Yaro Starak is one of the world’s best blog instructors. He doesn’t show you just how to write a blog – he helps you live off it.

1. Your lack of direction
2. Your lack of confidence

Xenia Antunes/Flckr

“Identity theft is when someone’s personal identity information has been stolen; identity fraud is when that stolen information is used to commit financial fraud or some other kind of crime” wrote Max Anhoury.

“Identity fraud has been growing dramatically, by 22% each of the past two years” wrote Josh Smith of Wallet Pop.

“Based on the incidents reported to Travelers, the number one cause of identity fraud is old-fashioned burglary in which a wallet, purse, other personal identification, or computer are stolen. Theft of personal property was responsible for 78% of the cases of identity fraud with online issues or data breaches only accounting for 14%.”

These figures indicate that “peoples’ fears may have been, at least in part, misplaced. Individuals would benefit from an increased awareness and vigilance in all aspects of their life, not just online” states Anhoury.

“Identity theft is when a criminal steals your personal information. Identity Fraud is when a criminal uses that ill-gotten personal information in order to commit a crime or fraud all in the name of the identity theft victim.” said Joe Reynolds, Identity Fraud Product Manager at Travelers In an email he stated, “Although consumers should be concerned about identity theft, they should be even more concerned about the potential for identity fraud as the direct impact on consumers is much greater once their name is used in the course of committing a crime.”

Nevertheless, Anhoury wans that online businesses “need to be on high alert” and gives the following reasons why online sites “will likely remain the No. 1 target of identity fraud”

It’s safer to commit online identity fraud: Taking advantage of the Internet’s anonymity keeps criminals at a safe distance from their victims and the businesses they are trying to steal from. In other words, why would a fraudster risk getting caught red-handed when he could commit fraud in the comfort of his own home?

It’s more efficient: As you would imagine, today’s Internet-savvy criminals work extremely fast. Within minutes, one stolen identity can be used to apply for multiple credit cards or a stolen card can be used to charge thousands of dollars worth of goods at multiple online sites. By the time the theft is reported, the damage can be wide-reaching.

It’s easier to work in fraud rings: For ages, criminals have used whatever tools were at their disposal to organize and run their operations. Today, criminals around the globe are leveraging the Internet to work together, share information, and trade, sell and purchase stolen personal and financial information like never before.

It’s not limited by geography: Criminals that obtain stolen credit or personal information are no longer limited by their geography. With the Internet all but eliminating distance, crime can now occur anywhere, at anytime, making online businesses everywhere equally vulnerable.

So how can you avoid being caught?

Here are The Travelers Insurance’s Top 10 tips to prevent identity fraud

When Shopping Traditionally.

1.Review your wallet or purse contents before you go shopping.
2. Create a list of all your credit card and bank account information and store in a secure place.
3. Protect your Passwords and PINS.
4. Review your credit report now – and after the New Year.
5. Never provide confidential information over the phone to an unsolicited caller claiming that they represent a financial institution or creditor.
6. Never put outgoing checks or bill payments in your home mailbox, as they are easy to steal.

Online Shopping

7. Log off completely when finished with online transactions.
8. Increase up your own computer’s security.
9. Avoid e-mailing personal and financial information.
10. Delete, without replying to, any suspicious e-mail requests.

It’s hard, I know, especially when you start out.

Afterall, you would think the web gurus are hype driven. Every few lines is a link to the sale.

Like the infomercials running through the night, they layer you with benefits, freebies and perceived (but usually no real) value.

On the one hand you want to be respected for your integrity. On the other, there is the reality that good sales copy actually does sell.

There is a challenging balance. Your add can either sound like a report which reads well but sells nothing, or you can sell a lot of things but feel like you are ripping people off.

Of course, what I call hype may be considered normal copy for another.

You have to match your integrity with your potential customers.

Good sales matches the benefits of your product, hopefully expressed by the keywords and main points of your copy, with the needs of your customer.

