|Mon Nov 26 2012 21:24:19|
Cyber Scams Target Holiday Shoppers, Mobile Users
By: Ina Steiner
The FBI tweeted a reminder to beware of cyber criminals while holiday shopping. "Scammers use many techniques to fool potential victims," the law enforcement agency said on the FBI website.
Scams include fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, and the sale of fraudulent or stolen gift cards through auction sites at discounted prices. Phishing emails advertise brand name merchandise for bargain prices, and emails promote the sale of merchandise that ends up being counterfeit.
While legitimate retailers are running many "one day only" promotions for Black Friday and Cyber Monday, the FBI said fraudsters often use the hot items of the season to lure bargain hunters into providing credit card information. And, "along with online shopping comes the growth of consumers utilizing social networking sites and mobile phones to satisfy their shopping needs more easily. Again, consumers are encouraged to beware of emails, text messages, or postings that may lead to fraudulent sites offering bargains on brand name products."
As more people use mobile devices to shop online this holiday season - PayPal saw a 193% percent increase in mobile payment volume on Black Friday - scammers are targeting mobile shoppers as well.
The FBI said scammers are using malware to attack mobile devices using various methods to lure victims, including a work-at-home opportunity that promises a profitable payday just for sending out email. "A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."
The FBI provided the following safety tips to protect mobile devices:
- When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
- Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.
- With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
- Review and understand the permissions you are giving when you download applications.
- Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
- Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
- Be aware of applications that enable geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
- Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.
- Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
- If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
- Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
- Avoid clicking on or otherwise downloading software or links from unknown sources.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
Scammers are even sending phishing emails that appear to be from the FBI itself, which says using its name helps intimidate and convince recipients the emails are legitimate. However, it says, "The FBI does not send out emails soliciting personal information from citizens."
It's a good reminder to be careful, particularly this time of year. As the FBI says, "Remember if it looks too good to be true, it probably is."