Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, an expert on cybercrime and identity theft, and the Consumer Security Adviser for Intersections Inc. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
3. The IDGuardian Podcast: Episode #009 — An Action Plan Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to July!

Still waiting for your tax return?

You may be waiting a long time….If someone fraudulently filed a tax return using your name and social security number before you filed your own taxes. It’s a growing trend in the world of Identity Theft.

It’s as easy as creating a counterfeit W-2 and ID card or driver’s license and presenting them to H&R Block or a similar tax preparation service. The counterfeit W-2 contains your name and social security number, which the suspect could have obtained just about anywhere these days, an address that doesn’t belong to you… or the suspect, and an employer that may or may not exist.

Many tax preparation services now provide you the option of having immediate access to your return. For a convenience fee, the refund is put on a pre-paid VISA or MasterCard, rather than having the refund sent to your home. As soon as the tax preparer unknowingly completes the fraudulent return, the suspect is provided with a Visa or MasterCard with the amount of the return, less a fee, which the suspect doesn’t miss anyway because the money doesn’t belong to them to begin with.

The suspect immediately uses the card for purchases or cash advances before the fictitious return is discovered. Neither you nor the tax preparer becomes aware of the fraud until you try to file your own taxes, only to be told that you have already received your refund and the IRS and Franchise Tax Board (FTB) will not provide you your refund until you prove it wasn’t you.

The likelihood of being able to identify the suspect is slim to none. Although the tax preparer typically asks to see some form of identification, they are not armed with databases that allow them to verify the authenticity of the document. Even if they make a copy of the ID for the file, there is no America’s Most Wanted for identity theft suspects, so the photo doesn’t provide much of an investigative lead.

So what can you do to protect yourself? Even if you have a security freeze with the three credit reporting bureaus, password protect all of your existing accounts, and have credit monitoring, these traditional methods of protecting yourself from identity theft don’t work in this situation. The good news in the midst of this bad situation is, you have options:

• If you have prepared your taxes on your own, contact the IRS immediately. Available on http://irs.gov are plenty of resources, contact e-mails, and emergency numbers to contact. Have your paperwork in order and reach out to them.
• If you used a service like H & R Block or some other tax preparing service, contact them immediately. This is part of their service to you. Take advantage of their services and have them assist you in finding out what went wrong.
• If you used a software package like TurboTax, use their tracking software to find out the progress of your refund. If the refund has process, contact TurboTax immediately for assistance. They may instruct you to contact the IRS, but go through proper channels first. Some software vendors may have staff on hand to assist you.
• Finally, prepare for 2011 now. The best way to prevent this worst-case scenario from happening to you is to beat the bad guys to the punch. FILE EARLY! FILE FIRST!

Related posts:

1. The Taxman (and Identity Theives) Cometh: The “Tax Tip Thursday” Edition Administrators’ Note: With the Income Tax deadline closing in and...
2. The Tax Man Cometh (and identity thieves are not far behind) Is it just me or does it feel like tax...

Related posts brought to you by Yet Another Related Posts Plugin.

How well is your antivirus software (AV) working today? Hopefully better than mine.

Of course, I didn’t pay anything for mine, maybe that’s the problem; maybe not.

Either way as I first sat down to write this blog on my work-issued (and far more heavily protected) laptop, my home PC – a nice fresh six-month old Dell – sat useless, totally fouled with a rogue antispyware infection.

Since then I’ve been able to isolate the attack (an antimalware Trojan dubbed “Antispyware Soft”) and remove it (Windows Defender is good for something!) but such an experience – undoubtedly incurred via a bout of ill-advised scanning of the Web for “unofficial” Formula 1 racing videos – certainly leaves one wondering – how well does my AV system really work and could I do anything to make it work any better?

As noted, in a semi-masochistic self-exercise, I have decided to see how far I can get with this machine using only freeware. This was the first major infection I’ve contracted so far, and, while some might argue that refusing to invest in paid AV significantly heightens my chances of getting nailed, I’d say my problem was tied far more closely to my own shoddy usage habits.

It’s also worth noting that the latest head-to-head AV engine tests published by Austrian nonprofit AV Comparatives found that many lesser known brands – such as GDATA, AVIRA and PC Tools – generally equaled or outperformed better known rivals – like McAfee and Symantec.

And, as researchers have repeatedly proven, even the best AV programs can often be circumvented by truly advanced attackers when they try hard enough.

So, if it’s not about money, how do you know how well your AV is working, or at least performing at its peak?

To get a far more educated opinion I asked (Dr.) Adam O’Donnell, director of Cloud Engineering and co-founder of AV start-up Immunet, what he thinks people should do to ensure that their AV systems work.

His first tip was predictable but important – you simply have to make sure that you have all the latest updates to your AV package. Now perhaps some of you, like me, can’t stand updating our AV every stinking time we log on to our computers, as we seemingly are prompted to, but that is still job no. 1.

“If for no other reason beyond building brand loyalty, AV companies do work hard to give you some indication that your software is up to date and working,” O’Donnell said.

Beyond that, taking a layered approach, or using multiple AV engines rather than just one, is obviously a good idea, said the expert (and there are many respected free products so you don’t have to keep buying more products).

And then there’s the human element; unlike me, try not to shoot yourself in the foot by letting your online objectives subvert your secure computing practices.

“There aren’t too many countermeasures against a truly advanced attack beyond running multiple, different AV packages, including at least one that has a heuristic engine that can detect that level of compromise,” said O’Donnell. “But the most important point is that knowing that you are protected (by AV) isn’t sufficient to guarantee that the data you work with is protected; and ensure that those you communicate and work with on a regular basis are using functional AV as well.”

Because you never know, you may be in touch with someone like me.

Now how do you know that your AV isn’t working?

That’s one I can answer for sure.

Related posts:

1. Reflections from a Black Hat Hackers’ Conference (Part Two) The following special blog post is the conclusion of a...
2. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

You’ve been breached, again!

Yesterday I received yet another notice that my personal information had been compromised in a data breach, someone is being sued, and I’m getting a year’s worth of free credit monitoring for my troubles blah, blah, blah…

Seems like I’ve received so many of these notices and offers of free credit monitoring, I’ll probably never have to pay for credit monitoring again.

But apart from the fact that the last time we shopped at that store was more than three years ago, and, therefore, the thieves are long gone with my information, it does raise the troubling issue of how used to and how immune we’ve become to these data breach notices. And that’s not a good thing.

According to research firm Javelin Strategy & Research more than one in four of all U.S. consumers have received a data breach notification, and at least 28% of all consumers received a replacement debit or credit card in 2009 due to security concerns.

Hardly surprising, considering there were hundreds of reported data breaches last that together exposed more than 300 million personal records.

To make matters worse, Javelin maintains that fraud victims who have been notified of a data breach experience fraud at nearly five times the rate of fraud victims who have not notified of a breach.

And according to Robert Vamosi, a fraud and security analyst and author of the Javelin report, “Consumers who receive notifications that their personal information may have been breached are not connecting the dots. They don’t seem to understand that this puts them at an increased risk for other types of fraud and at an increased need for identity protection services such as fraud alerts, security freezes and credit and identity monitoring.”

Lessons learned?

• Be careful with whom you share your personal information with. No one is immune to a breach.
• If you receive a data breach notice, rather than ignore it, take extra precautions like checking your credit report to make sure you haven’t been victimized multiple times.

Protect your computer or face the consequences

Nobody wants to blame the victim, but when it comes to the growing problem of cybercrime and in particular banking Trojans, maybe it’s time to take the kid gloves off.

I’ve argued for years that the end user is one of the weakest links in security. They typically know the least about security, don’t have experts looking over their shoulder, and in many cases create security risks not just for themselves but for complete strangers and even the nation.

Unprotected or poorly protected personal computers are a major headache and one of the most popular back doors for everything from organized crime gangs to cyber terrorists. They can be used to plant banking Trojans to attack the individual user’s own bank account. They can be used to spread malware to other computers. And they can be harnessed by enemy governments in large scale attacks against U.S. interests.

So what do we do about it? In a recent story in Network World, security experts commented that banks are increasingly concerned that the customer computer is increasingly the weak link in the chain of trust.

In response to the problem, some banks have started offering browser and PC security services that will protect the customer’s computer, and especially their login to their bank accounts. They may even run scans of customer computers to weed out any hidden malware.

In Australia, the House of Representatives is going one step further, proposing laws that would require Internet Service Providers (ISP’s) to act as the security gateway for internet users, and not only block users that don’t have up-too-date security on the computer, but also remotely scan the user’s computer for malware and also block internet access if they find anything they don’t like

Might seem a little extreme, and there are lots of challenges, but I don’t think it’s such a bad idea. There are still many users accessing the internet whose poor security habits put other users and the nation at risk to cyber threats. I still come across many users who don’t have any virus protection on their computers, don’t’ see any reason why they should, and have no clue about the risk they expose themselves and others to.

The challenge, as usual, is in the implementation of such draconian measures. But if careless users won’t take responsibility for their computer and behavior, and the risks they expose others too, then maybe we should look at other ways to enforce proper online etiquette.

Lessons learned?

• Take the time to make an honest evaluation of your own security habits. Both the time and the money spent to make yourself and your computer safer are resources well invested.
• Don’t be the weak link. Layer every computer you use with as much security as you can, so at least you can rest easier that you’ve done your part. Just don’t drop your guard afterwards and get complacent.

Banking’s big dilemma: How to stop cyberheists via customer PCs

http://www.networkworld.com/news/2010/061710-online-banking.html?source=NWWNLE_nlt_security_2010-06-21

Have you received a foreclosure email lately?

Ever received one of those emails about a property you owned or just lived at, offering you a refinancing option, home loan, or even foreclosure help? Every day I get four or five of these to one of my regular email addresses, and offering to help me refinance a property that I only rented, and for just six months, nearly 10 years ago.

While most of this spam email is just a scam, it does raise a worrying question. How do the spammers know that I lived at that address and that this is my email? Now I can understand them having just one of those pieces of information – the fact that I lived at a certain address is widely available in thousands of databases. And my email address is also probably on thousands of spammer lists.

But how did they connect the two? Well, chances are I might have:

• Inquired about a home loan or mortgage at some time in the past
• Rented a property
• Applied for a job
• Posted my resume online
• Had a bank or credit card account
• Bought something online
• Or worked someplace

And the folks who said they’d look after my information let me down badly.

Another possibility is that someone just sold my information to a spammer or scammer because that was the only way they could make money from it. In my case, I’m pretty sure the company I rented the property from just didn’t do enough to protect my information. And given that I also provided them with my Social Security number so they could run a credit check, I could assume they were no more careful with that.

There are other possible explanations and scenarios too, none of them good. Whatever the reason, it’s a painful reminder about how easy it is for crooks to piece our lives and history together with very little effort, and then try to use that against us.

Lessons learned?

• Don’t worry about your information “getting out there.” It’s already “out there.” Worry about what you can do to stop the thieves from harming you with it.
• If you have to provide information online, don’t include your email address if you don’t have to. Many web sites just want it for marketing purposes, and that is how it ends up in the hands of spammers.

U.S. not ready for cyber attacks

In another disturbing admission, the United States is still nowhere near prepared to prevent the growing onslaughts of cyber attacks from cyber criminals and enemy governments.

The division of the Department of Homeland Security that monitors cyber attacks and probes against the U.S. says it doesn’t have enough people and resources and can do little to protect the nation.

In fact, an article in the Wall Street Journal concluded that “the U.S. government’s ability to counter cyber attacks against its non-military computer systems is largely ineffective.”

Scary stuff. It’s long been known that the U.S. Government has never been very good at cyber security, mainly because it’s unable to hire the best security minds. And America’s enemies seem to know this, as they invest heavily in hiring the best hackers on the planet and offering them huge financial incentives to attack the U.S.

Brings me back to my earlier commentary on the importance of personal security, and why it’s so important for every individual who uses a computer or accesses the internet to do everything they can do make sure their behavior or decisions don’t expose others to cyber threats.

U.S. Hampered in Fighting Cyber Attacks, Report Says

http://online.wsj.com/article/SB10001424052748703280004575309243039061152.html

Teens make millions teaching hacking tricks

Two teenagers, age 17 and 18, were recently arrested in London after it was discovered they were operating one of the biggest online forums dedicated to teaching users how to make money from cybercrime.

When the site was busted recently it had more than 8,000 members, a clear sign of the enormous demand from individuals and gangs wanting to hone their cybercrime skills.

The forum offered tutorials and advice on more than 30 different topics, including how to steal information electronically, how to commit credit and debit card fraud, how to acquire passwords and other secret information on the web, and how to create malware.

In addition to schooling the next generation of cyber thieves, the duo also had on sale more than 60,000 stolen credit card numbers with a street value in excess of $10 million.

Two teenagers held over £8m ‘crime tutorials’ on the internet

http://www.thisislondon.co.uk/standard/article-23848437-two-teenagers-held-over-pound-8m-crime-tutorials-on-the-internet.do

Read Neal’s blogpost, Profile of a Teenage Hacker

http://www.idguardian.com/profile-of-the-teenage-hacker/

Related posts:

1. Weekly News Wrap-Up for 11 June 2010 iPad owners targeted by hackers It was just a few...
2. Weekly News Wrap-Up for 4 June 2010 Could a cyber attack stop your electric meter? The next...
3. Weekly News Wrap-Up for 18 June 2010 Can your business have its identity stolen? Identity theft is...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, an expert on cybercrime and identity theft, and the Consumer Security Adviser for Intersections Inc. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #008 — A Victim’s Story Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

A national law enforcement official who oversees a program to protect the elderly recently told us that fraud against older people is on the increase.

We see these heart-breaking cases everyday at ITAC: older people victimized by a con artist, family member or friend. They take advantage of the older person’s loneliness, generosity, and in some cases, diminished mental capacity.

Consumers who want to protect their older friends and family can take a page from the playbook of financial services companies, who are often the first to detect fraud against older persons. BITS, a division of The Financial Services Roundtable, recently published Protecting the Elderly and Vulnerable from Financial Fraud and Exploitation, a toolkit to give employees guidance on how to identify and respond to fraud and abuse.

Here’s are some of the “red flags” that may be a sign of fraud:

• Vulnerable adult has no knowledge of a newly-issued ATM, debit or credit card.
• Discovery of a vulnerable adult’s signature being forged for financial transactions or for the titles of his or her possessions.
• A set of “out-of-sync” check numbers.
• A sudden flurry of “bounced” checks and overdraft fees.
• Transaction review shows multiple small dollar checks posting to the senior’s account in the same month. This could be indicative of telemarketing or charity scams.
• Large withdrawals from a previously inactive checking or credit account or a new joint account.
• Abrupt increases in credit or debit card activity.
• Sudden appearance of credit card balances or ATM/debit card purchases or withdrawals with no prior history of such previous use.
• Withdrawals or purchases using ATM or debit cards that are:
  • Repetitive over a short period of time
  • Inconsistent with prior usage patterns or at times (e.g., late night or very early morning withdrawals by elderly customers, withdrawals at ATMs in distant parts of town by customers who don’t drive or are house bound.)
• Vulnerable adult appears confused about the account balance or transactions on his or her account.
• A caregiver appears to be getting paid too much or too often.
• Significant increases in monthly expenses paid which may indicate that expenses for persons other than the customers are being paid.
• Sudden changes in accounts or practices, such as unexplained withdrawals of large sums of money, particularly with a vulnerable adult who is escorted by another (e.g., caregiver, family member, “friend”) who appears to be directing the changing activity patterns.
• Vulnerable adult acknowledges providing personal and account information to a solicitor via the phone or email.
• Excitement about winning a sweepstakes or lottery.

Related posts:

1. A Big Score in the Fight Against Identity Theft This is National Police Week, an opportunity to acknowledge the...
2. Making Gains in Fighting ID Theft Sometimes it’s hard to see the progress being made in...
3. Identity Fraud Fact: Little Guy is Big Target Banking and financial services providers may continue to feel the...

Related posts brought to you by Yet Another Related Posts Plugin.

Can your business have its identity stolen?

Identity theft is usually thought of as an individual, personal crime. While businesses often end up picking up the costs, thieves rarely focus on businesses as the target of their cloning.

That’s changing. Identity theft is based on impersonation – stealing or otherwise acquiring information about a real person and then using that information to pretend to be that individual. That same principle is now being applied to businesses, where thieves are creating fictitious companies based on real and trustworthy companies, to scam real customers out of thousands of dollars.

Take America Auto Sales in Memphis Tennessee. The company was plagued with calls from hundreds of irate customers wanting to know when they could collect the car they bought online from the company. Apparently the customers had paid thousands of dollars in deposits for repossessed cars being sold online at bargain prices by America Auto Sales.

Problem was, the company never placed the ad or created the web site. Someone else had, using the company’s real name, address, and contact information.

Not only are these customers out the deposits they paid, the real America Auto Sales has to deal with hundreds of calls from angry customers, as well as trying to restore its reputation damaged by a crime it never committed.

Memphis Car Dealer Victim of ID Theft in National Car Selling Scam

http://www.myeyewitnessnews.com/news/local/story/Memphis-Car-Dealer-Victim-of-ID-Theft-in-National/7xTxrb7_Ske-nX9cPOni0A.cspx

Poll reveals 95% of users believe Facebook is not doing enough to protect against “likejacking.”

A recent poll by security firm Sophos found that 95% of Facebook users think Facebook is not doing enough to protect them against the new “likejacking” or clickjacking threat that scammers are using to spread computer worms by tricking users into clicking on infected “like” buttons now popular across Facebook.

What surprised me most about the poll was that 95% of the 600 people polled actually knew what likejacking was. It’s a pretty new phenomenon, and only widely publicized in the last few weeks.

Most FB users I’ve spoken to have never heard of it. So maybe my friends are not as smart as Sophos. Or maybe Sophos is polling readers of its blogs where Sophos has extensively highlighted the threat and so is asking a biased audience.

Or maybe the answer is simpler than that. Ask 600 Facebook users if they think Facebook is doing enough to counter any of the many threats and exploits users face daily, and I’m sure 95% will tell they don’t.

Lessons learned?

• Facebook is still a hotbed of hacker activity, the scams are getting more sophisticated, and unless you take your own security seriously, don’t depend on Facebook.
• Do as little as you need to on Facebook. If you don’t really need to share a piece of interesting information about yourself or your family, then keep it to yourself. And unless you “like” something so much you just can’t control yourself, avoid clicking on like buttons anywhere on Facebook.

