Fraud Prevention and Passwords – sometimes the best offense is the easiest defense!

As a business ethics and fraud prevention speaker and author, I find that, nearly every week, someone connected with me has their account hacked and the messages that are sent – well let’s put it this way – they aren’t what they would send.  Adult Friend Finder, Viagra, Canadian drug stores – you name it – the hackers seem to be enamored with using someone else’s Facebook account or email to promote their product or service using your good name.

As an Apple computer user the following was shared related to the common hacking problem that many face.  Take a read and let’s understand the benefit of simple information that can protect your account and your Facebook friends!

Reader Deb Ward is the victim of an increasingly common scam. She writes:

I have a MobileMe account that I believe was hacked. First a message was sent to everyone in my .mac email address book that I was in the UK, held up at gun point, stranded, and to please send money. Then, the hacker was able to get into my .mac account and have my emails forwarded to a Yahoo account! How can this happen? How do I protect my email accounts? And how do I protect the rest of the information on my computers?

While this kind of thing isn’t as common as advance fee fraud (typical of the Nigerian royalty wheeze that’s been around for years), it’s a scam that’s become popular in the past few months. It works this way:

The scammers obtain account addresses (not just from the MobileMe service but other providers as well such as Hotmail, Google, and AOL). They then use computer scripts to generate passwords—using words commonly found in the dictionary—and work through these passwords in the hope of finding one that lets them in. When a working password is found, they go about the nefarious business of grabbing your contacts from the host service and sending out the kind of message that your contacts received. Depending on the service, they can also have messages forwarded to a different account.

COMMENT: I can’t begin to tell you how many FB friends have fallen prey to this “London robbing” scam.  Facts are – when you receive a chat comment or email from a friend announcing their robbery – the initial damage is done.  Now if this come via Facebook chat – my recommendation is (1) keep the chat going.  Express your concern and keep a dialogue while (2) opening another browser and going to Facebook to report the activity.  I have found in doing that – that the folks at Facebook are quick to disable the account thereby eliminating the perpetrator from continuing to scam friends who might be shocked into monetary submission.

Your best hope is that those you associate with are smart enough to ignore this obvious bit of phoniness or, at the very least, check with you to be sure that the message is legitimate. On the other hand, those who do pungle up the dough can be counted as extra special (though pretty gullible) friends. Please treat them gently.

As for protection, Protection Tip Number One is to use a password that can’t be easily guessed. If it’s in the dictionary, it’s a bad password. If it’s in the dictionary and you’ve appended a couple of significant numbers after it—your birthday or age—it’s still a bad password. If it’s a pattern of characters on your keyboard—adgjl’, for example, it’s a bad password. If it’s eight characters or less, it’s possibly an okay password, but not a great one.

Protection Tip Number Two is to not use the same password for everything you do. If you unlock your e-mail, Apple ID, Amazon account, Mac administrator’s password, and bank account with that single password, imagine the havoc that results when it’s cracked.

COMMENT:  Excellent suggestion.  While I admit I like to keep the passwords simple for me to remember, it makes sense to have three or so that you use so that in the worst of circumstances one password does not open your entire world up to hackers!

There are a variety of strategies for creating and remembering passwords. People often substitute characters for letters—$ for S, @ for A, and ! for L. Others remove vowels—grtbllsffre1957, for a Jerry Lee Lewis fan, for example. Others still write random strings of nonsense, write down those strings, plunk the passwords into their Mac’s keychain, and lock the written passwords in a safe place should they need them. (These are people who have complete control over their computer—the one in their home, not in the office.)

Because I have a brain like a sieve, I use Agile Web Solutions’ $40 1Password. Not only can it keep track of all the passwords in your life, it can also generate them. Like so:

1Password’s password generator

When you come to a website you need a password for, select the password field, click and hold on the 1Password button that appears in your browser, and choose Strong Password Generator. In the sheet that appears the title of the site should appear along with its location. Use the Length slider to choose a length for your password (the longer the better) and click Fill. 1Password will fill in the password field with the password it just generated. It will later prompt you to save the login information for that site—your username and password. When you next visit, you can ask 1Password to fill in this information for you.

If you lack the inspiration to create a password for some other kind of account—your e-mail account, for example—1Password can help there too. Just launch the program, choose Go -> Generated Passwords, click the Plus (+) button at the bottom of the second column, and use a procedure similar to the one I just described to create a new password. 1Password will remember this one as well.

FINAL THOUGHTS:  If creating a simple but effective password can save your bank account, credit card information, Facebook account and email – then it makes sense to take the steps necessary to protect yourself.  After all the best defense is a good offense and creating an effective password is OFFENSIVE RULE #1.