Now I admit, I have tried selling stuff, and felt small. I have written product reviews and found that to compete I had to develop an angle and soon slipped into the narrow fault finding angle I despised when doing media studies.

My review of Betting Arbritrage Scams was criticised for focusing on scams and ignoring what one reader believed to be legitimate arbitrage opportunities. (If he, or anyone would like to tell us whatthey are, please let us know).

Then I found balance, I developed a fan base of people who respected my opinion because I kept integrity.

You want to keep integrity with your market which means you need to know them and to be in contact with them.

Remember, having a small band of loyal fans (recently defined as a customer who spends 1% of her income on your service in a year) who come back to you will earn you more money that a small percentage w3ho look once, maybe buy, but never return.

Only a small percentage of your readership will buy, so you need to keep as many coming back as possible.

Top much sell and you will lose them. It’s that simple. On the other hand, banner ads don’t convert well.

You need to promote – but honestly, with integrity and truthfully. People do want to know what you recommend but few will match your interest in it.

Bloggers generally undersell, marketers ovwer kill, and a large number of people are trying to see what they can get for nothing.

Freebies.

Give free stuff and people will. Keep finding things you can give people for free and many will return for it.

However, you need good content if you want people to take you seriously.

Well, you must have something to offer that will make you money.

1. You need to convince people your offer is worth buying
   
2. You need to grow and expand relationships with people.
   

So on the one hand you need the relationship skills of a good blogger and the selling capabilities of a marketer blended with integrity.

It comes back to knowledge gained in my days as a public speaker.

You need to know your topic better than your audience, and you need to know your audience, monitor them, and respond and change as you go along.

There was a competition to see between marketers to see which could get their site ranked better on google.

It became apparent that all the blackhat tricks in the book could not make up for content.

People want content, which is why Google ranks content over gloss.

So does your site or blog give value? Or is it just a hard sell of gloss commercials?

As web competition hot’s up people are increasingly skeptical of hype.

You need to add value, which means your site must enhance someone else’s life.

The story of aunt Mary’s BBQ may be cute – and great for a family blog – or does the story have a morale that can improve your readers lives?

This is particularly true in our knowledge hungry world.

“Give value, build trust, make the sale, but as marketers are figuring out, this can be at times a fairly labor intensive task” wrote marker Yaro Starak of Brisbane Australia, whose excellent free report is full of information.

“Ask any blogger who is attempting to build authority in a niche – it’s not an overnight success story scenario. We’re talking long term commitment, with daily effort required, but the rewards make it worthwhile.”

How powerful has social media become?

“Social networking sites are to be trialed for issuing urgent messages about natural disasters in the Cairns region in far north Queensland” reports Yahoo Australia, demonstrating social media’s potential for good.

Now, Google and Microsoft are linked with Twitter and Microsoft has a deal with Facebook which updates into Bing.

These  deals will  make social media marketing more important to search engine marketing.
Google’s Google’s Vice-President of Search Marissa Mayer announced the agreement with Twitter to include their updates in our search results.

“We believe that our search results and user experience will greatly benefit from the inclusion of this up-to-the-minute data, and we look forward to having a product that showcases how tweets can make search better in the coming months” she said.

“That way, the next time you search for something that can be aided by a real-time observation, say, snow conditions at your favorite ski resort, you’ll find tweets from other users who are there and sharing the latest and greatest information.”

Because Social media is viral and real-time search is nothing more than putting things in chronological order. Your effectiveness will be enhanced by writing about what people are talking about right now.

WebProNews anticipates that “if status updates and tweets become directly integrated into search results in Universal Search-type fashion, it will be not only be about promotion and outside links, it will be about direct exposure right in the results”

It is is “not unlike the importance of online video right now” noting that videos are often displayed prominently on the first page of Google results).

Mayer is reported to have suggested that Google Labs feature called Social Search will include:

Social networking information from your friends, like their Flickr photos or their status updates blended into the bottom of search results much like news or images.

The information will be derived from your Google Profile and will increase proportionately to how well connected you are.

