Cyber Monday Sales Skyrocket – Now Watch Those Credit Card Statements

December 3, 2011

It has been a profitable week for retailers. According to comScore, online sales rose 22% to reach a new all-time single day high of $1.25 billion. A separate report by IBM’s Benchmark research firm, reported a 33% Cyber Monday increase, but didn’t provide an actual dollar value.

The volume of internet sales highlights the comfort consumers have with online shopping, whether that is via computer, or increasingly, through mobile transactions. Last year 2.3% of Cyber Monday shopping occurred via mobile phone, this year that has increased to 6.6%[i].

Yet in spite of the convenience online shopping offers, too few consumers have adequately protected their devices or their information, too few carefully research the stores and store policies on sites they use, and during this busy season many will fail to closely monitor their credit card statements for signs of fraud. And the crooks are counting on these gaps.

To be safer when shopping see the blog I posted last week titled 6 Steps to Avoiding Black Friday Scams, but after you’ve shopped, stay alert. Watch your credit card statements. Check your credit scores. And act swiftly if something seems amiss.

Take 8 immediate steps if you discover that you have been the victim of identity theft:

  1. Contact the fraud departments of any one of the three consumer reporting companies:
    1. TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
    2. Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
    3. Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, TX 75013
  2. Close any account that you know or believe has been taken over, or been opened by, ID thieves.  Your credit card companies have 24 hour call service where you can report the theft or abuse of your card. Check the statements of any other credit cards you have to see if the thieves have also compromised those cards.  Ask your credit card company to send you any dispute forms you may need to fill out.
  3. Check your credit report to look for credit cards or loans you did not open. By law you have the right to three free credit reports per year; from Experian, Transunion, and Equifax. If you have already used these free reports, pay the few bucks to get your credit scores checked again.All three credit bureaus work together through a website called AnnualCreditReport.com so you can quest one, or all three reports at once in one of the following ways:
    1. Go to the Web site. Through this highly secure site, you can instantly see and print your credit report.
    2. Call toll-free: (877) 322-8228. You’ll go through a simple verification process over the phone after which they’ll mail the reports to you.
    3. Request by mail. If you live in certain states, fill out the request form and mail it to the Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. (Get more details.)
  4. File a complaint with the FTC. A typical police report doesn’t contain the details about fraudulently opened accounts or accounts used by ID thieves. By reporting the ID theft to the FTC and filling out an ID Theft Complaint, you can add the supporting detail to a police report that is necessary to making it an Identity Theft Report.
    1. What should I know before filling out the FTC’s ID Theft Complaint Form?
    2. Instructions for completing the ID Theft Complaint Form
    3. What should I know once I’ve filled out and printed the FTC’s ID Theft Complaint Form?
  5. File a report with your local police. Filing a police report helps document that the crime occurred. Call your local law enforcement office and ask if you can come in and file the report in person or if this needs to be done online or by phone. Some jurisdictions are reluctant to let you file a report, so you may have to contact your state Attorney General’s office to learn whether the law requires the police to take your ID theft report. To find the contact information for the Attorney General in your state you can check www.naag.org.
  6. Notify your health insurance carrier. Identity theft can also be used to commit medical fraud where someone poses as you to have medicines, checkups, even surgeries performed in your name. By contacting your insurance provider, you alert them to take extra precautions and can help prevent receiving a bill for someone else’s medical expenses.
  7. Set up a fraud alert. There are two kinds of fraud alerts, an ‘initial fraud alert’ that stays on your credit report for 90 days, and an ‘extended fraud alert’ that stays on your credit report for 7 years.You can set up an initial fraud alert the moment you suspect trouble – you can’t find your wallet, or you think you have been or will be a victim of ID theft (for example, you receive a notice from a company or bank you use notifying you that their data center has been breached and your information may be compromised).  With this initial alert in place, potential creditors have to take additional precautions to be sure that new credit isn’t given to the ID thieves by verifying your identity.

    To set up an extended fraud alert you have to have been a victim of ID theft and be able to prove this by showing one of the credit scoring companies your Identity Theft Report (see step #4). When an extended fraud alert is in place, creditors are required to contact you or meet you in person to verify your identity before they can extend credit.

  8. Stay alert. Watch for additional signs of identity theft like:
    1. False information on your credit reports, including your Social Security number, address(es), name or employer’s name.
    2. Missing bills or other mail. If your bills don’t arrive, or come late, contact your creditors. A missing bill may indicate that an ID thief has hijacked your account and changed your billing address to help hide the crime.
    3. Getting new credit cards sent to you that you didn’t apply for.
    4. Having a credit approval denied or being subjected to high interest rates for no apparent reason.
    5. Receiving calls or notices about past due bills for products or services you didn’t buy.

