Millennials more susceptible to online fraud than older Canadians Millennials more susceptible to online fraud than older Canadians

While young people take to the web and social media like the proverbial duck to water, it seems they’re much more susceptible to online fraud than baby boomers and seniors.

A flurry of surveys have been released this week to mark Fraud Awareness Month. One from CanadaHelps.org and Capital One Canada finds 45% of millennials aged 18 to 34 do no due diligence before donating to charity and 52% are spontaneous “on the fly” donors. Both traits put them at risk for fraud.

The survey of 1,0 found millennials more than twice as likely as other demographic cohorts to fork over per information. They’re half as likely to ask whether a charity is registered or to ask for a solicitor’s identification. Yet only 19% of millennials are overly concerned about being defrauded — compared to 27% for other generations.

Door-to-door solicitations are giving way to online appeals. While telephone still accounts for 20% of charitable appeals, email is close with 17%, as is social media also at 17%. More than a third don’t trust the security of online donations. While 90% trust online banking and 84% trust online retail purchases, only 65% trust online donating.

You can find an online Charity Fraud Awareness Quiz here. 

Visa Canada: all generations have bad online habits

On Monday, Visa Canada also released a survey which found Canadians of all ages have bad habits when it comes to protecting themselves against financial fraud. Like Capital One, it found seniors more suspicious than young people about sharing personal information online.

It found those aged 18-30 were most likely to share personal information online (32%), versus 24% of those aged 31-45, 14% of baby boomers (aged 46-65), and 9% of seniors (66 and older) who engaging in similarly risky behaviour:

Young Canadians are the most likely to overshare personal information on social media sites, including their email address, home address, birthday, or phone number – information that could be used fraudulently for identity theft and other scams. They are also most likely to share their credit card information and PIN (Personal Identification Number) with someone.

Visa is holding a free seminar on March 1st in Toronto for about how seniors can protect themselves. Details here.

TD: Citizens more vigilant about traditional debit card fraud and identity theft

TD Canada Trust has also released a survey on this topic. It finds 84% of Canadians are worried about online fraud, 77% fret about malicious social media apps, 72% worry about phishing and 61%  fraudulent cell phone apps.

They also continue to be concerned about more traditional forms of fraud: 87% worry about debit card fraud (down from 81% in 2011) and 91% worry about identity theft (down from 86%) but more people are taking precautions to protect themselves.

Source: http://opinion.financialpost.com/2012/02/28/millennials-more-susceptible-to-online-fraud-than-older-canadians/

2012 Riskiest Online City Study Released By Norton

Do you feel safe walking the streets of your hometown? What about browsing the Internet?

Cybersecurity experts at Norton commissioned research firm Sperling’s BestPlaces to examine the cities in the U.S. where 'net users are most vulnerable to cybercrime. The resulting study, titled 2012 Riskiest Online City, assesses the prevalence of Internet use in addition to the types of risks users face online. Consumer statistics include the use of smartphones, the use of social networks and more. BestPlaces also looked at the following cybercrime data: bot-infected computers located within a specific city, attempted malware infections, spamming IP addresses found within a specific city and web attacks originating within a specific city.

Seattle, last year's number one riskiest city, fell to second place on this year's list. According a release emailed to The Huffington Post by Norton, this year's riskiest city (see slideshow) "scored exceptionally high in almost all categories, with the exception of social networking. It was near the top in the number of malware attempts and other cybercrime data and also had the second-highest smartphone use in our survey."

"Cities with the greatest risk factors do not necessarily correlate with the highest infection rates, reflecting the fact that many consumers are taking precautions to keep themselves safe," Norton noted in a press release accompanying the study. Marian Merritt , Norton's Internet Safety Advocate, offers advice to for web usersin a video posted on the company's website. She suggests using challenging passwords for all devices and online accounts; surfing the web via secure WiFi networks and avoiding activities like online banking when using open WiFi networks; ignoring too-good-to-be-true offers and promos around the web; using security software for connected devices.

Take a look at the slideshow (below) to see the top 9 riskiest U.S. cities online. Visit Norton's website to see the entire list of the top 50 riskiest cities online, and the riskiest European cities online, too.

