The US Trustee Program, part of the US DoJ, runs the Federal bankruptcy system, monitoring the conduct of people involved in bankruptcy cases, ensuring compliance with applicable laws and investigating bankruptcy fraud and abuse.
They recently issued the following warning for people who are already overwhelmed by the legal juggernaut of a bankruptcy filing and are at serious risk of being scammed out of what little they have left.

DON’T GET “LOCKED OUT” OF YOUR HOME BY A BANKRUPTCY SCAM OPERATOR

Are you having trouble making your home mortgage payments? Are you facing foreclosure on your home? Get all the facts before you pay someone to help you work out your mortgage problems.
“Bankruptcy foreclosure scams” target people whose home mortgages are in trouble. Scam operators advertise over the Internet and in local publications, distribute flyers, or contact people whose homes are listed in the foreclosure notices. Sometimes they direct their appeals to specific religious or ethnic groups.

These scam operators may promise to take care of your problems with your mortgage lender or to obtain refinancing for you. Sometimes they also ask you to pay your mortgage payments directly to the scam operator. They may even ask you to hand over your property deed to the operator, and then make payments to the operator in order to stay in your home.

But instead of contacting your lender or refinancing your loan, the scam operator pockets all the money you paid, and then files a bankruptcy case in your name — sometimes without your knowledge.

A bankruptcy filing often stops a home foreclosure, but only temporarily. If a bankruptcy is filed in your name but you don’t participate in the case, the judge will dismiss the case and the foreclosure proceedings will continue.

If this happens, you will lose the money you paid to the scam operator — AND YOU COULD LOSE YOUR HOME. You will also have a bankruptcy listed on your credit record for years afterward.

Proceed with care if an individual or company:

• Calls itself a “mortgage consultant,” “foreclosure service,” or similar name.
• Contacts or advertises to people whose homes are listed for foreclosure.
• Collects a fee before it provides services to you.
• Tells you to make your home mortgage payments directly to the individual or company.
• Tells you to transfer your property deed or title to the individual or company.

If you can’t pay your mortgage, call your mortgage lender or contact a lawyer for help. Your state or local bar association may be able to help you find low-cost legal help.
If you think an individual or company is running a mortgage foreclosure scam, contact the local office of the United States Trustee. The United States Trustee is a Justice Department official who monitors the bankruptcy system. Look for your local United States Trustee’s telephone number in your telephone directory or on our web site at www.usdoj.gov/ust/eo/ust_org/office_locator.htm.

Cyber Security Tip ST06-008        Safeguarding Your Data

When there are multiple people using your computer and/or you store  sensitive personal and work-related data on your computer, it is especially important to take extra security precautions.

Why isn’t “more” better?

Maybe there is an extra software program included with a program you bought. Or perhaps you found a free download online. You may be tempted to install   the programs just because you can, or because you think you might use them   later. However, even if the source and the software are legitimate, there  may  be hidden risks. And if other people use your computer, there are  additional risks.

These risks become especially important if you use your computer to manage  your personal finances (banking, taxes, online bill payment, etc.), store   sensitive personal data, or perform work-related activities away from the   office. However, there are steps you can take to protect yourself.

How can you protect both your personal and work-related data?

1. Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on  your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding  Firewalls  for  more  information).  Make  sure to keep your virus definitions up to date.

2. Regularly scan your computer for spyware – Spyware or adware hidden in software programs may affect the performance of your computer and give  attackers access to your data. Use a legitimate anti-spyware program to   scan your computer and remove any of these files (see Recognizing and Avoiding Spyware for more information). Many anti-virus products have incorporated spyware detection.

3.  Keep software up to date – Install software patches so that attackers       cannot  take  advantage  of known problems or vulnerabilities (see       Understanding Patches for more information). Many operating systems  offer automatic updates. If this option is available, you should turn it on.

4.  Evaluate  your  software’s settings – The default settings of most       software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level  of security available that still gives you the functionality you need.

5.  Avoid unused software programs – Do not clutter your computer with       unnecessary software programs. If you have programs on your computer       that  you  do  not use, consider uninstalling them. In addition to       consuming system resources, these programs may contain vulnerabilities       that, if not patched, may allow an attacker to access your computer.

