Tuesday, July 30, 2013
Your smartphone is one of the most valuable tools people rely on today. Protect it wisely with these safety tips.
Our Current Rates:
For a listing of our current deposit and loan rates, click here.
This is the type of story that I love to share.
A July 25th indictment against four Russians and one Ukrainian alleged the group conspired to orchestrate a sophisticated scheme attacking several organizations. The group worked with Albert Gonzalez, who was convicted for being the mastermind behind breaches of payment processors Heartland Payment Systems and Global Payments.
They're accused of being co-conspirators in the attacks against the payment processors as well as hacking 7-Eleven, Diners Club, Dow Jones Inc., JC Penney Inc., JetBlue Airways, NASDAQ and several prominent European payments processors and retailers. The attacks occurred from August 2005 through July 2012.
Payment card numbers were stolen from 7-Eleven, Diners Club Singapore, Euronet, Global Payments, Hannaford Supermarkets, Heartland Payment Systems, JC Penney and others.
Login credentials were stolen from Dow Jones Inc. and NASDAQ. Employee personal information was stolen from JetBlue.
The crooks used SQL injection attacks to detect vulnerabilities on the victims' SQL database. The attacker sends code to the database in search of a response. They'll continue to modify the queries until they find a string that returns a response.
Bingo. Once inside a corporate network, they placed malware on them creating a "back door" for them to enter the vulnerable system.
They visited retail stores to review vulnerabilities in the payment processing systems.
Before actually stealing the data, they scouted out the location of the information they found most valuable. They would often monitor their victim for several months before making their move.
The cyberthieves installed sniffer programs on the networks to capture credit card numbers, login credentials and whatever other personal information may hold value. They instant messaged each other the logistics of navigating each compromised network. At times, they would meet in person so electronic communications couldn't be tracked.
To cover their tracks, the group leased servers around the world under false names to store malware, stage the attacks and receive the stolen data. They disguised their IP address and moved frequently between different servers.
The group knew their way around security software to avoid the protection they provide. They altered settings to disable security mechanisms from logging their actions.
One of the defendants took the information to the black market. The data was sold to others who encoded the stolen information onto magnetic strips of blank cards used to make ATM withdrawals and purchase merchandise.
How much is this information worth on the streets? The crooks charged $10 for each U.S. credit card number along with the associated data. European card numbers went for $50 each and Canadian $15. More than 160 million cards were compromised in the scheme.
Three of the victim companies alone lost more than $300 million in the theft.
Gonzalez was sentenced to 20 years in prison in March 2010 for his role in the crime. He organized the crime ring called Shadowcrew. And worked with law enforcement officials to track the rest of his gang.
The Internet is not quite so anonymous today as it was in its early stages. The international community has come together to fight this crime that affects each and every one of us. Justice is being served.
If you have an Android phone, you already know what I'm talking about. You've probably downloaded a free app, only to find those pesky popup ads that once drove PC users insane before blockers became popular.
And if you scrolled around your screen and accidentally landed on the aggravating ad just a smidgeon too long, the ad balloons to full size. Your interest in the product matters not. All you want to do is find a way to close the ad and return to your app.
It's not quite that easy. Nor may it be simply annoying. Many of these ads carry a payload that can turn your life upside down.
Merely accessing the ad can deliver a Trojan that may steal your personal data, device configuration, and even report your GPS coordinates. They can change your browser, homepage and bookmark settings. Some even send fake SMS messages that appear to come from you or place ads on your notification bar.
The worst part of this is that you can't do a thing to stop it. You agreed to these conditions when you downloaded the free app. It's all hidden in the fine print.
Android users don't suffer alone. New malicious apps pop up often in Apple's App Store as well as Google Play. Criminals use popular game titles to trick users into thinking they're downloading the legitimate app.
Apple and Google both remove the malware versions immediately once detected. Yet many devices are compromised in the meantime.
Threats named "Super Mario Bros." and "GTA 3 Moscow City" were both posted to Google Play on June 24th. They generated between 50,000 and 100,000 downloads before being removed.
They followed in the footsteps of "Find and Call," an app that supposedly matched your phone contacts to email addresses to make it easier for the user to call someone without searching for the number.
The app uploaded their full address books to a server which spammed all their contacts.
Criminals use mobile malware to make money in a variety of ways.
Using premium SMS messages, the cyberthieves send a message to their partners. They now know your mobile provider and can charge premium content to your account.
They can steal any information stored in your smartphone. Apps ask permission before accessing your contents, but many folks simply agree without understanding the risks. Your login credentials, personal and business data all hold value for future phishing attacks.
A mobile variant of the ZeuS Trojan can capture your online banking credentials and divert money from your bank account to one owned by the crooks. Read about ZeuS here.
Ransomware is now appearing on mobile devices. A screen appears on your device, threatening to lock it and encrypt your data unless you pay a ransom. It appears to come from the police or FBI, claiming they detected illegal material. Your phone or tablet is held hostage until you pay up.
Botnets and spam aren't just for computers. And haven't been for quite some time. Every risk known in cyberspace now lurks in the palm of your hand as well. It was only a matter of time.
Tip of the Week
Thieves no longer steal Social Security checks from mailboxes. In this electronic age, they're hijacking electronic payments and redirecting them to prepaid debit cards that are harder to track. The crooks obtain personal information of the beneficiaries and create an online Social Security account in their name. Once they can access their account, they change the address and bank account information for the victim.
Encourage loved ones to create their own online Social Security account. Fraud can be blocked if the credentials are already established. Their ploy only works by creating a new account.
GCFlash is a weekly e-mail sent only to its listed customers and associates free of charge. GCFlash informs customers of special product offerings which may be of interest, current interest rates on both deposit and loan products, selected financial news and other financial tidbits. GCFlash is intended to supplement the more comprehensive information listed on the GCF Web site at http://www.gcfbank.com.GCFLASH PRIVACY STATEMENT
GCF maintains your e-mail address in a confidential and secure database along with much of your other account information, such as mailing address and telephone number, etc. Before aggregating our e-mailing list each week, we filter out any duplicates. In most cases, this inhibits the unintended e-mailing of multiple copies of GCFlash to a single e-mail address. However, because these account records are kept by both individual and account, there is a chance members of the same household could each receive a copy of GCFlash or any other transmission at the same e- mail address - resulting in multiple copies. For example, a husband and wife that both have accounts with GCF may both receive a copy because the names are different but listed at the same e-mail address. This is similar to the manner in which each individual may share a common telephone number. To handle this situation, GCF recommends you simply delete any extra copies of GCFlash as this will ensure that ALL individuals receive any future promotional mailings, which might only be targeted or offered to specific accountholders meeting certain criteria. GCF has the capability to suppress customer e-mail addresses so they are omitted from our transmission list. If you would rather have a specific household member's e-mail address suppressed in our electronic database, simply send us a reply, as stated below, and indicate the accountholder for which you would like to have e-mail suppressed. Please keep in mind that this suppression will mean that NO future e-mails are sent, including special promotional offers. If you have any questions about this process or need additional information, please contact us at email@example.com.
If you would like to be removed from this electronic mailing list, click this link to send us an email to unsubscribe. Please note, removing your name from our electronic mailing list means GCF will send NO FUTURE NEWS or SPECIAL OFFERS.
Banking With Us