“Online gangsters have started flogging Facebook and Twitter passwords to other criminals for as little as £20 on ‘factory outlets’ hubs.

Gangs using viruses to invade bank customer’s PCs and steal their log-in details are also scooping up social media passwords and email addresses.

With data piling up, the hackers have launched ‘factory outlets’ to profit from their surplus bounty.

Millions of sensitive personal details are being auctioned off in bulk to other cyber-criminals, Internet security firm Trusteer says.

Buyers are being charged $30 dollars for initial access to the factory outlet, and can then get a one-off instalment of all the data from a certain country, such as the U.S., UK and Germany.

The danger – apart from the obvious ability to wreak havoc – is that scammers can surreptitiously use Facebook and Twitter to trick their victims into downloading powerful viruses, then use to access online banking pages by stealth.”

How we can help

DataPatrol acts as your personal guard-dog online. It is always vigilant, continuously monitoring the web, social networks, public databases and the “dark web” on your behalf – to immediately detect the theft, loss or disclosure of your vital personal and financial information.

We recommend our customers enter their twitter ID and Facebook logins into their DataPatrol account so we can constantly monitor the data and notify you if your details are detected.

Our Advice

We recommend that you never click on suspicious links from emails or social networks. You should always confirm via another form of communication that the user is who you think they are.

We also suggest that to do not give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

If you believe you may have fallen victim to this or a similar scam and please feel free to get in touch at support@garlik.com for further advice

Stay Safe & Stay Aware.

Users of TicketWeb may have received up to four emails with the subject “Action Required: Update Your PDF Application”. The email contained two links to update your “Adobe Acrobat PDF application” but you guessed it, this links to a phishing site that tempts users to enter personal information and credit or debit details..

This is the fake website created by the fraudsters, using Adobe’s trademarked logos and styles heavily. This links to some PDF related software, nothing to do with Adobe itself.

It wasn’t until the next day that TicketWeb sent an Urgent Alert email to their customers who had been affected but unfortunately, this may have been too late.

Our Advice

TicketWeb advise not to click this link & to delete the email, they also state that ‘no credit card information was vulnerable during this attack’. If, however you did fall victim to this scam and clicked the link to enter further information then you would have been prompted to enter your name and email address on the first page, choose a product version on the second page and finally enter payment information on the third page.

We have checked the scam link through ‘Virus Total’ and it does not appear that it contains any malware, so we believe that this was purely a phishing attack designed to trick customers in to sharing personal and financial information.

If you believe you have fallen victim to this scam and have shared any payment information then you should contact your bank immediately to cancel your debit or credit card.

Please feel free to get in touch at support@garlik.com for further advice and to discuss what extra information you think you might have accidentally shared, we can help!

Stay safe & stay aware

After looking through his victims Facebook page, Chris Hardy, who recently pleaded guilty to fraud by false representation, managed to acquire enough information to figure out the answers to the victims’ security questions on their email accounts. He was then able to reset the victims’ Facebook passwords and access their Facebook accounts.

Going a step further, Hardy also used the Facebook Chat application to convince one of his victim’s friends to hand over their credit card details.

Hardy states; “There is an option to hide your address and that will stop people knowing your email address and hacking into your Facebook account.”

You can do so by clicking in the “Info” section of your Facebook page and selecting Edit next to the “Contact Information” section. There will be a drop down list next to your email address that will allow you to change the privacy settings to as who can view your email address. You should consider doing the same for postal address and phone number.

Hardy himself pleads for users to be more careful about who they communicate with online. We recommend that you never give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

23 December 2011 – Experian, the global information services company, announces that it has acquired Garlik Limited, a provider of web monitoring services based in the United Kingdom.

Founded in 2005, Garlik helps consumers to protect themselves from the risks of identity theft and financial fraud. Through its main product, DataPatrol, Garlik captures and monitors information from a variety of sources across the wider web and social networking sites using its proprietary web-crawler technology. DataPatrol generates alerts when an online loss, disclosure or theft of consumer data is detected, and suggests next steps on how to respond to incidents before an individual becomes a victim of financial crime or identity fraud. Garlik provides services in the UK, US, Germany and Italy.

