SCAMSTERS INC.

The festive season is here and hectic shopping has begun over the Internet, downturn notwithstanding. A recently released trend shows that Bangaloreans rank fourth in online shopping with USB drives, music players and Indian stamps being the favourites.

Before you fish out your credit card for making those purchase, Express takes you through some incidents when people got phished.

I f you plan to book your tickets online for your holiday travel plans, a word of caution. Recently, a senior manager of a reputed company was duped of Rs 21,920. He had booked a train ticket costing less than Rs 500 online. Two days later, his credit card statement showed that he had exceeded his credit limit.

Worried, he called the bank with which he had the account, only to be informed that someone had misused his credit card and made a purchase worth Rs 21,920. An industry report says that online travel booking is the leader, with a Rs 7,000-crore market size. The McAfee holiday shopping survey found that 53 percent of consumers admit they use the same password for multiple websites or online services. Consumers need to know that free and low-cost tools exist that make it easy for predators to guess passwords and hack into users’ PCs, McAfee advises.

Attackers can also jump on an unsecured wireless Internet connection with a program called a packet sniffer to see what website users are visiting, the passwords they are using, and what bank accounts they are accessing.

Most people never consider the dangers of e-cards. For example, a scam that was popular last New Year was the e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious website that attempted to download a Trojan software.

According to the Telecom Regulatory Authority of India, there has been a 100 per cent rise in the number of broadband subscribers between October 2007 and October 2008. India added more than 100,000 users in October 2008 alone.

Cyber law expert B A Mahesh, said, “There are many Acts under the IPC which can address frauds and thefts, however the jurisdiction plays an important role since most Internet offenders are based overseas. It is also a good idea to be on the lookout.’’

Source:ExpressBuzz

Bad Santas are making their lists and checking them twice, gearing up to rip off consumers online with common scams that take the happy out of the holidays. McAfee reveals their dirty tricks to educate the millions of consumers worldwide who want to enjoy safe shopping this holiday season.

1. Charity Phishing Scams
Many popular charitable organizations encourage consumers to think of others during the holiday season through emails asking for year-end donations. In fact, according to McAfee's recent holiday survey, almost 30 percent of US consumers plan to donate online this year. Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails.

Here's how it works: The hackers send fictional emails that appear to be from well known charitable organizations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money. The Web sites are generally very professional with a fairly high amount of graphical content and a good amount of verbiage designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity Web sites with simply a name and a logo changed.

To determine if an organization's site is legitimate, go directly to their Web site to donate. Don't ever click on a link sent in email.

2. Email Banking Scams
The current economic climate is not only forcing over 95 percent of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of our bank account balance concerns to bah-humbug the holidays with another common phishing scam. Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, 92% to 94 percent of all phish scams were financial-services related.

With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don't comply with the instructions, their account will become invalid.

So, remember, call your bank by telephone if you're concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.

3. Holiday e-cards
Most people never consider the dangers of e-cards, but unfortunately, there are plenty of dangers, especially during the holiday season. For example, a scam that was popular in 2007, was a New Year's e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious Web site that attempted to download Trojan software.

Here's another tricky example: Scammers may send you an e-card that appears as if it's coming from Hallmark asking you to download an attachment to pick up your e-card. However, the attachment isn't really an e-card, it's a Trojan. This particular Trojan then waits for you to sign onto AOL. If and when you do, it displays a pop-up window that looks like an AOL form, but asks you to verify/update your AOL billing info by providing your credit card, checking account info, and Social Security number.

A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking URLS. Remember, if in any doubt about the legitimacy of an e-card, don't open it. Never click on anything from an unknown source.

4. Fake Invoices
During the holidays, lots of friends and families order and send gifts online. This is no secret to stealthy Scrooges who try to trick consumers into giving away personal financial details through fraud invoices.

Here's how this scam works: The bad guys create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment there are a few variations of, the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.

In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.

