6 Essential Tips on How to Prevent Online Shopping Fraud

Dear readers and followers, I would first like to wish you a very Happy New Year, good health and great personal and professional accomplishments.
As some of you have already purchased products/services online (and I would like to invite you to share your experience with us) and some others will have at a some point, I am featuring today Israel Defeo as guest blogger on this common topic: Online shopping.

Shopping online is easy. You get what you want in a matter of seconds. Just input your credit card information and voila, that book or jacket or bag is already on its way to you within 24 hours.

This is why more shoppers are switching to e-stores and e-transactions—e-payments, e-banking—are fast becoming the norm. Convenience is the ultimate game-changer. Plenty of online shops, too, offer discounts and freebies like free delivery or free shipping.
However, the rise in e-transactions has also made online fraud possible. To prevent online shopping fraud from happening to you, here are some easy tips you can follow:

1. Keep your credit details a secret.

Like the famous quote said, “There are things better left unsaid.” That may be true especially if it’s about your credit, debit or other essential information that need to be kept secret.

2. Use caution when using your devices for online shopping.

Because it’s more convenient to shop online using smartphones, tablets, and other mobile devices with internet access, more consumers prefer to use these gadgets than computers and laptops—which are more secure. Beware of using your handheld devices for transactions that carry your personal and credit card information. In case your device is misplaced or lost, you’re at risk of falling victim to fraudsters and scammers who can extract your private information through the lost device.

3. Beware of phishing websites.

Have you ever seen items on some websites offered at very low prices? Though it can be tempting to purchase low-priced bargain items, it can also come at great risk to the safety of your credit and personal details.
There are internet criminals who create phishing or fraudulent websites which trick you into signing up and disclosing your private information. Some of these websites duplicate the content and design of legitimate ones to fool shoppers like you into revealing their credit card details. At this point, it may be better for you to let common sense—or your gut feel—rule. If you feel like the price is unbelievable or a deal sounds too good to be true, chances are, it is. Stay away from fishy-looking sites as much as possible to keep from being a victim of identity theft.

4. Verify if the website is legitimate or not.

Remember, Google is your friend. This search engine can help you find any information you need to get your hands on. Search for the name of the website and see if there’s anything involving “scam” or “fraud” mentioned in blogs, forums or other online sources.

5. Don’t click hyperlinks from random emails.

You probably received not just one, not just two, but more emails about offers and discounts about a product or service in your email. Be mindful of clicking links attached to those messages because it may redirect you to fraudulent websites or phishing sites. Also beware of attachments you receive from untrusted sources. These may contain viruses and malwares that may not just harm your electronic devices, but can also swipe information from your units.
Sometimes, web mail servers can filter unreliable messages and put these messages in the Spam folder of your email. So make sure this feature is enabled in your settings.

6. Beware of bogus sellers lurking in social media sites

Social media sites are also used by small-scale entrepreneurs to market their products and promote their services to a wider audience. It has been an advantage to both sellers and buyers because Facebook, Twitter, Instagram and other social media platforms can be used for easy communication, placing orders, and completing transactions because it allows real-time responses.
However, scammers can easily post photos and create bogus accounts about bogus products or services. So be mindful of the sellers you buy from. If they cannot ship or send the product they promised after a transaction, you may have already been scammed. To avoid this fate, make sure to call up the seller before you even buy anything. If you smell or hear something fishy or that makes your antennae quiver in suspicion, go and search for another seller until you find one you can trust.

So be careful whenever you use your credit card. Follow the tips mentioned above to help you make sure your credit card and credit information are both safe—and to keep online fraud from happening to you.

This guest post is written by Israel Defeo. He is the writer and online promoter of the leading financial comparison website in Hong Kong, Money Hero. The online portal presents up-to-date and unbiased information about insurance companies, credit cards, loans, deposit accounts and broadband and mobile plans.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Cyberbullying

As the number of volunteer contributors to this blog is significantly increasing, today, E-Crime Expert welcomes Bonnie’s guest post on Cyberbullying. A commanding new infographic from Besteducationdegrees.com is explaining the rate & causes of cyberbullying and is brought to you by Bonnie Moore. She is a freelance writer and blog junkie.

According to Bonnie, Cyberbullying is an online hazard through the use of electronic devices. It include harassing text messages or emails, rumours sent by email or posted on social networking sites, and embarrassing pictures, videos, websites, or fake profiles. It has become more common in society, particularly among young people and most of the young generations are facing cyber harassment.

Below is the Infographic created and shared by Bonnie.

Source: Best Education Degrees

To view the original Post click here.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

10 Ways to Prevent Your Identity From Being Stolen

Today, we welcome our guest Amanda Kostina who is a green living enthusiast and a blogger for withefence.com. She generally writes about green lifestyles, eco-friendly businesses, and frugal living. Amanda is always passionate about making the world a better place for the generations ahead.

Bellow, you can read Amanda’s interesting guest post on how to prevent identity theft.

