The Cocoon Blog
The Internet as it should be: private, secure and virus free

The potential for you or me to become the next victim of cybercrime is something that we both need to think about. I’ve been a victim a few times and I can tell you that it is frightening to be on the short end of the cybercriminal stick.

My heart was pounding…

Late one afternoon (in early 2011) my bank balance appeared to be dropping fast, and the only connection I could see was that it involved Megaupload Limited and PayPal. I contacted both PayPal and the 800 number to my bank, but I honestly did not feel as though they were doing enough to resolve my situation. The theft was happening in real time! So I did the next best thing and jumped on Twitter and tweeted that an account using  Megaupload Limited was draining my bank account via paypal! (At that time my main bank account was still back east in New Hampshire).

Twitter can be used as a powerful forum to get your point across if you know who to tweet to and the correct hash(#) tag(s) to use. It wasn’t long before I was on the phone with managers from PayPal and the bank and all was made good again. A story like mine does not always end as sweetly.

The victims of cybercrime suffer…

For victims like Michelle Marsico who owns a small business based in Redondo Breach, California; logging into her bank account one day turned into her own personal horror flick when she realized that half a million dollars was hauled off by money mules. Cybercriminals will stop at nothing to get what they want and they do not care if they take your grandparents life savings or rob your child’s college fund. If the money is there and they can find a weakness in security, a vulnerability in a web app, or an open door that lets them in – your money will become their money.

According to Bloomberg Businessweek: Online banking fraud is primarily carried out in two ways. In a phishing attack, criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. The other modus operandi of online banking frauds is to install keystroke-logging malware.

Of course there are other banking attack vectors such as man-in-the-middle attacks, man-in-the-browser attacks, cross-channel attacks and pharming (Trojan horse/virus on the victim’s computer). At times Internet  threat possibilities can become quite overwhelming.

Time for the geek-gal stuff…

I use desktops with Vista and Windows 7, an iMac, a laptop (Win 7), a Linux server, an iPhone and an Android. I find myself layering different operating systems with whatever flavor works for me. On Windows and iMac I generally use Cocoon in varying capacities and also use Cocoon on my iPhone as my primary browser of choice. On my Linux machine I am mainly inside my terminal and rarely use a browser. If I am on public Wi-Fi – Cocoon is my top choice for browsing the Internet.

I also find times that I use other services such as TorProject, Abine, and Hotspot Shield. It all depends upon the nature of what I need to do online when I am away from home or traveling. I am a very strong advocate of Internet security and privacy and appreciate having a multitude of online tools to choose from!

In a nutshell…

 There is no all-in-one solution for online privacy and security. 2012 is the year of layering. We are at a point in our digital lives where we need to steer the ship away from the hacker-reef. We need to take account of all of the solutions that are currently available to us for online security and privacy and utilize them via layering so that we can enjoy our online experience instead of fearing it.

A little bit of Cocoon history…

Cocoon began in 2008 with co-founders Jeff Bermant and Brian Fox. Jeff had a really bad experience when his server was toasted by a virus that spammed friends and colleagues with 30K messages a day. CTO, Brian Fox – (we all know him as the original author of the GNU Bash shell) teamed up with Jeff and founded GetCocoon from Virtual World Computing (VWC). In October, 2011 – Vernon Irvin, became the President and COO of VWC – and continues to nurture and lead the Cocoon service into avenues that will protect us and the most vulnerable  among us- our children, teenagers and grandparents.

How did ‘Teksquisite’ enter the mix…

The VP of Marketing, David Washburn approached me on Twitter in early 2011, possibly around the time I was tweeting about my PayPal account dilemma! I agreed with their company vision and have consulted with them since January 2011. They are a great team and work really hard to bring online privacy and Internet security to everyone. It is not always an easy endeavor.

Stay tuned for more cybercrime blog posts soon

My question to you: How do you stay safe online?

During the past decade social networking sites have become optimal grazing grounds for cybercriminals to easily target large pools of victims. With the free flow of personal information cybercriminals easily digest all this social data and devise targeted attacks that prey on consumers using social engineering tactics and sensationalism.

One of the biggest crowd enticers on Facebook is for the cybercriminal to produce an unbelievable video, rogue app or viral link that can be shared with a large number of users. The idea is to perpetuate a continuous bombardment of shared content that can spam the wall or messaging system of the original victim, their friends and even friends of friends.

This content is generally socially engineered to convince the victim to download a fake video viewer (in order to view that fabulous video), take a scam survey via a rogue app in order to win an iPad 3 or share a link that is infested with several redirects until it arrives at a malicious website.

