This post is authored by Jaime Filson and Dave Liebenberg.
A mosaic made up of 1-800 tech support scam websites
The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off of 3.3 million unwitting victims just this year. These scammers typically convince the victim into allowing them access to his/her computer through remote control applications such as TeamViewer. They then present benign processes as malicious, or at times even spread malware themselves. Afterwards, they charge hundreds of dollars for the service.
There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.
Talos has been monitoring the incessant creation of these fake tech support websites in order to better understand the way in which these scams operate. We decided to call a company ourselves for some reverse social engineering. Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.
Read More >>
Tags: Apple, fraud, mac, scam, social engineering, Talos, TeamViewer
Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun & Bradstreeet. Both of these organizations aggregate and sell consumer and business PII.
When PII is misrepresented, the experience for the true PII owner can range from unsettling to pure exasperation due to the fact that the victim’s virtual identity must be reclaimed and a consistently proven remediation roadmap still does not fully exist. A recent survey estimated that in 2012 over 12 million Americans were the victims of identity theft.
Fortunately, in addition to the standard PII definition a majority of states –such as California’s Penal Code §530.55 – now include credit card numbers and even computer media access control (MAC) addresses. The comprehensive definition and accompanying legislation is giving law enforcement the ability to charge suspects with identity theft and aggravated identity theft, but individuals still need to be aware of the risks and respond accordingly.
Below are five realistic almost universal U.S.-centric identity theft risk factors followed by guidance on proactively saving you those precious resources – time and money.
1. You don’t control your PII. Read More »
Tags: ATM, credit cards, Dun & Bradstreet, fraud, ID theft, identity theft, LexisNexis, personally identifiable information, PII, risk, TRAC
The Internet remains an environment where it is important to keep your wits. The recent indictment of nine individuals on stock fraud charges reminds us that the pump and dump scam continues to be perpetrated . Stock spam emails were particularly prevalent during the mid-2000’s, with these messages reportedly comprising 15% of all spam in 2006 . These messages sought to artificially increase demand for infrequently traded stocks so that fraudsters could unload cheaply bought shares at a profit to unsuspecting investors.
Read More »
Tags: email, fraud, scam, TRAC
While there is a world of difference between a deck of 52 and a deck of credit cards, it is still wise to hold those payment cards close to the vest. A solid part of protecting those cards from prying eyes is ensuring your insurance firm is compliant with the Payment Card Industry’s Data Security Standard.
Is PCI compliance important to insurers? Every carrier CTO and CIO I have asked has said , “Yes, it is…and we are working on it now.” I’d venture to say, as with all compliance and risk management it is not a one-and-done effort, as regular reviews are required.
Today, April 14, 2011, Cisco announced its newest work in the area of helping companies across all industries comply with the PCI DSS 2.0 guidelines. And since the PCI DSS guidelines apply to all companies—including insurance—that transmit, process or store credit card transactions and cardholder information, I’ve recorded a video in which I discuss the PCI DSS standard and its applicability to insurance.
Cisco is at the table with its customers when it comes to enabling PCI compliance and is an active member of the Payment Card Industry Securities Standard Council’s Board of Advisors. We completed a new Cisco Design and Implementation Guide that includes 30+ Cisco and technology partner products that have been examined by an auditor.
Technologies involved in the assessment include core routing, switching and wireless, plus collaboration and physical security technologies.
Partners involved with this solution include VCE, HyTrust, RSA, EMC and Verizon Business who is the auditor.
Make sure you don’t show your cards….your credit cards…..at all times.
Tags: compliance, fraud, pci, pci-dss, risk mitigation, routers, security, switches, wireless