New York top city for online fraud activity

Posted on 18 April 2012.



New York is the nation’s epicenter for online fraudsters, followed by Atlanta, Chicago, Los Angeles, and Omaha respectively.

Leveraging a sample of nearly a billion transactions performed by select U.S.-based e-commerce merchants, ThreatMetrix reviewed the online activity for the first quarter of 2012, scoring each transaction with a fraud risk of low, medium or high.

High risk transactions are typically rejected automatically by merchants while medium risk ones tend to result in manual review. The top 150 U.S. cities were then ranked based on their percent of high and medium risk transactions.

“New York was ranked No. 1 in e-commerce fraud risk with transactions 1.5 times as likely to be at risk in comparison to second ranked Atlanta, and twice as likely in comparison to No. 3 Chicago,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “As fraudsters grow more sophisticated and expand globally, it’s only natural that large cities with international profiles, easy access to shipping and high connectivity rates will become breeding grounds for new generations of cyber threats, including both fraud and malware.”

Cybercrime is becoming an increasingly worrisome problem for e-commerce merchants, financial institutions and other online businesses. In 2011, 25 million new, unique strains of malware were released – a number that is projected to explode to 87 million by the end of 2015, according to the Aite Group.

Cities like New York, Chicago and Los Angeles are a gold mine for cybercriminals that steal identities, passwords and credit cards. We would expect to see a highly connected city like San Francisco rank higher, but perhaps the relatively substantial penetration of Apple devices which are largely seen to be less vulnerable to malware explains its relatively low ranking, added Faulkner.

The top 10 list of U.S. cities for fraud origination, ranked from highest to lowest includes:

1. New York
2. Atlanta
3. Chicago
4. Los Angeles
5. Omaha
6. Dallas
7. San Francisco
8. Houston
9. Washington D.C.
10. Lexington, KY.

Tax season is the time of year when people work diligently to fulfill their obligations to the Internal Revenue Service (IRS). It’s also when aggressive identity thieves target unsuspecting taxpayers to steal Social Security numbers and fraudulently file tax returns and claim refunds.

Knowing how to manage your sensitive information and identify when you’ve been targeted can help proactively protect your identity.

Important Tips to Remember:


Don’t keep important identity documents on your computer. Use a recordable disc or removable memory stick to store your personal information, especially if you file your taxes electronically. This will help safeguard these items in the event you download malware or your computer is hacked.


Scammers may pose as IRS representatives to steal your information. Through email, phone calls, websites and more, a fraudster or an identity thief will attempt to capture your personal information. You can verify all contact and information requests at http://www.irs.gov/contact.


The IRS will never initiate contact via email. If you receive any email communication informing you of an audit, announcing a refund, or asking for personal information, it's a red flag for fraud. Report all suspicious emails to phishing@irs.gov.

Fake antivirus scams have plagued Windows and Mac OSX during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users.

ErieAlert.com is all about neighborhood and personal security. For those of you lucky enough to get iPads this Christmas there is an app just for you and your security. The app can be found at the iTunes store and is completely free:

BuddyGuard (Free) - There are many apps that protect your iPad from danger. This app protects you by signaling for help if you don't check in on time. It responds to falls and records audio, video and location to help authorities in criminal investigations.

When you think mobile gadget security you think of protection against hackers and thieves. There are plenty of apps for that. BuddyGuard VIP, however, provides security for you.

You can set up check-in times. If you don't check in, the gadget will start recording audio, video and location and send it to your friends. This can provide evidence if you're the victim of a crime. It will also activate when it detects a fall or crash and notify authorities of your location.

Cost: Free

FamilyShield can put your mind at ease. It automatically filters out adult and other objectionable websites. You can set it up on a specific computer, or you can set it up on your home network's router. Putting it on a router protects all computers and Internet gadgets in your home.

FamilyShield is a service from the same people behind OpenDNS. You can actually do the same thing with OpenDNS, but it's more difficult to set up. For a really simple way to block adult sites, go with FamilyShield.

http://www.opendns.com/home-solutions/p ... ols#family

Facebook Scams

Facebook has more than 800 million users. That's more than 10 percent of the world's population. It's a tempting target for scammers.

