Posts Tagged: ‘trend micro’

Scam of the day – August 9, 2014 – Identity thieves defeat two-factor identification at banks

August 9, 2014 Posted by Steven Weisman, Esq.

In the battle to prevent identity thieves from being able to access online the bank accounts of their victims, many banks in Austria, Japan, Sweden and Switzerland have gone beyond the simple password to the more secure (supposedly) two-factor identification.  With two-factor identification, in order to access their accounts bank customers must enter a second one-time password that has been emailed or texted to the customer.  The thought was that by requiring this second password, identity thieves who may have hacked the customer’s password still would not be able to access the customer’s account because the identity thief would not have the required second password sent by the bank to the customer’s smartphone.  However, now it has been uncovered by computer security company Trend Micro that identity thieves have found a way to defeat two-factor identification.  As with so many identity thefts, this one starts when the customer unwittingly clicks on a link in a phishing email or downloads an attachment in a phishing email that appears to be from a legitimate source.  Unfortunately, when the victim clicks on the link or downloads the attachment, he or she is actually downloading malware that sends the victim to a phony bank website when the customer attempts to do online banking.  Once at the phony website, the victim is prompted to enter their account details, passwords and personal identification number.  They are then prompted to download a mobile application found in Google’s Android store that is represented to provide enhanced security, but in actuality permits the identity thief to intercept the second password that banks would send to the customer.  Armed with all of this data, the identity thief is able to gain full access to the victim’s bank account and empty it.

TIPS

Although two-factor identification is an improvement over the present password system used by many financial institutions in the United States and other parts of the world, it is still vulnerable.  Business and government must come up with better authentication protocols.  Meanwhile as with so many of these complex identity theft schemes, this one requires the victim to download the necessary malware that makes the identity theft possible.  The solution is a simple one.  As I have warned you many times.  Never click on a link in an email or download an attachment in an email unless you are absolutely sure that it is legitimate and the only way to do this is to independently call or email the real company or person purportedly sending the email at an address or telephone number that you know is accurate.  For even greater security, you may wish to have a separate computer for financial transactions where you do no emails and click on no links and download no attachments.

Scam of the day – January 7, 2013 – Most dangerous websites

January 7, 2013 Posted by Steven Weisman, Esq.

Phishing is the name of the scam whereby you are lured to a phony website that appears to be legitimate, however when you click on links in these phony websites, download material from these websites or provide information to these websites, you put yourself in danger of identity theft or of downloading dangerous keystroke logging malware that can steal all of the information on your computer including credit card numbers, your Social Security number, passwords and various account information.  In addition, you may unwittingly have your computer taken over as a part of a botnet (for more information about botnets, check out other postings on scamicide.com or in “50 Ways to Protect Your Identity in a Digital Age”) whereby your computer is made part of the botnet circulating scams around the world.

TIPS

Recently Trend Micro issued a list of the most common websites that were the subjects of phony phishing websites during the past month.  The top ten websites of which you should be particularly wary of to make sure that you are dealing with the legitimate company are:  PayPal, Wells Fargo, Visa, Citibank, Bank of America, Aol, Yahoo, Hotmail, Gmail and Mastercard.  Things to look out for to avoid phishing websites are when you are directed to a website through an email that does not refer to you by name or if the email contains spelling errors or poor grammar that may indicate the email is coming from a foreign scammer (or a poorly educated American scammer).  A good rule to follow is to not click on links in emails or text messages to go to a website.  If you consider the email or message worth following up on, go to the website of the legitimate company by typing the URL that you know is correct into your browser.