Wednesday, February 10, 2016

Will you pay 300$ and allow scamsters remote control to your computer ! child play for this BPO

Microsoft customers in Arizona were scammed by a BPO setup by fraudsters who’s executives represented themselves as Microsoft employees and managed to convince them that for a 300$ charge they would enhance the performance of their desktop computers. 

Once signed up, the BPO technician logged onto using a remote access software that provided full remote control over the desktop and proceeded to delete the trash and cache file, sometimes scanning for personal information. The unsuspecting customer ended up with a marginal improvement in performance. After one year of operation, the Indian police nabbed the three men behind the operation and eleven of their employees.

There were several aspects to this case “Pune BPO which cheated Microsoft Clients in the US busted” that I found interesting:

1)    The ease with which customers were convinced to part with money and to allow an unknown third party to take remote control over their computer. With remote control one can also install malicious files to act as remote backdoor or spyware making the machine vulnerable.
2)    The criminals had in their possession a list of 1 million Microsoft customers with updated contact information
3)    The good fortune that the Indian government is unsympathetic to cybercrime both within and outside their shores which resulted in the arrests. In certain other countries crimes like these continue unhindered.

Cybercitizens should ensure that they do not surrender remote access to their computers or install software unless they come from trusted sources.

Saturday, February 6, 2016

Three Must Do’s to make a Security Awareness Champion

Setting an example is the best way to institutionalize security awareness within a workplace or at home. Colleagues and children naturally follow examples set by champions as it makes it easy to mimic rather than spend time to self-learn. I found three important aspect to championing security awareness.

Be a role model

Cybercitizens champions take an active interest in being secure by keeping themselves updated and implementing security guidelines for the gadgets and services they use at home, for work and on the Internet. Knowledge on the do and don’ts of security for workplace system is normally obtained through corporate security awareness programs but for personal gadgets and services one needs to invest time to read the security guidelines provided by the service/product provider or on gadget blogs. Security guidelines provide information on the best practice to be used for secure configuration of gadgets, use of passwords, malware prevention and methods to erase data.  Besides security issues like password theft or loss of privacy, there is the possibility of becoming a victim of fraud when using ecommerce. Most ecommerce sites have a fraud awareness section to educate customers on the common types of frauds and on techniques to safeguard against them. Role models take pride in what they do and this passion becomes a source of motivation to others around them. A security champion delights on possessing detailed insights on how to use the best security features in gadgets (say mobile phones) or on recent security incidents.

Be a security buddy at your home

Telling people what to do to keep themselves secure online is difficult, primarily because security controls lower the user experience; as an example most people may prefer not to have a password or keep a simple one for ease of use. People tend to accept risk because they do not fully realize the consequences of a damaged reputation or the financial impact from the fraudulent use of credit cards until they or someone close, experiences its effects firsthand. Security champions act as security buddies at home. They take time to understand how their family members both young and old, use the Internet and to themselves learn about the safety, privacy and security issues related to those sites. Buddies perform the role of coaches, engaging in regular discussions on the use of these sites from a perspective of avoiding security pitfalls and the avoidance of risky behavior that may lead to unwanted attention from elements looking to groom children for sex or terrorism. Highlighting incidents of similar nature helps raise awareness of the reality of the risk.

Display commitment to security at your workplace

Small acts go a long way in promoting useful security behavior. A small security cartoon displayed on a work bench can immensely add to the corporate security awareness effort. Champions bring attention to the importance of security in business by bringing up security in routine business discussions; for example circulating insights into recent published security incident within a discussion group (leadership, business) and popping the security question “what if a customer security or privacy is affected” during project discussions.