As Debit Cards Use in Online Shopping Increases, So do Risks

March 3, 2010

Debit cards are rapidly growing in popularity according to a new study by Javelin Strategy & Research. While 70% of consumers used a credit card to make purchases in 2009, 51% used a payment service like PayPal and a surprising 55% used debit cards – which potentially carry significantly higher risks as debit cards do not provide the inherent protection that credit cards carry.

Online users largely unaware of the increased risks of using debit cards for purchases.

When using a credit card, you are using an extension of credit from the bank. The most you can be liable for is $50 if it is fraudulently used. If the card is stolen or abused, it is the bank’s money was stolen – it did not come out of your checking account.

Stolen or abused debit cards on the other hand, charge or debit your account at the moment of the transaction – and getting it back is far from guaranteed.

According to the Electronic Funds Transfer Act, notification of the theft of your debit card (or your debit card number and PIN) is given within two business days of discovery of the loss or theft, you may only be liable for $50. If you do not notify them within the two-day limit, you could lose up to $500. The kicker is that you may not know within two days that abuse has occurred – do you check and reconcile your account balance daily?

Finally, If you don’t report any unauthorized transaction that appears on your statement within 60 days of receiving it, you risk unlimited loss on transfers made after the 60-day period. The result can be that you lose all the money in your account plus your maximum overdraft if you have one.

In spite of the increased risks, the study reports that debit card purchase volume rose 21.3% between 2008 and 2009, equaling a jump from $47 billion to $57 billion USD, and debit card purchase volume is expected to increase 42.5% to $67 billion by the end of 2010.

Looking at projections for 2014, debit card purchase volume is expected to grow 123.4% from its 2008 level to $105 billion USD.

How debit card numbers are stolen online

There are a variety of ways in which debit card numbers and PINs can be stolen online. If your computer is infected with malware, you may be the one providing this information to thieves directly. If the site you purchase from is unethical, or one of the workers in that company is a thief, it may be stolen as part of your transaction. Or, if the ecommerce site is hacked, your debit card information can be stolen by the hackers.

In some attacks, millions of credit and debit card numbers have been stolen in single hacking incidents. For the credit card users, this can represent a real hassle – and a $50 loss. For the debit card users, the financial impact can be devastating.

The safest course is to use a credit card, or a Payment Service for online transactions.

Should you choose to use your debit card, check with your bank to understand exactly what protections they afford – some banks do provide better protections for their debit card holders than the law requires. Then, vigilantly monitor your account for unauthorized activity so that you can report any problems within the required reporting windows.

Linda

Comments Off | In The News | Tagged: , , , , | Permalink
Posted by reallylooksbothways

Beware of con artists on the prowl on Facebook

February 26, 2010

Beware of con artists on the prowl on Facebook

I was interviewed for this article and TV segment by Connie Thompson from Fisher Communications. Below is the story in its entirety, including a link to the video segment.

Video

Cyber con artists turn your Facebook into an open book. They hack into your Facebook account and pretend to be you. Once they take over your Facebook account, hackers can often take control of your e-mail.

Their ultimate goal is to turn your Facebook screen into a cash machine either through identity theft or other forms of fraud.

Depending on your privacy setting and who you let share your information, every posted photo, every friend, each seemingly innocent message can give scammers the information they need to compose a story.

The typical communication explains that you’ve had an emergency in another state or country and need money. Friends and family who panic and want to help may wire money to the scammer, thinking they’re talking to you.

“In many ways we make it very very easy,” said Internet safety and security expert Linda Criddle.

The former Microsoft analyst is now an author and consumer advocate who specializes in educating children and adults about the different ways scammers can target you online. Social networks are a fertile hunting ground.

Internet security experts say 2010 could be a banner year for scams on sites like Facebook and Twitter, because of their popularity.

On Facebook alone, there are more than 350 million users- sharing their pictures and information with friends, who share with their friends, who share with their friends.

It’s an information gold mine for a hacker tactic known as “screen scraping.”

“It means that you are literally gathering, collecting all the information you can find on a screen.” explained Criddle.