95% say Facebook needs to do more to fight clickjacking worms, poll reveals

http://www.sophos.com/blogs/gc/g/2010/06/15/95-facebook-fight-clickjacking-worms-poll-reveals/

Your electric meter could be hacked

A few weeks ago I wrote a blog about the vulnerability of the national electricity grid to hack attacks, especially by cyber terrorists. A new report suggests that such an attack may be much closer to home than you think, in fact right outside your front door.

A couple of months ago I was the reluctant recipient of a new electric meter, and immediately noticed one major and unpleasant consequence – my electric bill nearly doubled. And while the electric company is now the target of a state inquiry because of thousands of similar complaints, these smart meters might present a more sinister threat.

According to a news story on CNET, nearly 60 million smart meters will be installed this year in the US alone, and apparently these meters have less security in them than the average smart phone.

According to experts, that leaves meters, and the homes they monitor, vulnerable to a host of threats from hackers including snooping on customer data, stealing electricity and even triggering widespread outages.

Not surprisingly, the power companies are being accused of putting profits before customers, privacy, and security in their rush to streamline their billing systems and processes. Sound familiar?

Money trumps security in smart-meter rollouts, experts say

http://news.cnet.com/8301-27080_3-20007672-245.html?tag=nl.e703

Brits hit hard with phishing scams

One thing we know about hackers and identity thieves is if they find a scam or trick that works, they’ll keep using it. So you can assume that if you keep receiving phishing emails from your bank, or emails from Nigerian princes congratulating you on your inheritance, it’s not because the criminals are desperate but because these emails continue to snare users.

And it seems like the British are being hit hard. According to a new report by security firm CPP, Brits received more than 3.7 billion phishing emails throughout 2009, amounting to a staggering 420,000 every 60 minutes.

So why do phishers seem to be hitting the Brits so hard? Read on. The report goes on to reveal an even more staggering statistic.  Twenty-five percent of recipients of these emails admitted to falling for the scams. That’s huge. We’ve always assumed that these mass email scams work because even if only .5% of recipients fall for the scam it’s still profitable.  But 25%?

If that trend continues, we know two things for sure: more phishing emails will come and they will become even more convincing; and we still have a lot of work to do when it comes to end user education and awareness.

The funny thing about phishing, like most scams, is that in order for them to work, the victims must be willing participants. A phishing email will only work if you do what the email asks you to do. If you don’t respond, don’t give them the information they ask for, don’t click on the link and don’t open the attachment, you’re safe and they lose.

But I guess 25% of the British population still hasn’t heard that message. I hope it’s not universal.

Lessons learned?

• Never drop your guard, because thieves are always on the prowl.
• Always be suspicious of email because it’s the cheapest and easiest way to trick you.

Millions snared in web fraud

http://www.cpp.co.uk/news/miilions_snared_in_web_fraud/

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

We know by now that identity thieves are reaching far beyond credit card shopping sprees. A major risk for homeowners nowadays is mortgage fraud, which has been a huge contributor to this nation’s housing crisis. The Federal Bureau of Investigation (FBI) reported that 67,190 mortgage fraud suspicious activity reports (SARs) were filed in 2009 with more than $1.5 billion in losses.

The FBI also estimates annual losses between $4 – 6 billion, and statistics show that many victims of mortgage fraud do not discover misrepresentation or other fraudulent activity until almost two years after it has occurred.

Mortgage fraud schemes, like “liar” loans and application misrepresentations, are tough to spot and even harder to stop… but not impossible.

Mortgage fraud is preventable and there are key steps consumers can take now to stay safe from the threats. So as home buying season kicks off this month, educate yourself. Below is a list of top 10 consumer tips for detecting and avoiding a mortgage fraud scheme.

Top 10 Consumer Tips for Combating Mortgage Fraud:

1. Periodically check all of your home information with the recorder of deeds in your county.  If you discover any paperwork you don’t recognize, immediately contact your mortgage company and county authorities.
2. If you receive any statements or similar information from a mortgage company that is not yours, read the documents carefully and contact the company immediately to alert them to a discrepancy.
3. Beware of any offer that promises to “rescue” you from foreclosure, including loan modification programs that purport to be affiliated or approved by the government.  Do not make payments to any entity other than your mortgage lender or cease communications with your lender.
4. If you are at risk of foreclosure, your mortgage lender should be your starting point.  If you are considering third parties, make sure you transact only with qualified and approved credit counselors.
5. Get referrals for realtors and mortgage banking professionals. Check the licenses of the industry professionals and their company with state and local regulatory agencies.
6. Don’t assume that your lender has captured all of your personal information accurately. Check your application against the final loan documents to ensure that the information is correct and complete.
7. Understand what you are signing and agreeing to and do not sign any blank documents or similarly, forms that contain blank spaces. If you do not understand an agreement, re-read the documents or seek assistance from an attorney or trusted third party.
8. Check your credit report and public records information before refinancing your mortgage or purchasing a home and check again a few months later to make sure that if your personal information was stolen, it is not being used against you.
9. Report any suspicious activity to relevant federal agencies like the Federal Trade Commission as well as your local and state consumer protection agencies.
10. Finally, just as with any other offer, if a mortgage opportunity sounds too good to be true, it probably is!

Related posts:

1. Be Prepared to Establish Your ID When Red Flag Rules Go into Effect For years I’ve said that identity theft is a complex...
2. Making the Big Move…Safely According to the 2010 Javelin Strategy & Research Identity Fraud...
3. Footprints to a College Graduate’s Credit Profile (Part II) In a recent posting, we advised college graduates to take...

Related posts brought to you by Yet Another Related Posts Plugin.

iPad owners targeted by hackers

It was just a few weeks ago that security experts announced the first ever virus targeted at an Apple iPad, only to admit very quickly that it wasn’t really targeted at the iPad but iPad owners.

There’s always a time lag between the launch of an exciting new product and the launch of a hack or virus by criminals targeting that product and its users. So experts were relieved that so far, the iPad doesn’t seem to have been compromised.

I wish I could say the same for iPad owners. In April, thousands of iPad users received an email with an attachment claiming to be an “iPad Software Update.” Anyone clicking on the attachment instead found their (Windows) computer infected with a backdoor data stealing program. Then earlier this week hackers managed to steal the email addresses of more than 100,000 iPad users by hacking into the servers of AT&T.

But rather than exploit the stolen addresses, at least for now, the hackers shared the information with the media. And what a haul! The list of hacked iPad email addresses included employees from financial firms Morgan Stanley, Citigroup, and Goldman Sachs, the Departments of Justice and Homeland Security, and celebrities like New York Mayor Michael Bloomberg and White House chief of staff Rahm Emanuel.

It’s no surprise that if hackers can’t attack the iPad yet, they’ll settle for the next best thing – iPad owners. And why not. Just like Facebook, hackers go where the crowds are, and with iPads now selling around the world at the rate of one every 37 seconds, successful attacks against the iPad aren’t far behind.

Lessons learned?

• If you have to be amongst the first to own the latest and greatest tech tool or toy, expect to be amongst the first to be targeted by thieves.
• Not all attacks are high tech, and there are growing reports of “snatch and run” thefts of iPads used in public places. So be careful where you use it.
• Expect you and your information to be exploited before your iPad and because of your iPad.

iPad Users Targeted by Hackers
http://www.telegraph.co.uk/technology/apple/7638376/iPad-users-targeted-by-hackers.html

Hackers hijack search results to trap you

It’s World Cup frenzy again (in case you missed it that’s the Soccer World Cup, being played out in South Africa) and all over the world millions of web users, from die-hard fans to just the mildly curious, will be turning to search engines like Google for the latest news, scores, and rankings.

So too will hackers. Not so much because they’re fans of soccer, but because they’re fans of global news events that they can exploit. One of the most popular and dangerous tricks is called search engine or SEO hijacking – breaking into the boiler-rooms of the most popular search engines, and manipulating the system so that their malicious links and web pages show towards the top of search results.

Sounds complicated but it’s actually very simple. For some reason web users seem to automatically trust web pages that appear at the top of their search results. If hackers can inject their pages into the top results of a search on something like the World Cup, they can use those pages to redirect surfers to malicious web sites or trick them into downloading malicious software.

The strategy isn’t new, and hackers seem to turn to it every time a major news story captures the public interest. Before the World Cup, hackers were placing fake stories and web sites about the French tennis open to trap users, and before that the hurricane in Guatemala.

And of course the tragic BP oil spill in the Gulf is being used around the clock by hackers to feed fake stories and trap unwary users.

Lessons learned?

• Don’t assume that if something you search for appears at the top of your search results, it should be assumed to be legitimate. Always use caution.
• Consider using one of the many free browser security tools, like Finjan’s Secure Browsing, that will alert you about a suspicious web page before you click on it.
• Keep your anti-virus software constantly updated and your computer constantly patched. Many of these attacks exploit computers that have security holes or vulnerabilities left unpatched.

Beware of strangers (and friends) bearing gifts

If you’re a regular Facebook or Farmville user, you might have come across a message from your friends recently, warning that an offer of a “White gift box” circulating on Facebook is actually a virus and therefore you should not click on it.

Hundreds of thousands of FB users have apparently received such a warning and yet the security industry knows nothing about it. Except that they think it’s probably either a hoax or a case of mistaken identity. So far, security experts have not been able to find any malware connected to the white box message in circulation, and are speculating that it all boiled down to a case of mass hysteria.

Which brings up an interesting point. Should we rely on users and the public, who can often make mistakes, to spread warnings about online threats and therefore use the power of millions to keep our communities informed, alert, and safe?

Or should we leave such alerts to the experts, who can first verify if the threat is real before warning the world to batten down the hatches?

One of the problems that arises is user fatigue. If there are too many instances of fake viruses, users may just switch off, and either not share any future warnings or alerts or not pay any attention to warnings they receive.

A quandary.

Lessons learned?

• Before you share a warning about any security issue or threat, do a little research to make sure it’s not a hoax.
• If you receive such a warning, do the same – verify first – before you act on it or pass it to others.

White Gift Box With a Blue Ribbon? Farmville virus or hoax?
http://www.sophos.com/blogs/gc/g/2010/06/09/white-gift-box-blue-ribbon-farmville-virus-hoax/

Related posts:

1. Weekly News Wrap-Up for 4 June 2010 Could a cyber attack stop your electric meter? The next...
2. Weekly News Wrap-Up for 28 May 2010 Data breaches and security come low on the list of...
3. Weekly News Wrap-Up for 17 May 2010 How the bad guys can empty your bank account from...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Jerry Thompson, co-founder of White Sky Inc. White Sky protects consumers from identity theft and online crime when they are at their most vulnerable: when they conduct financial transactions on the Internet. With Bill Loesch, Jerry founded White Sky around an easy-to-use, convenient solution to safeguard consumers against identity theft and online crime. Today, that solution — ID Vault — is used by tens of thousands of customers in all 50 states, the District of Columbia and Puerto Rico.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
3. The IDGuardian Podcast: Episode #007 — Concerns with Small Businesses Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

According to the 2010 Javelin Strategy & Research Identity Fraud Survey Report, names and home addresses continue to top the list of critical personal data stolen by identity thieves. April through July has historically been the busiest time of year for home buying and selling. During these months, neighborhoods across the country are filled with moving trucks as homeowners, renters and their families move on from the old to the new. A lot goes into packing and moving a home and often times certain things can get overlooked – like the safety and security of a mover’s personally identifying information (PII).

Something as simple as a misdirected bank statement could end up in the wrong hands resulting in a compromised identity. Most homeowners don’t think twice about installing a security alarm in their new home after a move and often times activating the system can be done in a few simple steps. Along the same lines, if homeowners would take the same steps required to help protect their identities, they would be providing themselves and their families with invaluable protection.

Here are a few simple steps a homeowner can take to protect their identity from fraudsters before, during, and after a hectic move:

1. Before your move, make a list of all personal mail you receive on a regular basis. Notify banks, financial institutions and creditors of the move and redirect all paper statements and sensitive financial mailings to your new address, or, consider switching to online statements. The 2010 Identity Fraud Survey Report from Javelin Strategy & Research found that consumers who utilized electronic statement monitoring took less time to detect incidents of fraud and paid lower mean consumer costs ($116 vs. $274) than those monitoring paper statements. Make a checklist for:
   • Retirement accounts/Banking Institutions/Credit Card Companies
   • Utility companies (electric, gas, water, cable, etc.)
   • Insurance companies (medical, property, renters, fire and auto)
   • Local government agencies, federal agencies & the IRS
   • Healthcare providers
   • Schools
   • Suscriptions (magazines, newspapers, etc.)
   • Memberships
2. Submit a Change of Address request through the post office. Once the request has been filed, be on the look-out for a confirmation from the Postal Service and use this to verify your new information has been correctly updated. Mail should start to arrive at your new address within 7 to 10 business days after filing.
3. Shred all important documents and paperwork that will not be coming with you. Thieves will often go through garbage in search of things like pre-paid credit card offers that they can alter and use to create new accounts in your name. A decent shredder can cost as little as $50 and can be a very worthwhile investment. Make sure you are properly disposing of your shredded materials yourself – do not leave the task for anyone else to complete on your behalf.
4. Monitor bank and credit card statements for suspicious activity. Consider enrolling in an identity protection service that not only helps you monitor activity related to your credit, but also helps protect your computer, public records, and even mobile devices – all things that could have been impacted by the move.
5. Mover fraud is becoming more commonplace in the U.S. To avoid becoming a victim, do your due diligence and thoroughly research moving companies in your area. Ask for recommendations from trustworthy friends, family members, and real estate agents. And check with the Better Business Bureau to ensure the mover has a solid reputation. You should also make sure the mover is registered with the Federal Moto Carrier Safety Administration (FMCSA) and has a U.S. Department of Transportation (USDDOT) number before signing any agreements or obtaining an estimate.
6. Transfer all important physical documents that will be making the move, such as wills, stock certificates, bonds, etc., to a safe and secure place such as a locked box or an online secure vault. Keep the physical documents with you during the move and do not leave any secure receptacles for movers or others to transport.
7. Lock down your computer. Devote time and resources before your move to make sure all computers in your home are hack-proof and packed and out of sight before movers arrive. Take all computers, hard drives, and other external storage devices with you during the move.
8. Make sure you are present for the entire duration of the move. Your presence could deter potential theft from occurring and you can rest assured that your personal belongings are being taken care of properly.
9. After the move, verify that you are receiving all mail from the list of senders you identified and contacted beforehand. If something is missing or does not start arriving at your new address, contact the company immediately to confirm the address change and make sure that nothing is going to the old address.
10. Take time after the move to create a secure zone for the storage of secure data and to serve as a place where sensitive transactions like book keeping takes place. Update your computer security technology and consider tightening the physical security measures on the premise.

Related posts:

1. Footprints to a College Graduate’s Credit Profile (Part II) In a recent posting, we advised college graduates to take...
2. Making Gains in Fighting ID Theft Sometimes it’s hard to see the progress being made in...
3. Footprints to a College Graduate’s Profile (Part III) With graduation season closing in, we have presented commentary on...

Related posts brought to you by Yet Another Related Posts Plugin.

Could a cyber attack stop your electric meter?

The next time your TV goes on the blink, or you suffer a surprising power outage that no-one seems to be able to explain, you could be forgiven for worrying it might be a cyber attack and possibly even by terrorists.

A recent report from the North American Electric Reliability Corp. (NERC) identified cyber attacks against America’s power grid as one of the top three threats that security experts are worrying about.

Cyber threats against the nation’s power system are nothing new, and experts believe that power systems across the country are constantly being probed, perhaps thousands of times a month, by cyber terrorists looking for weaknesses. The goal of the attackers would be to create national panic and disrupt the U.S. economy that relies so much on electrical power.

The unfortunate news is that experts acknowledge how unprepared the power industry is for these attacks, how inadequate security is, and how easy it would be for attackers to disrupt the system. I guess it’s just a matter of time.

Lessons learned?

• The next time your lights flicker, don’t assume it’s a cyber attack on the power grid. But use it to remind yourself that hackers and cyber terrorists never sleep.
• It never hurts to have a backup plan, just in case. Anything battery operated, from a radio to a flashlight, is always good to have nearby. And of course constantly back up your data so a power interruption doesn’t slow you down.

Cyberattacks seen as top threat to zap U.S. power grid
http://www.networkworld.com/news/2010/060210-nerc-cyberattack-power-grid.html?page=1

Your Facebook “likes” might be “likejacked.”

This morning I received a message from a Facebook friend asking me to “like” a travel agency she worked for. I almost instinctively clicked on the like button before I paused. I had just read a story of a new scam circulating on Facebook that was tricking users into “liking” fake messages that instead hid computer worms or Trojans.

According to security firm Sophos, hundreds of thousands of Facebook users reported receiving messages with lines like “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE” and “This man takes a picture of himself EVERYDAY for 8 years!!” and asking them to “like” the pages or messages by clicking on the like button.

The trick has already been dubbed “likejacking” and the worm it installs will try to recommend the same page to all your friends. So far the attack doesn’t seem to do any significant harm – it doesn’t try to crash your computer or steal your information – which makes experts think the attackers are doing a test run to see how well the scam works and how many people fall for it. So go ahead, spoil their day, resist the temptation to “like.”

Lessons learned?

• Every time security experts think they have plugged a Facebook security hole, another dozen appear.
• As long as hundreds of millions of people like you like Facebook, hackers will like Facebook too.
• Resist the temptation to do everything your Facebook friends ask you to. Unless you really feel the need to join something, view something, download something, or “like” something, don’t bother. You might not like it as much as you thought.

‘Likejacking’ exploit fools Facebook users and friends

http://www.networkworld.com/news/2010/053110-facebook-likejacking.html

Cybercrime stays because cybercrime pays

Cybercrime is not going away any time soon and for one simple reason. It pays. Take the case of three cyber crooks who were recently indicted for conning a million internet users of out millions of dollars, for fake security software to eradicate a computer virus the victim’s never had.

The three were accused of operating a marketing company that offered anti-virus and other security software.  As part of the scam, the thieves place advertisements in a variety of legitimate web sites that warned browsing users that their computers were infected with a computer virus or had some other technical problem, and offered their software to eradicate the problem.

