March 2, 2009

Does Craigslist Need Better Regulation?

Tech Tips 207

Does Craigslist Need Better Regulation?

By Bryan Lambert – Sunday, March where can i get cialis 1, 2009

Fraud and Scams on Craigslist (Part 2) – Avoiding Them

pullQuoteIn our first part on scams and fraud that are commonly run in Craigslist, we looked at how to identify them. In Part Two, we will be looking at ways to avoid them. While some of the measures may seem like common sense, it is amazing how many people still may not take them. Many times this can be either because the fraudster puts pressure, either subtle or overt, on the intended victim (as part of the scheme) or maybe they just don’t know what they don’t know.

Use Your Head and Feet

When first conceived, Craigslist was a place meant where local people could place and look for ads. Craigslist takes great strides to ensure, that even though their website is international in nature, that it is local in scope. Keeping this in mind, one of the greatest deterrents to avoiding fraud and scams on Craigslist would be to KEEP IT LOCAL! Craigslist does have FAQs on how to avoid scams that may be perpetrated on their site and the number one thing Meet in personthat they recommend is, surprisingly: “DEAL LOCALLY WITH FOLKS YOU CAN MEET IN PERSON.” They go on to explain that by doing this you can avoid 99% of the scam attempts that are run on their site. Remember, this is not eBay – these are supposed to be local folks advertising to local folks. Insist that the transaction must be local and must be in cash. Above all else this would be the first and foremost thing to keep in mind on ANY Craigslist transaction (as a side note, Craigslist also does offer some personal safety tips on their site as well that are worth a read.

Common Sense

Another common sense rule is that if anyone that you contact or that contacts you wants you to wire money to them (be it for a rental or for a purchase – especially after they “accidently” send you too much money for an item) know that you’d get more out of your money by burning it (at least you get the warmth from the fire it creates). If you wire money to anyone met through Craigslist, you lose. You kissed that money goodbye. Anyone who is asking you to do this is trying to scam YOU out of YOUR money, pure and simple. So, DO NOT, EVER, NEVER, EVER send money to anyone this way… Period! Again, Craigslist, bless their little hearts, states in their avoid scams FAQs: “NEVER WIRE FUNDS VIA WESTERN UNION, MONEYGRAM or any other wire service,” and then they go on to say: “anyone who asks you to do so is a scammer.”

Please do NOT give out financial information about yourself. Identity thieves will have a field day on your dime if you give out your social security number, bank account number, Paypal or eBay account info (legit, LOCAL rental applications being the exception). Craigslist does list some other tips under their scammer FAQs as well. Keeping in line with some of the advice offered there, please be aware that fake cashiers checks and money orders are very common – and you’re the one left hold the bag (unlike credit card fraud, where there is a limit to how much you’re liable, there is no such limit for check fraud.). Also know that Craigslist doesn’t get involved in any type of transactions carried out on their site. They do not offer guarantees, escrow services, handle payments, buyer protection or seller certification. If you get involved in any transaction where a person says that they do, this is an immediate red flag.

In line with keeping it local, AVOID like the plague any deals involving shipping or escrow services – there simply is no way to guarantee such a transaction. The Craigslist scam FAQs goes as far as to actually state: “ONLY A SCAMMER WILL "GUARANTEE" YOUR TRANSACTION.” Keep this especially in mind if you see a car that is being offered out of the area. As a matter of fact, Craigslist actually puts in big bold letters across any page where items are offered for sale: “OFFERS TO SHIP CARS ARE 100% FRAUDULENT.” This goes in line with the advice to keep the transactions local.

Remembering the adage to keep it local that we previously mentioned, if you are considering renting, when you meet personally with the potential landlord, they usually will (as part of the rental process) ask you to fill out a rental application form. Because this (of necessity) will have some of your personal information on it, please be sure to ask potential landlords to see their ID and then record the information found on it. This step will usually weed out scammers having no legit claim to the property. Heads up if they don’t show you the ID or if they just flash it for a second without letting you record the information on it. Another bid red flag goes Forcloseup if they DON’T want you to fill out a rental application of any kind or ask to check your credit. You may want to also look up the potential rentals property or the landlord's name on the internet and see what comes up (look for the name being connected with the word “scam” or “fraud” and look to see if the property if offered for varying amounts on different sites). It may even be prudent to look up for yourself (in the city or county public records) who exactly is listed as owner for a property and to get a statement (in writing) from the landlord that they are not behind in payments nor is the property in foreclosure. If the person tries to sell you “foreclosure lists” when you are calling about a rental, just hang up, all they want is your money and nothing more. (see: kgw.com and Fraudguides.com)

