In Search Of The Most Dangerous Town On The Internet Directed by Sean Dunne

ANTONIO FORZIERI
EMEA CYBER SECURITY PRACTICE LEAD

At Symantec Antonio Forzieri is responsible for the Cyber Security offering for EMEA from a technology perspective. Previously Antonio worked in Symantec as a Security Practice Manager, running the security technology sales team in Italy. Before joining Symantec, Antonio worked for a number of Italian companies with EMEA wide responsibilities dealing with Compliance, Endpoint Security, Data Loss Prevention, Encryption, Ethical Hacking, Fraud Management and Security Education topics. Amongst other activities, Antonio supports public and private organization during significant security outbreaks and fraud investigations.

LEARN MORE

Not all hackers are inherently bad. When used in mainstream media, the word, “hacker,” is usually used in relation to cyber criminals, but a hacker can actually be anyone, regardless of their intentions, who utilizes their knowledge of computer software and hardware to break down and bypass security measures on a computer, device or network. Hacking itself is not an illegal activity unless the hacker is compromising a system without the owner’s permission. Many companies and government agencies actually employ hackers to help them secure their systems.

LEARN MORE

Cybercrime is a big business—one that’s constantly growing without any signs of slowing down. Combatting this assault on your private information, like your credit card or bank account numbers, requires a group effort on the part of legitimate online businesses and the public. Norton wants you and your family to stay safe and secure online. Here are some tips on what to look for while you’re shopping online—both before and after your purchase.

LEARN MORE

There are a multitude of software vulnerabilities out there, but there is another type of vulnerability that hackers look to exploit, and that is the human being. Human’s vulnerabilities are their emotions. When people are presented with scenarios that require immediate action, their first impulse is to act first and think later. This is the exact “vulnerability” that cybercriminals depend on for a successful attack.

LEARN MORE

The value of any single password is directly related to the number of websites and services that the password opens. Like a key on your keychain, your passwords unlock your digital life. For many of us, our key rings are a chaotic, crowded place filled with different sizes and shapes of keys; each of which accesses a different part of our life.

LEARN MORE

Since most of what we do is now online, from shopping for food to paying bills, the global economy is taking a digital shift. It’s only natural for criminals to follow suit. As criminals consider the economics of what they do, they recognize cybercrime as one of the quickest ways for them to make money. For a hacker, extortion is an easy way to monetize stolen information and provides the shortest path from cybercrime to cash. In addition to extortion, criminals can make money off of fake auctions, stealing someone’s identity, and by selling stolen information such as credit card numbers, social security numbers, even various account credentials.

LEARN MORE

According to the Federal Trade Commission’s 2014 Consumer Sentinel Network Data Book, identity theft once again tops consumer complaint categories in 2014. Identity theft can be committed in many ways: from non-technical methods such as stealing purses or “dumpster diving” for documents that have been thrown away that contain sensitive data; to technical methods such as deceptive phishing e-mails that include malware containing spyware or Trojan horses.

LEARN MORE

Two hundred years ago, selling the Brooklyn Bridge was a very profitable business venture. It could be sold over and over again. A gentleman named George C. Parker claims to have sold it, on average, twice a week.  I’m sure even then it was obvious to most people that it wasn’t his to sell, but he targeted newly arrived immigrants; those who arrived with a little money, a strong desire for success and on the look-out for a bargain.

LEARN MORE

The future is finally here, and, although we don’t have robots doing our bidding for us just yet, there are a myriad of smart devices that help automate tasks, connect to cars, and even to our bodies. These gadgets are considered a part of the Internet of Things, and are focused on adding convenience to our physical lives through digital devices. Have you ever left the house and wondered if you locked the front door? Or wanted to know how many steps you took in a day? Well, with the Internet of Things, there’s an app for that! With all of this data being collected about your home, cars and bodies, security concerns are bound to come along with it.

LEARN MORE

Antonio Forzieri

Cybercrime Expert

At Symantec Antonio Forzieri is responsible for the Cyber Security offering for EMEA from a technology perspective. Previously Antonio worked in Symantec as a Security Practice Manager, running the security technology sales team in Italy. Before joining Symantec, Antonio worked for a number of Italian companies with EMEA wide responsibilities dealing with Compliance, Endpoint Security, Data Loss Prevention, Encryption, Ethical Hacking, Fraud Management and Security Education topics. Amongst other activities, Antonio supports public and private organization during significant security outbreaks and fraud investigations.