One of the fastest growing crimes in the United States, identity theft affects millions of Americans. From phishing scams to taking advantage of the information in a lost or stolen wallet, criminals have a variety of options when it comes to methods of exploiting your information for their own gain. Fortunately, there are also a few simple steps you can take to protect yourself against their nefarious efforts, maintaining control over your own identity and preventing it from being stolen.

1.Clean Out Your Wallet – Many people keep their Social Security cards on their person for easy access, but this practice can easily put one of your most sensitive pieces of personal information into the hands of identity thieves if your wallet is stolen or becomes lost. Make a point of storing your Social Security card in a safe place other than your wallet, and of periodically clearing out any bits of paper bearing sensitive information.

2.Come Up With Creative PIN Numbers – Choosing your wedding anniversary or the birth date of a child for account pin numbers makes them easy to remember, but it also makes them relatively easy for would-be identity thieves to guess. A jumble of numbers or letters that have no connection to one another is ideal, as the random nature makes them much more difficult to suss out.

3.Memorize PIN Numbers – The major selling point of using an important date or significant number as the PIN on a financial account is ease of memorization, but that also makes them easy to guess. When you do come up with a secure PIN, don’t write it down and leave the slip of paper in your wallet or on your person, as that information would fall into the hands of an identity thief right along with the card it’s attached to if your wallet is ever stolen. Take the time to memorize the number instead.

4.Check Your Mail – Letting your mail pile up while you’re on vacation or simply forgetful can leave you with more than just a clogged mailbox. It can also up the chances of documents containing sensitive information being taken by an unscrupulous passerby. Make sure that you’re clearing the mailbox every day, or that you make arrangements for the postal service to hold your mail while you’re traveling.

5.Invest in a Document Shredder – Dropping sensitive documents into a shredder is the work of a moment, and it makes it much more difficult for criminals to steal discarded papers from your garbage can or recycling bin with sinister aims.

6.Monitor Account Activity – Opting out of paper statements from your bank and other financial institutions not only keeps your statement out of the mailbox, but also helps you to do your part for the environment by eliminating a bit of unnecessary paper use. Instead, check your statements and monitor activity online. You’ll be able to keep an eye on your account any time you like, and you won’t be leaving personal information on a statement that’s up for grabs to any thief in the area.

7.Check Your Credit Report Annually – By federal law, you are entitled to one free credit report each year. It’s wise to take advantage of that right, not only to keep an eye on your rating, but also to check for signs of old identity theft or fraudulent activity.

8.Install Anti-Virus Software – Your computer makes paperless billing and statements available, allows you to conduct transactions from the comfort of your home and is an indispensible tool for the modern American. Without proper anti-virus and security software, it’s also an open invitation for identity theft and fraud. Make sure that you’re running up-to-date and reliable software to protect your PC, too.

9.Be Cautious Online – Whether you’re looking for work online or applying for financing, there are a wide variety of helpful tools to be found on the Internet. Unfortunately, there can also be a minefield of potential issues for those who aren’t cautious in their online dealings. Make sure that you’re only sharing sensitive information with reputable sources.

10.Practice Smart Phone Strategies – Unless you initiated a phone call and are sure you’ve reached the intended party, it’s wise to make a practice of never providing personal information over the phone. This especially holds true with unsolicited sales or marketing calls, because you can’t always be sure that the person on the other end of the line is a legitimate representative. To be safe, decline any offers that would require the sharing of your social security number, financial account details or other sensitive information.

Source: Amanda Kostina for: whitefence.com

To view the original Post click here.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Infographic-Privacy and Security on Facebook

Today, E-Crime Expert has Naomi Paton as guest blogger. She is a passionate writer and loves to write articles related to internet, teen & amp; crime. She writes for Best Computer Science Schools.

The majority of today’s populace uses the internet and social media on a regular basis, but at what cost? Although there has been some research conducted representing the negative effects of internet addiction, less is known about how young adults are being affected by misuse of facebook like bulling, reputation damage, burglary etc.

Bellow is the infographic, created by Naomi Paton, which listed the researched data and the do and don’t facts on Facebook.

Source: BestComputerScienceSchools.net

To view the original Post click here.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Nigerian letter-like on LinkedIn

Read this quick E-Crime Expert Blog Post to see how now LinkedIn is used for the “Nigerian Letter” classic scam.

This scam is also known as 419 scam, because the number “419” refers to the article of the Nigerian Criminal Code dealing with fraud.

Yesterday, I responded to an invitation to connect with someone on LinkedIn, who appeared to be a Lawyer (and later a liar:).

Even more, my “new connection” and I appeared to have in common 14 shared connection (this made it even more credible).

Today, I’ve received a LinkedIn message from that “new connection”, message that seems to be the old, classic, Nigerian-letter scam.

