, get all the information you possibly can. Then, immediately after you end the conversation, call the police. Be sure you keep records (or use your browser’s Back button) to keep track of the websites you’ve visited, and offer that information to the authorities.

If you’ve already been conned — you’ve given out personal information or a credit-card number — start by contacting your bank or the credit-card issuing company and follow the identity-theft reporting procedures.

Now you know. Warn your friends.
————————————————————————————————————-

So how do attackers target online shoppers?

There are three common ways that attackers can take advantage of online
shoppers:

* Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.

* Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites that appear to be legitimate or email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.

* Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

* Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your computer. Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.

* Keep software, particularly your web browser, up to date – Install software updates so that attackers cannot take advantage of known problems or vulnerabilities.

* Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.

* Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the “issued to” information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.

* Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.

* Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email, and use caution when clicking on links in email messages.

* Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.

* Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.

* Use a credit card – There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection for your debit card. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases.

* Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

Safe Computing!

Based on Cyber Security Tip ST07-001

• 74% of the businesses surveyed were affected by cyber attacks – including hackers, viruses, worms, etc. – in the past 12 months.

• 62% had lost at least one mobile device in the last 12 months, and 100% admitted they had no password protection on these devices.

• Less than 1/3 of the devices lost had a way to wipe these lost devices clean to prevent unauthorized access to confidential data.

• 42% of businesses have lost confidential data in the last 12 months and 40% reported a direct financial loss because of this.

• 47% of those survey said they STILL do NOT backup their data!

To be perfectly blunt, this is just plain stupid and irresponsible behavior on the part of businesses who allow these attacks to happen. Even worse, it’s a black eye on their PR if the confidential information is CLIENT data, such as credit card numbers, bank account information, medical records or other important identity information like social security numbers, birth dates, passwords, etc.

ALL businesses know of the threats to their computer network, be it viruses, hackers or internal employees; not taking some simple measures to protect against theft and loss of confidential data is completely foolish – not to mention expensive!

If you have any doubt whatsoever about whether you’re backing up your data properly, protecting mobile devices and maintaining up-to-date firewall, patches and security updates, contact a professional. Don’t end up being another statistic.