US Wins Gold in World Spam and Credit Card Fraud Competitions

Comments Off on US Wins Gold in World Spam and Credit Card Fraud Competitions

medalAs we’ve witnessed at the 2014 Olympics in Sochi, Russia, it is possible to be a winner without even winning a medal!  There are so many inspiring stories about athletes from all over the globe who passionately sacrifice years and time and money for the chance to compete in the Olympics.  With little chance to win any medal, these athletes still train hard and compete, giving their personal best. Without winning any medal, there are many winners – in the best sense.

Unfortunately, there are competitions where “winning” does not make a “winner”– in the best sense.  In fact winning can be evidence of not trying, of not doing the right thing, of not giving personal best. Here are two painful examples where winning is not done by winners and winning is not a cause for national pride…  And for my fellow American readers, this one is for US…

2013 Global “Spampionship”

Sophos Labs, a developer and vendor of security software and hardware headquartered in Boston and Oxford, UK, recently released its “Dirty Dozen” list – the top 12 spam producing countries for 2013.

And the Winner is — “the USA which earned the league’s top spot, generating 14.5 percent of the total spam volume sent during the last quarter of the year, giving it a clean sweep of top finishes for 2013. However, the gap to second place narrowed, with China re-emerging as a major player in the spam sending Dirty Dozen, leaping from 4.6 percent to 8.2 percent, while Russia’s spam contribution edged up from 3.0 percent in Q3 to 5.5 percent in Q4.” *

And how did the US win the “gold” as the country that generates the most spam?  Mostly by not trying – by not doing all the right things.


US Wins the Global Daily Credit Card Fraud Competition

With only 25% of the global daily credit card transactions, the US accounts for a whopping half of the total daily global fraud activity!  That’s a blush causing percentage for a country that is supposed to be the world’s technology leader and a trusted haven in cyber darkness.

How did the US win this inglorious “competition”?  Well, it appears one more time that the US achieved this unsavory “win” by using a strategy of not doing the right things.

The Right Things

If the common thread of these tarnished wins is not doing the right things, then it seems reasonable that doing the right things is key to relinquishing these dubious titles.  So, what are the right things?


In the case of spam, it is important to understand that spam is sent out by computers, not by countries.

The computers that send spam are unprotected, infected computers that have silently become part of botnets – zombie armies controlled by botnet managers to accomplish cyber-crime.  As the top spamming country, the US essentially has the most infected computers!  This is not a cause for pride!

There is no excuse for this situation since there are so many effective, free anti-virus and malware programs available for home users.  Corporate computers are not exempt from blame either; if there is not a corporate IT attitude of making computers on networks bulletproof with the best ongoing security practices, then those computers can be dangerous as well.

The right thing in the case of spam is to be sure your computer is protected with current, daily updated and effective anti-virus and malware protection.  Run a boot-time scan if your anti-virus program can do so; or at least run a regular full scan.  Get a good malware protection program and regularly run a full scan with that.  Get informed.  Ask questions from qualified professionals who are informed about today’s security practices.

The right thing to do to help your country lose the gold as top spamming country is to protect your computer and keep it secure.  The right thing is to help stop cyber-crime by not contributing to it with an infected, zombie computer.

Credit/Debit Card Fraud

Currently the US uses “sign and swipe” technology for credit/debit cards.  This is an “old” technology developed in the 1960s by IBM as a security pass card.  Ironically, today this technology lacks security.   We continue to use the “sign and swipe” cards only because they are convenient to use and cheap to produce.  What we continue to ignore is that this 50 year old technology is very easy to counterfeit and breach.  It is this choice of profit over security that keeps the US in the top fraud producing spot.

What would be the right thing to do at this point?  The easy answer is to get a more secure technology.  France has been using one since 1992, believe it or not – the EMV “chip and pin” type card. describes the card:  It’s a credit card that ”utilizes multiple layers of security – including a computer chip in each card that stores and transmits encrypted data, as well as a unique identifier that can change with each transaction. Cardholders also enter a PIN to authorize transactions. Total fraud losses dropped by 50 percent and card counterfeiting fell by 78 percent in the first year after EMV smart cards” were introduced there.  That sounds like it was the right thing to do.