How it woks:

This scam usually begins with a letter or email purportedly sent to a selected recipient but actually sent to many, making an offer that would result in a large payoff for the victim. The email’s subject line often says something like “From the desk of barrister [X]”, “Your assistance is needed”, and so on. The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. Such people, who may be real but impersonated people or fictitious characters played by the con artist, could include, for example, the wife or son of a deposed African leader or dictator who has amassed a stolen fortune, or a bank employee who knows of a terminally ill wealthy person with no relatives or a wealthy foreigner who deposited money in the bank just before dying in a plane crash (leaving no will or known next of kin), a US soldier who has stumbled upon a hidden cache of gold in Iraq, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee, and similar characters. The money could be in the form of gold bullion, gold dust, money in a bank account, blood diamonds, a series of checks or bank drafts, and so forth. The sums involved are usually in the millions of dollars, and the investor is promised a large share, typically ten to forty percent, in return for assisting the fraudster to retrieve or expatriate the money. Although the vast majority of recipients do not respond to these emails, a very small percentage do, enough to make the fraud worthwhile, as many millions of messages can be sent daily.

Advice:

If you receive similar messages or invitations to connect be suspicious and always double check. The ingenious idea is that now scammers are using LinkedIn which is known as a social platform for professionals, which automatically give the scammer more credibility.

If you recently connected with this person PIUS AVENIDA, better delete her from your connections.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Important security settings on Facebook

Information security is important. Remember that: Without security there is no privacy!Today, E-Crime Expert presents several security measures Facebook has in place for securing your private data and account.

1. Change your password (Frequently)

i. Log on your Facebook Account, go to (click) “Settings” (1)and then click on “Account settings” (2) from the fold down menu(Fig.1).

Fig. 1

ii. Go to and select the “General Settings” menu on the left and then click on the “Edit” tab from the Password field (on the right side of the page). See Fig.2.

Fig. 2

iii. Now, you have to follow the three steps bellow:
-type your current password (for security reasons);
-type your new password (check this blog post here on how to have a strong password);
-type your new password again.
Click “Change password” and your password will be changed. (Fig.3).

Fig.3.

iv. In order to be sure your password is effectively changed on all your devices, select the “Log me out of other devices” box, click on the “Submit” button from the displayed message that appears after you changed your password. That will enable you to sign out from all the devices you are automaticaley logged on. In this way, once you use them again, you will be prompted to type your new password. This is an extra security measure which enables you to protect your information if one of your devices got lost or stollen or when it is shared with other people (Fig. 4).

Fig. 4.

2. Check your active sessions

i. You can also check from where you logged on your account lately.
Click on the “Security settings” tab (see pictures above for how to get there) on the left and then go to the right-bottom of the page and select “Edit” from the “Active sessions” menu (Fig.5)

Fig.5

ii. Now, you can check from where you are logged on during the current session (top of the page) and also, you can check bellow from where you were logged on in your previous sessions.
*Note: if you notice that you appeared logged on from countries you never been or you have not been lately or from devices you do not use that means someone else logged on your account without authorization (Fig.6).
**If you notice any unfamiliar devices or locations, click ‘End Activity’ to end the session and automatically log out someone who’s using your account fraudulently.
Change your password immediately as explained under section 1 of this Blog post!

Fig.6

3. Secure browsing.

i. Go to “Security settings“, as explained above, find the “Login Notifications” menu and click “Edit“. (Fig.7)

Fig.7

ii. Then you can select either “Email” or “Text message“. Or you can always select both! Click “Save changes“.
This will enable you to be notified via email or text message when your Facebook account is accessed from a device that you do not recognize (Fig.8).

Fig.8

iii. Furthermore, you could set up a Log in approval used when login into your account from unknown devices.
Go to “Security settings” (see above) and from there to “Login approvals” (bellow to “Login Notifications”). Click “Edit” and then select the box that reads: “Require a security code to access my account from unknown browsers“. Don’t forget to click “Save changes“. Now you are set for receiving notifications or be prompted a code (that will be delivered via your email or text message as a one-time token) before logging into your Facebook account, from unknown devices (Fig.9).
In order to learn what an unknown or unrecognized device means, keep reading this post bellow.

Fig.9

4. Recognized devices.

You can always set up the devices of your choice when using Facebook.
Go to “Security Settings” (as explained above), click “Edit” on the “Recognized Devices” menu and see which your recognized devices are. Devices will be assigned to your account as recognized when you will first time log on your Facebook account (using a new password) from a certain device (You will be prompted with a message whether you would like to save a certain devices as a recognized device or not). Be careful; do not select as a “Recognized Devices” a computer from school, work, public library or hotel. For this reason and in order to check which are your recognized devices check that menu and see if the devices listed there are the one you trust. If not, you just simply click “Remove” on the right side of a particular device (for example when there is listed a device you used once in a library).
Don’t forget to click “Save changes” as usually (Fig.10).