People share information about hobbies, family background, employment, vacation plans, last names, nick names and more. Photographs and videos can reveal even more information you don’t even realize you’re providing.

“Gathering that information off these social networking sites is quick. And what you don’t share about yourself, your friends probably did, Criddle added.

And if just one person on your list takes the bait the scammers almost instantly get thousands of dollars, especially if they can get the name and phone number of an older relative in a different state.

Scammers like to use the telephone with older people, because seniors tend to respond to the “person to person” approach. They get caught up in the emotion. They’re sympathetic toward their relatives and are more likely to keep things a secret when asked not to say anything. That makes the victim less likely to call their family member at home and check on them.

The scammers explain they need money wired through Western Union. By the time the friend or family realizes it was a scam, the money’s gone. Police say caring relatives in particular- are sitting ducks.

Facebook is aware of the problem. Spokesperson Simon Axten offered the following e-mail reply in response to our questions:

“This is a very low-volume attack, affecting only a small number of people. However, we’re concerned about any potential security threat, and we’re taking this issue very seriously. Our team has analyzed the trends of these attacks and is using this information to surface compromised accounts before the scammers get very far.

When we find these accounts, we disable them and attempt to get them back to their rightful owner. In many cases, the scammer has changed the password or added a new contact email to attempt to maintain control of the account.

To combat this, we notify people when their account is modified and empower them to reverse the changes or disable the account entirely. We’re reminding people to be very suspicious of anyone, even friends, who ask for money over the Internet. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends).If you see something that looks amiss with your account or a friend’s, please report it to us through the form in our Help Center.

These and other security tips can be found on our Facebook Security Page. We’ve also published a blog post about the scam.”

Specific things users can do to protect themselves:

  • Be suspicious of anyone – even friends – who ask for money over the Internet. Verify their circumstances independently (e.g. call them or mutual friends).
  • Choose a strong password and use unique credentials for each of your web accounts (we believe users are being phished on one site, and the bad guys are then trying those credentials on another).
  • Use an up-to-date browser that features an anti-phishing blacklist.
  • Use and run anti-virus on your machine.
  • Reset your Facebook password if you suspect your account has been compromised.

Specific actions Facebook has taken:

  • Adjusted and updated our sophisticated security systems to also detect and defeat these smaller-scale attacks.
  • Improved our prioritization systems so we can help impacted users more quickly.
  • Instituted changes to notify users when their account is modified and empower them to reverse the changes or disable the account.
  • Worked with law enforcement to investigate cases and with Western Union (a wire transfer company commonly used by the scammers) to improve education. With our help, Western Union has posted a warning about this scam. Western Union has also alerted its branches in London, where the scammers are picking up the money.

Comments Off | In The News | Tagged: , , , | Permalink
Posted by reallylooksbothways

Google Apologizes Over Buzz Invasion

February 20, 2010

Attempting to stem the furor over Buzz, Google apologized to users for what many consider an invasion of privacy in their heavily criticized auto-follow feature represents in default mode. Just two days after Buzz launched, Google had to scramble and release its first major privacy update.

Speaking to the changes, Todd Jackson, product manager for Gmail and Google Buzz, said that instead of automatically connecting people, Buzz will in the future merely suggest to new users a group of people they may want to follow or be followed by.

What’s Buzz?

Buzz, if you haven’t heard of it, is Google’s attempt to take on Facebook, Twitter, and Friendfeed’s roles in social media, while strengthening its position as the default for all consumer interactions. Just as Microsoft bundled Excel, Word, PowerPoint, Access and Publisher back in 1994 to create a ‘productivity suite’ called Office, Buzz is Google’s attempt to bundle their standalone communication and sharing services including Gmail, Picasa, Flikr, Google Reader, and YouTube. The goal is to provide a more seamless experience for users that lock consumers into all their services rather than forfeiting customers to other standalone products.

So what’s the Privacy uproar about?

