Friday 27 July 2012

Technical support scam warning



After receiving a call today from a man concerned that is mother had become victim of an online scam, I did a little investigative work to check out the source of his troubles- Live-Technician.

In general, I find that if people are suspicious enough about an email/website/phone call/travelling salesman (or an offer seems too good to be true) to call the Centre in the first place, it most likely is a scam. 

But, just to confirm I first called the hotline (1-866-216-8304) and very bluntly asked them if indeed they were a scam. The operator told me that she would be able to answer my question once I gave her remote access to my computer. Politely, I declined and asked her more about her services.

She then hung up on me. 

To find out more, I looked through the website, checking out what they offer along with any other information that would lead me to know for sure whether or not they are a real company.

From the blog that was clearly inserted into Google translate to the unsecured login page and the “free” yearly service that costs $239.99, I determined that it was a scam.

This is how the scam works:

The problem starts when a victim becomes concerned about a technical problem with his or her computer-It could be anything from a printer malfunction to a blocked email address or a threat of a virus. The victim then Googles whatever their problem may be in order to find a solution. Instead, what they find is a link for technical support that claims to fix whatever problem you may have through remotely accessing your computer. 

Remote access allows the ‘support person’ to make changes on your computer- including accessing your files and downloading viruses. This tool is extremely helpful if the person is professional and trustworthy, but potentially dangerous if they have other motives.

There are several ways scams like these make money: 

1)      This “service” in particular charges over $200 to remotely access your computer one time and offers a yearly subscription for unlimited access for products that normally cost less than $50 per year.
2)      Once your computer has been remotely accessed by a fraudster, they can steal any information you have on your computer including: private work related information, banking information, passwords, photos and other information you definitely do not want accessed by a stranger.
Come to think about it… perhaps Carly Rae fell victim to one of these scams…
3)      Once the fraudster has gathered your personal information, they can make more money by selling it online to a third party.

Here are a couple ways to discover whether a website you visited is fraudulent or not:
  
  •   Google the name of the company and the tech support number- If several links come up promoting the website that are from blogs, forums or any other site that is free or easily built than it could be fake.  Try typing ‘scam’ after the name and see if anyone else has reported problems with the company.
  •    Read through the website- does it seem as though the writing was translated through an online translation tool?
  •    If there is a section of the website that requests that you log in, look at the address bar. The address should begin with ‘https’ beside a symbol of a padlock. These features indicate that it is a secured website and is safe to access.
  •   Hover over any links provided on the website. If they lead towards a social media account with no content and a few inactive followers, it could be a sign of fraud.
The risk of identity theft increases significantly when others access the information stored on your computer. Allowing someone to have remote access to your files is like giving your car keys to a stranger. Avoid this at all costs and if you ever need technical support, go through an established and reputable business.

Tuesday 17 July 2012

Facebook banking- why this may not be a good idea…


Just as I was beginning to think that Facebook had expanded into every online arena possible, the now-publicly traded internet mogul upped the ante with talk of a banking feature. 

While banks seem non-committal, yesterday American Citibank tweeted “If you could do your #banking on #Facebook - Would you? http://on.fb.me/NmwCiV”. The corresponding Facebook post elicited 100’s of ‘Likes’, suggesting the public may be all-for using Facebook as an online and mobile banking middleman. 

This new feature claims to be fun, safe and secure. Unfortunately, I have my doubts. 

While I yearn for the days that paying my landlord and increasing a line of credit will bring as much joy as looking at my friends’ baby pictures (heh), I feel as though I can adequately do both simply by pressing ‘CTRL Tab’ and typing in my bank’s address. 

My concerns are with privacy, and real (versus perceived) safety and security.  As Facebook is constantly lambasted and sued over privacy-related matters, I think we should treat it as a sneaky (albeit, attractive) neighbour and not tell it any more personal information than it needs to know. Particularly our banking information. 

