Holiday Shopping Tips

November 23 2012 by admin in Uncategorized |Comments Off

The FBI continues to remind shoppers to be wary of Internet fraud during the holiday shopping season. Scammers use many techniques to deceive potential victims, including creating fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, selling fraudulent or stolen gift cards through auction sites at a discounted price and using phishing e-mails to advertise brand-name merchandise for bargain prices or e-mails to promote the sale of merchandise that is counterfeit.

In advance of the holiday season, the FBI, in partnership with the Merchant Risk Council (MRC), would like shoppers to be informed of the common scams that affect consumers and E-commerce. The MRC is an organization that works to increase networking and information sharing among merchants to better enable members to successfully fight online fraud.

Purchasing any new product or gift card on an auction or classified advertisement site where the price is significantly lower than any sale prices in retail outlets

Many of these sellers, especially for gift cards and tickets, have purchased these items with a stolen credit card. Most likely, the gift card or ticket will be deactivated by the time the recipient uses the card or ticket.

Never provide credit card numbers, bank account information, personally identifiable information or wire money to a person who advertises items on these sites at a too good to be true price. Many times, fraudsters will post a popular item to obtain this information, and the goods will never be mailed, but your card or identity will be used fraudulently later. If you make a purchase from these sites, we encourage you to check a seller’s ratings and feedback to ensure he or she is reputable.

Phishing and scam e-mails, text messages or phone calls

Many times, e-mails, texts or phone calls will look or sound like they are coming from a well-known retailer, stating a need to “verify” the full credit card number you used for a purchase or ask you to click a link to update personal account information. If you receive an e-mail that asks you to click a link to verify information, delete it. Type the retailer’s or financial institution’s website into a browser to log into your account. If the fraudster is insistent, ask him or her to read you the card number first or ask to call back. If it is a legitimate call, the company representative will have no problem with your calling back through the customer service line.

“One Day Only” websites featuring the sale of a “hot item”

During the holiday season, there will be an increase in websites created to sell specific items in high demand. Typically, the cardholders never receive the product, but the credit card information they entered is used for fraudulent purchases. It is important to only make purchases with companies and sellers who have a history and can be identified when searching reviews and ratings.

Postings of popular items for free or drastically reduced prices

There are many gift card offers on social media sites claiming to be from major retailers. These offers are typically used to gain access to consumers’ social media accounts either to log in to other accounts you may have tied to this account or to post illegitimate offers on your behalf. Purchasing an item at a reduced rate based on a posting from someone you do not know can often lead to a credit card compromise or the purchase of a counterfeit item.

“Work from home” offers, to act as a private reshipper, often fronting the shipping costs on behalf of the fraudster

Offers to work from home to reship items to another country or another person often means the goods were purchased with stolen credit cards. Having these goods shipped to your home and sending them to another person could have legal implications. Also, many times the money promised for completing this service is never paid. These scams can sound legitimate at first, so be leery of anyone offering a lot of money for a simple task.

Remember, if an offer seems too good to be true, it probably is. Consumers are urged to be very skeptical of people offering a great deal outside of any established retail business.

Tips

Here are some tips you can use to avoid becoming a victim of cyber fraud:

Do not respond to unsolicited (spam) e-mail.
Do not click on links contained within an unsolicited e-mail.
Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
Avoid filling out forms contained in e-mail messages that ask for personal information.
Always compare the link in the e-mail to the link you are actually directed to and determine if they actually match and will lead you to a legitimate site.
Log on directly to the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
Contact the actual business that supposedly sent the e-mail to verify if the e-mail is genuine.
If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
Verify any requests for personal information from any business or financial institution by contacting them using the main contact information.
Remember if it looks too good to be true, it probably is.

To receive the latest information about cyber scams, go to the FBI website and sign up for e-mail alerts by clicking on the red envelope labeled “get FBI updates.” If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.IC3.gov. For more information on e-scams, visit the FBI’s New E-Scams and Warnings webpage at http://www.fbi.gov/scams-safety/e-scams.

Be Aware Of Smartphone Malware

November 23 2012 by admin in Uncategorized |Comments Off

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.