Until now, consumers could assume their Gmail emails were private – except for the data mining of your email that Google performs so they could target ads at you – but other than this, your emails were private. (Note: I find the invasion unacceptable and choose not to use Gmail for anything other than test purposes).

With the advent of Buzz, this assumption of privacy was trashed. Critics argue that Google’s decision to form social networks on e-mail and chat messages as is flawed because unlike social networks that make a person’s list of friends and followers public, Buzz also creates networks based on content found in e-mail conversations.

As Miguel Helft put it in his New York Times articleE-mail, it turns out, can hold many secrets, from the names of personal physicians and illicit lovers to the identities of whistle-blowers and antigovernment activists. And Google, so recently a hero to many people for threatening to leave China after hacking attempts against the Gmail accounts of human rights activists, now finds itself being pilloried as a clumsy violator of privacy.”

Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group in Washington said, “E-mail is one of the few things that people understand to be private. People thought what they had was an address book for an e-mail program, and Google decided to turn that into a friends list for a new social network.” Rotenberg also announced his organization plans to file a complaint with the FTC claiming that the Google’s use of e-mail conversations to build a social network was unfair and deceptive.

The privacy improvements introduced by Google now give people options up front as they use the service for the first time. These include an option to make the list of those you follow and those following you private or public. You can also now choose to block people not on your Buzz or Google profile, and you can separate your lists by those who already have public Google profiles vs. those that don’t. Learn more in Google tweaks Buzz privacy settings

This isn’t the first time Google has released a new product with privacy settings turned off by default as a way to quickly increase adoption, nor is Google the only company that exposes consumers first, then pulls back to quell the uproar. You don’t have to look further than Facebook’s latest debacle over changes to their privacy settings, or their Beacon functionality to see how quickly some companies will trade consumer privacy and safety for their own visions of expansion.

Sadly, this won’t be the last time we see a company pull this kind of stunt. Indeed this type of behavior will continue until companies learn that consumers will revolt – and that the damage to their reputation will last a lot longer than the time it takes to implement a feature ‘roll-back’.

Speak up and demand companies provide clear choices to consumers BEFORE implementing changes that affect privacy, security, or safety.

Linda

Comments Off | In The News | Tagged: , | Permalink
Posted by reallylooksbothways

Using the Internet Safely for Seniors for Dummies now available in French!

February 20, 2010

I’m thrilled to be able to announce that Wiley Publishing has translated Using the Internet Safely for Seniors for Dummies into French. The book, launched this month is available through standard online stores like Amazon.com and Barnes&Noble.com.

Enjoy

Linda

Comments Off | In The News | Permalink
Posted by reallylooksbothways

New Ad Council Message – Beware What you Share

February 19, 2010

The ad council and their Internet Safety Coalition have worked for over a year to create researched, meaningful, messaging for youth about online behaviors and safety.

The result is a new campaign with the tag Beware what you share.  The accompanying text is “Every time you write, post, or send anything digitally, it creates the real-life impression people have of you. So, proceed with caution. Your messages and images may get passed around, even if you think they won’t.  Once you hit “send,” it’s out there forever.”

As you talk to youth, this is a great message to convey. It isn’t fear based, it is actionable, and research testing shows that it resonates well with the audience.

Looking for more Public Service Announcements on Internet Safety from the Ad Council? Check out http://www.adcouncil.org/default.aspx?id=56

Linda

Comments Off | In The News | Tagged: , , , | Permalink
Posted by reallylooksbothways

School accused of spying on kids via school issued laptops with webcams

February 19, 2010

In what appears to be a shocking case, a Philadelphia family has sued their school district for using webcams in school-issued laptops to spy on students and their families in their homes.

According to an article in the Seattle Times, the family discovered that webcam images had been taken from inside their home when the vice principal told child that school officials thought he had engaged in improper behavior at home. The vice principal “cited as evidence a photograph from the webcam embedded in minor plaintiff’s personal laptop issued by the school district,” according to the law suit. The vice principal later confirmed to the family that the school had the ability to activate the webcams remotely, according to the suit, which was filed Tuesday and which seeks class-action status.