Antonio Forzieri holds a degree in Telecommunication Engineering from Politecnico di Milano where he is also a lecturer for the course “Internet: Mobility and Security” and he teaches the Master Class “Fraud Management” for the Security Specialist Master at CEFRIEL.

About Norton

What is the Difference Between Black, White and Grey Hat Hackers?

Not all hackers are inherently bad. When used in mainstream media, the word, “hacker,” is usually used in relation to cyber criminals, but a hacker can actually be anyone, regardless of their intentions, who utilizes their knowledge of computer software and hardware to break down and bypass security measures on a computer, device or network. Hacking itself is not an illegal activity unless the hacker is compromising a system without the owner’s permission. Many companies and government agencies actually employ hackers to help them secure their systems.

Hackers are generally categorized by type of metaphorical “hat” they don: “white hat”, “grey hat”, and “black hat”. The terms come from old spaghetti westerns, where the bad guy wears a black cowboy hat, and the good guy wears a white hat. There are two main factors that determine the type of hacker you’re dealing with: their motivations, and whether or not they are breaking the law.

Black Hat Hackers

Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are also responsible for writing malware, which is a method used to gain access to these systems.

Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime. Black hat hackers can range from amateurs getting their feet wet by spreading malware, to experienced hackers that aim to steal data, specifically financial information, personal information and login credentials. Not only do black hat hackers seek to steal data, they also seek to modify or destroy data as well.

White Hat Hackers

White hat hackers choose to use their powers for good rather than evil. Also known as “ethical hackers,” white hat hackers can sometimes be paid employees or contractors working for companies as security specialists that attempt to find security holes via hacking.

White hat hackers employ the same methods of hacking as black hats, with one exception- they do it with permission from the owner of the system first, which makes the process completely legal. White hat hackers perform penetration testing, test in- place security systems and perform vulnerability assessments for companies. There are even courses, training, conferences and certifications for ethical hacking.

Grey Hat Hackers

As in life, there are grey areas that are neither black nor white. Grey hat hackers are a blend of both black hat and white hat activities. Often, grey hat hackers will look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see.

These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. Usually, grey hat hackers will not exploit the found vulnerabilities. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to attempting to attack the system.

Although the word hacker tends to evoke negative connotations when referred to, it is important to remember that all hackers are not created equal. If we didn’t have white hat hackers diligently seeking out threats and vulnerabilities before the black hats can find them, then there would probably be a lot more activity involving cybercriminals exploiting vulnerabilities and collecting sensitive data than there is now.

How Can I Stay Safe Shopping Online?

Cybercrime is a big business—one that’s constantly growing without any signs of slowing down. Combatting this assault on your private information, like your credit card or bank account numbers, requires a group effort on the part of legitimate online businesses and the public. Norton wants you and your family to stay safe and secure online. Here are some tips on what to look for while you’re shopping online—both before and after your purchase.

Ensure the Site Is Secure

All web sites are not created equally. Safe, secure sites will feature an address that starts with “https://” instead of simply “http://” (note the “s” in the former.) This lets you know that the site is secure, which is important as it ensures you aren’t on a fake site phishing for your private information. Along this line, you may also notice that some addresses turn green on certain sites. This offers a more noticeable signal that a trusted third-party has verified the site’s identity and that the connection is secure. You can also click on the security notice to receive more information. Rethink entering information like your credit card number on sites that don’t offer this security.

Use Strong, Up-to-Date Security Software

Antivirus protection isn’t just for checking downloaded software. Web attacks can occur anytime you’re online, secretly, installing malware like keyloggers designed to record your keystrokes and then pass this information into the hands of cybercriminals. By doing this, they can effectively steal your passwords—even on secure sites since this action takes place locally on your device.

When deciding which security software to install, ask yourself the following questions: Does it offer a strong firewall? Does it include customer support if I have a problem? And finally, how often does the program update itself? This last point is especially important, as new viruses and malware appear on the Internet every day. Your security software can only protect you against threats it recognizes.

