La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Nerea Bezares, 29th October, 2009

Computer fraud is an everyday issue. We are becoming accustomed to hearing on the news about criminal groups that clone credit cards, hack mail accounts, bank accounts, etc.                                                                                                                                                                               

Most of these scams are carried out withour the user’s knowledge. The process is transparent until the scam is complete. However, in the case of phishing, users knowingly send their bank details to an email address (or website), and therefore have an active role in the scam.
 
Despite the best efforts of banks to warn users about these risks, victims still fall into the same traps. Today however, I would like to talk about another scam we have encountered on the Internet. It’s a traditional scam adapted to use a combination of new technologies to defraud users.
 
Ever heard of the pigeon drop scam before? Basically, it involves convincing a victim or ‘pigeon’ to give up a sum of money in order to obtain a larger sum of money. The result however is that the scammers end up with all the money.

There are many variations, but typically, the victim is presented with the chance by one of the scammers -who will often appear to be extremely naïve or stupid- to get a large sum of money (or valuable object) in exchange for a much smaller amount. A stranger (in reality, one of the scammers) will invariably appear, encouraging the victim to seize this ‘opportunity’. The victim hands over his money in exchange for the bag or envelope containing his sudden windfall, which, as the bag has been switched, turns out to be strips of newspaper or other worthless material. By this time the scammers have made off with the victim’s money, and the ‘pigeon’ will rarely report the crime through guilt or shame.
 
As innovation is all the rage among the criminal fraternity, we now have a technological version of this traditional scam. A user receives an email explaining how easy it is to become a hacker and get hold of a list of credit card numbers which can then be used to buy things online, transfer money out of people’s accounts, etc.

To access the list, the user simply has to forward his own credit card details to the sender of the email, who is –needless to say- the real hacker. The hacker will then be able to use the credit card for whatever he wants. The scammed user will not know how to explain it to the authorities, as on the one hand, he has given out his details voluntarily, and on the other, he did so to steal from other users.
 
What do you think about this scam? Do you think those who attempt to scam others deserve what they get?

We remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

Posted by Nerea

Can you be certain you are not INVOLUNTARILY sharing your WIFI network with your neighbors? How can you be sure that your Internet activity is not being monitored when you use a wireless network? Any user within 100 meters is a potential intruder –whether intentional or unintentional- . With wireless networks, information is sent through radio waves, and as they are simply in the air, it is impossible to prevent anyone within a radius of 100 meters capturing the data transmitted.

As you cannot prevent the information being viewed by other people, it must therefore be protected through encryption protocols. At present, the WEP, WPA and WPA2 protocols are used. Although encryption is necessary, it is not enough to prevent unwanted access to your network. There are free programs on the market which are easy-to-use and available to anyone who wants to decrypt connection passwords. Similarly, there is also software that detects any users connected to your network.

Here are a few tips to prevent WiFi intruders or any opportunists that want to hook up to the Internet for free:

1. WPA password (they have been proved to be much better than WEP passwords, as they take 30 minutes to decrypt!).
2. Disabled DHCP (this way it will take intruders longer to discover the type of network).
3. Enable the Firewall module of your antivirus. Install the firewall and update the antivirus, the operating system and the programs.
4. Limit the number of connections to the Router/AP (e.g. if you have one computer why allow two? When necessary, you can extend the range).
5. Administration of the Router/AP (it should only be managed through the network and not via WiFi. This way, you will also prevent them from changing the settings).
6. Disconnect the WIFI router when you are not using it.