False Sense of Computer Security

A team of security analysts found that most leading anti-spyware and anti-virus software fail to detect commonly used keyloggers.


HALIFAX, August 24, 2010 /Canada NewsWire/ - Keyloggers are designed to silently record all of one's computer activity. They are commonly used for parents to monitor their children's computer activity. Now they are being used for criminal activity ranging from spying on individuals, identity theft and data theft.

The security team at SpyReveal tested the leading anti-spyware and anti-virus software against ten of the most popular keyloggers. The results were astonishing! Most of the leading security software used to combat viruses and spyware failed to detect 70% of the keyloggers. While most failed to detect any keyloggers at all, SpyReveal successfully detected all keyloggers.

Computer users are receiving a false sense of security when installing various security applications. With the explosion in online banking, the proliferation of identity theft is greater than ever. Many users install an anti-spyware solution with the expectation of being safe from identity theft. Unfortunately, they are still at an extremely high risk for identity theft and data logging.

"More and more news stories are being published of hackers who have obtained credit card records by using keyloggers", said Mr. Hankinson, SpyReveal's co-founder. "Yet, we still see major players in the security industry continue to fail at this specific type of problem."

Still don't think you or your business is at risk? Take for example Verizon's 2009 Data Breach Investigations Supplemental Report which states "Keyloggers and spyware.... played a crucial role in larger breach scenarios in which hundreds of millions of records were compromised."

"Consumers and businesses should not rely on a single solution for security. Each has a specific purpose. We want consumers to realize that even though their anti-spyware software says 'Nothing Found', that any keylogger could still be present, recording credit card information or business intellectual property," Mr. Hankinson added.

It is important for users to purchase security solutions that are designed for a dedicated purpose to receive the highest degree of protection, without being too narrow. With software like SpyReveal, you can rest assured that you are protected from most keyloggers available on the open market.

About SpyReveal

Founded in 1999, SpyReveal, has focused solely on keyloggers and other available commercial surveillance software. The product has been featured all over the world, most recently in USA Today, and is highly regarded by many security experts. For more information, please visit www.SpyReveal.com

In the US - New Scheme Uses Denial-of-Service Attacks to Access Consumer Accounts

Courtesy of Florence Klein, Founder, www.SilverPlanet.com Published August 11, 2010

By now, it's more than clear—con artists never stop coming up with new ways to separate you from your money. Here's another scam to watch out for, as detailed in the following press release from the Internet Crime Complaint Center (IC3):

Fraudulent Telephone Calls Allowing Fraudsters Access to Consumer Financial and Brokerage Accounts

The FBI Newark Division recently released a warning concerning a new scheme using telecommunications denial-of-service (TDoS) attacks.

The FBI determined fraudsters compromised victim accounts and contacted financial institutions to change victim profile information (i.e., email addresses, telephone numbers, bank account numbers).

The TDoS attacks used automated dialing programs and multiple accounts to overwhelm victims' cell phones and land lines with thousands of calls. When victims answered the calls, they heard dead air (nothing on the other end), an innocuous recorded message, an advertisement, or a telephone sex menu. Calls were typically brief but so numerous that victims changed their phone numbers to terminate the attack.

These TDoS attacks were used as a diversion to prevent financial and brokerage institutions from verifying victim account changes and transactions, thus affording fraudsters enough time to transfer funds from victim brokerage and financial accounts.

Protection from TDoS attacks and other types of fraud requires consumers to be vigilant and proactive. In Newark’s public service announcement (PSA), consumers are reminded to protect themselves as follows:
Implement security measures for all financial accounts by placing fraud alerts with the major credit bureaus if you believe they were targeted by a TDoS attack or other form of fraud.
Use strong passwords for all financial accounts, and change them regularly.
Obtain and review your annual credit report for fraudulent activity.


If you are a target of a TDoS attack, immediately contact your financial institutions, notify your telephone provider, and promptly file a report at the FBI's Internet Crime Complaint Center (IC3). The IC3 complaint database links complaints to assist in referrals to the appropriate law enforcement agency for case consideration. The complaint information is also used to identity emerging trends and patterns.

To learn more about the FBI’s role in addressing these attacks, please refer to the FBI Newark Division's PSA dated May 11, 2010.

Protect Yourself Against Mortgage Fraud

Calgary Real Estate Board offers tips to avoid becoming a scam victim


CALGARY, August 6, 2010 /Canada NewsWire/ - With the recent rise in mortgage fraud cases in Calgary, the Calgary Real Estate Board (CREB(R)) is encouraging members of the public to be informed about mortgage fraud red flags and to do their 'homework' to avoid becoming a scam victim.

