Cyber Security: Don’t Be Dumb

Cyber Fact: the advancement, spread, and development of the mighty Internet as we have come to know it could very well be the greatest advent of the 21st century. Cyber Security Fact: there are people who wish to use the power of the internet to steal your most sensitive information and exploit it to whatever ends they see fit. This is not a statement meant to invoke irrational fear or send you hurling your computer into the nearest water source as a means to protect your personal information. Please, don’t do that.

What you can do though is be mindful of cyber security and educate yourself on the really simple methods that exist which allow you to protect your personal and sensitive data from those who might seek to gain access to it. Learn what kind of websites to avoid, what emails you should never open, and what kind of software you can employ to keep your computer safe.

It is a widely recognized fact that many websites that advertise adult content and dating services can be hotspots for viruses and hackers. Somewhat less obvious are websites and web pages that advertise some kind of news story or celebrity gossip that hackers know might grab your attention. People who seek to gain access to your computer know what might rouse your curiosity and will seek to grasp it with things that would otherwise seem to be rather harmless. The best rule of thumb is that if you see a dubious headline or a suspicious link, then there is a decent chance that you are right to be suspicious. If the web page is really interesting enough to follow up with, it is all too easy to employ a safe search engine which can give you more information about what you seek.

E-mail scams and “spam” have become a long running joke at this point in the age of the internet. Everything running the gambit from foreign princes looking to bring you wealth, to miracle pills of all sorts that grant your wishes without even so much as a prescription. Again, the typical signs of a virus laden e-mail may not always be present. As old as some of their tricks are, hackers have gotten smarter in how they might approach you. They are even capable of sending out e-mails with the appearance of real companies or websites you may already use in hopes of convincing you to use their links and “reconfirm your credit card information” or the like. Your best bet is to try and hold off on clicking on any link in an unexpected e-mail until you can confirm the contents legitimacy.

In terms of proactively fighting viruses and protecting your data, there are countless programs both free and paid which can provide you the all-important cyber security you seek. It will not take you long to find the exact amount of protection you need for your specific internet usage and specific budget (even if it’s not budget at all)!

Interweb safely, my friends.

– M

What the Next Big Cybercrime Technology Should Be

cybercrime technologyWe use technology every day in our lives for everything. People just expect the lights to be on, they expect to turn on the tap and water to come out. Did you know you’re activating about 250 different microchips when you’re driving a modern automobile?

Every machine you get connected to in the hospital, the ATM you use at the bank, your credit card purchases – its all somehow or another connected to a computer and the Internet. Even home appliances have become Internet-enabled.

Technology is just becoming the fabric of the modern world – we’re becoming increasingly dependent on it. People don’t realize that behind all of these systems theres computers that were probably built 20 years ago. All of those computers and software are deeply insecure. As consumer technology advances, so does cybercrime technology.

Cybercrime is a Business

The standard view of a cyber criminal is some 16-year-old pimply kid in his mom’s basement hacking away at a keyboard in between games of World of Warcraft or Call of Duty. But it’s changed – today its actually a business, ran by traditional organized crime groups and new modern organizations. They’re global, they’re multinational, multilingual and they’re operating 24/7.

If you are a victim of a car theft, you know that your car is stolen. You can call the police, they can look for it, etc. The difference with cybercrime is that it happens in the background, and by the time you actually realize it, if you ever do, its way too late. 99% of the people who  have been victims of cybercrime don’t even know about it. The machines have been hacked, the bad guys are living inside your computer, they’re monitoring what you’re doing.

According to the latest studies in 2014, the average time until detection is over 200 days – that doesn’t matter if you’re a mom sitting at home, a carpet cleaning business or a major corporation in Silicon Valley. By the time you realize you’ve got a problem, it’s way too late. Now you have a major case of Internet fraud. Your customers credit cards are now out on the Internet or people are starting to short your stock in really odd ways.

Cybercrime Technology is a Global Threat

Here’s a simple scenario: These cybercriminals are going to first break into a computer in Buenos Aires, then they’re going to hop to a computer in Italy, from Italy they’ll go to London, and then they’ll go to the bank they want to take over in New York. Now you have an international criminal investigation and the evidence is incredibly ephemeral. For some in different parts of the world, the whole concept of a cyber world of Internet and computers is so new. They have absolutely no laws against cyber crime. If we don’t have legal framework that allows the countries to cooperate then the victim can’t do much about the attacker. We don’t have a set of frameworks that address the full range of cyber hazards.

The technology is developing way too quickly for us to rely upon legal instruments to fix this problem. Beyond that, most of the world’s information is not encrypted – whether it be your credit card number, your personal data or your health records. We have the attackers running very very quickly and its extremely difficult to defend against them. The real question for us is, “Do I feel safe in this online environment?”