Once your identity has been stolen, you should also consider subscribing to a service that will constantly monitor your credit and alert you if something changes. Even though you change your credit card number, you aren’t likely to have changed companies, or changed your name, your social security number, your address, etc., and it is a stupid criminal who throws away such valuable information. In all likelihood, you will remain more vulnerable to future attacks and should monitor and protect accordingly.

Linda

 


Advertisements

Responding to Spam Volumes, Hotmail Adds “My Friend’s been Hacked” Feature

July 21, 2011

Sending spam from legitimate user’s email accounts has become rampant as spammers switch from using botnets. This week alone, I’ve received spam sent via my mother’s and two friend’s email accounts – and received frantic calls asking how to fix the problem. Read more on fixing the problem later in this blog.

To address the nearly 30% of Hotmail generated through compromised accounts, Microsoft has launched a new feature in Hotmail. Called “my friend’s been hacked” and found under the “Mark as” dropdown, a simple click allows friends to report compromised accounts directly to Hotmail.

Microsoft’s Dick Craddock explains that “when you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise.”

Once Hotmail has marked the account as compromised, two steps are taken:

  • The account can no longer be used by the spammer
  • You (or your compromised friend) are put through an account recovery flow that helps them take back control of their account.

What’s really cool about the work the Hotmail team has done is that it can be used to report problems with accounts hosted by other email providers as well. So for example, Yahoo! or Gmail receives a notice from Hotmail if one of their user’s accounts has been compromised and can take action.

Additionally, the Hotmail team has recognized that weak passwords are a large part of the problem – it’s just too easy for spammers to hack flimsy passwords. To address this, the service will soon roll out a new feature requiring stronger passwords. If you’re currently using a common password, you may be asked to strengthen it in the future.

Changing spam tactics

The takedown of the Rustock botnet dealt a telling blow to spammers and dropped spam volumes by almost 30% overnight (see Kudos to MSFT for Strangling the Rustock Spambot) and highlights a vulnerability in the botnet approach. Not only did spammers have to pay to rent the botnets, their distribution method could be shut off in one well-researched swoop.

A report out this month by Commtouch explains this shift in tactics sayingThe move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.

The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.”

What to do if your email account is hacked

  1. Check your security. Most hackers collect passwords using malware that has been installed on your computer or mobile phone. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference
  2. Change your password and make it stronger after your anti-virus and anti-malware programs are updated. Learn how to create stronger passwords in my blog Safe passwords don’t have to be hard to create; just hard to guess.
  3. Practice greater safety online.
    1. Learn to spot spam and scams
    2. Secure your home’s wireless network
    3. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker
    4. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

Linda


Linda Criddle gives both SocialShield and SafetyWeb a test run

April 4, 2011

In an interview for KOMO TV in Seattle, Linda Criddle gave both SocialShield and SafetyWeb a test run. Here’s the article, and a link to the video coverage.

Services monitor kids’ social media accounts for key words

By Connie Thompson, Mar 1, 2011

As many teens will tell you, there are all kinds of ways to keep parents from knowing their social network secrets. A couple of new monitoring services say their eyes can go where yours can’t.

SocialShield and SafetyWeb comb through dozens social networking sites in search of information and photos posted by and about your kid.

They provide parents with daily alerts of key words and phrases and other activity that could signal a problem: depression, profanity, adult interaction, bullying, threats, drugs, alcohol, predators, racism and hate. You have to provide your child’s name and e-mail information for their social network accounts.

Both websites offer a free sample report. So Internet safety expert Linda Criddle gave them a trial run using her own e-mail address. While they identified some of Criddle’s social network accounts, neither site came up with everything.

“Now that doesn’t mean that they can’t do a better job when they are getting more information from a parent to help hone in on who their child is, what their phone number is, all of that information,” said Criddle.

Without conducting a back-end analysis of the sites, Criddle says both sites are a good start at helping parents find potential red flags.

“And what’s exciting with both SocialShield and SafetyWeb, is that they’re sort of the next generation of family safety or parental control tools that are more than just block and filter,” Criddle said.

Criddle stresses that monitoring kids online best done with transparency where the child is aware the monitoring is taken place, and gets ongoing parental guidance about online safety. SocialShield agrees.

“Kids don’t always make the best decisions,” said SocialShield’s Kenny Ossen. “We’re trying to protect kids, make them safer and still let them do what they want to do.”

Ossen says his company’s service is another tool to help parents teach their kids to use social networking wisely and be smart about what they say and do. Since SocialShield was launched last summer, Ossen says the service has help a number of families identify bullying that parents were not aware of, and is credited with helping a couple get help for their son, who they had no idea was suicidal.

But don’t expect monitoring sites to tell you everything your kids are doing online. The services focus primarily on active social network sites- and in some cases texting and cell phone activity — places where most teens tend to gravitate.

Both SocialShield and SafetyWeb charge monthly fees of about $10.