In fact, 22 years later, the US is now considering this European technology.  Visa and MasterCard have set rollout dates for this type card by October, 2015.   However, costs and lack of clarity about who assumes liability when a breach occurs seems to underlie reluctance to adopt better technologies — the same old same old that keeps the US as the gold standard for fraud.   Oh, did you catch the wording, “when” not “if” a breach occurs?   We have to do better!!

And, we can do better!  We can all make choices to be informed and to do the right things…   If we do, we can all be winners — in the best sense.


Are You Now A Crime Target?

Comments Off on Are You Now A Crime Target?

TargtThis post is dedicated to alerting or even alarming all reader friends about the absolute need for CAUTION when using credit and debit cards – anywhere. If I could, I would shout from the top of the Internet Cloud — BE CAREFUL! BE CAUTIOUS! Your cards are not as safe as you think they are!

Well, that sounds a bit over-reactive, you might say. What’s bugging you, you ask? Still fretting over that Target thing way back on Black Friday, you sigh?

Guilty on all counts, I respond! If anything, I am not being reactive enough! Is something bugging me? – You bet it is! Actually I’m very bugged about what may be bugging, or hacking all of us, even as you read this! Fretting still over that Black Friday thing? Fretting doesn’t come close to what I feel as I continue to read about what really happened in the data breaches at Target, et al retailers….

I care about your security and I want you to be informed beyond the front page spin you get from the news. The retailers don’t want you to know all the scary details about their headlining data breaches because they can’t afford to lose your business. But you can’t afford to continue to do business as usual with them, because it is YOU who stands to lose the most. If you care about your safety and security, please read on…

What I want to share here are some under-reported details about the data breaches so that you can better understand your current and future threats. Then, in a coming post, I’ll try to help you learn about the new credit and debit card technologies and strategize about the realities concerning use of credit and debit cards.

Target Black Friday Data Breach

Please realize that Target thing was bigger than first reported! At Target alone, “instead of affecting approximately 40 million of their guests, Target now fears that the security breach could ultimately affect approximately 110 million people…. It turns out that the thieves didn’t just obtain your credit card numbers; they also have your names, phone numbers, mailing addresses, and e-mail addresses.”1 The credit and debit card data supposedly were dropped to servers in several places including Russia and Brazil. Knowing that some crooks in Russia have my credit card information AND know where I live is very disturbing!

Oh, by the way – that Target thing on Black Friday actually was a more prolonged activity than just Black Friday. The major news outlets gave some sanitized versions on the dates. It has been discovered that confidential information was harvested between November 27th and December 15, 2013. But here’s an even more creepy thought – the hackers were actually in the entire Target system, undetected, for weeks prior to the harvest, infecting POS (point of sale) systems and testing the efficiency of their malware. 2

Neiman Marcus and other Retailer Breaches

After the Target breach was made public, Neiman Marcus and two other yet to be named retailers reported their own breaches as well. The Neiman Marcus breach affected possibly a million customers. Although not confirmed, one of the other retailers could be Michaels.3  Michaels reported credit card breaches in 2010 as well. 4 Have you made any credit/debit card purchases at Neiman Marcus or Michaels since last fall?

White Lodging Data Breach

There are recent but under-reported breaches as well, like the one involving White Lodging, a hotel management group in Indiana which manages 168 hotels in 21 states, including Marriott, Starwood, Intercontinental and other brand hotels. In mid-2013, thousands of hotel guests’ credit and debit card information were compromised. However, information is just now (Feb. 2014) making back page news.5

In Technology We Trust – NOT

You might have noticed that details about the retailer breaches are slow to come forth. That’s predictable. Retailer’s sales are impacted by consumer’s trust in their brand. Negative news especially about inadequate security measures and technologies to protect the customer’s confidential data is a trust buster! Consider that it took Target 4 weeks to notify its customer about the data breach! And when Target did make a statement, its spin was on being a “victim” in the breach.

Well, that may be one way to look at it. But there is also a lot of high tech scrutiny about Target’s compliance (or non-compliance) to credit card standards as well as whether Target used “best practice” security technologies concerning its POS (point of sale) system and its network infrastructure. Lawsuits about these issues are already in the works.

For damage control, Neiman Marcus had to come forward about their data breach after Target’s breach announcement. Customer protection does not seem to be the motivator for the retailer confessions.