Fig.10

5. Trusted friends

i. To get set up, visit your “Security Settings” (as explained above), where you can select three to five friends to be your trusted contacts.
Find “Trusted contacts” and click on “Edit” and then on “Chose trusted contacts“(Fig. 11).

Fig.11

ii. Type the names of 3-5 of your trusted friends. You can select them one by one.
Don’t forget to click “Confirm” (Fig.12).

To select good trusted contacts:

– Choose people you trust, like friends you’d give a spare key to your house.
– Choose people you can reach without using Facebook, ideally over the phone or in person, since you’ll need to contact them when you can’t log in.
– Choose more people to help you. The more friends you choose, the more people who can help you when you need it.

Fig.12

iii. As a security measures you’ll be prompted to introduce your account password (even if you are already logged on). Click “Submit” after you are done ( Fig. 13).

Fig. 13

iv. Immediately after, your trusted friends will appear under “Trusted Contacts“. You can now use them all, remove one or all if not pleased with your choice (Fig.14).

Fig.14

v. In order to make sure you are the one who made the selection of your trusted friends, Facebook sends you a message (check your mailbox linked to your Facebook account) confirming you added trusted friends (Fig.15).

If you did not do it, then someone most likely hacked into your account. Change your password immediately!

Fig.15

vi. Using Trusted Contacts

Once you’ve set up your trusted contacts, if you ever have trouble logging in, you’ll have your trusted contacts as an option to help. You just need to call your trusted contacts and let them know you need their help to regain access to your account. Each of them can get a security code for you with instructions on how to help you. Once you get three security codes from your trusted contacts, you can enter them into Facebook to recover your account.

With trusted contacts, there’s no need to worry about remembering the answer to your security question or filling out long web forms to prove who you are. You can recover your account with help from your friends.

***Note: If you have set up your secure browsing, login notifications and chose your recognized devices and you receive an email from Facebook notifying you that someone tried to log on your account on X day from Y location using Z device (and none of those are related to you), then Change your password immediately (as explained under section 1 of this Blog post), because definitely someone tried or succeeded to fraudulently log into your account! (See example in Fig.16).

Fig.16

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

Teaching Kids About Identity Theft

Today, E-Crime Expert is pleased to introduce Nancy Parker, who is a freelance writer which loves writing articles on opinions and social awareness. Nancy is a frequent contributor for http://www.enannysource.com.

According to Julie Myhre*:

“Identity theft occurs when someone gets a hold of someone else’s personal information and poses as that person or uses that information to create their own fake identity. This information can be a full name, social security number or a bank account number“.

For children, identity theft occurs a little differently. Child identity thieves are looking for their victim’s Social Security number. Since children don’t have any credit history, it makes it easier for thieves to use their Social Security number and a false birthday to open credit cards.

Read bellow this interesting interview conducted by Michelle LaRowe:

“Identity theft is a real problem and, sadly, children are not exempt from having their identities stolen. Recently, I connected with Julie Myhre, who covers identity theft for NextAdvisor.com, and here is what she had to say.

eNannySource: How does identity theft happen?

Julie: Identity theft occurs when someone gets a hold of someone else’s personal information and poses as that person or uses that information to create their own fake identity. This information can be a full name, social security number or a bank account number. It’s usually easier for identity thieves to get information about an adult because adults have a lot of personal information about them; however, it is important to also remember that children can be victims of identity theft too. There are a lot of different ways that adults can be hacked; some of these include not having privacy settings on social media, clicking on phishing emails or pop-ups, losing a wallet, throwing away documents that contain personal information, and ATM or credit card skimming, among others.

For children, identity theft occurs a little differently. Child identity thieves are looking for their victim’s Social Security number. Since children don’t have any credit history, it makes it easier for thieves to use their Social Security number and a false birthday to open credit cards. The unfortunate part about this is that people who were victims of child identity theft don’t usually realize it until they are older and trying to apply for a credit card or loan. Thieves usually gather children’s personal information from sports team applications, school documents and any other documents that would have your child’s Social Security number on it.

eNannySource: How is it prevented?

Julie: There are a lot of different steps that you can take to prevent identity theft. One of the major ways to prevent identity theft is to sign up for an identity theft protection service. Most of these services monitor your personal information regularly and alert you if they notice any suspicious or possibly fraudulent activity. A good amount of these services also offer family plans, which will allow you to protect your whole family – including your children – from identity theft.

Some other options to prevent identity theft include shredding all documents that contain yours or your child’s personal information, checking your bank accounts and credit card statements regularly, monitoring your credit report and, lastly, knowing what you and your child post online. A lot of people don’t realize how much information they post about themselves and their family on social media. It’s fine if you want to include some personal information – such as your full name and photo – but make sure that you set your profile to private. Monitor what you and your child post on social media, and check the privacy settings regularly – at least monthly.

eNannySource: What basic things can parents teach children to avoid identity theft?