Safety tips to protect your mobile device:

When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
Review and understand the permissions you are giving when you download applications.
Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
Avoid clicking on or otherwise downloading software or links from unknown sources.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.

If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

Avoiding Black Friday Scams

November 22 2012 by admin in Uncategorized |Comments Off

FBI Tips on Avoiding Internet Fraud:

 

Tips for Avoiding Internet Auction Fraud:

  • Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller’s obligations are before you bid.
  • Find out what actions the website/company takes if a problem occurs and consider insuring the transaction and shipment.
  • Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located.
  • Examine the feedback on the seller.
  • Determine what method of payment the seller is asking from the buyer and where he/she is asking to send payment.
  • If possible, purchase items online using your credit card, because you can often dispute the charges if something goes wrong.
  • Be cautious when dealing with sellers outside the United States. If a problem occurs with the auction transaction, it could be much more difficult to rectify.
  • Ask the seller about when delivery can be expected and whether the merchandise is covered by a warranty or can be exchanged if there is a problem.
  • Make sure there are no unexpected costs, including whether shipping and handling is included in the auction price.
  • There should be no reason to give out your social security number or driver’s license number to the seller.

Tips for Avoiding Non-Delivery of Merchandise:

  • Make sure you are purchasing merchandise from a reputable source.
  • Do your homework on the individual or company to ensure that they are legitimate.
  • Obtain a physical address rather than simply a post office box and a telephone number, and call the seller to see if the telephone number is correct and working.
  • Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that utilize free e-mail services where a credit card wasn’t required to open the account.
  • Consider not purchasing from sellers who won’t provide you with this type of information.
  • Check with the Better Business Bureau from the seller’s area.
  • Check out other websites regarding this person/company.
  • Don’t judge a person or company by their website. Flashy websites can be set up quickly.
  • Be cautious when responding to special investment offers, especially through unsolicited e-mail.
  • Be cautious when dealing with individuals/companies from outside your own country.
  • Inquire about returns and warranties.
  • If possible, purchase items online using your credit card, because you can often dispute the charges if something goes wrong.
  • Make sure the transaction is secure when you electronically send your credit card numbers.
  • Consider using an escrow or alternate payment service.

Tips for Avoiding Credit Card Fraud:

  • Don’t give out your credit card number online unless the site is a secure and reputable. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but provides some assurance.
  • Don’t trust a site just because it claims to be secure.
  • Before using the site, check out the security/encryption software it uses.
  • Make sure you are purchasing merchandise from a reputable source.
  • Do your homework on the individual or company to ensure that they are legitimate.
  • Obtain a physical address rather than simply a post office box and a telephone number, and call the seller to see if the telephone number is correct and working.
  • Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that utilize free e-mail services where a credit card wasn’t required to open the account.
  • Consider not purchasing from sellers who won’t provide you with this type of information.
  • Check with the Better Business Bureau from the seller’s area.
  • Check out other websites regarding this person/company.
  • Don’t judge a person or company by their website. Flashy websites can be set up quickly.
  • Be cautious when responding to special investment offers, especially through unsolicited e-mail.
  • Be cautious when dealing with individuals/companies from outside your own country.
  • If possible, purchase items online using your credit card, because you can often dispute the charges if something goes wrong.
  • Make sure the transaction is secure when you electronically send your credit card number.
  • Keep a list of all your credit cards and account information along with the card issuer’s contact information. If anything looks suspicious or you lose your credit card(s), contact the card issuer immediately.

Tips for Avoiding Investment Fraud:

  • Don’t judge a person or company by their website. Flashy websites can be set up quickly.
  • Don’t invest in anything you are not absolutely sure about. Do your homework on the investment and the company to ensure that they are legitimate.
  • Check out other websites regarding this person/company.
  • Be cautious when responding to special investment offers, especially through unsolicited e-mail.
  • Be cautious when dealing with individuals/companies from outside your own country.
  • Inquire about all the terms and conditions.

Tips for Avoiding Business Fraud:

  • Purchase merchandise from reputable dealers or establishments.
  • Obtain a physical address rather than simply a post office box and a telephone number, and call the seller to see if the telephone number is correct and working.
  • Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that utilize free e-mail services where a credit card wasn’t required to open the account.
  • Consider not purchasing from sellers who won’t provide you with this type of information.
  • Purchase merchandise directly from the individual/company that holds the trademark, copyright, or patent.

