Archive

Posts Tagged ‘legal advice’

Nigerian letter-like on LinkedIn

November 14, 2013 6 comments

Read this quick E-Crime Expert Blog Post to see how now LinkedIn is used for the “Nigerian Letter” classic scam.

This scam is also known as 419 scam, because the number “419” refers to the article of the Nigerian Criminal Code dealing with fraud.

Yesterday, I responded to an invitation to connect with someone on LinkedIn, who appeared to be a Lawyer (and later a liar:).

Screen shot 2013-11-14 at 19.59.09

Even more, my “new connection” and I appeared to have in common 14 shared connection (this made it even more credible).

Screen shot 2013-11-14 at 19.59.28

Today, I’ve received a LinkedIn message from that “new connection”, message that seems to be the old, classic, Nigerian-letter scam.

Screen shot 2013-11-14 at 19.56.57

How it woks:

This scam usually begins with a letter or email purportedly sent to a selected recipient but actually sent to many, making an offer that would result in a large payoff for the victim. The email’s subject line often says something like “From the desk of barrister [X]”, “Your assistance is needed”, and so on. The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. Such people, who may be real but impersonated people or fictitious characters played by the con artist, could include, for example, the wife or son of a deposed African leader or dictator who has amassed a stolen fortune, or a bank employee who knows of a terminally ill wealthy person with no relatives or a wealthy foreigner who deposited money in the bank just before dying in a plane crash (leaving no will or known next of kin), a US soldier who has stumbled upon a hidden cache of gold in Iraq, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee, and similar characters. The money could be in the form of gold bullion, gold dust, money in a bank account, blood diamonds, a series of checks or bank drafts, and so forth. The sums involved are usually in the millions of dollars, and the investor is promised a large share, typically ten to forty percent, in return for assisting the fraudster to retrieve or expatriate the money. Although the vast majority of recipients do not respond to these emails, a very small percentage do, enough to make the fraud worthwhile, as many millions of messages can be sent daily.

Advice:

If you receive similar messages or invitations to connect be suspicious and always double check. The ingenious idea is that now scammers are using LinkedIn which is known as a social platform for professionals, which automatically give the scammer more credibility.

If you recently connected with this person PIUS AVENIDA, better delete her from your connections.

Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog

E-Crime Expert’s contribution to:”Responding to a Data Breach”

E-Crime Expert is glad to feature a new  blog post on Data Breach Response Plan, provided by iPost. If you would like to find out more about iPost click here.

According to iPost: “Whether you are in healthcare, the financial industry or you run an independent business, you should have a data breach response plan. It is foolhardy to think that a data breach isn’t going to happen to you. It isn’t a matter of if, it is a matter of when. Is it an emergency? You better treat it like one”.

In order to read this interesting Article and to find out some solutions for responding to a Data Breach, please visit the original Blog Post here.

Bellow, is E-Crime Expert’s contribution and suggestions on how to prevent and facilitate a quicker Response to a Data Breach:

Cyber-security expert and consultant Dan Manolescu has some more suggestions“:

The organization could have a privacy/security policy in place which addresses potential privacy and security issues; establish risk mitigation practices and ensures standard and uniform action within the organization with regards to preventing, dealing/handling and providing review/feedback on privacy, security issues. Also, this privacy, security policy should state clearly the legal obligation with regards to protection of personal data of individuals.

Buy/develop a scanning software that scans all the incoming and outgoing messages within that organizations, programmed on different but specific keywords, such as security, alert, virus, scam, etc, in order to flag those messages containing those specific keywords, regardless of whether they are sent to inbox, trash or spam folder. This action could be done automatically without needing to provide access to any human operated action to the content of the message itself. Privacy/security audit trails could be also put in place. I will suggest that this practice should be notified to the employees along with the “computer and electronic usage” policy within that organization.

Other than that, providing periodical training to staff and management on these issues definitely helps to properly identify and handle these messages which could be important for an organization.

If you have any question you could contact: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Beyond Data Protection – published today!

January 31, 2013 Leave a comment

Dan Manolescu is glad to announce his contribution to the Beyond Data Protection book, published by Springer and available to the public from today, January 31, 2013. You could find Dan’s contribution under the “Data Protection Enforcement: The European Experience – Case Law” chapter.