The real problem was there was no virus detected (it was just an advertising banner) and the software they offered was useless. Commonly known as “scareware” because the scammers try to scare users into downloading it to fix a security problem, the crooks were able to con more than one million internet users in 60 countries out of an estimated $100 million.

Crime always pays, but only occasionally do the criminals. In this case the crooks were finally indicted, maybe because they got too big or two greedy. But prosecutions like this are still rare. And the CEO of the company behind the scam is still on the run. We’ll keep you posted.

Lessons learned?

• Most cybercrimes involve some participation by the victim. If you choose not to fall for an obvious or suspicious scam, you win and the bad guys lose.
• Don’t ever fall for or click on web ads or pop ups that warn you that a virus has been detected and you need to purchase new software to fix it. You should already have reputable security software already installed on your computer and be familiar with their alerts and warnings. That’s what you should rely on, and nothing else.

3 indicted in $100 million Internet ‘scareware’ scheme

http://news.yahoo.com/s/afp/20100527/tc_afp/usukraineswedenitcrimecomputersoftwareinternet_20100527205311

Related posts:

1. Weekly News Wrap-Up for 28 May 2010 Data breaches and security come low on the list of...
2. Weekly News Wrap-Up for 17 May 2010 How the bad guys can empty your bank account from...
3. Weekly News Wrap-Up for May 10, 2010 Most anti-virus software vulnerable to new attacks In another example...

Related posts brought to you by Yet Another Related Posts Plugin.

Data breaches and security come low on the list of concerns of tech firms

A few weeks ago I mentioned in a blog that companies have figured out that data breaches are not as embarrassing and costly as once thought, and so they are not as worried about such public breaches of trust as they once were.

A recent study seems to bear that out. Research firm BDO just released a study of the 100 largest U.S. public technology companies that asked these companies which risk factors worry them the most.

While worries about normal business challenges like beating the competition, developing new products, and dealing with a tough economy came in at the top of the list of corporate concerns, worries about breaches of technology security, privacy and theft came in at only number 23 on the list.

Yet another reminder (as if we needed it) that not only is protecting customer data not a priority for leading companies, the issue barely makes it on to their radar.

Data breaches not among top concerns for tech firms

http://www.networkworld.com/news/2010/052410-data-breaches-not-among-top.html?source=NWWNLE_nlt_security_2010-05-26

Facebook told to set up warning system after new sex scam

Just as Facebook announced yet more steps to improve its privacy and defuse threats from Congress to take action against the company, security experts are warning users to be on the lookout for yet another Facebook scam involving a fake sex video.

According to one security researcher, hundreds of thousands of Facebook users recently received a message that seemed to come from their own inner circle of friends and provided a link to what appeared to be a video of a scantily clad bikini babe.

Users clicking on the link received a pop-up message prompting them to download a plug-in in order to view the video clip, but that download turned out to be a nasty piece of malware.

Scams like this are nothing new, mainly because they’re very effective. Facebook users often trust messages that appear to come from their FB friends, and are nowhere near as careful as they should be in clicking on any links or opening any attachments from these friends.

That’s what the scammers are counting on, and are finding this scam to be a very effective way to infect unprotected computers with a variety of nasty programs, from fake advertising and rogue anti-virus software, to banking Trojans.

Lessons learned?

• Trust but verify! Just because a message or email comes from what looks like a friend, always be suspicious if it looks like a generic message, requests you to click on a link or attachment, or just seems unusual for that friend to send you that kind of message.
• Stay up-to-date with Facebook’s privacy settings and options. They’re constantly changing and you may need to change with them.

Facebook told to set up warning system after new sex scam

http://news.yahoo.com/s/afp/20100525/tc_afp/technologyinternetfacebooksingapore

Be wary of new identity theft service scam

I’ve received a number of calls recently from senior citizens asking about suspicious calls they’ve been receiving. The calls purport to come from security firms that claim to have discovered that the victim’s personal information is being sold on the internet, and in return for a large fee, sometimes up to $500, the caller offers to provide identity protection services to the victims.

In most cases the calls are scams, and just a heartless way to steal money from vulnerable and trusting seniors. Some victims have reported receiving five or six calls a day from these scammers.

These scam artists often run sophisticated call centers that deliberately target lists of seniors who live alone, and can be relentless in harassing the victim into paying money for a service they never receive.

In one case the victim claimed that the reason she trusted the bogus company was because the caller never asked for money. At least not at first. And that’s often key to the con – building up a trusting relationship with the victim until the scam artists reach a point they feel best able to trick a check out of them.

Lesson learned?

• If you have elderly parents or relatives, or know seniors who live alone, talk to them about this issue and suggest that if they receive such a call they immediately refer the caller to you. Or just keep hanging up.
• A genuine and reputable identity theft protection company will never call a consumer and tell them they’ve been a victim.

Related posts:

1. Weekly News Wrap-Up for 17 May 2010 How the bad guys can empty your bank account from...
2. Weekly News Wrap-Up for May 10, 2010 Most anti-virus software vulnerable to new attacks In another example...
3. Weekly News Wrap-Up for 19 April 2010 Spam keeps getting worse According to the latest State of...

Related posts brought to you by Yet Another Related Posts Plugin.

How the bad guys can empty your bank account from right under your nose.

The next time you pick up the phone and all you hear is noise, or you find yourself inexplicably connected to a porn chat line, might be smart to hang up the phone, find another phone, and quickly call your bank.

In a startling example of how creative and brazen thieves have become, a new scam has emerged that has experts scratching their heads.

When a bank receives an unusual customer request to transfer money to another account, standard procedure is to call the customer at their listed number and have the customer verify over the phone that the transfer is legitimate.

But what would the bank do if your phone was constantly busy and they couldn’t get through? They would postpone the transfer or stop it altogether until they could get through, right? Maybe. Unless they got a call from someone claiming to be you, apologizing that there were problems with their phone line and authorizing the completion of the transaction.

That’s the scam. Crooks are targeting the accounts of high net worth individuals with requests to transfer large amounts of money to other accounts. Knowing that the victim’s bank will call looking for verification, the crooks quickly flood the victim’s phone with garbage messages like porn chat so that the bank simply can’t get through.

But that’s only part of the scam. The crooks then call the bank posing as the victim, complaining that a recently requested transfer is being blocked, and explaining that the reason they didn’t get the all-important verification call was because of “phone problems.”

It’s a clever mixture of two well-known types of attack; Denial of Service, where the thieves “attack” your phone number with traffic that ties up the line; and social engineering, where the thieves actually call your bank, speak to a live person, and put on a great act pretending to be an irritated you.

And apparently it works. Wired magazine tells the story of one victim who lost $400,000 in retirement savings to the scam.

Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts

http://www.wired.com/threatlevel/2010/05/telephony-dos

Save face on FaceBook with SaveFace

In response to the endless battles between FaceBook and its detractors over FaceBook’s seeming determination to put an end to privacy, a Silicon Valley company has come up with an interesting and innovative peace maker.

It’s called SaveFace, a free utility that will quickly and automatically revert all your FaceBook privacy levels back to their original and much safer settings.

SaveFace is a simple-to-install app that will sit in your browser toolbar and with just a couple of clicks will change all your privacy settings – including your wall, profile, and all photo albums – to just Friends.

According to the company “recent actions and security breaches have turned user fear into resentment. Facebook remains a valuable service to most users, it’s time to empower users to take their private data back – and to allow everybody to SaveFace.”

In launching the product, the CEO of the company talked about how it took him more than 100 clicks to undo all the recent changes that FaceBook had forced on him through recent privacy updates. Maybe FaceBook is not quite ready to save face, but you can.

Untangle® launches SaveFace

http://www.streetinsider.com/Press+Releases/Untangle%C2%AE+launches+SaveFace%E2%84%A2/5647555.html

An Avalanche of phishing

I’m sure by now you’re aware of the threat of phishing and how widely it’s used to commit identity theft by sending emails that look like they’re from your bank or credit card company and requesting your confidential information. If you haven’t heard of phishing, put down the computer and step away from the internet.

Phishing scams are getting more sophisticated and effective, especially as organized crime gangs try to stay one step ahead of the security measures taken by the financial industry and others.

But a recent report found that just one crime gang, codenamed Avalanche, was responsible for the majority of recent phishing attacks around the world. Call it a phishing monopoly, according to the Anti Phishing Working Group (APWG) Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

According to the APWG, there were at least 126,697 phishing attacks recorded in the second half of 2009 – more than double the number of attacks recorded in the first half of the year.

And what’s more disturbing, the criminal network created and managed by the Avalanche gang was also used  to distribute the notorious Zeus Trojan, a sophisticated banking Trojan that has been wreaking havoc on banks and consumers for nearly a year as it sneaks on to computers, disables anti-virus protection, bypasses bank security, and quickly empties victim bank accounts.

Lessons learned?

• Cybercrime, phishing, and identity theft are no longer the domains of amateurs, but sophisticated, well-funded, professional crime gangs who are very clever at tricking you into falling for their scams.
• Always be suspect of any email you receive that is not expected or recognized, and never ever respond to an email that asks you to provide or update a password or any financial information.
• Keep all your security software constantly updated as a defense against Trojans and other dangerous malware.
• Consider using a technology like ID Vault® to make sure that your passwords are protected and that the site you’re logging on to is legitimate.

McAfee offers a peak inside the world of global cybercrime

Every three months or so, security firm McAfee does a roundup of what’s going on in the world of cybercriminals, the latest scams and schemes being cooked up, and who’s being targeted.

We’ve highlighted just a selection of the cybercrime intelligence gathered by McAfee’s latest Global Threat Report.

For example:

• In 2009 McAfee identified more than 16 million different kinds of malware, up from 10 million in 2008. In just the first three months of 2010, the company had already identified more than 3 million pieces of malware. That averages 40,000 types of malware every single day.
• One of the most popular types of cybercrime is scareware, or fake security software. This scam tries to convince users that their computers are infected and they should immediately purchase software to remove it. According to McAfee and other security firms “scareware developers earn a phenomenal amount of money from their victims.”
• Manipulating search engine results can generate significant revenues for cybercriminals from fake security software, as well as advertising income from click fraud.
• The Zeus Trojan is used by cybercriminals to blend password stealers with other crimes like pornography and fake security software. And the main target for these attacks is Facebook and its users.
• Between January and March 2010, an average of 139 billion spam emails were detected every day, accounting for nearly 90% of all email traffic.
• Viagra and male-enhancement messages made up the majority of the spam so far this year, accounting for more than 71 percent of spam traffic.
• One of the most unexpected results, according to McAfee, is the significant amount of diploma spam coming from China, South Korea, and Vietnam. Diploma spam advertises forged documents to establish qualifications for jobs and other activities.

Lessons learned?

• As the criminals become more resourceful, creative, and talented, it will pay you as a consumer to become more aware, vigilant, and prepared.
• Don’t treat spam as just an irritation. Many spam emails hide dangerous payloads designed to infect your computer and steal your information.
• Keep your anti-virus software up-to-date, and always be suspicious of a pop-up warning you of an infection and requiring you to pay to resolve it.

Related posts:

1. Weekly News Wrap-Up for 19 April 2010 Spam keeps getting worse According to the latest State of...
2. Weekly News Wrap-Up for May 10, 2010 Most anti-virus software vulnerable to new attacks In another example...
3. Weekly News Roundup for May 6, 2010 Computer contractor gets five years for $2 Million credit union...

Related posts brought to you by Yet Another Related Posts Plugin.

This is National Police Week, an opportunity to acknowledge the sacrifice law enforcement officers and their families make on our behalf.  The financial services companies that belong to ITAC, the Identity Theft Assistance Center, are especially grateful. We know it’s a difficult and dangerous job. Our members work with law enforcement everyday to keep you and your money safe.

The bad guys are turning from guns to sophisticated cybercrimes to rob banks, merchants and consumers of large sums of money. One recent case demonstrates the nefarious methods used by fraudsters to gain access to your money and how banks work to protect you and your money. In this case, the good guys won.

Two Belarusian nationals, Dmitry Naskovets and Sergey Semashko, were arrested last month on suspicion of creating and operating CallService.biz, a Russian-language site for identity criminals who traffic in stolen bank account data and other information.  The website was, among other things, designed to counteract security measures put in place by financial institutions.  Legitimate security measures require persons seeking to make transfers or withdrawals from accounts, or to conduct other financial transactions, to verify by telephone certain information associated with the account. Businesses that accept online or telephone purchases by credit card have similar security measures. Representatives at these financial institutions and businesses are trained to make sure that persons purporting over the telephone to be account holders appear to fit the account holder’s profile. So if an account holder is an American female, the screener is supposed to make sure the caller speaks English, and does in fact sound like a female.

In the case of CallService.biz, if a criminal wanted to access a person’s line of credit they would provide the account holder’s biographical information, including the account holder’s name, address, Social Security number, e-mail address and even answers to security questions the financial institution might ask to verify the account holder’s identity.  CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.

The site boasted that its purveyors had served more than 2,000 criminal customers.  Naskovets and Semashko advertised their services on other sites, such as CardingWorld.cc.  The ads boasted that their team had conducted more than 5,400 “confirmation calls” to banks.

The FBI seized the domain name pursuant to a seizure warrant.

Law enforcement held the winning hand in this case based on solid police work and international cooperation.  The loser, Naskovets, faces a maximum sentence of 39½ years in prison.  Financial services companies advocate tough sentences for criminals like Naskovets and Semashko in order to send a clear message: If you try to defeat our systems and defraud our customers, you will go to prison for a long time.

In honor of National Police Week, we salute the police force and their dedication to keeping our communities safe.

Related posts:

1. Identity Theft: An International Conspiracy One of the reasons it has been difficult for the...
2. Identity Fraud Fact: Little Guy is Big Target Banking and financial services providers may continue to feel the...
3. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...

Related posts brought to you by Yet Another Related Posts Plugin.

Most anti-virus software vulnerable to new attacks

In another example of why we should never take fundamental security, like anti-virus software, for granted, a security research firm has discovered a vulnerability that is able to poke a hole in almost every popular personal security software program.

A group of Czech researchers found that out of the 35 security products they tested, almost all of them were vulnerable to a complex exploit that could allow rogue or malicious software to bypass basic security.

In one scenario, the attackers could bypass anti-virus protection and then replace that security software with their own – kind of like allowing shoplifters to take charge of the store.

Lessons learned?

• Even with the best security, no computer is completely immune. So make sure you have lots of security layers to protect you.
• Avoid storing your most sensitive information on any computer that’s connected to the internet. If you have to, use encryption to lock that information on your hard drive.

Researchers spot widespread antivirus flaw

http://news.cnet.com/8301-1009_3-20004669-83.html?tag=mncol;title

Fake iTunes certificate

Did you receive any emails recently telling you that you had won a gift card from iTunes? I received four or five of them in just twenty-four hours and they were actually quite convincing. Appearing to be coming directly from iTunes.com, they especially caught my attention because I had just purchased an iPhone and created an iTunes account..

The email came with a zipped attachment that supposedly included the gift certificate, and the email read:

“Hello!

You have received an iTunes Gift Certificate in the amount of $50.00

You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.”

Lessons learned?

• If it looks too good to be true, it probably is. And if you receive an email similar to the one above, it’s not your lucky day – just delete it.
• Don’t click on any email attachments you’re not expecting or that appear in any way suspicious.

Facebook Privacy in the Spotlight Again

It seems that Facebook just can’t stay out of the privacy crosshairs, and rightly so. In the same week as the Federal Trade Commission received more complaints about Facebook’s questionable privacy policies and practices, Facebook itself (it is an “it” right?) admitted that a “bug” in its own system had been allowing some Facebook users to view their friends’ private chat sessions.

It’s not known how long this bug existed or how many people knew about it, but I’m sure there are plenty of worried Facebook users regretting using Facebook to share their most intimate, and supposedly private thoughts.

At around the same time, Facebook users were also learning that Facebook had quietly introduced a feature that allowed the installation of those information-hungry apps to a user’s profile without the user’s permission.

As for the FTC complaint, it resulted from a 38-page filing by the Electronic Privacy Information Center demanding that Facebook cancel all those major privacy changes it introduced just a few weeks ago that had caused so much uproar.

For whatever reason, it seems like Facebook is absolutely fanatical about acquiring, sharing, and exposing as much user data as it legally can. I know the business logic behind it but I also hear a growing chorus from fed-up Facebook users threatening to abandon their Facebook world altogether.

Lessons learned?

• Peter Eckersley from the Electronic Frontier Foundation said it best – “What you don’t want the world to know about, don’t put it on Facebook.”
• If you’re worried about privacy, then Facebook isn’t the place for you.
• If you’re addicted to Facebook, then use it with great care and caution. Get intimately familiar with Facebook’s privacy options, edit yourself heavily, and embrace your mysterious side – meaning the less you say about yourself, the better!

Consumer groups hammer Facebook privacy violations in federal complaint

http://www.networkworld.com/news/2010/050610-facebook-privacy-violations.html?hpg1=bn

Students can be especially vulnerable to identity theft

We’ve always known that students are just as vulnerable to identity theft as any other group. But while it was always assumed that students were more likely to become victims either because of relaxed data security at schools, or simply risky behavior by students who don’t think about security, a number of recent cases suggest that students are increasingly vulnerable to the people they trust most.

In one recent case, a former teacher at a school in Florida was charged with opening or trying to open seventeen new credit accounts using personal student information she stole from the school. It’s not clear how she got her hands on the information but it included student names, dates of birth and even Social Security numbers.

And in another case, a former University of Central Missouri police officer and his wife plead guilty to multiple counts of identity theft. The two had managed to steal a student enrollment list and used the information, including student Social Security numbers, to victimize more than 250 students and rack up fraudulent charges of more than $30,000.

That incident required the University to comply with strict data breach response measures that are likely to cost the university hundreds of thousands of dollars in breach response, investigations, victim support, and fines.

School staff isn’t the only theat. Just last January, at the very same University, a former and a current student were arrested on charges of identity theft when a file containing more than 60,000 personal records was found in their possession.

And what happened to the campus police officer whose theft triggered that massive data breach response? He received probation.

Lessons learned?

• Talk to your kids about security and identity theft, and educate them to be vigilant about how they share their personal information at school.