If you are a potential landlord, again, keep it local. Be wary of persons contacting you via e-mail that are out of the area and interesting in renting the property. Extra red flags go up if the grammar is poor, if they ask you information that is already contained in the ad, if they give an elaborate back story, or if they try to involve third parties. DO NOT EVER let a tenant pay you more than you asked for and then demand a refund – anyone doing this is a scam artist. Be sure to follow up on references and credit checks on your potential renter, and if you rent the property frequently, change the locks between renters.
(see:fraudguides.com/tips, http://www.fraudguides.com/tips2 and http://www.scamalicious.com/)

Final Thoughts

Yes, there are frauds and scams being run on Craigslist, but knowledge is power. Being forewarned is being forearmed. If you keep these Tech Tips in mind, you’re sure to cut down dramatically on your chances of being a victim of a scam or fraud on Craigslist.

Permalink • Print • Comment

February 28, 2009

Does Craigslist Need Better Regulation

Tech Tip 206

Does Craigslist Need Better Regulation?

By Bryan Lambert – Sunday, February 22, 2009

(Part 1) – Fraud and Scams on Craigslist –
What Do These Look Like?

You’re looking for new digs – and know just where to find the perfect place; you want to buy another car, and know just where to search for one. Perhaps you have a place you want to rent or a car Craigslistyou want to sell and you know just the place for advertising them – Craigslist! With their goal of keeping online classifieds local, simple and (for the most part) free, there’s no question about it; Craigslist has become quite an online phenomenon. Constantly one of the top 50 websites sites visited, this website, for one offering local ads, has attracted literally a worldwide following. However, along with this following Craigslist has attracted a very unsavory element of scammers as well.


In this Tech Tip, we’ll be looking specifically at some specific areas of fraud that seem to be hitting Craigslist these days in regards to rentals and items offered for sale

PullQuote206While scams and fraud do occur on many websites where buying and selling occur, they seem to be almost epidemic on Craigslist these days. Though some of these scams may seem obvious, criminals still use them again and again (often accompanied with poor grammar) for the simple fact that they continue to work. Without further ado, here are some of the common scams that are appearing on Craigslist.


For people placing an ad for a rental, some common fraudulent activities are:

  • A person contacts you from out of the area (usually overseas) and really wants to rent your listing. They send you a check or money order over the total amount due rent and then have you send the amount of overage back to them (usually by Western Union or some other wire service); this is a scam pure and simple. You will be out the amount you send back once the check (or money order) is found to be a fake (it is interesting that they send you a check or money order, but want the money "refunded" to them to be wired).
  • A person takes the information from the property you’re listing and relists it as their own. These people are also usually from out of the area. This leads to all sorts of issues as the same property can be “rented” several times – by you (legitimately) and by the scammers.
  • A person actually rents your place then turns around and by representing themselves as the owner, re-rent it to several people before skipping town.


For people looking for a home or apartment to rent:

  • You contact the person from the ad (usually via e-mail) and they explain that they are out of the area, but the place it still for rent. They may ask for key deposits so you can “look” at the place and For Rentthen will often try and create a sense of urgency so they can elicit the bigger ticket items such as security deposits and first and last month’s rent. Really, anything else they can think of and have it wired to them. Usually these ads are ones copied from legit ads either on Craigslist or other rental sites – but at lower (but still believable) rental rates. Like all scams, money leaves your pocket never to return.
  • No Credit CardsYou click on an ad for a very good looking and well priced rental only to be directed to call an 800 number. Usually, these end up being scammers that have no intention of renting the property at the price they listed, but want you to buy “foreclosure what is cialis used for lists” instead. Extra bonus for the scammers if they get a good credit card number with a large limit.
  • Classic bait and switch, even if you literally watched the ad be placed, when you call the property is not available, but this other one is….
  • The person renting the house may be local, but they do not actually own the house. They either just rented it themselves or, worse yet, are advertising a vacant home that someone is trying to sell or that is bank owned. Some may claim that they are renting it on “behalf of the owner” as well. The person “renting” the property collects several deposits, several first and last rents and leaves town. In addition to the money, the scammers now have several key pieces of personal information on the persons scammed.