Of the many reasons the two should not unite, user behaviour may be at the top of the list. And, I assume that the Facebook users’ leniency towards privacy matters won’t increase simply because they added a banking app. Instead, I fear that the safety measures that were once in place for online banking will wane. 

The behaviour of Facebook versus online banking site users varies drastically.  Facebook users tend to linger on the website for hours, leave their pages open while logged on, and often fail to adequately password-protect their account. They also accept invites from strangers and unknowingly download malware. So for these reasons alone, Facebook should not be home to banking information.  
 The behaviour of online banking website user’s, on the other hand, tends to be more secure. There are no interactions, games or links to click. Basically, online banking is so boring you do what you have to do and log out. And it should probably stay that way.

While thieves certainly can gain access to any online account (including your bank), the behaviour of users has a role in just how easy it is to do so.

Bottom line, don’t connect Facebook and online banking or my job as an advisor to those who have had their identities stolen will become a lot more demanding.

So, would you use Facebook banking?

Facebook banking- why this may not be a good idea was written by Heather. Heather is a Case Manager/ Identity Theft Advisor at CITSC and she prefers to do her banking the old fashioned way- in a bank.

Wednesday 11 July 2012

What's in a Password?


With large scale data breaches occurring on almost a weekly basis, a strong password is necessary in order to avoid having your information leaked. The trouble is that it is often difficult to remember every password for every site we join, tempting  users to opt for convenience over security and hope that a data breach will never occur. 

 Just last month the websites LinkedIn and eHarmony - among many others- suffered data breaches that compromised the accounts of millions of users. These passwords were displayed across the internet and put in the hands of hackers and any would-be identity thieves.  While the passwords were not displayed with the corresponding email address or login handle, that does not mean that your account is safe from hackers. 

The types of criminals that are interested in gaining access to your webpage are experts in their field- they can easily figure out access points using electronic password dictionaries. That means that if you choose a weak password such as 12345, pword, abc123, or a pet's name, you are putting yourself at risk of identity theft.

Basically, the weaker the password, the easier it is to break in. 

The best way to protect your account in the (seemingly inevitable) event of a data breach occurring on your favourite website is to take measures into your own keyboard and use a secure and unique password.

When choosing a password there are two things to think about:
1)      Will I remember it?
And
2)      Is my password doing what it is intended to do (keep others out)?

Both are equally important and show just how much thought is needed to go into password creation.
When choosing your online passwords consider the following coding technique:
       
 1) Think of a phrase that that corresponds to a favourite hobby, vacation spot, or life event. For example: “ I Love the Vancouver Canucks!”
2)      Now take the first letter or letters from each word and turn it into a unique code using numbers, upper and lowercase letters. If the site will allow it, you should also use special characters such as: #@!$.
For example: I love the Vancouver Canucks to  'ILTVCAN!' and finally into '1LtVc4n!' where ‘A’ was turned into ‘4’ and so on.
3)      If you have a tendency to forget your passwords, you can often choose a security question that will give you a hint as to what your password is. In this example, if you set the security question as “What is my favourite sports team?” you would have a good reminder without compromising your security.

Finally, try to use a different coded password for each site you visit. Once your password is leaked from one site, it won’t take long for an identity thief to take advantage and gain access to your other accounts.
 

 "What's in a Password?" was written by Heather. Heather is a Case Manager/Advisor at the Canadian Identity Theft Association.  Follow her on twitter @CITSC1!

Thursday 5 July 2012

Moms: When it comes to social media, exercise “Stranger Danger”!


Just last week a Facebook friend of mine gave birth to a beautiful baby boy. In no time at all, family members and friends all gathered on her wall to welcome the new addition and praise mommy’s ability to procreate such a “handsome and manly” offspring. 

While I am definitely just as guilty of participating in the internet baby ogling (I ‘liked’ and cooed at every newly-added photo), I quickly grew concerned for the security of the child. While having a first child is exciting, posting the announcement online can put the baby at risk of identity theft and jeopardize their ability to gain credit in the future.  

