The Cocoon Blog
The Internet as it should be: private, secure and virus free

Cyber Monday in the United States is the first Monday after Black Friday and is another major busy American shopping day. Cyber Monday follows hot on the heels of Black Friday and is also a time when cybercriminals, Identity thieves, malware writers, and online scam artists push their unsavory code and wares on unsuspecting online shoppers.

With Cyber Monday less than five days away, it is time to take note of the online shopping scams that will pop up immediately after Black Friday. When shopping online you should always use legitimate and familiar web sites, use SSL encryption (HTTPS with a padlock icon), never shop using unsecured WiFi, and avoid shopping on public computers.

The Cocoon Top five Cyber Monday Scams that you should avoid next week:

1-SEO (Search Engine Optimization) Poisoning

According to Jovi Unawing of GFI Labs: “Black Friday and Cyber Monday are among the most targeted holidays for malicious scams. The volume of product searches and online transactions that take place during these few days creates an opportunity for cybercriminals to target online shoppers with SEO poisoning, malicious links on social media sites, phishing scams and other attack methods.”  - Computer World

Be aware that searching for “Cyber Monday Deals” can become dangerous when utilizing a search engine to locate these awesome deals! Generally, malicious and fraudulent sites will not appear on the first 5-10 pages of a search engine query.

 Nielsen conducted research looking at over five million shopping sessions and the search terms used in those sessions and found one in five bargain hunters (American and European) wound up on sites selling counterfeit goods. The ones who were taken to the rogue sites had searched terms like “cheap,” “discount” and “outlet”.  - Andrea Smith | Mashable

2-Phoney E-tailers

Hackers and scammers create fraudulent websites that officially have the look and feel of the real deal. Make sure that the web link that you are conducting business on is legitimate. Anyone who has their own domain can create sub-domains that sound like a well respected domain, such as dell.anydomain.com. The dot before anydomain.com is a subdirectory and is not a legitimate dell.com site. Thus, a subdomain such as cyberMonday.dell.com is legitimate where a subdomain called Dell-cyberMonday.anydomain.com is not.

The BBB recommends avoiding offers on websites that sound too good to be true, only shop on trustworthy sites, and be sure to verify an “unknown” seller’s reputation and record at the BBB site prior to considering an online purchase.

3-Email Phishing Scams

You receive an exclusive “Cyber Monday Discount” offer in an unsolicited email. Never click the link in  an unsolicited email or give out your credit card information. Clicking on an “exclusive discount” link could compromise your computer, download malware, and steal your personal information.

Problems with an online order? Don’t believe it. Pick up the phone and call the company!

4-Hacked Social Media  Accounts

I’ve seen myriad social media accounts hacked during the past week. Hacked Twitter accounts tend to send direct messages to followers that contain a malicious link designed to steal your personal information or to compromise your computer.

On Facebook, it is generally a rogue app that promises a really cheap iPad or some other popular electronic device that appeals to the masses. A rogue direct message or fraudulent post on your Facebook timeline could come from someone you know and trust.  Friends and trusted companies can get hacked on social media- so stay vigilant and be cautious when you receive messages that seem too good to be true.

5-Avoid Mobile Fake Apps

With so many people using mobile apps to shop online this year – use your mobile device and shop smart! Only download apps that come from a legitimate source such as the App Store or Google Play.

Adobe said that on Black Friday, consumers are expected to use their tablets and phones to shop more than any other day of the year with 24% of online visits projected to come from mobile. Overall, sales from tablets are expected to make up almost 14% of total sales, while smartphones will make up about 6.5% and other devices such as e-readers will constitute 1%. -Nasdaq

Since Cyber Monday is also a major American online shopping day – we can anticipate that tablets and phones will perhaps be comparable to the Black Friday Adobe statistics listed above.

*Bonus Online Shopping Tips

-Never forget the year of 2012 when hackers breached numerous online databases. Instead of saving your private information on shopping sites – enter as a “guest” or enter your credit card information for a one-time-purchase only.