Sophos Senior Technology Consultant, Graham Cluley once termed this type of cybercriminal behavior as “Jaa (Finnish for share),” because the scammers want you to share their links far and wide with your family and all of your friends in order to propagate their scams.

Social media behavior

Javelin’s 2012 Identity Fraud Report examined social media behavior amongst U.S. adults and found that certain conduct posed much higher risks of fraud. It comes as no surprise that consumers with publicly viewable social media profiles are at much higher risk to identity fraud than those without. According to Javelin, nearly half of people with public profiles share the entirety of their birth date information. Furthermore, large amounts of said population also share the name of their high school, their phone number, and even their pet’s name. These details can be dangerous in the wrong hands as they tend to be information that secure websites use to verify one’s account information.

Think before you “share” or “like”

Posting too much information in status updates can pose unintended consequences. Cybercriminals  often prey on social networking sites looking for ways to steal identities and to target well-devised scams that often sound too good to be true.

Going on vacation? Create a private group of close friends and family to share this with and never post it in your status updates to all your friends.  Other unsavory characters may be lurking on your friend’s pages and your home could get burglarized.

Are you thinking about “liking” that Facebook app or link that has gone viral on all your friend’s walls? You may want to think twice about that as well! There are many cybercriminals stirring the share/like pot, wishing your participation in the spread of their scams in order to further their own agenda.

Be sure to check back tomorrow for some important tips on protecting yourself before you “share” or “like” again.

The Internet has long been a place where people from the furthest corners of the planet meet to conduct their necessary or not-so-necessary business. Despite the wide range of uses the web provides, its abundant users remain infinitely diverse in technical ability. Cyber criminals will stop at nothing to find the perfect candidate for theft. Everything from the technically un-savvy to the cash-heavy to the flat out reckless is observed, analyzed, and targeted. Fraudsters have found that seniors who use the Internet are often more likely to fit the criteria they’re looking for in their next victim.

A 2010 study conducted by Infogroup/ORC found that 1 in every 5 Americans over the age of 65 has already been victimized by financial fraud. According to the Bureau of Justice Statistics, more than 1 million seniors were targeted by identity thieves in 2010.

The FBI has made various determinations in assessing the root of the issue, some of which include:

• Seniors tend to be more trusting, which increases their likelihood of being   scammed.
• They are known to be less tech-savvy, which increases their chances of being   targeted by identity thieves and other cyber criminals.
• They’re more likely to have equity, which makes them a desirable target.

Aside from following some of the guidelines highlighted in part 6 and part 7 of our “Online Pickpockets” blog series, you can check out the FBI’s extensive list of tips to consider while browsing the web.

Retirees are particularly vulnerable as they’ve often ceased production of capital and rely solely on their savings. It’s time to wake up and protect what so many have worked their whole lives to create. In the year and a half since the Infogroup study was conducted, the number of seniors victimized by online fraud has undoubtedly grown. We need to educate those who are new to the Internet, and preserve the nest eggs of targeted seniors.

You’ve heard of phishing attacks by now. We touched on some of the facts about these kinds of scams and discussed Norton’s claim that of the 12,000 or so people surveyed in 2011, roughly 10% admitted they have been the victim of a phishing attack in the last year.

Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.

Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day. It’s important to check the URL of any website you visit before giving up personal data. A website’s privacy policy will often tell you which information they may ask you, and what types of data they collect on you.

The more information a cybercriminal gains about someone, the easier it becomes for them to obtain login information, bank account credentials, social security numbers and so on. You’d be surprised how many people are susceptible to hacks just by what is publicly available online, coupled with some common sense. This is further proof of why it’s so important to remain vigilant when shopping, banking, and browsing online.

Check back with us soon for Part 6 of our pickpocket series.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Part 4: The Online Pickpockets of The World Wide Mall

Part 5: The Online Pickpockets of The World Wide Mall

You’ve read all about the risks of shopping online and by now even heard of some of the questionable solutions that are being considered by the U.S. government. Only now, you find yourself sitting at your local cafe taking advantage of that free WiFi. You’re frantically searching the Internet for an affordable gift to give your loved one for their birthday next week. Credit cards in hand, you write to friends on Facebook asking them for any last-minute advice before you make a purchase, and…STOP! Haven’t we taught you anything?

Not only are there a ton of things that could go wrong with your unsecured shopping experience, but anything else requiring private login information while you’re on that free WiFi (i.e. social networking sites) connection. This is precisely the type of situation that could lead to identity theft, access to files on your computer’s hard drive, or full disclosure of any private information you send and or receive over the network.

