A 2011 study by Apple iOS developer Daniel Amitay showed that 15% of all passcodes used to access iPhones are one of the following:

1234 0000 2580 1111 5555 5683 0852 2222 1212 1998

This is increasingly concerning as a more recent study by cryptographers at Cambridge University show that this is a similar case with people’s bank PINs.

The study suggests one in 20 people use a simple numeric pattern such as 4545 whilst one in 10 use a pattern on the entry keypad. “Unfortunately 23% percent of users chose a PIN representing a date, and nearly a third of these used their own birthday.”

99% of customers report that their birth date is listed somewhere in their wallet so if their wallet becomes lost or stolen, the attacker will have around a 9% chance of successfully guessing the users PIN.

The problem is then compounded if you use the same PINs and passcodes across devices and banking cards; losing both your phone and wallet will then potentially mean that not only are your cards compromised but your phone also, together with your contacts, personal notes and logins to all of the online services you access from a smartphone.

Our Advice

Most of the top passcodes follow typical formulas, such as four identical digits, moving in a line up/down the pad, repetition. 5683 is the passcode with the least obvious pattern, but it turns out that it is the number representation of LOVE (5683), once again mimicking a very common internet password: “iloveyou.”

We would recommend choosing a completely random PIN, one that is not a numeric sequence, or a sequence on the keypad. We would strongly advise that the PIN does not relate to your date of birth, or link to any other information held in your wallet. It is also strongly recommended not to use the same PINs and passcodes for different cards and devices.

Stay Safe & Stay Aware

You have probably all heard of these scams or even been targeted yourselves, the premise is simple; a fraudster cold-calls you to inform you that you have “errors” on your computer, which may have caused your system to “slow-down”. Computers always “slow-down”, it’s just a fact of life!

Anyway, if you are tricked, the fraudster can direct you to dangerous sites that will prompt you to enter personal details and often payment details for a “protection package” to which you do not subscribe and that you do not need.

Recently though that scam has matured; fraudsters are beginning to direct their victims to websites such as ammyy.com, showmypc.com and logmein.com, all of which are legitimate services allow remote access between PCs. However if you are tricked into installing this by the rogue caller then you will be enabling them to view, download and basically do what they want with your computer and information!

The scammer will go on to show you what appear to be error messages and will offer to fix your computer “for free”, but of course they are not and, they will not.

What can you do if you’ve been caught out?

You should report similar scams to Action Fraud who provide a central point of contact for information about fraud.

We would also recommend that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

Here at Garlik we can help, so let us know if you believe you have fallen victim to this type of scam, get in touch at support@garlik.com

Stay safe & stay aware

Reported by Dan Hyde – Click to see original report

“Online gangsters have started flogging Facebook and Twitter passwords to other criminals for as little as £20 on ‘factory outlets’ hubs.

Gangs using viruses to invade bank customer’s PCs and steal their log-in details are also scooping up social media passwords and email addresses.

With data piling up, the hackers have launched ‘factory outlets’ to profit from their surplus bounty.

Millions of sensitive personal details are being auctioned off in bulk to other cyber-criminals, Internet security firm Trusteer says.

Buyers are being charged $30 dollars for initial access to the factory outlet, and can then get a one-off instalment of all the data from a certain country, such as the U.S., UK and Germany.

The danger – apart from the obvious ability to wreak havoc – is that scammers can surreptitiously use Facebook and Twitter to trick their victims into downloading powerful viruses, then use to access online banking pages by stealth.”

How we can help

DataPatrol acts as your personal guard-dog online. It is always vigilant, continuously monitoring the web, social networks, public databases and the “dark web” on your behalf – to immediately detect the theft, loss or disclosure of your vital personal and financial information.

We recommend our customers enter their twitter ID and Facebook logins into their DataPatrol account so we can constantly monitor the data and notify you if your details are detected.

Our Advice

We recommend that you never click on suspicious links from emails or social networks. You should always confirm via another form of communication that the user is who you think they are.

We also suggest that to do not give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

If you believe you may have fallen victim to this or a similar scam and please feel free to get in touch at support@garlik.com for further advice

Stay Safe & Stay Aware.

On the 11th February 2012, TicketWeb UK’s direct email marketing system was exposed to unauthorised access.

Users of TicketWeb may have received up to four emails with the subject “Action Required: Update Your PDF Application”. The email contained two links to update your “Adobe Acrobat PDF application” but you guessed it, this links to a phishing site that tempts users to enter personal information and credit or debit details..