So please don’t get lulled into a false sense of security just because the news is not reporting any more details. The lack of reporting is not a sign that the storm is over.  It is not!  Who knows who the next retailer will be to confess a breach? Who knows how many more breaches are still unreported? That the US Secret Service is involved in some of these investigations might put some perspective on the severity of these breaches…

OK. Does any of this information cause a feeling of alarm in you? I hope so! And if so, I hope you understand the need for CAUTION!

So what do I do now, you ask? For starters, stay informed. What you don’t know can hurt you!

• Don’t let that thing at Target move off your radar screen. Keep watching how it plays out. Out of sight – out of mind is a dangerous attitude when it comes to self-protection.

• Be sure your information comes from current, accurate, informed and well documented sources.

• Understand that the speed of change in technology is mind boggling. Yesterday’s standards will probably not hold up under tomorrow’s threats and challenges. Don’t trust old information and technologies…

I’ll post soon more information about credit and debit cards – the “new” technology changes; what you need to understand about them to make informed choices; and strategies to be proactive in guarding yourself against credit and debit card fraud.

In the meantime —

Be Cautious. Be Aware. Be Informed.



Clear Text – Why You Should Be Clear About It!

Comments Off on Clear Text – Why You Should Be Clear About It!

Don’t send personal information through e-mail because it is clear text!

You’ve probably heard and read that admonition so many times that you’ve tuned it out as just more geek speak – stuff only techie-types read and heed. Geek speak is not your language; and after all, you’ve been using e-mail for eons now without any real problems due to clear text…  So what’s the problem?

BB2Browsing Bowser now is thinking out loud: Clear text?  That doesn’t sound like geeky language. It sounds like normal English to me.  So why is there a warning about when it doesn’t seem dangerous?   Hmmm. OK. I have to admit, I’ve pretty much ignored the warning myself without giving it much thought. So I’ll bite – why is there a warning about clear text and why should I be paying more attention to it?

Glad you asked, Browsing Bowser! Because – simple as these two words sound, clear text is all about your security, protecting your personal information and cyber crime.

Let’s start with definitions and then try to explain why this warning is so vital to your security.   Text in the context of email commonly means written or printed wordsClear in this sense means visible as written.  Therefore, clear text is text that is visible as written.

Browsing Bowser here – So far, that doesn’t sound very profound… What’s the big deal?

Be patient, BB.  The “big deal” is the security issue surrounding clear text.  In security terms, clear text is unencrypted text – text that has not been altered in a way to make it unreadable without a decryption tool.

Browsing Bowser here again.  Decryption? Unreadable? I thought email was supposed to be easy to read?

Yes, it is, BB, but only after it arrives in the recipient’s inbox. Email in clear text can be a problem on the way to the recipient’s mailbox.  Because of the complex way that the email travels to its destination, it can be “sniffed” or discovered by someone with malicious intent.  If that happens, and the email is clear text, all its content can be read and used by the interceptor.

Sniffed? As a dog, I understand sniffing, says Browsing Bowser. But what does that mean in cyber terms?

Similar concept, BB. Sniffers – more correctly packet sniffers, are utilities used to discover and capture data over networks. Network administrators use them to monitor and diagnose network issues. That’s a beneficial use of packet sniffers. Packet sniffers can also be used maliciously to capture data, like email, across the internet (giant network), as I just mentioned. And “sniffer” utilities are easily available – to both network pros and cyber bad guys.

Starting to see a connection here to clear text and possible violations to your security? Not yet?

OK.  Here’s an analogy that is often used to describe the vulnerability of  email in clear text:

Envelope2You are sending a very personal and important letter to a friend through the postal system. The letter includes passwords, credit card numbers, bank account information, social security numbers, personal information, even gossip. But, you write your letter on the envelope, not in it. Anyone who handles your envelope can read your information!       (click on image to enlarge…)

So back to the warning –

Don’t send personal information through e-mail because it is clear text…



Friends Don’t Let Friends Use XP!

Comments Off on Friends Don’t Let Friends Use XP!

