Fraud Prevention and Passwords – sometimes the best offense is the easiest defense!

May 31, 2010

As a business ethics and fraud prevention speaker and author, I find that, nearly every week, someone connected with me has their account hacked and the messages that are sent – well let’s put it this way – they aren’t what they would send.  Adult Friend Finder, Viagra, Canadian drug stores – you name it – the hackers seem to be enamored with using someone else’s Facebook account or email to promote their product or service using your good name.

As an Apple computer user the following was shared related to the common hacking problem that many face.  Take a read and let’s understand the benefit of simple information that can protect your account and your Facebook friends!

Reader Deb Ward is the victim of an increasingly common scam. She writes:

I have a MobileMe account that I believe was hacked. First a message was sent to everyone in my .mac email address book that I was in the UK, held up at gun point, stranded, and to please send money. Then, the hacker was able to get into my .mac account and have my emails forwarded to a Yahoo account! How can this happen? How do I protect my email accounts? And how do I protect the rest of the information on my computers?

While this kind of thing isn’t as common as advance fee fraud (typical of the Nigerian royalty wheeze that’s been around for years), it’s a scam that’s become popular in the past few months. It works this way:

The scammers obtain account addresses (not just from the MobileMe service but other providers as well such as Hotmail, Google, and AOL). They then use computer scripts to generate passwords—using words commonly found in the dictionary—and work through these passwords in the hope of finding one that lets them in. When a working password is found, they go about the nefarious business of grabbing your contacts from the host service and sending out the kind of message that your contacts received. Depending on the service, they can also have messages forwarded to a different account.

COMMENT: I can’t begin to tell you how many FB friends have fallen prey to this “London robbing” scam.  Facts are – when you receive a chat comment or email from a friend announcing their robbery – the initial damage is done.  Now if this come via Facebook chat – my recommendation is (1) keep the chat going.  Express your concern and keep a dialogue while (2) opening another browser and going to Facebook to report the activity.  I have found in doing that – that the folks at Facebook are quick to disable the account thereby eliminating the perpetrator from continuing to scam friends who might be shocked into monetary submission.

Your best hope is that those you associate with are smart enough to ignore this obvious bit of phoniness or, at the very least, check with you to be sure that the message is legitimate. On the other hand, those who do pungle up the dough can be counted as extra special (though pretty gullible) friends. Please treat them gently.

As for protection, Protection Tip Number One is to use a password that can’t be easily guessed. If it’s in the dictionary, it’s a bad password. If it’s in the dictionary and you’ve appended a couple of significant numbers after it—your birthday or age—it’s still a bad password. If it’s a pattern of characters on your keyboard—adgjl’, for example, it’s a bad password. If it’s eight characters or less, it’s possibly an okay password, but not a great one.

Protection Tip Number Two is to not use the same password for everything you do. If you unlock your e-mail, Apple ID, Amazon account, Mac administrator’s password, and bank account with that single password, imagine the havoc that results when it’s cracked.

COMMENT:  Excellent suggestion.  While I admit I like to keep the passwords simple for me to remember, it makes sense to have three or so that you use so that in the worst of circumstances one password does not open your entire world up to hackers!

There are a variety of strategies for creating and remembering passwords. People often substitute characters for letters—$ for S, @ for A, and ! for L. Others remove vowels—grtbllsffre1957, for a Jerry Lee Lewis fan, for example. Others still write random strings of nonsense, write down those strings, plunk the passwords into their Mac’s keychain, and lock the written passwords in a safe place should they need them. (These are people who have complete control over their computer—the one in their home, not in the office.)

Because I have a brain like a sieve, I use Agile Web Solutions’ $40 1Password. Not only can it keep track of all the passwords in your life, it can also generate them. Like so:

1Password’s password generator

When you come to a website you need a password for, select the password field, click and hold on the 1Password button that appears in your browser, and choose Strong Password Generator. In the sheet that appears the title of the site should appear along with its location. Use the Length slider to choose a length for your password (the longer the better) and click Fill. 1Password will fill in the password field with the password it just generated. It will later prompt you to save the login information for that site—your username and password. When you next visit, you can ask 1Password to fill in this information for you.

If you lack the inspiration to create a password for some other kind of account—your e-mail account, for example—1Password can help there too. Just launch the program, choose Go -> Generated Passwords, click the Plus (+) button at the bottom of the second column, and use a procedure similar to the one I just described to create a new password. 1Password will remember this one as well.

FINAL THOUGHTS:  If creating a simple but effective password can save your bank account, credit card information, Facebook account and email – then it makes sense to take the steps necessary to protect yourself.  After all the best defense is a good offense and creating an effective password is OFFENSIVE RULE #1.


FBI Posts Warning about Haiti Relief Contribution Scams – Tips to avoid being Ripped Off

January 14, 2010

How unfortunate, but at a time when folks need help the most – at that same time – there are those who find the greatest opportunity to take advantage of those kind enough to offer help.  SCAMMERS are in full force concocting schemes to take money that you would give to help and instead help themselves.  Whether it’s 9/11 or Katrina – the disaster makes no difference – Scammers have one goal – DEFRAUD YOU.

More than 400 Internet addresses related to Haiti have been registered since Monday’s devastating quake, Internet security expert Joel Esler said. The names reference Haiti and words such as “earthquake,” “help,” “aid,” “victims” and “survivors.”

Here are tips offered by the FBI, Better Business Bureau and Scam.busters.  Also click here for a video on the subject.

SUMMARY TIPS:

  1. Be skeptical of email through Social Networking sites.  Don’t click on Links or attached files.
  2. Ask for the name and phone number of the charity or request that they put information in writing.
  3. Do Not give personal financial information – You’d be vulnerable to identity theft.
  4. Don’t be mislead by a “Sound Like” Charity name
  5. Ask if the Charity is registered with any organization and get the registration number.  Check with CharityNavigator.org.
  6. Ask what percentage of your gift actually reaches the needy.
  7. Don’t ever donate cash and DO NOT give out your credit car number to telemarketers or use it with a charity you have not checked out.
  8. If the person asks for more…that may be a sign something is wrong

If there is ever a time that the Haitian people need help it is now.  That is not true for Scammers.  Don’t fall prey to a scam.  Make sure your heart felt contribution goes directly to those who need it the most.

Here’s a link to a list of charities that are providing relief to the Haiti effort and have been signed off on by charitynavigator.org.  HAPPY GIVING TO YOU!

Read the rest of this entry »


Prospective employers checking you out on Facebook not ethical? Get over it.

November 8, 2009

Is it ethical for a company to use what you freely post on a social networking site as part of their decision making process?

I posed that question the other day to a group of students at Queen’s Business School in Kingston, Ontario.  The answers I got were interesting; they generally saw sites like Facebook as just that: a social networking tool. And they didn’t generally connect that a prospective employer has an ethical right to base their hiring decision on what a candidate posts online in their off hours.

But here’s the thing: Regardless of the ethical questions at play, what you post online will likely be found, in one form or another, by prospective employers. A recent study found that 45 percent of employers surveyed use social networks to screen job candidates.

So, here’s a question for all business students: At a time when unemployment is at a 26-year high, and competition for jobs is fiercer than ever, what are you currently doing with Facebook, LinkedIn, and Twitter to expand, find, or grow your career? Are you taking advantage of what’s free in a way that allows you to take those steps?


Facebook – Internet Scam! Free Grant Money – Yea Right! Scam Alert by Chuck Gallagher Fraud Prevention Speaker

February 26, 2009

Now…don’t get me wrong – I’m a big fan of Facebook and social media / networking.  I may be 51, but I am learning quickly the benefits of Facebook, LinkedIn and Twitter.  But with every great tool comes someone who will use it for – well lets say – not so noble uses. As a fraud prevention speaker, I am alert to things that – well, just don’t smell right.

In Facebook on the right side of your home page or profile are those pesky little ads that help make Facebook run and make it free to use.  Rarely – if ever do I click on them.  Mostly cause I’m not interested and secondly, I don’t want to get sucked into something I don’t want, don’t need or don’t understand.

But, I’ve got to be honest.  For weeks now I’ve been seeing this ad – over and over again – touting getting your stimulus check.  Now, I’m smart enough to know that there is NO Twelve Thousand Dollar stimulus check coming to ole Chuck!  Yet, I’ve been tempted to click on the ad and just see what it is all about.  Several times I dragged my cursor over the ad and stated to click.  I didn’t!

Today, however, I notice a great article written by Chadwick Matlin and posted on MSNBC.  The full article can be found here.

The article begins as follows:

Meet Kevin Hoeffer. Kevin is an altruistic man who just received $12,759.62 from the federal government. He wants all of the readers of his blog to be able to do the same. So he points the way to a free grant kit (plus $1.99 shipping and handling) to use to apply for a government handout. Once you do that, you’ll get your $12,000. It’s that simple. He even provides a copy of his official Treasury grant check to prove its legitimacy.

grant-check2-kevinhoeffercopyhmediumNow it is clear from the photo from the article that what is represented sure looks real.  But, that’s all part of the fraud.  When a person is scammed three things generally take place and the photo above shows the simplicity of creating the second part of the three part scam – ILLUSION.

I was contacted by an organization asking about legislation to protect people (especially Senior Citizens) against fraud – like what Bernie Madoff pulled off.  I responded in a way that I suspect they didn’t like.  You cannot legislate out fraud.  There has and will always be those who would take advantage of others.  That, unfortunately, is the nature of some people.  Likewise, there will always be some people who want to believe (in the tooth fairy) that something can be had for nothing – that they will fall for even the dumbest of scams.

HERE’S HOW THIS ONE WORKS:

Per Mr. Matlin in his article:


These people are the faces of a new, pervasive scam that’s piggybacking on Washington’s stimulus agenda. All of the blogs tell you to use the free software to get the $12,000 grants. To order that software, the blogs link off-site to a variety of Web sites filled with testimonials about how great their free grant-finding software is. What they don’t say is that if you fail to cancel your subscription — a subscription the sites don’t reveal exists outside — they’ll charge your credit card until you discover their scheme and tell them to stop. (The going rate seems to be $50-$70.) It’s a devious system whose ads are proliferating across the Internet and has embarrassed Facebook into pulling them down. A close read of the scams’ semiotics offers an insight not just to our weakness for get-rich-quick schemes, but also our current economic moment.

CREDIT WHERE CREDIT IS DUE:stimuli-adsstandard

Not everyone is subject to a big case of the dummies.  Many folks complained and Facebook figured that the revenue wasn’t worth ticking off the Facebook community so they pulled the ads.  By the way the Ads look like this.  I have taken the time to show them here so that if you see them you’ll know exactly what a scam looks like.

ANATOMY OF A FRAUD OR SCAM:

Being defrauded is easy.  The fraudster just sucks you into the PIT.  Now for those of you who follow my blog, I have reported on this before in entries related to Bernie Madoff.  But if you have not read those let me help you with understanding the PIT.

The first part of most any financial fraud starts with the PROMISE ( P ).  In the case of this scam the promise is a big fat $12,000 from the government.  Why?  Well, of course newly elected President Obama wants you to have it.  It is part of the big ole stimulus package – RIGHT!

So POINT OF ADVICE:  If you wish to avoid being scammed, understand – if it sounds to good to be true – it LIKELY ISN’T TRUE!

The second part of the fraud triangle is the ILLUSION ( I ).  That is obvious as well…you get to see a pretty picture of a (what must be real) check from the government!

A great ILLUSIONIST should be able to fool you.  But with electronics these days you can make any thing any way you want it.  Remember the movie – “CATCH ME IF YOU CAN” – what if he’d had photoshop?

That leads to the third and final component of fraud – TRUST ( T ).  In order to effectively pull a fraud off, someone has to trust the fraudster.  Now, having been a fraudster (not something I am proud of), I understand the mentality.  It is much easier to defraud someone who is close to you and trusts you than it is to defraud a stranger.  But if the need is great enough – like the failing economic situation we’re in now – and the population of folks to defraud is large enough – well even a blind squirrel can find an acorn.

SCAM AVOIDANCE:

Don’t believe everything you hear.  Don’t believe everything you see.  Don’t trust everyone who wishes to take or (invest) your money.  Use common sense and you’ll avoid the need for an attorney to help you get out of the scam mess that can ensnare folks.

COMMENTS ARE WELCOME!


Students – It’s Time to Think of Facebook in a Different Light! Comments by Business Ethics Speaker Chuck Gallagher

February 16, 2009

Facebook – on of the fastest growing social networking sites can be awesome or can be a curse. Started by a young man who wanted to keep up with his friends, Facebook has become an outstanding tool. Likewise, like any tool, how you use it determines whether it will serve you or hurt you.

As a business ethics speaker I talk to college groups all around the country about effective uses of Facebook and other social networking sites. The creative application of Facebook could make the difference in whether you get that first job (the one you really want) or don’t. The question is – “Is Facebook a tool for business or a public garbage dump for how you feel at the moment?” facebook-logo

Here’s a garbage dump example:

A Calvin College student has been suspended for one year over a lewd Facebook message he allegedly posted about an ex-girlfriend.

According to an article in The Grand Rapids Press, a message about an ex was posted from Tony Harris’s account in November that “referred to the woman in two slang terms and referenced sexuality.” Calvin officials did not return calls from The Chronicle, but the newspaper reported that the college cited Mr. Harris, a sophomore, for violating technology and conduct codes at the institution, which refers to itself as “distinctively Christian.”

The acceptable-use policy on the college’s Web site prohibits “communication that degrades or harasses individuals or groups.”

Mr. Harris, who not respond to requests for comment from The Chronicle, has insisted that the ex-girlfriend, who he said knew his Facebook password, logged in to his account and sent the message herself, presumably to frame him, the newspaper reports. Calvin officials were apparently unconvinced.

In order to resume his studies at Calvin in a year, Mr. Harris will need to re-apply to the college and recant the Facebook message, according to report. —Steve Kolowich

Now, ethically speaking, Mr. Harris used Facebook as a public garbage dump for how he felt about his ex-girlfriend. Not only was that less than honorable, but it had repercussions far greater than Mr. Harris would have expected when he posted his thoughts or feelings.

Every choice has a consequence.

The Consequence: Kicked out of school! Not allowed to return without reapplying and who knows what other repercussions he is experiencing from his ex-girlfriend and parents. In fact, one might wonder how many girl would now want to be his girlfriend since he has demonstrated that he might not honor them when they part?

There’s a saying – “garbage in — garbage out.”

While Facebook may have been started as a social networking site, it is rapidly becoming a “product/person differentiation site”. In other words, with Facebook being public and searchable, people of all ages who use it should consider that it is nothing more than a personal web site. What you put on there is your advertisement of yourself. If you want to sell yourself, you need to consider what you say and how you position yourself.

Facebook is a powerful tool – use it to your advantage!

Read the rest of this entry »


Social Networking, Social Media, Social Web and Ethics – Are They Compatable? Ethics Speaker Chuck Gallagher Comments!

January 29, 2009

For a 51 year old former Sr. VP of Sales and Marketing, current business ethics speaker and fraud prevention consultant, I am finding web 2.0 and/or social media (or whatever title you give it) to be a vast open space for opportunity and/or disaster. And for those of us who are growing into this new frontier the pitfalls can be dramatic and costly.

One year ago I had no clue what web 2.0 was or meant. Frankly neither did most of my counterparts. Those of us in the Baby Boom generation just didn’t get it. As far as we were concerned sites like MySpace and Facebook were for kids. And, frankly, we didn’t have a clue what the fascination was all about. Just really seemed like a colossal waste of time. Either the “young” folks were texting – seemed like speed dial and a call was quicker – or they were writing in some unknown code that was designed to keep those of us with budding grey hair confused. And confused we were.

Then, for reasons I still don’t fathom, I began – like many others of my generation – to find some attraction to just what the fuss was all about. Viola…Baby Boomers connect and the world for us changes.

AMAZING FACTS:

According to site analytics reported on in compete.com for December 2008 the following amazing statistics are available:istock_000007298729small

Number of Unique Visitors:

Facebook 59,675,502

MySpace 59,544,152

LinkedIn 9,349,996

In all three cased the number of people visiting these sites increased for the month of December 2008 and increased for the year for both Facebook and LinkedIn.

IMPACT FOR ADULT SOCIAL MEDIA CONNECTIONS:

While the number of uses for MySpace (mostly high school and college aged users) has remained flat, the more adult related sites has skyrocketed. The number of unique visitors to LinkedIn over 2008 has increased 153.9% and unique visitors to Facebook has increased 85.7%. While there may be those who disagree, I submit that the great majority of the increased visitorship to these sites is coming from adult users that are beginning to learn how to tap into the value of social media connections.

The growth is incredible as I am seeing daily (yes daily) the number of people in the Baby Boom group who are beginning to figure out that they will be left behind if they don’t join the social media revolution. The message that one might share is instantaneous and the access to data is vast. The power for branding, marketing and media messaging is limited only by the narrowness of ones mind.

INTERCONNECTED – FOR BETTER OR WORSE:

First, let me say, you do have control over when and how you use these tools. That said, the reality is you are interconnected. For example I am working with a social media site called twitter. Now for those who twitter it makes perfect sense (I guess). For me, well…I’m trying to figure it out. But one thing I do know is that since my twitter postings are linked to my facebook account, every time I make a post to twitter my facebook is updated.

That interconnection can be a great benefit. But, it has to be one that is managed. As a baby boomer and professional speaker and consultant I quickly got the value of these social media site from a marketing and branding perspective. And, I promise for those who really get it, I’m no where close to truly maximizing the value that can be gained there.

Here’s an example of the power of social media at work. As I began writing this blog I posted a comment on twitter (which like Facebook and LinkedIn is growing exponentially). I stated that I was writing this article and would be open to suggestions. The request was posted on twitter – which linked to my facebook page. Just a moment ago I looked on my facebook page and has two responses, both of which were very helpful.

Here are their comments with some minor edits:

A professor from Texas writes: “Who owns my data?” Guess what – Facebook owns what you put on your profile. Not you. Take your page down? Doesn’t matter, they still have, and own, that information.

A professional speaker from Florida writes: I am amzaed how social media has taken off the way it has…. I do not like it when people think it is the perfect place to push their MLM or any other products or services.

Don’t get me wrong I think that MLMs are a great business to get into. But please first read the secret behind “Permission Marketing” as taught by Seth Godin. If you use this (read More Strategy )it does work. I know I have people who write me and call me and I don’t really know them but they feel like I am there best friend. This is all done by “Permission Marketing” not by pushing yourself upon your friends list.

Also becareful what you post on someone’s “Wall” where everyone can read it. I will sometimes post something on their Wall and then follow-up with a direct private message to further explain the details or the private information. There are somethings you don’t want everyone to know without the permission of the other parties involved.

ETHICS, CHOICES AND CONSEQUENCES:

Every choice has a consequence. Every time you call someone or write a note, you make a choice that has a consequence. Perhaps your call or note is received with joy and the consequence is deemed positive. Likewise, many in turbulent economic times are receiving calls or notes that result in the loss of jobs and – the consequence is much different.

The same applies to every entry or contact in a social media environment. I, for example, write about ethics and fraud – white collar crime mostly. I am aware that with the touch of the keyboard, I publish data that some find helpful and refreshing and others find offensive. Believe me I have heard from those who do find my work distasteful. In any event, I understand that the way we interact on the web is much different and substantially more powerful than what we have previously been accustomed.

So here are some questions (feel free to comment below – who knows where the dialogue will take us):

  • If you use social media sites such as Facebook, LinkedIn or Twitter for business promotion, are you concerned more about your privacy or the promotion of your business?
  • If you had to choose between LinkedIn or Facebook – which site would you select and what motivates that selection?
  • If you use Facebook, do you feel that it is ethical to look at the friends of your friends and request a connection to them?
  • Would you rather expand your network of “friend” or “connections” or maintain your privacy?
  • How do you feel social media networking is different than networking – say through a chamber of commerce event?

As times passes, like with anything, we will all learn and grow. Meanwhile, the issues of what, how and where to use social media and what is fondly called web 2.0 are unfolding.

One last comment before this entry is closed out… As I speak often to university students I find that they too have an amazement at this whole social media issue. This comment just came through on my facebook page. It is accurate and demonstrates just how we need to think about the balance between social, marketing and privacy. Here’s the comment:

Fascinating. I find the balance of being public and yet wanting privacy control a tight balance. Companies are using FB as an HR research/background tool.

Your comments are welcome…


MySpace Hoax Results in Indictment! Lori Drew Faces 20 Years In Prison

May 15, 2008

Two years after Megan Meier committed suicide Lori Drew, age 49, was indicted for her alleged role in Meier’s death.

In an earlier blog I wrote:

In 2006 a Missouri teenager hanged herself after being rejected by a 16 year old boy she met on MySpace. Well, at least that’s what she thought. The reality was the “16 year old boy” was really the mother of one of the girls former friends.

myspace.gif

The motive? It seems the mother was allegedly trying to exact revenge on Meier, who had allegedly dissed her daughter. This sick, twisted and childish choice took and emotional toll on a young person who was emotionally vulnerable and cost her – her life!

The earlier blog is presented in full here.

According to a CNN report –

Drew faces up to 20 years in prison on charges of conspiracy and accessing protected computers to obtain information to inflict emotional distress.

The indictment, which was filed in U.S. District Court in Los Angeles, accuses Drew and others of registering on MySpace as “Josh Evans” and using the account to lure Meier into an an online romance.

Authorities have previously said that Drew set up the account to find out what Meier, who lived in her neighborhood, was saying about her daughter.

Lori Drew of O’Fallon, Missouri, was named in a four-count indictment returned this morning by a federal grand jury. The indictment charges one count of conspiracy and three counts of accessing protected computers without authorization to obtain information to inflict emotional distress on the girl who,
because of juvenile privacy rules, is referred to in the indictment only as M.T.M.

After approximately four weeks of flirtatious communications between “Josh Evans” and M.T.M., Drew and her co-conspirators broke off the relationship. Within an hour, M.T.M. had hanged herself in her room. She died the next day. “This adult woman allegedly used the Internet to target a young teenage girl, with horrendous ramifications,” said United States Attorney Thomas P. O’Brien. “After a thorough investigation, we have charged Ms. Drew with criminally accessing MySpace and violating rules established to protect young, vulnerable people. Any adult who uses the Internet or a social gathering website to bully or harass another person, particularly a young teenage girl, needs to realize that their actions can have serious consequences.”

MYSPACE RULES: It seems that to become a member of MySpace, individuals are required to submit registration information – including name and date of birth – and have to agree to certain TOS that regulate their use of the website. Among other things, the MySpace TOS require prospective members to provide truthful and accurate registration information; to refrain from using any information obtained from MySpace services to harass, abuse, or harm other people; to refrain from soliciting personal information from anyone under 18; to refrain from promoting information that they know is false or misleading; and to refrain from posting photographs of other people without their consent. The indictment alleges that Drew and her coconspirators violated all of those provisions.

The indictment, while not a conviction, alleges that the defendant – Drew – did commit a crime. Characterized as “cyber-bullying” the actions that have not been disputed show a pattern of abuse and a clear violation of the terms of MySpace.

Ron Meier, Megan’s father, watched television newscasts announcing the indictment and was overcome with emotion

“It’s a a good day,” he said. “It’s an awesome feeling.”

He said now he expects the Drews to feel some of the pain and suffering “that I’m going to feel for the rest of my life, not having Megan here.”

COMMENTS:

Ron Meier’s comments are understandable. However, every choice has a consequence and healing can’t truly take place until the negative emotions are dealt with. Revenge, hatred, anger – whatever is felt may be justifiable on one hand. Yet, emotions that have a negative base will not move one forward. They are not the foundation for positive results.

As a speaker to youth and parents alike about social networking – mostly MySpace and Facebook, etc. – I have the opportunity to help folks understand how to effectively us the tools without becoming a victim of them.

The Meier’s have suffered a terrible loss – a senseless loss – yet, across the board there were more people involved in what took place than just Megan or Drew. As parents, if we want to protect our children, we must understand the playing field of social networking and help to monitor what is taking place and bring understanding and order to MySpace and other forms of internet communication. It is too easy to take on a role that can have a terrible consequence.

Every choice has a consequence. Lori Drew and others will soon be finding out the consequences of their actions. No – there is nothing that can be done to bring Megan back. However, the choices that are made now can bring meaning and value to her death.

For now, teen ethics speaker – Chuck Gallagher – signing off…

RELATED LINK