In an earlier MySecurityIQ post, we talked about the risks of using public ATM machines or other devices that read cards. A recent incident at a New York bank highlights the importance of being aware when you use public ATM machines.
Thieves in Staten Island installed devices on ATMs at several branches of Sovereign Bank that allowed them to harvest account access information. The data were used to steal a total of more than US $500,000 from the accounts of 250 victims. The group used skimmers to gather data from ATM cards and cameras to discover customer's PINs. The information was then used to manufacture phone ATM cards.
See the Related Tip: Watch out for ATM Onlookers
Showing posts with label physical security. Show all posts
Showing posts with label physical security. Show all posts
Tuesday, June 23, 2009
Tuesday, March 17, 2009
Your Cell Phone May Be Tracked
The next time you hit the local mall, you might be followed by some folks who are interested in the way you shop. They might follow along as you move from store to store, making notes as you stop for 5 minutes for a coffee and then spend 30 minutes shopping for electronics. It turns out, this information is extremely valuable to the folks who operate malls and to the stores that rent space within them.
This is all possible since you are carrying around your personal "homing" device. Its called a cell phone. Although you might not realize it, your cell phone is sending out signals as long as it is turned on. Some companies are developing new tools and technology to allow their customers to track cell phone signals throughout any physical space, such as a mall. Using this technology, they can track many different signals at once and build detailed profiles of traffic. Pretty nifty stuff.
Some people may find this tracking an invasion of their privacy. There are certainly a variety of legal issues involved in tracking phone signals to individual users without their consent. Others may think its pretty cool and only serves to make their shopping experience better. I'll let you make the call. The purpose of this tip is to make sure you are aware that this can be happening.
Security Tip: Be aware that your cell phone may be used to track your location and behavior in the physical world. You don't even have to be making a call. If you don't want to contribute to the collective data gathering - you can always turn off your phone!
This is all possible since you are carrying around your personal "homing" device. Its called a cell phone. Although you might not realize it, your cell phone is sending out signals as long as it is turned on. Some companies are developing new tools and technology to allow their customers to track cell phone signals throughout any physical space, such as a mall. Using this technology, they can track many different signals at once and build detailed profiles of traffic. Pretty nifty stuff.
Some people may find this tracking an invasion of their privacy. There are certainly a variety of legal issues involved in tracking phone signals to individual users without their consent. Others may think its pretty cool and only serves to make their shopping experience better. I'll let you make the call. The purpose of this tip is to make sure you are aware that this can be happening.
Security Tip: Be aware that your cell phone may be used to track your location and behavior in the physical world. You don't even have to be making a call. If you don't want to contribute to the collective data gathering - you can always turn off your phone!
Tuesday, November 18, 2008
Security and Privacy on Craigslist
Millions of people buy, sell and trade goods on classified ad sites such as Craigslist. Any time there are millions of dollars changing hands between millions of people, there are going to be issues with security and privacy.
Classified ad sites such as Craigslist pose interesting challenges because your physical security could be at risk. Unlike auctions sites like Ebay, most people using classified ads meet in person to deliver the goods or services. So here are a few tips for protecting your personal security and privacy when buying and selling on classified ad sites.
Protect Your Personal Information - One risk of posting on ANY internet site is disclosing too much personal information. Personal information, such as your name, address, email and telephone number can be used by scammers for identity theft.
When posting an ad, use as much information as you can to describe the item, but put only minimal information about yourself. Never put specific information about your location, such as your address. You can do that later over the phone or via private email. The idea is to limit any information that could be used to steal your identity and provide clues to enable someone to actually find you and break in to steal the item.
The most secure way to use sites such as Craigslist is to only accept emails through their system. Never put your personal email address on a post, or it will most certainly get picked up and used by scammers. Many people who post on craigslist put their telephone number to help speed up the selling process. If you must do this, use your cell phone since your home phone also can give up your specific location. When you have sold the item, make sure you delete or remove the ad to limit the amount of time your personal information is posted on the site.
Protect Your Money - Another risk of any online trading site is the monetary scam. Never accept cashiers checks or money orders as payment. They are too easy to counterfeit. Craigslist is very good at providing warnings about this when you view and respond to posts. Always ask for cash. Be especially aware of any "overpayment" scams where someone offers to pay more for your item with a check or money order and takes a portion in cash back from you. This is one of the most common scams used on auction sites such as Ebay.
Protect Yourself - When going to view an item for sale (or when someone comes to your home or office to view an item) always have someone with you. There have already been cases where people have been assaulted after responding to an ad on craigslist. To be completely safe, you can first meet the person outside of their home to get a sense for your personal safety. If they seem suspicious or you get a bad feeling, come up with an excuse and leave. Be aware of suspicious locations, such as remote office buildings, that could put you at greater risk. If you absolutely must meet a person by yourself, tell someone else what you are going to do and when you should be back. And always keep your cell phone handy for an emergency call.
The Bottom Line
Classified ad sites such as Craigslist provide a great way to buy and sell goods and services to a local market. But be aware that meeting in person creates an entirely new set of risks. Be cautious. Reveal person information slowly. Have someone with you when you visit strangers. Sounds a lot like what our parents used to tell us about dealing with strangers. Hmm. Maybe some advice is timeless.
Classified ad sites such as Craigslist pose interesting challenges because your physical security could be at risk. Unlike auctions sites like Ebay, most people using classified ads meet in person to deliver the goods or services. So here are a few tips for protecting your personal security and privacy when buying and selling on classified ad sites.