• Talk to the school, ask them the right questions, and satisfy yourself that they’re doing everything they should to protect sensitive student information in their possession.
• If your kids have credit reports or Social Security numbers, monitor them carefully. The last thing your kids want when applying for college is someone else’s rap sheet for fraud.

FBI task force reveals UCM security breach

http://www.allbusiness.com/crime-law-enforcement-corrections/criminal-offenses/13761844-1.html

Related posts:

1. Weekly News Wrap-Up for 19 April 2010 Spam keeps getting worse According to the latest State of...
2. Weekly News Roundup for May 6, 2010 Computer contractor gets five years for $2 Million credit union...
3. This Week InSecurity for 12 April 2010 Bogus Ikea gift card scams thousands of Facebook users (Or...

Related posts brought to you by Yet Another Related Posts Plugin.

Teenage hacking is nothing new. Jonathan James was the first juvenile sent to prison for hacking, and was just 16 years old when he was sentenced to six months in prison in 2000 after he hacked into the computers of NASA’s Defense Threat Reduction Agency. In that same year, a 15-year-old Canadian hacker using the codename MafiaBoy used his hacking skills to close down some of the world’s busiest web sites including Yahoo!, eBay, and CNN. And in 2003, an 18-year-old from Minnesota admitted to creating the Blaster computer worm that infected tens of thousands of computers in just a few days.

And while more recent adult hackers are often employed by criminal cybergangs and state sponsors of cyberespionage, teenage hacking may be on the rise again thanks in part to Facebook. A recent survey by an Israeli security firm into the secret lives of teenagers found that many engage in a bedroom hobby that their parents might not approve of. According to the study, which interviewed 1,000 teens in New York, and another 1,000 in London, one in every six American teenagers admits to hacking – breaking into things like computers, web sites, and email accounts – while one in four British teenagers have tried their hand at it.

Tufin Technologies, in their own survey, cite that “Exactly half (50%) of US kids sampled revealed they’d had their Facebook or email account hacked, which may explain why 75% feel hacking is wrong and 70% think it should be considered a criminal offense.”  Only 15% of the entire sample has either been caught or knows someone who has.

Why hack?
According to the study “The most common reason cited for hacking was for fun (54%), followed by curiosity (30%). Fourteen percent that hack aimed to cause disruption. And a resourceful 7% of US kids thought they could generate an income from the activity, with 6% viewing it as a viable career path!”

Who hacks?
While most were boys, nearly 30% were girls. American kids hack less, and get caught hacking substantially less than their UK counterparts. Additionally, just in the US, 34%  had already hacked by age 13 and 52% hacked between the ages of 14-16.

Is hacking cool or uncool?
Seventy percent of UK teenagers thought hacking was “uncool” versus 61% of US teenagers.  And while roughly 70% of US students thought hackers should be viewed as criminals and be punished by the law, only 53% of UK teenagers agreed.

Will you get caught if you hack?
In the UK, 27% of teen hackers have been caught or know someone who has been caught hacking, as opposed to only 15% in the US.

Who’s the biggest target?
Facebook, of course, followed by their friends’ email accounts are the primary targets. In the US, half of the teens said they have had their Facebook or email accounts compromised.

Where does the hacking happen?
In the US, home is the favorite hacking haunt, favored by more than half of US teen hackers, twice as many as in the UK. Roughly a quarter of hackers on both sides of the Atlantic admitted to using school computers to hack.

http://tufin.com/news_events_press_releases.php?index=2010-04-14

Teens often don’t appreciate the impact of some of the things they do and say, and what some teens might view as a prank, a dare, or a way to show off, others might view more seriously. Even an innocent attempt at hacking might end a teen up in court, facing fines and court costs, civil penalties, a criminal record, and even jail time.

It could also impact their college plans and future job opportunities. So if your kids are active online and you’re concerned that they might have certain skills and inclinations that could get them into trouble, maybe it’s time to sit them down and say “Honey, I think you’re now old enough for us to have that chat about the ‘H’ word.”

When hackers are caught, their time lurking in the shadows is brought to an abrupt end. Jonathan James was later suspected to have some involvement in series of massive hacking attacks against a number of retail stores including TJ Maxx, DSW Shoes, and Officemax. He continued to proclaim his innocence, but with an apparent conviction looming ahead and  negative attention and publicity, he took his own life on May 18, 2008. This is a more extreme, dramatic outcome to cite; but the story of Jonathan James, America’s first juvenile hacker, serves as a cautionary tale for any teen curious about hacking. IF your teen or a teen you know is still curious, it wouldn’t hurt to cite the 18-year-old who admitted creating the Blaster worm out of curiosity. He was sentenced to 18 months in prison.

Regardless if it is the lure of a clandestine lifestyle or simple the Hollywood image conjured in films like Hackers, the fallout after an arrest, much like residual data on a hard drive, is difficult to purge.

Related posts:

1. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
2. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
3. Reflections from a Black Hat Hackers’ Conference (Part Two) The following special blog post is the conclusion of a...

Related posts brought to you by Yet Another Related Posts Plugin.

Computer contractor gets five years for $2 Million credit union theft

In a stark reminder of the danger of dishonest insiders, a computer technician in Utah was just sentenced to five years in prison for stealing nearly $2 million from four credit unions he was working for. The case highlighted the risk every business and individual takes when you allow a third party access to your computer or your information.

In the Utah case, the technician was employed by a third-party contractor hired by the credit unions to provide computer and network support services. Which of course allowed him access to their most valuable assets – their data. He used that access to simply transfer money from the credit union accounts into his own account.

It’s bad enough that he managed to steal nearly $2 million from the credit unions, but he was able to steal large sums of money from their accounts, undetected, for two years.

According to an article on the theft in Network World, thefts, frauds and cybercrimes by insiders are the biggest threat for many organizations. Not only are the individuals able to use inside knowledge to carry out their crimes, they often have the knowledge needed to hide their tracks – for months, years, or possibly even forever.

Lessons learned?

• Know where your money is at all times; monitoring credit data is a very good idea. It’s crazy that nobody was able to detect these unauthorized transactions for up to two years and sound the alarm.
• If you’re going to let someone have access to your computer or network, even at home (1) make sure you check their backgrounds first – a criminal background check is very affordable; (2) only give them access to what they really need to work on; and (3) don’t be afraid to let the individual know that you’ll be watching, double-checking, and verifying everything they do. For extra security, change your password.

Computer contractor gets five years for $2M credit union theft
http://www.networkworld.com/news/2010/043010-computer-contractor-gets-five-years.html?source=NWWNLE_nlt_security_2010-05-03

Fake anti-virus software now makes up 15% of malware according to Google

It’s probably safe to say that no-one knows the Internet better than Google. Which is why I paid attention to a report from Google about how a scan of nearly a quarter of a billion of their own web pages  between January 2009 and February 2010 uncovered a very troubling trend.

Google found that 15% of the malicious software or malware hidden in these sites waiting to infect unsuspecting or protected surfers was in fact fake anti-virus software.

Fake anti-virus software is a scam that nets crooks hundreds of millions of dollars every year by infecting unprotected computers, generating pop-ups that warn users that the fake anti-virus software has detected a virus, and that for a modest fee – often the cost of real anti-virus software –  the virus will be removed.

Of course the anti-virus software is no more real than the virus it supposedly detected. And to make matters worse, paying what’s essentially a ransom is no guarantee that the real infection on your computer – the fake anti-virus software – will simply go away.

And even the most secure sites are not immune. Only this week it was reported that the web site of the US Treasury had been hacked into and was actively serving up malicious software to visitors to that site.

Lessons learned?

• There are millions of web sites that hide malicious malware ready to infect unsuspecting surfers. The best way to avoid being the next victim is to make sure you constantly update your operating system, browser, firewall, and anti-virus software. It can all be done automatically so there’s no excuse.

• Consider using one of the many free browser security tools, like Finjan’s free SecureBrowsing tool that checks and verifies web sites for lurking malware infections before you click on the site.

• A product like ID Vault can help make sure you don’t end up on web sites you didn’t intend to visit (like mistyping a url), and can also protect any information you send to legitimate sites, like your username and password.

Google: Fake antivirus is 15 percent of all malware

http://news.cnet.com/8301-27080_3-20003340-245.html?tag=mncol;title

US Treasury Web Sites Hacked, Serving Malware

http://news.yahoo.com/s/pcworld/20100504/tc_pcworld/ustreasurywebsiteshackedservingmalware

The Federal Trade Commission tries to romance your mom into avoiding identity theft

For some strange reason, the Federal Trade Commission (FTC) has chosen Mother’s Day to make mothers around the world more aware of the dangers of identity theft. Not sure why they’re picking on mothers but I suppose any improvement in awareness is a good thing.

But what struck me was the FTC’s risqué attempt at creativity. They decided to create an ecard for Mother’s Day – a link you can send to your mom who in turn can pick up an online ecard and listen to a pleasant elevator tune while getting a serious lecture on avoiding the perils of identity theft.

Now I applaud the FTC for looking at creative ways to make moms more security aware. But since the security community has been trying for years to teach users to avoid ecards from unusual sources (because they’re such an effective way to spread viruses, Trojans and other pests), I’m not sure the FTC really thought this one through.

Here’s the link to the ad – judge for yourself. And Happy Mother’s Day.

http://www.ftc.gov/mom

Facebook users still giving it all away

A study just released by Consumer Reports into the online behavior of Facebook users told us nothing that we didn’t already know, yet it’s still worth paying attention to.

The study of 2,000 households earlier this year exposed the risky habits of Facebook users that constantly expose themselves and their families to a whole host of creepy threats.

For example:

• More than half of users surveyed admitted to posting a variety of information that is a goldmine for scammers, stalkers, and identity thieves. Information like date of birth, employer and home address.

• 38% of users still post their entire birthday – month, day and year. What they don’t know is how valuable that small piece of information is to thieves trying to put together the key pieces required to clone a stranger’s identity.

• 21% posted photos of their children.

• 13% posted the names of their children.

So it looks like the security and privacy message is still not getting through to most Facebook users.

Lessons learned?

• Talk about trivial things, like the weather, as much as you want. But before posting anything more serious, think first: what would an identity thief want?

• Talk about your plans, like a vacation, after the event. That way it’s too late for anyone to take advantage of it. Besides, won’t your friends want to know how great your European road trip actually went, more than when you’re heading for the airport?

• Get intimately acquainted with the Privacy Settings on Facebook because they can be your best friend. And once you become good friends, take full advantage of them.

Social network users found to endanger privacy (San Francisco Chronicle)
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/05/04/BU051D8V3E.DTL

Related posts:

1. Weekly News Wrap-Up for 19 April 2010 Spam keeps getting worse According to the latest State of...
2. Searching for Bright Spots: A Privacy Microscope on 2010 The easiest thing to do in scoping out the electronic...
3. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

If you are not already aware of this fact, let me state it plain and simple: The days when hackers were only interested in your bank and brokerage account user names and passwords just to clean out your accounts are long gone.

Oh, they’re still out there; but there is a very robust market for these types of credentials for popular social networking sites and multi-person online gaming sites. Dating as far back as 2006, a hacker can make more money by stealing your user name and password for your interactive online game, change those credentials once they sign in, and then take over your character and identity, and sell it on online forums. It is highly profitable, and it is happening by the thousands every day. There is real commerce in information and very few sites, if any, can tell me as much about a person as their Facebook account. Recently, a hacker put up for sale 1.5 million Facebook ID’s for pennies on the dollar. In this instance, he does not want to have to do the work of skimming the information from the victims’ site, building an identity with that information and then victimizing the person. For the hacker this is a “wholesale” opportunity. For the Facebook person who has been victimized, it is a nightmare in process. Consumers need to clearly understand that when someone has their online user names and passwords, they are then you! They have full access to your sites, accounts, money and identity.

Stories and blogs are written every day about the problem, and the solution is really quite simple: Use an online tool or application that provides safe, secure access on the internet and thwarts the hackers every time.

Wake Up…Be Safe.

Related posts:

1. Why Identity Protection for Kids Matters People blog. That may sound like an obvious statement, but...
2. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
3. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...

Related posts brought to you by Yet Another Related Posts Plugin.

Everyone needs to pay very close attention to Facebook’s recent announcement that Facebook applications and external third-party websites will be allowed to use and store users’ information unless you revoke permission.  Since the default setting is now  to allow Facebook to share your name, profile picture, gender, and connections,; external sites like Yelp and Pandora can use your information to customize their functionality to your personality unless you change your privacy settings or click “No thanks” each time you visit one of the selected external sites.

The popular social networking site’s latest move to loosen privacy settings is not all that surprising given it comes on the heels of a series of moves toward less user control over personal information by Facebook and other social sites.  Just last week, Facebook also quietly rolled out a change in user profiles that allows “current city, hometown, education and work, and likes and interests” to be shared publicly outside of your network of friends.  Since there is no option to restrict who views much of your personal information, your only option as of now is to delete those fields.

While the privacy changes are being made incrementally, they represent a fundamental change in the way we interact on Facebook and could spill over to other websites—perhaps even without your actual knowledge.  Since today’s companies are increasingly blurring the line between where private information and public information is, consumers need to be even more careful in how we interact on Facebook and become even more vigilant in protecting our personal information from falling into the wrong hands.

We’ve talked a lot about practical ways to keep your personal information safe here on IDGuardian.com, including this recent post on college graduates and their social media profile.  For a really helpful how-to guide to auditing your Facebook privacy settings, also check out this recent article on FastCompany.com.

Related posts:

1. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
2. Footprints to a College Graduate’s Social Media Profile (Part I) Millions of college graduates getting ready to embark upon the...
3. WARNING: Facebook Scam If you are on Facebook (as are over 300 million...

Related posts brought to you by Yet Another Related Posts Plugin.

Health care reform has been in the news a lot lately, primarily because Congress has passed a historic healthcare reform bill. At the same time, the government is using Recovery Act money to initiate large-scale health information systems projects where doctors, hospitals, insurance agencies, and the government itself will ultimately store and share sensitive patient information.  While everyone is thinking about medicine, healthcare, and health insurance reform, let’s take a look at the darker side of all this. No, I’m not talking about how it is all a façade to raise taxes while continuing to fill the coffers of big-time lobbyist insurance companies; I’m talking about the risks presented by pooling all of your Personally Idenitfiable Information (PII) with your lifetime health history and storing it online.

I’ve written plenty about identity theft, but what you probably don’t know is that I spent the first 10 years of my career in IT at a medical research and care facility. I was building electronic medical record systems almost 20 years ago, plus I’m actively consulting to doctor’s offices.  I’ve got some pretty good insight into how doctors, their staff, IT, patients, and government regulators think.

I can tell you right now, doctors and computers don’t mix.  In their minds, doctors have more important things to do, like saving lives, than learning how to use a computer and follow security protocols. Their jobs are very hard, and if you’re not a doctor you couldn’t possibly comprehend the responsibility they have. Many view computers as dehumanizing and refuse to take notes into anything other than a paper chart. To these guys, security is a hindrance instead of an enabler. As recently as 2 weeks ago, an MD told me that he needed me to open his office firewall so he could run a remote access product on his desktop and get to his calendar. I tried to explain how this is probably the least secure method of calendar sharing ever, but to no avail. His answers included, “I’m a doctor, why can’t I do what I want?”, “who would hack me for useless patient information?”, and “Matt, why do you have to make things so difficult?” How far do you think this attitude will go towards protecting your medical identity?

Before you answer that, let’s look at why your medical identity is important.  (By the way, AHIMA maintains an excellent medical identity theft resource page with tips for providers, IT, and patients.)

A recent study by Ponemon Institute, sponsored by credit reporting firm Experian, found that 9 percent of US adults have been victims of identity fraud, and, of those, nearly 6 percent are estimated to be victims of medical-related identity fraud, which behind some tricky math works out to 1.4 million people.

Here’s the shocker: the average total cost to resolve a medical identity theft incident, according to the survey, came to a whopping $20,000. More than half of the victims said they had to pay for the care they didn’t receive out of their own pocket to restore coverage. Nearly half said they lost their health care coverage as a result of the incident, while nearly one-third said their insurance premiums went up after the event. Fewer than 10 percent of survey respondents said that the matter affecting them was completely resolved and their identity restored, while 40 percent said they were not able to resolve the matter.

And here’s the kicker: now the thief’s medical information is integrated with yours. And that will be close to impossible to have corrected unless it is as simple as you being a 75 year old male that, according to this chart and insurance payment record, gave birth last week. Now we’re not just talking about risking money, we’re talking about risking health and well-being. There are many, many stories of victims who had their insurance card stolen, along with their medical identity.  They ultimately catch it – the providers and the insurance agencies rarely catch this as there is apparently no advantage to halting fraud for them – and have the billing issues cleared up.  Unfortunately, the next time they get sick, their charts are filled with someone else’s information.  And that could easily lead to medical damage.

A recent study from Kroll Fraud Solutions titled “2010 HIMSS Analytics Report: Security of Patient Data” concluded that “the healthcare provider industry continues to be a data breach risk as well as a primary target for data fraud and identity theft.” This is because PII and protected health information (PHI) are collected and stored by providers everywhere. Hospitals are aggregators of birth and death which are often used for identity theft.

From the same study, this says it all:

“The patient data environment is in transition, with regulatory and healthcare reform legislation calling for widespread digitization and exchange of information (PHI and personally identifiable information or PII – not necessarily health-related, but sufficient for identity theft) within a networked environment where healthcare provider facilities are working with an ever-increasing pool of third parties, including Health Information Exchanges (HIEs), business associates, vendors, payors, etc. Even the best-planned migration scenarios create security gaps that represent opportunity for incidents such as breach and fraud. Based on the scope and complexity of the coming changes in the way patient data is accessed and shared, it is almost certain the industry will see an increase in breaches of PHI and PII, raising the importance of effective, security controls, monitoring, and response planning.”

It’s tough enough to pay for your own medical care.  Why pay for someone else’s?  Protect yourself by:

1. Safeguarding health information and insurance information.  This is deeply personal stuff.  Don’t share it.
2. Protect your Social Security number.
3. At the doctor’s office, protect your name.  Your full name should not appear on any list that other patients can read (such as a sign in sheet) and the receptionist should not call you in to see the doctor using your full name, for example, “Matt S.” is acceptable, but “Matt Sarrel” is not.
4. Review insurance statements when they arrive and immediately report suspected fraud.
5. Maintain copies of important medical information on your own.  You have a legal right to get copies of all information your doctor has about you (you technically still own it).  If your medical identity is stolen, then at least you will still have your real chart.
6. Don’t ignore mysterious collections letters for services you haven’t received.
7. Review credit history looking for medical liens.  This is what happens after someone uses your identity to steal healthcare service and you get sued for it.