Tips for Avoiding the Nigerian Letter or “419” Fraud:

  • Be skeptical of individuals representing themselves as Nigerian or foreign government officials asking for your help in placing large sums of money in overseas bank accounts.
  • Do not believe the promise of large sums of money for your cooperation.
  • Guard your account information carefully.

Why Did Israel Murder Hamas’s ‘Chief of Staff’

November 15 2012 by admin in Uncategorized |Comments Off

GAZA — Israel has both admitted and denied murdering members of Hamas. Is Israel taking the lead from the United States and President Obama? The United States of America has started behaving exactly like the terrorists they seek to destroy. Sometimes the US gets their target, such as, Saddam Hussein or Osama bin Laden. Sometimes the US kills wedding ceremonies and children. In the most recent Israeli murders, they too killed at least two children.

Beware that you do not become that which you loath.

 

NEWS SOURCES

 

FROM THE JERUSALEM POST:
OPERATION PILLAR OF DEFENSE
Gazans fire 90 rockets; cabinet approves reserve call-up
IDF assassinates Hamas terror chief Ahmed Jabari and begins Operation Pillar of Defense, with intense aerial strikes throughout the Gaza Strip; 8 Palestinians killed in air strikes; IDF infantry forces deployed to Gaza border.
RELATED
Hamas: Assassination is a declaration of war
Beersheba residents hunker down for long night
IDF soldiers patrol near Gaza

Analysis: The battle for the South has begun
Hamas can accept deterrence or force IDF into ground offensive.
Prime Minister Binyamin Netanyahu calls early elec

Netanyahu talks to Obama, Ashton on Gaza operation
UN Security Council likely to meet to discuss violence.

LATEST UPDATES

05:07
UN Security Council holds emergency session on Israel raids
03:59
Gazans fire Grad towards Beersheba; Iron Dome intercepts
03:47
Obama speaks with Netanyahu, Morsi on Gaza escalation
02:59
Gazans fire 2 rockets at Beersheba; Iron Dome intercepts 1
02:48
IDF: Iron Dome has intercepted 28 rockets from Gaza so far

Stranded Traveler: Manila Trip

November 7 2012 by admin in Uncategorized |Comments Off

The Standard Traveler scam is a computer program that hacks the victims’ emails. Then, it asks the contacts for money:

Hello,
Just writing to let you know our trip to Manila Philippines has been a mess. I was having a great time until last night when we got mugged and lost all my cash, credit card cellphone It has been a scary experience, I was hit at the back of my neck with a Gun Anyway..I’m still alive and that’s whats important. I’m financially strapped right now and need your help. I need you to lend me the sum of $1,890 I’ll refund it to you as soon as i arrive home.Email me back so i can tell you how to get it to me.

Best Regards,
Thomas.

E-book Price Fixing Settlement

October 17 2012 by admin in Uncategorized |Comments Off

HARRISBURG, PA — Attorney General Linda Kelly today urged Pennsylvania consumers who use e-books to carefully review information about proposed settlements between state attorneys general and several of the nation’s largest publishing companies.

Kelly said the settlements, which are currently awaiting court approval, include approximately $69 million in payments to consumers who were allegedly charged inflated or fixed prices for electronic books.

Consumers impacted by these settlements have been sent email notices or postcards from the e-book retailers where they purchased their electronic books or from the national settlement administrator. Those notices include detailed instructions about how consumers can receive settlement payments – either as a credit on their account with an e-book retailer or by submitting a claim form in order to receive a check.

Kelly said that anyone who believes they are covered by these settlements but has not received a notification postcard or email message should visit the official e-book settlement website at www.EBookAGSettlements.com.

Consumers can also call 1-866-621-4153 to learn more about the settlements and decide whether to file a claim form. All claim forms must be filed online or postmarked by December 12, 2012.