"Mortgage scams are carried out in all different forms and involve a multitude of people; some who don't even know they're being taken advantage of," says Diane Scott, president of CREB(R). Participating in a scheme that requires you to provide false or misleading information to a mortgage lender is fraud, an offence under the Criminal Code of Canada. "There are two prominent kinds of mortgage fraud today: one involves scams that attempt to illegally acquire property - 'fraud for property' - and one wherein schemes are designed to squeeze money out of transactions involved when a property is exchanged between buyers - 'fraud for profit'," says Scott. "The number-one rule to remember when it comes to real estate investments or any investments ... if it sounds too good to be true, then it probably is," adds Scott.

Mortgage Fraud Processes

Straw Buyers: People who are offered money to lend their identity, and are considered phoney loan applicants. They are often offered several thousand dollars for the use of their name and good credit information. Some straw buyers may not know that their name was used on a mortgage application. Another form of mortgage fraud through the use of a straw buyer is to have someone sign documents that contain false information or information they cannot prove. For example, if you state that you will be residing in the property and you have no intention of doing so, that is considered fraud.

Property Flipping: Involves a dishonest seller who artificially inflates the value of a property. This involves fraudulent appraisals, false loan documentation and exaggerated incomes in order to secure loans. The seller inflates the price using a phoney appraisal and arranges for a buyer who can qualify for a large mortgage. Once the mortgage is delivered, the home is sold and another buyer assumes the mortgage. The phoney appraisal remains with the property through multiple transactions, making it difficult to determine the property's true worth. The end buyer is the victim. They're conned into thinking they are purchasing a sound investment property. "CREB(R) takes mortgage fraud very seriously and would, if required, cooperate with the Real Estate Council of Alberta (RECA) and law enforcement agencies to assist in any investigation related to mortgage fraud. CREB(R) is committed to ensuring its members follow the highest standards or professionalism and the REALTOR(R) code of ethics," confirms Scott.


REALTORS(R) are educated in the tell-tale signs of mortgage fraud and are trained to help identify these red flags. CREB(R) also encourages consumers to take a proactive approach and become familiar with the red flags of mortgage fraud.


Some tips for consumers include:

- Do your 'homework'! Make sure you are using a licensed mortgage broker who is registered under the Real Estate Act in Alberta. Licensed mortgage brokers are required to conform to a code of conduct enforced by RECA. Contact RECA at 403.228.2954 to ensure your broker is licensed.

- Before you buy, have a REALTOR(R) show you the listing history on the property. Check the number of sales, price ranges, and community prices.

- Get your own REALTOR(R) or independent representation for your purchase (if the seller objects, something is wrong).

- Ask your REALTOR(R) to provide you with a comparative market analysis of the property.

- Ask for a copy of the land title search.

- In addition to a comparative market analysis you may want to include, as part of your offer to purchase, the option to have the property appraised by a designated or accredited member of the Appraisal Institute of Canada.

- Make sure your deposit is being held in a trust account.

For more information about the red flags of mortgage fraud, go to RECA's website at www.reca.ca/consumers/ and search for 'mortgage fraud red flags'.

Commissioner Cavoukian launches multi-level "Think before you Copy" educational campaign in an effort to eliminate avoidable data breaches

TORONTO, August 6, 2010 /Canada NewsWire/ - Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, is urging key players in the province's health sector to join her in a multi-level education campaign aimed at preventing the far-too-frequent disclosure of unencrypted personal health information through the loss or theft of portable electronic devices such as laptops and USB keys.

This announcement comes on the heels of yet another USB key containing the unencrypted, identifiable personal health information of more than 750 patients being lost through the theft of a purse.

"These privacy breaches - which in recent years have included the loss or theft of the unencrypted personal health information of more than 100,000 patients - can and must be stopped," said the Commissioner. "Portable devices should never be loaded with unencrypted personal information. Either encrypt the information, or remove all personal identifiers from the information before loading it onto a portable device."

"Despite my issuing three health Orders and other publications addressing this issue, it is still happening. The message is obviously not getting through to all levels," said the Commissioner. "We have had cases where employees were not aware of a "must encrypt" policy."

Commissioner Cavoukian is sending letters out to all regulatory health colleges and professional associations in Ontario, stressing the need for a new awareness campaign - which she is calling Think before you Copy - and offering the assistance of her office in developing educational initiatives. The College of Nurses of Ontario has already contacted the Commissioner's office, after she publicly cited her concerns Wednesday, offering to explore how to incorporate the information into its ongoing education for its members.

