Tuesday 17 October 2017

Beware, online identity thieves are getting smarter


You have known that you should not fall for those emails that promise your share of an inheritance if only you will send over your banking information. You know that sharing too much personal information on social media is a no-no. And you’ve had it drilled into your head to not use “password” as your online passwords.

But here are some of the dicey areas of the internet you may not be aware of, according to money.usnews.com.


Online shopping wish lists

So you visit a favourite online store and make a shopping list of all the gifts that you want. That can be risky, says Matias Woloski, chief technology officer and co-founder of Auth0, a company based out of Buenos Aires, Argentina, that helps businesses secure and manage online user identities.

“Scammers use the information in these lists, which are often public, to learn more about their victims. This helps them craft more believable phishing emails,” Woloski says.

Phishing is the practice of sending fake emails from credible-looking sources. Woloski says you could get an email that looks like it is from your favourite online store, with the email telling you that a friend has purchased an item for you. Click here to verify your contact details.

You click, and you may have just verified some key information to a crook.


Websites having to do with online gaming

Even if you aren’t a gamer, maybe you have kids who love online computer games. Gamers are vulnerable when it comes to online thieves, says Gunter Ollmann, who is based in Atlanta and is the chief security officer of Vectra Networks, a company headquartered in San Jose, California that helps consumers monitor hidden cyber attacks in their networks.

Much of our society wants to be satisfied now, and so maybe it isn’t surprising that many players look for ways to “cheat” the game they’re playing, so they can get to the next level more quickly. Ollmann says that many hackers will create “cheat sites,” in which the gamer is instructed how to use the “cheat” to beat the game.

But, first, the gamer has to supply information like a cellphone number, or he or she might be required to download a “toolbar.” Of course, the toolbar allows the hacker to get access to the gamer’s computer.

“This works very well against teen mobile game players with little money,” Ollmann says.

And money or not, he or she still has an identity that’s worth plenty to the identity thief. This can happen even with anti-virus protection specifically designed to stave off these kinds of cons. Ollmann says sometimes teenagers ignore warning alerts.

“If they have spent 10 minutes answering questionnaires, see the progress bar at 95 per cent and are told this last step is the final stage … they’re socially engineered into installation,” Ollmann says.

Spam emails asking if you want to unsubscribe

So you get some advertiser’s unwanted email, and there’s a link where you can unsubscribe. Grateful, you click on the link.

The problem, Ollmann says, is that sometimes, “the bad guys send spam from popular websites. … Once the details are entered, the victim gets a message that they are now unsubscribed – but the bad guys have harvested the ID information they were after.”


How can you tell if the unsubscribe email is legitimate? It can be challenging to discern, Ollmann says. He suggests inspecting the URL. “Is the domain name consistent with the company it is presenting itself as? If not, then don’t click on it,” Ollmann says.

In other words, if in doubt, delete. Given how much spam your email box probably gets, that is probably the best approach, anyway.

Free stuff. This one is tricky because plenty of businesses send emails with coupons and offers. But look at them warily, says Robert Siciliano, a Boston-based identity theft consultant and the chief executive officer of IDTheftSecurity.com.

“You might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer,” Siciliano says.

Scary stuff. Siciliano says that you also might get a phone call from someone saying they are from Microsoft. The “representative” tell you they have scanned your computer and have found files that are malicious.

If you believe the person on the phone, you might believe them when they tell you they can remotely access your computer and fix the problem, after you install a program.

“When you install it, you give them access to everything, including personal and financial information and they can do what they want with it,” Siciliano says.


( Punch)

Get more stories like this on Twitter & Facebook

No comments:

Post a Comment

Get more stories like this on our twitter @Abdul_Ent and facebook page @abdulkukublogspot