Pretty tricky, huh? This kind of scam has been played on many consumers who believed they were receiving emails from FedEx, UPS or the US Customs Service but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.

To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Web site. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment.

5. You've got a new friend!
As the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, "You've got a new friend!" when using popular social networking sites.

Sadly, in some cases, after clicking on the notice, you NOT only do not have a new friend, you have downloaded malicious software that you can't even detect. Of course, it's designed to steal personal and financial information. Stay away from "friends" you don't know.

6. Dangerous Holiday-related Search Terms
We love Santa too, but when clicking on the results of a "free Santa download" search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.

In fact, McAfee's free and award-winning safe search tool, McAfee® SiteAdvisor® software, found that all of the following holiday-related search terms are risky:

• Free Santa holiday screensaver
• Free holiday screensaver
• Free Christmas screensaver
• Free holiday downloads
• Christmas tree download
• Free Christmas wallpaper
• Santa wallpaper
• Santa screensaver
• Santa ringtones
• Santa mail download
• Santa download
• Santa music downloads

When searching for fun holiday-themed downloads, make sure your holiday searches are guided by McAfee SiteAdvisor software– the simple green, yellow and red rating system will help you avoid any unwanted gifts you may get along with your Christmas downloads.

7. Coffee Shop Cybercriminal
While everyone enjoys a warm gingerbread latte while surfing the Net at their local coffee shop, most are not aware of the dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless Internet connection with a program called a packet sniffer to see what Web sites users are visiting, the passwords they are using, and what bank accounts they are accessing.

Also, an attacker might set up a rogue wireless access point nearby a coffeehouse. If somebody unwittingly connects to the attacker's network, the miscreant can watch just about everything that goes on while that connection is in use and can redirect traffic, sending the unknowing user to the dark alleys of the Internet.

McAfee advises consumers to make sure they have updated security software including a firewall, they've updated the patches on their system, and most importantly, they check bank accounts and shop online from a known, secure wireless Internet connection.

8. Password Stealers
The McAfee holiday shopping survey found that 53 percent of consumers admit they use the same password for multiple Web sites or online services. Consumers need to know that free and low-cost tools exist that make it easy for bad guys to guess passwords and hack into users' PCs. That's a holiday visit no one wants.

McAfee Avert Labs found that attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites.

As tricky as getting malware that's delivered invisibly via spam, consumers could get a password stealer downloaded to their PC without even knowing it.

By using the same password, an attacker only has to nab one password to hit all of a user's accounts. So this holiday season, be sure you use have an updated comprehensive security software suite to help prevent access to password-stealing malware. This includes anti-virus, anti-spyware and a two-way firewall. Remember to check to make sure your subscription software is current – and not just trial software that might be expired.

In addition, create complex passwords such as: $aNt@IsRe@l or H@PPyH0l!d@y$.

9. Fraud via auction sites
As nearly 40 percent of American consumers are expected to visit auction sites to find gifts this holiday season, shoppers must be aware of scammers who will use the increased activity of the holiday season to prey upon new victims. Be sure to read the security and safety policies from such sites as eBay, You'll learn how to protect your account and buy safely.

eBay's Online Safety Advisor, Rich LaMagna, recommends the following:
* Use your common sense. If an item looks too good to be true, it probably is.
* Carefully review the seller's ratings and feedback to be sure that he or she has a positive rating. Learn more about the item before bidding on it by carefully reading all of the information in the item listing, including the seller's policies.
* Pay with a safe payment method such as PayPal or your credit card. These methods offer the most protection for buyers should something go wrong with the transaction. To learn more about eBay's Buyer Protection Program, click here.

10. Holiday-themed email attachments and spam
The bad guys know that emails with holiday-inspired subject lines are intriguing to most consumers. The recent McAfee holiday survey found that 49 percent of consumers have opened or would open an email with a holiday themed attachment.