Related posts:

1. Identity Theft: An International Conspiracy One of the reasons it has been difficult for the...
2. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online Welcome to the IDGuardian Podcast. These audio and video columns...
3. Making Gains in Fighting ID Theft Sometimes it’s hard to see the progress being made in...

Related posts brought to you by Yet Another Related Posts Plugin.

Spam keeps getting worse

According to the latest State of Spam report from security firm Symantec, spam now accounts for nearly 90% of all email in circulation. I could say “all email received” but in reality most email users only get a fraction of the spam email actually sent to them – because of good filtering by their ISPs –so they may not be aware of the deluge of junk email being processed every single day.

What’s more troubling is that nearly one in every five of these emails consisted of scams and phishing messages, and many of these scams are getting more sophisticated and harder to spot. And this new breed of spam is also better at scamming their way through filters and making it to your desktop.

It may also surprise you to learn that the United States was once again identified as the largest source of spam (24% of all spam compared to the next biggest source,  Brazil, churning out 5% of spam), and also the source of 52% of phishing scams.

And as an indication that spammers are using the latest news (natural disasters and tragedies, such as the earthquake in Haiti or the recent Icelandic volcano, for example) to trick users, eight out of the top 10 spam messages were promoting bogus job opportunities.

The State of Spam, April 2010 (Symantec)

http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_and_phishing_report_04-2010.en-us.pdf

Lessons learned?

• Don’t assume that spam is just an irritation. There’s always a clear profit motive behind every spam email you receive, and you’re that profit.

• The best way to annoy spammers and lose them money is to completely ignore every spam message you receive.

Porn users, meet your blackmailer

Users of a web service that provides access to porn movies found themselves being extorted by a Japanese cyber gang threatening to expose their porn use unless a ransom was paid.

The victims were invited to download a movie installer that they thought would give them unlimited access to pirated porn. Unfortunately for them, the software hid a Trojan horse program that requested the user’s personal information, including their email address, before they could access the movies.

Surprise surprise, when those users then reported receiving an email accusing them of copyright infringement and threatening to sue and expose their porn habit unless they paid a modest “fine.”

Of course there would be no legal action and the criminals were banking on the user’s fear of their porn use being exposed to persuade them to pay up quickly and quietly.

This kind of scam has spawned a very lucrative industry for criminals, and these gangs can make an average of $5 million a year from a single scam, according to a study by security firm SecureWorks.

One of the reasons these scams are so successful is because victims are often unwilling to come forward and report the crime. Thousands of victims fell for this porn scam, including a school principal.

New ‘name to shame’ extortion scam targets porn users (NetworkWorld)

http://www.networkworld.com/news/2010/041610-new-name-to-shame-extortion.html?source=NWWNLE_nlt_security_2010-04-19

In spite of rumors, young adults do care about online privacy

For whatever reason, it’s often assumed that young adults are more than willing to share their Personal Information, if they even care about it at all, in exchange for anything that’s free, quick, or easy.

But a new study just released by the University of California, Berkeley and the University of Pennsylvania seems to debunk that myth.

According to the study, conducted last year, adults of all ages still seemed to care about their privacy and about who has access to their personal information.

Amongst the study’s findings:

• 88% of people of all ages refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82% have refused.

• 86% believe that anyone who wants to post a photo or video of them on the Internet should get their permission first. The number was 82% amongst young adults.

• However, nearly half of young adults interviewed didn’t support large fines for organizations that violate privacy.

Study: Young adults do care about online privacy

http://news.yahoo.com/s/ap/20100415/ap_on_hi_te/us_tec_young_adults_privacy

Related posts:

1. Weekly News Wrap-Up for 28 May 2010 Data breaches and security come low on the list of...
2. Weekly News Wrap-Up for 17 May 2010 How the bad guys can empty your bank account from...
3. Weekly News Wrap-Up for May 10, 2010 Most anti-virus software vulnerable to new attacks In another example...

Related posts brought to you by Yet Another Related Posts Plugin.

Bogus Ikea gift card scams thousands of Facebook users
(Or how to scam 5,000 unwary users every hour!)

More than 100,000 Facebook users have admitted falling victim to yet another Facebook scam promising to give something away for free but instead taking away something valuable.

The scam began a couple of weeks ago with a simple but obvious ruse – become a fan of what looks like a legitimate IKEA fan page and then invite all your friends to join the club too. The bait is a free $1,000 IKEA certificate just for handing over your friends. But hurry! The offer is for one day and one day only.

After sharing all their personal information with what turned out to be a bogus page, fans got nothing accept a wake-up call. Seems like all the page was after was personal information that would more than likely be used in later identity thefts. The kind of information – like names, addresses, telephone numbers, and email addresses – that is not easily changed or protected.

When the scam first appeared in late march it hooked more than 70,000 victims in a matter of days, according to a story by PC World. When it resurfaced about a week later, the scam fan page was so convincing it continued to dupe new fans into signing up at the staggering rate of about 5,000 every hour.

And to add insult to injury, as part of the process to claim the free gift card, fans also had to sign up for some legitimate web loyalty programs on sites like Netflix, earning the scammers money for every click made.

Lessons learned?

• If it looks too good to be true, it probably is so resist the temptation to click.

• If you want to keep your friends, don’t press-gang them into scams and schemes that have a good chance of permanently ending the friendship.

• Don’t swap your personal information for anything on Facebook or anywhere else.

Ikea Gift Card Scam Takes in Nearly 40,000 Facebook Users (PCWorld)

http://www.pcworld.com/article/193905/ikea_gift_card_scam_takes_in_nearly_40000_facebook_users.html

Facebook warns of gift card scam (ConsumerAffairs.com)

http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/facebook-warns-of-gift-card-scam.aspx

A big privacy fine for the social networking site you’ve probably never heard of

Speaking of social networking sites, ever heard of Tagged.com? According to their web site, Tagged.com is the world’s third biggest social networking web site. And while it may not be on your radar yet, it certainly did come to the attention of San Francisco District Attorney Kamala Harris.

Ms. Harris just tagged a $650,000 fine on the company for sending out an estimated 60 million spam emails that falsely claimed that a Tagged member had just sent the recipient a private message but in order to view the message, the recipient would have to sign up and share their personal information with Tagged.

Tagged would then harvest that new member’s email contacts and begin the email campaign all over again – essentially tricking users into sharing their contacts with the end result of building a massive database of tricked users.

It was essentially a chain email scheme and Tagged got tagged for it. Tagged responded in a blog “a small but vocal minority expressed that we were too ambitious in our recruitment efforts. Accordingly, we voluntarily ceased the membership drive before being contacted by the press or any governmental authority.”

And then added the obligatory “I’m pleased to say that last week we settled our disagreement with San Francisco. We are thrilled to put the dispute behind us.” Blah, blah, blah.

Lessons learned?

• Ignore most email solicitations unless you know the source and can verify its authenticity.

• Read the fine print before you volunteer to share your precious contact book.

• Don’t mess with the San Francisco DA!

Tagged.com, San Francisco-based social network site fined (San Francisco Chronicle)

http://www.sfgate.com/cgi-bin/blogs/abraham/detail??blogid=95&entry_id=61167

San Francisco District Attorney Kamala D. Harris Announces – Settlement in Unfair Business Practices Action Against Social Networking Site

http://www.sfdistrictattorney.org/News.asp?id=603

How’s your “Security Index” feeling today?

Twice a year, tech giant Unisys releases its global Security Index – a captivating snapshot of how consumers around the world feel about all kinds of security issues.

Well, the latest results are just out and with some interesting results.

For example:

• Almost two-thirds (62%) of respondents are seriously concerned about bank card fraud.

• Americans are divided with regard to concern about computer security. Almost half (45%) of Americans are seriously concerned about this issue, while 29% are not concerned at all.

• While nearly one half (43%) of Americans are seriously concerned about the security of online transactions, 29% are not concerned at all. The report did add that “those who are unconcerned may also be consumers who do not shop or bank online.”

• Almost two-thirds (64%) are seriously concerned about unauthorized access to or misuse of personal information. This question was intended to address the issue of identity theft, and this along with national security is Americans’ #1 area of concern.

ID Theft, Card Fraud Top Consumer Concerns, Unisys Survey Finds (BankTech)

http://www.banktech.com/news/showArticle.jhtml?articleID=224400131&cid=RSSfeed_TechWeb

Related posts:

1. Weekly News Wrap-Up for 19 April 2010 Spam keeps getting worse According to the latest State of...

Related posts brought to you by Yet Another Related Posts Plugin.

With graduation season closing in, we have presented commentary on the graduate’s Social Media and Credit Footprints, long-lasting impressions that can make an impact on a person’s reputation particularly in the working world. If you are graduating, or know someone who is about to take that walk to accept academic accolades, extend to them this checklist for peace-of-mind and security when entering the commercial sector:

• More organizations are now using social media as a way to discover and hire new interns and employees. Check your social media profiles before starting a job search. When reviewing your Social Media footprint, remove:
  • Incriminating pictures, videos, and unfavorable comments posted on Facebook, blogs, Twitter, and other social networks.
  • Personal details and opinions about friends, politics, or other topics that could be misinterpreted if taken out of context.
  • Unfavorable opinions about a job interview that could get back to a potential employer.
• Take an objective look at your social media profile or have your parent or friends review it before reaching out to prospective employers.
  • Ask yourself if you are comfortable sharing your social media profile, as it exists today.
  • Conduct a thorough search of your online identity by googling your name
  • Review all social networks you are are enrolled in for personal references. Also check inactive accounts that may not have been cancelled.
  • Before sharing any personally identifiable information (PII) with any vendors, online or in the Real World, ask three important questions:
    1. Who needs to know?
    2. Why do they need to know it?
    3. How is this information being protected?

• Credit cards can be deceptively easy to use, particularly when virtually anything can be purchased with them. According to United College Marketing Services, on average, college students carry 2.8 credit cards with a balance of $885. How you manage credit today will impact you now and in the future. Consider:
  • Pay credit card bills on time, doing so will help you build a strong credit history. Missing just one payment or simply paying a bill a few days late can have a significantly negative impact on credit. Pay your credit cards on time and completely, if possible. Use credit cards wisely by paying off balances each month, charging only what is necessary.
  • Credit scores will impact what interest rate you receive on new loans, your ability to rent an apartment and to secure utilities including phone, electric, and gas, as well as undergoing employment background screening.
  • Review all three credit reports from the major Credit Reporting Agencies (CRA), available for free (one time per year) at www.annualcreditreport.com.
  • Enroll in credit and public record monitoring services so you can be alerted to changes to credit reports and to non-credit information (utilities, cell phones, etc.), and respond quickly to potentially fraudulent transactions. For more information visit:
    • Credit.com
    • IdentityGuard.com
    • ITACSentinel.com

A resume personifies a person’s experience and achievements based on their own perception. Credit profiles and public information convey a much more pragmatic story, and can either positively or negatively impact a person’s reputation. As mentioned in Part I, with education comes vigilance and with vigilance comes empowerment. It is essential, particularly in this Digital Age in which we live, thrive, and conduct commerce, to protect our unique identities and improve upon credit. We are sharing more and more information online, and while — once upon a time — it was easy to dismiss it as “Who will find it online?”, the rise of Social Media and the ease of information gathering via smartphones and iPads have now made personal information protection part of our daily lives.

Proactively take control of your credit and personal identity. It is never too early to take control of your credit and Social Media presence.

Related posts:

1. Footprints to a College Graduate’s Credit Profile (Part II) In a recent posting, we advised college graduates to take...
2. Footprints to a College Graduate’s Social Media Profile (Part I) Millions of college graduates getting ready to embark upon the...
3. Why Identity Protection for Kids Matters People blog. That may sound like an obvious statement, but...

Related posts brought to you by Yet Another Related Posts Plugin.

Administrators’ Note: With the Income Tax deadline closing in and today being “Tax Tip Thursday” we asked Neal O’Farrell to return to his earlier posting concerning Tax Scams. Enjoy this revamped edition of “The Taxman Cometh (and Identity Thieves are not far behind)” complete with our own tips in staying safe before and after the April deadline.

Is it just me or does it feel like tax time was not that long ago? As the tax deadline looms just around the corner, one group of citizens is just giddy with excitement. No, not tax preparers. For identity thieves, tax time is one of the best and busiest times of the year as they prey on unsuspecting taxpayers caught in a whirlwind of returns, refunds and rebates.

So why is tax time so good for identity thieves? Three simple reasons:

• A lot of money will be on the move as millions of citizens send and receive billions of dollars in tax payments over a very condensed period. According to the IRS during last year’s filing season nearly 100 million taxpayers received refunds totaling $260 billion. That doesn’t include all the checks that went out to the IRS from taxpayers.
• Tax time involves a lot of documents, laws, and communications – the ideal time to trick a busy taxpayer. And of course many of these documents contain the taxpayer’s crown jewels – name, address, spouse, employer, Social Security Number, bank account number and much more.
• The letters IRS scare most people and scare tactics have always worked well for thieves (Your computer has been infected, your bank account has been suspended – any of these sound familiar?)

Tax time scams are nothing new, and the scams we’ve seen so far this year are a predictable rehash of previous years. But what you really need to watch out for are more clever variations that are more likely to catch you off guard.

Most of the scams you’ll probably encounter this year will come in an email or phone message, although you shouldn’t rule out the possibility of a snail mail scam.

Here’s a selection of the kinds of tricks the scammers will use, and most are likely to come as pretty convincing IRS communications that will prey on fear, urgency, or greed:

• Someone else has submitted a tax return using your Social Security number and in order to fix the problem you’ll have to confirm your Social Security number (or submit an online dispute or claim form that includes your SSN).
• The IRS can expedite your refund if you submit your bank account and routing information.
• If you don’t accept direct deposit of your refund directly into your bank account, you’ll face a fee or penalty.
• The IRS has your stimulus check or rebate and would like to lodge it in your account. This can be a very effective trick because there are so many stimulus programs or discussions going on.
• The IRS would like you to participate in a taxpayer satisfaction survey which will eventually either ask you for personal information, or the link in the email will lead to a malicious download.
• The IRS now offers a generous installment payment plan if you owe taxes, and you can begin by submitting your bank account information.
• You’re being audited and you must respond within 24 hours using an online form.
• The IRS already sent you a check but it has not been cashed, and you’ll need to confirm your bank account information or Social Security number in order to have the check resent.

Banking Trojans are a major threat this year, and definitely not the kind of malicious software you want on your computer. These very sophisticated programs are designed to steal your bank login and password, clean out your bank accounts, and sneak away before you know it.

And if you have a banking Trojan on your computer when you file your taxes online, there’s a good chance you’ll lose your Social Security number too.

According to security firm Panda, Trojans made up nearly two thirds of all new malicious software identified during the first quarter of 2010, and the majority of these were banking Trojans according to the company.

Consumers are not the only target. Businesses can expect to receive fake IRS emails containing attachments purporting to be changes in tax laws, a tax problem with a specific employee, or threat of an audit.

The attachment or link is likely to contain a Trojan or other malware that could easily empty the victim’s bank account, and the FBI estimates that more than 200 businesses lost more than $40 million through this scam in 2009.

These can be very effective scams because businesses expect to receive this kind of correspondence, although they shouldn’t expect them by email.

And don’t just watch for IRS scams. There are numerous scams in circulation focusing on property tax appraisals, so keep an eye out from scam emails and even letters purporting to be from your local county tax assessor.

So what should you do to avoid being scammed?

• The Golden Rule! Always ignore every email or phone call you receive either from the IRS or local tax assessors. They will never email or call you – they always write.
• If you do receive a letter about your taxes, especially one that demands payments you’re not expecting, contact the IRS directly through their web site at www.irs.gov and use any case numbers included in the correspondence you received. They’ll tell you pretty quickly if they sent it.
• If you receive any emails at work purporting to be new tax laws or threats of an audit, again go directly to the IRS web site and contact them from there. Don’t open any attachments or click on any links.
• If you plan to make tax payments by check, make the check out to the Internal Revenue Service and not the IRS, because anyone who steals the check could easily change the letters and deposit the check. A few years ago a scammer made more than $500,000 by setting up a company called LRS Inc, stole tax checks from mail boxes, and easily changed IRS to LRS and deposited the checks in her own account.
• Scan your computer thoroughly and regularly for malicious software, and make sure you run a complete and deep scan before you complete or submit your tax returns online.
• Check your credit reports after tax time. If your Social Security number was compromised during the chaos, this is likely the time you’ll see strange things appearing on your credit reports.

Related posts:

1. The Tax Man Cometh (and identity thieves are not far behind) Is it just me or does it feel like tax...
2. Reflections from a Black Hat Hackers’ Conference (Part Two) The following special blog post is the conclusion of a...
3. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

In a recent posting, we advised college graduates to take a serious look at their social profiles with a particular focus on existing accounts with social networking sites. Now we turn our focus to credit profiles, and the relevance they play in job searches, new purchases, and house rentals or buying.

Credit is and will continue to be an integral part of our everyday lives and unfortunately, many adults, even those with business degrees, never learn the importance of maintaining and building good personal credit. The majority of students entering college are experiencing their first taste of freedom: no curfews, no daily parental guidance, and trial and error experiences that will help them grow personally and professionally. Credit card companies love college students, and enhance students’ new found independence with “free” money. It starts innocently enough, but as time goes on, students can and often do get in over their heads.

According to United College Marketing Services, on average, college students carry 2.8 credit cards with a balance of $885.   Since plastic can be deceptively easy to use, particularly when virtually anything can be purchased with a credit card – from the occasional meal at McDonalds to groceries to more extravagant purchases such as concert tickets and spring break vacations – it’s easy to understand how a small balance can quickly rise. If a student pays their bill on time, they can build a strong credit history that will benefit them in both the short and long run. But missing just one payment or simply paying a bill a few days late can have a significantly negative impact on their credit. Credit scores, the most familiar being  FICO, rate credit from “Very Poor” with a score starting at 350, to  “Excellent,”  having a  top score of 850. Credit scores are used to rate creditworthiness, including credit card balances versus credit limits, total debt, payment history, derogatory payments, and other key factors.    This score will determine the interest rate they  get on a new loan,  will weigh in on their ability to rent an apartment, to secure utilities including phone, electric, and gas, and interviewing for a job and undergoing employment background screening, a key factor in the hiring process.

