Category: Identity Theft

Online Banking & Security Q&A

From USA TODAY

url

Approach your online security with the right frame of mind.

Q. What’s the safest way to do my online banking: over a wired connection, powerline networking or Wi-Fi?

A. The answer doesn’t matter as much as you might think, but asking the question does mean you’re approaching your online security in the right state of mind.

Overall, a wired ethernet link is more secure than either Wi-Fi or powerline networking, in which the electrical wires in your home carry Internet data. To compromise an ethernet network, an attacker needs to get into your house and plug in a laptop, while Wi-Fi signals go beyond your home and powerline networks can leak information to adjacent dwellings.

Both Wi-Fi and powerline setups come with encryption options to scramble data flowing over the network; once you switch them on, an attacker would need to know the password to break in. But Wi-Fi’s obsolete WEP encryption can easily be defeated — and is still presented as a valid option in routers’ setup routines.

Furthermore, if you leave a router on its default administrative password, somebody who connects to your network can also monkey with the router’s settings to redirect your traffic to rogue sites. For much the same reason, you shouldn’t automatically trust third-party wireless hot spots.

Financial sites use encryption of their own to scramble data flowing to and from your computer — as reported by your browser with a lock icon in its toolbar that, when clicked, should display an info sheet including the bank’s name — and that should almost always outweigh the security of your local network.

(A determined attacker could defeat a bank’s login security by persuading a user to connect to a router running malware that subverts this encryption, but this seems to have been a theoretical exercise to date.)

Your local network, however, makes up only one part of the “attack surface” of online banking, and it may not be nearly as profitable as two others: your computer and your mind.

If an attacker can get a keylogger on your computer to record your keystrokes, the strength of your bank’s encryption and the complexity and novelty of your password won’t matter at all — each tap of the keyboard will have already been recorded and transmitted.

That’s why it’s important to keep up with security updates for both your operating system and your browser (if you haven’t disabled Oracle’s vulnerability-prone Java Web plug-in, now would be a fine time to do so).

And if an attacker can fool you into typing your username and password into a phony site by sending you a phishing e-mail, your security-fix fastidiousness won’t matter either.

You can thwart phishing attacks with the extreme measure of using a separate computer for online banking and nothing else (recommended at a panel on identity theft that I moderated earlier this month) or the lesser step of throwing a Linux LiveCD into your regular PC and booting off that for online banking sessions isolated from your usual software. But it’s just a little easier to remember this basic rule: Never log into a bank account by clicking on a link sent in an e-mail.

If you’re not sufficiently depressed about the state of financial security online, Target’s massive credit-card breach — apparently executed by exploiting the retailer’s in-store systems — offers a reminder that many account compromises happen in places we can’t control.

And the best way to watch for them is to monitor your account for unusual transactions — which means you should do more online banking, not less.

TIP: ENABLE YOUR BANK’S TWO-STEP VERIFICATION

Many major sites, from Facebook to Google to Microsoft to Yahoo, now allow “two-step verification” to protect users’ logins from the loss of a password. That option requires users to vouch for all logins, or only those from strange computers or locations, by typing in a one-time password sent to their phone via text message or to a specialized app like Google Authenticator.

Most financial institutions, however, have yet to tune in to this trend. There’s Bank of America’s SafePass, CitiBank’s identification codes Ally Bank’s Security Code, and not much else. But if your bank offers this option — which may require looking around its site — you should enable it right away. And if it doesn’t, you might want to ask why.

Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at rob@robpegoraro.com. Follow him on Twitter at@robpegoraro.

Craigslists—Love it or Fear it?

Craigslists—Love it or Fear it?

Craigslist; seems most things bought or sold are found on Craigslist. Once a popular internet site for people to sell, buy or barter merchandise or services, it has evolved into a dangerous place for some. I’m not putting Craigslist down; in fact I still use it all the time. It’s a great place to sell, buy or give away stuff, or to find people for services you need such as garden work, hauling or skilled workers. Awhile back Craigslist became a popular place for erotic services which became a cover for prostitution. While there are still sex-for-hire ads hidden in certain categories, Craigslist took steps to reduce the amount of blatant ads for sex services.