Consumers should beware of emails that prey upon their holiday spirit, inviting them to look at homes bedecked with lights or PowerPoint presentations with vague holiday-related subjects. For example, last year an email made the rounds with a Microsoft PowerPoint called "Christmas Blessings" that contained malicious software.

Some examples of subject lines bad guys use to lure consumers into opening a friendly-looking email are "happy 2008 to you!", "happy 2008!" and "new hope and new beginning". Be wary when you see these titles and don't open attachments with odd-looking URLs.

11. Online identity theft
Online shopping offers the 3 Cs: cost, convenience and choice, but there's one more we learned about from the McAfee Shopping Survey: Concern.

Ninty percent of consumers have some level of concern about shopping online. Unsure of where to shop, they rely on friends and family to determine the safety of a Web site, but friends can only advise on personal experiences, and some sites may have security issues that aren't readily apparent.

For example, sites that store your personal information can be vulnerable to cybercriminals who hack in to steal your identity. In fact, research shows that as many as 80 percent of Web sites have known vulnerabilities.

McAfee can help. The McAfee SECURE trust mark appears on more than 80,000 sites that pass daily testing for more than 10,000 known hacker vulnerabilities. Your personal information is safer on sites tested by McAfee SECURE because daily scanning for known threats can prevent Web sites from falling prey to the vast majority of hacker crime. Only valid sites that pass the McAfee SECURE service of daily testing can display the trustmark.

12. Laptop Theft
And the last way the bad guys can take the merry out of your Christmas is by outright stealing your laptop! According to the FBI's State of the Net Report (2007), chances of having a laptop stolen are 1 in 10, and according to the research firm Gartner, 97 percent of laptops are never recovered.

While you are out enjoying the festivities of the season, make sure to be particularly vigilant at this time of year and never leave your laptop in sight in your car.


Written by Courtesy of McAfee

Several city colleges have beefed up security and decided to introduce fool-proof identity cards for students in the wake of last week’s Terror attacks. The move comes after reports revealed that the gunmen had fake I-cards belonging to a reputed Bangalore college.

Pointing at the need for cards, which will remain exclusive to each student as long as they are in the campus, K G Narayankhedkar, Principal,Veermata Jijabai Technological Institute, Dadar said, “We have always had specially laminated cards with barcodes and photo identity. But from next academic year we want to devise smart cards that will be impossible to replicate. This smart card will be multipurpose acting as an attendance card, a library card and will be for every other college use.”

Pradeep Abhyankar registrar, Wilson College added that like every other college, his college has also discussed several security measures. “First of all we are going to adhere to strict surveillance measures. Anyway, our security guards usually know most of the students. If any student looks suspect, we will check him/her thoroughly.”

Abhyankar said that their college ID-cards have always been printed with security concerns in mind. “We print the cards in-house for utmost safety.” He said that printers also follow strict security measures while printing cards. Even as the city colleges are taking all the precautionary measures to ensure that there is no security lapse, those in Central and suburban Mumbai are not lagging behind either.

Dr Suhas Pednekar, Principal, Ruia College, Matunga, said, “Our I-cards have barcodes but we don’t have barcode reading machines in the college, so far. The machines are usually temporarily installed during college gathering when a large crowds are present. But after what happened last week, we are planning to install machines in the college campus.”

“We have all decided to keep an eye on the activities in the college campus to bar any untoward activity. Not just suspicious visitors but we are also keeping a watch on any baggage brought into the college or stored in the campus,” said Pednekar.

Pednekar said, “Even students have become very aware of safety matters now. Earlier, they used to carry their I-Cards in their pockets. Now, they hang it around their necks for as long as they are in the campus.”

Father Frazer Mascarhanas, Principal, St Xaviers’ college, Fort, is confident that his college security is already foolproof. “For the past three years, we have had our own I-card printed directly on plastic. We don’t outsource printing for security reasons. Besides we also have very strict security features and are sure no fraud can take place,” he said.

