The Dot Com Miner

The money being spent online is steadily growing. With billions of dollars being spent each year online, the opportunity to make money on the internet has never been bigger. Unfortunately, with that opportunity come people who want to make money in less than honest ways. We’re going to look at some concrete ways you can identify fraudulent transactions and save yourself a lot of chargeback fees, money and grief.

Get more information from prospective customers.

The more information you have to work with, the better your chances are that you will be able to positively identify fraudulent transactions. At the very least, you need to make sure you get a customer’s name, credit card billing address, phone number and the IP address of the computer currently accessing the order form. You should also get a valid email address. This email address should not be one that comes from a free email service.

Fraudulent transactions occur more frequently from certain countries.

The first thing you should know is that certain countries are more prone to fraudulent transactions than others. If you get an order originating from one of the following countries, you should be suspicious and do more digging. Some of these countries include: Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Morocco, Vietnam, Russia, Pakistan, Malaysia, Nigeria, Israel, Iran, Cameroon, Gambia, and Ghana. This doesn’t mean that every transaction from any of these countries is definitely fraudulent. But you should be very suspicious.

Confirm the address of the customer.

The first thing I do when I get an online order is to check the phone number of the customer against a reverse phone number directory. The majority of my orders come from the United States and Canada. Phone numbers from these countries can usually be entered into reverse directories to find out the address that phone number belongs to. If I can’t get a match for the phone number it servers as a red flag and warrants more investigation.

Lookup the customer’s country and city of origin

I’ve already outlined a long list of countries that should be suspicous to you. How do you determine if your customer placed the order from within one of these banned countries? Simple. You cross reference their IP address with an IP lookup database that can tell you what country they are in. The city they are from and sometimes even ISP they use! If you handle only a few orders a day, you can use an excellent free service at IP2Location.com. If you do handle more volume, IP2Location.com also offers subscription packages at various prices.

Once you determine the country of origin, if it doesn’t match the country the customer listed with their billing information be very careful. Yes, it is possible that your customer could be travelling away from home. It is much more likely that their credit card information has been stolen and it is being used fraudulently. A mismatch between the country reported by IP and the billing address is a big red flag.

Don’t let customers use free email addresses.

A free email address is so easy to setup at most free email services. The odds of your being able to track down the person that registered that free email address are next to none. If at all possible, block all known free email services. The most common include Hotmail, Yahoo, Mail.com, and Gmail. If you can’t block free email addresses in advance, consider a free email address a red flag. A utility you can use to determine if an email address is a known free email is dnsstuff.com. Look towards the bottom left of the page that comes up.

Don’t ship a product until you are sure.

If two or more red flags go up, beware. If you ship a product from a fraudulent transaction, you will very likely be slapped with a chargeback from your credit card company and lose the money from the good. Be skeptical of all orders until everything checks out to your satisfaction. If in doubt, refund the purchase. Too many chargebacks will result in the cancellation of your merchant account. Who needs that?

A little diligence can go a long way to helping you prevent loses from fraudulent transactions. With a little knowledge, you can greatly reduce lost profits due to fraud.

This article was written by Joe Duchesne, president of http://www.yowling.com/, Yowling offers free ecommerce shopping carts with their web hosting plans. Copyright 2005 Yowling. Reprint Freely as long as you provide a clickable link back to my website from this resource box.

Adware is on of those things that most internet users don’t even think about until its too late. More often than not the majority of us do not even realise the existence of spyware until the damage has been done. Each and every day thousands of hidden applications are trying to gain access to computers all over the internet.

The amazing thing is that only a small percentage of people protect themselves from this kind of adware parasite and most only seek protection once the damage has been done. There are many ways that spyware and adware can take advantage of those of us who tend to be lacking in the area of computer security. Most times it is just our internet usage details that these nasties are after but at the other end of the scale there are some adware programs that are acting in a completely sinister manner.

If we all treated our computers like our bank accounts then you would not even be reading this article. The sad fact is we do not and every day there are thousands of people that are putting their private details at risk. None of us should have anything in our computers that we do not want and did not willingly invite but I would bet my last paycheque that anyone reading this article has a few unwanted extras lurking in the depths of their P.C’s.

It is absolutely essential that you be very aware of the possibilities with the latest of today’s scumware. If you are not willing to purchase some internet protection on the grounds that you might be infected then you should at least take advantage of an online scan. These scans are free and easily accessed so to be honest it would be sheer madness to ignore their existence and simply carry on regardless.

Run a free adware scan and the end result will be you are either spyware free or do in fact have a computer stowaway nestling inside your computer. If you are adware free then you can carry on without a care in the world, Your money will still be in your pocket and your computer will be running safely. If on the other hand you do find an intrusion then you can simply spend a little of your cash and rid the gremlin from your computer.

There are many free adware help sites all over the internet and it is very easy to get the latest news on all the recent adware outbreaks. Listen to the experts and weigh up what you have to lose.

If your computer is clean then a free scan will cost you nothing.

If it is infected then just how much do you stand to lose should your data be accessed?