Think of it as your personal police force that needs to review mug shots so it knows who the bad guys are. Without the most up-to-date information, the newest evildoers will slip through unstopped. And shopping sites make particularly tempting targets for cybercriminals, as they know you have your financial information in hand and ready to go.

Look for a Seal of Shopping Assurance

So you’re already following all of these safety rules. Great! But unfortunately, that doesn’t mean you’re completely impervious to cybercriminals. Nothing is 100% unbreakable. And while following all of these tips can definitely help, there’s still a chance crooks could make off with your private information. What then?

Serious online merchants do what it takes to protect their customers and deliver as promised. Never settle for anything less than complete confidence that you’re doing business with a company that will be there for you—especially after the sale.

Norton™ Shopping Guarantee is a quick, easy way for you to make sure you’re buying with peace of mind. Why you see the Norton Shopping Guarantee seal, you know you’re covered. It offers you:

  1. $10,000 Identity Theft Protection: Under Norton Shopping Guarantee, any purchase on a qualifying site offers you up to $10,000 in identity theft recovery for 30 days—even if someone steals your personal information elsewhere.

  2. $1,000 Purchase Guarantee: If the merchant doesn’t live up to its terms of sale, you can file a report within 30 days for any reimbursement of your loss up to $1,000, if the claim is resolved in your favor.

  3. $100 Lowest Price Guarantee: : Let’s say you purchase a bike for $200 at a store with the Norton Shopping Guarantee—only to see the same merchant drop the price by $50 next week. It’s not a problem, as Norton Shopping Guarantee will happily refund you the difference up to 30 days after your purchase.

Use Different, Secure Passwords Everywhere

One of the most common passwords is simply “password.” Sure, this simple combination is easy to remember, but it’s also easy for others to guess. Create more secure passwords by combining eight or more uppercase and lowercase characters, along with numbers. Think of something that’s memorable to you, but doesn’t include personal identifiable information.

Nonsensical phrases over completely random characters can be easier to remember, but equally tough to break. (Think: “MyChairLovesCats78” over “Zkd6EyY!odm9.”) It’s also a good idea to avoid writing these logins down for others to find or reusing the same password at all of your shopping sites. That way, if one should be hacked, you won’t find all of your logins compromised. If available, two-factor authentication can also greatly put the odds in your favor.

Stay Safe

When a common criminal sizes up the best house for a possible robbery, which do you believe he is going to choose—the home with the security system, plenty of lights, and a large guard dog, or the house with none of these safety measures? Most cybercriminals are the same. They naturally lean to the weakest prey with the highest potential for their financial gain. Show your strength and help send them packing by following the tips we’ve outlined here.

Social Engineering

There are a multitude of software vulnerabilities out there, but there is another type of vulnerability that hackers look to exploit, and that is the human being. Human’s vulnerabilities are their emotions. When people are presented with scenarios that require immediate action, their first impulse is to act first and think later. This is the exact “vulnerability” that cybercriminals depend on for a successful attack.

Types of Social Engineering Attacks

Criminals use human-to-human interactions in order get the target to disclose personally identifiable information. Because social engineering is based on the psychology of human nature, and decision-making is based on emotional reactions, attackers try to use many different tactics online and offline.

Baiting

The cybercriminal will leave a device such as a USB stick, CD or DVD or even a hard drive that is infected with malware out in the open in a public place. Relying on the curious nature of humans, the attacker’s goal is to get the target to pick up the media, and plug it into their computer to see what’s on it. Once the infected media makes a connection with the machine, the malware will inject itself into the computer.

Phishing

Cybercriminals will use diverse methods to trick people into giving away their information. Fear tactics tend to be one of the most effective tools in a cybercriminal’s arsenal, as they depend on users making quick, impulsive decisions based on their emotions. The user is presented with an urgent scenario, usually involving a financial or other online account, using phishing tactics, through email, social media or even text messages. Users often make hasty, emotional decisions, and can end up clicking on malicious links, or giving away personal information to fall right into the scammer’s trap.

Email Hacking and Contact Spamming

It’s only natural to pay attention to messages we receive from people we know. If someone were to receive an email from a friend or family member with the subject line, “Check out this site I found, it’s totally cool,” there probably wouldn’t be a second thought about opening it. This is exactly why cybercriminals attempt to steal email credentials. Once a criminal gets the username and password to an email account, they are able to take over the account and will spam all of the contacts in the users’ address book in order to obtain more information, money, or infect users with malicious code.