Consumers are included in these proposed settlements if they purchased an e-book between April 1, 2010 through May 21, 2012 that was published by Hachette, HarperCollins, Simon & Schuster, Penguin, or Macmillan, along with certain other names under which these publishers also publish e-books. A full list of the publishers included in the settlements is available at www.EBookAGSettlements.com.

The publishers have agreed to settle the lawsuit but deny any wrongdoing.

A separate lawsuit with similar claims continues against two other publishers and Apple Inc.

Children’s Privacy Protection: How to Comply

September 14 2012 by admin in Uncategorized |Comments Off

CURRENT REGULATIONS

The Children’s Online Privacy Protection Act, effective April 21, 2000, applies to the online collection of personal information from children under 13. The new rules spell out what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children’s privacy and safety online.

The Federal Trade Commission staff prepared this guide to help you comply with the new requirements for protecting children’s privacy online and understand the FTC’s enforcement authority.

Who Must Comply

If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children’s Online Privacy Protection Act.

  • To determine whether a Web site is directed to children, the FTC considers several factors, including the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features.

  • To determine whether an entity is an “operator” with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre-existing contractual relationships are in connection with the information; and what role the Web site plays in collecting or maintaining the information.

Personal Information

The Children’s Online Privacy Protection Act and Rule apply to individually identifiable information about a child that is collected online, such as full name, home address, email address, telephone number or any other information that would allow someone to identify or contact the child. The Act and Rule also cover other types of information — for example, hobbies, interests and information collected through cookies or other types of tracking mechanisms — when they are tied to individually identifiable information.

Basic Provisions

Privacy Notice

Placement

An operator must post a link to a notice of its information practices on the home page of its Web site or online service and at each area where it collects personal information from children. An operator of a general audience site with a separate children’s area must post a link to its notice on the home page of the children’s area.

The link to the privacy notice must be clear and prominent. Operators may want to use a larger font size or a different color type on a contrasting background to make it stand out. A link in small print at the bottom of the page — or a link that is indistinguishable from other links on your site — is not considered clear and prominent.

Content

The notice must be clearly written and understandable; it should not include any unrelated or confusing materials. It must state the following information:

  • The name and contact information (address, telephone number and email address) of all operators collecting or maintaining children’s personal information through the Web site or online service. If more than one operator is collecting information at the site, the site may select and provide contact information for only one operator who will respond to all inquiries from parents about the site’s privacy policies. Still, the names of all the operators must be listed in the notice.

  • The kinds of personal information collected from children (for example, name, address, email address, hobbies, etc.) and how the information is collected — directly from the child or passively, say, through cookies.

  • How the operator uses the personal information. For example, is it for marketing back to the child? Notifying contest winners? Allowing the child to make the information publicly available through a chat room?

  • Whether the operator discloses information collected from children to third parties. If so, the operator also must disclose the kinds of businesses in which the third parties are engaged; the general purposes for which the information is used; and whether the third parties have agreed to maintain the confidentiality and security of the information.

  • That the parent has the option to agree to the collection and use of the child’s information without consenting to the disclosure of the information to third parties.

  • That the operator may not require a child to disclose more information than is reasonably necessary to participate in an activity as a condition of participation.

  • That the parent can review the child’s personal information, ask to have it deleted and refuse to allow any further collection or use of the child’s information. The notice also must state the procedures for the parent to follow.

Direct Notice to Parents

Content

The notice to parents must contain the same information included on the notice on the Web site. In addition, an operator must notify a parent that it wishes to collect personal information from the child; that the parent’s consent is required for the collection, use and disclosure of the information; and how the parent can provide consent. The notice to parents must be written clearly and understandably, and must not contain any unrelated or confusing information. An operator may use any one of a number of methods to notify a parent, including sending an email message to the parent or a notice by postal mail.

Verifiable Parental Consent

Before collecting, using or disclosing personal information from a child, an operator must obtain verifiable parental consent from the child’s parent. This means an operator must make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child receives notice of the operator’s information practices and consents to those practices.

Until April 2002, the FTC will use a sliding scale approach to parental consent in which the required method of consent will vary based on how the operator uses the child’s personal information. That is, if the operator uses the information for internal purposes, a less rigorous method of consent is required. If the operator discloses the information to others, the situation presents greater dangers to children, and a more reliable method of consent is required. The sliding scale approach will sunset in April 2002 subject to a Commission review planned for October 2001.