Credit is important but good credit is essential. For students who are just entering school, remember to use those credit cards wisely, pay off balances each month, and charge only what is necessary. For new college graduates, while their credit history may be short, it is important to take the time to review all three credit reports from the major Credit Reporting Agencies (CRA), available for free (one time per year) at www.annualcreditreport.com.

Recent findings from the Javelin Strategy & Research 2010 Identity Fraud Survey Report revealed that younger consumers (18-24) suffer the highest fraud incident rates and take the longest time to detect fraud. Awareness of credit and personal information is key to protecting everyone’s most valuable personal asset — their identity. We strongly suggest that college students and graduates enroll in credit and public record monitoring services so they can be alerted to changes to their credit reports and to non credit information (utilities, cell phones, etc.) and respond quickly to potentially fraudulent transactions. Credit.com, IdentityGuard.com, and ITACSentinel.com provide helpful tips on credit management and identity theft protection.

It’s never too late to improve upon credit. Good financial health will save time and money both now and in the future. We encourage adults of all ages to proactively take control of their credit and personal identity. A resume personifies a person’s experience and achievements based on their own perception. A social identity is created by an individual and shaped by the virtual participation of ‘friends.’ Credit profiles and public information convey a much more pragmatic story that can have a positive or negative impact on a person’s identity and possibly result in denial of credit and employment opportunities. The good news:  it’s early enough in the credit cycle for graduates to take control of their credit and to make a difference in their future.

Related posts:

1. Footprints to a College Graduate’s Social Media Profile (Part I) Millions of college graduates getting ready to embark upon the...
2. The IDGuardian Podcast: Episode #008 — A Victim’s Story Welcome to the IDGuardian Podcast. These audio and video columns...
3. Identity Fraud Fact: Little Guy is Big Target Banking and financial services providers may continue to feel the...

Related posts brought to you by Yet Another Related Posts Plugin.

People blog. That may sound like an obvious statement, but it is worth repeating. From TheFutureBuzz blog, the statistics from the beginning of 2009 were as follows:

• 133,000,000 blogs were indexed by Technorati (a search engine specific to searching blogs) since 2002
• 346,000,000 people globally read blogs (from comScore March 2008)
• An average of 900,000 blog posts went live in a 24-hour period
• 77% of active Internet users read blogs
• 81 languages are represented in the blogosphere.
• 59% of bloggers have been blogging for at least 2 years

One statistic that is absent but TheStatesman.com found worth noting is that, according to research firm Nielsen Online, “women ages 25 to 54 with at least one child now account for 19.2% of the active online population.” These women are part of the influential community within the community referred to as “Mommy Bloggers”.

TheStatesman.com also reports that “…it’s tough to determine how many mom bloggers are actually out there. In 2005, Technorati estimated there were about 8,500 blogs where parents were writing about their kids. Now [in 2009], the number is certainly larger, but hard to ascertain because so-called mommy blogs (and daddy blogs, too) are classified as something else (craft blogs, coupon blogs, product review blogs).” While their numbers may be hard to pin down, their influence is clear. (Just ask Motrin following a failed 2008 “viral ad” campaign.) Currently in 2010, it can be expected that more moms and dads will enter the blogosphere or some other Social Media outlet (Facebook, podcasting, Twitter, etc.) to join a community of parents working together to raise their children.

What is alarming, though, are the instances when parents reveal too much information about their child and their lifestyles. A recent article in The Washington Post reported that 8% of Twitter users were teens, while comScore reported that the average user on Twitter is between the ages of 45-54. This insinuates that while the younger generation isn’t actively tweeting, updating their Facebook statuses, or blogging about their week, their parents may very well be, and in the process revealing the name of their school, their current whereabouts (soccer game, basketball game, etc.), or even more alarming, their names and names of friends. What may appear as innocuous details on the surface is a treasure trove of information that, at the very least, identity thieves can get a hold of and exploit. Perhaps we wouldn’t want to consider the worst case scenarios, but these scenarios are undeniable and slightly frightening truths that should not be dismissed.

By no means, though, are we endorsing or suggesting that mommy or daddy bloggers stop posting, that parental podcasters shut down their productions and delete their various accounts across social networks, or that children be quarantined from technology. What we do suggest are a few things to make your online communities and communications safer and stronger:

• Avoid using you child’s name online. When you are in a discussion online or putting together a commentary on a current issue, try to refer to your child by a code name. (Superhero names are particularly fun.) Do not punish yourself or others for the occasional slip, but do ask that close friends adhere to these code names when online.
• Disable GPS Location services when attending school or family events. It’s been a hot topic across the Internet. From the New York Times to CBS to this very blog, the debate over how much information is too much information continues. When sharing your status with social networks, keep places and events broad and generic. You can still share a picture of your son or daughter attending the event, but avoid posting coordinates or checking in with location-based vendors. Instead, post a photo and say “At my daughter’s concert. I’m so very proud of her.” That will convey the same message and carry the same sentiment without sharing your exact whereabouts.
• Keep your child’s computer in a high traffic location of the house. We have to take precautions with tools like computers, and accept that while kids know how they work, they may not grasp how vulnerable they can make themselves when going online. By placing a computer or laptop in an open area of your house, you can monitor your child’s online whereabouts. This includes:
  • Chat rooms
  • Forums
  • Online shopping

While some (including “tweens” and teens 13-15 years old) may look at this as “spying” keep these statistics in mind:

• One in five U.S. teenagers who regularly log on to the Internet say they have received an unwanted sexual solicitation via the Web. Solicitations were defined as requests to engage in sexual activities or sexual talk, or to give personal sexual information. (Crimes Against Children Research Center)
• 75% of children are willing to share personal information online about themselves and their family in exchange for goods and services. (eMarketer)
• 77% of the targets for online predators were age 14 or older.  Another 22% were users ages 10 to 13. (Crimes Against Children Research Center)

And to keep in mind at all times…

• Only 1/3 of households with Internet access are actively protecting their children with filtering or blocking software. (Center for Missing and Exploited Children)

You aren’t spying. You’re being a responsible parent.

• Understand How the “Wonder Widget” Works. Part of being a responsible parent also means getting a grasp at what “cool tech” is out there and how it works. This is probably the most difficult aspect of parenting as kids’ interests change almost as quickly as technology itself. (And usually, something is considered “uncool” when Mom and Dad figure it out.) However, it is a good idea if you know your child is getting into MySpace, asking for a smartphone for their birthday, or joining an MMO game (and if you don’t know what MMO stands for, this is part of understanding the trends in tech), you should have a basic idea of what the widget is, how it works, and more importantly  how vulnerable it could make your child.  No, you don’t have to be a Social Media expert, or a Level 41 Wizard in World of Warcraft; but a grasp of the basics can take you far.

It is very easy to regard identity protection as something exclusive for grown-up’s, but our children’s identity is equally as important.  By not considering where key points of  personal identifiable information (PII) are revealed and shared within  online communities and in everyday exchanges in the real world, we could be inadvertently placing our kids within harm’s way. From fraudulent credit card accounts to character-damaging actions online to the worst case scenario — personal danger — all are possible if parents do not stop and think before they blog, tweet, or post a Facebook update status.   Predators and identity thieves do not discriminate by age.  We are all susceptible and as adults, and parents, it is our responsibility to protect our children.

Related posts:

1. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
2. Identity Safety for Your Child The holiday’s bring out feelings of commonwealth, community, and goodwill.  ...
3. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...

Related posts brought to you by Yet Another Related Posts Plugin.

Millions of college graduates getting ready to embark upon the real world this year will find they are fighting for positions within an increasingly competitive job market. New suits, polished resumes, determination, optimism, and persistence can make all the difference in making it to the second interview…

…but it’s that first interview that will prove to be the most challenging.

Despite questions of legality, more organizations are now using social media as a way to discover and hire new interns and employees. More colleges and employment firms are recommending college grads use social media websites, such as LinkedIn, to enhance their job search. A virtual search from a prospective employer could mean the difference between getting the first interview and being immediately rejected.

We highly recommend students check their social media profiles before they begin their job search. According to Javelin Strategy & Research, more than 81 percent of Millennial’s (18-24 year olds) use social media networks to connect with friends and family, so it’s only natural that personal details in which this group has shared within their networks may re-surface when potential employers are screening applicants.

On average 96 percent of high school and college students use Facebook and 84 percent use YouTube, based on a study released by UNH Whitehorse School of Business (PDF). Imagine the type of information these students are posting on their websites:

• Pictures and videos from Spring Break where not only the owner has access to them but so do 1,000 of their ‘closest’ friends.
• Personal details and opinions about friends, politics, or other topics that could be misinterpreted if taken out of context.
• Unfavorable opinions about a job interview that could get back to a potential employer.
• Birth dates, travel plans, phone numbers, email addresses, and the like are all pieces of personal information that identity thieves can easily use to piece together an identity to be used for financial gain and personal ruin.

We recommend that college students take an objective look at their social media profile before they reach out to prospective employers. Graduates need to ask themselves if they are comfortable sharing their social profile, as it exists today—not with just their friends and family but also with potential employers and, quite possibly, the entire world.

Here are a few rules of thumb for young adults getting ready to enter the workforce:

• Conduct a thorough search of your online identity by googling your name
• Review all social networks you are are enrolled in for personal references. Also check inactive accounts that may not have been cancelled.
• Remove incriminating pictures, videos, and unfavorable comments posted on Facebook, blogs, Twitter, and other social networks.  It’s nearly impossible to remove every comment that has been posted about you, but starting over with a fresh new profile and shutting down old accounts might be your best option.

We live in a society that is enamored with technology and all the conveniences it has to offer, however, with convenience also comes risk, and consumers of all ages and demographics need to ask themselves three important questions before sharing any personal information:

1. Who needs to know?
2. Why do they need to know it?
3. How is this information being protected?

With education comes vigilance, with vigilance comes empowerment and we encourage every consumer, especially upcoming college graduates, to be vigilant when it comes to protecting their unique identities.

Related posts:

1. When a Stranger Comes Calling: Why Social Networking Could Be Fueling a New Era of Digital Burglars For today’s digital criminal, whose bread and butter is information...
2. Social Networks Increase Risks to Online Privacy There’s so much being written and said about the risk...
3. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...

Related posts brought to you by Yet Another Related Posts Plugin.

Hollywood, as we all know, loves to tap the vein of “trendy” for everything it’s worth. This is nothing new if you look back on the history of cinema. Silent films gave way to Talkies. Black and white eventually yielded to color. Cinemascope gave moviegoers a wider perspective on things. Horror movies like The Tingler and House of Wax broke the third wall and brought the audience into the action (although Vincent Price is enough to for me). Now with IMAX 3D being the hot gimmick, Hollywood continues to search for that “unforgettable experience” to get people into theatres.

While on Twitter, a colleague of mine — Ben Wassink — shared a Gizmodo article about a new idea knocking on Hollywood’s door. In the same way films like The Blair Witch Project, Cloverfield and Quarantine attempt to immerse the audience into a really scary situation, a company called 13^th Street produced the feature film Last Call. In Last Call, the protagonist is locked in a house straight out of Saw with a maniacal killer hunting her down and horrific images lurking around every corner. What is a Scream Queen to do? Simple: She whips out her mobile phone and calls for help…from someone in the audience.

According to Gizmodo’s Kyle VanHemert, this is how Last Call works:

“Audience members supply their cell numbers at the beginning of the screening and, at one point in the movie, one phone is selected to receive a call from the character on screen. Voice recognition software listens for the moviegoer’s commands and the story unfolds based on their instructions. From the looks of things it seems like it’s a ‘left’ or ‘right,’ ‘stay’ or ‘flee’ type of thing, so your exhortations for the main character to take off her clothes will likely go unfulfilled.”

The concept of Last Call sounds intriguing, but there is a burning question no one seems to be asking: What happens to all those unused mobile phone numbers? As seen in the trailer, you submit your number to a phone number provided by the movie studio. A Google Search for Last Call’s Terms of Service (TOS) for the film reveals…that their TOS is currently not online. This leaves us, the moviegoers, to guess exactly where our numbers will be stored, and what we will be left vulnerable to after the movie credits roll. (You might find a prophetic answer to this at timestamp 2:28 in the Last Call video clip.) It would be easy to presume that unused numbers would be removed from the database where they are stored, but how and when are they removed? Who is collecting these numbers? 13^th Street or an independent contractor? How secure are these databases? As discussed in a previous blogpost, the concept of volunteering information is all the rage, and people are willingly doing this to be “part of” something. The problem is there seem to be little to no consideration what this “total immersion” will cost.

According to the 2010 Javelin Study on Identity Theft, the newest avenue for identity thieves is the mobile phone. 15% of cases involving “existing accounts used to run up charges or commit fraud to victims” were traced back to acquired mobile phone numbers (page 35). Victims of credit card fraud reported “higher incidences of information accessed from a mobile phone without their permission” (page 29). Finally there is a new spin on phishing: smishing, a version of phishing utilizing text messages that directs victims to websites that downloads malicious spyware onto the victim’s mobile phone or computer (Appendix, page 87).

All this is happening from someone getting hold of your mobile phone number.

Before surrendering 10 of the most important numbers in your daily life, consider the following:

• When vendors ask for your phone number, ask why it is needed. Whether it is a supermarket, an electronics store, or other vendor, it doesn’t hurt to ask that simple question. Is this for future surveys, for an alternative identifying number, or for marketing purposes? If you can’t get an answer here, opt out for surrendering it.
• If surrendering your mobile phone number is optional in a transaction, keep it to yourself. Once upon a time, phone numbers were necessary to complete sales but this is no more. If you can still close the transaction without giving your number, don’t. Mobile phone numbers have become akin to Social Security Numbers, home addresses, and credit card numbers. While mobile numbers may be regarded as the “least sensitive” of PII (Personally Identifiable Information), they can still be exploited. Share your number with friends, family, and associates, by all means. When it comes to vendors both online and in the brick-and-mortar world, and social networking sites like Facebook, protect your mobile phone number at all costs.
• If you decide to “play along” with your mobile phone, read the Terms of Use first. Yes, Terms of Use may not be a riveting read ala Nora Roberts or James Patterson, but the Terms of Use will let you know exactly what is being done with your phone number. Whether it is Last Call, 24, American Idol, or Personal Effects: Dark Art, it is important to know what is being done with your number once it is submitted to a database of any kind. Will you be contacted as part of a customer survey? Will your number be sold to other vendors? Will there be any liability to this vendor if your number is suddenly involved in fraudulent activity? These are answers you need before casting your vote or stepping across the Looking Glass to play in Wonderland.

(Editor’s Note: ID Guardian was notified by author J.C. Hutchins that phone numbers calling in as part of his interactive thriller Personal Effects: Dark Art are not logged or stored anywhere. We appreciate the feedback on this matter. While we do cite his work as an example of audience interaction, in no way are we insinuating that Mr. Hutchins, the publisher, or the examples cited in this article are doing so. We are merely posing questions that consumers should consider.)

Mobile phone numbers are essential in staying in touch with companions and colleagues both locally, nationally, and internationally, and as we have evolved into an “on-the-go-communication” culture, these numbers are easy to take for granted. Mobile phone numbers can be used as keys to other accounts essential in everyday life, and these accounts can lead back to more sensitive personal data. So when asked for your input in a reality TV show or if you’re invited to “play along at home” through your mobile phone, stop and find out as much as you can about who is getting your number and what will be done with it once this special event draws to a close. It’s great fun to take part in the action, sure, but the good times stop abruptly when a stranger suddenly calls.

Related posts:

1. Changes in Latitudes, Changes in Attitudes If you are like us here at IDGuardian, you may...
2. Searching for Bright Spots: A Privacy Microscope on 2010 The easiest thing to do in scoping out the electronic...
3. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #008 — A Victim’s Story Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
3. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...

Related posts brought to you by Yet Another Related Posts Plugin.

Sometimes it’s hard to see the progress being made in the fight against identity theft, especially when you’re on the front lines.  That’s why I was encouraged by data from the 2010 Javelin Strategy & Research Identity Fraud Survey Report showing that more than half of identity theft victims surveyed filed police reports, resulting in a significant increase in arrests and convictions.

ITAC co-sponsored the report because we believe the fight against identity theft has to be guided by facts, not anecdotes.  My instinct – my hope – was that new state laws requiring local law enforcement to take reports of identity crime from consumers, plus the efforts of the International Association of Chiefs of Police, were paying off.  Still, it’s gratifying to see the hard numbers showing a nearly 50% increase in reporting.

The fact consumers are serving as their own victim advocates is particularly heartening to those of us who believe that an active partnership among consumers, industry and law enforcement is critical to fighting identity fraud.   Identity theft is far too pervasive and complex a crime to be addressed by a single entity.  Consumers and the private sector can provide law enforcement with valuable information to investigate individual crimes and identity theft rings.

Consumers should know that law enforcement, at all levels, recognize the seriousness of identity crime and its impact on individuals, the economy and national security.  Police have new online resources they can use to investigate identity fraud.  The National Governor’s Association brings together law enforcement though out the country to share resources and collaborate on solutions for helping victims.  Regional identity theft task forces – including the Richmond Identity Theft Task Force in Richmond, Virginia –  facilitate information sharing.  On the national level, the Obama administration’s newly established cyber security czar will focus on terrorist organizations that use fraud to finance their operations.

As a result of these efforts, we’re seeing bigger busts and stiffer sentences.  A recent success story involves the conviction of the ringleader of a $1.5 million identity-theft ring that victimized Federal Reserve Chairman Ben Bernanke.  Leonardo Zanders paid pickpockets and professional office employees to steal identifying information that he and others used to steal cash from bank accounts.  One of those pickpockets grabbed a pocketbook from Bernanke’s wife at a D.C. Starbucks. He then used her driver’s license and checkbook to cash $900 in checks from their bank account.  Zanders has been sentenced to 17 years in prison and ordered to pay back $1.4 million.