RIP XPI posted a bit ago that the very good and popular Microsoft Operating System, Windows XP, will be laid to rest this coming April, 2014. (See post:

I posted the information, not to eulogize Microsoft’s most successful operating system, but to provide a very critical head’s up to everyone using the XP operating system – that they MUST properly prepare a RIP for XP and replace it prior to this coming April.

I’ve made it my mission to tell everyone – friends, family, the world – that they MUST, not Should, but MUST replace XP. And I am asking you to join me in that mission – to tell everyone you know, including yourself, that XP has to be replaced. Friends will NOT let friends use XP!

Unfortunately, as I’ve trumpeted my XP Retirement Call to everyone I know, I’ve found that way too many people think that retiring (referred to as sunsetting) XP is just a benign marketing ploy by Microsoft to make more money – that it is not truly a security threat.

Please get rid of that notion! It is a delusional, risky thought.

Yes, retiring or sunsetting a product is a way for the vendor to make money by forcing you to get the newest version of a product.

But – NO, it is a major mistake for anyone to dismiss the threat aspect of sunsetting a product.

  • The hard and cold problem of sunsetting any product is that there will be no more protective patches and updates provided for that product.
  • Without updates and patches, all products, including XP, become willful invitations to be violated and exploited.

Here are a few dangerous delusions and myths that are being used to justify continuing the use of XP.

  • “30% of businesses still use XP. That many good minds can’t be wrong…”

o Yes they can be wrong! Following the crowd can be a quick road toward demise. Those that won’t be counseled can’t be helped”.     Ben Franklin

  • “I have a good and current anti-virus program (or malware or security program…)”

o Vulnerabilities from outdated operating systems are NOT protected or “healed” by even up to best up-to-date anti-virus or malware programs!

  • “I only use the internet a little bit. I will be careful…”

o Hacker programs are constantly searching the internet for unprotected and vulnerable computers. It can take as little as 20 seconds to be discovered and hacked.

In case being hacked doesn’t sound like much danger to you, think identity theft and all the horrors that go with it.

Another danger is becoming enlisted in botnets. If you don’t know what a botnet is and why it is dangerous, see my post

I will end this post the same way I ended my previous post about retiring Windows XP:       By not upgrading to a current operating system now or at least planning to pull your XP system offline by April 14, 2014, you are actually abetting cyber-crime. Please consider the consequences as very serious before you choose to ignore the XP support end date.

Edmund Burke famously said – “The only thing necessary for the triumph of evil is for good men to do nothing.”

Please do not do nothing….

Be a Friend and Don’t Let Your Friends Use XP!

Top 10 Scams of 2012

Comments Off on Top 10 Scams of 2012

ScamsOne of the mysteries of the con-man is why he bothers (I say he, but of course there are plenty of con-women who are just as unscrupulous). He is often energetic, imaginative and ambitious, so why doesn’t he build up a decent, respectable business instead of robbing hard-working people? I suppose it’s because con-men (and I’ve met many over my years in consumer protection) all regard the people they deceive simply as walking wallets, to be ruthlessly squeezed, emptied, and then thrown away.

So the con-men will shamelessly lie to us, try to tempt us with ‘something for nothing’, ‘too good to be true’ offers – like the ‘show house’ discount for double glazing or central heating, or the ‘million pound lottery’ he pretends you have won and so on. And he gambles on the fact that when we discover that we’ve fallen for his blatant swindle, we will be too ashamed to report him to the police…

Excerpted from the Introduction to the “Little Book of Big Scams”. Source:

Internet scams are updated, worldwide versions of age-old tactics and schemes to cheat and defraud a victim. What the internet has added to con-artistry is an extreme ease of distributing fraudulent schemes to millions of people!

The Better Business Bureau listed the following schemes as the Top 10 Scams in 2012. These scams continue to be headliners so far in 2013:


Be Aware and Beware…

1. Bogus Health Products – This scam is the modern version of snake oils and elixirs that claim cures for everything that ails you.

2. Advance Fee Loans – These are bogus offers with fraudulent websites that promise to provide easy credit and/or loans. Required upfront payments are a sign the site/offer is a scam.

3. The Nigerian Scam – This is an old scam with several variations that amazingly doesn’t die. It appeals to the sympathy and generosity of the victim. An email or hard copy letter or even fax arrives asking for help to get money out of war ravaged countries to help the poor subject named in the request. The FBI reports the author requests upfront money to help complete the emotional request but the willing victim will always be out money.