The acquisition of Garlik extends Experian’s presence in identity protection, consistent with Experian’s strategic goal to become the most trusted consumer brand for credit monitoring and identity protection services. It enables Experian to offer a more comprehensive identity protection product to its customers and clients, while accelerating plans to expand consumer protection services into new geographies. The acquisition will form part of Experian’s Interactive business.

At 31 December 2010 Garlik had gross assets of US$1m. Garlik was acquired from venture capital investors DFJ Esprit and Doughty Hanson, and the founding shareholders. The acquisition has been funded from Experian’s existing cash resources.

Contact

Experian
Nadia Ridout-Jamieson, Director of Investor Relations; +44 (0)20 3042 4215
James Russell, Communications Director, UK&I and EMEA

Finsbury
Rollo Head; +44 (0)20 7251 3801
Don Hunter

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

We have picked out a variety of famous Christmas scams to give you guys a better chance of avoiding these nasty tricks.

Fake charity appeals
If you get an email asking for donations, apparently from a recognised charity, proceed with caution. Reputable charities never ask for money via email, so any website you are directed to will probably be designed to collect your personal and banking details. There are plenty of worthy causes to support this time of year, so make sure donations are going to the right ones. Whether giving online or through text messaging, thoroughly review the charity, look at the organization’s privacy policy and verify if it has appropriate security measures in place to protect transactions. To review charity evaluations, visit www.bbb.org/charity.

Wi-Fi Scams
Sitting in a coffee shop surfing the Internet is not always as handy as it might seem. Make sure the wireless network is password protected, or someone might just be using specialist software to gain access to your passwords and personal details. If you are logging in to email or online banking from an unsecured, public network, you are asking for trouble.

Themed attachments and ‘spam’
Unsolicited email should always be treated with suspicion, more so in over the Christmas season. Any email from a sender you do not know, and which asks you to visit a website or open an attachment is probably not the festive fun it claims to be:

• Ensure you have a spam filtering service active on your email account and if you do receive any spam mail, do not open any attachments or click on any links.
• Notify your contacts that your account is sending out spam messages and for them not to open any short, non-titled or unusually titled emails from you and to ensure that any spam emails they receive are marked as spam and then deleted.
• Ensure your anti-virus and spyware software is up to date and run a scan to check for any issues

Laptop theft
If you are going away for Christmas, lock away your laptop. If it is stolen, the chances are the thief will find a way to access your passwords and personal details, then have a merry old time spending your money.

“Smishing”
You’ve heard of phishing? “Smishing” is when a phishing SMS, or text messages, gets sent to your phone. “These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets,” McAfee says.

You should be extra vigilant over the Christmas period. If something looks to go to be true, it probably is. So make sure you carry out research before providing anyone with your personal or payment details.
Stay Safe & Stay Aware
]]> http://www.garlik.com/blog/?feed=rss2&p=850 1 http://www.garlik.com/blog/?p=847 http://www.garlik.com/blog/?p=847#comments Thu, 01 Dec 2011 15:35:05 +0000 Nick http://www.garlik.com/blog/?p=847 Continue reading →]]> This Christmas, sales of netbooks, laptops and tablets are set to outstrip sales of conventional PCs. The increased use of portable devices is providing scammers with a perfect opportunity to target users of public Wi-Fi networks in cafes, bars, airports and train stations. A common scam is to set up an open wireless access point that is designed to look like an official hotspot such as ‘BTOpenzone’, the cybercriminals then monitor all of the traffic coming through their access point, hoovering up any sensitive details they can.

If you are connecting to a Wi-Fi network, be especially careful that you select the correct network and do not allow your device to automatically find and log into nearby Wi-Fi hotspots.