I’d like to see the private sector do a better job working with law enforcement when identity theft strikes their clients and customers.  Financial services companies were the first to pool information on identity theft for law enforcement.  Prior to the establishment of ITAC five years ago, companies shared information about identity theft cases on a company-by-company basis.  ITAC aggregates the data among many companies and shares it with hundreds of law enforcement agencies through the Federal Trade Commission and the U.S. Postal Inspection Service.  Zane Hill, deputy chief postal inspector, recently told us:  “Over the past five years Postal Inspectors identified and arrested suspects due to information gathered by ITAC.  The U.S. Postal Inspection Service values its partnership with ITAC.”

Other companies that handle sensitive consumer data – such as retailers and healthcare providers – should consider adopting the ITAC model to resolve identity theft crime and help law enforcement investigate the crime.

We still have a long way to go.  Filing a police report can still be a frustrating experience in municipalities that lack the resources to receive and investigate reports.  Consumers who are victimized by a friend or family member can be embarrassed or intimated and opt not to file a report at all.  We need to do a better job educating consumers it can be hard, and often seemingly fruitless, to file a report, but it’s the right thing to do.

As a true believer in the “we’re in this fight together” credo, this new data gives me hope that next year we’ll see a decline in identity theft and a further escalation in the rate of arrests and convictions.

Related posts:

1. Identity Fraud Fact: Little Guy is Big Target Banking and financial services providers may continue to feel the...
2. The IDGuardian Podcast: Episode #007 — Concerns with Small Businesses Welcome to the IDGuardian Podcast. These audio and video columns...
3. Searching for Bright Spots: A Privacy Microscope on 2010 The easiest thing to do in scoping out the electronic...

Related posts brought to you by Yet Another Related Posts Plugin.

If you are like us here at IDGuardian, you may be working on building yourself a Social Media presence. It could be for community outreach, a ways and means of increasing your business, or simply for fun. With any new technology, though, comes understanding; and sadly Social Media is becoming the proverbial “blinking 12:00 a.m.” of the Internet. People are jumping into networks blindly without a thought (or a care) as to exactly what they are doing. It is as if the buzz words “total transparency” have somehow completely robbed users of common sense, sending unhindered community participants headlong into what they believe is a Utopia of goodwill.

That was before a website shined a halogen lamp on things in an attempt to make people stop and think.

If you have noticed messages appearing on Twitter that read “I’m at Gary’s Burger Bar in Fairfax, VA…” or or “I just became the mayor of Mini-Market…”, you are connected with someone playing foursquare, a third-party site that serves as a Swiss Army Knife of sharing. Similar to BrightKite, foursquare shares on Twitter your current GPS coordinates when you “check in” and then recommends places to go and things to do in your immediate area. As the rest of your network also checks in, your account loads up with easy-to-find meet up places and new things to do wherever you may happen to be. Sounds like fun, doesn’t it?

Did I mention that foursquare is a game, too? With each place you check in from and the more you share, you unlock badges that get you anything from “tweet cred” to free merchandise from participating foursquare vendors. So now, in the spirit of healthy competition, Twitter users are in competition for what badges they can unlock and where they can rule as Mayor. All it costs users is your exact whereabouts.

While tweeting your location may seem utterly harmless (as it happens all the time on the network), there is a hazard involved, particularly as foursquare takes this concept to a new high by providing GPS-coordinates to where you are not at that moment: home.

This revelation attracted the attention of FortheHack, a collection of security professionals who, in turn, developed Please Rob Me, a website that lists players from foursquare’s feed as they check in. From their website, FortheHack developers warn that:

“The danger (in services like foursquare) is publicly telling people where you are. It gets even worse if you have ‘friends’ who want to colonize your house. “Colonizing” means they have to enter your address, to tell everyone where they are. Your address on the internet. The goal of Please Rob Me is to raise awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc.”

Since the site’s launch on Feb 17, 2010, there has been a heated debate over the ethics of FortheHack. Identity Theft expert Robert Siciliano appeared just last week on CBS calling out the flaws in Social Media and in PleaseRobMe.com. The website Mashable applauded FortheHack’s efforts stating “These guys have a legitimate point. Stories about status updates leading to burglaries are becoming commonplace…” while The Daily Telegraph reports “Privacy campaigners have expressed outrage at the website, which publishes a regular updated stream of ‘opportunities’ by detailing the names of Twitter users, when they left home and where they were currently located. Simon Davies, director of the Privacy International campaign group, said the website’s creators had ‘failed in their duty of care’.”

It is clear that Please Rob Me succeeds in one respect: scaring the pants off Twitter users. Instead of foursquare’s inviting “Check In! Find Your Friends! Unlock Your City!” you are greeted with “Listing All Those Empty Homes Out There! 12 New Opportunities!” Perhaps the only thing more mind-boggling than the website itself is the one pervading fact that Privacy advocates are glossing over: Please Rob Me is not combing Twitter for this data, but simply syndicating (via foursquare) tweets that are being volunteered by its players. This data is not being stolen, but freely given and made public.

That is truly scary.

So before you attempt to unlock that way-cool “Burrito Bandito” badge on a return trip to Chipotle, IDGuardian offers you (without even asking for your whereabouts) a few Twitter tips:

1. For your Twitter profile, avoid using GPS coordinates. When Twitter asks for your location, the closest city or major metro area (e.g., Washington, D.C., Chicago, IL) should work just fine.
2. Disable GPS options in third-party Twitter applications. These are the usual culprits responsible for going into your profile and giving your exact location, be it from your home or wherever you happen to be tweeting. Check the Preferences and Settings tabs of your Twitter applications, both online and on your smartphones.
3. Ask yourself why you want to give away your exact location on an open stream. This works both ways. While we have been talking about foursquare letting people know where you are not, keep in mind that foursquare (and other services like it) is also letting your network know where you are. A real boon for stalkers. Anybody can get on Twitter, and anybody can find you if you are willingly sharing such data on open networks.
4. Don’t be afraid to let people know where you are or what you are doing. Just be smart about it. You can still TwitPic your whereabouts and share with your network; but how much do you really want or need to share? It goes back to the analogy “If you don’t feel comfortable saying something in a crowded room of strangers, it is best not to tweet it.” The same can be applied to your location. Only tweet what you are comfortable with.

It’s okay to share on Twitter. Just don’t check your brains at the door and take a few simple steps to avoid being a target. A few precautions can be a good thing further down the road.

Related posts:

1. The Big “Phish” That Got Away (Thankfully) Yesterday started with a stir across the popular social network,...
2. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
3. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
2. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
3. The IDGuardian Podcast: Episode #007 — Concerns with Small Businesses Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

Banking and financial services providers may continue to feel the biggest pinch in the wallet based on the continued proliferation of the worldwide electronic identity theft epidemic, but the people who are most commonly seeing their personas and credit histories hijacked are at the other end of the spectrum.

When Javelin Strategy & Research releases its Identity Fraud Survey Report each year, we’ve come to expect that the study, now in its seventh year, will find that the theft of individuals’ personal information has once again risen substantially.

This year’s survey, which is based on telephone interviews conducted with 5,000 U.S. adults in late 2009, specifically contends that the number of adult ID fraud victims in the U.S. increased 12 percent to 11.1 million, with the financial fallout of all such crimes jumping 12.5 percent (or $6 billion) to $54 billion.

However, the 2010 iteration of the survey also finds that it is most often financially vulnerable segments of society — young people and small business owners explicitly — who are currently being most successfully targeted by identity thieves.

Huge banks, payment card providers and online trading companies are undoubtedly writing off mountains of losses based on all the phony and stolen accounts that they have to cover for each year, Javelin’s researchers concede. But it’s these two relatively shallow-pocketed constituencies that are being assailed by ID fraudsters at a noticeably accelerated pace.

When you think about it, it actually makes a lot of sense. So-called “Millennials” (or people ages 18-24) are being victimized in large part by fraudsters because they share so much of their information about themselves on social networking sites, Javelin notes. They also take the longest time, on average, of any group surveyed to detect that their reputation has been hijacked (132 days), leading to their personas being abused for the longest periods of time (149 days).

Essentially you have a group of people willing to post all the intimate details of their life on the Internet but who remain oblivious to their credit status. And many of them have no lengthy credit history at all, making it even easier for someone to take over and manipulate their likeness. Clearly, it all adds up to a perfect recipe for identity thieves.

As for small business owners, they on average experience ID fraud at one and half times the rate of all other U.S. adults, according to Javelin. The primary catalyst for this problem is that these individuals so frequently must use their personal information to handle business-oriented accounts and transactions, presenting attackers with a massive subset of people (typically without any IT security department watching out for them) that they can target for commercial-grade fraud.

These are people who also can likely least afford to have their identities taken offline for days, weeks or even months after discovering that they’ve been had and moving to regain their reputations. Beyond personal inconveniences and risks, their companies are likely to suffer as a result of any financial interruptions, especially in a troubled economy.

So, large corporations may be the ones who are writing off the largest parcels of cash as identity theft continues to grow by leaps and bounds every year. But, it’s increasingly the small guy with much to lose and almost no one watching out for them who are seeing their entire credit futures kidnapped.

Trickledown economics is as real in today’s world of cybercrime and identity theft as it’s ever been within the larger context. What remains to be seen is how this evolution will serve to chip away at the financial health of our society itself.

Related posts:

1. Reflections from a Black Hat Hackers’ Conference (Part Two) The following special blog post is the conclusion of a...
2. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
3. The IDGuardian Podcast: Episode #007 — Concerns with Small Businesses Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

The following special blog post is the conclusion of a note from Intersections VP, of Information Security, Tim Rohrbaugh.

The second day of briefings was honestly a blur. I couldn’t help but focus on the ancillary details that each presenter offered. Each presenter – I managed to attend only one out of three tracks – did have main goals that were clear and relevant, but all I heard were hidden details sprinkled throughout their talks that my shiny new perspective forced me to see. What were these details? Well, before I turn my keyboard to those let’s recap; US sourced Internet crime is for a large part orchestrated by Russian organized crime personalities. Those amazing facts that Joseph Menn discussed in his talk (and book) at the end of day one sat in my stomach all night. Which upon wakening for day two, I recalled a momentary thought at the beginning of the event where it felt natural to stick my head in the sand like the proverbial ostrich.  That natural instinct to focus on the details versus the big negative picture was broken the second I asked one of my peers what “pay-per-install” meant. This term was part of a presentation title I was thumbing through – my two decades of military, government and commercial jargon did little to aid in deciphering the subject of this technical talk. Unfortunately, the meaning of the term would signify that yesterday’s realization, brought on by Menn’s book talk, was truly just the start of the fear that we are losing the war on Internet safety in a big way.

Crime is a business. Who said that? Please, someone tell me because I truly missed this fact and want to give credit to the right person. Before yesterday, I couldn’t get my mind to accept that a criminal could be a good business person or that the mob could be run by highly technical people – square pegs are only supposed to go in square holes – or so I thought. It seemed like the demarcation between business, criminal, and technical acumen was very clear. And, while some crossed that line in all directions, and ended on the front page of newspapers, we security professionals could rely on the opposing goals of each area to hinder the melding of true thought leaders in these areas. What am I trying to say and what is bothering me? Criminals are using modern business practices without fear, kids born into technology have grown up to be skilled criminals, and highly trained foreign agents have left government work and are unchallenged as mob leaders.

Now the details: the owners of shrink-wrapped malicious code generators are providing customers 24/7 support. [Yes, never fear... your malicious code is supported 24/7 and phone queues are serviced by level 3 support around the clock.] If a customer’s malicious code is found by anti-virus vendors, the code will be regenerated and packed so the signature changes. Oh, and if you don’t pay your bill on time the signatures of your malicious code will be provided to the anti-virus vendors!

What about this “pay-per-install” term? Let’s cut to the chase… people are being paid to get others to install spyware, bots and key-loggers through any means possible… email scams, rogue web sites, piggy-backing malicious code onto legit software. They will only get paid if the source computer is located in certain countries, though. Think affiliate networks for organized crime… no, they will not pay you for installing spyware onto Russian computers. Why not? I’ll let you guess that one.

Maybe it’s just me, but reading between the lines I recognized the feeling that we are getting owned, used and manipulated by Eastern European criminaaaa… oh, I mean business people.

DatalossDB, which tracks breach notifications for loss of sensitive data including credit card numbers, has recorded a reduction in breaches over the last year. Is that good? Seems like it. But could that also mean that crime is happening still at the same rate but discovery did not occur at the same rate? Well, crime is still profitable, organized criminals have gone relatively untouched, technology is just as complex, AND, generally, peoples’ behavior has not changed. Also, since a highly technical criminal is not rewarded for releasing a vulnerability, and yet we know they still exist, we have to assume that theft of data is happening at the same rate because we have not changed the greatest weaknesses (underlying technology of the Internet and people’s behavior). My new found paranoia leads me to one conclusion: We need to provide the tools that educate the consumers to identify that their identity IS being misused and focus on changing behavior that more than likely caused the breach in the first place. How do we get through to people to make them understand that literally one mouse click or one web page can start a chain reaction that leads to hours on the phone with their bank; loss of bank funds; higher taxes; well-fed mobsters (who then have more money for hit men and weapons which then leads to higher under-the-table pay for underpaid foreign civil servants); and finally more revenue for struggling foreign local economies? I say, let’s cut out the middle man (organized crime) and just get our US banks to donate to small Eastern European cities.

Related posts:

1. Reflections from a Black Hat Hackers’ Conference (Part One) The following special blog post is the reproduction of a...
2. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
3. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office. Also watch for featured selections from the 2010 Javelin Report on Identity Theft in this video. More information on that study can be found at http://www.idsafety.net.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
3. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

The following special blog post is the reproduction of a note from Intersections VP, of Information Security, Tim Rohrbaugh.

OK, so I have been attending the so-called “hacker convention,” Black Hat, off and on since 1998. I usually look forward to the event as one does to the first day of the new year – as a chance to change perspective. Lately, if I attend, I hear from skilled technologists who have a great deal of time on their hands, and focus their effort on specific weaknesses they see or their peer group has suggested might be of interest. These revelations of weakness the presenter discusses tend to be part insight and part forecast.  Insight, with respect to areas that have been taken advantage of over the last six month and forecast, what will become mainstream for the next six months. I can usually count on at least one “ah ha” moment at the event. I most likely find this golden nugget of information in specific types of talks and so I stick to those tracks or briefings. This year, I stumbled into one session based on “not” what I thought the technical criminal minds would focus on over the next months, but instead the release of a book that chronicles two heroes’ experiences trying to make a difference with respect to the criminal underworld controlling large swaths of the Internet. The title of the briefing was “Hacking Russia: Inside An Unprecedented Prosecution of Organized Cybercrime,” given by the author Joseph Menn whose book – Fatal System Error. The Hunt for the New Crime Lords Who Are Bringing Down the Internet – was recently released. As most of my friends, co-workers and family can attest, I can be annoyingly critical of everything I hear these days. While a slight exaggeration, it seems to me that “facts” my generation was inundated with during our formative years have turned out to be wrong. No, our brains do not stop creating new brain cells after adolescence… we have Neurogenesis as a fact today; No, we do not use one part of our brain for only one function –- we have Neuroplasticity to thank for this; No, just because our parents used IT… does not mean that there is nothing to worry about from a health perspective…

I am telling you how I approach information today because what I heard from Joseph Menn rang true in frightening ways.  Yes, I factored in what gain there is for the author. After listening to him, even knowing his book sales hinged on a good performance with the media there to listen, his enthusiasm, his details, and my own experiences aligned. As many know, I had some brief exposure to eastern bloc nations in an attempt to support technology acquisitions, and I spent a number of years around our Government. These experiences, Menn’s description, along with the US attempts in those nations, align with my views and ring TRUE. No, this is not because I attain a feeling of satisfaction finding someone who’s speaking that affirms what I thought. On the contrary, he was believable to me and illuminated the fact that I have been brainwashed, like most others, to believe the Internet is safe today – if one is sufficiently savvy. My internal risk meter has been altered to the point where it has just plain off.   I needed a realignment, I needed to feel paranoid and Menn’s briefing did just that for me. I thought I had been critical of certain works of fiction, but NO, not even close. I read what I wanted to read. Armed with this new fear, I now see how our consumers need real solutions more today than ever before. They as individuals are not the targets… they are not targets like a small set of private banking customers would be… no WE are the targets. As American business’ intellectual property is the target of China’s government and military because they believe we are innovators, the American people are the targets of Russian (other eastern countries) mobs because theft is part of the culture and crime is advocated from the highest levels of the country AND the acts of crime create a better life (the only life) for many in that country.

Menn’s advice was radical but probably close to what is necessary to rework the Internet and make it what is should be, safe.  But there are things he is not aware of that could help… we should focus on what these things are since the underlying technology of the Internet is not going to change overnight, even if everyone agrees to change today.

If you are interested in more details, ask me to tell you about Joseph’s comments from one bullet titled “Andy likes Vodka”… it explains why America is getting nowhere with respect to support from Russia on crime.

Related posts:

1. Reflections from a Black Hat Hackers’ Conference (Part Two) The following special blog post is the conclusion of a...
2. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

Identity theft is not merely something that happens on the Internet. You can lose your identity in real world cons, scams, and outright theft also, but we tend to think of it as an online crime because that’s what we see most often in the United States. An interesting fact is that the money stolen from banks in the USA online far exceeds the amount physically stolen. However, traveling outside the USA brings different risks into play. Many times your physical security is at greater risk when you are traveling, and your identity is at risk because stolen credit cards, drivers license, passport, can and do happen.

I travel quite a bit for business and pleasure and visit some pretty varied places so I try to keep up with crime news in the places I’m going. Some of this stuff may sound a little far fetched to you as you sit in your living room reading this, but when you are the only green eyed, blond haired American (I’m not profiling. The reality is we are targets because any American’s pocket change is worth stealing if you’re a local who has nothing) in an entire region then it is prudent to protect your body and your identity.

Here are tips I’ve picked up over the years for you to stay safe.

Always keep track of expenditures you have made using your credit and debit cards (and in a hotel watch what gets charged to your room). Save your receipts so you can compare them to the entries in your account statement. As an aside regarding receipts, some developing countries still use carbon to make copies so tear it up – otherwise they have your card information and your signature. If you can do so securely (you don’t want your username and password sniffed at an open WiFi hot spot), view your statement online to verify that the charges are accurate. Report any discrepancies as soon as you find them. If your identity is stolen, then the thief won’t stop fraudulent charges until your card is suspended.

