Rss

Archives for : social engineering

Time to clarify what Geico, State Farm, and OnStar are selling you

No to in-car monitoring

Progressive claims this tool is used for discounts only

“You’ll save with our snapshot discount,” “State Farm has identified you as driving a vehicle with OnStar built into it. We are offering you a discount for having this service.” and there are many other examples of this.

Let us get to the heart of what this is.

For those of you who like to drive all over town but tell your insurance carrier that you drive to work and back only, these devices will root your out and you will receive a hefty price increase instead of the promised price decrease.

Someone would have to be nuts to allow any insurance company to monitor your activity, your driving habits, or let OnStar share your driving information with anyone. Why?

Simple…if you have ever heard of the term “red lining,” which is taking the crime statistics from any community and drawing a red mark on a map and anyone living or working in those areas get to pay higher car insurance rates because you are more at risk than someone who lives and works in a more affluent part of town.

That means that, in terms of odds, you are more likely to have something happen to your insured vehicle. It also means that the insurance company is more likely to see a claim from you.

So enter this world of “snapshot”,”OnStar”, and the various other devices insurers are trying to dangle in front of you attached to a word, “discount”, in order to get you to bite.

And enough people are biting on this lure and companies like Geico, Progressive, State Farm, All-State, and many others are trying to do anything to get you to let them spy on you more than they already are.

But the information that those devices record about your driving habits are tied into your computer. So if you change cd’s or the radio station while driving, if you change lanes without signaling due to a driver or animal moving into your path, or even something as innocuous as braking too severely will count against you and your discount will eventually morph into a significant rate increase.

From the Snapshot provider’s website about the device:

“Data We Collect:
The Snapshot device records vehicle speed and time of day, and when the device is connected and disconnected from the vehicle. It also records the Vehicle Identification Number upon installation. Other information, such as miles driven and rates of acceleration and braking, is derived from the speed and time information recorded by the device.”

Think about this…insurers tie your credit record into your auto insure rate. They tie in things like non-fault accidents into your rate. That’s not to mention the number of times you’ve been uninsured or placed into a high risk pool.

In short…don’t do it. Keep insurers out of your car unless of course, you are the perfect driver and you never drive anywhere except to home and work or home and school.

And for the record…this is, in my opinion, a polite way of asking “can we please put spyware on to your car’s computer to monitor you?”

You should really pay attention to privacy policies

privacy lock icon

Privacy and data collection

Google has been getting slammed lately in the tech media space for it’s blog post ( http://j.mp/z5Z5EO ) declaring that they are unifying all of their privacy policies into one massive policy. What has happened is that Google is being accused of violating it’s initial rule–“Don’t be evil.”

Evil is actually in the eye of the beholder as Google is not saying they are selling our personal data. They are merely sharing it across their own platforms to serve their own needs. As long as Google keeps this data internally and does not share it with third parties, I have no problem with that.

What I would like however, is to have control over the data that Google has gathered about me and the ability to change or delete it when Google does turn evil, which all for profit companies must do if they are to survive.

There are hundreds of companies who make billions of dollars off of each our personal profiles. Our criminal records, our driving records, and even how much money we gave to our local dog-catcher’s re-election campaign are all part of data sets that large companies like ChoicePoint, and Insurance Services Office sell to their customers. Even your prescription records are acrued and compiled to be resold by Milliman and Ingenix.

I would venture a guess that those who fear our federal government’s intrusion into our private lives have never searched deeply into who they should really be worried about. Private companies exist for one purpose…to make rich people richer. Government exists for one reason–to do for people what they cannot do for themselves.

Fearing government regulations is one thing that many Americans do but it’s misguided. Regulations on private business are necessary to keep our food and our money safe.

MyLife.com–why you should avoid it

You see the commercials on TV that someone may be looking for you. It seems like you have old boyfriends/girlfriends lining up to talk to you after all this time and they are doing it at the MyLife.com website.

Well…I accidentally clicked on the MyLife.com site when Google returned it in a search for a former coworker’s email address. What happened next was eye-opening.

First off..you must understand how malware-laden sites work. You visit a site with malware loaders, a popup comes up on your screen telling you that you have a virus and need their “anti-virus solution” or worse, the computer seems to lock up and there is nowhere to click except on a yes or no box on the popup.

If you are smart, you know that clicking on either box, or even on the circle x in the upper righthand corner, to close the window, will result in something being uploaded to your computer without your knowledge. It’s one of the reasons why I found and re-published instructions for creating a shortcut for immediately closing Internet Explorer without triggering any loaders (see this link: http://tech.jchampion.com/?p=16 ).

Well I mention all of this because this is the exact same behavior that the MyLife site exhibits. The site “grabs” Internet Explorer and there is nowhere to click on the page to close the application except inside the popup box that pushes you to register for this pay service. And for the record, you may not be surprised to learn that not very many of your old friends, girlfriends, or boyfriends are looking for you on this site as they probably did not want to pay the fee to contact you either.

And according to Techpaul’s blog ( http://techpaul.wordpress.com/2009/03/06/just-say-no-to-mylifecom/ ), the site is more annoying than nefarious. In order to join you must surrender your contacts list and from that moment on, your friends and family will be spammed relentlessly by the MyLife servers. In addition, it appears that they turn over your contact information to any advertiser whose ad you click on. Hint–there is only one teeny tiny “no” link on those ads while the rest of the ad is a clickable surface. Sneeze and exert pressure on your mouse and the advertiser gains access to your profile/contact information and possibly that of your friends as well.

In short…please stay away from the MyLife.com site and if you have joined, perform a Google search on how to remove your name and information from social networking sites.

What is arbitration and why you should care about

 

Scotus would allow the makers of this device the safe harbor of arbitration

SCOTUS would protect the makers of this fraudulent medical device

 

Everyday thousands of Americans enter into new contracts with credit card issuers, mortgage companies, new home builders, and many many other large corporations.

I would venture a guess that 95% of most of these consumers think that is something goes haywire, like your new home develops cracks in the foundation or the lender modifies your contract 60 days after you’ve signed it, that you can seek some remedy in a court of law.

You can kiss having your day in court goodbye. Today 95% of all contracts between businesses and consumers have some sort of binding arbitration clause in their agreements. And on January 9th, 2012 the U.S. Supreme Court, in an 8-1 decision said that binding arbitration clauses in contracts are just that…binding and cannot be overturned.

The reason why so many companies are forcing mandatory binding arbitration clauses on their customers is that in many cases the terms for arbitration are buried deep within the paperwork your banker, broker, or realtor has you skip over just to get your signature.

In addition, the company gets to pick the arbitrator, the state of the arbitration, and the terms that you can seek arbitration under. So a Texas resident with a beef against a California credit card company would have to take the time, and money, out of their lives to go to California for the arbitration hearing.

And even then the deck is still further stacked against the consumer.

According to statistics compiled by the University of Colorado and Smart Money magazine, consumers have won approximately 4% of the arbitration cases heard. In 2009, the Minnesota State Attorney General sued a major arbitration firm because of alleged close ties to the banks the firm heard cases from. The major banks also named in this suit temporarily dropped their arbitration clause but you can expect that it will be back and enforced as soon as the type can be set on each company’s word processors.

It’s this simple…pay attention to what you are signing and where you buy high dollar items from. In some cases, you should shop around and even if it costs a few dollars more, you should get your loans, credit cards, and other financial instruments from those companies who do not have these clauses in their agreements but if people do not pay attention and keep buying and lending from whomever is cheapest or easiest, then you can expect to see 99.5% of all American based companies using arbitration clauses in their paperwork.

Clicking on an Osama picture can be hazardous to your computer

Malware purveyors keep looking for the next thing to convince you to click on download/”Look at this!” type of links. Sunday night’s announcement of Osama Bin Laden’s (I don’t really care if I spell that name right–the terrorist doesn’t deserve for it to be spelled correctly) death and the subsequent details coupled with America’s thirst for blood and gore mean that the pickings are ripe for malware purveyors.

So Facebook users…you’re up first. You are a prime target because most of you are not all that computer saavy and most click on anything that looks tantalizing…afterall if it looks salacious it must be awesome, right? And also if no one knows I clicked on the gory details link, what’s the worst that can happen? After all, there is that big “X” in the upper right hand corner of my browser right?

The FBI knew this was going to happen and issued a press release to the American public warning people about such links:

“The FBI today warns computer users to exercise caution when they receive e-mails that purport to
show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could
damage your computer. This malicious software, or ‘malware’, can embed itself in computers and
spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members.
These viruses are often programmed to steal your personally identifiable information.”

So what does this mean to you, the common user? It’s simple. Until the Obama administration announces it has released photographs and/or videos, there are no such things. You should pay full attention to the FBI’s warning. Click on nothing that you do not know. Click on only those things you were expecting and from trusted sources after using your anti-virus/anti-malware to the fullest.

Finally…if you do accidentally stumble into one of these traps…follow the regular steps to remove malware viruses from your computer. If you don’t know what these are, then you should be extra careful about the things you click on.

The Epsilon Breach Just Keeps Getting Worse

When it first happened, media from CNN, Fox, Time, NY Times, Washington Times, and other popularity driven news organizations did the lazy thing and reported the press release that Epsilon and those companies who turned over your personal information to Epsilon wrote to give the information they wanted you to think was true.

Epsilon Breach Press release

But the information contained in that release, like most press releases, is misleading at best and downright false at worst.

Here’s why…spam and spear phishing are the least of your worries in a breach of this kind. Coupled with other information email addresses, usernames, and companies you deal with can tell a lot about you and give identity thieves and identity sellers, loads of personal information to gain access into your life.

Not to mention that the folks who stole this information want you to turn over your computer to them. While they don’t want the electric bill from running it, they do want to use its CPU cycles, ram, and hard drive space to rent out to spammers, malware providers, adware servers, adult oriented material, child pornography, and let’s not forget about general mischief.

So how do you protect your from all of this sad activity?

1) Never click on links in incoming emails.
2) Use a good anti-virus/anti-malware/firewall.
3) Use common sense. Do not load photos/images just because a friend, an acquaintance, or someone else you may know sent them to you. Using steganography, a user can load javascript loaders, into the cutesie images that are sent to you and those can be used to begin delivery of malware, spyware, or other stuff you just don’t want on your system.
4) Stop sending emails that are meant to be forwarded. These give hackers an idea about which users are more susceptible to attack than others.

Finally–the reason why spam and malware continue to spread is because people are allowing the tools that come with their PC’s to expire, or just think a sofware firewall is sufficient. And let’s not forget the profit margin. Sending spam is quite profitable and people keep opening it, reading it, and responding to it.

It’s so profitable in fact, that many of the original spam factories of the 90’s are now legitimate email marketing companies.

So please…take responsibility for your computing actions. If you cannot afford to pay for the Symantec/McAfee software subscription that comes with your new computer…have a tech remove it and install Microsoft Security Essentials, AVG, Avast, Avira, or some other free anti-virus option.

Two Facebook search boxes are worse than one

FaceBook resource site, AllFacebook.com is announcing today that Facebook itself is denying testing a web search tool and additional search box on your page. The “search box” which looks like this:

Facebook fake search box from AllFacebook.com

Facebook fake search box from AllFacebook.com

 

So now the question is…what is this and what can you do about it?

Well Facebook has a tool created in cooperation with McAfee that can help you locate, isolate, and remove any malware that may be on your system.

http://www.mcafee.com/US/

If you have questions..just ask.

A whale of a hoax just for you

Our friends at NakedSecurity, part of the Sophos Antivirus company, a new link threatens your computer and perhaps your Facebook account.

If you see a message on a friends’ Facebook wall talking about a whale being tossed into a building, don’t click on it. It will be a rogue site that will attempt to garner information from you.

But the hoaxes from the sick and greedy don’t end there.

There are many other viral links spreading on Twitter, Facebook and many will land you on FouTube which is a fake YouTube site, or some other “fill out this form” survey site which may seem innocent until you start seeing that your Facebook profile suddenly likes the link you clicked on, and your Twitter account has been updated to try to attack more of your friends/followers.

Just take a second to vet (check out) each link you are seeing.

Same holds true for scams on Facebook attempting to take money from you for tsunami relief. Only give money to charities that you have dealt with before and never give money or credit card information to people who call/contact you first.

Video Malware attacks on Facebook

See any posts like this lately?

Example of malware video post on Facebook

Here is an example of a malware video post on Facebook

This is the latest wave of malware loaders to hit Facebook. Facebook assumes that you are a responsible PC owner and leave it up to you what you will and won’t click on.

But make no mistake…this is a trojan horse that delivers a negative software load on to your pc and may create a bigger hole for worse stuff to load on to it later down the line.

If you click on one of these links accidentally…immediate use the Kill IE button we created last night and then download a copy of MalwareBytes. Then update the MalwareBytes definitions and finally run a scan on your system.

Warn your friends and family members who are on Facebook about this and let’s stop this replication.

Be leery of videos that say “SICK” “FUNNY” or anything else that seems unusual. Also look at the url that the video is hosted on. If the video comes from YouTube, Vevo, MTV, Comedy Central or other trusted sources you are okay.

If the video is hosted on a site you have never heard of…DON’T CLICK ON IT!