-Never subscribe to “additional offers” or allow your personal information sent to third party partners or you may end up with your private information appearing on sites such as Spokeo.com

-Never use debit cards to make online purchases because they are connected to your bank account. Instead use a dedicated credit card or use a re-loadable, prepaid credit card.

-Use Cocoon on iOS to stay safe on public WiFi

We would love to hear some of your Cyber Monday shopping tips, so be sure to leave us a comment! You can also visit us on Twitter and Facebook. 

 

 

You’ve heard of phishing attacks by now. We touched on some of the facts about these kinds of scams and discussed Norton’s claim that of the 12,000 or so people surveyed in 2011, roughly 10% admitted they have been the victim of a phishing attack in the last year.

Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.

Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day. It’s important to check the URL of any website you visit before giving up personal data. A website’s privacy policy will often tell you which information they may ask you, and what types of data they collect on you.

The more information a cybercriminal gains about someone, the easier it becomes for them to obtain login information, bank account credentials, social security numbers and so on. You’d be surprised how many people are susceptible to hacks just by what is publicly available online, coupled with some common sense. This is further proof of why it’s so important to remain vigilant when shopping, banking, and browsing online.

Check back with us soon for Part 6 of our pickpocket series.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Part 4: The Online Pickpockets of The World Wide Mall

Part 5: The Online Pickpockets of The World Wide Mall

 

The Norton Cybercrime Report 2011 surveyed over 12,000 adults in 24 countries last year, and obtained some rather shocking results. Each day of the past year, the study suggests, over 1 million online adults in these 24 countries experienced cybercrime. The study determined the majority (54%) of those cases to be malware or virus attacks. The Second and third leading causes were online scams (11%) and phishing (10%), respectfully.

Norton estimated that the total bill for cybercrime in these 24 countries over the year in case was roughly $388 billion, which included time needed to recover. This astonishing amount nearly matches the entire illegal drug trade for that same period of time.

It is said that something like 1 in 10 US consumers have already been victimized by identity theft (Frugal Dad). A growing variety of methods are being implemented by criminals in order to achieve such results. Some of these methods include phishing scams, man-in-the-middle attacks, spyware, malware, keystroke logging, botnets, and viruses.

Trojan Horses have been known to trick users into installing them by masquerading as legitimate software packages. Malware, however, can be delivered via drive-by downloads through a website you trust, all without your knowledge. The Zeus malware platform in late 2010, for instance, would use infected computers to form a botnet where it would then target holiday shoppers. Zeus used man-in-the-middle attacks socially engineered to get Macy’s and Nordstrom account holders to reveal sensitive information online (CSO Online). Once a consumer has handed over their private information, cyber criminals can then use it to steal the victim’s identity, commit fraud, and more.

Be sure to check back here tomorrow for Part 3 of our Pickpocket Series.

Part 1: The Online Pickpockets of the Worldwide Mall

Attention shoppers, the mall will be closing in, well, never. The times are changing, and consumerism is far from waning. Your local brick and mortar shops are struggling to keep their doors open; meanwhile, online commerce continues to grow at an alarming rate.

In the UK, for instance, online retailers saw sales nearly double the week before Christmas 2011 when compared to the same week one year prior, according to MetaPack. Similarly, e-commerce revenue continues to see exponential growth as online shopping grows. Total revenue in 1996 was $600 million, compared to roughly $680 billion in 2011, and climbing to an estimated trillion plus dollars by 2014 (Techcrunch).

Whilst online retailers gleefully reap the benefits of these numbers, another kind of beneficiary watches from the shadows of the Internet. We’re talking about “cybercriminals”, and they aren’t looking at numbers, but rather the increasingly large flow of money being exchanged between individuals and their trusted servers. These are modern day pickpockets, and they’re here to stay.

Be sure to check back here tomorrow for Part 2 of our Pickpocket Series.

Part 2: The Online Pickpockets of the World Wide Mall

Maybe you noticed the big news recently that Google will “allow” people to opt-out of having their Wi-Fi access point (AP) information and location added to a database that the company uses to track people on cell phones. Heralded as a concession to European privacy laws that would be extended to the United States “sometime this fall,” the announcement by Peter Fleischer, the Google global privacy counsel, actually underscores just how much the Internet privacy discussion is being framed by those who profit from harvesting our personal information.