Internal Uses

Operators may use email to get parental consent for all internal uses of personal information, such as marketing back to a child based on his or her preferences or communicating promotional updates about site content, as long as they take additional steps to increase the likelihood that the parent has, in fact, provided the consent. For example, operators might seek confirmation from a parent in a delayed confirmatory email, or confirm the parent’s consent by letter or phone call.

Public Disclosures

When operators want to disclose a child’s personal information to third parties or make it publicly available (for example, through a chat room or message board), the sliding scale requires them to use a more reliable method of consent, including:

  • getting a signed form from the parent via postal mail or facsimile;

  • accepting and verifying a credit card number in connection with a transaction;

  • taking calls from parents, through a toll-free telephone number staffed by trained personnel;

  • email accompanied by digital signature;

But in the case of a monitored chat room, if all individually identifiable information is stripped from postings before it is made public — and the information is deleted from the operator’s records — an operator does not have to get prior parental consent.

Disclosures to Third Parties

An operator must give a parent the option to agree to the collection and use of the child’s personal information without agreeing to the disclosure of the information to third parties. However, when a parent agrees to the collection and use of their child’s personal information, the operator may release that information to others who uses it solely to provide support for the internal operations of the website or service, including technical support and order fulfillment.

Exceptions

The regulations include several exceptions that allow operators to collect a child’s email address without getting the parent’s consent in advance. These exceptions cover many popular online activities for kids, including contests, online newsletters, homework help and electronic postcards.

Prior parental consent is not required when:

  • an operator collects a child’s or parent’s email address to provide notice and seek consent;

  • an operator collects an email address to respond to a one-time request from a child and then deletes it;

  • an operator collects an email address to respond more than once to a specific request — say, for a subscription to a newsletter. In this case, the operator must notify the parent that it is communicating regularly with the child and give the parent the opportunity to stop the communication before sending or delivering a second communication to a child;

  • an operator collects a child’s name or online contact information to protect the safety of a child who is participating on the site. In this case, the operator must notify the parent and give him or her the opportunity to prevent further use of the information;

  • an operator collects a child’s name or online contact information to protect the security or liability of the site or to respond to law enforcement, if necessary, and does not use it for any other purpose.

October 2001/April 2002

In October 2001, the Commission will seek public comment to determine whether technology has progressed and whether secure electronic methods for obtaining verifiable parental consent are widely available and affordable. Subject to the Commission’s review, the sliding scale will expire in April 2002. Until then, operators are encouraged to use the more reliable methods of consent for all uses of children’s personal information.

New Notice for Consent

An operator is required to send a new notice and request for consent to parents if there are material changes in the collection, use or disclosure practices to which the parent had previously agreed. Take the case of the operator who got parental consent for a child to participate in contests that require the child to submit limited personal information, but who now wants to offer the child chat rooms. Or, consider the case of the operator who wants to disclose the child’s information to third parties who are in materially different lines of business from those covered by the original consent — for example, marketers of diet pills rather than marketers of stuffed animals. In these cases, the Rule requires new notice and consent.

Access Verification

At a parent’s request, operators must disclose the general kinds of personal information they collect online from children (for example, name, address, telephone number, email address, hobbies), as well as the specific information collected from children who visit their sites. Operators must use reasonable procedures to ensure they are dealing with the child’s parent before they provide access to the child’s specific information.

They can use a variety of methods to verify the parent’s identity, including:

  • obtaining a signed form from the parent via postal mail or facsimile;

  • accepting and verifying a credit card number;

  • taking calls from parents on a toll-free telephone number staffed by trained personnel;

  • email accompanied by digital signature;

  • email accompanied by a PIN or password obtained through one of the verification methods above.

Operators who follow one of these procedures acting in good faith to a request for parental access are protected from liability under federal and state law for inadvertent disclosures of a child’s information to someone who purports to be a parent.