For people selling or buying an item on Craigslist:

  • Sellers: A person contacts you (usually out of the area) and really wants to buy your item. They offer to pay more than it is worth (works great for small, pricey items that are easy to mail) or “accidently” pay you over the amount and look for you to send the difference back to them (sound familiar? Look at item 1 for personal placing ads for rentals above). Even for large items (such as furniture), they’ll ask to pay with check and arrange to have it shipped to them; again, the check will be “accidently” over the amount asked for, and you’re asked for a refund. It may seem strange for you to be sending someone else money when you were the one selling and that’s because IT IS STRANGE!
  • Buyers: The item is not just a bargain, but it is a BARGAIN (think of a car that is well below the current Kelly Blue Book price or a Car Salesmanlaptop computer at a price too good to be true). This bargain is usually out of the area and would need to be shipped to you. An escrow service is perhaps offered to
    help facilitate the purchase (many are also sent up fraudulently just to facilitate such a scam)

    Bottom Line, you send money-you get nothing.

Some scams and fraud and very easy to detect, but others can be difficult as criminals get more and more sophisticated. This list is by no means complete, but can give you a general outline of some common scams that are still used. Knowledge is power, so it is good to be aware of some of these tactics used by scammers before you put down your hard earned money.

Now that you know what to look for, in next week’s Tech Tip, we’ll look at some ways to avoid scams and fraud on Craigslist.

Who should I notify about fraud or scam attempts?

  • FTC toll free hotline: 877-FTC-HELP (877-382-4357)
  • FTC online complaint form (http://www.ftc.gov)
  • Canadian PhoneBusters hotline: 888-495-8501
  • Internet Fraud Complaint Center (http://www.ic3.gov)
  • Non-emergency number for your local police department.

If you suspect that an item posted for sale on craigslist may be part of a scam, please email the details to "abuse@craigslist.org". Be sure to include the URL (or eight-digit post ID number) in your message.

* http://www.craigslist.org/about/scams

Permalink • Print • Comment

Site owners stung by SiteAdvisor rating errors

Dennis O'Reilly By Dennis O'Reilly

McAfee's SiteAdvisor security service leaves some Web developers scratching their heads over inconsistencies in its green-yellow-red ratings.

The company's promises of more-frequent reviews of its site classifications are welcomed by site owners struggling to win SiteAdvisor's approval.

The Feb. 19 Top Story by editorial director Brian Livingston described McAfee's attempts to ensure that the security ratings generated by the company's SiteAdvisor service are up-to-date. That column followed the previous week's Top Story by Mark Joseph Edwards, which reported that SiteAdvisor's ratings could be as much as one year old.

Eric Legge wrote in to tell us of his efforts to have his site retested after it was assigned a yellow rating by SiteAdvisor:

  • "SiteAdvisor is talking rubbish about dealing with complaints promptly. I complained by e-mail and by letter to the [McAfee] CEO about every page on my site having a yellow rating in October 2008. I also requested that my site be revisited after I had removed the [offending] link, which I removed only because I have probably been losing visitors for years because of this lousy service.

    "My entire site [PC Buyer Beware] still has a yellow rating for a link to this page, which SiteAdviser has given a green rating! [The page contains] a valid fix for the Smitfraud virus.

    "You only have to search the Web to find a number of site owners who have had their sites' existence threatened by SiteAdvisor errors. Thanks for taking this 'service' to task."

So many people street value of cialis asked us about SiteAdvisor alternatives that we're planning a technical review of the accuracy of SiteAdvisor, Web of Trust, and other site-rating services. This complex task will take a while to finish, but we hope to offer our recommendations sometime within the next few weeks. At this point, it's not clear how bad the situation is and which services are really the most correct.