Image searches will be improved and made more relevant using social networking data.

Twitter has also made its mark.

“The power of those tweets as a form of data that can be surfaced in search is enormous. Innovative services like Twitter give us access to public opinion and thoughts in a way that has not before been possible” states Paul Yiu  of Bing.

Bing has made available a beta tool for you to experiment tweet searches. Some of it’s functions are presently limited to the USA only however.

“You can now search for what people are saying all over the web about breaking news topics, your favorite celebrity, hometown sports team, and anything else you use Twitter to stay on top of today.”

Then there is the important need to look below the fluff and find the real trending topics. Especially if you want to write about real issues.

According to Mike Grehan of Incisive Media IBM wrote an algorithm that looks at Twitter, Facebook, and MySpace and filters out all the noise to find the real conversation. The BBC uses this technology to rate music with what is called the Sound Index.

“Google is failing in its mission to make the world’s information universally accessible” claims Grehan. It basically can’t keep up. Google has tracked a trillion  links, but that is only a small fraction of the web.

He anticipates that there will be changes and they will be Keyword-Driven. However, Grehan points out that as the social element goes beyond the immediacy of search and considers the effect of longterm relationships opn our decisions.

“I believe the next major advances in search must be in the area of learning machines and artificial intelligence” said Grehand.

“Search engines started with the bare basics of computer technology, crawling, indexing and ranking HTML pages based on an end user’s query”

Significant improvements occurred when Google’s distributed its computing across a grid iomplemented network theory in its PageRank algorithm he said.

To be effective, WebProNews made the following suggestions:

1. Use keywords
2. Talk about timely events
3. Have a lot of followers
4. Promote conversation
5. Include calls to engagement

However, one truth remains.

“The keyword is still the core of marketing, not just search” says Grehan.

Malicious websites grew 233% in the last six months and 671% in the last year, stares Websense Security Labs. This was partly because of the spread  Gumblar, Beladen and Nine Ball attacks which aimed to compromise trusted and known Web sites.

Web 2.0 sites are the worst effected target as 95% of blog comments, chat rooms and message boards are malicious.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web” said Websense Chief Technology Officer Dan Hubbard “and have heightened their attacks on popular Web 2.0 sites.”

The top 100 most visited Web properties, which are “Social Networking” or “Search” sites states Websense.

77% of sites with malicious code are legitimate sites have been compromised by fraudsters exploiting the inherent trust in a business.

61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims to malicious sites.

The term ”malicious” typically refers to links that have specific, hidden exploits that target a user’s computer.

The next million most visited sites are primarily current event and news sites and are more regionaland genre-focused.

37 percent of malicious Web attacks included data-stealing code, 57 percent of data-stealing attacks are conducted over the web in the first half of 2009.

85.6% of all unwanted emails contained links to spam and/or malicious Web sites and 57% of data-stealing attacks are conducted over the Web. In June virus infected emails rose 600% over May.

An analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs bi-annual “State of Internet Security” report.

Daily Websense® Security Labs Websense ThreatSeeker Network parses more than one billion pieces

of content and over 40 million websites hourly for malicious code and ten million emails. The Websense ThreatSeeker Network uses more than 50 million real-time data collecting systems.

YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks. Hate or militant content on Facebook and other popular Web 2.0 sites like YouTube, Yahoo! Groups and Google Groups.

Cyber terrorism (militancy and extremists Web sites)  increased 326 percent increase in increased 326% from January through May 2009 over the same period in 2008.

Websense tracks about15,000 hate and militancy sites, with 1,000 added in he first six months of this year.

78 percent of new Web pages discovered in the first half of 2009 with objectionable content (e.g. Sex, Adult Content, Gambling, Drugs)  and  69 percent of all Web pages with any objectionable content link served malicious content.

Sex, advertisements, business and economy, IT, and travel made up the most commonly

compromised categories of Web content. 50 percent of Web pages with a link categorized as “Sex” also have at least one malicious link.