Protect Your Personal Information - One risk of posting on ANY internet site is disclosing too much personal information. Personal information, such as your name, address, email and telephone number can be used by scammers for identity theft.
When posting an ad, use as much information as you can to describe the item, but put only minimal information about yourself. Never put specific information about your location, such as your address. You can do that later over the phone or via private email. The idea is to limit any information that could be used to steal your identity and provide clues to enable someone to actually find you and break in to steal the item.
The most secure way to use sites such as Craigslist is to only accept emails through their system. Never put your personal email address on a post, or it will most certainly get picked up and used by scammers. Many people who post on craigslist put their telephone number to help speed up the selling process. If you must do this, use your cell phone since your home phone also can give up your specific location. When you have sold the item, make sure you delete or remove the ad to limit the amount of time your personal information is posted on the site.
Protect Your Money - Another risk of any online trading site is the monetary scam. Never accept cashiers checks or money orders as payment. They are too easy to counterfeit. Craigslist is very good at providing warnings about this when you view and respond to posts. Always ask for cash. Be especially aware of any "overpayment" scams where someone offers to pay more for your item with a check or money order and takes a portion in cash back from you. This is one of the most common scams used on auction sites such as Ebay.
Protect Yourself - When going to view an item for sale (or when someone comes to your home or office to view an item) always have someone with you. There have already been cases where people have been assaulted after responding to an ad on craigslist. To be completely safe, you can first meet the person outside of their home to get a sense for your personal safety. If they seem suspicious or you get a bad feeling, come up with an excuse and leave. Be aware of suspicious locations, such as remote office buildings, that could put you at greater risk. If you absolutely must meet a person by yourself, tell someone else what you are going to do and when you should be back. And always keep your cell phone handy for an emergency call.
The Bottom Line
Classified ad sites such as Craigslist provide a great way to buy and sell goods and services to a local market. But be aware that meeting in person creates an entirely new set of risks. Be cautious. Reveal person information slowly. Have someone with you when you visit strangers. Sounds a lot like what our parents used to tell us about dealing with strangers. Hmm. Maybe some advice is timeless.
Thursday, October 18, 2007
Watch for ATM Onlookers
Part of protecting your personal information is to always be alert of your physical surroundings. In many cases, a criminal will use a combination of techniques to steal information. One of the most common methods is called "surveillance" - which is a fancy term for watching. Just like in the spy movies, criminals will often spend time watching a person or place to determine patterns that may give them an advantage.
One common and simple way to steal personal information, such as a PIN number, is to watch people type their password on a keypad. Since for ATM machines the PIN is often only 4 digits, these can be very easy to remember. While there are many sophisticated methods, such as "keystroke loggers" (which monitor your typing) or video cameras, in many real-world cases people are able to steal passwords or PINS simply by watching.
ATM machines are perfect for this crime since it is common for people to be standing in line waiting to use the machine. Some people stand uncomfortably close during these transactions.
Security Tip: Whenever you are using your ATM, or any other keypad where you type in your personal PIN, make sure nobody is watching. If they are watching, more your body in front of their line of site or simply abandon the transaction and return later.
You can use this tip whenever you type any personal login or password information into any keypad that is in view of others.
One common and simple way to steal personal information, such as a PIN number, is to watch people type their password on a keypad. Since for ATM machines the PIN is often only 4 digits, these can be very easy to remember. While there are many sophisticated methods, such as "keystroke loggers" (which monitor your typing) or video cameras, in many real-world cases people are able to steal passwords or PINS simply by watching.
ATM machines are perfect for this crime since it is common for people to be standing in line waiting to use the machine. Some people stand uncomfortably close during these transactions.
Security Tip: Whenever you are using your ATM, or any other keypad where you type in your personal PIN, make sure nobody is watching. If they are watching, more your body in front of their line of site or simply abandon the transaction and return later.
You can use this tip whenever you type any personal login or password information into any keypad that is in view of others.
Fake ATM Readers Steal Your Bank Card and PIN
In the category of "what will they think of next" - a new scam to steal your bank card and PIN number is hitting a lot of people.
Teams of organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM. The University of Texas Police has an excellent set of pictures to help to recognize these convertee ATMs. Reports are that these false fronts are also being used at gas stations and other outlets. So what can you do to help spot these fake ATM machines?
ATM Security Tips: First, be extra careful using ATM machines that are in poorly secured areas, such as gas stations or grocery stores. Thieves are likely to target these locations because there is much less change of being detected.
Second, examine the ATM machine a look for any suspicious-looking attachments, including the location of mini-cameras on nearby walls or envelope holders (see the pictures).
Finally, always be aware of suspicious-looking vehicles parked nearby, probably in dark or poorly lit areas. In this scam, the perps need to be nearby to receive the data via a wireless link.
According to police, if you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.
Related Tips: Watch out for ATM Onlookers
Teams of organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM. The University of Texas Police has an excellent set of pictures to help to recognize these convertee ATMs. Reports are that these false fronts are also being used at gas stations and other outlets. So what can you do to help spot these fake ATM machines?
ATM Security Tips: First, be extra careful using ATM machines that are in poorly secured areas, such as gas stations or grocery stores. Thieves are likely to target these locations because there is much less change of being detected.
Second, examine the ATM machine a look for any suspicious-looking attachments, including the location of mini-cameras on nearby walls or envelope holders (see the pictures).
Finally, always be aware of suspicious-looking vehicles parked nearby, probably in dark or poorly lit areas. In this scam, the perps need to be nearby to receive the data via a wireless link.
According to police, if you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.
Related Tips: Watch out for ATM Onlookers
Subscribe to:
Posts (Atom)
Posts
