E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Philly.com

Posted on August 13, 2009

      When Daniel Carter logged on to a shared computer at a hostel in Rome to check e-mail, he had no idea he was in a hacker's sights. After his trip was over, he discovered someone had hijacked his e-mail account and sent a message to hundreds of his contacts asking for money.

      "Sorry i did not get you informed about my short trip to london . . . i was attacked on my way to the hotel by some hoodlums and they took away all my belongings," the e-mail said, ending with a plea for money "so i can sort out my hotel bills and fly back home" and a promise of repayment.

      Most of Carter's contacts recognized the scam from the poor grammar and lack of uppercase letters. Unfortunately, one older friend fell for it, sending about $2,000 to the scammers. Carter eventually regained control of his e-mail account and cleaned up the mess. But the money his friend sent was lost.

      "This was a big wake-up call. I thought, 'Who's going to hack me, I'm not important or of large means,' " said Carter, a songwriter and composer who lives in Salt Lake City. But, as he found out, a hacker can make a quick profit off an ordinary traveler.

      What happened to Carter is relatively rare. But travelers are especially vulnerable to hackers because they often use computers and WiFi networks in hotel lobbies, cafes, and airports.

      "If you are using an open WiFi network, you are extremely vulnerable," says computer security consultant Kevin Mitnick. He should know: Mitnick served five years in prison for computer capers that gained him notoriety and prompted an FBI manhunt.

      Here are some steps you can take to protect yourself:

      Create a strong password. Carter says his e-mail was easier to hack because he had a weak password.

      Create a dedicated e-mail account for use on the road, with a password that is different from passwords you use for bank and credit card information. Let your contacts know you'll be using that account while on vacation. You can stay in touch, but if someone does hack into your account, they only get your vacation pictures.

      Cover your tracks when using a shared computer. On Apple's Safari browser, under the Safari menu, toggle "Private Browsing." On Microsoft's Explorer, when you log off, go to "Tools" and "Delete Browsing History" to remove traces of your passwords and the Web sites you've visited.

      But experts say clearing the history offers weak protection at best. A shared computer, even one that's hard-wired as opposed to one with a wireless network, can harbor keystroke loggers or other malware that grab passwords and other information. That's why Mitnick says he'd use a shared computer to check e-mail only as a last resort - and then he'd immediately change all his passwords when he gets to a secure computer.

      Beware of wireless hotspots. They also can be dangerous, with hackers monitoring communication from your laptop or other electronic device. And you can be vulnerable when using a wired hotel network, since a hacker could be next door and access your computer through the network.

      "Sniffing a wireless network is really easy to do - any teen in junior high can do it," Mitnick says of a strategy that amounts to eavesdropping on computer communications in an open network in, say, a cafe or airport. Such vulnerabilities can yield mayhem with attacks known as "packet sniffing," "man in the middle" attacks, and "MAC Spoofing."

      That's not to say every hotspot is dangerous. But when using your laptop in a public place, you obviously want up-to-date security programs, says Dave Marcus, McAfee's director of security research and communication.

      You should also disable file-sharing on your laptop, Marcus says. It's also a good idea to turn off Bluetooth and printer-sharing, and disable ad hoc network connections. Each Windows and Mac operating system has a slightly different procedure for doing this.

      Many experts say you should not send any sensitive data while in a hotspot. That's because many e-mail services and browser connections essentially broadcast in the clear, meaning someone can eavesdrop on information sent to and from your computer. If you want to be careful, that means avoiding banking, shopping, and checking credit-card accounts. Even though these sites usually encrypt your data, there are some work-arounds a determined hacker could use. Even passwords for seemingly innocuous services could lead to more sensitive personal data. Consider a virtual private network. "The best way to protect yourself is a VPN," says Mitnick. "It's a tunnel, where all your communication is encrypted. A passive attacker can't intercept."

      Bill Bullock, cofounder of the VPN service WiTopia, calls such networks "the next weapon in the arsenal," after firewalls and antivirus software. His company offers plans starting at $39.99 a year, but there are plenty of competitors. And, if you are computer-savvy, you can create your own VPN, connecting from the road to your secure computer at home and accessing the Internet through it. They can also work with iPhones and other personal data devices.

      But Kelly Davis-Felner of the Wi-Fi Alliance, a group that promotes growth of WiFi networks, says a VPN is probably overkill for travelers who are just checking the latest sports scores or e-mailing Mom from a cafe on the Champs-Elysees. "It's a statistical possibility that you'll get hacked in a hotspot," she acknowledged, advising against banking, trading stocks, or doing business-related work at an open network without a VPN.

      But she added: "You are taking a much greater risk handing your credit card to a waiter than sitting in an airport sending e-mail."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.