Over the past many years I've seen many people fall prey to Credit Card Scams over and over again in many places and at unsuspecting times.
Mostly you would have read about these scams on the Internet or heard about this in the news channels. The latest one was where some cops had their money taken by people somewhere else and it was all due to the fact that they had given out their Credit Card or Debit Card number and the number at the back of the card.
IMPORTANT:
1. Never ever give out your card details on shady websites where you have some doubt or the website does not look legitimate There are many ways to find this out, but the most simple way to look at it is just by looking at the Unified Resource Locator (URL) in the address bar of the browser.
2. While doing online transactions check the URL and then only think about giving the details. Even if it is a legitimate website just double-check to be sure.
3. If want to purchase something online, do it mostly through Internet banking as it would be safe.
4. Use the option of Cash-on-Delivery, as it would avoid giving out your card details even if it means paying a little extra in the way of transportation costs or courier charges.
5. In any condition, do not, and I repeat, do not give out your CVV number to unknown people or fill in shady websites. With CVV number and your Credit Card details money can be withdrawn and products can be purchased online using your Credit Card details.
[ABOUT: Devesh Prabhu is an avid blogger and has been blogging posts and rants on many subjects through his various blogs. He has been associated with the blogosphere for the past 8/9 years and inadvertently left the blogging scene albeit to concentrate on his personal life, but his desire to be among his readers brought him back.]
[NOTE: The article "[AVOID] HOW-To Avoid Credit Card Scams [TIPS]" first appeared on the Komputer Knowledge Blog.
[DISCLAIMER: All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. These terms and conditions of use are subject to change at anytime and without notice.]
Showing posts with label Spyware. Show all posts
Showing posts with label Spyware. Show all posts
Sunday, September 1, 2013
Tuesday, August 20, 2013
[PC Basics] Where You'll Get Hacked: Common Mistakes, and How to Prevent It [INFOGRAPHIC]
Where You'll Get Hacked: Common Mistakes, and How to Prevent It
[Devesh Prabhu is an avid blogger and has been blogging posts and rants on many subjects through his various blogs. He has been associated with the blogosphere for the past 8/9 years and inadvertently left the blogging scene albeit to concentrate on his personal life, but his desire to be among his readers brought him back.]
[NOTE: The article "[PC Basics] Where You'll Get Hacked: Common Mistakes, and How to Prevent It [INFOGRAPHIC]" first appeared on the Komputer Knowledge Blog.
[DISCLAIMER: All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. These terms and conditions of use are subject to change at anytime and without notice.]
Thursday, July 25, 2013
What to Do After You’ve Been Hacked
Evernote became the latest member of the “we’ve been hacked” club. And the thing is, what was once a pretty exclusive club now lets just about everyone in these days. I’m a member too. And as I discovered when I was hacked last year, my experience was distressingly commonplace. And yet while being hacked may be increasingly familiar, it isn’t getting any less stressful or confusing. It’s hard to know what to do, or where to begin, immediately afterward.
Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start.
Ask Yourself Why
While you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached.
While you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. An attacker may even be trying to gain access to your business. Knowing why you were targeted can also sometimes help you understand how you were breached.
Reset Your Passwords
Immediately change the password on the affected service, and any others that use the same or similar password. And, really, don’t reuse passwords. You should be changing your passwords periodically anyway as a part of routine maintenance. But if you’ve just been hacked, it’s now more urgent. This is especially true if you reuse passwords, or use schemes that result in similar passwords (like 123Facebook, 123Linkedin, 123Google).
Immediately change the password on the affected service, and any others that use the same or similar password. And, really, don’t reuse passwords. You should be changing your passwords periodically anyway as a part of routine maintenance. But if you’ve just been hacked, it’s now more urgent. This is especially true if you reuse passwords, or use schemes that result in similar passwords (like 123Facebook, 123Linkedin, 123Google).
“Password reuse is one of the great evils and its very hard to prevent,” says PayPal’s principal scientist for consumer security Markus Jakobsson. Sites can set up password requirements — for example a character length or that a password include symbols and numbers — but they cannot force people into not reusing the same or similar passwords. “It’s very common for people to use similar or the same password but it’s very rare for people to realize that it creates a liability for them to do it and that they need to change their password after they’ve been hacked.”