Pretexting

Pretexting is when the attacker creates an elaborate cover story in order to establish a personal relationship with the target. It can be a sob story about being stranded in a foreign country, a family member that needs an expensive operation or that a relative left them an inheritance but they need help (money) in order to get it. These types of scenarios play on people’s inclination to be helpful to others in need.

Quid Pro Quo

Something for something. Quid Pro Quo is most commonly seen in the form of surveys. Offering the target a free product or deep discounts on expensive products, this scam entices users with “something” but only after they fill out a short survey that asks the user for most of their personal information. Then all of the data that is collected can be used for identity theft.

Spear Phishing

Spear phishing is a type of phishing attack targeted at employees of a specific company. Generally used for cyber espionage or data breaches, this tactic involves choosing a target within the organization, researching that target, and gathering personal information and interests from Internet searches and social media profiles. Similar to pretexting, the goal of this type of attack is to create a personal, trusting relationship with their target. Once that relationship is established, the scammer will send emails related to the user’s interests to try to trick them into clicking on a malicious link that hosts malware or to download a malicious file. Once the malware is installed on the user’s computer, it can then access the company’s network and easily spread itself to other computers.

Vishing

Vishing actually doesn’t require the use of malware, phishing, or even a computer. Usually performed over the telephone, the criminal will call a target using pretexting. They can represent themselves as a trusted individual from the company the victim works for, as a representative from a bank or another company that the target does business with, and more. Once the relationship has been established, the scammer will then try to phish for as much personal information from targets as they can get.

Stay Protected

Social engineering can happen offline just as much as it can online. It is so extremely successful because of the one thing that we can’t install security software on- the human being. Your best defenses against these kinds of attacks is educating yourself, using common sense and being aware of what to be on the lookout for.

  1. Never download any attachments or click on any links from unknown or suspicious looking senders. If you believe there is an issue with an account, log into your account directly by typing the site’s address into your web browser.
  2. If someone calls you asking for account credentials, claiming to be from a credible source, exercise caution. If you don’t feel like the person is legitimately who they say they are, refuse to give up any information, and instead, call the company yourself that they claim to be calling from to handle any issues there may be with an account. Financial institutions and other businesses will not ask you to divulge your password.
  3. Use strong passwords. Hackers are always after passwords whether through social engineering or other methods. Make sure yours is strong enough for them not to crack.
  4. Never plug in unknown media into your computer. There could be malware lurking on the media.
  5. Always use a comprehensive Internet Security program like Norton Security to catch what you don’t.

Protecting Passwords - The Keys to Our Digital Lives (Robert Reynolds)

The value of any single password is directly related to the number of websites and services that the password opens. Like a key on your keychain, your passwords unlock your digital life. For many of us, our key rings are a chaotic, crowded place filled with different sizes and shapes of keys; each of which accesses a different part of our life.

Take out your key ring and examine it. Think about the door each key opens and the types of things that door provides access to. Now imagine for a moment that your key ring only holds a single key. This key accesses every aspect of your life; it opens the front door to your home, provides access to your car, and is used to lock your bicycle. It opens your mailbox and provides access to the safe in your home. This key has suddenly become very valuable and you certainly don’t want to lose it or let it be stolen!

Cybercriminals are a smart bunch. Were it up to them, you would only have a single password. This single password would provide access to your social networks, personal computers, mobile devices, email accounts and financial institutions. In this world, all a cybercriminal would have to do is either steal your single password or guess it in order to gain access to EVERYTHING.

According to Microsoft, they tracked “nearly 1700 distinct website credential thefts—comprising a little more than 2.3 million credentials” in a period of about 7 months last year. They believe this number under-represents the actual number of account credential thefts that have occurred.  Credentials are stolen from businesses, websites and consumers through phishing attacks, key-logging malware and other methods.