New scams are popping up all the time. It could be a tempting link or a spam message; something harmless or a hook that could lead to a virus.

Keeping up with all the scams can be hard. And some are downright insidious. That's why Facecrooks is a great site to visit.

It keeps up on all the latest Facebook scams. And it's very specific on what links and messages to avoid. If you think something is fishy, check it out here first.

facecrooks.com

Beware of email address typos:

In a clever twist on spam, some websites with names that are confusingly similar to legitimate sites have been set up to reply to any mail sent to them. The responses are framed as out-of-office replies, but sneak in mentions of a new product or service you should try.

Here's a real-life example of how it works: An Associated Press​ reporter accidentally sent a message to a "verizonwireless.co" address instead of the proper ".com" and got this response, ostensibly from his contact "tom":

"I am out of office right now on a my (sic) dream vacation and will get back to you when I return. If you don't hear from me, my assistant should contact you shortly. You should check this site to see how I scored the best travel deal for my trip."

That's followed by a link to a site that advertises luxury resorts. Presumably, the owner of verizonwireless.co makes money when someone clicks through to any of the resort sites.

Ransomware plays pirated Windows card, demands $143
Scam tries to scare users with black screen and Microsoft logo; Panda's found the 'activation' code

Gregg Keizer


September 6, 2011 (Computerworld)

Cybercriminals are trying to trick Windows users into paying [euro]100 ($143) by claiming that they're running a counterfeit copy of the operating system, a security expert said today.

The scam, a kind dubbed "ransomware" for the way criminals try to extort money, poses as a message from Microsoft that alleges Windows is pirated. In reality, the user is infected with malware acquired after following instructions received in malicious email messages or through peer-to-peer (P2P) networks.

"This is not the first time cybercriminals have tried to pose as Microsoft in order to gain enough credibility so users are fooled and will pay money, said Luis Corrons, the technical director of Panda Security's lab. "But this time they are getting a bit greedy."

Previous ransomware attempts that leverage Microsoft's brand have demanded only $15 to $20, said Corrons. In April, for example, Finnish antivirus vendor F-Secure reported a similar Windows activation scam that racked up charges by keeping users on hold to a high-priced long-distance number.

The malware and subsequent scam is being primarily pitched to German-language speakers, said Corrons.

At current exchange rates, [euro]100 is equivalent to nearly $143.

To enhance the believability of the scheme, the malware displays Microsoft's logo and the notorious black screen that Microsoft forces on counterfeit copies of Windows when its validation software recognizes a counterfeit.

According to Corrons, the on-screen instructions claim that unless the victim pays the ransom, all data on the machine will be lost. Local prosecutors will be notified unless payment is made within 48 hours, the scam adds.

"They have played two cards here," said Corrons, "saying they are Microsoft and that [prosecutors] are aware of the situation."

Both claims are fake, Corrons added. "After two days, nothing happens. You can still use your computer [and] no files are deleted," he said.

Payments must be made through one of two payment services relatively unknown in the U.S., but more widely used in Europe: Ukash and Paysafecard.

Panda has obtained the activation code that the scammers eventually send to paying customers. Like legitimate Windows activation codes, it's a 25-character alpha-numeric string: QRT5T-5FJQE-53BGX-T9HHJ-W53YT

"For all of you [who] wouldn't like to pay anything to these bastards, this is the code you can use to deactivate it," said Corrons.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@computerworld.com.

Good tip on dealing with unsolicited pornography from www.kimkomando.com:


9/6/2011
I opened an unsolicited email containing child pornography! What do I do?

Q. I received an email containing child pornography. Repulsed, I called the police who sent an officer over to the house. The officer said to delete the e-mail, mentioning that it would be illegal to forward it, even to them. The next day an officer called asking if he could get my computer to get the IP address of the sender, and I agreed. To make a long story short, it soon appeared as if I were under suspicion. I had to get an attorney. Finally after a few weeks the attorney called to say I was no longer a person of interest. I picked up my computer after the police wiped it clean. I fortunately did not experience false imprisonment or loss of reputation. Still, this was quite upsetting. What should your listeners do if they open an e-mail and discover to their horror that they are in possession of child pornography?
-? from Rapid City, SD.