The Lower Merion School District officials stated that the Apple laptops given to approximately 2,300 students in the districts two high schools “contain a security feature intended to track lost, stolen and missing laptops.”

The security feature was intended to only be activated “if there was a report that a computer was stolen. The next time a person opened it up, it would take their picture and give us their IP [Internet protocol] address, the location of where it was coming from” according to Virginia DiMedio, the school district’s technology director until she retired last summer.

She said that feature had been used several times to trace stolen laptops, but there had been no discussion of using that capability to monitor students’ behavior. “I can’t imagine anyone in the district did anything other than track stolen computers,” she said.

The class action lawsuit raises additional concerns about school-issued laptops, according to Kevin Bankston a senior staff attorney for the Electronic Freedom Foundation. “I’ve never heard of anything this egregious. Nobody would have imagined that schools would peer into students’ private homes and even bedrooms without any kind of justification.”

School officials said Thursday that the tracking feature was deactivated and would not be reactivated “without express written notification to all students and families.”

This case bears close scrutiny and gives reason for every family with a school laptop to question their school’s policies and remote access capabilities – and perhaps place tape over the webcam.

Linda

Comments Off | In The News | Tagged: , , , | Permalink
Posted by reallylooksbothways

Mitigate Risks When Using Shortened URL’s

February 11, 2010

Lengthy URLs are hard to share with others, difficult (if not impossible) to remember, are more likely to break in emails, and can simply be too long to fit into short messaging sites like Twitter – which limits posts to 140 characters. To solve all these issues, several great free programs are available to shorten URL’s.

Of course, criminals are not stupid. Internet tools that are helpful for good users can be even handier for crooks. Spammers, scammers, ID thieves, etc. use URL shortening tools in hopes of increasing your likelihood of landing on their malicious sites.

For example, if you received an email, or saw a posting saying “hey, check out these cool cartoons” and saw the URL you were directed to click on was http://let-me-give-you-a-nasty-virus, you wouldn’t click on it. However, if the URL was shortened to look like http://bit.ly.12xtdf, you might not take the same care – even though it takes you to the exact same malicious site.

To reap the benefits of shortened URL’s without falling victim to criminals, stick to the advice that you only click on links from trusted sources, or on trusted sites – or find the site yourself. The trick is how to find out what site is hidden behind that shortened URL begin testing it for safety….

Below are the instructions for creating a shortened URL, AND for discovering the safety of a shortened URL:

Creating a shortened URL:

  1. Begin by selecting a URL shortening service like TinyURL, Doiop, MemURL.com, ReadthisURL, dwarfURL.com, or bit.ly
  2. Enter the full length URL into the specified field
  3. Create a short name (optional in some, not available in other products)
  4. Then, press the button to generate the new, shorter version

My personal favorite URL shortener is TinyURL.com because it offers two great features. (Note: my views are my own, I do not accept remuneration to promote any service) The first great feature is the ability to customize your shortened URL, which is a whole lot more intelligible than the automatically generated random number and letter sequences the service creates on its own.

The second great feature is their preview option. Though it adds 8 additional characters, using the preview feature allows recipients to see the original URL of the site they will be taken to if they proceed. See the example here:

Discovering the safety of a Shortened URL:

If the shortened URL was created using TinyURL, and the creator used the preview feature, click on the preview link. It will take you to a landing page that shows the full URL address (see image). You can compare this to the original URL in the previous image and see they are a match.

To discover where other shortened links are going to take you requires using an “UNshortening tool”, several of which are also free.

If you frequently consider clicking on shortened links, installing a free tool like UnShortenEmAll, TinyURL Decoder Expand url shortening service urls make a lot of sense, these will either automatically display the URLs in their original form, or show you the real URL if you hover over them. All of these require that you download a Greasemonkey plugin to your Firefox browser to run, but they’re easy to install and use.