Let us know if you believe you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware
]]> http://www.garlik.com/blog/?feed=rss2&p=847 0 http://www.garlik.com/blog/?p=844 http://www.garlik.com/blog/?p=844#comments Tue, 29 Nov 2011 11:14:41 +0000 Nick http://www.garlik.com/blog/?p=844 Continue reading →]]> A compromised Facebook account not only leaves your own personal details as risk but also provides cyber criminals with insight into all of your friends’ personal details and activity. It’s therefore important to realise that if one of Facebook friends appears to have had their account hacked, that this could impact directly on you. Access to a Facebook account can provide an online criminal with numerous avenues to gain data and carry out fraudulent activities such as:
• Data mining for mobile phone numbers on account profiles;
• Collecting personal and private information to be used for phishing attempts such as the ‘Grandma Scam’ (in which a fraudster contacts older citizens pretending to be their grandchild in desperate need of money to help them out of a tricky situation);
• Using photos and other profile data to create fake profiles, tricking people into accepting friend requests so as to collect yet more data;
• Installing rogue Facebook applications so as to send spam and scam links to all of the friends on the account;
• Monitor status updates of friends to know where they are and when they are not at home.
Advice

It is all very well your friend notifying you that their Facebook account has been compromised, but this also puts you and your details at risk. You should pay careful attention to everyone on your friends list, if you see any name changes of suspicious activity, immediately perform the following actions to protect your personal information:

• If a Facebook friend’s account is sending out strange messages which look like spam and/or contain links, try to notify them of the situation by alternative contact details (email address, phone number), so they can take action to reclaim their account and mitigate the damage. Do not click on any links posted from their account! If you cannot contact the friend consider blocking or un-friending them;
• If the name changes on one of your friends’ Facebook accounts it might be worth looking into. Perhaps they genuinely prefer the name ‘Max Power’ but it could be a sign that the account is no longer under their control. As above, try to verify that it is in fact still your friend, if you cannot then you should block or un-friend this person;
• Report any fake profiles to Facebook – Do this by navigating to the offending profile, and clicking on the settings menu (the icon looks like a gear/cog) near the top right corner and click on ‘Report/Block’.

Let us know if you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware
]]> http://www.garlik.com/blog/?feed=rss2&p=844 0 http://www.garlik.com/blog/?p=838 http://www.garlik.com/blog/?p=838#comments Tue, 22 Nov 2011 10:39:14 +0000 Nick http://www.garlik.com/blog/?p=838 Continue reading →]]> The Sun has revealed that millions of Xbox users have been hit by a phishing scam by cyber criminals. “In one phishing con, crooks sent emails to players directing them to bogus websites offering free Microsoft points that can be used to buy games.”

Users were then prompted to enter details that provided criminals with access to their online accounts and credit card information. Small amounts were taken over several weeks that were undetected by millions of users. “The average loss to gamers in 35 countries hit by the scam is around £100, but many lost £200.”

Advice
If you believe you have been a victim of this or a similar scam, we would advise that you use our online email checker to detect whether your email address has been compromised.

We would also advise that you immediately change the passwords to all of the online services you use. We advise that you use separate passwords for each site so if one is compromised, the fraudsters will not have access to all of your online accounts. There are free online password managers that can help you manage your passwords.

]]> http://www.garlik.com/blog/?feed=rss2&p=838 0 http://www.garlik.com/blog/?p=819 http://www.garlik.com/blog/?p=819#comments Mon, 21 Nov 2011 17:09:26 +0000 Nick http://www.garlik.com/blog/?p=819 Continue reading →]]> Cybercriminals often build well-known & trusted brands into scams in their attempts to trick computer users into giving money or divulging sensitive information.

We recently had a customer call us in relation to a telephone call from “Microsoft Tech Support”; they had identified that our customer had a virus on their PC and that they may have noticed that their computer had “slowed-down” and he was “experiencing unwanted pop-ups” when using the internet. Sure enough our customer had noticed that his PC had slowed down a bit and he was indeed experiencing many unwanted pop-ups.

