Kaisilver, Security Blog

You Have Undisclosed Income - Online Fraud.

This is similar to an online fraud that has been happening for the last few years, however this year’s fraud has an interesting twist. In the earlier fraud, you received an email saying that you were due to receive a tax refund. Private and confidential information was collected from you, this information was ofcourse put to several bad uses. In this new fraud, the email says that you have failed to disclose some income in your tax returns!

This does seem like a serious issue and many receivers would just click on the provided link and disclose all related information. This could be very dangerous and the fraudsters have managed to think up a very convincing and dangerous operation. Kaisilver has monitored a few dozen emails of this type and there seems to be a pattern through all of them. It is a wonder why the FBI and other agencies do not go to the bottom of such frauds. Tracking emails is not tough, a little technological help and some good ideas can lead to the brain on the top of all such frauds. In the meantime, spread the word to your friends, collegues and relatives. That is the only way to increase the online safety factor.

The ATM Card Money Fraud.

It is the time of the year when many innocent online users are looking for bargains and also making online transaction. While this is a good thing for both buyer and seller, you need to stay updated with the online security threats that are currently going around. Kaisilver continues to monitor various online security issues and warns both buyers and sellers through this exclusive security blog.

The ATM card fraud basically perpetuates through emails. You receive an email saying that an ATM card with thousands or even millions of dollars filled in waiting for you. You could be asked to contact the shipping or courier agent, or just send full details of your name, bank account etc. There is a phone number and contact person mentioned in the email. All this is done to increase your confidence in moving ahead with the transaction. Do not fall for this fraud, you will get nothing and only end up losing money. At times, you receive a similar email from a (supposedly) big courier company. This is a cloak email and does not really originate from FEDEX, DHL, UPS or any other courier. The email says that your card is lying with them and you need to pay a small fee like a few hundred dollars to receive it. You might feel that it is a small amount to pay inorder to receive the millions of dollars that are stuffed in the ATM card! But just forget such ideas and delete the email, you will not get a single cent.

Please pass the above information to your friends and relatives. It is only such open sharing of information that can make the online world safer and more useful. We need to harness the benefits of online commerce while remaining alert about online dangers. This is the best way to proceed.

Beware Of This Online Threat, Email Fraud.

You would have heard of fraud emails that urge you to click and link on the email. This link would take you to a web page that loaded malware on to your computer. Our network team has recently come across another online threat perpetuated through an email. In this case, the fraudster does not request you to click a link on the email, infact there is no link on the email at all. The email tries to get your email login details the easy way. The email informs you that your web hosting company needs to update some systems related to your email. To enable this process you are requested to reply to the email mentioning your email address, the email login and the email access password! Many innocent online users would not doubt the validity of such an email, the details would then be sent to the fraudster.

Make sure that you do not fall for this online threat. Remember that you should NEVER release your email login information to anyone. Do not write down your email passwords in a place that is accessible to others. It is a good idea to change your email password every few months. If you ever doubt that the security of your email account has been compromised, change the password immediately. Please keep shaing these suggestions and tips with your friends and co-workers, we need to build a safer Internet and do this together.

Beware Of Emails That Offer You A Job.

A recent online fraud is both disgusting and unfortunate. Unemployment has become rampant in many countries, the situation seems to be getting worse as the global economic situation gets weaker. Online fraudsters have taken advantage of the desperate position in which the unemployed find themselves in. An email is sent randomly and claims to contain information of a suitable job for the receiver. In many cases the source of the email claims to be from some huge multinational firm.

As is common with most email frauds, the receiver is expected to click a link for further details. The link contains malware that can compromise the security of your computer and break through your online privacy. This online fraud seems to be the worse type of online security threat. While previous online threats played on the greed of the receiver, this fraud takes advantage of the desperate and pitiable situation in which most unemployed people today find themselves in.

Please pass on this link to everyone you know. The global economic climate is bad and there seems to be no immediate relief in sight. It will be sad if information regarding this online threat is not made available to as many people as possible. Kaisilver will make every effort to warn online users regarding new threats that come up from time to time.

If you get a screen on your computer with AntiVirXP08 as the heading, you should know that you computer is infected with malware. This program is sometimes called Anti Vir XP 08 but has nothing to do with cleaning viruses, it does the opposite. The program flashes a message saying that a number of virues (a numeric value is shown) have been detected on your computer. The AntiVirXP08 infact urges you to use your credit card and pay for a subscritpion of Anti Vir XP 08. You will get no anti virus software in return and will most probably be compromising your confidential credit card information!