The three most popular topics for spam remained shopping (28 percent), cosmetics (18.4 percent) and

medical (11.9 percent.)  However, over the last six months, education accounted 9.5 percent of spam.

and could be attributed to the recession.

“Spammers have been targeting the unemployed who are looking to re-train or gain qualifications to help their job prospects” states Websense.

“Your information security program is only as strong as your weakest link” said  Linda McGlasson of Bank Info Security.

“That weakest link is your customer or your employee sitting at a screen, deciding whether to click on that link that popped up in their instant messaging screen, or direct message box on Twitter, or visit that site that offers free ringtones (and malware as a bonus).“

Recently 10 US financial institutions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.

On September 28, 2009, the 1st Federal Credit Union of central Pennsylvania reported that it received calls from customers about text messages claiming that their cards were blocked.

Similarly on October 2 phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated. Inclded were instructions to call an 877 number to reactivate it. At least one customer lost several hundred dollars.

“Once he changed his PIN, somebody went in and withdrew the money,” said Richard Patterson, president of Greater Omaha Federal Credit Union.

A very convincing automated phone call phishing scam directly named the Liberty Bank.

“Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department” the recording, before liting an impressive array of details designed to sound official.

Customers who pressed “1” were asked to enter their credit/debit card number and personal identification number.

“There will be some losses,” Liberty Bank Vice President Jill Hitchman said. “Charges started showing up almost immediately after our customers gave away their card numbers.”

Of course, Liberty responsibly warns its customers to “never reply to email, pop-up messages or phone callers that ask for your personal or financial information. LIBERTY BANK WILL NEVER ask you to disclose your password or pin”.

Spam works because about one out of six respond to messages suspect are spam survey data by the Messaging Anti-Abuse Working Group, an anti-spam trade organization (MAAWG).

A record five million new malware threats were detected in third quarter of 2009 according to the Cloud Security firm, Panda Security. Trojans accounted for 71 percent of all new malware between July and September 2009s bots and other malware are morphing rapidly.

Globally 59% of computers are infected  states Panda.

Obviously we need to keep our viral security up to date. This is why Bank Info Security recommends regular, preferably quarterly, programs to remind their customers of secure banking practices.

The problem is that people are the weakest lin. Even normally cautious people may once in a while press a link they normally would ignore.

Since, most of us are not rocket scientists perhaps give oursleves a reality check. Perhaps we should put ourselves through a similar audit of our email and web habits.

People need to be trained to obtain a drivers license so perhaps we need to begin to train people in the rules of internet safety said Linda McGlasson.

She suggests the first very basic tips:

• Keep your operating system up to date with the latest patches;
• Update your anti-virus and anti-spyware regularly, if not daily;
• Install a firewall on your PC;
• Don’t click on links in emails that are from unknown origins (or known origins for that matter).

International cooperation between Australian and American agencies has shut down an internet medical eBook scam.

On 20 August 2009 The Australian Competition and Consumer Commission (ACCC) obtained court orders against two individuals for medical quackery. The United States acted against involved individuals there.

They made over $US 1 million selling more than 60,000 eBooks to consumers internationally that promoted claimed cures for a wide range of health conditions including acne, asthma, multiple sclerosis, fibromyalgia, menopause and prostate cancer.

The websites also contained testimonials from happy users of the eBooks. The testimonials were from the same people across numerous different websites.

The testimonials were plainly contrived and the defendants engaged in false, misleading and deceptive conduct stated Justice Graham, in an ex tempore judgment. He described them as “purveyors of quack medical advice and of quack medicine.”

The testimonials were from the same people across numerous different websites.

The treatments would not have any therapeutic benefits and had no medical efficacy according to expert witnesses.

. “This is a warning to all internet scammers. It is becoming more and more common for agencies such as the ACCC to work with international agencies to bring about the demise of international scams like this” said ACCC chairman Graeme Samuel.

But How Do You Know If Something Is Genuine?