4. The Grandma Scam – Aimed at seniors, the “victims receive a call from a ‘grandchild’ in distress in a foreign country. Grandparents are told to wire money to ‘the police.’” It is suggested that “the best defense is to remain calm. Make them give you their name. Insist on calling your son or daughter. Chances are, you’ll find your grandchild safe at home.”

5. Foreign lotteries or sweepstakes – “A check comes in the mail–to cover ‘taxes, fees or insurance.’ You’re supposed to cash the check and wire back funds to claim your prize, but the check is no good. Remember, it’s illegal for U.S. citizens to enter foreign sweepstakes or lotteries. If you have to send money, even if they send you a check, you haven’t won anything.”

6. Overpayment Scams – “Your classified or Craigslist ad receives an email expressing interest in the item. The mystery buyer’s English is poor. They want the item delivered through a shipper. They offer to overpay for the item and want you to wire the excess funds after the check is deposited. Never accept a check for more than the selling price and never agree to wire back funds to a buyer.”

7. Charity Scams – “Fraudulent solicitations come over the phone with scammers pretending to be affiliated with legitimate charities. Other scams involve bogus websites created to fool people into providing credit cards. If you want to donate to a charity, use the charity’s own websites directly. You can investigate unfamiliar charities online at”

8. Employment/Mystery Shopping Scams – If you are applying online for employment, “regardless of the reason or excuse given by the employer, you should never give out…Social Security or bank account numbers over the phone or e-mail.”

Mystery Shopping Scams operate just like lottery scams and overpayment scams—here is a check; do a job, wire money back to your ‘employer.’ The checks are no good and you’re out any money you send away.”

9. Phishing – “Scammers, masquerading as legitimate organizations send official-seeming email to get you to reveal sensitive data. If you get an email or pop-up asking for personal or financial information, don’t reply. Don’t click any links. Contact the organization mentioned using a phone number you know is genuine, or open a new window and type the company’s correct web address to verify it.”

10. Smishing – “Cell phone text messages deliver the “bait” to get people to divulge their personal information. They claim there’s a problem with your debit or credit card or bank account, and that it’s been frozen. Never provide personal or financial information to unknown parties, and never click on any embedded Internet links in unsolicited text messages.”

DisHonorable Mention: Online Dating Scams

Although not listed on the Better Bureau’s site, Online Dating Scams deserve mention. There are many legitimate online dating services, but there are also many fraudsters who use the services to bilk a victim out of money and emotions. Here are some alerts that your potential amour is really looking for your money…

• The potential “date” quickly wants to use personal email or messaging rather than the dating site format

• They profess love quickly

• They claim to be from the U.S. but are working or traveling overseas

• They cancel a planned visit to you because of some unexpected but traumatic event and request money to help cover some of those traumatic event issues.

• Send NO Money. Report them immediately to the dating site and FBI.

Unfortunately, this is not a comprehensive list of scams and schemes. It is only a compilation of 2012’s TOP 10!   May none of these be your experience!

The cautious seldom err  –  Confucius


Tell-Tail Signs of a Scam

Comments Off on Tell-Tail Signs of a Scam


Tell-tail signs that you are about to be scammed with an email or internet offer:

  • The organization making the “offer” has no website and cannot be located with an online search
  • The email or site has no “contact” information
  • The email or site asks for bank account information, credit card numbers, driver’s license numbers, passport numbers, social security, mother’s maiden name or other personal information.
  • The return email address is a gmail, yahoo, hotmail, ymail, or another free email accounts. Legitimate companies can afford to buy a company domain name which creates their brand, legitimacy and trust.
  • The offer asks you to follow a link to another site and log on to or create an account.
  • You are advised that you have won a prize but you don’t recall entering any contest affiliated with the prize promoters.
  • The email claims you won a lottery.  The catch here is that legal lotteries don’t notify winners by email.
  • Although the email is addressed to your email address, it winds up in your junk mail.  It is usually a bulk mailer that many people worldwide probably also received.
  • The email or site asks for “upfront” money to cover processing and administrative fees.
  • Bait prizes are offered.  However, if these are real prizes, they are often inferior in quality or falsely represented.
  • You are required to travel at your own cost to receive your prize.
  • The offer seems to be filled with hype and exaggerations but offers few details about how the offer works.
  • The offer promises you money, jobs, prizes, lucrative business deals.
  • If the offer seems too good to be true – it is!