Business Ethics Daily Roundup – January 13, 2010

As a business ethics speaker and author, as you can imagine, I work daily to keep up with what’s happening.  My wife asked me the other day, “well…how do you share that?”  It dawned on me, I don’t – except in my presentations and more formal writings.  So – from that simple question was birthed the idea of a daily roundup.

Here goes…and I hope it helps.

Aerospace and Defense Industry Commit to New Global Principals of Ethical Conduct – The first International Forum on Business Ethical Conduct for the Aerospace and Defence Industry (IFBEC) took place today in Berlin.  The forum strengthened exchange between industrial, institutional and state players within these key sectors, encouraging them to participate in the development of fair competition rules. It demonstrated the commitment of the aerospace and defence industry to business ethics.  Full story here.

Scrutiny of White Collar Crime Grows – About 25 embezzlers met their downfall last year in Greater Cincinnati and Northern Kentucky, particularly in Butler County, when they were busted in cases totaling $2.2 million – a record-high for the county, officials believe. Full story here.

Should ‘The Office’ Be Used In HR Training? (this is a really cool story) – The Office, a comedy about a jumble of oddball workers trying to get along in a claustrophobic environment, is a phenomenon of our times, a period when the American workforce is more diverse than it has ever been.  The question is – should this quirky comedy be used to illustrate sensitive points when doing HR training?  Full story here.

The Foreign Corrupt Practices Act: An Overview – Corruption poses a significant legal and economic risk for corporations doing business around the world, particularly in developing and transitioning countries.  Because of this increased enforcement activity, managers and directors who run multinational corporations are rightfully concerned about their compliance efforts.  Full story here.

More to come tomorrow.  Meanwhile, for more ethics information and discussion – join me on Facebook – link here.

Facebook Scams and Fraud – Warning from Business Ethics and Fraud Prevention Speaker Chuck Gallagher

AVOIDING COMMON FACEBOOK SCAMS  

SCAM #1

I can’t tell you lately just how many times I have had a Facebook friend pop up in chat telling me that they are having a bad day.  Seems that someone mugged them while they were visiting friends in London.  (Guess London is the new fraud hot spot?)

Anyway the fraudster goes on to request money from their Facebook friend and gives them wire transfer information.  NOTE:  THIS IS A SCAM.  I suspect that most of you have figured it out, but just in case – DON’T FALL FOR THIS HOAX.

If you receive this type of communication, Facebook provides an easy solution to help your friend avoid the SCAM continuing.  Here’s Facebook’s suggestion (and it works):

My friend’s account has been affected by the money transfer scam (someone is using my friend’s account to ask for money).

We are currently working with people whose accounts have been affected…

We are currently working with people whose accounts have been affected by money transfer scams. Please use caution around messages from friends claiming to be stranded and asking for money.

Your friend’s Facebook account may have been compromised by cybercriminals attempting to impersonate them. Most frequently, these criminals will gain control of a Facebook account, and use the Chat or Status features to claim they are stuck in a far away location and in need of financial assistance.

If you have received a message like this, please enter your friend’s account information in this form so that we can make sure your friend’s account is secure.

http://www.facebook.com/help/?faq=14257

Recently, I had two friends whose account had been hacked.  When I received the request for funds I set up a separate tab and went to Facebook directly typing in the data requested to protect my friend – while keeping the scammers on the chat line.  I copied the chat – pasted it into the Facebook location asking for specifics and while chatting with the scammers (expressing my disbelief at what had happened to them – cause I knew it was all fake), my friends account was shut down…SCAMMER FOILED!

SCAM #2

You receive the following e-mail announcement:

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

This too is a CROCK OF CRAP!  DO NOT OPEN THE ZIP FILE ATTACHED.  It is only a way for someone to gain information from your email address and hack your email, Facebook account or access other information.

Hopefully this information is helpful.

If you know of other scams that are currently being used and wish to help alert other, please make a comment.  Facebook is a wonderful tool and worth keeping safe.

Prospective employers checking you out on Facebook not ethical? Get over it.

Is it ethical for a company to use what you freely post on a social networking site as part of their decision making process?

I posed that question the other day to a group of students at Queen’s Business School in Kingston, Ontario.  The answers I got were interesting; they generally saw sites like Facebook as just that: a social networking tool. And they didn’t generally connect that a prospective employer has an ethical right to base their hiring decision on what a candidate posts online in their off hours.

But here’s the thing: Regardless of the ethical questions at play, what you post online will likely be found, in one form or another, by prospective employers. A recent study found that 45 percent of employers surveyed use social networks to screen job candidates.

So, here’s a question for all business students: At a time when unemployment is at a 26-year high, and competition for jobs is fiercer than ever, what are you currently doing with Facebook, LinkedIn, and Twitter to expand, find, or grow your career? Are you taking advantage of what’s free in a way that allows you to take those steps?

Facebook – Nude Student Photos and a College IT Administrator: Robert T. DeCampos, Jr. – Dumb and Dumber!

I never cease to be amazed at the stupidity of what people will do with social networking.  Dumb – don’t put nude pictures on your facebook account!  That most would say that is common sense, but it seems that “common sense” goes out the window with some folks when it comes to their Facebook or MySpace pages.

Perhaps someone will get a clue – these are public and can be found!

ADVICE:  Don’t put anything on Facebook, MySpace, LinkedIn or any other site that you wouldn’t want your mother or boss to see.  If you feel that you could be fired or severely scolded for your entries – don’t put it on the site.

Enough Said! 

CRIMINAL ACTIVITY:

According to SouthCoasttoday.com – Robert T. DeCampos Jr., 30, a Dartmouth resident, and computer administrator, faces charges that he illegally obtained nude and semi-nude photos of about 16 female students by hacking into their UMass e-mail accounts and Facebook files.

What did he allegedly do and how?  According to published reports:

His first step, according to court documents, was to search Facebook for female UMass Dartmouth students. Next, he checked the names with the campus Web site.

Then he would use his administrative authority to access their e-mail, where he would attempt to log into their personal Facebook accounts. When that failed because he lacked their Facebook passwords, he would have Facebook send a link for a new password back to their e-mail. The hacker would then open the e-mail to reset the password, then enter Facebook with all the privileges and access of the student.

At that point he could view all of the students’ photographs, including private ones, and do further searches for their friends.

According to The Chronicle of Higher Education:

The university fired Mr. DeCampos last fall after police searched his home and found a portable flash drive containing the photos. Mr. DeCampos, who was released on his own recognizance after the arraignment, is being charged with 13 misdemeanor counts of unauthorized access, which carries a maximum penalty of 30 days in jail and $13,000 in fines. He is also being charged with one count of felony larceny, which could mean up to a five-year jail term and a $25,000 fine.

The Boston Herald also reported:  “Robert T. DeCampos Jr. also attempted to snap “upskirt” images of shoppers at an electronics store in Dartmouth, authorities said yesterday, following a four-month probe into the alleged cyber snooping, according to the New Bedford Standard-Times.”

THOUGHTS:

It appears obvious that DeCampos (while innocent until proven guilty) is experiencing the consequences of his choices.  As an ethics speaker, there is little doubt that DeCampos will likely serve time in prison for his actions.  But there is another question that deserves attention: why would someone put nude or partially nude photos on Facebook?  Is there really a thougth that Facebook is private – that there are no consequences of the student’s actions?

WHAT ARE YOUR THOUGHTS?

Facebook, Photo’s and Firing! Nurses Fired for Posting Cell Phone Pictures to Facebook … Comments by Ethics Speaker Chuck Gallagher

An article on WISN.com caught my attention and the attention of CNN – as they reported on a nurse who was fired for her (ethical lapse) – choices regarding a photo and comments. 

So here’s part of the story as posted by WISN.com:

Nurses accused of photographing a patient and posting the pictures on the Internet have been fired.

The investigation started with an anonymous call from an employee at Mercy Walworth Medical Center in Lake Geneva, with the allegation that a nurse took pictures of a patient with her cell phone and posted them on her Facebook page.

Now before I continue with the story – lesson #1.  DON’T POST STUFF ON FACEBOOK that might be questionable.  A simple rule of thumb…if you think that your employer or your mama would not like your posting – DON’T PUT IT ON THE SITE (or anywhere else on the internet).  It can be found.  It will be found.  And, it will be used against you!

The story goes on to say:

Last week, the nurse told 12 News she never posted the pictures on the Internet. Investigators have since interviewed the nurse and said she offered more details.

“There were two nurses that independently took a picture each of an X-ray of a patient,” Walworth County Undersheriff Kurt Picknell said.

The patient was admitted to the emergency room with an object lodged in his rectum. Police said the nurse explained she and a co-worker snapped photos when they learned it was a sex device. Police said discussion about the incident was posted on her Facebook page, but they haven’t found anyone who actually saw the pictures.

The nurse removed her Facebook page from the Internet last week. Without more, Picknell said this conduct does not appear to violate any state laws. He has referred the case to the FBI.

“We’ve notified federal authorities of this allegation to see if there are federal violations, most notably HIPAA violations, patient rights,” he said.

OUCH!  FBI.  Those three letters are worse than the IRS.

A similar story was reported on December 29, 2008 – same story but posted to MySpace.  As a ethics speaker, I wonder (often) why people believe that their pages on MySpace – Facebook or any other free social networking site are somehow theirs and not public information?  And it’s not the adults that are the only folks with that attitude.  As I speak to University students around the country – they seem to have the same attitude.  They feel that their drunken party photos that have been posted and tagged should be off limits to employers who are considering them for a position.

That is not reality.  Reality is – what you post you are accountable for.

Every choice has a consequence.  This is not the first such example and it won’t be the last.  One thing is for sure, as social networks grow more and more people will be called to task for their postings.  Social networks are wonderful, but be cautious, be careful and avoid the FBI…!

Students – It’s Time to Think of Facebook in a Different Light! Comments by Business Ethics Speaker Chuck Gallagher

Facebook – on of the fastest growing social networking sites can be awesome or can be a curse. Started by a young man who wanted to keep up with his friends, Facebook has become an outstanding tool. Likewise, like any tool, how you use it determines whether it will serve you or hurt you.

As a business ethics speaker I talk to college groups all around the country about effective uses of Facebook and other social networking sites. The creative application of Facebook could make the difference in whether you get that first job (the one you really want) or don’t. The question is – “Is Facebook a tool for business or a public garbage dump for how you feel at the moment?”

Here’s a garbage dump example:

A Calvin College student has been suspended for one year over a lewd Facebook message he allegedly posted about an ex-girlfriend.

According to an article in The Grand Rapids Press, a message about an ex was posted from Tony Harris’s account in November that “referred to the woman in two slang terms and referenced sexuality.” Calvin officials did not return calls from The Chronicle, but the newspaper reported that the college cited Mr. Harris, a sophomore, for violating technology and conduct codes at the institution, which refers to itself as “distinctively Christian.”

The acceptable-use policy on the college’s Web site prohibits “communication that degrades or harasses individuals or groups.”

Mr. Harris, who not respond to requests for comment from The Chronicle, has insisted that the ex-girlfriend, who he said knew his Facebook password, logged in to his account and sent the message herself, presumably to frame him, the newspaper reports. Calvin officials were apparently unconvinced.

In order to resume his studies at Calvin in a year, Mr. Harris will need to re-apply to the college and recant the Facebook message, according to report. —Steve Kolowich

Now, ethically speaking, Mr. Harris used Facebook as a public garbage dump for how he felt about his ex-girlfriend. Not only was that less than honorable, but it had repercussions far greater than Mr. Harris would have expected when he posted his thoughts or feelings.

Every choice has a consequence.

The Consequence: Kicked out of school! Not allowed to return without reapplying and who knows what other repercussions he is experiencing from his ex-girlfriend and parents. In fact, one might wonder how many girl would now want to be his girlfriend since he has demonstrated that he might not honor them when they part?

There’s a saying – “garbage in — garbage out.”

While Facebook may have been started as a social networking site, it is rapidly becoming a “product/person differentiation site”. In other words, with Facebook being public and searchable, people of all ages who use it should consider that it is nothing more than a personal web site. What you put on there is your advertisement of yourself. If you want to sell yourself, you need to consider what you say and how you position yourself.

Facebook is a powerful tool – use it to your advantage!

Read the rest of this entry »

Social Networking, Social Media, Social Web and Ethics – Are They Compatable? Ethics Speaker Chuck Gallagher Comments!

For a 51 year old former Sr. VP of Sales and Marketing, current business ethics speaker and fraud prevention consultant, I am finding web 2.0 and/or social media (or whatever title you give it) to be a vast open space for opportunity and/or disaster. And for those of us who are growing into this new frontier the pitfalls can be dramatic and costly.

One year ago I had no clue what web 2.0 was or meant. Frankly neither did most of my counterparts. Those of us in the Baby Boom generation just didn’t get it. As far as we were concerned sites like MySpace and Facebook were for kids. And, frankly, we didn’t have a clue what the fascination was all about. Just really seemed like a colossal waste of time. Either the “young” folks were texting – seemed like speed dial and a call was quicker – or they were writing in some unknown code that was designed to keep those of us with budding grey hair confused. And confused we were.

Then, for reasons I still don’t fathom, I began – like many others of my generation – to find some attraction to just what the fuss was all about. Viola…Baby Boomers connect and the world for us changes.

AMAZING FACTS:

According to site analytics reported on in compete.com for December 2008 the following amazing statistics are available:

Number of Unique Visitors:

Facebook 59,675,502

MySpace 59,544,152

LinkedIn 9,349,996

In all three cased the number of people visiting these sites increased for the month of December 2008 and increased for the year for both Facebook and LinkedIn.

IMPACT FOR ADULT SOCIAL MEDIA CONNECTIONS:

While the number of uses for MySpace (mostly high school and college aged users) has remained flat, the more adult related sites has skyrocketed. The number of unique visitors to LinkedIn over 2008 has increased 153.9% and unique visitors to Facebook has increased 85.7%. While there may be those who disagree, I submit that the great majority of the increased visitorship to these sites is coming from adult users that are beginning to learn how to tap into the value of social media connections.

The growth is incredible as I am seeing daily (yes daily) the number of people in the Baby Boom group who are beginning to figure out that they will be left behind if they don’t join the social media revolution. The message that one might share is instantaneous and the access to data is vast. The power for branding, marketing and media messaging is limited only by the narrowness of ones mind.

INTERCONNECTED – FOR BETTER OR WORSE:

First, let me say, you do have control over when and how you use these tools. That said, the reality is you are interconnected. For example I am working with a social media site called twitter. Now for those who twitter it makes perfect sense (I guess). For me, well…I’m trying to figure it out. But one thing I do know is that since my twitter postings are linked to my facebook account, every time I make a post to twitter my facebook is updated.

That interconnection can be a great benefit. But, it has to be one that is managed. As a baby boomer and professional speaker and consultant I quickly got the value of these social media site from a marketing and branding perspective. And, I promise for those who really get it, I’m no where close to truly maximizing the value that can be gained there.

Here’s an example of the power of social media at work. As I began writing this blog I posted a comment on twitter (which like Facebook and LinkedIn is growing exponentially). I stated that I was writing this article and would be open to suggestions. The request was posted on twitter – which linked to my facebook page. Just a moment ago I looked on my facebook page and has two responses, both of which were very helpful.

Here are their comments with some minor edits:

A professor from Texas writes: “Who owns my data?” Guess what – Facebook owns what you put on your profile. Not you. Take your page down? Doesn’t matter, they still have, and own, that information.

A professional speaker from Florida writes: I am amzaed how social media has taken off the way it has…. I do not like it when people think it is the perfect place to push their MLM or any other products or services.

Don’t get me wrong I think that MLMs are a great business to get into. But please first read the secret behind “Permission Marketing” as taught by Seth Godin. If you use this … (read More Strategy )it does work. I know I have people who write me and call me and I don’t really know them but they feel like I am there best friend. This is all done by “Permission Marketing” not by pushing yourself upon your friends list.

Also becareful what you post on someone’s “Wall” where everyone can read it. I will sometimes post something on their Wall and then follow-up with a direct private message to further explain the details or the private information. There are somethings you don’t want everyone to know without the permission of the other parties involved.

ETHICS, CHOICES AND CONSEQUENCES:

Every choice has a consequence. Every time you call someone or write a note, you make a choice that has a consequence. Perhaps your call or note is received with joy and the consequence is deemed positive. Likewise, many in turbulent economic times are receiving calls or notes that result in the loss of jobs and – the consequence is much different.

The same applies to every entry or contact in a social media environment. I, for example, write about ethics and fraud – white collar crime mostly. I am aware that with the touch of the keyboard, I publish data that some find helpful and refreshing and others find offensive. Believe me I have heard from those who do find my work distasteful. In any event, I understand that the way we interact on the web is much different and substantially more powerful than what we have previously been accustomed.

So here are some questions (feel free to comment below – who knows where the dialogue will take us):

• If you use social media sites such as Facebook, LinkedIn or Twitter for business promotion, are you concerned more about your privacy or the promotion of your business?
• If you had to choose between LinkedIn or Facebook – which site would you select and what motivates that selection?
• If you use Facebook, do you feel that it is ethical to look at the friends of your friends and request a connection to them?
• Would you rather expand your network of “friend” or “connections” or maintain your privacy?
• How do you feel social media networking is different than networking – say through a chamber of commerce event?

As times passes, like with anything, we will all learn and grow. Meanwhile, the issues of what, how and where to use social media and what is fondly called web 2.0 are unfolding.

One last comment before this entry is closed out… As I speak often to university students I find that they too have an amazement at this whole social media issue. This comment just came through on my facebook page. It is accurate and demonstrates just how we need to think about the balance between social, marketing and privacy. Here’s the comment:

Fascinating. I find the balance of being public and yet wanting privacy control a tight balance. Companies are using FB as an HR research/background tool.

Your comments are welcome…