Julie: Parents should teach their children about identity theft in a similar manner that they teach them about strangers. If you think about it, it’s essentially very similar – someone you don’t know is trying to take something from you. Parents just need to teach their children that their personal information is private and they should not reveal any of it to people they don’t know. Children won’t understand the details of identity theft, so it’s important not to go into too many details. The bottom line is personal information should be kept personal, and it’s important that parents recognize that and teach it to their children.

eNannySource: What age do parents have to start worrying about identity theft?

Julie: Parents should begin to think about ways to protect their child from identity theft as soon as their child has a Social Security number.

eNannySource: Is it worth investing in some type of protection?

Julie: Yes, in most circumstances identity theft protection is worth the investment. The value of identity theft protection isn’t necessarily in the active personal information monitoring, because the reality is that people can do that part themselves. Instead, the value lies in the identity theft recovery that these services offer. In the instance that yours or your child’s identity is stolen while you’re signed up for an identity theft protection service, you are provided with all the information and tools you need to recover yours or your child’s good name. Identity theft protection services represent you when you’re dealing with the banks, credit bureaus and creditors. It lightens the load on the victim’s side and helps alleviate the nightmare of identity theft. The identity theft recovery assistance is a valuable tool to have if yours or your child’s identity is stolen.

eNannySource: What about the Internet? What are the top tips for parents of kids who use the Internet?

Julie: The most important tip that parents need to follow when their children use the Internet is to monitor what your child is doing and posting on the Internet. Have open communication with your child and make them aware that they shouldn’t be putting any personal information on the Internet – even if it’s your home address in a private message to a friend. Check in with your child and make sure these rules are being followed on all platforms, including the computer, cell phone and tablet. Check your child’s privacy settings on their phone and social media once a month to make sure the information they post on the Internet is set to private”.

*Julie Myhre is the Content Manager at NextAdvisor.com. You can review identity theft protection reviews and learn more about identity theft on the site.

To read the original post and find more about Julie, please click here.

This interesting interview nicely connects to one of E-Crime Expert‘s blog post, called: How secure is your Child’s Social Security Number?

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

What to do in case of credit/payment card fraud: real life example!

This weekend E-Crime Expert encountered a financial fraud which happened to us in real life. Money was fraudulently withdrawn from our (Dan’s) account. Luckily, we immediately identified the fraud which enables us to cancel the card and report the fraud in order to be reimbursed.

1.      How it could be detected:

i. Go log into your online banking account (Fig. 1)

(I am using a mobile platform for my online banking)

Fig. 1.

ii. Type your user name or card number and password (Fig. 2)

 Fig. 2

iii. Select one of your accounts and then go through your transaction records carefully and see if there is any transaction you do not recognize (this is how I identified the fraud in my VISA account).Fig. 3.

Fig. 3

iv. Most likely the fraudulent transaction will be from a service provider or vendor that you had nothing to do with it (as it happened in my case) Fig. 4.

 Fig. 4

2. What to do if you suspect fraudulent activity:

 Despite your best efforts, there is still a chance that you will become a victim of payment card fraud. You will save yourself time and worry by following the steps below:

• Call your financial institution immediately. You can find the phone number easily on the back of your card (Fig. 5).

Fig. 5 

 It may want to cancel your current card and mail you a new one. Check to verify that your mailing address has not been changed.   

• If you still have your card, but fraudulent purchases have been made on the account, call your financial institution, and ask them to issue you a new one.   
• Contact the national credit bureaus to let them know you are a victim of fraud. They will place a “Fraud Alert” on your file. You can also request copies of your credit report, which you should review carefully. For North America:                                   Equifax: 1-800-465-7166 or www.equifax.ca
                                                                              TransUnion: 1-866-525-0262 or www.tuc.ca
• Diligently check your statements in the following months to make sure the problem has been completely resolved.
• Report the fraudulent activity to the proper authorities, including the police or to the Internet Crime Complaint Center:
  

i. Mastercard:

To successfully fulfill your mission of how to contact MasterCard fraud,

• you can call 800-627-8372.
• If you’re not in the United States, contact MasterCard fraud by calling 636-722-7111.
• If it’s an emergency related to possible fraud, MasterCard will accept international collect calls.

ii. Visa:

• Call the bank or other organisation that issued your card, if you know the telephone number. They will immediately block your card and organise a replacement
• If you do not have your card issuer’s telephone number, use the menu on the Global Card Assistance Directory page for help. 

To use the Global Card Assitance Service Directory Click here.

From the pull-down menu choose the country you are in now. Call the telephone number that appears in the right-hand box. Calls might be free but may carry local telecom fees if one dials using a mobile phone or calls from within a hotel.

If outside the US please make a reverse-charge call to +1 303 967 1096, if within the US, simply dial +1 800 847 2911.

