Fraud Prevention and Passwords – sometimes the best offense is the easiest defense!

May 31, 2010

As a business ethics and fraud prevention speaker and author, I find that, nearly every week, someone connected with me has their account hacked and the messages that are sent – well let’s put it this way – they aren’t what they would send.  Adult Friend Finder, Viagra, Canadian drug stores – you name it – the hackers seem to be enamored with using someone else’s Facebook account or email to promote their product or service using your good name.

As an Apple computer user the following was shared related to the common hacking problem that many face.  Take a read and let’s understand the benefit of simple information that can protect your account and your Facebook friends!

Reader Deb Ward is the victim of an increasingly common scam. She writes:

I have a MobileMe account that I believe was hacked. First a message was sent to everyone in my .mac email address book that I was in the UK, held up at gun point, stranded, and to please send money. Then, the hacker was able to get into my .mac account and have my emails forwarded to a Yahoo account! How can this happen? How do I protect my email accounts? And how do I protect the rest of the information on my computers?

While this kind of thing isn’t as common as advance fee fraud (typical of the Nigerian royalty wheeze that’s been around for years), it’s a scam that’s become popular in the past few months. It works this way:

The scammers obtain account addresses (not just from the MobileMe service but other providers as well such as Hotmail, Google, and AOL). They then use computer scripts to generate passwords—using words commonly found in the dictionary—and work through these passwords in the hope of finding one that lets them in. When a working password is found, they go about the nefarious business of grabbing your contacts from the host service and sending out the kind of message that your contacts received. Depending on the service, they can also have messages forwarded to a different account.

COMMENT: I can’t begin to tell you how many FB friends have fallen prey to this “London robbing” scam.  Facts are – when you receive a chat comment or email from a friend announcing their robbery – the initial damage is done.  Now if this come via Facebook chat – my recommendation is (1) keep the chat going.  Express your concern and keep a dialogue while (2) opening another browser and going to Facebook to report the activity.  I have found in doing that – that the folks at Facebook are quick to disable the account thereby eliminating the perpetrator from continuing to scam friends who might be shocked into monetary submission.

Your best hope is that those you associate with are smart enough to ignore this obvious bit of phoniness or, at the very least, check with you to be sure that the message is legitimate. On the other hand, those who do pungle up the dough can be counted as extra special (though pretty gullible) friends. Please treat them gently.

As for protection, Protection Tip Number One is to use a password that can’t be easily guessed. If it’s in the dictionary, it’s a bad password. If it’s in the dictionary and you’ve appended a couple of significant numbers after it—your birthday or age—it’s still a bad password. If it’s a pattern of characters on your keyboard—adgjl’, for example, it’s a bad password. If it’s eight characters or less, it’s possibly an okay password, but not a great one.

Protection Tip Number Two is to not use the same password for everything you do. If you unlock your e-mail, Apple ID, Amazon account, Mac administrator’s password, and bank account with that single password, imagine the havoc that results when it’s cracked.

COMMENT:  Excellent suggestion.  While I admit I like to keep the passwords simple for me to remember, it makes sense to have three or so that you use so that in the worst of circumstances one password does not open your entire world up to hackers!

There are a variety of strategies for creating and remembering passwords. People often substitute characters for letters—$ for S, @ for A, and ! for L. Others remove vowels—grtbllsffre1957, for a Jerry Lee Lewis fan, for example. Others still write random strings of nonsense, write down those strings, plunk the passwords into their Mac’s keychain, and lock the written passwords in a safe place should they need them. (These are people who have complete control over their computer—the one in their home, not in the office.)

Because I have a brain like a sieve, I use Agile Web Solutions’ $40 1Password. Not only can it keep track of all the passwords in your life, it can also generate them. Like so:

1Password’s password generator

When you come to a website you need a password for, select the password field, click and hold on the 1Password button that appears in your browser, and choose Strong Password Generator. In the sheet that appears the title of the site should appear along with its location. Use the Length slider to choose a length for your password (the longer the better) and click Fill. 1Password will fill in the password field with the password it just generated. It will later prompt you to save the login information for that site—your username and password. When you next visit, you can ask 1Password to fill in this information for you.

If you lack the inspiration to create a password for some other kind of account—your e-mail account, for example—1Password can help there too. Just launch the program, choose Go -> Generated Passwords, click the Plus (+) button at the bottom of the second column, and use a procedure similar to the one I just described to create a new password. 1Password will remember this one as well.

FINAL THOUGHTS:  If creating a simple but effective password can save your bank account, credit card information, Facebook account and email – then it makes sense to take the steps necessary to protect yourself.  After all the best defense is a good offense and creating an effective password is OFFENSIVE RULE #1.

Advertisements

Business Ethics Daily Roundup – January 13, 2010

January 13, 2010

As a business ethics speaker and author, as you can imagine, I work daily to keep up with what’s happening.  My wife asked me the other day, “well…how do you share that?”  It dawned on me, I don’t – except in my presentations and more formal writings.  So – from that simple question was birthed the idea of a daily roundup.

Here goes…and I hope it helps.

Aerospace and Defense Industry Commit to New Global Principals of Ethical Conduct – The first International Forum on Business Ethical Conduct for the Aerospace and Defence Industry (IFBEC) took place today in Berlin.  The forum strengthened exchange between industrial, institutional and state players within these key sectors, encouraging them to participate in the development of fair competition rules. It demonstrated the commitment of the aerospace and defence industry to business ethics.  Full story here.

Scrutiny of White Collar Crime Grows – About 25 embezzlers met their downfall last year in Greater Cincinnati and Northern Kentucky, particularly in Butler County, when they were busted in cases totaling $2.2 million – a record-high for the county, officials believe. Full story here.

Should ‘The Office’ Be Used In HR Training? (this is a really cool story)The Office, a comedy about a jumble of oddball workers trying to get along in a claustrophobic environment, is a phenomenon of our times, a period when the American workforce is more diverse than it has ever been.  The question is – should this quirky comedy be used to illustrate sensitive points when doing HR training?  Full story here.

The Foreign Corrupt Practices Act: An Overview – Corruption poses a significant legal and economic risk for corporations doing business around the world, particularly in developing and transitioning countries.  Because of this increased enforcement activity, managers and directors who run multinational corporations are rightfully concerned about their compliance efforts.  Full story here.

More to come tomorrow.  Meanwhile, for more ethics information and discussion – join me on Facebook – link here.


Facebook Scams and Fraud – Warning from Business Ethics and Fraud Prevention Speaker Chuck Gallagher

January 8, 2010

AVOIDING COMMON FACEBOOK SCAMS  

SCAM #1

I can’t tell you lately just how many times I have had a Facebook friend pop up in chat telling me that they are having a bad day.  Seems that someone mugged them while they were visiting friends in London.  (Guess London is the new fraud hot spot?)

Anyway the fraudster goes on to request money from their Facebook friend and gives them wire transfer information.  NOTE:  THIS IS A SCAM.  I suspect that most of you have figured it out, but just in case – DON’T FALL FOR THIS HOAX.

If you receive this type of communication, Facebook provides an easy solution to help your friend avoid the SCAM continuing.  Here’s Facebook’s suggestion (and it works):

We are currently working with people whose accounts have been affected…
We are currently working with people whose accounts have been affected by money transfer scams. Please use caution around messages from friends claiming to be stranded and asking for money.

Your friend’s Facebook account may have been compromised by cybercriminals attempting to impersonate them. Most frequently, these criminals will gain control of a Facebook account, and use the Chat or Status features to claim they are stuck in a far away location and in need of financial assistance.

If you have received a message like this, please enter your friend’s account information in this form so that we can make sure your friend’s account is secure.

Recently, I had two friends whose account had been hacked.  When I received the request for funds I set up a separate tab and went to Facebook directly typing in the data requested to protect my friend – while keeping the scammers on the chat line.  I copied the chat – pasted it into the Facebook location asking for specifics and while chatting with the scammers (expressing my disbelief at what had happened to them – cause I knew it was all fake), my friends account was shut down…SCAMMER FOILED!
SCAM #2
You receive the following e-mail announcement:
Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

This too is a CROCK OF CRAP!  DO NOT OPEN THE ZIP FILE ATTACHED.  It is only a way for someone to gain information from your email address and hack your email, Facebook account or access other information.
Hopefully this information is helpful.
If you know of other scams that are currently being used and wish to help alert other, please make a comment.  Facebook is a wonderful tool and worth keeping safe.

Prospective employers checking you out on Facebook not ethical? Get over it.

November 8, 2009

Is it ethical for a company to use what you freely post on a social networking site as part of their decision making process?

I posed that question the other day to a group of students at Queen’s Business School in Kingston, Ontario.  The answers I got were interesting; they generally saw sites like Facebook as just that: a social networking tool. And they didn’t generally connect that a prospective employer has an ethical right to base their hiring decision on what a candidate posts online in their off hours.

But here’s the thing: Regardless of the ethical questions at play, what you post online will likely be found, in one form or another, by prospective employers. A recent study found that 45 percent of employers surveyed use social networks to screen job candidates.

So, here’s a question for all business students: At a time when unemployment is at a 26-year high, and competition for jobs is fiercer than ever, what are you currently doing with Facebook, LinkedIn, and Twitter to expand, find, or grow your career? Are you taking advantage of what’s free in a way that allows you to take those steps?


Facebook – Nude Student Photos and a College IT Administrator: Robert T. DeCampos, Jr. – Dumb and Dumber!

March 6, 2009

I never cease to be amazed at the stupidity of what people will do with social networking.  Dumb – don’t put nude pictures on your facebook account!  That most would say that is common sense, but it seems that “common sense” goes out the window with some folks when it comes to their Facebook or MySpace pages.

Perhaps someone will get a clue – these are public and can be found!

ADVICE:  Don’t put anything on Facebook, MySpace, LinkedIn or any other site that you wouldn’t want your mother or boss to see.  If you feel that you could be fired or severely scolded for your entries – don’t put it on the site.

Enough Said!  facebook-logo

CRIMINAL ACTIVITY:

According to SouthCoasttoday.com – Robert T. DeCampos Jr., 30, a Dartmouth resident, and computer administrator, faces charges that he illegally obtained nude and semi-nude photos of about 16 female students by hacking into their UMass e-mail accounts and Facebook files.

What did he allegedly do and how?  According to published reports:

His first step, according to court documents, was to search Facebook for female UMass Dartmouth students. Next, he checked the names with the campus Web site.

Then he would use his administrative authority to access their e-mail, where he would attempt to log into their personal Facebook accounts. When that failed because he lacked their Facebook passwords, he would have Facebook send a link for a new password back to their e-mail. The hacker would then open the e-mail to reset the password, then enter Facebook with all the privileges and access of the student.

At that point he could view all of the students’ photographs, including private ones, and do further searches for their friends.

According to The Chronicle of Higher Education:

The university fired Mr. DeCampos last fall after police searched his home and found a portable flash drive containing the photos. Mr. DeCampos, who was released on his own recognizance after the arraignment, is being charged with 13 misdemeanor counts of unauthorized access, which carries a maximum penalty of 30 days in jail and $13,000 in fines. He is also being charged with one count of felony larceny, which could mean up to a five-year jail term and a $25,000 fine.

The Boston Herald also reported:  “Robert T. DeCampos Jr. also attempted to snap “upskirt” images of shoppers at an electronics store in Dartmouth, authorities said yesterday, following a four-month probe into the alleged cyber snooping, according to the New Bedford Standard-Times.”

THOUGHTS:

It appears obvious that DeCampos (while innocent until proven guilty) is experiencing the consequences of his choices.  As an ethics speaker, there is little doubt that DeCampos will likely serve time in prison for his actions.  But there is another question that deserves attention: why would someone put nude or partially nude photos on Facebook?  Is there really a thougth that Facebook is private – that there are no consequences of the student’s actions?

WHAT ARE YOUR THOUGHTS?


Facebook, Photo’s and Firing! Nurses Fired for Posting Cell Phone Pictures to Facebook … Comments by Ethics Speaker Chuck Gallagher

February 26, 2009

An article on WISN.com caught my attention and the attention of CNN – as they reported on a nurse who was fired for her (ethical lapse) – choices regarding a photo and comments.  cell-phone

So here’s part of the story as posted by WISN.com:

Nurses accused of photographing a patient and posting the pictures on the Internet have been fired.

The investigation started with an anonymous call from an employee at Mercy Walworth Medical Center in Lake Geneva, with the allegation that a nurse took pictures of a patient with her cell phone and posted them on her Facebook page.