There’s never been a better time for exponential change in the cyber security world. I think the next big cybercrime technology should be a safer Internet. What do you think?

– M

How to Prevent Identity Theft

Today’s post comes from our friend Michael, a business owner who does catering in Champaign, Illinois (quite a fancy place, I hear). But like the rest of us, he’s a part-time cybercrime enthusiast. He’s kindly provided five tips for how to prevent identity theft, just as a reminder for all of us.

Simple Tasks Can Lead to Complicated Problems

Tasks as simple as buying gas or using an ATM can put you at risk for identity theft. Criminals are smarter than ever, staying current with new technologies and continuously finding new ways to commit crimes. So, here are five tips to help you prevent identity theft and avoid becoming a victim.

5. Look out for skimmers. These virtually undetectable devices are commonly placed on credit card machines, at gas pumps and on ATMs. They’re disguised as part of the machine and are positioned right over the slot where you insert our credit or debit card. If you’re using ATMs, check to see if the card slot looks in any way suspicious. Alternatively, go into stores and get cash back at the register.

4. Change usernames and passwords often. Frequently change your usernames and passwords to websites that contain your personal information such as online banking sites.

3. Don’t respond to emails, text or phone calls with personal information. This is called “phishing” as we’ve posted previously about. Not even your credit card company will ask for your full social security number.

2: Check your online account balance and transactions often. Making this a habit will help you catch theft before it gets really ugly.

1. Obtain identity theft protection. Without insurance coverage, recovery is a long tedious process and it can take years to clear your name.

Although these tips will better protect you, insurance companies identity theft coverage includes protection for your family. But review coverage carefully -different companies have different levels of coverage. Most insurance companies identity theft protection is around $25-30 per year and include monitoring services. Many of their systems work 24/7 to let you know of any unusual activity, stopping criminals in their tracks.

To learn more, visit https://www.identitytheft.gov/.

– M

How to Spot Phishing Emails

In today’s post, I’d like to stray from the usual Case Study and share something that I received in my inbox recently: Phishing Emails – you may not see them frequently, but they can be hard to spot (These cyber crooks are gettin’ good these days).

“Phishing” emails are malicious emails sent by criminals attempting to compromise your personal information. And they can seem legit.

Many phishing emails can be disguised as a message from an authoritative entity asking you to visit a website and enter personal information. These websites are set up by criminals to gather personal details which they can then use to hack into your accounts and commit fraud. Some links and attachments in these kinds of emails contain malicious software, known as malware, that will try to install themselves on your computer. These malware can collect data such as usernames and passwords. If you recognize these emails, delete them immediately.

It’s estimated that 156 million phishing emails are sent every day and of those, 16 million get through the protection software, 8 million are opened, 800,000 links are clicked and and 80,000 innocent people fall for scams and give away their personal details. Knowing how to recognize these emails can lessen your chances of you getting caught. Here are some of the signs of phishing emails.

1. Email Address

This is the first thing you should look at. Criminals use two tricks when crafting email addresses – first, they’ll put a real company’s name before the “@“ to make it look credible and second, use a web address similar to the genuine one. For example, http://www.cleanrmow.com is a genuine website and they may have a real email address such as “contact@cleanrmow.com” or “info@cleanrmow.com.” Scammers will craft phishing email addresses almost identical to the real addresses. They could change the letter “L” to an “I” like so: http://www.cieanrmow.com. Or they may change the letter “O” to a zero like this: info@clearnm0w.com. Check these emails carefully to make sure they are the same as the real web address.

2. Generic Greetings

Beware of emails with generic greetings such as “Dear Valued Customer” and similar welcomes. Look for poor spelling, punctuation or grammar. However, you can alway rely on these obvious signs as sometimes scammers go to great lengths to make their phishing emails look authentic as possible. They’ll use the company’s real logo and even the names of people that work there.

3. Sense of Urgency

Phishing emails may use phrases such as “you should update your password immediately” to create a sense of urgency in order to lure their targets into giving away their personal information. They may even use a threat like, “You’ll be fined if you don’t act now.” These scammers may make you feel as if you’re missing our on something, peak your curiosity or use your fears to push you into making an instant response. If you feel you’re being pressured in any way, or that something just doesn’t feel right, be especially careful.

4. Links

If there is a link within the email, hover your cursor over the link to view the underlying address. In other words, check to see where it would take you if you were to click the link.

5. Name

Look to see whose name is at the end of the email. If it’s from a department or team, do they actually exist? If it’s from a person, is their name in the email address and is the email address real?

These are just generic emails which are sent out to large groups of people, knowing that it only takes a few to click to make the effort worthwhile to the scammers.