Source: http://www.huffingtonpost.com/2012/02/26/2012-riskiest-online-city-study_n_1302611.html?ref=technology

Facebook scam: Oops!!! There was a hidden camera in Justin Bieber’s bedroom

Facebook scammers are once again exploiting ignorant victims with claims that Justin Bieber and Selena Gomez have been filmed on camera, this time in Bieber’s bedroom. The story is false.

This version starts off with “Oops!!! There was a hidden camera in Justin bieber’s bedroom” or “00ps!!! There was a hidden camera in Selena & bieber’s bedroom” or “Oops!!! There was a hidden camera in Selena & bieber’s bedroom” followed by a fraudulent link. There is also a description titled “WOW HaHa it’s really so funny ~ Don’t Miss it!” or “HaHa it’s really so funny – Don’t Miss it!”

The link takes you to what appears to be video embedded on what looks like a Facebook webpage. Both are fake. The scammers’ goal is to drive more traffic towards certain sites. This is how the scammer earns his or her money: a commission for every survey completed, every product purchased, and/or every account compromised. You’re also told to share the link with all of your Facebook friends, as well as add a comment. The next webpage urges you to sign up for a premium rate mobile phone service, complete an online survey, and/or buy some pills. Last but not least, they also use the scams to spread malware and obtain personal information.

As a general word of caution, don’t click on everything your Facebook friends share on the social network. If you see a scam like this one, report it. Then go check your own Wall to make sure you’re not spreading the scam; the sooner you clean it up and Unlike any relevant Pages, the better. You can also contact Facebook Security if you’d like to.

Source: http://www.zdnet.com/blog/facebook/facebook-scam-oops-there-was-a-hidden-camera-in-justin-biebers-bedroom/9497

Won't Be Fooled Again: Women Duped by Online Dating Learn of Scams

"I'm so glad I found out," said Barb Colborne, after discovering the man she met on Match.com had multiple identities.

Colborne, a widow living in Apple Valley, thought her online suitor was a potential husband, until she watched an NBC4 investigation in early February. "He sounded great," she said.

The investigation exposed what authorities say is a "tidal wave" of criminals, who lure men and women by posting fake profiles on dating websites, and then try to scam them out of money.

NBC4 showed viewers how to find out if someone they meet online is a potential scam-artist.

"I was up 'til 3 o'clock in the morning from an 11 pm show, because I was just going and going," said Barb, who decided to use some of the research tools she saw on NBC4's 11 pm news.

There are numerous free websites, which can help you research people who post profiles on dating and social media websites.

If an online suitor gives you a home address, you can put the address in a real estate websites, such as Zillow, to see if it really exists.

The US government also has a website  that tells you how to identify the online profile of a crook. And Google +  has a little-known "face recognition" feature called Find My Face on its site, that can help reveal the real identity of someone in a photo posted online.

The man who contacted Barb Colborne on Match.com called himself "Brian" and claimed he was a 50-years-old, was of Italian descent, and lived in Los Angeles. After seeing NBC4's report, Barb decided to upload the photos he sent her into Google's face recognition feature, "because I learned how to do it on TV," Colborne said.

Google directed Barb to a different dating website, where she found another profile with Brian's photos . But the man in this profile was calling himself "Kelvin" and had a different background: 47 years old, Native-American, and lived in Del Sur.

"I've been duped," Colborne said. She emailed "Brian" and told him she thought he was a fraud, but he never responded.

Numerous other viewers also realized they'd been duped after seeing the report.

In our early February report, we exposed a scammer on Match.com who called himself "Frank Chadwicks" of Oceanside. "Frank" created a fake profile, using someone else's pictures stolen off the internet, to romance women like Dawn DeMars of Thousand Oaks, and then ask them to loan him money.

"What woman wouldn't like a guy to say, 'gorgeous picture (you have), love your smile," DeMars said about the amorous emails she received from "Frank."

But at least two more women who saw the NBC4 investigation said "Frank Chadwicks" was also telling at the same time that he wanted to marry them, and was asking them for a loan.

"Imagine my surprise watching the 11 pm news, and you mention Frank Chadwicks, who also said he "loved" me in no less than five emails," said Melinda of Los Angeles, who asked that her last name not be used to protect her privacy.

A spokesman for Match.com said the web dating service  isconstantly on the lookout for scammers on its site, the world's largest online dating venue.