Now before I continue with the story – lesson #1.  DON’T POST STUFF ON FACEBOOK that might be questionable.  A simple rule of thumb…if you think that your employer or your mama would not like your posting – DON’T PUT IT ON THE SITE (or anywhere else on the internet).  It can be found.  It will be found.  And, it will be used against you!

The story goes on to say:

Last week, the nurse told 12 News she never posted the pictures on the Internet. Investigators have since interviewed the nurse and said she offered more details.

“There were two nurses that independently took a picture each of an X-ray of a patient,” Walworth County Undersheriff Kurt Picknell said.

The patient was admitted to the emergency room with an object lodged in his rectum. Police said the nurse explained she and a co-worker snapped photos when they learned it was a sex device. Police said discussion about the incident was posted on her Facebook page, but they haven’t found anyone who actually saw the pictures.

The nurse removed her Facebook page from the Internet last week. Without more, Picknell said this conduct does not appear to violate any state laws. He has referred the case to the FBI.

“We’ve notified federal authorities of this allegation to see if there are federal violations, most notably HIPAA violations, patient rights,” he said.

OUCH!  FBI.  Those three letters are worse than the IRS.

A similar story was reported on December 29, 2008 – same story but posted to MySpace.  As a ethics speaker, I wonder (often) why people believe that their pages on MySpace – Facebook or any other free social networking site are somehow theirs and not public information?  And it’s not the adults that are the only folks with that attitude.  As I speak to University students around the country – they seem to have the same attitude.  They feel that their drunken party photos that have been posted and tagged should be off limits to employers who are considering them for a position.

That is not reality.  Reality is – what you post you are accountable for.

Every choice has a consequence.  This is not the first such example and it won’t be the last.  One thing is for sure, as social networks grow more and more people will be called to task for their postings.  Social networks are wonderful, but be cautious, be careful and avoid the FBI…!


Students – It’s Time to Think of Facebook in a Different Light! Comments by Business Ethics Speaker Chuck Gallagher

February 16, 2009

Facebook – on of the fastest growing social networking sites can be awesome or can be a curse. Started by a young man who wanted to keep up with his friends, Facebook has become an outstanding tool. Likewise, like any tool, how you use it determines whether it will serve you or hurt you.

As a business ethics speaker I talk to college groups all around the country about effective uses of Facebook and other social networking sites. The creative application of Facebook could make the difference in whether you get that first job (the one you really want) or don’t. The question is – “Is Facebook a tool for business or a public garbage dump for how you feel at the moment?” facebook-logo

Here’s a garbage dump example:

A Calvin College student has been suspended for one year over a lewd Facebook message he allegedly posted about an ex-girlfriend.

According to an article in The Grand Rapids Press, a message about an ex was posted from Tony Harris’s account in November that “referred to the woman in two slang terms and referenced sexuality.” Calvin officials did not return calls from The Chronicle, but the newspaper reported that the college cited Mr. Harris, a sophomore, for violating technology and conduct codes at the institution, which refers to itself as “distinctively Christian.”

The acceptable-use policy on the college’s Web site prohibits “communication that degrades or harasses individuals or groups.”

Mr. Harris, who not respond to requests for comment from The Chronicle, has insisted that the ex-girlfriend, who he said knew his Facebook password, logged in to his account and sent the message herself, presumably to frame him, the newspaper reports. Calvin officials were apparently unconvinced.

In order to resume his studies at Calvin in a year, Mr. Harris will need to re-apply to the college and recant the Facebook message, according to report. —Steve Kolowich

Now, ethically speaking, Mr. Harris used Facebook as a public garbage dump for how he felt about his ex-girlfriend. Not only was that less than honorable, but it had repercussions far greater than Mr. Harris would have expected when he posted his thoughts or feelings.

Every choice has a consequence.

The Consequence: Kicked out of school! Not allowed to return without reapplying and who knows what other repercussions he is experiencing from his ex-girlfriend and parents. In fact, one might wonder how many girl would now want to be his girlfriend since he has demonstrated that he might not honor them when they part?

There’s a saying – “garbage in — garbage out.”

While Facebook may have been started as a social networking site, it is rapidly becoming a “product/person differentiation site”. In other words, with Facebook being public and searchable, people of all ages who use it should consider that it is nothing more than a personal web site. What you put on there is your advertisement of yourself. If you want to sell yourself, you need to consider what you say and how you position yourself.

Facebook is a powerful tool – use it to your advantage!

Read the rest of this entry »