Archive

Archive for the ‘Google’ Category

6 Essential Tips on How to Prevent Online Shopping Fraud

February 13, 2014 Leave a comment

Dear readers and followers, I would first like to wish you a very Happy New Year, good health and great personal and professional accomplishments.
As some of you have already purchased products/services online (and I would like to invite you to share your experience with us) and some others will have at a some point, I am featuring today Israel Defeo as guest blogger on this common topic: Online shopping.

Shopping online is easy. You get what you want in a matter of seconds. Just input your credit card information and voila, that book or jacket or bag is already on its way to you within 24 hours.

This is why more shoppers are switching to e-stores and e-transactions—e-payments, e-banking—are fast becoming the norm. Convenience is the ultimate game-changer. Plenty of online shops, too, offer discounts and freebies like free delivery or free shipping.
However, the rise in e-transactions has also made online fraud possible. To prevent online shopping fraud from happening to you, here are some easy tips you can follow:

SecureCode_product%20offering

1. Keep your credit details a secret.

Like the famous quote said, “There are things better left unsaid.” That may be true especially if it’s about your credit, debit or other essential information that need to be kept secret.

mobile_shop_2

2. Use caution when using your devices for online shopping.

Because it’s more convenient to shop online using smartphones, tablets, and other mobile devices with internet access, more consumers prefer to use these gadgets than computers and laptops—which are more secure. Beware of using your handheld devices for transactions that carry your personal and credit card information. In case your device is misplaced or lost, you’re at risk of falling victim to fraudsters and scammers who can extract your private information through the lost device.

Facebook-phishing-page

3. Beware of phishing websites.

Have you ever seen items on some websites offered at very low prices? Though it can be tempting to purchase low-priced bargain items, it can also come at great risk to the safety of your credit and personal details.
There are internet criminals who create phishing or fraudulent websites which trick you into signing up and disclosing your private information. Some of these websites duplicate the content and design of legitimate ones to fool shoppers like you into revealing their credit card details. At this point, it may be better for you to let common sense—or your gut feel—rule. If you feel like the price is unbelievable or a deal sounds too good to be true, chances are, it is. Stay away from fishy-looking sites as much as possible to keep from being a victim of identity theft.

Capture

4. Verify if the website is legitimate or not.

Remember, Google is your friend. This search engine can help you find any information you need to get your hands on. Search for the name of the website and see if there’s anything involving “scam” or “fraud” mentioned in blogs, forums or other online sources.

IC86034

5. Don’t click hyperlinks from random emails.

You probably received not just one, not just two, but more emails about offers and discounts about a product or service in your email. Be mindful of clicking links attached to those messages because it may redirect you to fraudulent websites or phishing sites. Also beware of attachments you receive from untrusted sources. These may contain viruses and malwares that may not just harm your electronic devices, but can also swipe information from your units.
Sometimes, web mail servers can filter unreliable messages and put these messages in the Spam folder of your email. So make sure this feature is enabled in your settings.

untitled

6. Beware of bogus sellers lurking in social media sites

Social media sites are also used by small-scale entrepreneurs to market their products and promote their services to a wider audience. It has been an advantage to both sellers and buyers because Facebook, Twitter, Instagram and other social media platforms can be used for easy communication, placing orders, and completing transactions because it allows real-time responses.
However, scammers can easily post photos and create bogus accounts about bogus products or services. So be mindful of the sellers you buy from. If they cannot ship or send the product they promised after a transaction, you may have already been scammed. To avoid this fate, make sure to call up the seller before you even buy anything. If you smell or hear something fishy or that makes your antennae quiver in suspicion, go and search for another seller until you find one you can trust.

So be careful whenever you use your credit card. Follow the tips mentioned above to help you make sure your credit card and credit information are both safe—and to keep online fraud from happening to you.

This guest post is written by Israel Defeo. He is the writer and online promoter of the leading financial comparison website in Hong Kong, Money Hero. The online portal presents up-to-date and unbiased information about insurance companies, credit cards, loans, deposit accounts and broadband and mobile plans.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Do you know what is your child’s age requirement to sign up online?