Not to mention how embarrassing it would be for them to grow up and realize they already have hundreds of naked photos of themselves already posted online!
 
Working at CITSC, I have come into contact with countless victims of childhood identity fraud. And unlike other forms of identity crimes, those that happen during childhood can continue for decades before discovery. Because there is usually no reason for a parent to check a child’s credit report, the crime would remain unknown until the young adult applies for a car or student loan.

With the Facebook friend I mentioned above, the subject of concern for me was simply an innocent photo taken shortly after the birth of the child. The photo was certainly not intended for anything but the announcement of the birth, yet the unintended consequences could potentially be dangerous. 

From this photo, a fraudster can extrapolate the full name of the child (both mother and father were tagged), the date of birth (Facebook conveniently time stamps pictures), the gender and the place of birth. 

With this information, the fraudster can find out the baby’s SIN and use it to apply for credit. This can allow the thief to potentially take over the child’s financial identity before they even learn how to walk. 

Unfortunately, the threat of child identity theft looms with every post and update you make about your child. The following is a list of what NOT to post on Facebook in order to protect your child from identity theft and other types of ‘stranger danger’: 

  • Try not to publish your child’s real name on your Facebook. If you would not tell it to a stranger in the grocery store, don’t post it online. Baby nicknames are cute anyway, right? 
  • Do not use the ‘check-in’ feature. Do you really want that weird guy from high school knowing where you do your laundry?
  •  Do not share any information about where the child goes to school, daycare, or even the dentist. It may seem obvious, but most parents do not do it on purpose, that information is shared in picture captions, wall posts and status updates.
-          
Because so much of our lives now revolve around our online presence, sharing images of birthdays, funny occurrences or landmark moments seems second nature. Unfortunately, these innocent actions may turn into a long-term headache. 

So moms, remember to practice what you preach: if you tell your child not to tell personal information to strangers on the playground, don’t post it for them online.

“Moms: When it comes to social media, exercise ‘Stranger Danger’” was written by Heather. Heather is a Case Manager/Advisor at the Canadian Identity Theft Support Centre. She likes Facebook, but does not like it when that weird guy from high school knows too much about her because of it.

Wednesday 4 July 2012

CITSC Official Launch!




We are pleased to announce the official launch of the Canadian Identity Theft Support Centre! After years of planning and development, the Centre is now fully operational and is currently receiving phone calls from victims across the nation.
Last week, CITSC held simultaneous launches in Vancouver and Ottawa. In Ottawa, the Privacy Commissioner of Canada, Jennifer Stoddart, delivered an insightful speech detailing the importance of keeping our private information private. In the Ottawa Citizen, Privacy Commissioner Stoddart relayed just how complicated of an issue identity theft is, stating that ‘it has no simple or single solution. We need many players working together to help Canadians”.
We agree, which is why we are working hard to create a dialogue between businesses, government bodies and consumers in order to decrease the access points where identity theft occurs. At this point there has been a significant delay in the response to identity crimes in Canada which is one of the reasons that the crime is so persistent.
The Centre is an initiative of the Canadian Identity Theft Prevention Association and the purpose is to assist Canadians in helping to solve their cases of identity theft. Advisors at the Centre directly assist the victims that call in with their problems of identity theft. Guidance is tailored to the needs of each individual caller because the severity and the type of identity theft determine the appropriate response. Our identity theft advisors are highly skilled experts in their field and
At CITSC, we believe that the greatest tool to protect Canadians from identity theft is education. Because of this, we have developed a number of tools and various types of resources to help Canadians prevent identity theft themselves. To learn more- visit our website at www.idtheftsupportcentre.org. If you are a Canadian who has become a victim of identity theft, call our toll-free hotline at 1-866-436-5461.
Keep reading our blog for updates on trends and threats to your personal information!