By Comcast Finance

Tue, 22 Jun 2010 18:15:24 GMT

Editor’s Note: This post by Jorgen Wouters originally appeared on June 21 on WalletPop.com.

The FBI is warning consumers to be on the alert for scammers who tie up their phone lines while emptying their bank accounts.

These "telephone denial-of-service" attacks are similar to ones that have been used by hackers for years to crash websites by flooding them with Internet traffic. But high-tech criminals are now using automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting consumers and small- and medium-sized businesses.

The denial-of-service calls, which can include dead air, advertisements or phone sex menus, are actually diversionary tactics designed to tie up a victim’s phone lines. And while the lines are busy, the fraudsters — impersonating the victims — raid their bank accounts, online trading and other money management accounts.

The FBI first learned about this scheme through one of its private industry partners, which told the agency of a Florida dentist who lost $400,000 from his retirement account after a denial-of-service attack on his phones. So how does this "dialing for dollars" scam work?

Weeks or even months before the phone calls start, the FBI warns, a criminal uses social engineering tactics or malware to extract personal information such as passwords and account numbers from intended victims. These victims may have set themselves up by replying to phishing e-mails, inadvertently giving out sensitive information during a bogus phone call, or placing too personal information on social networking sites, which are constantly trolled by cyber criminals. Once the scam artists have enough information, they tie up the victim’s various phone lines and either contact a financial institution pretending to be the victim or siphon off funds from their online bank accounts.

Financial institutions typically call to verify such transactions, but can’t get through due to the denial-of-service attack. If the transactions aren’t approved, the criminals will contact the financial institution, pose as the victim and confirm the transactions. They can also add their own phone number to victims’ accounts, and simply wait for the bank to call and request approval. By the time the victim or financial institution realizes what has happened, it’s too late.

The FBI reports a surge in telephone denial-of-service attacks since April of this year, with reports of numerous incidents in several Eastern states.The FBI has teamed up with the Communication Fraud Control Association — a collection comprised of security professionals from communication providers — to educate the public, analyze patterns and trends of telephone denial-of-service attacks, and identify the con artists and bring them to justice.

The FBI urges consumers and small- and medium-sized business to take the following steps to avoid being a victim of this new scam:

• Never give out personal information to an unsolicited phone caller or via e-mail.
• Change online banking and automated telephone system passwords frequently.
• Check your account balances often.
• Protect your computers with the latest virus protection and security software.

If you think you may have been targeted by a telephone denial-of-service attack, contact your financial institution and your telephone provider, and file a complaint with the FBI’s Internet Crime Complaint Center.

Comments(0)

Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at gnstech@gannett.com.

http://www.usatoday.com/tech/columnist/kimkomando/2010-01-28-online-crooks_N.htm?csp=usat.me

Criminals are getting smarter and smarter. So, these days, it isn’t enough to just run security software on your computer. You need to keep up with the criminals’ latest tricks. Here are six threats to your security and tips for protecting yourself.

Flash drives

Flash or thumb drives provide an easy way to infect machines with malware. It’s no surprise that criminals are using them, particularly to target companies.

TECH TIPS: Ask Kim

Criminals use a flash drive with a company’s logo. They load it with malware and drop it in the company’s parking lot. An unsuspecting employee picks up the drive and connects it to his or her computer. What happens next is the scary part. Criminals gain access to the company’s network — and trade secrets.

Never use a flash drive that you find. If you find one at your company, alert the IT department. It can find the rightful owner or destroy the drive.

Facebook ‘friends’

Everyone seems to be on Facebook. It can be exciting to find new Facebook contacts. But pay close attention to who you grant access to your profile.

If you use your account for business, it can be a gold mine for competitors. You may unknowingly post information about projects that would benefit competitors. Even your contact list says a lot. It can give hints about an upcoming merger or partnership. It can also give criminals inroads at other companies.

That’s not the only danger. Information you post can be used for targeted phishing attacks. A criminal can post a link to a malicious site. It could be a phishing site or a site that installs malware.

Limit what others see and be careful about your posts. You may also prevent others from posting to your wall. Above all, be vigilant.

(Read the article)

Comments(0)

BBC Reprint: 08:12 GMT, Friday, 15 January 2010

Original Article: http://news.bbc.co.uk/2/hi/technology/8459898.stm

Many diallers lurk on sites hawking pornography

As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks.

Security companies have noticed a rise in trojans known as diallers that used to be popular during the days of dial-up net access.

On a smartphone the diallers are being used to call premium rate lines leaving victims with a big bill.

Experts say the diallers are proving popular as a quick way for criminals to cash in.

Diallers were widely used during the days of dial-up net access when most people connected via modem.

Many diallers lurked on porn sites and, once they snared a victim, disconnected their modem and then placed a long distance call. Many victims were left with huge phone bills.

The economics of international calls meant that some of the cash spent on the call would be shared with the criminals. Some diallers were very sneaky in that they muted the speaker on a modem so victims could not spot when the overseas call was being placed.