This is the fake website created by the fraudsters, using Adobe’s trademarked logos and styles heavily. This links to some PDF related software, nothing to do with Adobe itself.

It wasn’t until the next day that TicketWeb sent an Urgent Alert email to their customers who had been affected but unfortunately, this may have been too late.

Our Advice

TicketWeb advise not to click this link & to delete the email, they also state that ‘no credit card information was vulnerable during this attack’. If, however you did fall victim to this scam and clicked the link to enter further information then you would have been prompted to enter your name and email address on the first page, choose a product version on the second page and finally enter payment information on the third page.

We have checked the scam link through ‘Virus Total’ and it does not appear that it contains any malware, so we believe that this was purely a phishing attack designed to trick customers in to sharing personal and financial information.

If you believe you have fallen victim to this scam and have shared any payment information then you should contact your bank immediately to cancel your debit or credit card.

Please feel free to get in touch at support@garlik.com for further advice and to discuss what extra information you think you might have accidentally shared, we can help!

Stay safe & stay aware

A computer hacker from Whitehaven has been describing how he hacked into email accounts using the information publicly visible on people’s Facebook accounts.

After looking through his victims Facebook page, Chris Hardy, who recently pleaded guilty to fraud by false representation, managed to acquire enough information to figure out the answers to the victims’ security questions on their email accounts. He was then able to reset the victims’ Facebook passwords and access their Facebook accounts.

Going a step further, Hardy also used the Facebook Chat application to convince one of his victim’s friends to hand over their credit card details.

Keep personal details private on Facebook

Hardy states; “There is an option to hide your address and that will stop people knowing your email address and hacking into your Facebook account.”

You can do so by clicking in the “Info” section of your Facebook page and selecting Edit next to the “Contact Information” section. There will be a drop down list next to your email address that will allow you to change the privacy settings to as who can view your email address. You should consider doing the same for postal address and phone number.

Take care sharing financial details online (full stop)

Hardy himself pleads for users to be more careful about who they communicate with online. We recommend that you never give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

Stay Safe & Stay Aware.

23 December 2011 – Experian, the global information services company, announces that it has acquired Garlik Limited, a provider of web monitoring services based in the United Kingdom.

Founded in 2005, Garlik helps consumers to protect themselves from the risks of identity theft and financial fraud. Through its main product, DataPatrol, Garlik captures and monitors information from a variety of sources across the wider web and social networking sites using its proprietary web-crawler technology. DataPatrol generates alerts when an online loss, disclosure or theft of consumer data is detected, and suggests next steps on how to respond to incidents before an individual becomes a victim of financial crime or identity fraud. Garlik provides services in the UK, US, Germany and Italy.

The acquisition of Garlik extends Experian’s presence in identity protection, consistent with Experian’s strategic goal to become the most trusted consumer brand for credit monitoring and identity protection services. It enables Experian to offer a more comprehensive identity protection product to its customers and clients, while accelerating plans to expand consumer protection services into new geographies. The acquisition will form part of Experian’s Interactive business.

At 31 December 2010 Garlik had gross assets of US$1m. Garlik was acquired from venture capital investors DFJ Esprit and Doughty Hanson, and the founding shareholders. The acquisition has been funded from Experian’s existing cash resources.

Contact

Experian
Nadia Ridout-Jamieson, Director of Investor Relations; +44 (0)20 3042 4215
James Russell, Communications Director, UK&I and EMEA

Finsbury
Rollo Head; +44 (0)20 7251 3801
Don Hunter

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

For the majority, Christmas is a time for giving, but many scammers increase their efforts around the Christmas period and see it as a chance to get hold of our hard earned cash.

We have picked out a variety of famous Christmas scams to give you guys a better chance of avoiding these nasty tricks.

Fake charity appeals
If you get an email asking for donations, apparently from a recognised charity, proceed with caution. Reputable charities never ask for money via email, so any website you are directed to will probably be designed to collect your personal and banking details. There are plenty of worthy causes to support this time of year, so make sure donations are going to the right ones. Whether giving online or through text messaging, thoroughly review the charity, look at the organization’s privacy policy and verify if it has appropriate security measures in place to protect transactions. To review charity evaluations, visit www.bbb.org/charity.

Wi-Fi Scams
Sitting in a coffee shop surfing the Internet is not always as handy as it might seem. Make sure the wireless network is password protected, or someone might just be using specialist software to gain access to your passwords and personal details. If you are logging in to email or online banking from an unsecured, public network, you are asking for trouble.