Limiting Access To Your Accounts

While you cannot always prevent your passwords from being stolen, you can employ additional “layers” of protection that will make you less of a target and reduce the risk of your stolen passwords being successfully used by cybercriminals. Here’s how to lower the value of your password to cybercriminals:

  1. One password per site:
    If a single password is super valuable because it opens a bunch of your websites, then that same password is reduced in value when it only opens a single website. Because of this, it is really important to ensure that each password is unique to one site.
    The problem this presents is that most of us can’t remember unique passwords for every website or service we visit, so we start creating the same password each time we sign up for a new service, and, before long, our password has become an extremely valuable target for cybercriminals. The good news is that there are very competent services to solve this problem for us called password managers. These password managers, such as Norton ID Safe, will create, store and remember a unique password for each site you use on a daily basis.

  2. Create really tough-to-guess passwords:
    Even if a password only provides access to a single website or service, the information and content offered by that service can be extremely valuable (i.e. your bank). So how do you further lower the value of passwords to cybercriminals? You make it super hard to guess. The good thing about a password manager is that it can help create random, strong, difficult-to-guess passwords for you. This eliminates our desire to create something easy to remember that is based on words, numbers or personal information.

  3. Make the password, on its own, completely useless:
    One way to make your password completely useless to cybercriminals is to make it only part of the key necessary to gain access to the service. Many websites and services are now offering a secondary key that is paired with your password to gain entry. This secondary key can take the form of temporary PIN or password that is sent to your phone. If you have high-value websites or services that you use, and these sites offer a second password option (often referred to as multi-factor authentication) this option can serve to deter even the most sophisticated cybercriminals from gaining access.

  4. Never share your password:
    This one seems obvious but the truth is that we often share our passwords, sometimes without even knowing it. While most of us don’t post our passwords on social network sites, that would be crazy. But how uncommon is it to email a password to a friend, or post a password on a sticky on our computer monitor. Another, less obvious way of sharing our passwords, are when we give an application on our smart phone or mobile device, permission to access a web site or service. It is possible for these applications to store your passwords in an unsecure manner, or transmit them to the website or service in a manner that exposes them.

How Do Cybercriminals Make Money?

Since most of what we do is now online, from shopping for food to paying bills, the global economy is taking a digital shift. It’s only natural for criminals to follow suit. As criminals consider the economics of what they do, they recognize cybercrime as one of the quickest ways for them to make money. For a hacker, extortion is an easy way to monetize stolen information and provides the shortest path from cybercrime to cash. In addition to extortion, criminals can make money off of fake auctions, stealing someone’s identity, and by selling stolen information such as credit card numbers, social security numbers, even various account credentials.

In order to turn a profit, cybercriminals can use a variety of tactics. Let’s take a look at a few of the most common methods:

Ransomware and Crypto-ransomware

Ransomware is a form of malware that will lock files on a computer using encryption. Encryption converts files into another format, like a secret code and can only be decoded by a specific decryption key. Ransomware can present itself in two ways- regular ransomware, which will encrypt the whole hard drive of the computer, permanently locking the user out. Crypto-ransomware will only encrypt specific, seemingly important files on a computer such as word documents, PDFs and image files.

Once the ransomware installs itself, it will display a fake warning message, appearing to come from a government agency, notifying the user that illegal content has been found and that the computer is now locked. The user is given a specific amount to pay as a “fine” and a timeframe in which to pay. The hacker then requests that the payment be made with cryptocurrencies such as Bitcoin or MoneyPak, due to the anonymity of these payment systems. If the user does not pay, the cybercriminal will destroy the decryption key and the users’ data will be locked forever.

Social Engineering

Social engineering is a method of attack that relies heavily on human-to-human interaction. Social engineering is a component of many types of exploits that are seen on the Internet landscape today. Cybercriminals use social engineering tactics to convince people into downloading email attachments that contain malware, or to try and trick people into divulging sensitive information via phishing, email hacking, vishing and more. Because social engineering is based on the psychology of human nature and emotional reactions, a cybercriminal essentially runs a "con game," to try to gain the confidence of an individual in order to get them to disclose information. Once the cybercriminal has received the information, they can then use it to perform identity theft, credit card fraud, or they can sell that information to other cybercriminals.

So what do you do if you become a victim of cybercrime?

