Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/30/2009
06:39 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Unisys: Protecting Yourself From Holiday-Related Scams

Unisys identifies 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays

BLUE BELL, Pa., " November 30, 2009 " As the holidays bring an increase in online shopping, charitable giving and social interaction, consumers and businesses should be on guard against some common scams that occur frequently at this time of year, according to security experts from Unisys Corporation (NYSE: UIS).

"The consumerization of IT and widespread use of mobile technology and social networking, both at work and at home, have increased the risk of financial fraud and identity theft " especially during the holidays," said Mark Cohn, vice president, enterprise security, Unisys. "While scammers are seemingly everywhere this time of the year, consumers and businesses can do a lot to protect themselves from fraudulent activities. By taking some relatively simple precautions, everyone can maximize the chances that they will beat the cheats!"

The dangers of online fraud continue to grow. The number of Americans falling victim to identity theft increased 22 percent to a record 9.9 million in 2008, losing $48 billion in the process, according to Javelin Strategy & Research.

Meanwhile, online shopping on the job will continue to be popular. This year, 53.5 percent of workers with Internet access, or 68.8 million people, will shop for holiday gifts from work, according to Shop.org.

The bi-annual Unisys Security Index reported this month that, in the nine countries covered in the survey, the top security concerns of consumers are bank card fraud and identity theft. The percentage of Americans who are seriously concerned about the security of their online transactions rose to 42 percent, the highest level since the Unisys Security Index began two years ago.

Unisys identified 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays. They are listed below, in no particular order, along with tips on how to avoid them.

1. Online shopping threats: In the US, the FBI reported that more than $264 million was lost in 2008 due to online fraud. To avoid being yet another victim, Unisys security experts recommend that online shoppers always shop on safe sites that have SSL (a protocol for secure communications) certification, indicated by a locked padlock at the bottom of the screen. If you have second thoughts about using a site or retailer, follow your instincts and avoid it. Where possible, use a credit card rather than a debit card as banks can often offer consumers a higher level of protection when a credit card is used. If buying through sites such as Amazon or eBay, take the time to read the seller feedback. Finally, be sure to check your bank statements regularly for any unexpected 'purchases.'

2. Seasonal spyware: The number of malicious e-cards circulating to personal and business computers is expected to rise this year. Unisys experts suggest that even in a workplace setting, individuals never open an email or attachment from an unknown sender and do not download 'exe' files as these often contain adware, unwanted downloads and spyware.

If you can't resist opening a file, drag it into your 'junk' email folder first as this allows you to check all the links to see if they are legitimate. If a site looks suspicious, follow your instincts and don't click on it. Finally, be sure to install personal firewall, anti-malware and protection agent software on your computer. So if you make a mistake and click on a malicious e-card, you will have some protection.

3. Not-so-social networking: Enterprises and individuals are making increasing use of social networking sites such as Facebook and Twitter to keep in touch with clients, partners, friends and family over the holiday season. Unisys security experts warn that these sites can be a goldmine for identity thieves. According to GetSafeOnline, one in four people using social networking sites have posted confidential or personal information such as phone number, address or email on their online profile. To avoid identity theft, never offer personal information to anyone over a social networking site, even if the request is from a friend or relative. Do not offer your birth date, birth town and home address on your user profile, and always make sure you apply the right privacy settings to protect yourself. Avoid posting photos of expensive belongings or dates when you are away from home over the holidays.

4. Beware of ATM skimmers: Whether at your neighborhood bank or at your office lobby or credit union, Unisys experts stress the importance of being aware of your environment when using an ATM to obtain holiday shopping cash. If you think someone is too close behind you or looking over your shoulder, find a different ATM machine.

Thieves are becoming more and more sophisticated, so also check the actual machine to make sure that it is solid and sturdy. Some skimming scams have involved fitting the front of an ATM with a false panel containing a small webcam or digital camera that can capture your card details. If the ATM machine appears to be behaving oddly or does not work the first time, go to a different machine " don't try it again!

5. Fake Online Payment Sites: Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online. However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money.

To ensure payment sites are legitimate and secure, Unisys security experts suggest checking to ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that "s" is often an indicator of rogue traders. A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller's own country, stop the transaction.

6. 'Spirit of giving' scams: Christmas is the season for sharing and, as a result, thieves will often make the most of people's generosity over the festive season. Unisys suggests that individuals watch out for emails or tweets from charities that ask for donations, particularly if you have never signed up to receive correspondence from them. Be sure to check that charity collectors in your neighborhood or near your office have some form of identification.

7. Gift grabbers: After opening all the presents, Unisys recommends breaking down the boxes completely so that what was in the box is not obvious to passers by on the street. Thieves are more likely to target homes with home theatre or PC boxes in the trash. The same is true of business-related or personal bills, receipts and financial statements " all of which could contribute to identity theft. And as always, employees must protect their company's intellectual property by safely disposing of materials that are proprietary to their companies.

8. Protect your new laptop: If you received a new PC or laptop running on MS Vista or Windows 7 as a holiday gift, Unisys suggests making sure you are using anti-malware software and have enabled the firewall before connecting to the Internet. Whether you are connected to a wireless network or via a cable, on average, it can take just nine seconds for your new laptop to receive its first 'ping' attack and less than a minute to receive its first virus.

9. 'Free' Wi-Fi and wireless network hacking: If you are using that new laptop on a wireless network at home or workplace, Unisys recommends making sure that network is secure. This is because the Wi-Fi network range will radiate beyond the confines of your building, leaving it vulnerable to "wardriving" (the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer so they can use your unsecured network for free).

Hackers could use an unprotected wireless network to anonymously download illegal material or perpetrate attacks that would appear as if they were coming from you. Wardrivers are also known to hack into computers to steal personal details. In one highly publicized case, a retailer reportedly lost over 45.7 million personal credit and debit card details to hackers. The crime went on for four years before it was detected.

10. Account check and phishing cons: Unisys security experts recommend that individuals at home or work be wary of account checking scams in which a phony representative of a bank or supplier who contacts you by phone or email to ask for account details to update their records.

Callers will often claim that they need certain data in order to check the security of your account while actually obtaining very valuable information to carry out fraud. In the lead-up to Christmas, remind your family, friends and colleagues to err on the side of caution and refuse to give out any personal details either on the phone or online. If you think the call is genuine, ask to call them back and check the number by visiting their website before you call back.

Likewise, don't assume that an email that looks like it comes from your bank or a company you've done business with is legitimate. In common phishing attacks, email messages from impostors contain links to phony lookalike sites where your logon ID and password can be captured. Always suspect that web links in unsolicited emails may be fraudulent, and don't provide any personal information to such sites.

About Unisys

Unisys is a worldwide information technology company. We provide a portfolio of IT services, software, and technology that solves critical problems for clients. We specialize in helping clients secure their operations, increase the efficiency and utilization of their data centers, enhance support to their end users and constituents, and modernize their enterprise applications. To provide these services and solutions, we bring together offerings and capabilities in outsourcing services, systems integration and consulting services, infrastructure services, maintenance services, and high-end server technology. With more than 26,000 employees, Unisys serves commercial organizations and government agencies throughout the world. For more information, visit www.unisys.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
CVE-2020-36318
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
CVE-2021-28875
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...