Search for the hidden dangers of spyware and adware - visit Monty Cordello’s adware secrets and tips portal http://adwarefound.com

If you’re going to connect to the internet, you need to protect your computer, otherwise it’s like leaving your front door wide open with a big ‘Robbers Welcome’ doormat on your front step. You’ve probably heard all the terms - such as virus, hacker, firewall, spyware and a million more - but perhaps think that the anti-virus programme that came with the computer, or that your PC-savvy mate downloaded for you is enough to keep you safe, right? Wrong …

First of all, you need a firewall. This is your first line of defence, making it extremely difficult for any hacker or malicious programme to get through. Nothing is 100% impenetrable, however, and an anti-virus programme that will always be on the lookout for anything nasty that manages to find its way in is essential.

But there are things that manage to get onto your pc in the most unlikely of ways: it can be inadvertently added by you as you download music, screensavers or games onto your PC, or it can even be added by someone you know and trust, such as a suspicious spouse or your employer. This is Spyware and is a frightening breach of privacy which allows people or programmes to see what you’re doing, what sites you look at and even log your keystrokes so that they can reproduce everything you type, such as passwords and credit card details.

The only way to truly guard against spyware is to have a dedicated programme that detects and removes it.

So, you have your firewall and your anti-virus programme in place; surely an anti-spyware programme is just money down the drain? Unfortunately not: this will fill the cracks left by your other security programmes, and although it will not make your computer completely impenetrable (unfortunately the people writing these programmes are extremely good at what they do) it will be the equivalent of locking all your doors and windows and having an alarm system armed before you leave your house - someone could still get in if they really wanted to, but they’d probably rather go next door, where they’ve rather invitingly left a downstairs window open.

People are now using their computers for a range of personal and business applications, the loss or infiltration of which could do them serious emotional and financial damage. Taking preventative measures to ensure your online security should be as natural as closing the door behind you when you go out, and there are affordable and easy to use programmes out there to help you do just that.

For a full range of products to keep your computer safe, visit http://www.vaultlock.com

Otherwise you might as well order that ‘Robbers Welcome’ mat now!

Spyware is just about the most aggravating thing around. And its cousin Adware is not so pretty either. Did you know that the Federal Trade Commission has been working on this problem and actually filed a couple of lawsuits on Spyware programmers? Its true and although spyware is still out there you will be happy to know that the FTC has issued a report telling everyone all about it and warning us; as if we didn’t know? Dah? In fact the FTC used this report to harness more money from for their FY 2007 Budget from Congress stating;

Spyware.

“During FY 2005, the FTC issued a report on spyware, and brought several important law enforcement actions to stop marketers who loaded unwanted and risky software onto consumers’ personal computers without their knowledge, consent, or instructions about how to remove the unwanted software. FTC staff also developed new tools to detect, locate, and investigate spyware purveyors, and launched other nonpublic law enforcement investigations.”

Should the FTC be granted more money to go after spyware, as there are other new evolved and more malicious considerations to worry about on the average computer now? Should the Federal Trade Commission receive additional monies to further increase their spyware endeavors? Or has the American People had enough of the government and their spying? Consider this in 2006.

“Lance Winslow” - Online Think Tank forum board. If you have innovative thoughts and unique perspectives, come think with Lance; http://www.WorldThinkTank.net/wttbbs/

Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company’s information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization’s information is in email, traveling through the insecure cyberspace of the Internet.

Digital Assets are Unique

Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few “tweaks” of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?

Understanding Physical Security Architectures

Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let’s assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.

Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is.

Evaluating your Company’s Approach

Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, “Most attacks and vulnerabilities are the result of bypassing prevention mechanisms”. Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.

It’s time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company’s ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won’t stop them.

Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, “Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time”. By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.

David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.

Homeland securitization has been given so much importance over the past few years that we have almost forgotten the importance of our own house and the importance of a good home security alarm. While burglary in your property may not make the headlines, it is in your best interest to safeguard property by installing a good home security alarm.

According to the US bureau of Justice Statistics there were 14 million incidents of theft on property and in 83% incidents the burglars had entered the house or building located in the property. You might feel safe by locking your doors and windows but there are ways to enter a house known only to people who commit burglary for living. Burglars always strike by surprise; to underestimate their resourcefulness would be a mistake you would not want to make at any cost.

There are many types of home security alarm, which can help you effectively protect a property, belongings and more importantly your family from burglars. Home security alarm is one of the more trusted methods to protect your house from burglars; a simple home security alarm generally makes a loud sound or dials a number like 911, your cell phone or a neighbor and sends a pre recorded distress message. Some systems connect themselves with the smoke alarms which notify the fire department immediately. Then there is also the monitored house securitizing systems which are considered the safest of all and the local systems which are considered safer than monitored property securitizing systems, yet cheaper.

Many securitizing systems come with a sign board that can be mounted on the door, mailbox or anywhere else where they can be noticed. Burglars generally target un-protected houses and leave alone the houses protected by any type of home security alarm. As for starters, the cheapest home security alarm is the “do it yourself” systems, you need to do all the installation and setup yourself, but if you are on a budget these are the right ones for you. A home security alarm not only helps in preventing burglary but it also helps in minimizing the loss in case the burglars break into a house because they fear a backup or the sound which might alert the neighbors or the police.