Source:Indian Express

How murky can land deals get? Here is an example where all winds have been thrown to winds. A 20-acre agricultural land in Devanahalli had been registered for Rs 25.11 crore in the name of one K Mangilal from Rajasthan. Even khata and other documents have been issued to him.

The whole deal contravenes clause 79 (A) and (B) of the Land Reforms Act, which specifies that agricultural land can be purchased by an agriculturist only and his annual income should not exceed Rs 2 lakh. The measure was created to ensure that small land holders do not lose out to larger land sharks. But no one in the Revenue Department seems to have bothered with the antecedents of Mangilal. Even necessary documents have not been collected while issuing katha. The source of income also was not collected while registering the deal.

After failing to find answers to these questions, one Bhaskar applied for information under RTI to Devanahalli tahsildar Sampath Kumar. But the information has not been supplied and the issue is before the State Information Commission.

Source:Deccan Herald

The burgeoning growth of e-commerce has spawned an online underground economy where cyber-criminals thrive by siphoning off goods and services worth millions of dollars with credit card information, a report by global security solutions provider Symantec reveals.The worldwide report, based on a year-long study conducted by Symantec’s security technology and response division in 2007-08, warns netizens of shopping online using credit cards without verifying the authenticity of sellers and their advertisers.

“Cyber criminals have turned the underground economy into a global market with the supply and demand pressures and responses similar to any other economy,” Symantec India’s vice-president of product operations, Shantanu Ghosh, told IANS from Pune.

The report estimates the value of goods and services marketed worldwide using underground economy servers and channels to be $276 million during the 12-month period.

The value was determined by using the advertised prices of goods and services and measured how much advertisers will make if they liquidated their inventory.

Cyber-crime is committed using a computer, network or hardware device as an agent or facilitator of the crime or even a target of the crime.

“People associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments or even stealing house titles,” Ghosh said.

Prowling over unsecured networks and web sites, cyber-criminals dupe gullible e-consumers to place orders for goods or services only to access their credit card information and other personal data through phishing.

Phishing is an e-mail fraud in which a perpetrator sends out a legitimate-looking e-mail in an attempt to gather personal and financial information from recipients. Typically, such messages come from well-known and trustworthy web sites.

Phishers use a number of social engineering and e-mail spoofing ploys to trick their potential victims.

“Sellers post samples of goods in the channels on underground economy servers to prove they have the goods, to show potential buyers the quality of goods and to allow users to validate the information. Such fancy online advertising and promotion makes the uninitiated e-shopper go for the bait without realising that the channel is a booby trap,” Ghosh said.

To collect data, Symantec monitored 44,752 samples of sensitive information posted during the reporting period on underground economy servers, accounting for 10 percent of the total distinct messages.

The report details an online underground economy that has matured into an efficient global marketplace in which stolen goods and fraud-related services are regularly bought and sold and where the estimated value of goods offered by individual traders is valued in millions of dollars.

“As evident from the report, cyber-criminals are thriving on information gathered slyly from consumers and businesses by devising tools and techniques to defraud legitimate users the world over. Protection and mitigation against such fraudulent attacks should be given top priority, individually as well as collectively,” Ghosh said.

The study found credit card information to be the most advertised category of goods and services in the underground economy, accounting for 31 percent of the total.

“Stolen credit card numbers sell for as little as $0.10 (ten cents) to $25 per card, while the average advertised stolen credit card limit is about $4,000. The potential value of all credit cards advertised during the reporting period was $5.3 billion,” the study mentioned.

Since credit cards are mostly used for online shopping, personal information, including numbers, become vulnerable to access by cyber-criminals lurking behind channels and servers of the underground economy.

The second category of goods and services advertised is financial accounts at 20 percent of the total. Stolen bank account information is sold for anywhere between $10 and $1,000, while the average advertised stolen bank account balance is about $40,000.

The popularity of financial account information is due to its potential for high payouts and the speed at which payouts can be made. In one case, financial accounts were cashed out online to untraceable locations in less than 15 minutes, the study found.