A. That story sounds like every computer-user's worst nightmare. You've already been through the ringer, and I don't want to take any chances of adding to that. So I'm not publishing even your first name. Child pornography is the worst thing you can come across online. I feel sick even at the thought.

It's sad but true that people can misuse any technology. Texting while driving is very dangerous but people do it anyway. Bullies use social networks to harass victims. And pedophiles use the Internet for their vile pastime.

It is bad enough that child pornography exists at all. However, it gets worse when it invades your life. Even inadvertently coming in contact with child pornography can damage your reputation. I'm very glad that wasn't the outcome here.

Before I go further, I want to offer some reassurance to my listeners. Child pornography isn't a common thing to receive by email unsolicited. This is one of the few instances I know.

Adult pornography is legal. That's why you might see lots of it appearing in your inbox. Child pornographers, however, have to keep a very low profile. They know what they are doing is very wrong. They also know that if they slip up the FBI will be right there to arrest them.

It definitely helps to know what to do if you get this in your email. There are also a few other ways you can run into child pornography in the digital world. Fortunately, these are very preventable.

Before we continue, let me make my standard disclaimer. I am not a lawyer. My advice is not admissible in a court of law. If you find yourself in a serious potential legal situation, as this reader did, go hire an attorney.

As I said above, receiving emailed child pornography is a one-in-a-million chance. Technically, you could just delete it and move on. It is unlikely law enforcement would trace that single email to you. No one would ever know you had it.

However, there are a few reasons to report it instead. The first is to provide yourself with bullet-proof cover. This listener's experience notwithstanding, it's best to be cooperative with law enforcement.

What if the email gets stuck in a mail server? Perhaps it doesn't get overwritten on your computer? A police forensic analysis might find it. Then you'd have some explaining to do. If it is documented that you reported the email, you're covered.

The second, nobler reason is civic duty. Child pornographers need to be rounded up and put behind bars. Any information you can provide to help that happen is a good thing.

It is doubtful reporting a single email will lead to immediate arrests. However, it could be another step on the road. Every little bit helps.

Now, based on the experience shared here, you might be wary of reporting the email. I don't blame you. However, there is another way to go about it rather than contacting the local police.

Just to be clear, this is not a criticism of local law enforcement. If you know of actual abuse or exploitation that is happening, call them right away. However, when it comes to online material, there is a more appropriate alternative.

The National Center for Missing & Exploited Children has the CyberTipline. You can either call 1-800-843-5678 or go to a website form at https://secure.missingkids.com/. In this situation, I would go with the online form.

You can enter the time you received the email. For Type of Incident, the Child Pornography option is probably the most appropriate. Where the form becomes useful, however, is the Internet Information section.

Select email for your Internet Location. Then go to the Email/Newsgroup Header text box. You are going to copy and paste information from the email into this area.

This tip tells you how to get an email's header information. The header contains IP addresses and email routing information. It can help track down the person who sent the email. Copy and paste the entire header into the form area.

That's all you really need to do. You can fill in more information that you think is appropriate. If you have been in contact with law enforcement, be sure to note that in the form.

This form is also useful if you stumble across child pornography while Web surfing. Again, the odds of that happening are remote. Still, if you do, you should report it. An actual Web address will give law enforcement a lot to work with.

Once submitted, the National Center for Missing & Exploited Children will pass the information on to appropriate law enforcement. It will probably go to the FBI, which is affiliated with the Center. The FBI may work with local law enforcement on the matter as well.

Be sure to take a screenshot or print out a copy of the finished form. You want a record of what you submitted. Once you've submitted it, you can delete the email.

Now, as I said, receiving child pornography by email isn't a common occurrence. What is common is child pornographers using unsecured wireless networks. They can download and distribute all the child pornography they want. It looks to law enforcement as if you're the one doing it. Not good!

Fortunately, this is simple to solve. You just have to secure your Wi-Fi network. It should only take a few minutes and it could keep the FBI from paying you a visit. This tip will walk you through the process. Don't wait another minute!

With the upcoming memorial date beware of 9/11 email scams. Be wary of attachments and redirects to unknown websites.