Want to learn more about Home Security Alarms?, feel free to visit us at: Home Security Information and Resources

Personal preparedness means different things depending on who you are and what your situation is. To an inhabitant of the Florida Keys, preparedness means having items to outlast a hurricane. To a city dweller, preparedness might be having a can of mace in her purse. To a survivalist, preparedness might mean having a semi trailer loaded with M14 rifles buried in the back yard. Depending on the situation, any of these definitions might be appropriate.

Personal preparedness is simply knowing what dangers are likely to befall you and taking reasonable precautions to avoid or survive them. In today’s modern world, insurance is a required item. No one laughs at a car owner that buys a full coverage policy for his or her car. As a matter of fact, a driver that fails to insure their car is looked upon as irresponsible, sometimes even criminal. The same thing can be said about homeowner’s or renter’s insurance, life insurance, and health insurance. Today people take out money for retirement in the form of IRA’s, 401K’s, mutual funds and the like. No one faults them. Why is it then that someone who has a pantry of stored food, candles, a rifle or two, and ammunition for them is considered crazy or dangerous? Isn’t it a logical extension of the doctrine of insurance? After all insurance is merely a device to lessen the extent a disaster has on your life. If having an extra insurance policy for break-ins is smart, then the idea of someone breaking into your home is possible. If it is likely that someone might break into your home, then having a means to protect yourself is justified.

Each year natural disasters occur in the United States. When these occur, the news media rushes to the scene. It never fails that they show a relief organization van at the disaster site. Usually there is an interview with someone who is standing in line looking for help. The site is common; a desperate parent with a hungry child waiting for someone to give them some milk for their infant. Ratings soar and people feel sorry for this poor child. Consider this, areas prone to natural disaster are known. Floods happen on a regular basis. Places like Tornado Alley have been recognized and named. If the choice is made to live in an area like this and the basic precautions are not taken, then pity is not the logical emotion. Irresponsibility on the part of the parent caused the child’s pain; it only takes a few extra seconds to grab a couple extra bottles of formula. Why didn’t they take this simple precaution? They probably paid the cable bill. Does that expense outweigh the measly cost of a gallon of bottled water?

Organizations like the American Red Cross and the Office of Homeland Security suggest that each family have a few days of essential items to get them through an emergency. Doing this is not hard nor does it have to be expensive. No one says that preparedness means having a years supply of freeze dried steak in a concrete storage bunker. Simply buying a can or two of extra food every time you go shopping is enough. Buy an extra box of garbage bags, some extra toilet tissue, or any item you have to have. Store it in a box under the bed, or in the closet. In hardly any time at all, you will soon have a store pile that will give you not only an added measure of security, but also a sense of well-being. Rotate this stock out. As you eat a box of macaroni, buy another. Forget that you have four boxes on your kitchen shelf. This causes you not to feel over burdened financially to support your prepared lifestyle. It also keeps your store fresh. An added benefit is that your safety net is familiar to you. In the stressful time of disaster, you don’t have the added stressor of eating unfamiliar foods chosen not by your appetite, but by their shelf life.

It is easy to lecture on what items are needed. Lists of essential items depend on lifestyle and location as much as physical needs. It would be irresponsible to dictate what equipment your family would need to survive without knowing you or your situation. You must sit down and decide what are your family’s priorities, and from that list correlate your family’s needs.

It is not important what others say or think of you. It is not even recommended to tell your neighbors you find the need to be prepared for life. Does it matter if they think you are crazy for stocking up added groceries? Will it matter if your children or spouse suffer because you want to keep the good graces of the people 2 doors down?

David is a former U.S. Marine Corps noncommissioned officer, correctional supervisor and firearms instructor for the TN Dept. of Correction. He is presently commissioned as an operations officer for the Tennessee Emergency Management Agency. He is also a certified NRA instructor, and holds instructor ratings with both the TN Dept of Safety, and the TN Dept of Commerce and Insurance.

http://www.shepherdschool.com

Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses.

Trojan, virus, and worm authors have had great success attacking systems with weak and/or default passwords. Take IRC/Flood Trojan for example. McAfee’s virus profile states that IRC/Flood has over 120 variants and has infected over 60,000 machines in the last 30 days. IRC/Flood succeeds by checking for 22 different different easy to guess admin passwords (variants vary). Unfortunately, there are a lot more where IRC/Flood came from, W32/Tzet.worm, W32/Random.worm, and W32.HLLW.Gaobot.gen are in the wild just to name three.

Hackers also have no problem compromising systems with weak passwords. Programs like L0pthCrack for example make the process simple and efficient. Creating a password-cracking dictionary is not even a challenge. Type the words “Creating Password Cracking Dictionaries”, without the quotes, in to your favorite search engine. A comprehensive dictionary can be downloaded or created from scratch in short order.

Below is a list of commonly used weak passwords that should NEVER be used. If any of these passwords look hauntingly familiar and are being used, you need to change the password immediately.