May 27, 2013 1 comment

As the Internet permeates every aspect of the economy and society, it is also becoming an essential element of our children’s lives. While it can bring considerable benefits for their education and development, it also exposes them to online risks such as access to inappropriate content, harmful interactions with other children or with adults, and exposure to aggressive marketing practices.

Children online can also put their computer systems at risk and disseminate their personal data without understanding the potential long-term privacy consequences.

In addition, there are other risks for children using online environments, such as:

Privacy risks

-cyber-bullying

-cyber-stalking

-age-inappropriate content

-online grooming

-identity theft

-emotional implications.

Beside support and guidance from parents when using the online environment, an appropriate mental development and understanding is important for a child when using an online platform. For these reasons, in both the United States and the European Union, a minimum age requirements for accessing the “online world” was set as a legal requirement.

E-Crime Expert thinks that the minimum age requirements a child should meet when signing up for an email account, Facebook, etc., should be a topic of interest for parents. For these reasons, we researched the minimum age requirements on some of the most popular online sites and platforms.

The Children’s Online Privacy Protection Act (COPPA) in United States applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents’ permission, many websites altogether disallow underage children from using their services due to the amount of work involved.

In the European Union, the European Commission released in January 2012, a Proposal on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

This Proposal has specific requirements with regards to Children. They deserve specific protection of their personal data, as they may be less aware of risks, consequences, safeguards and their rights in relation to the processing of personal data. To determine when an individual is a child, this Regulation should take over the definition laid down by the UN Convention on the Rights of the Child.

“Article 8
Processing of personal data of a child

For the purposes of this Regulation, in relation to the offering of information society services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child’s parent or custodian. The controller (i.e. the person in charge with the collection, use and disclosure of personal data) shall make reasonable efforts to obtain verifiable consent, taking into consideration available technology”.

Following, are the minimum age requirements for children using different Internet websites or Social Networking Services and other online platforms:

facebook-age-restriction

 1.      Facebook:

How old do you have to be to sign up for Facebook?

In order to be eligible to sign up for Facebook, you must be at least 13 years old.

The minimum age requirement on Facebook is more or less enforceable. Simply lying about your birthdate easily circumvents the policy.

The Children’s Online Privacy Protection Act (COPPA) mandates that websites that collect information about users aren’t allowed to sign on anyone under the age of 13. As a result, Facebook’s Statement of Rights and Responsibilities require users of the social network to be at least 13 years old (and even older, in some jurisdictions).

According to MinorMonitor, over 38 percent of children with Facebook accounts are 12-years-old and under. Even more worryingly, 4 percent of children on Facebook are reported to be 6-years-old or younger, which translates to some 800,000 kindergarteners on Facebook.

These results come from a survey of 1,000 parents of children under 18-years-old who use Facebook. The company provides a free, web-based parental tool that gives parents a quick view into their child’s Facebook use, including potential dangerous activities such as the friending of online predators, cyberbullying, violence, drug and alcohol use, as well as sexual references.

2.      Google:

Age requirements on Google Accounts:

  •  United States: 13 or older
  •  Spain: 14 or older
  •  South Korea: 14 or older
  •  Netherlands: 16 or older
  •  All other countries: 13 or older

Some Google products have specific age requirements. Here are a few examples:

  • YouTube: When a YouTube video has been age-restricted, a warning screen is displayed and only users who are 18 or older can watch it. Learn more about age-restricted videos.
  • Google Wallet: 18+
  •  AdSense: 18+
  •  AdWords: 18+

3.      Yahoo

When a child under age 13 attempts to register with Yahoo!, they ask the child to have a parent or guardian create a Yahoo! Family Account to obtain parental permission.

Yahoo! does not contact children under age 13 about special offers or for marketing purposes without a parent’s permission.

Yahoo! does not ask a child under age 13 for more personal information, as a condition of participation, than is reasonably necessary to participate in a given activity or promotion.