The AntiVirXP08 malware affects many areas of your hard disk and also changes the registry of windows. Cleaning it is not an easy task and it is best to take the help of an expert. The program is transferred to your computer by clicking a link on a website, in an email. Some users have reported getting it from popular video, music and photo sharing websites. It is probably easier said than done but, the best thing is not to click on strange or unknown links. If you find that your computer is infected with the AntiVirXP08 malware contact a computer expert and have the problem resolved. This is all the more important if you have necessary information on the infected computer.

It is safe to presume that the AntiVirXP08 program is capable of pilfering confidential information that you enter on the infected computer. Bank logins, credit card details and other financial websites like Paypal etc should not be accessed from infected computers. The dangerous part is that this malware was written by one fraudster but is today being used by many people with bad intentions. As usual, no one has been able to track even a single bad person trying to spread the AntiVirXP08 malware. So we are going to have to learn to live with this and other online threats. Spread the word regarding the AntiVirXP08 to your friends and collegeues, send them the link to this report.

Most online services require to you login with a username and password. While the username is generally visible as you key it, the password is normally blanked out or has the asterisk sign substituted for each character of the password. For example, a password like ‘towimx44′ might appear as ” ******** ” as it is being entered. The objective of this is to make sure that people cannot see your password as you key it. However, there are a few more ways in which the confidentiality of your password could be compromised. We will discuss these issues in the subsequent paragraphs, you will become of few simple measures that could help keep your password safe.

Choosing a password: Do not use a very small password, most websites fix a minimum length for passwords. Always use a password that is at least 8 characters long, combine alphabets, digits and even special symbols if allowed. Do not use your name as a password, avoid using simple words like ‘house’, ‘eternity’ etc. Hackers have special programs that can generate almost every word in the English dictionary. Guessing conventional words is therefore not very difficult, remember to combine digits, alphabets and symbols. A password like ‘IwHyE545′, might sound tough to remember but,the secret lies in creating a password with some logic. The above password could have been created by choosing the first alphabet, of each word from this sentence, I was Hungry yesterday Evening at 5.45pm”.

Keeping passwords: Do not scribble your password near your computer, or in way that any person could identify it as a valuable password. If you must write down passwords, develop some conventions that would help keep them safe. For example, referring to our password mentioned above, ‘IwHyE545′ could be written as ‘WhYw545I’. What we have done is taken off the first character (I) in the password and placed it at the end. We have then changed the alphabets from small to big case and vice versa. While it is best not to note down passwords, millions of computer users do note them down. Never send passwords through emails, online chats etc. If you must note your password, do so in a place that is not near your computer. Also develop some sort of code that will allow you to juggle the characters of your password when you write it down.

Not the same password: Most computer users would typically access around half a dozen online services that need a username and password. If this is true with you, do not use the same password for more than one login. For example, do not use the same password for your email and online banking service. Using the same password for many services means that, you expose all the services if the password is compromised. It might not be possible to do this in certain cases. If you have a Hotmail email account and also use MSN Messenger, try to login to MSN messenger. Once logged in, you can see a link to your Hotmail email account, click it and you would be accessing your Hotmail account in a few moments. This is a bad feature, it means that you can never leave your MSN messenger even for a few minutes. If you did so, any person seated near your computer could click the Hotmail link and read your personal emails.

Change passwords periodically: It is a good idea to change your password periodically. Depending on how sensitive the information that you password protect is, change of password can be done anywhere from once a week to every month. Most of us stay alert when choosing a password for the first time, a certain degree of compacency creeps in if we have to change the password ever week or month. Some online services do not allow the same password to be repeated within a month, this is done for your security so do not fume and fret. Resist the temptation of changing to passwords that are similar to other passwords that you could be using.

Certain online services have implemented algorithms that actually check the ’strength’ of a password that you select. So if you chose a password that is similar to your first name or last name, you get a message regarding the ‘weekness’ of the password. You should also stay alert to fraudsters who try to get your password and misuse it. It is safe to say that you should trust no one with your password, keep it confidential. Stay updated with various phishing scams that try to extract confidential username and password details. A breach of security for your online financial services account could be severe, such frauds can ruin a person or organization financially. Online financial services include, online banking, credit card accounts and even online payment facilities like Paypal and StormPay.

An auction is a type of sale where the seller puts up an item for auction and invites bids, the highest bidder gets the item and needs to pay the bid amount. Online auction websites have few types of pricing options for sellers to choose from. The seller could choose to have a minimum bid auction, this means that the bidder will need to place a bid that is at least as much as the minimum bid fixed by the seller. The second type of auction pricing is a ‘no reserve price’ type, such auctions attract more bidders. In a no reserve price auction, the seller does not place any minimum starting bid, the bidder who bids the most gets the item and pays for it.

Very few fraudulent online sellers actually get caught, this link has the report of one such case. There are hundreds more who never get reported or caught. http://www.nytimes.com/2007/06/09/business/09auction.html