 This book provides practical approach to address data protection issues in businesses and daily life. It also compares, contrasts and substantiates the different principles and approaches in Asia, Europe and America  and recommends leading best practices to practitioners and stakeholders based on divergent of technologies involved.

​I strongly recommend you to purchase this book considering the excellent material and contribution of several top scholars in the privacy and data protection fields.

You could find  more info about this book here.

cda_displayimage

This great opportunity would not have been possible without the tremendous work of Noriswadi Ismail, an excellent data protection and privacy scholar and practitioner. He is also the Mastermind behind Quotient Consulting, a boutique firm, which focuses on array of data protection and privacy consulting services such as: Data Diagnosis, Privacy Impact Assessment, Data Protection & Privacy Strategy, Training, Data Protection & Privacy Certification, Public & Private Consultations

In addition, Philipp Fischer’s contribution to this book is remarkable. Philipp is also an outstanding data protection and privacy scholar and professional and he is the CEO of SuiGeneris Consulting, which provides privacy and data security practice, data-use business models and how data flows generate profits. He has extensive underlying subject matter experience at the interface between information security requirements, data protection & – privacy law and economics; especially in information security, quality management, consumer protection, intellectual property, software programming and risk assessment. That enables him to provide strategic business consulting on all aspects of information policy, including privacy, information security and records management.

Last but not least, E-Crime Expert signed  strategic partnerships with Quotient Consulting (with subsidiary in London, UK), and withSuiGeneris Consulting (based in Munich, Germany).

 If you have additional questions, please contact us: dan@e-crimeexpert.com

Transfer mechanisms of personal data from EU to third countries

January 8, 2013 2 comments

This Article explains the concept of transferring personal data from EU to third countries, what those third countries mean, the principles for making such transfers legitimate and the derogations from these principles, and last but not least, the transfer mechanisms of personal data to third countries.

Considering the legal requirements of the Directive 95/46/EC, Article 25
the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if… the third country in question ensures an adequate level of protection…this Article provides three legal mechanisms for such transfers:

-Standard Contractual Clauses – for single Organizations or entities

Binding Corporate Rulesfor multinational Organizations or entities

-Safe Harbor Agreement principles – for Organizations or entities located in the U.S.

The Article provides Organizations or entities with all current available mechanisms for data transfer from the European Union to third countries, regardless if those Organizations are independent-single entities or multinational ones.

This Article was written by Dan Manolescu. If interested, you could read the full Article published by InfoSec Institute here.

If you would like to find out more about InfoSec, you could visit this page here.

Dan Manolescu is now a frequent contributer for InfoSec Institute.

If you have any questions please contact us at: dan@e-crimeexpert.com

Privacy Impact Assessment (PIA)

January 2, 2013 2 comments

Happy New Year!

We are back with a fresh Article on Privacy Impact Assesment.

What is a Privacy Impact Assessment (PIA)?

Privacy Impact Assessment is a process to determine the impacts of a program, system, service, scheme, initiative, application, information system, policy or administrative practice, or database, called for the purpose of this article as “project,” on an individual’s privacy and the ways to mitigate or avoid any adverse effects (risks).

Conducting a PIA is a good business practice that should be considered in a similar way to financial, legal, operational, and IT practices prior to proceeding with a new project development.

This Article was written by Dan Manolescu. If interested, you could read the full Article published by InfoSec Institute here.

If you would like to find out more about InfoSec, you could visit this page here.

Dan Manolescu is now a frequent contributer for InfoSec Institute.

If you have any questions please contact us at: dan@e-crimeexpert.com

The use of Social Media in an organization: guidelines

October 29, 2012 1 comment

On September 27-28, 20012 E-Crime Expert was invited to Dublin, Ireland, as a speaker to the “Social Media in HR event, hosted by Flemings Europe.

The event was great; the representatives of Flemings Europe were extremely professional and well prepared. Top HR professionals from very important organizations were present in the audience. The Conference topics covered among others, the use of Social Media in organizations by HR professionals, the most effective use of the latest social medias, which are the most popular (by usage) social medias, the use of social media and privacy, etc.

You could have a look at this video which captures the event

If you would like to know what “Guidelines for using Social Media in an organization” means please have a look at my Presentation.

Click on the image bellow in order to have full access to my Power Point Presentation

If you have any question please contact us at: dan@e-crimeexpert.com

%d bloggers like this: