Who Is At Risk of Becoming a Victim of Cybercrime?

We all know that whenever we go online we put our computers at risk of catching a virus or other malware, or worse yet; become a victim of identity theft. In fact, 73% of Americans have been a victim of cybercrime in some form or another. Yet we continue to think that it won’t happen to us. Well, who does it happen to?

Here are some examples to show you that even if it doesn’t happen to you when you go online, it can still happen to you indirectly. If you are a business owner or run a commercial bank, this information is even more important because you don’t only need to look out for your business, you also have to protect all your customers’ and clients’ information. As you take a look at the cases below that involve huge brands that we may be involved with every day, consider how easily this may happen for your business and what you can do to keep your customers’ data and your business safe.

AT&T iPad Email Theft
In June 2010, hackers discovered a web application on AT&T’s website that returned an iPad user’s email address when presented with specially written queries. The hackers then wrote a script and ended up stealing over 114,000 email addresses.

McDonald’s Databases Hacked
In December 2010, McDonald’s released a statement saying that their databases were hacked and an undisclosed number of personal customer information was stolen. The data was information that customers had entered when signing up to receive emails from McDonalds on one of their websites. The information included name, address, phone number, birth date, and gender.

Cybercriminals Hack Into Honda Online Database
In December 2010, cybercriminals hacked into the database of American Honda Motor Co. and stole the names, email addresses, and Vehicle Identification Numbers (VIN) of 2,2 million car owners. A separate list of 2,7 email addresses with no personal information was also accessed.

Wyndham’s Computers Hacked Into
End of 2009 through beginning of 2010, in a three-month period, hackers broke into the Wyndham Hotels & Resorts computer systems stealing customers’ credit card information, including guest names, credit card number, expiration dates, and other data from the card’s magnetic strip.

Hackers Steal Walgreen’s Email List
In December 2010, a computer criminal stole Walgreens’ email marketing list. The criminal then used the list to send out realistic-looking emails that asked recipients to enter their personal information into a website that was controlled by the hackers.


Hopefully this information has shown you that anyone is subject to becoming the victim of cybercrime. It is important that businesses and individuals protect their data. SafeCentral’s WebProtection™ can help with that.

WebProtection™ is a one-time install, light-weight data loss prevention (DLP) application that operates under the assumption that the user’s machine is already infected with malware ensuring that endpoint data is secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Consider adding the extra layer of protection that is needed for your business and yourself. For more information, go to our website www.SafeCentral.com to learn more and view a demo of the product.

Is Your Business Ready for the New Security Threats Coming This Year?

Security predictions for 2011 are not looking great for enterprises or financial institutions. Cybercriminals continue to reinvent themselves and security companies and professionals are having a hard time keeping up, always trailing one step behind. While individual consumers seem to become more aware of how important it is to have security measures in place when doing anything online, companies tend to think that they will not be targeted, it just couldn’t happen to them.

Here is a list of some of this year’s predictions for top security threats:

• More corporate data breaches over social media channels, both volunteered by employees and breached through spam and other malware
• Malware exploit kits will add zero-day vulnerabilities faster and increase their use,  leaving organizations open to more malicious content
• There will be more attacks like Stuxnet, specifically targeting critical infrastructure.
• Attacks on router vulnerabilities. As companies beef up security on computers and servers, hackers look to other areas to attack and gain access to a business’s network. Routers and their firmware are rarely updated, so hackers have a big window to find and exploit vulnerabilities.
• Struggling AV software, some experts say antivirus vendors are having a hard time keeping up with the millions of new malware that appear every day. Not to mention the fact that an antivirus that is created cannot be created until after the virus has appeared which always leaves us one step behind.

These are just some of the alarming predictions that the experts have made. Has your business started preparing for these threats yet? It is time to get started. Even if you are not a multi-million dollar enterprise there are still small steps you can take that will greatly improve your online and network security, thereby protecting your data.

1. Internet Usage Policy – Your Internet usage policy should be specific, it should be shared in detail with all your employees, they should sign off on it, and the policy should be strictly enforced.
2. Restrict Data Access – Only the people that need access to specific data should be allowed access to it. Your data should be stored securely with limited access capabilities.
3. Encryption Technology – Another prediction for 2011 is that organizations will take a more proactive approach to data protection by adoption encryption technology. Why not be ahead of the curve and get started?
4. Cloud Security – As more and more companies move into a cloud infrastructure, make sure your IT security staff is educated on the security risks involved and how to keep the company safe. WebProtection™ by SafeCentral is flexible and offers enterprises multiple configuration options making it a great choice for companies that are employing VDIs, SSL VPNs, or using cloud services such as outsourced accounting systems, customer relationship management (CRM) tools, or enterprise resource planning (ERP).
5. Updated Software and Firmware – Make sure all the latest updates are installed for any software or firmware in any programs that are used within the company.
6. Good Email Filter – monitor your email regularly to see how well it does in preventing spam and phishing emails from reaching employees inboxes. If you see malware getting through on a regular basis, it’s time to change your provider.
7. Updated Malware protection – Even if Anti-Virus and Spyware software can’t catch every new threat that emerges, they are still integral tools in any security strategy and should be current at all times.
8. SafeCentral’s WebProtection™ - This is an extra level of security that protects your VDI, SSL VPN or cloud service connections and users from threats already in place.

WebProtection™ is a one-time install, light-weight data loss prevention (DLP) application that operates under the assumption that the user’s machine is already infected with malware ensuring that endpoint data is secure. WebProtection™ interprets and intercepts over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and effectively blocks all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Make sure you add SafeCentral’s WebProtection™ to your security strategy this year to get the best web security suite you can possibly have. For more information, go to our website www.SafeCentral.com to learn more and view a demo of the product.

Top Online Shopping Scams of 2010

With the holiday season, also known as the “shopping season” finally over, we thought it would be time to sit back and reflect on what was actually going on behind the scenes of online shopping last year. Although many of you feel that you didn’t have any malware problems and your shopping experience was great, there is a 33% chance that your computer is infected.

An identity protection company recently did a survey of 200,000 households over 30 days, and the results showed that 33% of the households contracted malware infections on their computers. With that in mind, we wanted to take a look at some of the top online shopping scams that you could have run into last year and that you should look out for this year.

Browser Exploitation
Out-of-date browser technology is a problem in many work environments. Users who haven’t installed the latest browser updates are at much bigger risk of landing on a malicious site after a simple typo. One slip on the keyboard could bring you to a site like 'Maky.com' when you are really looking for Macy's site or 'iBay.com' instead of eBay. Often sites with an address that is one letter off from a popular, legitimate site will be designed to look like the site you intended to go to, but instead it’s filled with bad links.

Older browsers aren’t as secure as the newer versions. More current versions have better sandboxes, better controls and better ways of detecting malicious sites. Be sure to keep your browser up-to-date.

Smishing
This is the mobile version of “Phishing”. Instead of receiving an email from a company you know such as your bank, PayPal, or postal delivery companies, you receive a SMS text message on your cellphone. The message tells you to call a toll free number, which is answered by a bogus interactive voice response system set up specifically to try to fool you into providing your account number and password.

Tiny Charges
Thieves get a hold of your credit or debit card number and make very small charges from 20 cent to $10. The charges will appear on your account with a corporate name and a fictitious toll free number that is either out of service or you’re instructed to leave a voicemail when you try to call to inquire about the charge.

Social Scams
Scam links on social networks are becoming more and more common. Cyber criminals will set up fake sites then send out links about sales and deals that will take you back to their malicious sites. These links will often be shared on Facebook, Twitter, and other social media sites.

This year there will be new and improved scams but this should at least give you an idea of what to look for. Although the best defense for online scams is caution and common sense, some malware and scams are very difficult to avoid. Even if your computer has the latest anti-virus and spyware protection updates, the criminals are always a step ahead of us and the protection is not created until after the new malware has been created.

SafeCentral’s WebProtection™ is an extra level of security to add to your computer. It allows you a safe browser experience, data protection, and secure online transactions, even if your computer is already infected.

WebProtection™ offers many benefits giving you peace of mind when transacting online such as:

• Patented technology to block key-loggers, screen-scrapers and other malware agents, even on an already infected PC
• SecureDNS to ensure a connection to the actual site, eliminating man-in-the-middle attacks
• Automated "launch anywhere" protection for seamless integration into your existing browsing habits

For more information, go to our website www.SafeCentral.com to learn more and view a demo of the product.

Banking Malware Continues to Cost Banks Millions

In the last two years online banking fraud has doubled and it’s obvious that cyber criminals are targeting banks and their customers. The most common way criminals attack customers’ computers without their knowledge is to install malware on their computer, often malware that can sense the user’s keystrokes and thereby transmit the bank account number and password.

Below are some of last year’s biggest online banking scams so you can get an idea of how broad the problem is.

Great Britain
Consumers and businesses in Great Britain lost more than $1 million dollars last summer from a Trojan that infected their computers, prompting them to log into their bank accounts and then transfer money to scammers in other countries. About 3,000 bank accounts at one financial institution were compromised.

The scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers, runs on major browsers, and exploits toolkits to get around anti-fraud systems used at bank Web sites.

IT Company
A New Hampshire-based IT consultancy lost nearly $100,000 in February, 2010 after thieves broke into the company’s bank accounts with the help of 10 co-conspirators across the United States.

The company received a voicemail message from its bank that said to contact the bank to discuss an automated clearing house (ACH) payment batch that had been posted to their account. The next day, the IT firm’s owner returned the call and learned from the bank that someone had put through an unauthorized batch of ACH transfers totaling $96,419.30. The batch payment effectively added 10 new individuals to the company’s payroll, sending each slightly less than $10,000. None of the individuals had any prior business or association with the company.

Zeus
Using a Trojan horse virus known as Zeus, hackers in Eastern Europe infected computers around the world. The virus was carried in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the malicious software installed itself on the victimized computer, capturing passwords, account numbers, and other data used to log into online banking accounts. The hackers used this to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of “money mules.” The money mules created bank accounts using fake documents and phony names. Once the money was in their accounts, they would either wire it back to their bosses in Eastern Europe or turn it into cash and smuggle it out of the country, they were paid a commission.

Instead of targeting corporations and large banks that had state-of-the-art online security, the hackers went after the accounts of medium-sized companies, towns, and even churches. Before they were caught, they managed to steal $70 million.

In October, with law enforcement partners in the United States, the United Kingdom, Ukraine, and the Netherlands, the FBI announced the execution of numerous arrests and search warrants in multiple countries in one of the largest cybercrime cases ever investigated.



This is just a short selection of last year’s cases. A key issue in bank account fraud is that there are serious disagreements between banks and their customers as far as who is ultimately responsible in cases of online account fraud. Banks feel that since the malware has infected the customers’ computers, the customers are responsible, while both commercial and individual customers feel that banks need to work harder on their end to increase online security. There are cases where customers have sued their banks because they were not able to recover all the money that was stolen but there have also been cases where banks have sued customers to have a court rule that their online security is sufficient

Ultimately the goal is to stop online account fraud, and a great way to accomplish that is SafeCentral’s WebProtection™.


SafeCentral’s WebProtection™, a one-time install, light-weight application, prevents funds transfer fraud even if the user’s machine is infected with malware. WebProtection™ provides data loss prevention (DLP) that combines impenetrable endpoint protection with secure DNS to ensure that endpoint data cannot be stolen or re-directed. WebProtection™ uses SafeCentral’s patented TSX technology to intercept and interpret over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and to block all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Take charge and secure your online financial transactions.

What’s Lurking In the Shadows?

Criminals constantly reinvent themselves and come up with new cons, frauds, and ways to get access to the money or information they are looking for. This is definitely true in the world of cybercrime where technology and trends are ever-changing. It can be difficult to keep on top of the latest viruses, phishing schemes, and other new online threats. We wanted to highlight just a couple of the things you want to look out for right now.

Phishing Scams
“I have a question about …” – This recent phishing scam normally begins with the subject line “I have a question about”. In the email, the sender will say that he has a question about a website or product and while looking for more information about it online, he came across your information. He then wants to know if you’re affiliated with the product and how you like it. There are no links in the email and it appears to be an attempt to start a conversation to hopefully extract some personal information from you.

Florida Lottery – There is a fake email lottery scam currently in circulation specifically for the Florida Lottery, but that is not to say you won’t see one from other states as well. These types of scams have been around before and are something to look out for. The email says that you have won a “Special Global Email Draw” and asks you to file an email claim for the prize.

Scareware Scams
Twitter links - A scareware scam is being distributed via compromised legitimate Twitter accounts as well as bogus accounts used to send out malevolent web links. The tweets talk about great anti-virus software that is downloadable through the following link. The link however will take you to a harmful web page that shows fake security warnings specific to every browser, i.e. if you’re on Firefox the page will look like the page that is usually displayed when accessing a blacklisted web address through Firefox. Users are then told that a scan is taking place to look for malicious programs, once completed the page will list numerous problems discovered recommending that specific security applications must be taken down.

This is in fact rogue anti-virus software called ThinkPoint that prevents users from getting on their desktops. Computer operators will then start a system reboot which will allow the rogueware to penetrate even deeper. As a result the victims are forced to pay up to remove the malicious programs from their computers.

Hard-disk Application – A JavaScript code added to legitimate websites’ online advertisements instructs the Web browser to show a certain window or access a domain that releases exploits on the host computer. These exploits run a downloader that pulls down the bogus hard-disk benefiting application on the system. A notice will then show up on your screen stating that your hard disk cannot be found. The idea is then that the user will be scared enough to click the “Enable Defrag HDD Repair”, which will then open a box asking for payment.

We hope this helps you protect your personal data and financial information. Protect your email accounts by making sure you don’t respond to emails about contests you haven’t entered or from people you don’t know. Make sure you have your own anti-malware protection on your computer and keep it updated.

To ensure complete protection when performing any online transaction or just browsing online, install SafeCentral’s WebProtection™ on your computer. SafeCentral’s WebProtection™ has:

• Patented technology to block key-loggers, screen-scrapers and other malware agents, even on an already infected PC
•  Secure DNS to ensure a connection to the actual site, eliminating man-in-the-middle attacks
• Automated "launch anywhere" protection for seamless integration into your existing browsing habits