Yahoo! is concerned about the safety and privacy of all its users, particularly children. For this reason, parents of children under the age of 13 who wish to allow their children access to the Yahoo! Services must create a Yahoo! Family Account. When you create a Yahoo! Family Account and add your child to the account, you certify that you are at least 18 years old and that you are the legal guardian of the child/children listed on the Yahoo! Family Account. By adding a child to your Yahoo! Family Account, you also give your child permission to access many areas of the Yahoo! Services, including, email, message boards and instant messaging (among others). Please remember that the Yahoo! Services is designed to appeal to a broad audience. Accordingly, as the legal guardian, it is your responsibility to determine whether any of the Yahoo! Services areas and/or Content are appropriate for your child.

4.      Hotmail

As on Hotmail’s Terms of Use is no reference to the age requirements to join the service, we did our own registration and it appears that 13 is the age requirement for joining Hotmail, as shown below:

I.                   Attempt indicating the user is 6 years old

Step 1   

1

Step 2                        

2

Step 3

3

 

II.                Second attempt, indicating the user is 13 years old.

Step 1

4Step 2

5

 

5.        MySpace 

  • You must be at least 13 years old to have a Myspace profile
  • If you’re under 16 years old, you’re not allowed to list your age as over 16 and make your profile public (your profile must be set to private)
  • If you’re under 18, you’re not allowed to list your age as over 18
  • Users under 18 are not able to make changes to their listed age

Notes & Tips

  • If you break any of the above rules, MySpace will be forced to delete your profile for safety and security reasons (it’s all in their Terms of Use)

6.      Skype

Skype not directly sets up an age restriction within their Terms of Use.

“Jurisdiction’s Restrictions: If the law of Your country prohibits You from downloading or using Skype Software because You are under the age limit or because the Skype Software is not allowed in Your country, please don’t use it”.

According to this, for US the minimum age requirement is 13 + (COPPA).

7.      LinkedIn

PRIVACY POLICY, 18!

In terms of LinkedIn’s Privacy Policy:

 ”Children are not eligible to use our service and we ask that minors (under the age of 18) do not submit any personal information to us or use the service.”

8.      Twitter

Age screening on Twitter

Age screening is a way for brands and others to determine online whether a follower meets a minimum age requirement, in a way that is consistent with relevant industry or legal guidelines. This makes it easier for advertisers and others with content not suitable for minors (e.g. alcohol advertisers) to advertise on Twitter.

There apparently, is now age restriction for setting up an account on Twitter (as we set it up without being asked about our age). See below:

Step 1

6

Step 2: Done!

7

For more advice on how children could stay safe online (you could also share this with your child), click here to visit the material E-Crime Expert specially created for this purpose.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

SHODAN, the search engine: is it “scarry” or not?

April 12, 2013 27 comments

E-Crime Expert presents to you today a search engine which is totally different (in functionality and scope) than the ones we are used to (i.e Google, Bing etc).

For us  (E-crime Expert), Shodan has a positive value as it uncovers security vulnerabilities. Used by others (i.e. cybercriminals), Shodan could have a negative side as enables access to different systems (routers, webcams, etc) which have little or no security protection.

According to the description available on their main page here, “SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners”.

Web search engines, such as Google and Bing, are great for finding websites. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content.

How to use it:

Create and login using a SHODAN account, or Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID).

Login is not required, but country and net filters are not available unless you login.

Basic Operations:

Filters
-country: filters results by two letter country code hostname;

-filtering by country can also be accomplished by clicking on the country map (available from the drop down menu);

-mouse over a country for the number of scanned hosts for a particular country.

-filters results by specified text in the hostname or domain net;

-filter results by a specific IP range or subnet operating system;

-search for specific operating systems port: narrow the search for specific services;

After the search returns some entries (webcams located in a certain area), just click on one of those entries and you will have instant access to what that webcam records live (Fig 1).

Figure 1.

01

Examples:

Note:
E-Crime Expert will try contact all the owners of these vulnerable systems in order to report their security issues and advise how to protect their devices with appropriate passwords and security measures.

Please watch the video or read our material on how to create a stronger password.

