1. Credit Card Frauds

For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

2. Bypass Website Country Restrictions

Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.

Proxy Detection Services

So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.

Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?

Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.

The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Tell Whether a given IP is Real or a Proxy?

There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.

So for all those who think that they can escape by using a spoofed IP, this post is the answer. I hope this information helps. Pass your comments.

Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.

What Purpose does CAPTCHA Exactly Serve?

CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.

Who Uses CAPTCHA?

CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.

Designing a CAPTCHA System

CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.

Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer. 

Breaking the CAPTCHA

The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.

1. Always install a good antivirus software and keep it up-to-date. Also install a good anti-spyware to keep your PC away from spywares. Click Here for a list of recommended anti-spyware softwares.

2. Always visit known and trusted websites. If you are about to visit an unknown website, ensure that you do not click on suspectable links and banners.

3. Perform a virus scan on the files/email attachments that you download before executing them.

4. Regularly Update your operating system and browser software. For a better security it is recommended that you surf the Internet through the latest version of your browser program.

5. Never share your password (email, bank logins etc.) with any one for any reason. Choose a strong password (A blend of alphanumeric+special symbols) and change it regularly, eg. every 3 months. Avoid using easy-to-guess passwords. (ex. pet’s name or kid’s name)

6. Always type the URL of the website in your browser’s address bar to enter the login pages. For ex. To login to your Gmail account type http://mail.google.com 

7. Before you enter your password on any login page, ensure that you see https instead of http. ex. https://mail.google.com instead of http://mail.google.com. HTTPS protocol implements SSL (Secure Sockets Layer) and provide better security than a normal HTTP. For more information on HTTPS and SSL see Know More About Secure Sockets Layer (SSL).

8. Beware of phishing emails! Do not respond to any email that request you to update your login details by clicking on a link in the body of the email. Such links can lead to Fake Login Pages (Spoofed Pages). For more information on phishing refer What is Phishing?. Also refer How to Protect an Email Account from being Hacked.

9. Always hit the logout button to close your login session rather than abruptly terminating the browser window. Also clear your web browser caches after every session to remove the temporary files stored in the memory and hard disk of your PC.

10. Avoid (Stop) using any public computers or computers in the Internet cafes to access any sensitive/confidential information. Also avoid such computers to login to your email/bank accounts. You cannot be sure if any spyware, keystroke-logger, password-sniffer and other malicious programs have not been installed on such a PC.

By following the above 10 tips your online security can be guaranteed upto 90%. I hope this will help my readers for keeping themselves safe from any of the online insecurities. Cheers! Pass your comments.

1. Phishing Scam

This is one of the most commonly used scam to steal bank logins and other types of passwords on the Internet. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging.

Example:You may receive an email which claims to have come from your bank/financial institution/online service provider that asks you to click a link and update your account information. When you click such a link it will take you to a fake page which exactly resembles the original ones. Here you’ll be asked to enter your personal details such as username and password. Once you enter your personal details they will be stolen away. Such an email is more than likely the type of Internet scam known as “phishing”. Phishing is said to be highly effective and has proved to have more success rate since most of the common people fail to identify the scam.

Most legitimate companies never request any kind of personal/sensitive information via email. So it is highly recommended that you DO NOT respond to such fraudulent emails. For more information on phishing visit my detailed post What is Phishing?

2. Nigerian Scams

This type of scam involves sending emails (spam) to people in bulk seeking their help to access large amount of money that is held up in a foreign bank account. This email claims that in return for the help you’ll be rewarded a percentage of the fund that involves in the transaction. Never respond to these emails since it’s none other than a scam.

In case if you respond to these emails you will be asked to deposit a small amount of money (say 1-2% of the whole fund) as an insurance or as an advance payment for the initialization of deal. However once you deposit the amount to the scammer’s account you’ll not get any further response from them and you lose your money. In fact “The large amount of money” never exists and the whole story is a trap for innocent people who are likely to become victims. The scammers use a variety of stories to explain why they need your help to access the funds. The following are some of the examples of them.

Examples:

• They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account
• They may claim that the person is a minor and hence needs your help to access the funds
• They may claim that your last name is the same as that of the deceased person who owned the account and suggest that you act as the Next of Kin of this person in order to gain access to the funds

3. Lottery Scams

This type of scam is similar to the one discussed above. In this type you may receive an email saying that you have won a large sum of money in online lottery scheme (ex. UK Lottery) even though you have not participated in any such schemes. The message claims that your email ID was selected randomly from a lagre pool of IDs. When you respond to such emails they initially ask for your complete name and address so that they can mail the cheque accross to you. After getting those details they may also send you an image of the cheque drawn in your name and address so as to confirm the deal. But in order to mail this cheque they demand a small amount of money as insurance/shipping charge/tax in return. However if you send the amount in hope to receive the cheque all you get is nothing. You’re just trapped in a wonderful scam scheme. Thats it.

4. Other General Scams and Frauds

The following are some of the other types of scams that you should be aware of.

In general, be aware of unsolicited emails that:

1. Promise you money, jobs or prizes
2. Ask you to provide sensitive personal information
3. Ask you to follow a link to a website and log on to an account.
4. Propose lucrative business deals

However it may seem to be a difficult task for novice Internet users to identify such online scams. Here are some of the common signs of such scam emails. By knowing them it may help you to stay away.

