StopSign Internet Security Blog

There’s a threat lurking on your computer right now. A presence so fraught with security holes that to expose it to any malicious element on the Internet would likely result in things such as identity theft, spyware, hacked accounts, and worse. What’s this problem? The problem, my friend, is you.

“Only amateurs attack machines; professionals target people.” Bruce Schneier (computer security expert)

So you’re a danger to yourself and others around you when it comes to Internet security… don’t feel bad. We’re all guilty of it. As humans, we’re notoriously good at being bad: we forget to pick up the milk even though our significant other reminded us, we skip a meal and eat way too much later that night, and we certainly get complacent when it comes to Internet security. And that last thing, that’s what we’re talking about. You can deal with your SO and your doctor on those first two. :)

We’ve talked about social engineering before, which is an easy way for hackers and phishers to get information out of you. Instead of breaking into your computer they attempt to break into you, using emails, instant messages, and in some cases even phones or talking to you in real life (both of which are much more rare, but still possible). Once they have gained your trust they begin to break down walls and get at what they really want: your sensitive information. Passwords, account numbers, access codes… anything they can get their hands on that might prove valuable.

In order to stop these people from breaking into your life, you have to train yourself to jog your brain out of complacency when it comes to Internet security. Three of the easiest ways to lock out the bad guys are:

1. Strong passwords:

   Maybe we’re sounding like a broken record here, but a good password is one of the easiest, and best, deterrents to attacks ranging from account privacy to identity theft. Build yourself a better password.

2. Trust but verify:

   We’re not suggesting that you live your Internet life in a bubble, just use the same precautions you’d use in the real world. Use some of the tips we wrote in our blog post “5 Simple Tips to Staying Secure Online” and that should cover your bases.

3. Lock down accounts:

   Your privacy is one of your most important assets online. For every service you use, from your bank to Facebook, make sure that you understand how their security and privacy policies affect you and lock down information such as your physical address and home phone number so that only people you want contacting you can do so.

Reducing the amount of information publicly available about you and keeping up with a few easy Internet security tips will go a long way to keeping you safe… from yourself. :)

Keep on the lookout for a scam regarding the Verified by Visa program; a legitimate security layer set up to provide increased protection for your data for online purchases. Internet scam artists are sending out spam linking to fake versions of the program that do nothing to protect you.

The Verified by Visa program is part of the 3-D Secure protocol (developed by Visa), with similar programs adopted by Mastercard (SecureCode) and JCB (J/Secure). These programs provide an additional authentication step (i.e. a password request) for your online purchases through participating Internet retailers. This added step is set up to help ensure your identity at the time of purchase. Here’s the official word from Visa:

In addition to our other ways of preventing, detecting, and resolving fraud, we offer Verified by Visa, a free, simple-to-use service that confirms your identity with an extra password when you make an online transaction.

Phishers are casting their lines and looking for new victims. The bait they’re using is usually an email that looks like the real deal, but ultimately leads to a scam website that tries to get you to submit your credit card number and other information under the guise of the Verified by Visa program. Luckily we’ve got three suggestions for you to protect yourself from getting caught by this scam:

1. Scrutinize your email:

   Most phishing attempts start with an official-looking email that requests you to join. However, Visa isn’t sending out emails to customers in order to get them to sign up. The usual way you’d get the Verified by Visa sign up option is through a participating retailer as you begin the checkout process on their website. If you receive one of these emails, call your Visa provider and ask them to verify if the email is legit. Chances are it’s not.

2. Watch where you’re surfing:

   If you do happen to click on the link from your email, be careful. Phishers and other scam artists are great at copying real websites and making their scam version look legitimate. Check the URL, or web address, that you’re on to make sure you’re on the real site. See our blog post entitled “How to Spot a Fake Website” for more information.

   Download StopSign Internet Security software and become a member today. StopSign includes antivirus & antispyware, firewall, and more to help protect you online.
   