  • First and foremost, do not pay anyone money. While it may seem like the easiest way to deal with threats such as digital extortion, you must remember that these are criminals, and just because you pay them does not mean they will remediate the situation.
  • Report it! You can file a complaint with the Internet Crime Complaint Center (IC3), which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • Educate yourself. Knowledge is power- become familiar with the various threats on the Internet landscape. Learn about the red flags to be on the lookout for when it comes to scammers and phishing. Remember to never click on links or download attachments from unknown senders.
  • Before cybercriminals attempt to strike, it’s important to be vigilant about protecting yourself against malware and security breaches. For the best possible protection, you should add another layer of security to your devices by using a comprehensive Internet security program such as Norton Security.

What Happens When Your Identity Is Stolen?

According to the Federal Trade Commission’s 2014 Consumer Sentinel Network Data Book, identity theft once again tops consumer complaint categories in 2014. Identity theft can be committed in many ways: from non-technical methods such as stealing purses or “dumpster diving” for documents that have been thrown away that contain sensitive data; to technical methods such as deceptive phishing e-mails that include malware containing spyware or Trojan horses.

When it comes to phishing and social engineering scams, scammers use fake email addresses and websites to try to make them look like they are coming from a legitimate organization. They try to gain your trust and will then trick you into divulging personal information. Even if you don’t divulge any info, malware downloaded from clicking suspicious links, downloading fake apps or attachments, or visiting suspicious websites can still penetrate your computer and install keystroke loggers to steal data or capture account credentials as you type them.

What Happens When Your Identity Is Stolen In A Data Breach?

Although there's a lot you can do to protect your identity, some things are out of your control. Even if you've been careful with your information, and are cautious about what you click on or download, that doesn't mean your information is safe from data breaches. Cybercriminals see data breaches as a big payday, as many companies host vast amounts of data about their users online. Some of the most popular types of data breaches are from financial institutions and medical institutions.

We talk a lot about what to do in the event of a data breach, but never about what it’s really like to experience identity theft first hand. Earlier in February of 2015, there was a large-scale data breach involving a health insurance company. Shaun Harkness, who works in cyber security for a startup company, was one of the victims of the breach whose information was stolen used for fraud.

Harkness was filing his taxes online when he received a notification that the returns were denied. Because he worked in the world of cyber security, Harkness’s first thought was that, “someone had filed them for me.” He immediately called the IRS and they confirmed his suspicions.

As far as Harkness has been able to determine, it was just his taxes that were affected, but when faced with a situation like this, it can be overwhelming to try to figure out what to do. Luckily for Harkness, “The guy I was talking to from the IRS was actually really helpful, he told me all about the steps I should take.”

Harkness says that he had to file an additional form with his taxes, place a fraud alert with the 3 major credit reporting agencies, file a FTC Identity Theft Affidavit, and contact his bank and credit card companies about the breach. In addition, the IRS told him to contact the attorney general's office and file a police report.

Since Harkness works in defending his company against cyber attacks, he was not surprised by the fact that his information was used in a breach. “With all the companies we have to trust our personal data to, I figured it was only a matter of time before it was going to happen. It sucks, yeah, but there's not a lot that could have been done on my side,” he says. “There are numerous companies that we're forced to allow to have private and sensitive data about us. So many companies don't protect their data as well as they should, and there isn't nearly enough fallback on companies like that.”

Sometimes, it can take several months to discover if you're a victim of identity theft if you’re not alerted to it. During that time, thieves can plunder accounts, run up serious debt in your name or in Harkness’s case, file your tax returns in hopes of cashing in on a juicy refund.

You don’t have to end up like Harkness, however. If you find out that you have become involved in a data breach, there are many things you can do proactively to protect yourself.

  1. Regularly keep an eye on your credit report for unusual activity. Most companies that are involved in a data breach will offer free credit monitoring for the affected customers. Go to the company’s website to see if they have a plan in place to help their customers stay protected.
  2. If you do see something strange or unexpected, like a new credit line you didn't open, follow up immediately. You can also put a hold on your credit report through the major credit agencies, which will not allow any new accounts to be opened in your name.
  3. A lot of financial companies offer activity alerts, so look into your accounts and if they have them, sign up for them. If you do receive an alert that is suspicious, or your financial institution reports unusual account activity, respond as soon as possible.
  4. Use password managers like Norton Identity Safe to autofill login information, bypassing keyloggers.
  5. Transact financial business online only with secure websites with URLs that begin with "https:" or that are authenticated by companies like VeriSign.
  6. Install personal firewall, antivirus, antispyware, and antispam protection-all are available in a single security suite with Norton Internet Security.
  7. In the physical world, consider investing in a paper shredder to destroy documents with sensitive information on them, rather than just throwing them away.
  8. Finally, report the crime to the proper authorities. Notify local police and file a complaint with the Federal Trade Commission. You can also use public resources to help to recover your losses and prevent further theft. Your state's attorney general, the Federal Trade Commission, and nonprofit identity theft protection organizations can also help provide assistance.