Themed attachments and ‘spam’
Unsolicited email should always be treated with suspicion, more so in over the Christmas season. Any email from a sender you do not know, and which asks you to visit a website or open an attachment is probably not the festive fun it claims to be:

• Ensure you have a spam filtering service active on your email account and if you do receive any spam mail, do not open any attachments or click on any links.
• Notify your contacts that your account is sending out spam messages and for them not to open any short, non-titled or unusually titled emails from you and to ensure that any spam emails they receive are marked as spam and then deleted.
• Ensure your anti-virus and spyware software is up to date and run a scan to check for any issues

Laptop theft
If you are going away for Christmas, lock away your laptop. If it is stolen, the chances are the thief will find a way to access your passwords and personal details, then have a merry old time spending your money.

“Smishing”
You’ve heard of phishing? “Smishing” is when a phishing SMS, or text messages, gets sent to your phone. “These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets,” McAfee says.

You should be extra vigilant over the Christmas period. If something looks to go to be true, it probably is. So make sure you carry out research before providing anyone with your personal or payment details.
Stay Safe & Stay Aware

This Christmas, sales of netbooks, laptops and tablets are set to outstrip sales of conventional PCs. The increased use of portable devices is providing scammers with a perfect opportunity to target users of public Wi-Fi networks in cafes, bars, airports and train stations. A common scam is to set up an open wireless access point that is designed to look like an official hotspot such as ‘BTOpenzone’, the cybercriminals then monitor all of the traffic coming through their access point, hoovering up any sensitive details they can.

If you are connecting to a Wi-Fi network, be especially careful that you select the correct network and do not allow your device to automatically find and log into nearby Wi-Fi hotspots.

Let us know if you believe you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware

A compromised Facebook account not only leaves your own personal details as risk but also provides cyber criminals with insight into all of your friends’ personal details and activity. It’s therefore important to realise that if one of Facebook friends appears to have had their account hacked, that this could impact directly on you. Access to a Facebook account can provide an online criminal with numerous avenues to gain data and carry out fraudulent activities such as:

• Data mining for mobile phone numbers on account profiles;
• Collecting personal and private information to be used for phishing attempts such as the ‘Grandma Scam’ (in which a fraudster contacts older citizens pretending to be their grandchild in desperate need of money to help them out of a tricky situation);
• Using photos and other profile data to create fake profiles, tricking people into accepting friend requests so as to collect yet more data;
• Installing rogue Facebook applications so as to send spam and scam links to all of the friends on the account;
• Monitor status updates of friends to know where they are and when they are not at home.

Advice

It is all very well your friend notifying you that their Facebook account has been compromised, but this also puts you and your details at risk. You should pay careful attention to everyone on your friends list, if you see any name changes of suspicious activity, immediately perform the following actions to protect your personal information:

• If a Facebook friend’s account is sending out strange messages which look like spam and/or contain links, try to notify them of the situation by alternative contact details (email address, phone number), so they can take action to reclaim their account and mitigate the damage. Do not click on any links posted from their account! If you cannot contact the friend consider blocking or un-friending them;
• If the name changes on one of your friends’ Facebook accounts it might be worth looking into. Perhaps they genuinely prefer the name ‘Max Power’ but it could be a sign that the account is no longer under their control. As above, try to verify that it is in fact still your friend, if you cannot then you should block or un-friend this person;
• Report any fake profiles to Facebook – Do this by navigating to the offending profile, and clicking on the settings menu (the icon looks like a gear/cog) near the top right corner and click on ‘Report/Block’.

Let us know if you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware

The Sun has revealed that millions of Xbox users have been hit by a phishing scam by cyber criminals. “In one phishing con, crooks sent emails to players directing them to bogus websites offering free Microsoft points that can be used to buy games.”

Users were then prompted to enter details that provided criminals with access to their online accounts and credit card information. Small amounts were taken over several weeks that were undetected by millions of users. “The average loss to gamers in 35 countries hit by the scam is around £100, but many lost £200.”

Advice
If you believe you have been a victim of this or a similar scam, we would advise that you use our online email checker to detect whether your email address has been compromised.

We would also advise that you immediately change the passwords to all of the online services you use. We advise that you use separate passwords for each site so if one is compromised, the fraudsters will not have access to all of your online accounts. There are free online password managers that can help you manage your passwords.