• All these scam emails never address you by your name. In turn they commonly address you something like “Dear User” or “Dear Customer” etc. This is a clear indication that the email is a fraudulent one
• When you observe the email header you may notice in the “TO:” Field that, the same email is forwarded to a large group of people or the “TO:” field appears blank. So this confirms that the email was not intended particularly for you. It was forwarded for a large group of people and you are one among them

I hope this post helps. Express your opinions through comments.

Here are some signs of  unauthorized activity on an email account.

1. Your new emails are marked as Read even if you’ve not read them.

2. Your emails are moved to Trash or even permanently deleted without your notice.

3. Your emails are being forwarded to a third party email address (check your settings->forwarding).

4. Your secondary email address is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

Additional Security Features in Gmail to ensure the Safety of your Account

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to be carried out to stop unauthorized activity on your email account

If you feel/suspect that your account is hacked then you must immediately take the actions mentioned below 

1. Change your Password

2. Change your security question.

2. Remove any third party email address (if any) to which your account is set to forward emails.

3. Make sure that you can access the email account of your secondary email address.

4. Also change you secondary email password and security question.

This ensures that your account is safe from future attacks. But I strongly recommend that you read the following post to protect your email account from being hacked.

How to Protect Your Email Account from being Hacked

Please pass your comments and express your opinions.

Many websites ask for your email address when you shop online, download a free software etc. But do you know that this has a chance of affecting your email privacy through Spam emails?

Though most websites don’t use spamming as an email marketing strategy, there are a few that use junk emails that don’t care about anti-Spam laws. Here are some tips to maintain your email privacy from such threats.

Before submitting your email address you need to check the reputation of the company. Reputed websites would normally follow the right email practices to ensure your email privacy. Such companies will never want to loose their hard earned reputation by getting blammed for spamming.

See whether the websites provides email privacy statements. You need to go through these statement in detail, and know about the kind of emails that will be sent to you, how often etc. Based on this you can decide on whether you need such emails. You don’t want to give your email address to some fraud company that is thinking about handing over your email address to hundreds of other websites.

Finally, check whether the website really respects your privacy. Often you will find some text like “I agree to receive email” that comes with a check box. You can agree to receive emails by checking the check box. If the check box is already checked, it is just a good indication that the website doesn’t respect your privacy. So watch out!

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is: “Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from bieng hacked.

If this is the case, then what is the reason for many people to lose their accounts?

The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams.

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely lose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes?  Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.

So with this I conclude my post and assume that I have helped my readers to protect their email accounts from being hacked. Please pass your comments…

Most of the people ask me How to hack an Orkut account which I have already discussed in my previous post Hacking Orkut. But here I am giving you a detailed information about how to protect your Orkut accounts. As we all know most of the Google services are still in BETA. So, websites like Orkut, powered by Google is not totally secure! Several people feel proud in hacking other user’s account. You do a foolish thing, and next day your account is hacked. This is very sad indeed, but hackers are adding names to their victims list till now.

How can a hacker hack my Orkut account?
The answer to this question is already discussed in my previous post How to Hack Orkut.

But this post is meant for providing some safety measures to prevent your Orkut account from being hacked. There is not much you have to take care of. Just follow the simple steps and never get your orkut account hacked in your life.

1. Never try to login/access your Orkut account from sites other than Orkut.com.

2. Never click on any links from the sources you don’t trust while accessing your Orkut account. (or while accessing any other Google services like Gmail,Blogger etc.)

3. Delete any links on your scrapbook, no matter if a known or unknown person have sent it.

4. Never disclose your orkut login details with anyone.

5. Never ever use Javascripts on Orkut, no matter whatever it claims to do. Get satisfied with the services provided by default! Avoid using third party Scripts which might be malicious.

6. Never get excited to see a site claiming to have 1000 cool orkut tricks for which you have to just log in to your orkut account. Don’t trust that site. That’s a Phishing site.

7. Never tick the box “REMEMBER ME” on the orkut homepage if you are surfing from a cafe or a public area.

8. Always remember to hit the Sign Out button, when you are done.

It can be a nightmare if someone else takes control of your Google Account because all your Google services like Gmail, Orkut, Google Calendar, Blogger, AdSense, Google Docs and even Google Checkout are tied to the same account.

Here are some options suggested by Google Support when your forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password:

Type the email address associated with your Google Account or Gmail user name at Gmail Forgot Password Link – you will receive an email at your secondary email address with a link to reset your Google Account Password. This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail:

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.

3. For Hijacked Google Accounts Not Linked to Gmail:

If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message. It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.

The do-it-yourself kits provide all the essential tools for launching phishing attacks – those that use spoofed emails and fraudulent websites to trick people into giving out personal financial data.

Phishing scams are on the up. Security company MessageLabs has intercepted an average of 250,000 phishing emails a month so far in 2004, compared to just 14 phishing-related emails back in August 2003.

According to anti-virus company Sophos, the DIY kits contain all the graphics, web code and text required to construct fake websites that look like legitimate online banking or shopping sites. They also include spamming software which would let you send out millions of phishing emails as bait for potential victims.

“Until now, phishing attacks have been largely the work of organised criminal gangs, however, the emergence of these ‘build your own phish’ kits mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details,” said a spokesman for Sophos.

“There is plenty of profit to be made from phishing. By putting the necessary tools in the hands of amateurs, it’s likely that the number of attacks will continue to rise.”

Surfers that receive a suspicious email that claims to come from an online bank or e-commerce site should delete them and not click on any included links.