3.  What you need to be prepare to provide when calling:

• The name of your card issuer
• The type of card — for example, Visa Electron, Visa Classic, Visa Gold
• The country where the card was issued

It will help if you can also tell them:

• Your 16-digit Visa/MasterCard account number
• If you have your own card account or a partner card
• Your name as it is printed on the card
• The address where your statement is sent
• Your home telephone number
• How the card went missing or what transaction you find illegitimate
• Other personal details that will be used as a security check to confirm your identity
• The identity of the primary cardholder, if you are the secondary cardholder.

4. Tips to stay safe:

i.                    How to prevent identity theft

Identity theft involves acquiring another person’s identification information (such as a social insurance number or any unique identifier) without a person’s knowledge for the purpose of impersonating him or her to commit fraud. The best defense against identity theft is to prevent thieves from getting the information in the first place.

Here are guidelines to follow:

• Never leave your purse or wallet unattended – keep your personal data and information guarded at all times.   
• Sign your credit and debit cards in permanent ink as soon as you receive them.   
• Call your card issuer if a new or reissued card does not arrive when expected.   
• Don’t carry your social insurance card, birth certificate, or passport in your wallet or purse unless it’s absolutely necessary. Cancel any inactive payment card accounts.   
• Never throw away receipts in a public trash container. When disposing of receipts or old statements, be sure to destroy the areas where the account number is visible. In general, you should keep all your receipts in a safe place to refer to if you suspect suspicious activity.
• Check your statements frequently and carefully. Be sure you are familiar with all account activity on the statement. If you find an unauthorized or questionable transaction, call the appropriate organizations immediately.
• Do not write your credit or debit card account number on a cheque, or use it for identification when paying by other means.
• If your social insurance card or driver’s license is missing, contact the appropriate agency immediately.
• Never give any payment card, bank, or social insurance information to anyone by telephone, even if you made the call, unless you can positively verify that the call is legitimate and there is a true need for the information.
• Keep a list of all your credit accounts and bank accounts in a secure place so you can quickly call the issuers to inform them about missing or stolen cards. Include account numbers, expiration dates, and telephone numbers of customer service and fraud departments.
• Make a note of when your financial statements arrive each month. If your statements stop arriving, contact your bank immediately.
• Obtain a copy of your credit report once a year from one of the national credit bureaus. You are entitled to a free copy of your report if you are denied credit. Otherwise, most credit bureaus will charge a small fee. If the report data is incorrect, write the credit bureau immediately and keep a copy of your letter.

 ii.                  How to prevent fraud while using your payment card

Payment cards are used everyday by billions of people throughout the world. By following the steps below, you will significantly reduce the chances of fraudulent activity occurring on your account:

• When making a purchase, keep your card in view at all times. Retrieve the card as soon as the transaction is complete and make sure it is yours.
• Memorize your passwords and personal identification numbers (PINs) so you do not have to write them down. Be aware of your surroundings; make sure no one is watching you input your PIN.
• Never sign a blank receipt slip. Draw a line through any blank amount lines that appear above the total amount line.
• Save all of your receipts so you can refer to them at a later time. Never discard your receipt in a public trash container.
• Do not provide your account number over the phone unless you are positive the call is legitimate and there is a legitimate purpose to disclose your account number. Never provide your number over the phone if you didn’t initiate the call.
• Avoid saying your account number aloud at a merchant location or over the phone if others can hear.

iii.                How to prevent fraud while shopping online

Shopping online opens up a world of choices and convenience – as well as some risks that require extra vigilance. Here are some tips to ensure that your online shopping experience remains safe and enjoyable:

• Make sure you are doing business with a reputable Internet merchant. Check with the Better Business Bureau or provincial and local consumer agencies to find out about past complaints or experiences from other customers. You can also look for the following information on the website to check if a merchant is reputable:
  • Privacy policy – A reputable website often has a clearly stated privacy policy in an accessible place. Read the privacy policy so you know exactly how the merchant intends to use your information.
  • Information about the offer – make sure you learn all you can about the offer, including the delivery date, terms of warranty, cancellation policies, how to contact the company if you have questions, etc.
  • Information about the merchant – make sure to find the company’s physical address and telephone number.
  • Security – Reputable websites often provide information about how they protect your financial information when it is transmitted and stored.
• Guard your personal information. Don’t provide information that you are uncomfortable giving. Never give anyone the password that you use to log on to your Internet Service Provider or online bank account.   
• Keep records. Print out all information about your online transaction and keep it in a safe place to refer to at a later time.   
• Pay with a payment card – as this is often the safest way to pay online. In North America, the cardholder has the right to dispute charges if the goods or services were misrepresented or never delivered. Also, you are not responsible for fraudulent purchases made on your account.   
• Make sure the merchant that you are dealing with has proper security measures in place. Your computer browser can tell you if the place where you are about to send the information is secure. Look for an unbroken key or closed lock at the bottom of the browser window. If you cannot determine this, do not put your credit or debit card information over the Internet.
• Hover the weblink on the browser you are using to see if there is no hidden link from a fake or illegitimate cloned website.

iv.                 Setting up your best security for your Visa Card:

Visa has developed several layers of fraud prevention and detection systems and programs, giving you multiple checkpoints for security to protect your business and make transactions more secure. Visa’s Layers of Security complement each other and work together, so by implementing multiple services you can help reduce your risk of fraud.