"We take these issues very seriously and diligently address them on the site, tracking, monitoring and preventing fraud at every step of the way," the company in a written statement to NBC4.

Match.com has a team of more than 100 fraud agents "who manually review every profile before it’s allowed on the site," according to the statement. "But a few of these sophisticated criminals still slip through all of our checks."

Source: http://www.nbclosangeles.com/news/local/Wont-Be-Fooled-Again-Women-Duped-by-Online-Dating-Learn-of-Scams-140654083.html

Identity Theft Rising; Users of Social Media Most at Risk

Be careful who you friend.

Identity fraud jumped 13 percent in 2011, affecting 11.6 million adults and raking in untold millions of dollars from unsuspecting victims--both online and off, according to Javelin Strategy and Research, a California-based financial services firm.

Social media accounted for a majority of personal data stolen or obtained through false pretenses.  According to Javelin Research, Google+, LinkedIn, Twitter and Facebook users were the most at risk.  Not surprisingly, users with public profiles--the accounts most accessible to would-be fraudsters--were the most forthcoming with personal information, such as birthdates, phone number, and data frequently used as passwords, such as children’s and pet’s names.

Over 5,022 individuals were surveyed through October 2011 and were asked whether or not they had been a victim of fraud and then such salient details as when they first discovered that their personal and financial information were stolen.  What researchers found was disturbing--the incidence rate for fraud jumped to 4.90 percent, an increase of 11 percent over 20120, despite improvements in data security.

Smartphone users were also at higher risk. Owners of iPhones and Androids were 33 percent more likely to be victims of fraud compared to the general population.  Behavior seemed to be at fault. Over 32 percent of smartphone users didn't update their operating systems, and a whopping 62 percent did not enable passwords on their phones.

Although fraudsters seemed eager to take advantage of Facebook and Twitter, the biggest paydays came from old fashioned scams as well as computer hacking. Victims of data breaches were 9.5 times more likely to have their personal identity stolen, compared to other forms of identity theft.

But according to James Van ***, president and CEO of Javelin Research, all is not bleak.

"While identity fraud incidence increased last year, it is becoming less profitable for fraudsters," Van *** said in a statement. "Consumers, the financial services industry, law enforcement and government are stopping fraud earlier and making new account fraud more difficult to perpetrate... Consumers must be vigilant and in control of their personal data as they adopt new mobile and social media technologies in order not to make it easier for fraudsters to perpetrate crimes."

But as consumers become more tech-savvy, hackers are keeping pace, accessing the personal information of users, even as corporations struggle to beef up network security.

Take Sony for example.  In 2011, the maker of the PS3 had its corporate information compromised three separate times by hackers allied with hacktivist group Anonymous in retaliation for a lawsuit against a hacker who published an exploit allowing users to run the Linux operating system on the PS3.

The worst of the three attacks, which took place in April 2011, affected nearly 715,000 users and shut down Sony's servers for nearly a month.  In a blog post, Sony alerted all 77 million of its users about the 'external intrusion' of its network, advising them to change their passwords and cancel credit cards.

In a class action lawsuit, gamers later sued Sony in a U.S. court, alleging that the company did not do enough to protect their data.  The case is ongoing.

But it's not just hackers who are gaming unsuspecting consumers.  According to a Consumers Union report released last month, almost 50 million consumers bought ID theft protection services from banks and corporations in 2010, accounting for $3.5 billion in profits from users subscribing to various services, including filing fraud alerts and removing personal information from marketing lists.  According to Consumers Union, many of these services are 'questionable', in many cases charging $100 to $300 for services that banks are already mandated to provide by federal law.

Approximately 1.4 million Americans were victims of identity fraud in 2011.  Yet marketers often exaggerate the threat.  In one notorious case, Chase implored customers to purchase its service, warning that ID theft was growing 'by an alarming 11 million victims each year' according to Consumers Union.

In Chase's case, much of their promotional material was either based on outdated or incomplete data from 2009--hardly current information.  Other companies, such as Wells Fargo, overstate the performance of their credit monitoring, claiming to be able to pick up new account theft such as the use of social security numbers and birth dates to generate income and commit crimes.  In reality, new account theft is rare, accounting for 765,000 ID theft cases in 2010.

 "We tell people to take the information seriously, but don't panic" Jeff Blyskal, senior editor at Consumer Reports, which authored the Consumers Union article, said in an interview with The New York Times' Alina Tugend Feb. 10.

But with identity theft a constant headache for households, staying calm is hard to do.  According to the Justice Department, of 8.6 million households surveyed at least one person 12 or older was a victim of identity theft in 2010, costing households $13.3 in lost income.

Meanwhile, Javelin Research is offering tips and tricks for consumers who want to protect their data.

"Keep personal information private," Javelin's report warned.  "Be careful about publicly exposing personal information that could be used for authentication, like full birth date and high school name.  Use mobile devices responsibly, and report problems immediately."

With over 42, 951 individuals surveyed over nine years, Javelin's identity fraud reports are some of the most comprehensive in the industry, examining not only the impact of identity theft on consumer behavior, but  online and offline identity theft trends.

Source: http://ohmygov.com/blogs/general_news/archive/2012/02/24/identity-theft-rising-users-of-social-media-most-at-risk.aspx

Not without a fight - Protecting Children from Online Predators Act

The most disappointing moment in the otherwise heartening backlash against the Protecting Children from Online Predators Act came right at the beginning, immediately after Public Safety Minister Vic Toews issued his immortal Question Period ultimatum. Mr. Toews was defending a law that would, among other things, allow government agents to march into your Internet service provider, without a warrant, and "examine any document, information or thing." In this regard, he said Liberal MP Francis Scarpaleggia, and by extension all Canadians, "can either stand with us or with the child pornographers."

He deserved - Canadian democracy deserved - nothing less than a humiliating, well-crafted, immediate putdown. He didn't even get a "for shame."

Members of Parliament have said stupider things in the House of Commons. But rarely do they turn and fire on a significant sub-population of their own parties - in this case civil libertarians, the more doctrinaire of whom often vote Conservative (or used to). It would be like a staunch federalist New Democrat MP declaring that Quebecers must either "stand with the Clarity Act or stand with the FLQ."

In a dozen words, Mr. Toews encapsulated both the intellectual bankruptcy of the post-9/11 security/freedom equation and the capricious, self indulgent doltishness that sometimes infects the Conservative government's policymaking. Any high school student should be able to identify and debunk the fallacy Mr. Toews was employing; to defend the intrinsic value of freedom and privacy; to articulate the dangers of handing governments excessive and unnecessary powers.

In a parallel Canadian political universe, this was an opportunity for Mr. Scarpaleggia to make a notable contribution to Hansard. Instead, he simply reasked the questions that earned him Mr. Toews' cretinous rebuke. It is not even clear that he heard what Mr. Toews said.

One was a very good question, incidentally: "What guarantee do we have that the government will not use these new powers to intimidate Canadians who want to gather to demonstrate against a pipeline, for example, or against a decision to cut their pensions?"

But when you ask a minister a fair question, and in response he accuses you of organizing a mutiny of perverts, calmly asking the question again is not the right move.

I don't mean to pick on Mr. Scarpaleggia. That's our Parliament. But watching him and Mr. Toews reading desultorily from their prepared scripts, in a room of people so unengaged that Mr. Toews' statement went all but unnoticed, one is reminded just how poorly served Canadian civil libertarians have been. One is reminded, as indeed Mr. Toews reminded Mr. Scarpaleggia, that the push for this sort of legislation originated in Liberal times.

That's the awful truth: Neither the Conservatives nor the Liberals have demonstrated any desire in governance to limit the expansion of the state's security and monitoring powers. It's probably fair to believe New Democrats would do things differently if given the chance, but that gamble comes with a lot of mandatory and unpleasant side bets - not least for doctrinaire civil libertarians.

Writing in Tuesday's National Post, my colleague Andrew Coyne struggled to comprehend why the backlash against this online snooping bill is so strong, whereas opposition to two previous attempts at similar legislation - one by the Liberals, another by the Conservatives - was relatively muted.

The biggest factor, I suspect, is dramatically eroded confidence among conservatives in police forces, and especially their leadership, in the wake of the Robert Dziekanski incident, the G20 mass arrests and dozens of lower-profile miscues, cover-ups and slaps on misbehaving officers' wrists. (Supporting the long-gun registry to its dying breath probably didn't help, either.) This might be the worst time in modern history to sell increased police powers to Canadians.