Spear Phishing

Criminals sometimes target individuals. These cyber attacks are called “spear phishing” and this method is on the increase because criminals know many more people are fooled by them. Spear phishing emails often use personal information obtained from social media pages to make the emails look more credible. For example, criminals might use your name or tailor the email to reflect things you like; your hobbies, interests, where you live or what is happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

It can often feel like we’re bombarded with emails both at home and at work, and many of them have genuine links and attachments. Be sure to look for the signs of phishing emails and think before you follow any links or open any attachments.

Take care.

– M

Cyber Hacks: The Internet’s Biggest Crime

Instead of sharing a case of cybercrime, today I’d like to do something a little different and provide some advice on how you can prevent yourself from becoming a victim of cyber hacks. 

how to prevent cyber hacksDid you know more than 556 million people are victims of cybercrime every year? That’s 1.5 million victims a day and 18 victims per second. Recently, cybercrime surpassed drug trafficking as a criminal money-maker. It’s a hot topic in the news and can affect anyone. How can you protect yourself?

1. Monitor your credit card statements weekly and flag any questionable activity immediately. Credit card fraud is one of the most common cybercrimes.

2. Create strong passwords and change them every 90 days. Avoid using your name, birthdate or initials.

3. Check for secure wireless connections when working in public places like a coffee shop.

4. Keep an eye out for phishing emails, lock your laptop and read privacy policies when shopping online. Phishing is defrauding an online account holder of financial information by posing as a legitimate company.

5. Only share personal information on encrypted websites. Look for “https” at the beginning of the web address. For example, a website with a web address that looks like http://www.cellphonerepairpcola.com is not an encrypted website. But a web address such as https://wordpress.com will take you to a site that is encrypted.

Continue reading Cyber Hacks: The Internet’s Biggest Crime

Credit Card Heist

Banks, credit card companies, and major businesses take large measures to protect themselves against cyber attacks. Still, very little stops the best of hackers from infiltrating and getting around the most sophisticated technology.

“The hacker underground has developed various weapons in cyber space that allow them to bypass encryption and thus get into these systems and steal your funds. The average loss associated with a cyber heist is $1.3 million – compared to the average bank robbery in the physical world where you have a gun or a weapon, is only $6,000 to $8,000,” says financial security expert Tom Kellermann.

Cyber robbery is a criminal industry with staggering rewards. In 2005, a Miami-based hacker made history by pulling off one of the biggest online bank heists of all time. But he’s far less known than the likes of Bonnie and Clyde or Billy the Kid. Hacker Albert Gonzalez would drive through Miami’s shopping districts, hacking into store’s wireless networks. He wasn’t sealing their money – he was fishing for credit card numbers, and he’d struck the mother load.

Continue reading Credit Card Heist

Still on the FBI’s Wanted List

Years prior to the existence of a Russian Business Network, a small Internet Service Provider hosted in a neighborhood basement in Ohio earned the bad boy rep as the first black-hat hosting company. This ISP was an asylum for hackers and packet monkeys to attack an unsuspicious internet. Foonet hosted clients including Carder Planet — the staunch “carder forum” for credit card hackers — and its IRC (Internet Relay Chat) servers were home to where legendary German hacker Axel “Ago” Gembe managed his Agobot network of Windows boxes that he had gained control over.

Following two raids by the FBI, in 2004, Foonet’s founder and some of the staff were charged for this infamous DDoS-for-hire scheme that simultaneously shook Amazon.com and the Department of Homeland Security. To add the craziness of this case, the owner of Foonet, Saad Echouafni, missed out on $750,000 in order to escape the FBI. He still remains on the “wanted list” today.

So what is Scene of the Cybercrime anyways?

This blog, Scene of the Cybercrime, is home to my “investigative reports” and comments on the biggest, dirtiest and most interesting cybercrimes in history. For years I’ve been following cybercrime simply as a hobby of mine because I find it so intriguing. Now I’ve decided to blog about it and share my perspective with the world. Cybercrime is fascinating. Think about it – there’s an entire world on the other side of your computer screen, an imperfect world where crime is just as common as it is in real life.

We live in one of the most interesting times in human history. I can talk face to face with my friend living on the other side of the planet through my handheld supercomputer while simultaneously sending a typed message to my cousin in California. It’s futuristic. It’s uncensoredIt’s beautiful. 

Join me as we dive into some extraordinary cases of cybercrime. I’ll be posting interesting stories on phishing, identity theft, hacking, cyberterrorism, and much more. Some days I’ll comment on current events concerning the latest cybercrimes and others we’ll go back in time and examine historic cybercrimes that shaped the future of Internet as we know it.

Stay tuned, and thank you for visiting.

– M