They say that defense is the best offence, so protect your personal information closely. If cybercriminals are unable to get their hands on your sensitive data, they can't defraud you.

Brooklyn Bridge by Kevin Hayley

Two hundred years ago, selling the Brooklyn Bridge was a very profitable business venture. It could be sold over and over again. A gentleman named George C. Parker claims to have sold it, on average, twice a week.  I’m sure even then it was obvious to most people that it wasn’t his to sell, but he targeted newly arrived immigrants; those who arrived with a little money, a strong desire for success and on the look-out for a bargain.

What George C. Parker understood was the principle that some people are unwilling to believe that a good deal could be too good to be true. The idea of easy money blinds them. Parker convinced his victims that a small fortune could be made charging a toll for passage across the bridge. Many of his “marks” never learned they had been scammed until the police came to make them take down the tollbooths that they erected on the bridge.

In the cybercriminal world there are a lot of modern day George C. Parkers. They also selling things they don’t own, but, of course, today they use the Internet; specifically online auction sites and online classified ads. And while they don’t sell bridges, they do convince their victims that they are getting a great bargain. They’re not.

There are many variations, but the basic online auction scam is run something like this: The cyber-criminal posts a car for sale on an auction site or an online classified ad. The car is listed well below its market value. Victims contact the seller at a phony email address, anxious for the chance to make such a bargain purchase. George C. Parker always had a hard luck story of why he had to sell his bridge so cheaply and provided convincing paperwork that the transaction was legal and above board. Today’s scammers have their hard luck stories for selling their items at such a discount, often a scam about having to leave the country suddenly, posing as a service man about to be deployed overseas. The victim is then directed to wire their money to the conman. The car never gets delivered, because it never existed, and the victim’s money is gone.

George C. Parker was only one of many conmen selling the Brooklyn Bridge. They finally stopped the scam by warning immigrants about it as they entered the country. It’s too bad we weren’t able to warn every person about all of the scams and cons out there before they got on the Internet, but its’ never too late for any of us to become a little wiser about the scams, cons and threats awaiting us online.

Watch the documentary, “In Search Of The Most Dangerous Town On The Internet”, to learn straight from the mouths of online scammers the insidious ways that these con artists work.

The Connected Life - Just How Safe Is Convenience?

The future is finally here, and, although we don’t have robots doing our bidding for us just yet, there are a myriad of smart devices that help automate tasks, connect to cars, and even to our bodies. These gadgets are considered a part of the Internet of Things, and are focused on adding convenience to our physical lives through digital devices. Have you ever left the house and wondered if you locked the front door? Or wanted to know how many steps you took in a day? Well, with the Internet of Things, there’s an app for that! With all of this data being collected about your home, cars and bodies, security concerns are bound to come along with it.

Connecting Everything- What Are the Risks?

In order to help make daily life easier and more automated, applications work in tandem with these devices, and are designed to collect data about daily habits and usage in order to become “smart.” Considering that these applications collect data about your home, your body, and even where you go, are you aware of what the companies are doing with all of that data?

Will Price, the developer of Roomie Remote, a universal remote that connects with many connected home devices, has been fairly immersed in this new technology for quite some time. He is an early adopter of a considerable amount of these connected gadgets, and previously worked for PGP Corporation, a company that specializes in encryption, which was sold to Symantec in 2010. When asked about security concerns with his connected devices, he said, “I’m generally comfortable with the current situation.” But connected security does not come with a one-size-fits-all solution “Some of the products I use get my recommendation and have no significant security issues. Some are a bit before their time, and will likely go through several rounds of security problems,” he says.

Security Tips For Connected Devices

Since the hub for the connected device tends to be the smartphone, and the delivery system is usually via Wi-Fi, you’ll want to start with securing these items.