The sheer time elapsed since 9/11 is another major factor. Ten years ago, people were scared; they thought the world had changed utterly and forever; many accepted that unfortunate compromises in principle were necessary. We have since recovered, though some law-and-order conservative politicians haven't.

So, I think Mr. Toews' comment sealed the deal. In the light of day, the War on Terror-era "you're with us or you're with the terrorists" argument is cringe-inducing; sub in criminals for terrorists and it's laughable. More importantly, though, I suspect Mr. Toews finally confirmed a certain suspicion among many Canadians: When the government tells you it needs to limit your privacy or freedom, what it probably means is that it wants to limit your privacy and freedom and thinks you won't put up a fight. It's delightful to see this government proved wrong.

Source: http://www.nationalpost.com/life/travel/without+fight/6189024/story.html

Facebook Backs Safety Initiative: A Platform For Good

The Family Online Safety Institute, an international nonprofit organization dedicated to online safety that counts Facebook among its members, announced an initiative aimed at allowing parents, teachers, teens, and kids to team up and focus on online safety.

A Platform for Good, which will launch in September, will provide the following resources for each group mentioned above.

• Kids and teens will gain access to incentive-based interactive activities that teach them about online safety;
• Parents will receive conversation-starters and tips via text and social networks to encourage their families to discuss current events; and
• Teachers will have access to instructional videos and web-based activities.

FOSI Chief Executive Officer Stephen Balkam said:

All too often, online safety discussions focus on the dangers of technology. It’s time to transform the discussion and create resources to inform, inspire, and empower kids to make the right choices online. That is why FOSI is so proud to announce A Platform for Good, which is unique in its positive and holistic approach to digital citizenship education.

And Kim Sanchez, chair of FOSI’s board and a director of privacy and online safety at Microsoft, added:

A Platform for Good is an incredible opportunity to provide people with a positive message about online safety education. I am pleased that so many industry leaders are stepping up to make this initiative possible; it demonstrates the power that collaboration and innovation can bring to help families enjoy safer online experiences.

Other FOSI members besides Facebook are: AOL, AT&T, BAE Systems Detica, BT Retail, Comcast, Disney, the Entertainment Software Association, France Telecom, Google, GSM Association, Microsoft, the Motion Picture Association of America, NCTA, Nominum, Optenet, RuleSpace, Sprint, Symantec, Time Warner Cable, Telecom Italia, Telefónica, Telmex, USTelecom, The Wireless Foundation, Verizon, and Yahoo.

Source: http://www.allfacebook.com/a-platform-for-good-2012-02

Tax Appeal Email Scam

‘Tis the season, folks. Expect more and more bogus emails in your inbox as tax season heats up. Scams to steal your identity and/or financial information are rampant, causing the IRS to include phishing and identity theft at the top of their “Dirty Dozen” list for 2012.

The newest version making the rounds look like this:

The text reads:

Dear Accountant Officer,
Hereby you are notified that your Tax Appeal id#8425475 has been DECLINED. If you believe the IRS did not properly examine you case due to a misunderstanding of the situation, be ready to submit additional information. You can access the rejection report and re-submit your appeal using the following link Online Tax Appeal.

Internal Revenue Service

There are a couple of flags that should tip you off that this isn’t a legitimate email from IRS. One, the sender is Buddy Shields at irs.com; the IRS address is irs.gov, not irs.com. Two, in my case, the email was sent to every person in my law firm, including lawyers that are no longer at the firm; for obvious reasons of privacy, this would never happen with a legitimate email. Three, I received multiple versions of the email from different “agents” at IRS. Four, the language is awkward; while the Tax Code is sometimes difficult to understand, the IRS wouldn’t start correspondence with “hereby you are notified.”

And of course, the obvious: the IRS does not initiate contact with you about your tax account via email.
The email actually comes from a server located in Bydgoszcz, Poland and is blocked by at least one spam blocker (www.barracudacentral.org). The link doesn’t take you to IRS at all: it takes you to another URL altogether.

You know what to do: delete, delete, delete.

And in my best Michael Conrad as Sgt. Phil Esterhaus voice: Hey, let’s be careful out there.

Source: http://www.forbes.com/sites/kellyphillipserb/2012/02/22/tax-appeal-email-is-a-scam/