Searching for sex from Craigslist ads is a dangerous thing to do. A lot of people are robbed or assaulted when they show up at a motel or a prostitute comes to their home. Many times the young lady someone thinks is coming over to give them an erotic massage with a happy ending brings her male friends with her who end up robbing and beating them. Are there legitimate ads for massages and casual encounters on Craigslist? Sure, but there are also a lot of criminals lurking and waiting for unsuspecting people to answer their fake ads so they can rob them. And it usually goes unreported because very few people who become victims report the incident to police due to the embarrassment or they don’t want their “significant other” to find out they were looking for sex elsewhere. Bottom line is Craigslist is a dangerous place to solicit strangers for erotic encounters.

Fake ads for rental property have really increased lately with all the foreclosed and abandoned properties out there now. Criminals break into a vacant home, change the locks, and then advertise the property on Craigslist as a rental. They request cash for 1st, last and security deposit and provide a bogus lease they printed out from the internet. The suspects then disappear with disconnected phone numbers and the unsuspecting victim gets kicked out of the house by the bank.

As for selling or buying merchandise, Craigslist is still a great place but it has also become a place for criminals to find unsuspecting victims. Criminals post merchandise with “too good to be true prices” and agree to meet the unsuspecting victim in a parking lot or shopping center. The criminals know people shopping for cars, motorcycles or electronics will show up with a pocketful of cash. Recently there have been dozens of incidents of people being robbed at gunpoint or by force when they arranged a meeting to sell or buy a laptop, ipad, motorcycle, car etc. The criminal pulls a gun and either takes the property someone is selling or takes the cash someone brought to buy an item.

We had an incident in our city where a person was selling a motorcycle and he arranged to meet the buyer in a parking lot late at night. The “buyer” and seller agreed on a price and the buyer handed the seller the cash. Immediately two other suspects walked up and pulled a gun robbing the seller of the money that was just handed to him. The “buyer” took off on the motorcycle and the suspects took off with the cash. Luckily the dumb suspect used a real phone number when he arranged the sale so police were able to use the GPS feature to track him down and recover the motorcycle. It was all a planned scam and pre-arranged robbery.

The most common robbery is when unsuspecting victims arrange to sell or buy a laptop or other electronics and are asked to come to an apartment complex. When they arrive they are met out front or in the parking lot by suspects with a gun who take their property and cash. It still happens daily even though the incidents are usually in newspapers or on the news. Some police departments with large numbers of Craigslist robberies in their cities have offered their lobby to conduct transactions.

While some criminals use Craigslist to find victims, there are also people out there who use Craigslist to deceive people. I recently looked for an older Honda to buy as a commuter car and I decided to purchase a 30-day CarFax service to run license plates and VIN numbers of cars I was interested in. I couldn’t believe the fraud I found;

Cars advertised with 95K miles or low mileage actually had 200K+ miles according to CarFax records.

Cars advertised with clean titles actually having salvage or junk titles according to Carfax.

People saying they were the original or 2nd owner while Carfax showed 12+ previous owners.

Cars advertised as “recently passed smog” actually showed numerous failed smog tests and were labeled a gross polluter according to Carfax.

Cars advertised as never being in an accident were found to have accidents with major damage listed on Carfax.

The amount of cars advertised with false mileage (actual mileage much higher) or false information that was caught on Carfax was shocking. If I didn’t use Carfax I could have easily been duped. While Carfax may not catch everything, it was the best $50 I ever spent, saved me from buying a lemon or someone else’s junk.

Criminals will always find new ways to find unsuspecting victims and Craigslist happens to be an easy way to find victims for them. While Craigslist is still a great place to buy, sell, barter or find services, you need to take precautions.