If you only occasionally consider clicking on shortened links, the website Unshorten.com may be just right for you. To use it, simply enter in the shortened URL, and it will return the real location as shown in the image below:

Keep in mind that simply discovering the full URL, does not mean the site is legitimate – it just means you’re ready to use standard methods for determining the safety of a site

Steer don’t be pulled. Once you have found the proper URL, use a search engine – combined with a malware filter like McAfee’s Site Advisor (it’s free) to be sure the site is legitimate before clicking the link.

In the example above, you see that full URL behind the link blogof.francescomugnai.com. To check the safety of this website, I copied and pasted this text into the SEARCH box (not address field) of your search engine and looked to see two things. 1) The site exists, and 2) the site has been tested by McAfee Site Advisor’s malware filters and found to be safe (the little green check mark next to each result is how McAfee’s tool shows the safety or risk level of tested sites.)

Keep your computer protected at all times using anti-virus, anti-spam, and anti-phishing tools and follow these simple safety steps when navigating to websites to have a safer, more enjoyable online experience.

Linda

Comments Off | In The News | Tagged: , , , | Permalink
Posted by reallylooksbothways

Nearly half of Tested Computers Infected with Malware

February 8, 2010

Out of 22.7 million computers tested for malware, 48% were infected according to a new Phishing Activity Trends Report by the APWG (Anti-phishing Working Group).

Is your computer among the infected half?

Are the computers of friends and family members who send you photos, other attachments, and links in the infected half?

Will friends and family infect you – or you them?

Keeping computers and other internet-connected devices free from malware is the responsibility of every single internet user.

A secure computer is critical to protecting your finances, privacy, and reputation. It is critical to being respectful and protective of friends and family. And, it is critical to doing your part as a responsible upstanding digital citizen in protecting the internet for all users, and in defending your country against digital attacks by criminals and terrorist groups.

The battle over the internet continues to escalate

There are many companies, organizations like the AWPG, law enforcement, and government agencies leading the defense of the internet, but these defenders cannot succeed without your help. Every computer or other internet connected device owner must do their part.

Online crime busting is just like our standard crime busting efforts. Law enforcement officers lead the way in preventing and detecting crime, but every citizen needs to lock their doors, protect their homes and families, and report suspicious activity.

If your computer does not have up-to-date security software that automatically updates to keep your computers at the highest level of protection, install it now. If you cannot afford to pay for anti-virus and anti-spyware products, many good options are free.

Linda

Comments Off | In The News | Tagged: | Permalink
Posted by reallylooksbothways

Talking and Driving, a Dangerous Mix

January 23, 2010

The New York Times has compiled a great series of articles on the use of mobile phones while driving. It is a list worth perusing as distracted drivers, particularly those under 30, continue to wreak havoc on the roads.

For a listing of state-by-state cell phone driving laws, go to the Governors Highway Safety Association’s Cellphone Driving Laws Page.

Also, check out my previous blogs:

Linda

Comments Off | In The News | Tagged: , , , , , | Permalink
Posted by reallylooksbothways

Is Using Phone While Walking Too Hard?

January 21, 2010

The New York Times has run an excellent series of articles looking into the risks of using cellphones and other internet connected devices while driving, and they’ve included an interesting article looking at the risks involved when pedestrians use their phones.

“Inattention blindness” is the term for zoning out about your surroundings when preoccupied with something else. It’s the phenomena of finding yourself in the driveway with no recollection of the commute home, and it’s now afflicting pedestrians as they talk – or text – while walking.

According to a study conducted by Ohio State University, just over 1,000 pedestrians spent time in emergency rooms in 2008 because they got distracted and tripped, fell or ran into something while using a cellphone to talk or text. That represents twice the number of reported in 2007, which had nearly doubled from 2006. And that’s just the “tip of the iceberg” said professor of city and regional planning at Ohio State Jack L. Nasar, as most accidents don’t require hospital visits.

Expect the risks to rise as increasing functionality in cell phones and rapidly expanding mobile applications designed to connect and entertain, encourage more people to be looking at their phones more often than the pavement.

Read the full New York Times article here.

Linda

Comments Off | In The News | Permalink
Posted by reallylooksbothways

« Previous Entries