6.  Consider creating separate user accounts – If there are other people       using  your  computer,  you  may  be worried that someone else may       accidentally access, modify, and/or delete your files. Most operating       systems (including Windows XP and Vista, Mac OS X, and Linux) give you       the option of creating a different user account for each user, and you       can set the amount of access and privileges for each account. You may       also  choose  to have separate accounts for your work and personal
purposes. While this approach will not completely isolate each area, it       does offer some additional protection. However, it will not protect your       computer against vulnerabilities that give an attacker administrative       privileges. Ideally, you will have separate computers for work and       personal use; this will offer a different type of protection.

7.  Establish guidelines for computer use – If there are multiple people       using your computer, especially children, make sure they understand how       to  use  the  computer and internet safely. Setting boundaries and       guidelines will help to protect your data (see Keeping Children Safe       Online for more information).

8.  Use passwords and encrypt sensitive files – Passwords and other security       features add layers of protection if used appropriately (see Choosing       and  Protecting  Passwords  and  Supplementing  Passwords for more       information). By encrypting files, you ensure that unauthorized people
can’t view data even if they can physically access it. You may also want       to consider options for full disk encryption, which prevents a thief       from  even starting your laptop without a passphrase. When you use       encryption, it is important to remember your passwords and passphrases;       if you forget or lose them, you may lose your data.

9. Follow  corporate  policies  for handling and storing work-related       information – If you use your computer for work-related purposes, make       sure to follow any corporate policies for handling and storing the       information.  These  policies  were  likely established to protect       proprietary information and customer data, as well as to protect you and       the company from liability. Even if it is not explicitly stated in your       corporate policy, you should avoid allowing other people, including       family members, to use a computer that contains corporate data.

10. Dispose of sensitive information properly – Simply deleting a file does       not completely erase it. To ensure that an attacker cannot access these       files,  make  sure  that you adequately erase sensitive files (see       Effectively Erasing Files for more information).

11. Follow good security habits – Review other security tips for ways to       protect yourself and your data.
_________________________________________________________________
Author: Mindi McDowell   Produced 2006 by US-CERT, a government organization.
<http://www.us-cert.gov/cas/tips/ST06-008.html>

This is a notice that you should send to your family and friends, (especially the ’silver surfers’) and maybe even stick on the ‘fridge door and on the side of your monitor, just so you remember. Help make this a Scam-Free Christmas!

US-CERT Issues Warning about Cyber Shopping

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers.  Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

• Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
• Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
• Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

• Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.
• Keep software, particularly your web browser, up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
• Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information . Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
• Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
• Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information . Legitimate businesses will not solicit this type of information through email.
• Check privacy policies – Before providing personal or financial information, check the web site’s privacy policy. Make sure you understand how your information will be stored and used.
• Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock icon in the bottom right corner of the window.
• Use a credit card – Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can
  further minimize damage by using a single credit card with a low credit line for all of your online purchases.
• Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

This document can also be found at  on the US-CERT Website, HERE

The Internet Watch Foundation (IWF) is a UK-based Hotline for reporting illegal content. Specifically Child sexual abuse content hosted worldwide and criminally obscene and incitement to racial hatred content hosted in the UK.

It’s remit is to protect the citizens of the UK from illegal and offensive online content by allowing the public and IT professionals to report sites with potentially illegal online content. They work in partnership with the ISPs, law enforcement, government, the education sector, charities, international partners and the public to minimize the availability of this content.

They seek to find and report on child sexual abuse content hosted anywhere in the world and criminally obscene and incitement to racial hatred content hosted in the UK.

They use a ‘notice and take-down’ service which alerts ISPs to potentially illegal content on their servers and provide information to law enforcement partners in the UK and abroad.

As a direct result, less than 1% of child sexual abuse content, known to the IWF, has apparently been hosted in the UK since 2003, down from 18% in 1997.

As sexually abusive images of children are primarily hosted abroad, they provide a dynamic list of child sexual abuse URLs.