· If it seems too good to be true follow your instincts. Criminals advertise non-existent cars and merchandise at ridiculously low prices to attract a fast victim. A 2004 Honda Accord for $5000 or a high-end laptop for $500 will attract many people with a pocketful of cash.

· Be wary of sellers or buyers wanting to meet you at nighttime or want to meet in a parking lot like an apartment complex. Offer to meet in daytime at the local police department lobby. Or meet inside a Starbucks or other business where there are a lot of other people around. If it’s a criminal looking for a victim they probably will refuse to meet at safe places like that. If a seller offers to meet you at their residence it’s much safer than a parking lot.

· Don’t fall for “too good to be true” prices. It may be stolen property you are purchasing or you are being set up for a robbery.

· Don’t solicit sex from Craigslist. While some people may have had uneventful encounters in the past it’s a matter of time before they get robbed.

· Verify the license plate or VIN number of big purchases such as a motorcycle or car to make sure it’s not stolen. Make sure the seller has a title that is preferably in their name. Never give cash in advance without a title.

· Be wary of taking a pocketful of cash to buy a car. In the least, leave the money in the trunk of your car or locked in the glove box until you feel the sale is legitimate. Or see if the seller will accept a small deposit and arrange another meeting at a police department or busy location to finish the transaction if you feel more comfortable.

· If possible do not go to transactions alone, go with another person.

· Keep serial numbers and model numbers of property you are selling. If you do get robbed the police can enter the information into the stolen property system.

· Verify rental property before you give a large amount of money to someone. Be wary of a renter wanting all cash for deposits. Ask to see a driver’s license and copy down the license number, name and address. Also copy down the license plate number and description of the car the person showed up in. In the event you were duped at least the police have a lead to go on.

· If buying a car, get it checked out by a mechanic. If that is not possible, at least run a Carfax on the car to find the history on it. If you purchase Carfax (one time and unlimited 30-day option) it shows you how many previous owners, any damage or accidents reported to them, if the title is clean or salvage, passed and failed smog checks, service records, mileage inconsistencies etc. It really can steer you away from someone trying to deceive people to unload a junker. Also be wary of people selling a car that is not in their name or one they have only had a short time. These people usually buy a wrecked junker, put a few parts on it to make it look OK then flip it for a profit. The car may have major problems or damage that isn’t visible.

Bottom line is being careful. Craigslist can be a wonderful place for some and a bad experience for others. Be careful; use your head and common sense.

4 risky places to swipe your debit card

Debit cards are different

images

Would you give a thief direct access to your checking account?

No? Unfortunately, you may be doing just that by regularly using your debit card. Debit cards may look identical to credit cards, but there’s one key difference. With credit cards, users who spot fraudulent charges on their bill can simply decline the charges and not pay the bill. On the other hand, debit cards draw money directly from your checking account, rather than from an intermediary such as a credit card company.

Because of that, even clear-cut cases of fraud where victims are protected from liability by consumer protection laws can cause significant hardship, says Frank Abagnale, a secure-document consultant in Washington, D.C.

He cites the example of the The TJX Companies Inc.’s T.J. Maxx data breach that exposed the payment information of thousands of customers in 2007. The incident resulted in $150 million in fraud losses, and much of it was pulled directly from customers’ bank accounts. While credit card users got their accounts straightened out and new cards in the mail within a few days, the case created major problems for debit card holders who waited an average of two to three months to get reimbursed, Abagnale says.

While debit card fraud is always a possibility, being careful where you use it can help keep your checking account balance out of the hands of criminals.

Read more: 4 Risky Places To Swipe Debit Card | Bankrate.com http://www.bankrate.com/finance/checking/risky-places-swipe-debit-card-1.aspx#ixzz20AEtVzsM

If you are a Twitter user–please do not do this:

http://twitter.com/#!/NeedADebitCard

This page is dedicated to those who post photos of their Debit cards online.

2012-07-03_085457