Many ‘cures’ rely on the placebo effect. This is not to deny the power of the mind.

Some other cures may obtain benefits because of the relaxation response, researched by Herbert Benson. This res[pponse is often triggered in prayer and meditation and its benefits include:

• Decreased metabolism
• Slower heart rate, muscle relaxation
• Slower breathing
• Decreased blood pressure
• Increase in nitric oxide levels

Few doubt the power of the mind. Ever since Maxwell Maltz wrote Psych-cybernetics, visualization has revolutionized success coaching.

Perhaps you have recited ‘Every day, in every way, I’m getting better and better.’ This was used by French Physician Emile Coue (1857-1926) who documented thousands of healings combining western medicine with affirmations.

Then there is the Placebo Effect.

However, scammers (like some MLM marketers) use a familiar manta:

1. If you are unwell you need it
2. If you are getting worse you need more
3. If you are getting better well it must be because of the miracle cure
4. If you die, then its your fault for not trying the miracle cure earlier.

OK perhaps I am guilty of hyperbole, but how can I know what is genuine?

Evaluating Health Information on the Internet

Websites have helped spread vital health information. They can be a great way to encourage people to consider if they need to check a health practitioner for further information..

Who runs the Web site?

How clearly is the owner of the website identified?Does the owner have a vested interest in a health product?

Does the site clearly identify the source of its information?

For example, if an article comes from a different writer, or claims made are references made? Is referenced material identified, either in footnotes, a bibliography or by hyperlink?

Who funds the website?

The source of funding can affect what and how content is presented. A site may be cautious about referring to information from potential competitors, or disparaging of their own products.

What is the purpose of the Web site?

Is the site advertorial or research oriented? This relates to who funds the site. A good website will have an “About This Site,” page that defines the  purpose of the site so that you can evaluate its reliability.

What is the original source of the information on the Web site?

Many health and medical Web sites post information collected from other Web sites or sources. If the person or organization in charge of the site did not write the material, the original source should be clearly identified. Are facts sourced and documented? When there is a lot of research it is preferable to have a bibliography or footnotes because hyperlinks may potentially become dead links.

In addition to identifying the original source of the material, the site should identify the evidence on which the material is based. Medical facts and figures should have references (such as citations of articles in medical journals). Also, opinions or advice should be clearly set apart from information that is “evidence-based” (that is, based on research results).

The differences between opinions and researched facts must be clear.

How is information reviewed before it is posted on the Web site?

Many claims are made by statistical association. But association is not the same as cause. Correlation does not mean causation. Causation needs a deeper analysis. I find t particularly disturbing when pharmaceutical companies misrepresent their claims in cases of life threatening illness. You can check out how one steroid constructed body builder was used to promote a body building product fobbing off that people should be smarter than who choose to believe that he hasn’t used other products.

Serious Health websites present the credentials of the author of articles. Are the facts peer reviewed. There is a mass of statistical information all dependent on variables that may throw results. Are tests repeatable or are they a one off fluke?

How large was the sample base?

Over how long a period? How are the conclusions drawn from the research? Is there a qualified editorial board that weeds out fact from fallacy? Even information from reliable sources may require special training in order to evaluate it properly and to determine whether the information applies to your disease or condition.

How current is the information on the Web site?

Often alternative medicine sites quote old, discredited information. (For the record, I am a supporter of some alternative therapies.) It is also di9fficult to compare health data between cultures and time periods when life expectancies are different.

Is the websites updated as new information becomes available?

What information about users does the Web site collect, and why?

Is the site wanting your email so it can advertise products or simply to keep you informed of new research?

How does the Web site choose links to other sites?

For example, a site may quote some impressive statistics and research. But if you follow the associated link you find the research may come from an inferior source that may be slanting the material to its own ends.

Be cautious about buying medical products via the Internet.

It is often hard, or expensive, to get a refund and verify quality. Safety, quality and efficacy may be lacking.