Services monitor kids’ social media accounts for key words

March 6, 2011

In an interview for KOMO TV in Seattle, Linda Criddle gave both SocialShield and SafetyWeb a test run. Here’s the article, and a link to the video coverage.

Services monitor kids’ social media accounts for key words

By Connie Thompson, Mar 1, 2011

As many teens will tell you, there are all kinds of ways to keep parents from knowing their social network secrets. A couple of new monitoring services say their eyes can go where yours can’t.

SocialShield and SafetyWeb comb through dozens social networking sites in search of information and photos posted by and about your kid.

They provide parents with daily alerts of key words and phrases and other activity that could signal a problem: depression, profanity, adult interaction, bullying, threats, drugs, alcohol, predators, racism and hate. You have to provide your child’s name and e-mail information for their social network accounts.

Both websites offer a free sample report. So Internet safety expert Linda Criddle gave them a trial run using her own e-mail address. While they identified some of Criddle’s social network accounts, neither site came up with everything.

“Now that doesn’t mean that they can’t do a better job when they are getting more information from a parent to help hone in on who their child is, what their phone number is, all of that information,” said Criddle.

Without conducting a back-end analysis of the sites, Criddle says both sites are a good start at helping parents find potential red flags.

“And what’s exciting with both SocialShield and SafetyWeb, is that they’re sort of the next generation of family safety or parental control tools that are more than just block and filter,” Criddle said.

Criddle stresses that monitoring kids online best done with transparency where the child is aware the monitoring is taken place, and gets ongoing parental guidance about online safety. SocialShield agrees.

“Kids don’t always make the best decisions,” said SocialShield’s Kenny Ossen. “We’re trying to protect kids, make them safer and still let them do what they want to do.”

Ossen says his company’s service is another tool to help parents teach their kids to use social networking wisely and be smart about what they say and do. Since SocialShield was launched last summer, Ossen says the service has help a number of families identify bullying that parents were not aware of, and is credited with helping a couple get help for their son, who they had no idea was suicidal.

But don’t expect monitoring sites to tell you everything your kids are doing online. The services focus primarily on active social network sites- and in some cases texting and cell phone activity — places where most teens tend to gravitate.

Both SocialShield and SafetyWeb charge monthly fees of about $10.


Average US Teen Sends or Receives 3,339 Texts a month

October 24, 2010

If you think your teen is spending more time texting, you’re right. The average US teen (13-17 years old) now sends or receives 3,339 texts a month according to new research by The Nielsen Company. That represents an 8% increase over last year.

While texting increased in all age groups year over year, teens continue to text more than all other age groups combined.

It will come as no surprise that gender plays a role in the number of text messages sent. Teen girls top the texting chart with an average of 4,050 texts per month, vs. their male counter parts who average 2,539 texts.

Texting now biggest reason teens get a phone

Texting has surpassed safety (which held top spot in 2008) as the primary reason teens get a phone, while keeping touch with friends has dropped into third place.

With the increase in teen texting, voice usage has dropped by 14%. While in previous years texting was considered fun, now 78% of teens find it more functional and convenient; including 22% who find it easier, and 20% who find it faster than talking.

That isn’t to say teens have quit talking, girls average about 753 minutes of gab time a month, while guys use around 525 minutes.

Data and application use increasingly important

A whopping 94% of teens self-identify as advanced data users of messaging, internet, multimedia, gaming, downloading and other activities. Though teen usage is still less than that of young adults, their data usage has increased dramatically; male teens usage jumped from 17MB to 75MB, and their female counterparts jumped from 11MB to 53MB in the last year.

Key drivers of the data consumption increase are advanced smartphones with large screens designed for better data consumption, and the broader range of applications teens are now downloading, including Facebook, Pandora and YouTube. Downloading video, for example, is a particularly heavy data hog.

Increased data consumption signals greater need to help manage and monitor youth’s mobile experience

If you haven’t already adopted mobile safeguards for your family’s phones, it may be time for you to do so.

While mobile malware is still in its infancy, security vendors have seen a huge uptick in mobile attacks since late last year.

While many people have been predicting mobile malware for a while, “this might actually, finally, be the year,” said Tim Armstrong, a malware analyst at Kaspersky Lab, during a meeting of the Messaging Anti-Abuse Working Group earlier this month. Noting that his company identified more than 1,550 mobile malware signatures in September, Armstrong said, “it’s only a matter of time before we see some really huge malware infections.”

Along with increased security, consider what mobile family safety protections you may need (often referred to as parental controls). Several family safety companies are ramping up their mobile services to meet youth’s needs for protection against malicious users, and to filter content that’s inappropriate for minors.

Highlighting the expansion of mobile content categories like user generated content, mobile TV, adult content and gambling, I refer to new data from Juniper Research in my blog Mobile Revenues in North America Projected to Jump to $10 Billion by 2015.