Secure Your Home Network:
  • Don’t use the default username and passwords on all wireless equipment and devices that connect to your network and computers.
  • Turn on Wi-Fi Protected Access (WPA), which is a security protocol that creates a secure network via encryption.
  • Turn on all firewalls on your computers and wireless router. Add an extra layer of security to your computers by using security software such as Norton Security. Your wireless network itself may be secure, but it is not secure from the various types of malware that can be transmitted to your computers via the Internet. Everything is connected.
  • Use strong and secure passwords for your wireless network.
Secure Your Smartphone:
  • Use a password on your phone to keep other users from accessing your phone in the event that it gets lost or stolen. Make sure your device auto-locks when not in use. Be sure to have an option to remotely wipe the data from your phone in the event that it is actually stolen.
  • When using your smartphone with connected devices, in order to control and protect your data being used by these apps, examine the Privacy Policy before purchasing the product. The Privacy Policy should inform you of what information the app intends to access on your phone, what data it is collecting, and what it intends to do with that information.
  • Be sure to perform regular software updates on all apps and your phone’s OS. As a result, this will patch possible security vulnerabilities that can give malware and cybercriminals access to your phone.
  • Don’t connect to unsecured, public Wi-Fi as these networks are often left open and can help facilitate Man in the Middle attacks.

What Does The Future Hold For The Internet of Things?

Considering the fact that these devices are a very new type of technology, the industry seems to be thriving, releasing new products quite frequently. According to Gartner, there will be nearly 26 billion devices on the Internet of Things by 2020. Since this industry seems to be growing fairly quickly, surely the security concerns will come into the spotlight, and as the momentum of the popularity of these devices advances, they will attract cybercriminals in droves. In the interim, you can still use these products safely as long as you implement the safeguards mentioned in this article.

Tinkode

Răzvan Manole Cernăianu

Tinkode completed his first hack at age 13 and then sharpened his skills through curiosity and ambition. He became famous through his hacking activities by penetrating Google, NASA’s Earth Observation Station, the Pentagon, the European Space Agency, the U.S. army, the U.K.’s Royal Navy, YouTube, Facebook, Sun Microsystems, and many more.

After gaining access to these organizations, Tinkode would inform the Webmaster of his breach and give them time to fix the problems before he made any information public. Little is known about Tinkode’s techniques other than that his attacks often involved the number 7.

On January 31, 2012, Tinkode was apprehended by the Romanian authority DIICOT for disrupting the information systems of the U.S. army and Pentagon. He was released April 27, 2012, and has become a top security expert in his field. He has received a Google Security Reward and is currently the COO of CyberSmartDefence.com.

Iceman

Robert Butyka

Iceman started hacking in 1998. Much of his past activities remain secret, with possible ties to Anonymous. However, in 2012, his hacking abilities made international headlines when he was charged with hacking a NASA jet propulsion laboratory, causing over $500,000 worth of damage.

He was sentenced to three years in prison for the attack and to this day claims the damage was not intentional, but was rather a byproduct of NASA’s own IT structure.

Currently, he is a penetration tester for hire and works to help companies secure their networks against cybercrime and illegal penetrations.

Guccifer

Marcel Lazăr Lehel

Guccifer created his online persona by mixing “the style of Gucci and the light of Lucifer.” For months he taunted the FBI and unmercifully hacked the email accounts of high-profile U.S. citizens including the Bush family, Hillary Clinton, the Rockefellers, Colin Powell, Hollywood celebrities, and members of the FBI and Secret Service.

At the time of his activities he was an unemployed taxi driver who used a simple desktop computer and cell phone to guess passwords and create “worms” to gain access to his victims’ accounts. An international manhunt began to uncover his true identity in early 2013. By year’s end, authorities narrowed their search to the Transylvania region of Romania where he lived, and despite his attempt to destroy his computer with an axe; Guccifer was arrested and convicted in January 2014. He is currently serving seven years in the Arad maximum-security prison, in Arad Romania, for his cybercrimes.

Kevin Haley

Global Director / Security & Response

Kevin is a global expert in the fight against cybercrime. He is responsible for ensuring the security content gathered from Symantec’s Global Intelligence Network is used to help fight complex attacks by cybercriminals. Kevin and Norton’s team of security experts stop thousands of security threats in every region of the world, every single day.