A common approach to intercepting private data and opening the door to identity theft is the Man In The Middle Attack. In the past, free programs like Firesheep have made it possible for even less tech savvy people to perform such an attack. The program could, for instance, hijack an active Facebook, Twitter, or even bank account session if the victim is using an unencrypted network. This applies to many of your online accounts, so think about it before logging on Facebook or making a purchase on public WiFi.

Using websites that utilize HTTPS (rather than standard HTTP) may help you in some scenarios, but this remains limited. While on Facebook, check the address bar to make sure you see “https” and not just “http”. If you are not in https mode, check your Facebook Preferences page and make the change.

If you’re using Firefox, it is recommended that you do not use the browser’s built-in password saving tool, because it is unencrypted to anyone who has access to your computer. To see any of the passwords that Firefox has saved for you, simply go to your Firefox Preferences in the Firefox menu; click on the Security tab; then go to ‘Saved Passwords’ in the bottom right corner. Once there, all that’s needed to show your full passwords is to highlight a website and click ‘Show Passwords’. If you have passwords saved, we recommend deleting them while in this menu.

Check back with us soon to find out more about phishing attacks, and how you can protect yourself from them. We’ll also show you some of the ways Cocoon can help secure and protect you should you find yourself on an open WiFi network, browsing from home, and more.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Part 4: The Online Pickpockets of The World Wide Mall

We have taken a look at some of the ways commerce has evolved over the past decade, and the raw numbers that have emboldened the movement.  A worldwide surge of online espionage and crime has led initiatives by criminals, governments, and corporations into action. Each entity is striving to steal from, protect, and take advantage of the expanding scale to which online crime has tipped. It has become clear who’s after our money, but then who will protect us in this time of need?

Here in the United States, our government has become aware of the issue of online privacy and security, and Senate talks are rampant on the subject. The recently proposed Cyber Security Act of 2012 is being considered as a centralized means of reducing the problem. Critics argue that the Act is expensive and poses a threat to online privacy. The Act would essentially put the job of fighting cybercrime in the hand of the Department of Homeland Security, and would introduce a slew of new expenditures for big companies such as Google and Amazon.  Whether or not the Act would truly reduce the amount of cybercrime in the U.S. is unknown, but our privacy could likely suffer.

The age old argument of government regulation versus the private sector reinforcement certainly rings true to cybercrime today. What we can be sure of, however, is that public education remains a win-win for everyone, everywhere. Be sure to check back here tomorrow for some tips on how to stay safe on your own accord.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Brick and mortar shops are seeing their fair share of Internet usage too. If you’re old fashioned like I am, you probably still enjoy browsing the tactile selection of merchandise at your local mall or boutique. This sensation, however, is supplemented by the ability to pull out your mobile device and draw comparisons with online vendors, review forums, and so on.

According to the Pew American & Internet Life Project , 2012, 52% of adult Smartphone owners use their device while in a store to get help with purchasing decisions. During the 2011 holiday season, PayPal reported that more than 67 percent of consumers planned to make a purchase using a mobile device.

It should come as no surprise that many shoppers will make purchases using their mobile devices while visiting their local mall or shopping center. With mobile shopping trends following closely in the footsteps of desktop consumerism, we’ll be seeing a major increase in the number of cyber criminals victimizing mobile consumers.

So, as the waning waters of Internet safety reveal new weaknesses in the online marketplace, we’re left wondering: who will police this mall? We’ll take a look at some of the burgeoning options in our next post.

Be sure to check back here next week for Part 4 of our Pickpocket Series.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

The Norton Cybercrime Report 2011 surveyed over 12,000 adults in 24 countries last year, and obtained some rather shocking results. Each day of the past year, the study suggests, over 1 million online adults in these 24 countries experienced cybercrime. The study determined the majority (54%) of those cases to be malware or virus attacks. The Second and third leading causes were online scams (11%) and phishing (10%), respectfully.

Norton estimated that the total bill for cybercrime in these 24 countries over the year in case was roughly $388 billion, which included time needed to recover. This astonishing amount nearly matches the entire illegal drug trade for that same period of time.

It is said that something like 1 in 10 US consumers have already been victimized by identity theft (Frugal Dad). A growing variety of methods are being implemented by criminals in order to achieve such results. Some of these methods include phishing scams, man-in-the-middle attacks, spyware, malware, keystroke logging, botnets, and viruses.

Trojan Horses have been known to trick users into installing them by masquerading as legitimate software packages. Malware, however, can be delivered via drive-by downloads through a website you trust, all without your knowledge. The Zeus malware platform in late 2010, for instance, would use infected computers to form a botnet where it would then target holiday shoppers. Zeus used man-in-the-middle attacks socially engineered to get Macy’s and Nordstrom account holders to reveal sensitive information online (CSO Online). Once a consumer has handed over their private information, cyber criminals can then use it to steal the victim’s identity, commit fraud, and more.