Update and Scan
There’s a possibility that the attacker got in via your machine. Almost all malware is installed by victims themselves, if unknowingly. And if something nasty is on your computer, you need to get it off before you start a recovery process. Make sure you are running the most recent version of your operating system. Download a solid anti-virus product and run a scan for malware and viruses that may have been the source of the attack. This is the most basic thing you can do, so do it now. And moreover, use a brand-name commercial program that you pay for.
There’s a possibility that the attacker got in via your machine. Almost all malware is installed by victims themselves, if unknowingly. And if something nasty is on your computer, you need to get it off before you start a recovery process. Make sure you are running the most recent version of your operating system. Download a solid anti-virus product and run a scan for malware and viruses that may have been the source of the attack. This is the most basic thing you can do, so do it now. And moreover, use a brand-name commercial program that you pay for.
“Malware antivirus software isn’t perfect — they have a hit ratio of 50 to 75 percent and can miss almost as much as they find, but it’s better than nothing,” explains Jakobsson. And why should you pay for it? “Most people who search for ‘free antivirus’ end up installing malware.”
Take Back Your Account
Most of the major online services have tools in place to help you get your account back after it has been taken over by someone else. Here’s how to do that on Apple, Facebook, Google, Microsoft,Twitter and Yahoo. Typically, you’re going to need to be able to answer some questions about your account. Facebook has a novel method that relies on friend verification. Are you using a service not listed here? Typically you can find your way back in by searching for its name plus “account recovery.”
Most of the major online services have tools in place to help you get your account back after it has been taken over by someone else. Here’s how to do that on Apple, Facebook, Google, Microsoft,Twitter and Yahoo. Typically, you’re going to need to be able to answer some questions about your account. Facebook has a novel method that relies on friend verification. Are you using a service not listed here? Typically you can find your way back in by searching for its name plus “account recovery.”
Check for Backdoors
Smart hackers won’t just get into your account, they’ll also set up tools to make sure they can get back in once you’ve gotten them out. Once you have your accounts back, you should immediately make sure there isn’t a back door somewhere designed to let an attacker back in. Check your e-mail rules and filters to make sure nothing is getting forwarded to another account without your knowledge. See if the answers to your security questions were changed, or if those questions themselves have changed.
Smart hackers won’t just get into your account, they’ll also set up tools to make sure they can get back in once you’ve gotten them out. Once you have your accounts back, you should immediately make sure there isn’t a back door somewhere designed to let an attacker back in. Check your e-mail rules and filters to make sure nothing is getting forwarded to another account without your knowledge. See if the answers to your security questions were changed, or if those questions themselves have changed.
Follow the Money
If there is an element of commerce involved in the affected account, thoroughly review any activity on that account. Verify that no new shipping addresses have been set up on your account, no new payment methods have been added, or new accounts linked. This is especially true of sites that let you make one-click purchases, or issue payment cards.
If there is an element of commerce involved in the affected account, thoroughly review any activity on that account. Verify that no new shipping addresses have been set up on your account, no new payment methods have been added, or new accounts linked. This is especially true of sites that let you make one-click purchases, or issue payment cards.
“Attackers do things for a reason,” says Jakobsson. “If we are talking about attacking your Bank of America account or PayPal the reason is obvious: They want your money. What criminals will often want to do is hook up a debit card to your account. If they add an address and then request a financial instrument, that is a way for them to monetize.”
Perform a Security Audit on All Your Affected Accounts
Often, one account is simply used as a gateway to another. Your Dropbox account may only be a means to get at something stored there. Your e-mail might only be a path to your online banking. Not only do you need to secure the account you know was hacked, but you need to check all the others it touches as well. Reset your passwords on those services, and treat them as if they have been compromised.
Often, one account is simply used as a gateway to another. Your Dropbox account may only be a means to get at something stored there. Your e-mail might only be a path to your online banking. Not only do you need to secure the account you know was hacked, but you need to check all the others it touches as well. Reset your passwords on those services, and treat them as if they have been compromised.