Good resources to check out the legitimacy of your “offer” or where to report fraud:


Internet Crime Complaint Center (

Complaints against foreign companies

FBI (whois lookup)


Microsoft Tuesday, Exploit Wednesday and Why You Need to Do Updates

Comments Off on Microsoft Tuesday, Exploit Wednesday and Why You Need to Do Updates

patchMicrosoft Tuesday?

Oh you savvy dog, you! You already know that it is the first Tuesday of every month when Microsoft (MS) releases all those security patches and other fixes… Microsoft wants to make your operating system and other MS products more secure and more functional.  Monthly and Free? More secure and more functional? Yep. That sounds pretty good of Microsoft, don’t you think?

What’s that you ask? All those fixes every month? Uh – Why can’t Microsoft make their products strong and secure right from the start? Hmmm. You weren’t supposed to go in that direction. But you know, those are really good questions! So, let’s see what we can dig up on them. Let me caution you though, to not get your hopes up too high for satisfying answers. Remember, this is the company that made you go to their Start Button to Shut Down your computer… Oh, and speaking about satisfying, wait till you hear about Exploit Wednesday

OK – why are there so many patches that last the lifetime of the software product? Why can’t software be created correctly before it is sold? Let’s oversimplify this answer just to keep it under 100 pages – and blame it on business rules and competition.

Consider the old Vista Operating System as an example. It is estimated Vista has around 50 million lines of code! That’s a bunch of code. Ideally it would be sold with no errors in those 50,000,000 lines of code. Now let’s pretend that quality control parameters allow only .5% margin of error in the code. That seems like a very tight margin of error – until you do the math. At even that small margin, a still very usable Vista Operating System could go to market with some glitches – theoretically, a possible 250,000 lines of code with error, according to that business rule!  Whoa, that’s a lot of fleas left on the dog!

And consider the notion that Microsoft, with a penchant for being the first to get to market with all their products, allows the post-beta testing phase of their products to be done by us, the consumer public. In other words, the company allows the product’s users to find those “possible” errors. The public then reports the errors back to Microsoft so that MS can, in turn, release patches and fixes to correct those errors.   Actually, pretttty clever… Think of the savings in time and costs for the company by letting the using public discover those errors/glitches that reached the post-beta testing phase.

Another “Hmmmm” you muse… “Could some of those users actually be cyber bad guys?” you ask.   Bingo again, you savvy dog, you.  It is usually the exploit from the cyber bad guys rather than the software errors reported by the using public that generate the required patches and fixes.

“But that kind of turns around my concept of releasing patches” you muse again. “I mean, the patches seem more reactive than pro-active”, you pant out loud! “That’s a really scary thought to think through. My computer is vulnerable all the time, it seems! I have to hope the next exploit won’t hit my computer while I have to wait for the patch/fix to be released so I can be safe from the last exploit but not the next one. And looking at the fact that the releases are monthly for the last 10 years…” Yeah, Browsing Bowser.  Makes the hair on my neck stand up, too…

 But are you starting to understand why immediately applying patches and fixes is essential not only to your security but also to slowing down the damage done by exploiters?  

Which takes me to Exploit Wednesdays

I’ll bet you already have a notion about this day, too! You are right if you think it is the Wednesday following Microsoft Tuesday! Cyber bad guys have talented code developers, too, who wait for the MS patches to be released on Microsoft Tuesday so that they can analyze the newly released patches and find ways to create new exploits. So the next day, Wednesday, or soon thereafter more exploits show up in the cyber world. And not to waste any opportunity, these exploiters use the monthly release schedule to their advantage – they know it will be at least a month before any patch will be released against them if they release their exploit on or near Exploit Wednesday

Software Exploits.

Exploited Users.

Microsoft Tuesday.

Exploit Wednesday.

Patch as Fast as Possible Thursday.

DogGoneComputers Rule Friday!

PS. All software manufacturers release patches and fixes as well, including Apple. So let’s be fair to Microsoft and include them all in this scenario…

Older Entries