SiteAdvisor plug-in may not be easy to remove

Our report on SiteAdvisor caused many readers to uninstall the plug-in for their browsers. Unfortunately, getting the program off your system may require some extra effort, as reader Chris Coddington discovered:

  • "In the recent article on SiteAdvisor's retesting policy, I and most others certainly read between the lines and know what to expect if [we] continue to use the 'service.' I suspect that many users — including myself — are uninstalling SiteAdvisor. If we can't trust the [service's] red warnings, we can't trust the green warnings, either.

    "Now the only problem is how to uninstall the beast! It certainly can't be found [by clicking] Start, All Programs, and I don't have any other McAfee software on my system. It sounds like they are hiding it someplace. It's getting to sound almost like another virus to worry about!"

SiteAdvisor can be removed via standard Control Panel applets: Add or Remove Programs in XP and Programs and Features in Vista. In XP, another way to get to Add or Remove Programs is to click Start, Run; type appwiz.cpl; and press Enter. An alternative way to open Programs and Features in Vista is to press the Windows key, type appwiz.cpl, and press Enter.

Once you're in the Control Panel applet in either version of Windows, select the entry for McAfee SiteAdvisor, click Change/Remove in XP or Uninstall in Vista, and step through the wizard.

The Windows uninstaller may not completely remove the program. McAfee provides a free Consumer Products Removal utility (more info and download page). This tool promises to clear your system of several of the company's products, not just SiteAdvisor.

If you prefer to disable rather than uninstall the SiteAdvisor plug-in, you can do so in Firefox by clicking Tools, Add-ons; selecting McAfee SiteAdvisor; and choosing Disable. In IE, click Tools, Manage Add-ons, Enable or Disable Add-ons; select both McAfee SiteAdvisor BHO and McAfee SiteAdvisor Toolbar, one at a time; and choose Disable under Settings near the bottom of the dialog box.

Another possible SiteAdvisor alternative

In the Feb. 19 Known Issues column, reader George Elting recommended two free programs designed to make your Web browsing safer. In summary, CallingID (more info) and LinkScanner Lite (more info) are more specialized services than SiteAdvisor. The former identifies the location of the site's server, and the latter verifies the links returned by search engines.

Larry Croy offers another suggestion for secure browsing:

  • "Just a heads-up for another free alternative to SiteAdvisor. I have been using the Finjan SecureBrowsing software [more info] for several years with no problems. They have both IE and Firefox versions."

As I mentioned above, we'll be taking a closer look at Web security programs in a future article. Stay tuned!

Permalink • Print • Comment

Reviewers rate Norton the No. 1 security suite

Ryan Russell By Ryan Russell

Norton Internet Security Suite 2009, the top-rated security suite this year — as it was last year — now uses fewer system resources than before without skimping on protection.

If you're not a fan of Norton products, there are plenty of other contenders worthy of consideration that can challenge the long-time security-software leader.

Symantec Norton Internet Security 2009 Windows Secrets writers periodically analyze the ratings of trusted reviewers and summarize for you in the WS Security Baseline which personal-protection products are currently getting the best marks. Based on reviews from PC World, PCMag, Maximum PC, and others, today's security-suite winner is Symantec's Norton Internet Security 2009 (photo at right).

This product may seem like a repeat from last year's tally of ratings. Scott Dunn's Jan. 24, 2008, Top Story reported that Norton Internet Security 2008 had received the most Editors' Choice awards of any suite. However, the latest release of NIS is faster and less resource-hungry than previous versions, according to reviewers.

Symantec has not been deaf to the complaints of Norton Internet Security users about the program's spendthrift ways with your PC's memory and CPU cycles. In its review of the program, PCMag.com says, "this is definitely the slimmest, most unobtrusive Norton ever." (See below for links to this and other reviews of the product.)

As with most of the leading security-suite contenders, Norton Internet Security protects against infection by viruses, spyware, and rootkits. The program's components include a software firewall and a content-filtering utility for browsers and instant-messaging clients.

Runner-up suites challenge Norton products

If you're one of the many people who've sworn never to install a Norton or McAfee security product again, I understand your pain. More than once, I've had to venture into the Windows file system and Registry to manually uninstall security programs from the two biggest names in the field, ripping the pieces out one by one.