De-Authorize All Those Apps
This is one of those non-obvious but important steps. One of the first things you should probably do if you’ve had an account compromise is de-authorize all the associated apps that use that account for login or for its social graph. For example, Google, Twitter, Facebook, Dropbox and many others support OAuth, which enables third party apps to use account APIs without having to give them the account login information. But if a hacker has used it to authorize another device or service, and remains logged in there, simply changing your password won’t get them out. There could be a rogue client out there that you remain unaware of even after regaining access to your account. The best bet is to pull the plug on everything you’ve given access to. are on Google, Facebook and Twitter. It may be a pain to go back through and re-authorize them, but it’s less so than leaving a malicious individual lurking in your account. And in any case, doing so periodically is just good hygene.
This is one of those non-obvious but important steps. One of the first things you should probably do if you’ve had an account compromise is de-authorize all the associated apps that use that account for login or for its social graph. For example, Google, Twitter, Facebook, Dropbox and many others support OAuth, which enables third party apps to use account APIs without having to give them the account login information. But if a hacker has used it to authorize another device or service, and remains logged in there, simply changing your password won’t get them out. There could be a rogue client out there that you remain unaware of even after regaining access to your account. The best bet is to pull the plug on everything you’ve given access to. are on Google, Facebook and Twitter. It may be a pain to go back through and re-authorize them, but it’s less so than leaving a malicious individual lurking in your account. And in any case, doing so periodically is just good hygene.
Lock Down Your Credit
It’s bad enough you had your email hacked, but you really don’t want your identity stolen as a result. Services like LifeLock will do this for you for a fee, but you can also do it yourself by contacting the three major credit reporting agencies directly. Depending on the state you live in, locking down your credit might be free, provided you’ve filed a police report.
It’s bad enough you had your email hacked, but you really don’t want your identity stolen as a result. Services like LifeLock will do this for you for a fee, but you can also do it yourself by contacting the three major credit reporting agencies directly. Depending on the state you live in, locking down your credit might be free, provided you’ve filed a police report.
Speak Out
“Say that your Facebook account gets hacked,” says Jakobsson, “there’s a good chance you won’t lose any money, but your friends might.” The mugged-in-London scam works by hijacking your identity to contact friends to request money. It’s also true, though less commonly so, on AIM and Google Talk and other services. There may also be data that you need to let others’ know has been accessed–from financial matters to sensitive personal information.
“Say that your Facebook account gets hacked,” says Jakobsson, “there’s a good chance you won’t lose any money, but your friends might.” The mugged-in-London scam works by hijacking your identity to contact friends to request money. It’s also true, though less commonly so, on AIM and Google Talk and other services. There may also be data that you need to let others’ know has been accessed–from financial matters to sensitive personal information.
But there’s another reason to do this too, and it’s the same reason for this very article, which is to raise awareness. The best tactic of all is to do everything in your power to not be hacked: to run up to date software, use good password hygiene, and make backups of everything in your system.
“This is an amazing opportunity to educate people,” says Jakobsson. “”When you say, ‘wow, it could happen to him; it could happen to me,’ that’s when you change.”
Via: http://www.wired.com/gadgetlab/2013/03/what-to-do-after-youve-been-hacked/
Sunday, August 16, 2009
Sunday, May 3, 2009
Keep Your Passwords Secret On A Public Computer
Has anyone ever told you before that it is risky to use a public computer? The main reason for this is because there could be Keylogger software or Spyware installed in the public terminal that can capture your user name and password when you type on the keyboard. Can you imagine your Email/Bank/Paypal password being stolen? What loss would it cause to you?
KYPS is a Web service that allows you to log into your account from a public computer without disclosing your password to that computer. The way KYPS works is very simple: You register your website (be it an email account or any login site) with the KYPS server. Based on the username and password that you have provided, KYPS will encrypt the password and generate a list of one-time codes that you can use to login to your account.
Everytime you want to login to your site, KYPS will prompt you to enter the code from a certain pad. It will then decrypt the code, rebuild the password and auto-login to your site. After that, that particular code will be rendered useless. Even if there is a keylogger software that logs the one-time code, it won’t be able to login to your site. The image below show a graphical explanation of the whole process.