   
3. Go to the source:

   If you’re interested in signing up for the program or learning more about it, visit the official Verified by Visa FAQ.

As always, be wary of emails in your inbox asking you to sign up for anything or giving you a link to click on to enter any of your information.

As we get closer to April 15th here in the U.S., tax scams will be on the rise. Every year phishers, scammers, and hackers take to the Internet and attempt to rook as many people as possible into forking over their banking information and hard-earned cash. We’ll give you some pointers on how to detect, and avoid, some of the more common tax scams.

Most tax scams involve someone claiming to be from the IRS, and the scam will more than likely involve identity theft. These scammers pose as legitimate IRS employees and try to fool you into giving them personal and/or financial information. (e.g. passwords, Social Security numbers, PIN numbers, bank account information, credit card numbers, and even your mother’s maiden name) Any information they gain can be used to try to get access to one or more of your accounts and rob you blind. While snail mail scam attempts are not unheard of, it’s much easier for the bad guys to send out false IRS emails or set up fake IRS websites.

When it comes to figuring out if an email or web site is really from the IRS or if it’s part of an elaborate tax scam, there are usually some tell-tale signs to distinguish the fake from the real. First off, if the name of the Internal Revenue Service or any other federal agency is spelled wrong, that’s a dead giveaway. Another common problem is bad grammar and/or odd phrasing of words. Many of the email or website tax scams come from overseas, and non-native English speakers will usually get something wrong when they write the content for their scam.

There are innumerable ways that someone can try to take advantage of you, but here are some of the more common IRS tax and/or refund scams to watch out for:

• Fake Links and Phony Websites: The IRS says that this is the most common tax scam: Someone claiming to be from the IRS and sending out an email promising tax refunds when you click a link in the email and fill out a form on a web page. Phishing scams involving an identical-looking (but fake) IRS website are all too common. Just remember that the only way to get a refund is by sending in your tax return to the IRS, not by clicking a link you get in an email.

  We’ve got a blog post on “How to Spot a Fake Website” that can help you figure out what’s real and what’s a scam.

• Form W-8BEN: Even though form W-8BEN is a real tax form, a rising tax scam is for someone claiming to be from the IRS and asking you to fill out Form W-8BEN. This is particularly nasty because this form requires personal financial details to be submitted, and should only be submitted through your financial institution. (The IRS will never ask you to fill out a W-8BEN form.) In general the IRS doesn’t send unsolicited emails to taxpayers and they certainly don’t discuss or request tax account information via email.

• Fake Refunds: One of the scams the IRS warns taxpayers about are emails or letters promising refunds that don’t actually exist. They could claim to detail some new “economic recovery” law you’re eligible for (and an increased tax refund) if you register your bank account info with the IRS, or they may even offer to pay you to take part in an IRS survey. If you sign up, instead of a bigger refund or a fat check you’ll be funding a scammer for his or her next vacation. If you want to maximize your refund, consider hiring a trusted professional instead of signing up for something from an unsolicited email.

• Virus-infected tax forms: Malware attacks aimed at U.S. taxpayers tend to rise during tax season, and fake W-2 forms in an email can be filled with trojans, spyware, or viruses. Before opening any email attachment, make sure you are expecting an email with an attachment or you may unwittingly give hackers access to your computer. Once they’re on your system, a hacker can install key logging software to capture everything you type (emails, passwords, shopping cart items, Internet searches, etc.) without you knowing about it at all.

• Threatening emails: Some tax scams take a hard-nose approach to their phishing attempts. You could receive an email threatening you with legal consequences if you don’t respond to an e-mail or register on a website provided, which will be conveniently run by the scammer. Things they may tell you that you’ll be liable for include additional taxes, huge legal fees, or a reduction of tax refunds.