Beware of hyped up claims:

• Beware phrases like  “scientific breakthrough”, “miraculous cure”, “exclusive product”, “secret formula”, “ancient ingredient”, “without risk”, “anti-ageing”, “improve sexual performance”, and “all natural”;
• Case histories from “cured” customers claiming amazing results.
• A list of symptoms and diseases it is claimed the product cures – for example, claims that one product can cure or treat HIV/AIDS, cancer, arthritis, Alzheimer’s disease, wrinkles, weight problems, memory loss, and so on;
• Advertisements pumping the latest trendy ingredient in the news;
• Claims that the product is available from only one source, for a limited time;
• Testimonials from “famous” medical experts;
• Claims of “no risk” or lack of any risk information – no product or treatment is completely risk-free!
• Claims that a product is “scientifically proven” and “absolutely safe”.

Does the site advertising a health product give the following information:

• product name
• active ingredient(s)
• name of other ingredients known to cause problems to some people
• what to use the product for
• when not to use the product (for example, in pregnancy, allergies, interactions with other medicines or foods)
• how to use the product
• possible undesired effects
• how to store the product
• manufacturer’s name and contact information
• last update of the information
• Products with the same name may contain different ingredients in different countries.

Hopefully Graeme Samuel is right, and international cooperation will make it harder for scammers to use the net to sell bogus health information.

SAdly, thw weak lin is still the individual user who fails to apply basic net safety rules or applies commonsense when an impressive sounding phishing scam asks for bank details.

PandaLabs has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
The global infection rate on computers rose to 59% states Panda Security. Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
“This is a clear sign that hackers are becoming more and more sophisticated,” said Corrons.
“Cybercriminals have found news ways to spread their creations, frequently exploiting the latest news stories to launch attacks through social networks, videos, and email. The huge amount of Trojans in circulation is due to the spectacular increase in the number of banker Trojans aimed at stealing user data.”
The global infection rate on computers rose to 59% states Panda Security.  Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

ATM attacks rose 149% on 2008 in Europe and annual cash machine losses approach EUR 500 million states ENISA, the European Network and Information Security Agency.

ATM burglaries and physical attacks have also seen an increase by 32% over the last 12 months from ram raids and explosions to the use of rotary saws, thermal lances and diamond drills.

“ATMs are attractive to criminals because they contain bank notes, while the bank cards themselves give thieves access to customers’ bank accounts,” said Mr. Andrea Pirotti, Executive Director at ENISA.

ATM numbers have increased in Europe by 6% last year to almost 400,000. Seventy-two percent of European ATMs are located in just five countries: UK, Spain, Germany, France and Italy. Many ATM’s are in remote locations such as convenience stores, airports and petrol stations.

Criminals prefer take money directly ATM’s after obtaining pin numbers using a wide range of techniques from ‘shoulder surfing’ to complex skimming techniques. During 2008, 10,302 skimming incidents were reported in Europe.

“This can involve the usage of a small spy camera, a false PIN overlay and even fake machines; while increasingly Blue Tooth wireless technology is used to transmit card and PIN details to a nearby laptop computer” states ENISA.

“ATM crime is likely to become even more attractive as the latest generation of ATMs is designed to dispense other services and products such as phone top ups and stamps” he said.

Organised criminal gangs have also extracted money by trapping and then retrieving users’ cards, stopping withdrawals in the middle of a transaction and completing them later or even trapping cash in the machine.

PIN and account information has been obtained by sophisticated phishing techniques and hacking into bank computer systems and web sites, states ENISA.

“Most ATM crime is focused on exploiting the human element and card holders must be more aware of the risks they are exposed to and how to prevent fraud occurring” said Pirotti. “Information security has, for too long, been focusing on technical solutions to maximise protection.”

“The first line of defence against ATM crime is increasing awareness of the risks” so that users can take simple precautions such as shielding their PIN when entering it and by keeping alert to any signs of tampering or suspicious activity at an ATM.”

The ENISA suggests a few Golden Rules to offer maximum protection with minimum effort.