The IWF want web citizens, in the UK and abroad to report all and any content to them http://www.iwf.org.uk/reporting.htm

Scamdex is of the opinion that only community-led notification can help protect our children from being exposed to this obscenity and hopefully prevent children being exploited to feed this industry.

Report illegal Content

PhishTank.com – Anti Phishing Website!

Here’s the thing – from now on, ANY TIME you get an email that sends you to a PayPal/Bank of America/Google Adsense/eBay/your-bank-name site that you know is a scam site [that just wants your login/password/credit card/bank details] – immediately report it to PhishTank.com.

They are the database that many browsers and security firewalls automatically use – within seconds, millions of people are protected!.  To see if YOUR browser/network is using this service, try this url picked at random from Phishtank’s database this morning – http://bloccatoinlinea.net/

I use Firefox mainly and for me, I get a nice message like this:

Firefox Warns about visiting a Phishing Site

If you get ’straight through’ without any warnings then you need to seriously consider upgrading your browser to FireFox 3 or even the spiffy new Google Chrome.

Is it worth the effort of reporting it?

Trust  me , this isn’t the same as sending an email to abuse@hotwebsites-r-us.cn and hoping that something will happen – this is the real deal – Your submission goes into the Phishing database, people are invited to check your submission and vote on it (for or against) and (assuming it’s approved) one more scam website is defeated!

Once you’ve done it once, you might like to signup and join the band of selfless individuals who monitor, verify and discuss these things (look out for ’scamdex’!).

Good for your sense of moral outrage and good for the general public – help stamp out Phishing – go to Phishtank.com and sign up NOW!

The DNS Route to Scam Protection Online.

When you type in ‘www.scammingsite.com’ on your browser, a lookup is performed to translate the domain name into a unique address (IP Address) that all networked computers understand and which contains the path to the right server.


Your ISP will have given you two longish ‘numbers-separated-by-dots’ (eg. 207.44.123.28) to type in to your Network Settings. These are the Domain Name Servers (DNS) that your computer will use whenever you ask to go to a domain name.

Right? Well, never mind, just trust me on this one.

Wouldn’t it be great if, when you did the lookup/translate part, the result was filtered for Scams/Profanity/Pornography/Crime/Violence etc etc?

Well, by changing the DNS servers you use, you can have this great feature – for free, I may ad – and you (and your children/employees) can surf a little easier. No software to download, no subscriptions, no spam – it couldn’t be easier. Free, simple to do, free, great protection …. what more can I say other than if you don’t believe me, Click this button to find out why you need to change your DNS servers NOW!

(or, you can just change your DNS servers to 208.67.222.222 and 208.67.220.220 and get on with your life)

BTW, the same people who run OpenDNS.com also run an Anti-Phishing site called, amusingly, PhishTank

LifeLock, a provider of identity theft prevention services, has developed the nation’s first and only PROACTIVE identity theft solution designed to help PREVENT crimes before they occur. They back the service with a hefty $1 million guarantee.

The services they provide break down as:

1. They BLOCK your credit so only you can use it – They put alerts on your credit reports with all major credit bureaus. So, if anyone tries to do anything with your credit report, get new credit, change your address, expand credit lines, open a checking account, get insurance or utilities, and more, you will be called directly for approval first.
2. They back up their services a $1 million guarantee – If your identity is ever stolen, they will fix the problem and reimburse you up to $1,000,000 in financial losses.
3. Stop pre-approved credit offers, thus saving a few trees and helping to curb one of the most popular ID theft systems, getting a credit card from a trashed credit card offer – They say that they also reduce the amount of other junk mail to your home.
4. Ensure that things go smoothly when you apply for credit – they don’t give much detail on this point, but they also provide ‘free’ annual credit reports.
5. They even monitor your children’s identities.

LifeLock retails for $10 per month or $110 annually but you can get a 10% discount..$9/month or $99/annually if you signup from the Scamdex Site.

Scamdex approves of this product, especially in the case of elderly relatives, young adults and others at risk due to confusion or inexperience, both of which are the scammer’s stock in trade. If you’re worried about Granny wiring all her assets to a Nigerian Widow then I’d definitely take a look!