As long as there are taxes, there will be tax scams aimed at innocent people. If it sounds too good to be true, it probably is. If it sounds too fishy, it probably is. If you think someone is trying to scam you, or if you think you were the victim of a tax-related scam, contact the IRS, your bank (including credit card companies and other financial institutions if applicable), and your local police department.

It’s hard to believe that in a time of crisis people could stoop so low as to try to scam people trying to help out those in need. The Haitian earthquake disaster of January 12th 2010, however, has seen it’s fair share of scammers preying on those who would help.

If you’re looking for a way to donate to help the people of Haiti, we suggest you go directly to the charitable organization(s) themselves, or through a trusted source, in order for you to not fall for a scam. To help you find a reliable source we have put the links of a few organizations who are taking the donations and putting the money to good use.

• Red Cross Donation Page

  Clicking on this link takes you to the Red Cross donation form online, where you may choose how you would like your donation distributed.

• Google Disaster Relief Page

  You may also visit Google’s page to donate to other charities such as UNICEF and CARE.

• If you’d like a really simple way to donate, you may donate to the Red Cross via a text message. Just text the word “HAITI” to 90999 and $10 will be sent to Red Cross relief efforts.

UPDATE: USA Today has an article about the FBI fielding over 170 Haiti fund-raising scams recently. The FBI has a team of computer analysts and fraud investigators reviewing the scam complaints.

If it’s the end of the year then that means it’s time for Christmas, Hanukkah, Kwanzaa, and the annual ramp up of holiday-related scams, phishing, and other related online naughtiness. If only Santa had enough room on his Naughty List for all of the digital scammers!

It seems like every year the “bad kids” of the online world all seem to come together to get some year-end maliciousness out of their system. Increases in email spam, fake friend requests on social networking sites, and identity theft are part and parcel for the holiday season and this year is no different. If anything the current economic problems in America and the rest of the world make us all more likely to be a victim of holiday scams since we’re all on the hunt for great deals and looking for a way to stretch our holiday budgets.

Here’s a breakdown of some of the more common scams, schemes, and potential problems that you’ll find this year:

• Fake gift cards

  A perennial favorite, fake gift cards are often touted as being sold for cheaper than their original price (e.g. a $25.00 gift card being sold for $10.00), but many times are either completely fake, stolen and worth no money, or have had most if not all of their value used already. We suggest that you avoid these at all cost unless you get them from the store they are actually from (like Amazon.com gift cards) or another reputable vendor.

• Fake charities

  Organizations like the United Way, Red Cross, and Toys for Tots do wonders for people across the country, but be careful when making a donation. Be sure that the representative you’re talking to is actually working for a charitable organization and not his or her own pocketbook.

• Holiday e-cards

  Even though the real ones can be fun, e-cards in general have been known to mask trojans and spyware that are installed on your PC without your knowledge. Be especially careful when you receive an e-card in your inbox during the holidays.

• Lyric websites

  When looking for Christmas carols you might end up finding malware. Many lyric sites are chock-full of advertising, popups, and it’s easy to accidentally click “OK” on a software install button. Be very careful when getting your play list ready for your carolers.

• Fake websites

  These tend to come out of the woodwork and often look very convincing. Identity theft and stolen credit card numbers are the usual gifts that are given to holiday scam artists when they set up a fake website that copies an online store or charitable website. Check out our post on “How to Spot a Fake Website” for additional details on how to know which are fake and which are real.

• Online fraud

  eBay, CraigsList, and other online auction and shopping sites have great deals and a lot of hard-to-find gifts. They also have a lot of fraud associated with them since anyone with an email address can set up an account. Make sure to look for user ratings if possible (eBay in particular has a pretty darn good rating system for buyers and sellers) to see what a seller’s track record is like before you click on the buy button.

We hope that you find these tips useful this holiday season, and we wish you and yours the very happiest of holidays! And if you’ve got kids and they’re still young enough to believe in Santa Claus, check out this Naughty or Nice form that asks a few questions and lets them know what list they are on.