The good news is that there are a lot of other, strong contenders for security-suite top dog. Maximum PC lists ESET Smart Security as its second choice; the program matched Symantec's score of 9 out of 10. The magazine's reviewers gave a lot of weight to performance and the impact the program has on system resources.

PCMag.com gives Trend Micro Internet Security Pro 2009 and ZoneAlarm Internet Security Suite 2009 a tie for second place, trailing only Symantec's product. The site also weighted performance heavily, site cialis particularly the boot times of the programs it tested.

PC World rates BitDefender Internet Security 2009 as the second choice, yet again trailing the rating for Norton Internet Security. The review names the BitDefender suite a value and also singles out Avira Premium Security Suite 8.2 as the best malware detector.

For those who'd rather select their security program solely on the results of independent antivirus test labs, you'll find several testing organizations described and linked to in Scott Dunn's Feb. 14, 2008, Known Issues column: "Labs provide alternatives in evaluating suites."

(Disclosure: My employer, BigFix Inc., sells a couple of different brands of anti-malware software to enterprises. While the company competes with many of the firms that are mentioned in this review — and partners with at least one of them — BigFix doesn't sell products such as the ones mentioned above to consumers.)

Finding the sweet spot of security suites

From my point of view, the most important criterion for selecting a security suite is whether the program includes all the components you need.

Nearly all of the top-rated security suites provide a firewall and a range of anti-malware tools. The programs are differentiated by their auxiliary security components. For example, youngsters and inexperienced users may require first-rate Web-content filtering and antiphishing tools. More-experienced PC users may find such features less important.

In terms of which programs offer the best virus detection, I'm afraid the days of ranking an antivirus engine the best because of an advantage of a few percentage points in detection tests are over. It never was a really useful measurement. The myth that an antivirus app will protect you from the latest infections is even less credible now.

The sheer volume of new malware has outstripped the ability of AV vendors to create and distribute their virus-definition updates. No security program made today can prevent all PC infections. The virus-detection rates of the top-rated apps are so similar, it makes sense to give a little more weight to the tools' design, performance, and range of features. A tool people can't understand and use is no protection to them at all.

Permalink • Print • Comment

February 20, 2009

Researcher demonstrates SSL attack

A security researcher has demonstrated a way to hijack Secure Sockets Layer (SSL) sessions to intercept login data.

 

Moxie Marlinspike, who spoke at the Black Hat security conference on Wednesday, explained how to subvert an SSL session by performing a man-in-the-middle attack. The anarchist researcher explained in a YouTube video that the attack uses a tool developed called SSLstrip, which exploits the interface between http and https sessions.

 

"SSLstrip man-in-the-middles all of the potential SSL connections on the network, specifically attacking the bridge between http and https," Marlinspike said in the video.

 

Secure Sockets Layer, and its successor Transport Layer Security, are cryptographic protocols used to encrypt communications over TCP/IP networks. SSL and TLS are often used by banks and other organizations to secure web transactions.

 

The attack relies on users not directly calling medicament cialis up an SSL session by typing a URL into a browser. Most users initiate sessions by clicking on a button. These buttons are located on unencrypted http pages, and clicking on them will take users to encrypted https pages to log in.

 

"That opens up all kinds of avenues for ways that you might intercept [details]," Marlinspike said. In his Black Hat presentation, he claimed to have gathered details on 117 email accounts, seven PayPal logins and 16 credit card numbers, within a 24 hour period.

 

SSLstrip works by watching http traffic, then by acting as a proxy when a user attempts to initiate an https session. While the user believes the secure session has been initiated, and SSLstrip has connected to the secure server via https, all traffic between the user and SSLstrip is http. This means "disastrous warnings" displayed by browsers are avoided, as to the browser the session appears normal. Login details can then be harvested.

 

Marlinspike said that an https padlock logo can be spoofed in the URL bar, to further lull the user into a false sense of security.

 

While SSL is generally accepted as being secure, security researchers have claimed SSL communications can be intercepted. In August last year, researcher Mike Perry said he had been in discussions with Google regarding an exploit he planned to release, which would allow a hacker to intercept a user's communications with supposedly secure websites over an unsecured Wi-Fi network.

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and a search engine optimized WordPress theme • Sky Gold skin by Denis de Bernardy