What this may mean to your phone bill

In the face of dramatically increasing data use, carriers are feeling the pinch.

Several carriers have switched, or are considering dumping their all-you-can-eat data plans in favor of requiring consumers to pay by data volume in a tiered pricing structure.

AT&T, which has seen data usage skyrocket with the roll-out of the iPhone, stopped offering new customers unlimited plans back in June. Verizon Wireless, who reports say will begin offering an iPhone early next year, announced in September that they would switch to tiered data plans in 4-6 months.

Sprint appears to be headed in the same direction, as Sprint CEO Dan Hesse said in comments to the press last month, “We can offer unlimited as long as the usage is reasonable. If you run an all-you-can-eat buffet, but you have the New England Patriots come in and the whole team spends a whole day there, I can’t afford to do that anymore.”

While the change from unlimited pricing plans to tiered pricing will save most consumers money, at least from the outset, consumers who are heavy data users may need to either scale back their activities, or get ready to pay more.

This shifting payment structure will unquestionably impact the burgeoning consumer mobile application businesses. Mobile developers experienced a virtual gold rush in the all-you-can-eat environment where consumers could wantonly download their wares without concern for their phone bill. The iPhone store alone offers over 200,000 applications for a phone first launched 4 years ago. Expect the pace of development to slow, or even shrink, as consumers on tiered pricing plans think about the potential impact to their phone bill.

If you’re a parent of a data hungry teen, hold onto that checkbook.

Linda


Mobile Revenues in North America Projected to Jump to $10 Billion by 2015

October 22, 2010

North American revenues from mobile content and applications will more than double, from $4 billion in mobile content/apps revenue reported in 2009, to a total $10 billion in 2015, according to a new white paper from Juniper Research.

It is worth noting which mobile content segments are expected to increase the most, and how this growth might effect the safeguards consumers, particularly parents, will need to manage online use.

Juniper divides the mobile revenue stream into seven categories: infotainment, User Generated Content (UGC), mobile TV, music, games, adult content, and gambling.

In 2009, Juniper research recorded essentially no mobile gambling revenue and minimal mobile adult and UGC revenue. Mobile TV accounted for the largest portion of total revenue, trailed closely by music and games, with infotainment lagging behind (but ahead of the other three categories).

The strong expansion of the smartphone market is expected to drive the dramatic increase in overall mobile content revenues. By 2015, Juniper forecasts a strong shift in the strength of the various revenue segments, with games becoming the largest North American mobile revenue category, followed closely by infotainment. Mobile TV will come in third, trailed by UGC and music. Though, smaller categories, Jupiter predicts solid growth in adult content and mobile gambling revenues. Other research by Juniper suggests that globally, mobile gambling services will reach about $48 billion USD by 2015.

Why this matters

For family safety (often called parental control) software to be ready to help manage these additional categories of mobile content, the work needs to be underway now. Consumers need to be able to set parameters that go much farther than simply blocking or allowing these technologies, including flexible content filters, money thresholds – to keep youth from running up exorbitant bills. There needs to be time limit functions for some types of activities, access to safety content relating to each area of content – particularly gambling, and pornography – moderation tools, reputation tools, and usage reports.

As families, the time to start talking about what acceptable and responsible use of these features would look like is before your child or teen begins using the features.

Linda


Crime 101: What is your teen studying online?

September 30, 2010

Getting instant access to information on any topic is one of the great benefits of the Internet and a powerful educational tool.

But not all the information your child uncovers will be the kind of education you had in mind. There is of course the problem of increased access and exposure to offensive content like pornography and hate. But there is also plenty of  information to teach the curious how to break the law—and by far fewer filters in place to help detect and block this type of content.

Think it takes an experienced burglar to pick your front door lock? Think again. A web search on lock bumping yields all the info an amateur needs to get started. (A quick scan of the search results will probably get you to consider whether your home is adequately protected by your current locks!).

Do you assume your teen–or their friend–wouldn’t know how to make amphetamines? That assumption would be wrong: there are thousands of Web sites that teach how to cook meth. And according to http://www.drugfree.org/ (sponsored by the Partnership for Drug-Free America), the average meth cook teaches ten new people every year how to make the drug.

Want to know which houses are empty and what possessions they might have worth stealing? Scan the social networks.

Need help in carjacking? Ripping off laundromat coin collectors or vending machines? Faking ID’s? Fill in your crime preference here: ­­­­­_______. You know the answer: search online!

Is this yet one more reason to keep kids off the Internet? No. It is one more reason to have frequent conversations with your teens about what’s appropriate and what isn’t. No matter what filtering technology you use, it won’t replace your participation in their lives and guidance around the places they visit on the Web.

For more information about protecting your kids on the Internet, check out Protecting Kids.

May it be a great year for learning.

Linda