Now, the security wing of software firm CA has said it is seeing a rise in diallers for smartphones. This time, instead of calling international numbers, the diallers call premium rate lines and land victims with the bill.

Writing on the CA security blog, Akhil Menon said it was seeing a “an increasing trend of trojan diallers”. Mr Menon profiled one such virus, called Swapi.B, which sends premium SMS messages.

“The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent,” wrote Mr Menon.

Many diallers, including Swapi.B, are contracted from porn sites which disguise themselves as software, video clips or helper programs.

Mikko Hypponen, head of research at F-Secure which makes security software for mobiles, said it had seen a “handful” of diallers in recent months.

They were popular, he said, because they get round one of the big problems facing anyone wanting to make money out of Windows viruses.

“PC malware can’t just directly steal money from your machine; it has to jump through hoops like keylogging your credit card number or sending spam,” he said.

“However, mobile malware can just instantly steal from you by making premium-rate calls or messages,” said Mr Hypponen.

Some creators of diallers were also working to ensure that it was hard to shut down the premium rate service they had set up to cash in.

Mr Hypponen said some diallers sent messages or rang many different numbers, including legitimate ones.

“The trojan can place calls to, say, 100 different premium-rate numbers, only one of which is his own number,” said Mr Hypponen.

“How would you fight this? Shut down all the numbers, including the innocent ones?”

Comments(0)

I’m still seeing a lot of fake e-mails from scammers trying to lure people into disclosing their financial information. Not just the guy in Nigeria who wants to split $10,000,000.00 with you if you just send him "good faith" money, but e-mails from what appear to be genuine notices from major banks and credit unions. And some of these e-mails look extremely real. There are many scams on the internet from crooks trying to get peoples personal information and believe it or not, some people actually fall for these scams. If someone banks at Bank of America and they get an e-mail stating that their account will be frozen unless they update their personal information, some people actually enter their account numbers, PIN numbers, Social Security numbers, etc thinking that they are keeping their accounts active. What they are actually doing is providing a thief all the information they need to drain their bank account and open new accounts in their name. Identity theft is the fastest growing crime nationwide. And if you become a victim of identity theft, it takes years to try to straighten out your tarnished credit history. You could be the victim of identity theft and not know about it until your credit history is ruined. A few tips to avoid identity theft:

NEVER, NEVER give out personal information on the internet unless it’s a site you initiated, know and trust. Even then, most just ask for names, addresses and credit card info. Be leery of sites asking for name, date of birth, social security numbers and other personal information. I never give out my social security number unless it is absolutely necessary and I know and trust the company I am dealing with. Most companies have a contact phone number if you are unsure. Banks, credit unions etc will never ask you to update your personal information over the internet. Also be suspicious of phone calls threatening interruption to your phone or utility service unless you verify your personal information over the phone. If in doubt, call your bank or utility company to verify.

Get a copy of your credit report from the three major reporting agencies at least once yearly and verify that all the information is correct. You can get one free copy of your credit report each year by checking with the credit reporting agencies. There are also companies offering services that you can purchase which monitor your credit history and notify you whenever an inquiry is made to your accounts or new accounts are opened in your name.

NEVER give out your PIN number to anyone and do not write it on the back of your card or keep it in your wallet or purse. If someone finds it they can clean out your account. If you need to write the PIN number down to remember it, hide the PIN in a false phone number. (example: if your PIN number is 4419, write a number down such as 516-4419. It looks like a phone number to anyone else but you’ll know the last four digits are your PIN #. Cover the keypad numbers with your hands when entering the PIN number in a store, store clerks already has access to your credit card or ATM number; don’t let them see what your PIN is too.

If a purse or wallet is stolen or lost, report the loss to the credit card companies, banks and DMV immediately. A 2 hour delay can clean out your accounts. I once had a case where $20,000 was charged on various cards within 2 hours of a purse theft. Also report the loss to the local police department if credit cards and a driver’s license is stolen. 

And back to what we originally spoke about, fake e-mails. I’ve seen these for Bank of America, Bank of the West, ebay, PayPal, Wells Fargo, several Credit Unions and many others. They send them out whether you actually bank at these establishments or not, hoping that it will reach some people that will actually fall for it. And they look EXTREMELY real because they use the company’s logos, graphics and other information. Most say there is suspicious activity on your account and your account has possibly been accessed by an unauthorized person. They say your account will be frozen unless you update and verify your personal information by clicking on a link and filling in the information. No matter how real they look DO NOT click on the link or put in your personal information. If in doubt, call your bank or account holder to report the suspicious e-mail. Many companies request that you forward the entire fake e-mail to their security departments.        

I could go on for hours on the topic of identity theft and the nightmares it creates but just use common sense to protect your personal information. Check out the rest of our web-site for lots of FREE safety information. While your browsing our site, check out our book "Coptalk" to find out how to keep yourself and loved ones from becoming victims of crime. In this day and age, there is no Mayberry left. Protect yourself and keep yourself safe.

Mark
Coptalk.info

Comments(0)