Revoking & Deleting

At any time, a parent may revoke his/her consent, refuse to allow an operator to further use or collect their child’s personal information, and direct the operator to delete the information. In turn, the operator may terminate any service provided to the child, but only if the information at issue is reasonably necessary for the child’s participation in that activity. For example, an operator may require children to provide their email addresses to participate in a chat room so the operator can contact a youngster if he is misbehaving in the chat room. If, after giving consent, a parent asks the operator to delete the child’s information, the operator may refuse to allow the child to participate in the chat room in the future. If other activities on the Web site do not require the child’s email address, the operator must allow the child access to those activities.

Timing

The Rule covers all personal information collected after April 21, 2000, regardless of any prior relationship an operator has had with a child. For example, if an operator collects the name and email address of a child before April 21, 2000, but plans to seek information about the child’s street address after that date, the later collection would trigger the Rule’s requirements. In addition, come April 21, 2000, if an operator continues to offer activities that involve the ongoing collection of information from children — like a chat room — or begins to offer such activities for the first time, notice and consent are required for all participating children regardless of whether the children had already registered at the site.

Safe Harbors

Industry groups or others can create self-regulatory programs to govern participants’ compliance with the Children’s Online Privacy Protection Rule [PDF]. These guidelines must include independent monitoring and disciplinary procedures and must be submitted to the Commission for approval. The Commission will publish the guidelines and seek public comment in considering whether to approve the guidelines. An operator’s compliance with Commission-approved self-regulatory guidelines will generally serve as a Asafe harbor” in any enforcement action for violations of the Rule.

Enforcement

The Commission may bring enforcement actions and impose civil penalties for violations of the Rule in the same manner as for other Rules under the FTC Act. The Commission also retains authority under Section 5 of the FTC Act to examine information practices for deception and unfairness, including those in use before the Rule’s effective date. In interpreting Section 5 of the FTC Act, the Commission has determined that a representation, omission or practice is deceptive if it is likely to:

  • mislead consumers; and

  • affect consumers’ behavior or decisions about the product or service.

Specifically, it is a deceptive practice under Section 5 to represent that a Web site is collecting personal identifying information from a child for one reason (say, to earn points to redeem a premium) when the information will be used for another reason that a parent would find material — and when the Web site does not disclose the other reason clearly or prominently.

In addition, an act or practice is unfair if the injury it causes, or is likely to cause, is:

  • substantial;

  • not outweighed by other benefits; and

  • not reasonably avoidable.

For example, it is likely to be an unfair practice in violation of Section 5 to collect personal identifying information from a child, such as email address, home address or phone number, and disclose that information to a third party without giving parents adequate notice and a chance to control the collection and use of the information.

For More Information

If you have questions about the Children’s Online Privacy Protection Rule [PDF], visit the FTC online at www.onguardonline.gov/topics/kids-privacy.aspx. You also may call the FTC’s Consumer Response Center toll-free at 1-877-FTC-HELP (382-4357), or write Consumer Response Center, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Your Opportunity to Comment

The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency’s responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to www.sba.gov/ombudsman.

 

Malware Growing at an Exponential Rate

September 5 2012 by admin in Uncategorized |Comments Off

Malware is malicious software that a user unwittingly installs on their computer. Malware can disrupt computer operations, capture every keystroke, destroy data, gather usernames and passwords, acquire your address book and email addresses, or gain access to private networks.

“McAfee has announced, in its quarterly threats report, that it has identified 8 million new kinds of malware in the second quarter of the year. McAfee now estimates that there is upward of 90 million strands of malware on the internet.

Malware is not only growing at an exponential rate, it’s also getting smarter, as Apple found out when hundreds of thousands of its Macs were infected by the Flashback virus. Google’s Android software is another major target for malware with McAfee reporting 13,000 different pieces in 2012 to date, compared to just 2,000 in 2011.”

Do Not Allow Microsoft to Save Passwords

September 4 2012 by admin in Uncategorized |Comments Off

Do not allow Internet Explorer to store passwords for you
Stored passwords allow anyone who can access your machine to log in to your web accounts as you. In addition, there are numerous utilities that can expose that hidden information and actually reveal the password. If you’ve reused that password for other logins, many systems or web sites could be compromised.