It’s a pretty good numbers game for the scammers to gain the trust of the not-so-tech-savvy users, after all PCs do tend to slow down gradually over time & we all know how annoying those constant pop-ups can be whilst you are browsing the internet!

This scam has been doing the rounds for some time, however they it does still seem to be catching out many PC users. Microsoft state that they “will never send unsolicited e-mails or make unsolicited phone calls to request personal or financial information or fix your computer”.

Other Microsoft scams
• During activation of Microsoft Windows, a pop-up appears saying: “Microsoft requires credit card information to validate your copy of Windows”

Microsoft say: “At no time during the validation process do we request your credit card information.”

• E-mail messages claiming to be from Microsoft with attached security updates

Microsoft say: “Legitimate communications do not include software updates as attachments. We never attach software updates to our security communications. Rather, we refer customers to our website for complete information about the software update or security incident.”

• “You have won the Microsoft Lottery”

No, there isn’t a Microsoft Lottery.

Advice

If you are contacted from a company offering you a service or advice about a ‘problem’ they have been made aware of, you should take some time to research the company before providing them with any personal information or payment. For example, the Microsoft website states that; “ If you receive an unsolicited e-mail message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the e-mail or hang up the phone.”

Some fraudsters will claim they are a limited company, if do, they should be registered with Companies House, the official government register of companies. If the offer is to buy or sell shares, they must be registered with Financial Services Authority (FSA) so it will be worth checking with these institutions.
Remember to only open emails and texts, or click on links from trusted sources. If you receive emails or text from an untrusted source, instantly delete them. To give yourself maximum protection from Malware ensure that you are regularly receiving Windows OS system updates and you have a valid anti virus software on your PC devices. If you are worried that you have opened an email like this, then run both a virus scan and check for updates in Windows updates.

If you have been a victim

You should also report similar emails to Action Fraud who provide a central point of contact for information about fraud. If you have received similar scams regarding Microsoft, you should report it to reportphishing@antiphishing.org.

We would also recommend that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

Pop-up Blockers

Did you know your internet browser can block most of those annoying pop-ups? Some pop-ups will contain content that may lead you to untrusted sites that could put your computer and your personal details at risk. We would advise that you have a pop up blocker enabled to prevent the chance of online fraud.

Stay safe & stay aware
]]> http://www.garlik.com/blog/?feed=rss2&p=819 0 http://www.garlik.com/blog/?p=813 http://www.garlik.com/blog/?p=813#comments Wed, 02 Nov 2011 15:05:28 +0000 Nick http://www.garlik.com/blog/?p=813 Continue reading →]]> Facebook has announced that they will be adding two more password tools to its site in an attempt to boost security after growing concerns about the social networks privacy and security issues.

The two new features, Trusted Friends and App Passwords should become available to users in upcoming weeks.

Trusted Friends is a new tool to help users in case they get locked out of their account, Facebook’s security blog states; “you can now select three to five trusted friends who can help you if you ever have issues accessing you account”. “If you forgot your password and need to login but can’t access your email account, you can rely on your friends to help you get back in. We will send codes to the friends you have selected and they can pass along that information to you”

App Passwords is currently a feature in testing that will allow users to use app passwords for logging into third party applications. “Simply go to your Account Settings, then the Security tab, and finally to the App Passwords section”. It will enable users to “generate a password that you won’t need to remember, just enter it along with you email when logging into an application”.

Advice

Facebook users must be careful whom they chose to share their Trusted Friends codes with.

When you can’t log in, Facebook will send codes to 5 of the friends you selected. You will have to communicate with them in some way to gain the codes, however, you only have to enter 3 of the 5 codes. The only fault in this process that we can detect is that if one of the 5 friends asks for 2 of the codes from your other trusted friends they will be able to gain access to your account. It is therefore essential that you carefully choose your trusted friends and keep them to yourself.

]]> http://www.garlik.com/blog/?feed=rss2&p=813 0