Video Screencast Help
Authentication (User) Blog
Showing posts tagged with Risk-based Authentication Services
Showing posts in English
vipmobile | 14 Apr 2009 | 1 comment

What are the hottest applications you can get for your iPhone this week?

Check out Apple's App Store "What's HOT" category. You will see "VIP Access" for iPhone recommended for iPhone users. This is the only security application to receive the coveted endorsement from the App Store - What's HOT category this week.

This great mobile application turns your iPhone into your personal security device and adds an extra layer security for your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and ...

vipmobile | 31 Mar 2009 | 6 comments

Starting today, millions of iPhone users can now protect their online identities with VIP Access! A free download from the Apple app store, VIP Access turns your iPhone into a VIP credential, which adds an extra layer of security to your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and GEICO.

+ Read the New York Times Article

+ Read our press release

Download the app using...

Vicente | 25 Feb 2009 | 0 comments

A quick update on the Broken Trust: when a criminal becomes your friend on Facebook story I posted a few days ago: as it turns out, it sounds like there are more victims of this scam other than my friend Beny and his friend Bryan. As you can see from this WPIX report Eileen Rodriguez also had her facebook account broken into and her friend Shaila lost $650 when she wired money to someone that she thought was her distressed friend.

Interesting to note that scam details were similar and the destination account was in the UK in both cases, which hints at the possibility that both scams were perpetrated by the same people. More troublesome was that Beny's case happened in Jan whereas Eileen's, according to WPIX, happened on Feb 8th which may show that Facebook was not...

Vicente | 20 Feb 2009 | 0 comments

Can you get scammed and lose money when you rely on social network sites to connect with friends ? Unfortunately the answer is yes.

A few weeks ago, my friend Beny stepped up to help one of his friends, Bryan, who was robbed at gunpoint in a foreign country.

We've all heard about friends getting in trouble during a trip, but what was new here was the fact that the distress call and help request came via Facebook status updates and instant messages.

As it turns out, the distress call was fraudulent and my friend ended up wiring a total of $1,143 to some fraudster account in England.

How could this happen ? Somehow, a fraudster got a hold of Bryan's Facebook username and password, studied his profile and started to reach out to his friends with the harrowing news and the request for help. The fraudsters were able to sound legitimate when instant messaging to Beny as they casually dropped bits and pieces of personal information that only Brian would know....

chalcon | 03 Feb 2009 | 0 comments

Imagine this scenario. You have a couple of hours to kill, so you log onto the free wireless access at an Internet cafe and check your personal email, maybe even make sure your latest check won't bounce by logging on to your banking site. (Whoops, that's just me).

What if a fraudster had set up that free WiFi you just logged into? How much of your personal information was just compromised? Well, this nightmare scenario is coming true. It's so widespread that it has even earned its own nickname: The "Evil Twin." Fraudsters can easily set up a fake hub and even name it to look legitimate, by using the name of a nearby store or cafe. Some people have noticed this in airports.

But don't lose hope: the "good guys" at the WiMAX Forum have defined a security model using two-way mutual authentication...

vipmobile | 28 Jan 2009 | 0 comments

Lately I seem to be posting notices about hacks and identity theft - like Monday's Monster.com news. Today's entry has a happier note - I'm proud to welcome Name.com to the VIP Network. Check out the press release and some of the reaction in the blogosphere.

vipmobile | 26 Jan 2009 | 0 comments

It seems like every day there's another headline about a major site being hacked with stolen usernames and passwords. Today it's Monster.com, which has compromised the passwords and personal details of thousands of recruiters and job seekers.

How many more of these breaches will it take for people to realize that just plain passwords aren't good enough?

Vicente | 06 Jan 2009 | 0 comments

I always find it interesting the way old scams are redressed for new and emerging channels.

That was the case during the last few days when Twitter users and employees found themselves under attack by phishers and hackers: follow these links to find a good account of the former and the latter.

Today I'll talk about the phishing attack, which consisted in luring people to give away their twitter passwords to a fake site, the novel aspect is that it used twitter-generated messages (Direct Messages) to propagate to your list of contacts (Followers).

This is all pretty similar to what we have seen with phishing via e-mail, but with two key differences:

- The first one is that e-mail phishing is a "mature product" where phishers are one...

yohai | 10 Dec 2008 | 0 comments

By Yohai Einav, Senior Fraud Analyst

A deserted street, night, a frightened old lady hops towards a policeman who just left the bar.
Old lady: "Please officer, this e-mail is trying to phish me!"
She shows a laptop to the Policeman.
Old lady: "My grandson gave it to me for my birthday, and he warned me of such things. Now it is trying to phish me!"
Policeman: "Let me see this".
The Policeman looks at the screen. He sees a phishing email.
Policeman: "Lady, do you have any idea what this is? This is identity theft! Wait a second; I must report this to my superiors right away!"

The policeman talks into his walkie-talkie:
Policeman: "Jim, I want to report an identity theft on 8th and Houston.... Yes, an old lady again.... Yes, her grandson... no, I didn't get the IP..."
The policeman leans toward the old lady.
Policeman: "You are lucky to still have your...

vipmobile | 05 Dec 2008 | 0 comments

This just in from the Washington Post: CheckFree, a major online bill payment site with over 24 million customers, had their domain hijacked and redirected to a site that tried to install malicious software on users computers. This all happened because criminals stole the username and password for CheckFree's domain management account at Network Solutions.

Clearly the criminals who perpetrated this attack should be caught and prosecuted, but isn't it sad that such valuable assets are protected by just a simple username and password? If you run a website, your domain registrar has the keys to your online castle -- how could this not be protected by strong two-factor authentication?