Also, Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft’s Hidden Data Removal tool.

by System Administration, Networking and Security Institute

Google Fined 22.5 Million Over Privacy Violations

August 9 2012 by admin in Uncategorized |Comments Off

Google Will Pay $22.5 Million to Settle FTC Charges it Misrepresented Privacy Assurances to Users of Apple’s Safari Internet Browser

Privacy Settlement is the Largest FTC Penalty Ever for Violation of a Commission Order

Google Inc. has agreed to pay a record $22.5 million civil penalty to settle Federal Trade Commission charges that it misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.

The settlement is part of the FTC’s ongoing efforts make sure companies live up to the privacy promises they make to consumers, and is the largest penalty the agency has ever obtained for a violation of a Commission order.  In addition to the civil penalty, the order also requires Google to disable all the tracking cookies it had said it would not place on consumers’ computers.

“The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” said Jon Leibowitz, Chairman of the FTC.  “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

Google, the developer of the world’s most popular Internet search engine, generates billions of dollars in revenues annually from selling online advertising services, including the delivery of targeted ads online.  Cookies are small pieces of computer text that are used to collect information from computers and can be used to serve targeted ads to consumers.  By placing a tracking cookie on a user’s computer, an advertising network can collect information about the user’s web-browsing activities and use that information to serve online ads targeted to the user’s interests or for other purposes.

In its complaint, the FTC charged that for several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google’s DoubleClick advertising network, although Google had previously told these users they would automatically be opted out of such tracking, as a result of the default settings of the Safari browser used in Macs, iPhones and iPads.

According to the FTC’s complaint, Google specifically told Safari users that because the Safari browser is set by default to block third-party cookies, as long as users do not change their browser settings, this setting “effectively accomplishes the same thing as [opting out of this particular Google advertising tracking cookie].”  In addition, Google represented that it is a member of an industry group called the Network Advertising Initiative, which requires members to adhere to its self-regulatory code of conduct, including disclosure of their data collection and use practices.

Despite these promises, the FTC charged that Google placed advertising tracking cookies on consumers’ computers, in many cases by circumventing the Safari browser’s default cookie-blocking setting.  Google exploited an exception to the browser’s default setting to place a temporary cookie from the DoubleClick domain.  Because of the particular operation of the Safari browser, that initial temporary cookie opened the door to all cookies from the DoubleClick domain, including the Google advertising tracking cookie that Google had represented would be blocked from Safari browsers.

The FTC charged that Google’s misrepresentations violated a settlement it reached with the agency in October 2011, which barred Google from – among other things – misrepresenting the extent to which consumers can exercise control over the collection of their information.  The earlier settlement resolved FTC charges that Google used deceptive tactics and violated its privacy promises when it launched its social network, Google Buzz.

More information about the FTC case can be found at the Tech@FTC blog.

The Commission vote to authorize the staff to refer the complaint to the Department of Justice, and to approve the proposed consent decree, was 4-1 with Commissioner J. Thomas Rosch dissenting.  The Commission issued a statement authored by Chairman Jon Leibowitz and Commissioners Edith Ramirez, Julie Brill, and Maureen Ohlhausen. In its statement, the Commission affirmed that the settlement is in the public interest because, based on staff’s investigative work, there is strong reason to believe that Google violated the prior order, and the $22.5 million fine is an appropriate remedy for the charge that Google misrepresented to Safari browser users how to avoid targeted advertising by Google.  In his dissenting statement, Commissioner Rosch stated that it arguably cannot be concluded that the consent decree is in the public interest if it contains a denial of liability.

This case was filed with the invaluable assistance of the DOJ, which filed the complaint and proposed consent decree on behalf of the Commission in U.S. District Court for the District of Northern California in San Jose August 8, 2012.  The proposed consent decree is subject to court approval.

NOTE:  The Commission refers a complaint to the DOJ for filing when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest.  The complaint is not a finding or ruling that the defendant has actually violated the law.  This consent order is for settlement purposes only and does not constitute an admission by the defendant that the law has been violated.  Consent orders have the force of law when signed by the District Court judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics.  Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

The Membrane Domain: Security And Privacy

Next Page »