Be sure to check back here tomorrow for Part 3 of our Pickpocket Series.

Part 1: The Online Pickpockets of the Worldwide Mall

Attention shoppers, the mall will be closing in, well, never. The times are changing, and consumerism is far from waning. Your local brick and mortar shops are struggling to keep their doors open; meanwhile, online commerce continues to grow at an alarming rate.

In the UK, for instance, online retailers saw sales nearly double the week before Christmas 2011 when compared to the same week one year prior, according to MetaPack. Similarly, e-commerce revenue continues to see exponential growth as online shopping grows. Total revenue in 1996 was $600 million, compared to roughly $680 billion in 2011, and climbing to an estimated trillion plus dollars by 2014 (Techcrunch).

Whilst online retailers gleefully reap the benefits of these numbers, another kind of beneficiary watches from the shadows of the Internet. We’re talking about “cybercriminals”, and they aren’t looking at numbers, but rather the increasingly large flow of money being exchanged between individuals and their trusted servers. These are modern day pickpockets, and they’re here to stay.

Be sure to check back here tomorrow for Part 2 of our Pickpocket Series.

Part 2: The Online Pickpockets of the World Wide Mall

By Blake Bronstad

Commerce in today’s world pushes convenience like never before. With more and more businesses encouraging the use of their services online, consumers are offered increasingly attractive options in which they may stay productive on the Internet. Where the people go, so does the money; and where the money goes, criminals will follow. Just as the online community is growing and evolving, so is the world of cybercrime.

Cybercriminals are sharpening their tools and improving their methods, and the proof is out there. Last year’s breach of Sony’s Playstation Network brought the issue to
headlines around the world. The more recent hacking of online shoe retailer, Zappos proved to be yet another example of why online consumers need to protect themselves and stay alert. The retail giant had to alert its nearly 24 million customers of a data breach that exposed various personal details related to their online accounts. This data ranged from names, email address, and billing addresses to the last four digits of customers’ credit cards.

So, why do criminals want this information and what do they do with it? The answer is simple: the underground network of data mining works similar to that of the advertising and data mining companies, except they run on a more malicious, less legal level. Rather than tracking your online whereabouts and selling that information to ad companies, these cybercriminals are going straight for the vitals. Names, email addresses, physical addresses, credit card numbers, and so on are mined through various techniques and sold to the highest bidder. In the case of Zappos’ customers, the hackers that infiltrated their data likely sold it to spammers, botnet operators, and identity thieves and other organized underground networks. Each one of these crime rings is capable of making that stolen data even more profitable than those before them.

By now, it should be obvious why so many people are after your data: there’s lots of money to be made and spread throughout the rings. There is an equally daunting amount of methodology and technology that goes along with this need for harvesting data. Phishing is a common technique employed by identity thieves because it allows them to simply ask you for your private information directly. This may sound absurd, but phishing scams are becoming all the more elaborate with each passing year. Cyber criminals have nearly perfected the art of impersonating websites that you trust and doing everything from sending fake emails to creating rogue, but identical web pages. Fabricated forms request that you fill out what you believe to be a legitimate corporate request, instead you’re essentially handing phishers your personal data first hand. Once they have the information, they can choose to sell it or steal your identity. It happens every day, and phishers will succeed in accessing bank accounts and making fraudulent purchases on behalf of countless phishing victims.

In addition to phishing scams, hackers have developed more elaborate ways to use and abuse you. Malware, or malicious software, can be downloaded to your computer or smartphone without your knowledge. This software can be dropped on your machine when you visit an infected web page, and does not require you to click on anything. Some of the more dangerous types of Malware can install keystroke-tracking software on your machine that records each stroke of the keyboard and tell hackers anything you’ve entered (think bank account passwords, usernames, social security numbers, etc.). Botnet operators can install malware to a victim’s computer and use it to spread spam, malware, and more.

With each new convenience, comes a new scam. This is exactly why more people are finding it necessary to protects themselves online just as they’d cover their PIN while using a cash machine or lock their homes when they go to work. Using Cocoon can instantly hinder many of the aforementioned attempts on your identity and data. Cocoon Mailslots is an easy way to make sure that hackers do not gain access to your real email address, which in turn can save you from spam and many potential phishing campaign attempts. Browsing the Internet through Cocoon’s secure proxy servers will keep any unwanted malware from attaching itself to your system, which may save you from having your identity stolen or worse.

You’re walking down a dangerous street; why not make yourself invisible to thieves?