When you first use KYPS, you are required to register your login account with them. During the registration, you are asked to enter your username and password. From here, you can choose how many one-time codes you want to generate. The more codes you generate, the more times you can login to your site without using the actual password.
Once you have submitted the registration, it will prompt you to download a PDF file that contains your list of one-time codes. This is what it will look like:
The number on the left of each column is the pad while the string of characters on the right is the one-time code. Whenever you want to login to your site, KYPS will ask you to enter the code with number XXX. You just match the number to your list, enter the corresponding code and you will be securely logged in to your site.
In case you are worrying that KYPS is a phishing site that is out to collect your password, you can be assured that the password you have entered is not stored in the database. It is only used to generate the one-time codes and will be deleted after that.
If you are still not convinced, you can leave out the password field when registering your site. KYPS will then bring you to another site where you can disconnect your computer from the network and use the java applet to generate the one-time code.
Apart from logging you into your account, KYPS also acts as a reverse proxy that you can use to hide your online trace. All of the website is delivered with the “https” protocol and the URL does not contain the original link of the webpage. In this way, your privacy is protected and you don’t have to worry about other people finding out which sites you have been to.
KYPS may not be the only way to fight against keyloggers, but it is definitely one good way that anyone can use to protect themselves. The only troublesome thing is that you have to pre-register your login accounts with KYPS on a keylogger-free/spyware-free computer before you can use the service on a public computer. If you have the sudden urge to log into an account that you did not register with KYPS, you have to subject yourself to the same risk as others.
In addition, if you have plenty of accounts, the generated codes will form quite a huge list (imagine 200 codes for each account). If you mind carrying a huge list of codes everywhere you go, then KYPS might not be suitable for you.
KYPS is a Web service that allows you to log into your account from a public computer without disclosing your password to that computer. The way KYPS works is very simple: You register your website (be it an email account or any login site) with the KYPS server. Based on the username and password that you have provided, KYPS will encrypt the password and generate a list of one-time codes that you can use to login to your account.
Everytime you want to login to your site, KYPS will prompt you to enter the code from a certain pad. It will then decrypt the code, rebuild the password and auto-login to your site. After that, that particular code will be rendered useless. Even if there is a keylogger software that logs the one-time code, it won’t be able to login to your site. The image below show a graphical explanation of the whole process.
When you first use KYPS, you are required to register your login account with them. During the registration, you are asked to enter your username and password. From here, you can choose how many one-time codes you want to generate. The more codes you generate, the more times you can login to your site without using the actual password.
Once you have submitted the registration, it will prompt you to download a PDF file that contains your list of one-time codes. This is what it will look like:
The number on the left of each column is the pad while the string of characters on the right is the one-time code. Whenever you want to login to your site, KYPS will ask you to enter the code with number XXX. You just match the number to your list, enter the corresponding code and you will be securely logged in to your site.
In case you are worrying that KYPS is a phishing site that is out to collect your password, you can be assured that the password you have entered is not stored in the database. It is only used to generate the one-time codes and will be deleted after that.
If you are still not convinced, you can leave out the password field when registering your site. KYPS will then bring you to another site where you can disconnect your computer from the network and use the java applet to generate the one-time code.
Apart from logging you into your account, KYPS also acts as a reverse proxy that you can use to hide your online trace. All of the website is delivered with the “https” protocol and the URL does not contain the original link of the webpage. In this way, your privacy is protected and you don’t have to worry about other people finding out which sites you have been to.
KYPS may not be the only way to fight against keyloggers, but it is definitely one good way that anyone can use to protect themselves. The only troublesome thing is that you have to pre-register your login accounts with KYPS on a keylogger-free/spyware-free computer before you can use the service on a public computer. If you have the sudden urge to log into an account that you did not register with KYPS, you have to subject yourself to the same risk as others.
In addition, if you have plenty of accounts, the generated codes will form quite a huge list (imagine 200 codes for each account). If you mind carrying a huge list of codes everywhere you go, then KYPS might not be suitable for you.
Subscribe to:
Posts (Atom)