1. Run a search for all existing default passwords, as shown in Figure 2.
Having access to the password, one could enter the router’s settings and change them or even more, use the router as a back door to access any device connected to it such as a computer, printer, etc.

Figure 2.

02

2. Once we selected a webcam, click on it and wait for the live footage to play.
What we see is an intersection which could be considered as a public space. The live feeds record everything live (Fig. 3).

Figure 3.

033. The access is granted regardless the geographical location: E-Crime Expert had access to a webcam located in Russia from a computer located in North America (Figure 4).

Figure 4.

04

4. We next tested a webcam which was recording someone’s home front steps for security reasons perhaps. But the issue here is how that camera’s angle is recording as you can also see the next neighbor’s front alley, car and probably anyone entering their house (Fig. 5).

Figure 5.

05

5. Next example is more intrusive as transmits live feeds from a restaurant where clients could be identified along with the staff members. The purpose of this camera is theft protection but due to its non-existing security measures, now anyone on the Internet could check who came at that restaurant and at what time, transforming the purpose of that camera into a monitoring one (Fig. 6).

Figure 6.

06

6. Not surprisingly, the next webcam becomes even more intrusive by showing live the staff member working in a convenience store, with a “from behind the counter” view. Anytime the staff opens the money drawer, everyone having access to this webcam (available worldwide as shown in this blog post) could approximate how much money is available there. Beside the privacy invasive aspect of the clients and also of the staff member, potentially, could also lead to robberies or similar attacks (Fig. 7).

Figure 7.

photo 07

7. Last examples is the most intrusive and concerning one as it transmits live video streaming from someone’s home. It is intrusive because most probably the guests visiting this person are not aware of the webcam, and also because the footage is now available not just to the security company in charge of protecting this home, but also to virtually anyone on the Internet. The second concerning aspect is that anyone could see what is available on the kitchen counter whether a large amount of cash or cheques or other valuable goods. This again, could lead to robberies or other violent crimes (Fig. 8).

Figure 8.

08

Conclusions:

SHODAN aggregates a significant amount of information that is not already widely available in an easy to understand format.

SHODAN collects basic information about the websites, the information “from the inside”, data covering the so-called back-end (simplified information about the type of your server software versions, and so on). On the one hand, it is therefore an excellent data base for those involved in security – but on the other, it is also a source of information for cybercriminals.

The Shodan software runs 24 hours a day. It automatically reaches out to the World Wide Web and identifies digital locators, known as internet protocol addresses, for computers and other devices. For security monitoring teams, Shodan may present some serious challenges. It is highly unlikely that security monitoring teams will ever be alerted to an attack that is using Shodan.

From a privacy perspective, there on the World Wide Web could be some available information accessible to the regular people by simply running a search, which it is not necessarily to be regarded as publically available information, such as the webcam in someone’s home, in a store, gas station etc. This is not publically available information from a legal perspective but it actually becomes available to anyone as some monitoring systems have little or no security measures. According to most international privacy legislation, a surveillance camera should be installed and used just on a legal basis and after a privacy impact assessment is done (as a best practice). That legal basis strictly refers to the purpose of why that camera is used for which definitely does not grant worldwide access to the footage, except where in question is a public space (i.e. park, street, etc).

Even though in question is a public domain under surveillance, there are cases when footage or pictures of those public spaces record more than the public space itself (i.e. Google maps litigations for capturing more than the streets, etc).

The Privacy Impact Assessment is specifically done (among others) to make sure that no unauthorized person has access to the footage recorded by a surveillance camera. Being able to publically find this footage on the Internet, is outside the Privacy and Security requirements and measures in place for a surveillance camera located either within a public space (with the potential of recording private areas as well) and or in a household which is by definition a private space. Probably some of these surveillance cameras are installed by the household owners, aiming to act as a theft protection and consequently be accessible just by the police or other law enforcement entities.

Contrary, by having access globally to this kind of footage, does not align with most of the international existing privacy legislation.

Once again, E-Crime Expert has taken this opportunity (SHODAN – search as a positive tool) to asses current privacy and security issues.

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: