7 Online Frauds That Can Result In Someone Stealing Your Bag

The Internet is full of fraud. It is easier to scam people online than to do it on the street. At the same time, many online scams are well known and easy to avoid. Fraudsters know this and use different social engineering tricks to look like legitimate businesses. Most scammers operate from countries where there is almost no control. They act in the gray area of the digital world and use popular security tools that make them anonymous, invisible and inaccessible to regulators, law enforcement agencies and victims. Scammers work just like ordinary businesses. They have offices, secretaries, shifts, payrolls and even holidays.

How do I avoid online fraud and scams? This is usually easy since many of them are pretty clear. In most cases, you just need to train yourself to understand the difference between fake and real websites.

Below are seven of the most common online frauds, as well as tips on how to stay safe.

1. Binary options

Binary options is a simple way to trade financial markets with limited risk and profits. Binary options are legitimate by themselves and are used worldwide as speculative instruments. USA, UK, Australia and many other jurisdictions allow, regulate and oversee binary options trading. But there are plenty of unregulated brokers, signal services, autotrading services and “professional” advisors that are engaged in numerous scams. All they are trying do is persuade you to spend some money so that they can have it.

Scammers offer many interesting features for people who want to deposit money. Malefactors behind fraudulent binary options target people who are looking for easy money. These people are often desperate to earn money quickly. Future victims search the internet and find ads that promise quick profits. Once you deposit money, it is almost impossible to withdraw anything.

2. Phishing

Phishing websites take the second place in my list of most common Internet scams. Phishing websites use URLs, names and design that make you believe you are using a popular and legitimate service when, in fact, you are not. Phishing websites are just clones operated by hackers. I found tons of phishing sites investigating binary options, but phishing can be applied to all sorts of websites.

Most often, phishers target the financial sector like banks or other businesses that regularly receive money from people. Cryptocurrency exchanges have recently been heavily targeted by phishing attacks. Social networks also suffer a lot.

3. Fake news

Fake news is a big problem all over the world. Fake pieces of news are used to weaken public opinion and draw attention away from important events. The problem has become so big that school students are now beginning to doubt facts and information they study at school. This problem attracted mass attention after the U.S. elections in 2016. The bad consequences of false news can be found in many aspects of our life. People do not trust media outlets, public figures and government officials any more.

4. Spam email messages

Spam messages are used for almost all Internet scams. Although many of them are easily recognized and sent directly to your junk folder, some are carefully crafted and need to be manually filtered. These days, sophisticated cybercriminals create spear phishing emails, employing detailed information about their victims. They take time harvesting information in social networks and other open sources. Unsuspecting users receive targeted emails that include contact information or even secret details known only to a limited number of people.

It is no surprise that so many people get caught into the spear phishing nets. If you do not know the sender or have doubts in terms of the language or topics, it is best to avoid such messages. Do not click links in it and do not open any attachments. It is easier to call the alleged sender and verify if he sent you that message.

5. Fake greeting cards

Greeting cards that look like they are sent from your relatives or friends is a popular way among scammers to distribute malware. In the past, hackers used fake greeting cards to infect computes with adware that showed pop-ups or other annoying ads. Currently, they may use more dangerous viruses like ransomware that will encrypt your files and require money for the decryption key.

6. Fraudulent lotteries

Lottery scams are still successful and bring criminals a lot of money because they exploit such human qualities as greed and dreams of instant wealth. Who doesn’t dream of winning the lottery? A lot of people are easy targets for such scams. To claim your prize, malefactors ask you just to verify your contact information and provide financial data. A lot of criminals run these scams on Facebook, Instagram and other social networks. At the end of the day, people who share their sensitive info face such problems as identity theft and unauthorized transactions emptying their bank accounts.

7. Fake antiviruses

It is old, but it’s still around. You’re searching the Internet and suddenly see a pop-up saying, “Your computer is infected. The good news is that you can download our antivirus to clean all threats.” What these ads do not say is that the pop-up window you just saw is actually promoting malware. This antivirus software may remove something, but it may also scan your computer for sensitive data and then send it back to the hacker. Fake antiviruses looks like McAffee, Norton or other trusted services. In the worst-case scenario, such tools block your computer and start asking for a ransom payment to unlock it.

How to identify online fraud?

Modern scams are very complex and may consist of numerous interconnected websites and fake social media accounts all created to convince you of their authenticity and legitimacy. It is advised to consider the three factors described below:

1. Registration data

Any lawful company will give you all information about its registration and licensing. You will easily find its business address, phone numbers, etc. On the other hand, scammers try to provide fake addresses or use “virtual offices” that allow companies to create accounts by email. When planning to send money to anybody, it is better to verify all registration and contact information, as well as read reviews of previous and current customers.

2. Too good to be true

To attract more victims, fraudsters have to offer things that cannot be guaranteed, such as instant high profits. Legitimate firms usually do not do that, especially in financial sector. If the offer seems too good to be true, it is better to skip it.

3. Upfront payments

Unless it is a charity fund, there is no reason why you need to pay for a job offer or contest participation. When you are asked to send money, this is a red flag that must not be ignored. Many Twitter users have fallen victim to these tricks.

How do you avoid most common Internet scams?

– Update your software.

– Back up your data.

– Use the best antivirus program.

– Use a VPN to hide your IP from fraudsters and encrypt your traffic.

– Do not click on suspicious links and email attachments. The only thing security software cannot protect you from is yourself.

5 Dark Realities Behind Bitcoin And Other Cryptocurrencies

It’s not only investors and traders who benefit from using cryptocurrencies. Security analysts emphasize that digital tokens are becoming a means for money laundering, tax evasion, drug trafficking, as well as an instrument for funding terrorism, totalitarian regimes and unrecognized states.

1. The perfect match for money laundering

A report by Europol highlights a very disconcerting trend: many people treat cryptocurrencies as an immaculate money laundering mechanism. Criminals often take advantage of anonymity assurance techniques to conceal shady deals and transactions.

European officials have done more than merely stating the fact, though. In late 2017, they adopted some strict cryptocurrency-related regulations aimed at preventing money laundering schemes and terrorism funding. The EU’s initiatives boil down to the following:

  • Mandatory user identification at Bitcoin platforms and digital wallet services.

  • Restrictions for prepaid card transactions.

  • Allowing investigators to access bank ledgers.

  • Providing authorities with on-demand access to data about trust property.

American law enforcement agencies have had significant success in exposing money launderers. Here’s a good example: A 37-year-old Russian businessman Alexander Vinnik, the founder of Russia’s major cryptocurrency trading platform BTC-e, was apprehended in Greece in summer 2018 at the request of U.S. authorities. He was accused of laundering $4 billion worth of Bitcoin in the U.S. The detectives claim he got some of these assets as a result of the Mt. Gox Bitcoin exchange hack in Japan, where the perpetrators stole and ran off with 850,000 Bitcoin.

As per the investigation, Vinnik was one of cybercriminal kingpins and the main beneficiary of the Canton Business Corporation owned by the trading platform and reportedly engaging in fictitious deals. The corporation’s funds would often end up on the entrepreneur’s accounts. The U.S. Internal Revenue Service representatives also claim the suspect stole customers’ sensitive data and operated a large-scale drug trafficking business.

2. Transactions are concealed from tax authorities

In some countries, including the United States, the authorities consider cryptocurrency to be a form of property that’s subject to taxation. Americans are obliged to pay taxes after selling or mining coins. However, despite penalties for evasion, only two percent of traders and miners share their income with the government. According to the official statistics, only 802 people declared their income from cryptocurrency deals in 2015, and just about the same number did so in 2016. However, the tax administration doesn’t ease the pressure: they have demanded that the Coinbase digital currency exchange provide access to all customer records. The confrontation ended with a trade-off: the fiscal institution has been allowed to only check the accounts where transactions exceed $20,000.

The situation is very similar in other countries. If the government cannot track down cryptocurrency deals and levy taxes on them, it imposes a prohibition of some sort. A common scenario is where virtual currencies remain in the economy’s “gray area,” the authorities refuse to recognize them and ignore their existence to a certain extent. The Belarus case is a rare exception. On December 22, 2017, a presidential decree gave the green light to cryptocurrency operations and made them untaxable until 2023. Australian authorities have made a yet bolder move, giving Bitcoin a tax exempt status altogether.

3. Drug trafficking

Drug dealers have used crypto tokens since their emergence. The world’s largest darknet marketplace known as the Silk Road, which allowed for drug purchases with Bitcoin, was founded by American citizen Ross Ulbricht.

The customers accessed this portal via Tor network, which kept their IP addresses secret. They could order heroin, cocaine, LSD and even fake IDs on it. At least six clients of this underground service reportedly died of overdose. The illegal trade turnover of the Silk Road was estimated at $200 million, with the chief admin’s assets amounting to about $18 million.

In October 2013, Ulbricht was arrested and the marketplace was shut down. The Silk Road creator was charged with conducting hacker attacks, drug trafficking, and money laundering. The FBI attempted to prove that he had ordered and paid for murders of six people. The court verdict was harsh: he got a double life sentence, not to mention 20, 15 and five years in jail for separate felonies. He lost a court appeal in 2016.

While the author of the Silk Road is serving his sentence, the type of craft he masterminded continues to thrive. One of the examples is the Russian Anonymous Marketplace (RAMP), which has been functioning over the Tor network since 2012. According to analysts’ estimates, the drug turnover on it amounted to 26 billion rubles in 2016 alone, which was a three to five percent share of the overall market. At least 14,000 people have bought or sold narcotics via RAMP. The number of such illegal online drug marketplaces is constantly growing.

4. Bitcoin coming to terrorists’ rescue

Terrorist groups benefit from virtual currencies in their own way as well. Their leaders sometimes come up with really creative schemes, taking out loans, buying crypto coins and transferring them to their bank accounts.

A 27-year-old Pakistani-born American woman Zoobia Shahnaz pulled off a scheme like that. When working in Jordan as a volunteer with the Syrian American Medical Society, she was influenced by the propaganda of the Islamic State (ISIS). Having returned to the United States, Shahnaz continued her career as a lab technician at a Manhattan hospital. In order to support ISIS, she engaged in fraudulent schemes to get several loans totaling $85,000. The woman then exchanged the money for Bitcoin and sent the funds to the accounts of Islamic State leaders.

Shahnaz was arrested in an airport before departing for Turkey – from there, she was planning to reach Syria and join the ones she had been supporting. She is now being charged with money laundering and loan fraud. It remains to be seen whether the investigators will manage to prove her affiliation with terrorists, though.

5. A bonus for the tyrants and a battering ram for the unrecognized

Cryptocurrency has become a lure for the leaders of totalitarian regimes and unrecognized republics. Having tried all the ways of circumventing international sanctions, they have turned to crypto tokens. Kim Jong-un, the leader of North Korea, and his special services have gone the furthest in this activity. American researchers have accused them of hacking South Korean cryptocurrency exchanges, stealing thousands of Bitcoins, compromising a news portal and extorting coins from the WannaCry ransomware victims. The hackers then exchanged the stolen virtual assets to fiat money in order to fund Kim Jong-un’s regime. For the same purpose, a lot of crypto mining farms have been deployed in the rogue state. Representatives of North Korean ruling elite sometimes make purchases for Bitcoin via VPN services.

The leaders of some unrecognized or partially recognized states (Northern Cyprus, Kosovo, Taiwan, Nagorno-Karabakh, Transnistria, Abkhazia, South Ossetia, Islamic State, Donetsk People’s Republic, Luhansk People’s Republic, etc.) appear to be inspired by this practice, too. International isolation and economic sanctions have encouraged many people living in such republics to buy cryptocurrency, keep their savings in it, and use it for online purchases. Meanwhile, a lot of experts claim that the ruling class can be involved as well without publicly disclosing their actual “crypto-activity.”

VPN And Proxy Servers: What They Are And Why They’re Suddenly So Popular

During the last year, the vocabulary of ordinary internet users has been enriched with previously unfamiliar words: proxy server and VPN. If earlier such words were used in conversations only by system administrators, programmers or advanced users, now in the street, in public transport, in offices and cafes you always hear that one needs to download and install the VPN.

What is the reason for such a keen interest in VPN and proxy servers? It is all very simple: in most cases to bypass the blocking of forbidden social networks and services or encrypt their Internet traffic.

That is why the journalists and advanced users started talking about proxy servers and VPNs. People began to wonder what this VPN is. Why is it needed and how to use it? Let us find out everything about proxy servers and VPN technology, how they work and what benefits they bring. Also, is it safe to use free VPN services and proxy servers?

What are proxy servers?

The main function of the proxy server is to send requests from its own IP address which allows the users to completely or partially hide their real IP addresses. One should distinguish between anonymous and transparent proxy servers. The difference between them is significant – the anonymous ones hide the address of the computer completely, and the transparent ones pass it on to the headers, which become available for the system administrators of sites. With the help of proxy servers, you can easily access a site that is not accessible from your IP address, while a disguise will enable you to protect your personal information from prying eyes.

It is worth noting that the proxy server is needed to disguise (hide) the true IP address, to be able to view the sites blocked for the region or specific user, and also to conceal the very fact of visiting such sites.

There are two types of proxy servers: HTTP proxy and SOCKS.

HTTP proxy

The simplest kind of proxy services is a web proxy. The maximum of their capabilities is to redirect the user's web traffic (HTTP and HTTPS) from the client (your browser) to the host (the server hosting the site you need) while hiding your IP address.

When should I use a web proxy?

If the access to a particular site in your country is for some reason blocked by your ISP, then using proxy services, you can get temporary (slow and insecure) access to this resource.

SOCKS-proxy

This is a slightly more advanced, but much more rare option than a web proxy. The difference is that such proxies are able to work with traffic of different types, not only with web traffic.

When should I use a SOCKS proxy?

Since such proxies do not encrypt traffic, we would not advise sending e-mail via a free SOCKS proxy. However, you can use such services to access FTP servers (File Transfer Protocol), if you cannot access them from your own IP address.

We do not recommend using untested proxy bots and other doubtful services. If you do not have any reliable information about the development team and their purposes, it is better to refrain from using such resources, since unpredictable consequences can follow.

One of the obvious consequences is the risk that such services get access to your personal data. For example, bots will get access to the information about your profile, except for only the phone number, which can then be used by third parties. Also, you become the target of spam mail and ads. Do not forget, in that case, blocking the access to the proxy-bots will be automatically lost.

The minimum criteria for determining the quality of proxy services is the availability of the official site and application in the AppStore and GooglePlay. Be as cautious as possible with the services that do not meet these criteria.

What is a VPN?

The most important alternative to proxy servers is undoubtedly VPN (Virtual Private Network). And it is more reliable, too, with good protection and encryption capabilities. As Wikipedia says, VPN is a generic name for technologies that allow one or more network connections (logical network) to be installed on top of another network (for example, the Internet). In other words, when you try to go online, a kind of "tunnel" is formed between your PC and the rest of the Internet, which prevents any attempts to get inside from outside. When visiting any site, you are visible to the system administrators not under your real IP-address, but under a completely different one, from another country, which you can choose yourself.

There are different types of VPN services which include VPN for torrenting, VPN for avoiding geo blocking of specific sites and some VPNs are best for social networks. There are a lot of great VPN services: some of them are paid services, some are free ones. It is better to choose the tested paid services, the ones that have long proven themselves in the market. It’s always advised to take your time and learn about all the differences and peculiarities before using any VPN service or proxy server.

6 Ways To Help Your Company Prevent Phishing Attacks

Hitarth Jadhav/Pexels

The following tips will help your company avoid phishing attacks and mitigate the risk if the breach gets through.

Companies are juicy targets for threat actors from the dark web because their proprietary data is a commodity that can be traded and leveraged for industrial espionage, blackmail, unfair competition or outright theft of funds. To their credit, lots of organizations use high-end defenses to thwart unauthorized access nowadays, including sophisticated IDS and IPS(Intrusion Detection/Prevention Systems) that stop the classic hacker incursions in their tracks.

Under the circumstances, cybercrooks are increasingly focusing on social engineering techniques to pull off their breaches. They know human factor is one of the most vulnerable segments in an organization’s security posture, and the overall protection of enterprise assets is only as strong as its weakest link.

Whereas there are numerous different flavors of social engineering, phishing is by far the most common one. It denotes a tactic where hackers send rogue emails to a company’s employees, requesting sensitive corporate information or containing hyperlinks to fake login pages and malicious websites. Its goal is to wheedle out valuable data, such as bank details or account credentials, or infect the IT infrastructure with spyware. These phony emails are getting harder to identify, and some of them will circumvent email filters and get past even the most vigilant users.

According to PhishMe, phishing campaigns grew by 65 percent in 2017 versus the previous year, with the average attack costing a mid-sized organization roughly $1.6 million. Whether you represent a small or big business, you will be confronted with this hoax at some point. So you’d better be prepared for the inevitable. The following best practices will help your company avoid phishing attacks and mitigate the risk if the breach gets through.

1. Configure user accounts the right way

Administrator privileges should be something exceptional rather than mundane. Therefore, as an executive, you should stick with the “least privilege” principle regarding your staff. In other words, give your employees the minimum scope of access to the company’s digital infrastructure that will just suffice them to do their jobs. This way, if one of your staff members falls for a phishing or spear phishing scam, the potential impact will be isolated to the network area this user can access.

Another useful tip is to implement reasonable web surfing restrictions for standard user accounts so that employees cannot visit malicious sites even if they end up clicking a link in a booby-trapped email.

Enable two-factor authentication for all valuable accounts, including corporate email. With 2FA active, even if an adversary gets hold of someone’s access credentials, all of their login attempts will fail.

2. Know your business to tell the norm from the anomaly

It’s worthwhile analyzing the specific phishing vectors that criminals might use to target your organization. For instance, they can send a bogus invoice to personnel or request a money transfer while impersonating some entity you do or don’t do business with. Consider what properties of these messages can raise red flags from the average staffer’s perspective.

Make sure your employees know your business processes well enough to spot suspicious email subjects. Do you use the services of an organization that the invoice came from? Is it normal for partnering companies to request certain type of information from your staff? Communicate with your team to let them know how you operate and what companies you have relationships with so that they can easily differentiate a potentially fraudulent message from a genuine one.

3. Look out for apparent signs of phishing

Expecting your personnel to spot and delete all phishing messages is a futile approach because it will keep them from performing their regular duties, thereby impacting business productivity. Nevertheless, there are some common traits of these tricky emails to look out for. Here’s a lowdown on the typical indicators of a phishing attack:

  • Most of these frauds hail from overseas and often have spelling, grammar and punctuation errors. They may also mimic official requests or notifications and thus include logos and other graphics related to companies being impersonated. If these components are poorly designed or have low quality, you should treat such an email with caution.
  • In case the email imposes a deadline or otherwise pressures you into taking some action immediately, this may be a signal of phishing.
  • Are you being addressed by name? If it’s something like “dear customer” or “valued partner” instead, it might denote that the sender doesn’t know you for real and it’s a phishing scam in action.
  • Some paranoia, in the good sense, won’t hurt if you receive an email that appears to come from a top manager in your company. This is particularly important if the sender requests a payment and indicates a specific bank account it should go to. Scrutinize that person’s name and check the email address for typos or rogue domain name part following the “@” character. Perhaps you’re dealing with an impostor.

4. Adjust your email filters

The goal of email filtering solutions is to identify potentially malicious messages and automatically move them to the Spam or Junk folder. However, this is easier said than done, because the filtering criteria should be appropriate for your organization, so it’s important to define those rules. The default configuration may allow scam emails to end up in your inbox or, on the contrary, get legit emails blacklisted.

5. Report phishing attacks

Instruct your personnel to notify the IT department whenever they think they may have fallen victim to phishing. Detecting common malware and changing compromised access credentials right after a breach will reduce the adverse effects to a minimum. Refrain from punishing your employees in such scenarios, otherwise, they will hesitate to report these scams in the future and may spend an unreasonable amount of time and resources vetting every received message.

6. Don’t spill too much information online

Do you know what OSINT is? Well, cybercriminals do. They typically collect all sorts of publicly available information about a company when prepping their phishing campaigns. This way, they can make their scam emails appear credible. You should assess your organization’s Internet footprint and make sure there’s no overly sensitive data posted on the official website and social media. The same applies to the details that your partners and suppliers disclose about your company online.

Summary

Relying on automated services to prevent phishing attacks is a losing strategy. The protection boils down to the prudence of your staff. Therefore, be sure to focus on phishing awareness training and provide simulations on a regular basis so that your team knows exactly how to identify and treat fraudulent messages. By investing in training programs today, you will save yourself the trouble of recovering from hacker raids tomorrow.