“The underground economy is geographically spread, generating revenue for cyber-criminals who are either smart individuals or organised and sophisticated groups,” Ghosh said.

The report found that North America hosted the largest number of underground economy servers, accounting for 45 percent of the total, followed by Europe/Middle East/Africa (EMEA) 38 percent, Asia-Pacific-Japan (A-PJ) 12 percent and Latin America five percent.

“The geographical locations of underground economy servers are constantly changed to evade detection. No wonder, cyber-criminals are flourishing on information gathered fraudulently from e-consumers and businesses,” Ghosh said.


Source:Thaindian

The Department of Local Government has reportedly shown an unusual haste in disposing of a case pertaining to a recruitment scam that surfaced in the Kharar Municipal Council (MC) earlier this year. The department’s decision to close the case file by withdrawing a thorough probe ordered earlier to fix the responsibilities of those involved in the nexus has raised many eyebrows.

Several appointments were allegedly made at the Kharar MC, throwing norms and conditions to the winds. Certain officials had allegedly appointed their near and dear ones on different posts in an “illegal” and “wrong” manner.

The scam came to light when one such appointee approached the Punjab and Haryana High Court. In her petition, Jiwan Lata, a resident of Kharar, sought the release of her salary, pension and other retirement benefits after 16 years of service, for which she claimed to have been paid only Rs 106.45.

When the court sought a reply from former Kharar MC executive officer (EO) S K Gulati, he submitted that Lata had actually worked for four days only, after which she had taken voluntary retirement. He brought to the court’s notice how Lata and others were recruited by his predecessors in an “irregular” and “illegal” manner.

Gulati said all such appointments had been cancelled soon after the alleged irregularities came to the notice of senior officials. The appointees were duly paid their dues, he told the court. Gulati said Lata had concealed this fact from the HC that she was the wife of Tarsem Lal Sharma, who was working as an accountant in the MC at the time of her appointment. Among other “illegal” appointees were Deepak Kumar, a close relative of the then EO Pawan Kumar Gupta, and Jagdish Lal, nephew of the then section officer Hans Raj.

Submitting that Lata’s petition was based on completely “false” and “fabricated” facts, Gulati said Lata’s husband had also appointed another relative and his namesake, Tarsem Lal.

While Lata, Deepak and Jagdish were appointed as clerks, Tarsem Lal was given the job of a peon/chowkidar. Gulati told the court that neither these appointments were made through the employment exchange, nor were the posts advertised in newspapers.

Not only did Lata seek benefits of her “long” service that actually never existed, she also pleaded for a job to her son on compassionate grounds, claiming she had sought voluntary retirement prior to attaining the superannuation age on medical grounds.

Gulati said Lata had also claimed all these “undue” benefits on the basis of her “backward-class” status, by mentioning the name of her father, though she had married a Brahmin much before her appointment. At the time of her appointment in 1991, Gulati said, Lata was 42 years old, which made her ineligible for the job anyway. “Moreover, she was appointed on an ad hoc basis,” he pointed out.

Gulati produced records to substantiate his claim that Lata worked for three to four days only, for which she was paid Rs 106.45.

“Even an entry was made to this effect in the MC cash book by Lata’s husband who was the MC accountant then. She never worked with the MC thereafter, and hence there is no question of paying any salary to her,” said the former EO. Gulati said Lata’s appointment letter was “totally illegal and void” as it was issued “for and on behalf of” the then MC Administrator, and not the EO who was the competent authority.

After the startling disclosures, the Director-cum-Special Secretary, Local Government, issued an order on February 6 to hold a thorough inquiry to fix responsibilities so that Lata or anyone else could not derive any undue benefit.

Finding herself cornered and fearing an “adverse” action, Lata withdrew her petition from the High Court. In his fresh orders issued recently, the Director-cum-Special Secretary, Local Government, however, directed to close the case file, paving way for Lata and all others involved in the nexus to go scot-free.

Source:ExpressIndia