ENISA Golden Rules

• Choosing an ATM Machine
• Don’t use ATMs with extra signage or warnings
• Try to use ATMs inside banks
• Don’t use freestanding ATMs
• Physical surroundings
• Use an ATM which is in clear view and well lit
• Be cautious of strangers and check they are at a reasonable distance away

Making Operations

• Pay careful attention to the front of the machine for tampering
• Pay attention to the card reader for signs of additional devices
• Look carefully for differences or unusual characteristics of the ATM’s PIN pad
• Look out for extra cameras
• Protect your PIN by standing close to the ATM and shielding the key pad
• Report confiscated cards immediately
• Beware of ATMs that don’t dispense cash and non-bank ATMs that don’t charge fees

Statement Reviews

• Frequently review your account statements
• Report any suspicious activity immediately

(‘ATM Crime: Overview of the European situation and golden rules on how to avoid it’.)

Heartland Payment Systems, Radisson Hotels and Network Solutions have made news because of data breaches. In 2008 285 million records were compromised according to the 2009 Data Breach Investigations Report by the Verizon Business Investigative Response Team.

However, the Federal Deposit Insurance corporation (FDIC) reports that online crime is attacking small and medium sized businesses and fraudulently draining funds from their bank accounts.

In a recent podcast with Doug Johnson Senior Policy Analyst for the American Bankers Association noted that although it is hard “get a fix on the exact number” “law enforcement and institutions have really seen the exploit migrate from large businesses to small businesses”.

Smaller businesses may not be aware of this type of fraud or know how to protect themselves.

Johnson recommends authentication at the business customer level and educating customers about how to protect themselves.

“It starts very cagily by the fraudsters, mostly from Eastern Europe, doing some social intelligence associated with the business” said Johnson “ so they might know who the CFO is, or they might know who someone in HR is or what have you, or in IT.”

“Then they will send an email, which might be a Microsoft update for instance, or some other thing, which that particular individual would be aware of. The CFO might get something that purportedly is coming from the Better Business Bureau, for instance, things of that nature.”

In other words, an email that looks legitimate or expected may be a bait.

Recently, the Rippoff Report pointed out that Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

As technology improves judging an email on visual clues can be problematic.  Businesses obviously need to avoid clicking links in these emails.

“I think that it is not unusual for business customers to in their busy day not even think about the emails that they are clicking on” he said.

Chris Novak, managing principal at Verizon Business Investigative Response Team describes online security as a “kind of cat and mouse game “ requiring vigilance over a continually evolving threat.

Mr Novak has investigated criminal and civil data breaches for over a decade.

“I think the biggest thing is the evolution of malware. We are seeing that the malware is getting more advanced, and the hackers — particularly the organized crime groups – they actually have development teams” he said.

“Some of the malware is purposely built just for one specific victim environment, and the hackers have the capability to do that.”

Novak expresses concern that people think there are just a few types of malware that viral protection can handle.

“Malware is evolving rapidly with added capabilities that may frighten some people he said.

“The key piece if really making sure that you stay up on the latest and greatest threat information to know what you need to do protect yourself.”

Fortunately the recent big name security breaches demonstrated that event monitoring and log analysis revealed what was happening in 82% of cases. To be effective this requires a combination of people, processes and technology.

Novak expressed concern that people have developed an over reliance on technology.

“The problem with a lot of that is, like most technology, it is pre-configured to understand certain things and detect certain threats, but for the most part it is based on what’s been programmed into and how it has been configured.”

“In a lot of cases, you need a backup to technology of those appliances with people resources that can look at it and kind of do sanity check on it and say ‘You know what, this doesn’t look right. Someone logged into their bank account 7000 times today, and that is probably a problem.’ Sometimes the technology picks up things like that, and sometimes it doesn’t.”

Data can be moved in and out of an environment so quickly, which is why monitoring is so important.

“The biggest breaches that we’ve ever investigated took place in 24-to-48 hours. That’s all the hacker needed, depending on how organized they were.”