Once again, the norm for big business is to place the onus on individuals to opt-out of being tracked and allowing our information to be inventoried. This is routinely done as ad networks sell personal user profiles to advertisers, but this is a new twist. Google is now using your Wi-Fi signal to help them sell location-based advertising. It’s one thing when Gmail users pay for Google’s email service by allowing their email to be analyzed for advertising value – after all you get the email service for free – but Google using your personal Wi-Fi information isn’t providing you ANY benefit!

Google is exploiting the fact that you can’t keep your Wi-Fi signal within your walls. Would it be OK for a company to use high tech listening devices to listen to conversations it could hear through your walls and show you advertising based on your conversations?

First, the idea that owners of wireless routers are offered an opt-out option illustrates two of the major issues. Individual consumers have no idea how Google uses these systems to track their every move, and there’s little reason for the company to educate them because it has not needed anyone’s permission to track them. Many would argue that Google should offer an “opt-in” option, and then convince people that the service benefits them somehow.

 The move also illustrates just how much Europe is leading on the privacy issue. Especially in Germany and France, where regulators have challenged Google’s mapping services and the company is back-peddling rather than face real investigation. For example, Europeans are just now demanding that they can have images of their home blanked out on Google Street View, and it may eventually be an option in the U.S.”later this autumn.” That clearly illustrates just how far we still have to go to protect our privacy.

The fact is that businesses who make money off our information in an opt-out world argue that “it’s easier to ask forgiveness than to seek permission.” I’m sure that’s true, just as I’m sure they will continue to harvest, package and profit from our private lives for just as long as we let them.

Jeff Bermant
Co-Founder, Cocoon
™ Virtual World Computing
Santa Barbara, California
www.GetCocoon.com

After malware crashed his computer systems disrupting his business on several occasions, Jeff Bermant co-founded Virtual World Computing with Brian Fox to develop the Cocoon™ service, an all-in-one plugin that provides secure, virus-free and private online browsing.

When using a service or product from a company that deals with Internet security and privacy it is important that the resource be credible, competent and trustworthy. Terms of Service (TOS) and the site Privacy Policy should be easy to read and transparent. There should be no guess work in a privacy policy and that is why we take great pride in providing a very short and succinct Privacy Policy.

The core business model of Virtual World Computing (VWC) is built on ensuring the highest levels of privacy and security and protection. The company’s flagship product -  Cocoon   provides consumers with a better way to browse with greater privacy protection, computer security and browsing convenience. Cocoon puts the user in control of the Internet experience by ensuring that their computer and personal information are protected from malicious attacks, unwanted spam or phishing, cookie tracking and many other invasions of privacy. [Source]

The people behind Cocoon

Jeff Bermant, Founder & CEO: Jeff had the simple yet powerful idea of protecting his privacy and his computer by accessing the Internet through a browser running on a remote PC. The seed of that idea grew into Virtual World Computing and the Cocoon™ service. Jeff is an entrepreneur by nature.

Brian J. Fox, Founder & CTO: Brian was employee #1 of the Free Software Foundation GNU, and wrote the BASH shell that runs on virtually every Mac and Linux machine out there.

Marvin Minsky, Advisory Board: Professor of Media Arts and Sciences and Professor of EECS, MIT. A pioneer of artificial intelligence (AI) and one of the most important cognitive scientists of the century. Marvin pioneered advances in mathematics, computational linguistics, optics, robotics and telepresence. He built SNARC, (Stochastic Neural Analog Reinforcement Calculator), the first neural network simulator, and founded MIT’s AI Lab.

We believe the key problem with both security and privacy online is the accessibility current browsers allow to your computer. Wether it’s cookies or executable code you should have control over what has access to your hard drive. The traditional anti-virus solution of dealing with viruses after after they’ve reached your computer is wrong. We want to stop them from ever getting at your data. So, the core concept behind Cocoon is to keep the Net at arms distance from your hard drive and your computer.

Our business is to protect your privacy and security – if we don’t do that we don’t have a business – so we take Internet security and privacy seriously.