The Layers of Security:

Layer # 1 – Chip & PIN

Many Visa cards now contain a micro-computer chip that securely stores encrypted information to complete transactions. As well, Personal Identification Numbers (PINs) are used for cardholder authentication when chip cards are used in Canada. This helps make counterfeiting virtually impossible.

Layer # 2 – Verified by Visa

The Verified by Visa (VbV) program is a worldwide service that confirms a cardholder’s authenticity in real time. This helps protect merchants from fraudulent transactions and chargebacks, while protecting cardholders from unauthorized use of their Visa cards.

Layer # 3 – Three-digit Code (CVV2)

The CVV2 is a three-digit security code on all Visa cards that helps ensure a customer making an online or phone purchase has a genuine Visa card in hand.

Layer # 4 – Address Verification Service (AVS)

When fraudsters try to order online, by mail or by phone, AVS can help stop them in their tracks. Account number information obtained from a receipt or a stolen card does not include an address or postal code. AVS checks a cardholder’s address and/or postal code against the card issuer’s records in real time, giving you the opportunity to stop a transaction if desired.

Layer # 5 – Visa Advanced Authorization (VAA)

Available through most card issuers, VAA lets you immediately identify and respond to emerging fraud patterns and trends. As transactions are processed through VisaNet^® Advanced Authorization, VAA evaluates an authorization request data in real time and assesses and assigns a risk rating – helping you better identify potential fraud.

5.      Additional contact numbers for Canada only:

MasterCard Issuer Security Phone Numbers in Canada:

ATB Financial:		1-800-661-2266
BMO Bank of Montreal:		1-800-361-3361
Bridgewater Bank:		1-866-398-4404
Canadian Tire Bank:		1-800-459-6415
Capital One Canada:		1-800-481-3239
CIBC:		1-800-663-4575
Citibank Canada:		1-800-305-7259
Credit Union Electronic Transaction Services:		1-800-567-8111
Direct Cash Bank:		1-888-466-4043
GE Money Canada:		1-800-243-2222
HSBC Bank Canada:		1-866-406-4722
MBNA Canada:		1-800-379-2744
National Bank of Canada:		1-888-622-2783
Peoples Trust:		1-866-452-1138
President’s Choice Bank:		1-866-246-7262
RBC Royal Bank:		1-800-361-0152
Sears Canada:		1-800-288-9965
Walmart Financial Services Canada:		1-888-925-6218
Wells Fargo Financial:		1-888-295-0050

 If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

E-Crime Expert’s contribution to:”Responding to a Data Breach”

E-Crime Expert is glad to feature a new  blog post on Data Breach Response Plan, provided by iPost. If you would like to find out more about iPost click here.

According to iPost: “Whether you are in healthcare, the financial industry or you run an independent business, you should have a data breach response plan. It is foolhardy to think that a data breach isn’t going to happen to you. It isn’t a matter of if, it is a matter of when. Is it an emergency? You better treat it like one”.

In order to read this interesting Article and to find out some solutions for responding to a Data Breach, please visit the original Blog Post here.

Bellow, is E-Crime Expert’s contribution and suggestions on how to prevent and facilitate a quicker Response to a Data Breach:

“Cyber-security expert and consultant Dan Manolescu has some more suggestions“:

The organization could have a privacy/security policy in place which addresses potential privacy and security issues; establish risk mitigation practices and ensures standard and uniform action within the organization with regards to preventing, dealing/handling and providing review/feedback on privacy, security issues. Also, this privacy, security policy should state clearly the legal obligation with regards to protection of personal data of individuals.

Buy/develop a scanning software that scans all the incoming and outgoing messages within that organizations, programmed on different but specific keywords, such as security, alert, virus, scam, etc, in order to flag those messages containing those specific keywords, regardless of whether they are sent to inbox, trash or spam folder. This action could be done automatically without needing to provide access to any human operated action to the content of the message itself. Privacy/security audit trails could be also put in place. I will suggest that this practice should be notified to the employees along with the “computer and electronic usage” policy within that organization.

Other than that, providing periodical training to staff and management on these issues definitely helps to properly identify and handle these messages which could be important for an organization.

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

SHODAN, the search engine: is it “scarry” or not?

E-Crime Expert presents to you today a search engine which is totally different (in functionality and scope) than the ones we are used to (i.e Google, Bing etc).

For us  (E-crime Expert), Shodan has a positive value as it uncovers security vulnerabilities. Used by others (i.e. cybercriminals), Shodan could have a negative side as enables access to different systems (routers, webcams, etc) which have little or no security protection.

According to the description available on their main page here, “SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners”.

Web search engines, such as Google and Bing, are great for finding websites. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content.