"I applaud the College of Nurses for being proactive and I look forward to working with them," said Commissioner Cavoukian.

While several of the recent breaches have involved hospital staff, many different sections of the health sector have encountered problems, said the Commissioner.

"It is essential," she added, "that all health-care practitioners, their staff and other agents ask themselves one key question before copying any health information to a mobile device. Is it necessary to store personal health information on this device? If the answer is yes, then they must either encrypt the information or effectively de-identify the information by removing all personal identifiers. It's that simple. We are reaching out to the Colleges and associations for their assistance in getting this message out to the entire health sector."

Among the initial ammunition the Commissioner is considering for the Think before you Copy campaign, are:

- generating case studies or practical examples applicable to staff in the various health sectors;

- creating pertinent posters;

- producing stickers for mobile devices with a message reminding health staff to STOP, THINK, ENCRYPT;

- distributing existing guidelines as well as producing short, pertinent articles for college/association newsletters.

The Commissioner stressed that she is also looking for input from colleges and associations.

An awareness campaign and firm action are needed, said the Commissioner. She praised Dr. Bob Bell, president and CEO of the University Health Network, for his commitment to encryption to protect the personal health information of the patients of UHN's three hospitals. Bell explained this week that the hospital group "is putting USB keys across the organization that are encrypted. We told all our staff they must put patient information on an encrypted device if they need to put it on a device at all."

Commissioner Cavoukian is encouraging all health colleges and associations to contact her office "to determine how we may work together in helping you create education programs for health-care practitioners, their employees and other agents on how to minimize the threat to privacy posed by mobile devices."

The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner's mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians, in addition to educating the public about access and privacy issues.

Award winner's breakthrough efforts reveal how technology can lock-in privacy: Commissioner Ann Cavoukian

TORONTO, July 22, 2010 /Canada NewsWire/ - A major breakthrough by IBM researcher Craig Gentry has led to him being named as the winner of the 2010 Privacy Enhancing Technology Award, which was presented to him in Berlin Wednesday.

Ontario Information and Privacy Commissioner Ann Cavoukian and Microsoft are the two co-sponsors of the award, which was created in 2003 to encourage the development of technology that helps protect privacy, rather than threaten it. The winners are selected by a panel of leading technology researchers.

Commissioner Cavoukian, who has been advocating, for more than a decade, the importance of using technology to protect privacy, stressed that Gentry's breakthrough "demonstrates how technology can be an extremely effective privacy-enhancing tool."

Gentry solved a perplexing mathematical problem that has challenged researchers, ever since public-key encryption was invented several decades ago. The breakthrough, called "privacy homomorphism" or "fully homomorphic encryption," makes possible the deep and unlimited analysis of encrypted information - data that has been intentionally scrambled - without sacrificing confidentiality.

Gentry explains it much more simply, describing it as "delegating processing, without giving away access."

IBM said that potential applications for using the mathematical solution include strengthening the business model of "cloud computing" and protecting information contained in electronic medical records.

Commissioner Cavoukian applauds Mr. Gentry for his exceptional achievement!

For more information about the Privacy Enhancing Technology Awards, which are funded by Microsoft, visit http://petsymposium.org/award/

Phishing

From Wikipedia, the free encyclopedia
Not to be confused with fishing, pish, or Phish.

An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails. Also note that although the URL of the bank's webpage appears to be legitimate, it actually links to the phisher's webpage.

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.

... read more story at Wikipedia.org

Ipsos Reid survey reveals 97% of Canadians aware of identity theft

A majority believe it will happen to them at some point; few are taking proactive measures

July 14, 2010 - Protection Power

According to a new Ipsos Reid survey, almost all Canadians (97%) have heard of identity theft and 60% believe it will happen to them at some point in their lifetimes. Some 56% say they are very or extremely concerned regarding the risk of identity theft, especially in retail stores and online, but fewer (25%) recognize the risks at home and in institutional settings such as the workplace, school and the government – all of which hold large amounts of personal information.

In addition, the survey reveals that most Canadians do little to protect themselves from identity theft.

“While 72% of Canadians say they have taken steps to protect themselves, the variety of means cited as to how they are actually doing it is limited,” said Mark Wilkins, Vice-President, Ipsos Reid. “The destruction or shredding of hard copy documents is the step most often mentioned, which leaves many identity theft risks unaddressed like computer hacking, unsafe social networking or organizations losing confidential data.”

... read more story at Protection Power