How to use it:

Create and login using a SHODAN account, or Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID).

Login is not required, but country and net filters are not available unless you login.

Basic Operations:

Filters
-country: filters results by two letter country code hostname;

-filtering by country can also be accomplished by clicking on the country map (available from the drop down menu);

-mouse over a country for the number of scanned hosts for a particular country.

-filters results by specified text in the hostname or domain net;

-filter results by a specific IP range or subnet operating system;

-search for specific operating systems port: narrow the search for specific services;

After the search returns some entries (webcams located in a certain area), just click on one of those entries and you will have instant access to what that webcam records live (Fig 1).

Figure 1.

Examples:

Note:
E-Crime Expert will try contact all the owners of these vulnerable systems in order to report their security issues and advise how to protect their devices with appropriate passwords and security measures.

Please watch the video or read our material on how to create a stronger password.

1. Run a search for all existing default passwords, as shown in Figure 2.
Having access to the password, one could enter the router’s settings and change them or even more, use the router as a back door to access any device connected to it such as a computer, printer, etc.

Figure 2.

2. Once we selected a webcam, click on it and wait for the live footage to play.
What we see is an intersection which could be considered as a public space. The live feeds record everything live (Fig. 3).

Figure 3.

3. The access is granted regardless the geographical location: E-Crime Expert had access to a webcam located in Russia from a computer located in North America (Figure 4).

Figure 4.

4. We next tested a webcam which was recording someone’s home front steps for security reasons perhaps. But the issue here is how that camera’s angle is recording as you can also see the next neighbor’s front alley, car and probably anyone entering their house (Fig. 5).

Figure 5.

5. Next example is more intrusive as transmits live feeds from a restaurant where clients could be identified along with the staff members. The purpose of this camera is theft protection but due to its non-existing security measures, now anyone on the Internet could check who came at that restaurant and at what time, transforming the purpose of that camera into a monitoring one (Fig. 6).

Figure 6.

6. Not surprisingly, the next webcam becomes even more intrusive by showing live the staff member working in a convenience store, with a “from behind the counter” view. Anytime the staff opens the money drawer, everyone having access to this webcam (available worldwide as shown in this blog post) could approximate how much money is available there. Beside the privacy invasive aspect of the clients and also of the staff member, potentially, could also lead to robberies or similar attacks (Fig. 7).

Figure 7.

7. Last examples is the most intrusive and concerning one as it transmits live video streaming from someone’s home. It is intrusive because most probably the guests visiting this person are not aware of the webcam, and also because the footage is now available not just to the security company in charge of protecting this home, but also to virtually anyone on the Internet. The second concerning aspect is that anyone could see what is available on the kitchen counter whether a large amount of cash or cheques or other valuable goods. This again, could lead to robberies or other violent crimes (Fig. 8).

Figure 8.

Conclusions:

SHODAN aggregates a significant amount of information that is not already widely available in an easy to understand format.

SHODAN collects basic information about the websites, the information “from the inside”, data covering the so-called back-end (simplified information about the type of your server software versions, and so on). On the one hand, it is therefore an excellent data base for those involved in security – but on the other, it is also a source of information for cybercriminals.

The Shodan software runs 24 hours a day. It automatically reaches out to the World Wide Web and identifies digital locators, known as internet protocol addresses, for computers and other devices. For security monitoring teams, Shodan may present some serious challenges. It is highly unlikely that security monitoring teams will ever be alerted to an attack that is using Shodan.

From a privacy perspective, there on the World Wide Web could be some available information accessible to the regular people by simply running a search, which it is not necessarily to be regarded as publically available information, such as the webcam in someone’s home, in a store, gas station etc. This is not publically available information from a legal perspective but it actually becomes available to anyone as some monitoring systems have little or no security measures. According to most international privacy legislation, a surveillance camera should be installed and used just on a legal basis and after a privacy impact assessment is done (as a best practice). That legal basis strictly refers to the purpose of why that camera is used for which definitely does not grant worldwide access to the footage, except where in question is a public space (i.e. park, street, etc).

Even though in question is a public domain under surveillance, there are cases when footage or pictures of those public spaces record more than the public space itself (i.e. Google maps litigations for capturing more than the streets, etc).

The Privacy Impact Assessment is specifically done (among others) to make sure that no unauthorized person has access to the footage recorded by a surveillance camera. Being able to publically find this footage on the Internet, is outside the Privacy and Security requirements and measures in place for a surveillance camera located either within a public space (with the potential of recording private areas as well) and or in a household which is by definition a private space. Probably some of these surveillance cameras are installed by the household owners, aiming to act as a theft protection and consequently be accessible just by the police or other law enforcement entities.

Contrary, by having access globally to this kind of footage, does not align with most of the international existing privacy legislation.

Once again, E-Crime Expert has taken this opportunity (SHODAN – search as a positive tool) to asses current privacy and security issues.

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.