Better yet, use cash to remain anonymous while keeping your credit cards safe. Some say that it is risky to travel with lots of cash, but I think in many ways it is safer to travel with a lot of cash. You don’t always have to carry it all. If you’ve got a safe in your hotel room store cash and documents there. If you do carry all the cash then separate it. Carry small bills in your front pocket, larger bills in your wallet, then divide the reserves between somewhere hidden on your body and your bag. By hidden, I mean in a money belt, secret pocket in your shirt or pants, or a neck pouch that you can wear under your clothes.

In the immortal words of Kenny Rogers, “you never count your money, while you’re sitting at the table”, comes the next bit of advice. Waving a wad of cash around in Manila Airport just might be the dumbest thing you could do regarding your personal safety. When you change money, count it at the counter before you leave, shielding it from public view with your body, and then make sure no one follows you when you leave the money changer. Don’t carry your wallet in your back pocket. Remember, travelers are targets for pickpockets.

Don’t give out personally identifying information (PII) to anyone. Con men are smart. They’ll ask you your name, where you’re from, and where you’re staying. Before you know it they have enough info to target you or your hotel room for a robbery and/or steal your identity. Don’t forget to treat your information as the valuable asset it is. Important documents, identification, and credit cards are popular targets for robbery. Before you go away, copy all important assets and save the copies somewhere safe while you’re traveling. I get very protective of my passport, probably a result of traveling through Vietnam before the US had re-established diplomatic ties, when any police or military officer in the country could stop me and ask to see my papers. I have a copy of my passport in a document case that I leave in the room safe, and another copy that I keep handy to show people when asked. My actual passport usually remains hidden on my body and I only display it when necessary. Also, you may need a copy as a backup if the original is stolen or lost, plus it will help you replace stolen items.

It’s important to orient yourself when you land and when you check into your hotel. If you think you might be going somewhere sketchy, either ask the concierge if it is safe, or don’t go there. I think it goes without saying that if you engage prostitutes or buy drugs then you are putting yourself at risk.

When you’re at the airport, keep a close eye on your belongings. A common scam involves someone innocent looking approaching you and asking you a harmless question. While you are distracted an accomplice steals your bags. If you sleep at the airport, make sure to wrap the strap of your bag around your wrist or ankle so you’ll feel if someone tries to take it. Another common scam involves the security checkpoint. You put your bags on the conveyor belt and get in line for the metal detector. The person in front of or behind you sets the detector off on purpose causing the line to be delayed. During this time an accomplice watches your gear and while you are detained grabs it off the conveyor and walks away with it. Never let your gear out of your sight. I have argued with security personnel worldwide (including a few minutes ago in Manila) that I’m not stepping through the metal detector until I see my belongings enter the x-ray machine.

Always protect your smartphone. Remember, stolen smartphones are valuable because of the data they’re holding, not just that someone could run up a big bill. Many people store financial account info on their iPhones or Blackberries. Make sure that phones are locked and if possible the data is encrypted. Your laptop is also an attractive target for thieves. Don’t put your stuff down or lose sight of it. My rule of thumb is that nothing I need leaves my sight other than to go into my hotel room safe. Laptops should of course be password protected and data should be encrypted. Or, have a separate netbook just for travel that has no data on it and carry your data with you on an encrypted USB storage device or SD memory card.

Traveling is fun, but remember that you are out of your element just about at all times. Be security-minded with regard to your physical and information assets. Pay attention to your surroundings. A safe vacation is a happy vacation.

Related posts:

1. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
2. The Tax Man Cometh (and identity thieves are not far behind) Is it just me or does it feel like tax...
3. Footprints to a College Graduate’s Profile (Part III) With graduation season closing in, we have presented commentary on...

Related posts brought to you by Yet Another Related Posts Plugin.

Yesterday started with a stir across the popular social network, Twitter, as Mashable.com (with the help of blogger Andrew Girdwood) put its users on high alert:

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

This development had not only become a trending topic on Twitter, but started to grab media attention, including the Washington Post. While this situation shouldn’t be taken lightly, we at IDGuardian do not recommend that you start changing any passwords on accounts. According to our research, Twitter users are finding out via an “official email” from Twitter.com or from other Twitter users. Meanwhile, on Twitter’s Status and News blogs, there is no mention of this phishing scam whatsoever.

This gives us a moment’s pause, and it should do the same for you, too.

Before concerning yourself with falling prey to a malicious Social Media hacker, follow this simple checklist:

• Check your third party clients (TweetDeck, DestroyTwitter, etc.) and see how they are behaving. If they are connecting with Twitter, you are doing just fine.
• Check Twitter Status. This is one of two blogs that keep users in the know about what is happening on Twitter. This particular blog is more technically oriented, but reports outages and hostile actions such as DoS attacks. In the late hours of Tuesday night, a posting did appear that may have explained yesterday’s odd behavior reported across the network.
• Check Twitter’s Blog. This is news and developments from Twitter’s home base, and usually developers will give commentary here on any hacker attacks, interface redesigns, or serious issues that Twitter is encountering at that time.
• Follow @Twitter’s feed. No, they might not answer a query, but with something as serious as this there may be some updates in their feed that can give you sound advice on how to fix a potential problem.
• Follow @safety, Twitter’s Trust and Safety account. Managed by Twitter’s own Del Harvey, this is the voice of Twitter’s Trust and Safety Team. They did have a post about this matter at 11:26 am, several hours after Mashable, the Washington Post, et al. went live with their postings (No mention of this being a phishing attack.); and they did a follow-up posting concerning the importance of “regular password changing” that was shared on this feed. Again, another valuable resource in maintaining your identity security on Twitter.

Always check with the source before taking action. It may be a moment’s hesitation, but in that brief second you may be able to avoid unwanted stress and undue inconvenience.

Related posts:

1. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
2. WARNING: Facebook Scam If you are on Facebook (as are over 300 million...
3. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...

Related posts brought to you by Yet Another Related Posts Plugin.

Is it just me or does it feel like tax time was not that long ago? The taxing season is upon us again and one group of citizens is just giddy with excitement. No, not tax preparers. For identity thieves, tax time is one of the best and busiest times of the year as they prey on unsuspecting taxpayers caught in a whirlwind of returns, refunds and rebates.

So why is tax time so good for identity thieves? Three simple reasons:

1. A lot of money will be on the move as millions of consumers send and receive billions of dollars in tax payments over a very condensed period of time. According to the Internal Revenue Service (IRS),   during last year’s filing season more than 130 million taxpayers received refunds totaling nearly $300 billion. That doesn’t include the checks that taxpayers sent out to the IRS.
2. Tax time involves the distribution of a lot of documents, laws, and communications – the ideal time to trick a busy taxpayer. And of course many of these documents contain the taxpayer’s crown jewels – name, address, spouse, employer, Social Security number, bank account number and much more.
3. The letters I- R- S already scare most people, and the thieves’ bank on that emotion to prey on their unsuspecting victims.  (Your computer has been infected, your bank account has been suspended – any of these sound familiar?)

Tax time scams are nothing new, and the scams this year will probably be a rehash of previous years. But what you really need to watch out for are more clever variations that are more likely to catch you off guard.

Most of the scams you’ll most likely encounter this year will come in an email or phone message, although you shouldn’t rule out the possibility of a snail mail scam (mail received in your mailbox).

Here’s a selection of the kinds of tricks the scammers will use.  Most of these scams are likely to come as official looking IRS communications that will prey on fear, urgency or greed:

• Someone else has submitted a tax return using your Social Security number and in order to fix the problem you’ll have to confirm your Social Security number (or submit an online dispute or claim form that includes your SSN).

• The IRS can expedite your refund if you submit your bank account and routing information.

• If you don’t accept direct deposit of your refund directly into your bank account, you’ll face a fee or penalty.

• The IRS has your stimulus check or rebate and would like to deposit it in to your account. This can be a very effective trick because there are so many stimulus programs or discussions going on (like the new “cash for caulking” rebate program).

• The IRS would like you to participate in a taxpayer satisfaction survey which will eventually either ask you for personal information, or the link in the email will lead to a malicious download.

• The IRS now offers a generous installment payment plan if you owe taxes, and you can begin by submitting your bank account information.

• You’re being audited and you must respond within 24 hours using an online form.

• The IRS already sent you a check but it has not been cashed, and you’ll need to confirm your bank account information or Social Security number in order to have the check resent.

Consumers are not the only target. Businesses can expect to receive fake IRS emails containing attachments purporting to be changes in tax laws, a tax problem with a specific employee, or threat of an audit.

The attachment or link is likely to contain a Trojan or other malware that could easily empty the victim’s bank account, and the FBI estimates that more than 200 businesses lost more than $40 million through this scam last year.

These can be very effective because businesses expect to receive this kind of correspondence, although they shouldn’t expect them by email.

And don’t just watch for IRS scams. There are numerous scams in circulation focusing on property tax appraisals, so keep an eye out from scam emails and even letters purporting to be from your local county tax assessor.

So what should you do to avoid being scammed:

• The Golden Rule! Always ignore every email or phone call you receive either from the IRS or local tax assessors. They will never email or call you – they always write.

• Always protect your computer.    Be sure to update anti-virus, anti-spyware, and firewall protection and protect your passwords.

• If you do receive a letter about your taxes, especially one that demands payments you’re not expecting, contact the IRS directly through their web site at www.irs.gov and use any case numbers included in the correspondence you received. They’ll be able to confirm its legitimacy.

• If you receive any emails at work purporting to be new tax laws or threats of an audit, again go directly to the IRS web site and contact them from there. Don’t open any attachments or click on any links.

If you plan to make tax payments by check, make the check out to the Internal Revenue Service and not the IRS, because anyone who steals the check could easily change the letters and deposit the check.

Related posts:

1. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
2. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
3. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...

Related posts brought to you by Yet Another Related Posts Plugin.

Ah, it’s been a great holiday season. A touch of snow, some cold weather, and we rode the holiday spirit from Thanksgiving through Hanukah to Christmas and then through New Year’s.  Everyone is happy and full of holiday cheer.

But you know what happens when you’re riding high in the saddle.  That’s right, when you feel all safe and happy is usually when you are in the most danger.   Be aware of the following post-holiday (and every day) scams:

Online Auctions

I know there are a lot of people who love eBay, but I’ve actually grown disgusted by the high degree of fraud on the auction site.  Anyone buying or selling on eBay really needs to be suspicious of everyone and everything.  Never ship to an unverified address even if someone tells you to because the purchase is a gift.  The scam here is that it is probably a stolen PayPal account and the felon wants you to ship to an unverified address so he rather than the account owner can receive the goods. 

This scam was actually attempted on me by eBay user “divingoodsodell” in late 2009.  The address he had registered with PayPal was different from the address he wanted me to ship to.  He explained this in an eBay message and stated that it was a gift for his daughter who lived at the other address.  It smacked of fraud to me so I decided to wait a day and see what he did.  Sure enough, the next morning he emailed me and told me that I was trying to cheat him by not shipping him the goods and that he would destroy my perfect eBay seller rating.  To me, this sort of frustration and attempted manipulation belies the true fraudulent intention in cases like this.  I emailed to inform him that I wanted no part of this transaction and he replied with a horrifyingly rude email using such foul language that a sailor would have been embarrassed to read it.  I immediately reported the transaction to PayPal as potential fraud and was pleasantly surprised to receive an answer within 15 minutes informing me that the transaction was terminated as fraud and the user account investigated.

Another scam that is going around is for the scammer to buy something, open the box, remove the item, and reseal the box (maybe even resealing it with heat wrap).  Then he returns the box but not the item in the hopes that you’ll issue a refund without opening the box and checking the item.  Never provide a refund before you’ve received and inspected the goods.

Follow eBay and PayPal’s advice on preventing fraud, and if something seems even slightly amiss report it as fraud immediately.

Fraudulent Gift Cards

In this scam, criminals go to physical stores that offer gift cards such as Starbuck’s, Banana Republic, and Macy’s.  They can either steal the cards outright and then sell them online or write down the numbers on them and wait for them to be purchased.  Once the criminal sees the card has been sold he knows it is about to be activated so in a few days he can go online and use the stolen numbers for purchases.  Many times gift card scams are carried out by temporary holiday employees.  Try to buy gift cards that come in promotional packaging thus concealing their numbers. .  If you get a gift card you don’t want and choose to trade it online, be alert because fraud is rampant on these sites.  The same goes for buying or selling a gift card on eBay.

Insurance Scams

Senior citizens should be alert for Medicare insurance fraud. Enrollment plans run through December 31 of each year, and after the holidays, we usually see an increase in phone calls or mailings targeting seniors who have an interest in Medicare policies and reforms, or supplemental policies.

Work from Home Scams

If you don’t work on Wall Street, then you may be strapped for cash after the holidays and looking to earn extra money by working online.  Use extreme caution! The majority of these “work” opportunities don’t deliver what they promise. Recent research (link to http://www.brighthub.com/computing/smb-security/articles/28781.aspx) has shown that only one in fifty-five of these offers are legitimate.  Search for reputable opportunities on sites like About.com (link to http://homebusiness.about.com) that offer compensation for your time. Search and verify their reputation though independent sites such as the Better Business Bureau (http://www.bbb.org) before you sign on the dotted line.  Read the fine print and never send them money as part of the hiring process.  That should be a dead giveaway that there’s some fraud going on.

As always, keep a look out for identity theft.  When stores are packed and checkout counters are bustling, it’s much harder to keep track of your credit card and know what exactly the salesperson is doing with it.  Make sure no one is standing near the register and listening to you as you provide the information required for a return such as credit card numbers, address, and phone number.

Related posts:

1. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

It is hard to believe that IDGuardian launched only four months ago (September 11, 2009 as a matter of fact); and in such a short time, we have brought you sound advice, different perspectives, and forward-thinking opinions on the subjects of Identity Theft, Credit Security, and Online Safety.

If you are new to IDGuardian, thank you for joining us. We have, at the closing of the year, compiled the “Best Of” from 24 blogposts so you can get a feel for what you will find here. For those of you already subscribed to IDGuardian, thank you for joining us and we hope you enjoy this retrospective of a new blog.

Take a look at what we have deemed the “notable bytes” from 2009 and feel free to leave your own favorite blog or podcast entry in the Comments section.

.

September

The ironic twist is that the burglars who use your own freely-offered personal life story to target your home when you’re not there are in fact not looking for your new TV or X-Box. What many of them are after is your Social Security number, birth certificate, financial statements and anything else they can use to clone your identity and hijack your life.

— Neal O’Farrell, When a Stranger Comes Calling

A more common method is to launder the money, once again internationally.  Many times this is done through unsuspecting money mules.  A typical scenario involves a mass spam campaign advertising to the recipient that he/she can make hundreds or thousands of dollars a week working from home.  Or then there’s the “you’ve won the Spanish lottery” spam, or the “you can recover this bank account you forgot you had” spam.  In all these cases, the point is to swindle the money mule into sending legitimate funds to the con man.  If it’s a straight on con, then they just keep the money.  If they’re laundering money, then they will actually send back some amount of “dirty” money in exchange for your “clean” money.  Now you’ve not only been cheated, but you’re part of an international identity theft and money laundering scheme.

— Matt Sarrel, Identity Theft: An International Consipracy

October

What [hackers are] usually after is personal information that can be used in identity theft. So just think of the information you may already post and share that hackers could use in identity theft – information like your name, date of birth, home address, work address, current employment, employment history, mother’s maiden name, family, friends, pets, your first school, favorite teacher, vacation plans, likes and dislikes, even photos of you and everyone you know. The list is endless.

— Neal O’Farrell, What Social Networks Really Reveal

But while the hype cycle of social networking risks may be at an all-time high, it’s hard to argue that the emergence of the Web 2.0 sites and applications hasn’t created a complex new set of privacy concerns that end users need to worry about.

The social networks themselves have already become breeding grounds for many different types of electronic attacks and social engineering schemes with most of those threats aimed at somehow stealing your personal data, infecting your computer or using your online reputation to assail those with whom you’re connected.

— Matt Hines, Social Networks Increase Risks to Online Privacy

Identity theft – by whatever name we choose to use – is a real problem, and will continue to be for many years. The world is digital – our transactions, communications, and relationships are tracked by marketers, read by virtual friends, and if not secure, vulnerable to fraudsters.  We can’t change the evolution of technology, nor should we, but we can become smarter about how we use it, who we transact with, the information we divulge, and most importantly, how we secure and monitor our personal information. Education is the first step to understanding the risks. When consumers educate themselves, useful services will dominate the market.

— Michael A. Stanfield, A Reply to Ms. Julia Angwen at the Wall Street Journal

Consider the possibilities for someone to carry out a physical assault, let alone a virtual attack, if they know who you are and where you are at any given time. If I was someone looking to rob your house or a jilted ex-boyfriend planning to stalk your movements, these seemingly innocuous tools would seem to provide a lot of helpful information to do that.

In the computing world, these applications, like other social media tools, unquestionably add another level of risk in terms of allowing someone to create targeted attacks to assail you with in assuming your likeness for identity fraud.

— Matt Hines, Mobile Web Driving New Privacy Issues

November

Many of us have established habits and lifestyles that, quite frankly, we don’t want to change. We like the convenience and benefits associated with loyalty/rewards programs, online shopping, and social media networks. Our information is already in cyberspace in so many different shapes and forms that it’s not likely we can pull it back and start over again. But we don’t need to panic. What we can do is be more vigilant about who we share our information with and ask why it is needed. Does the retailer really need your phone number? (They don’t; it’s for marketing purposes only.) Does your son’s baseball team really need a birth certificate? (Have them verify your son’s age at school.) Ask questions and if you don’t like the answer you get, don’t provide the information.

— Michael A. Stanfield, Lost in Translation

These rules may seem inconvenient or overly cautious to many consumers, but they are designed to help you by keeping the crooks from pretending to be you.  My goal is to make identity theft prevention a part of our learned safety behaviors, like putting on a seatbelt.  You don’t think twice about it.

— Anne Wallace, Be Prepared to Establish Your ID When Red Flag Rules Go into Effect

One of the best gifts scammers will get this year will come from retailers. Shoppers and analysts are already reporting shortages of the hottest Christmas gifts this year, as retailers try to avoid getting stuck with merchandise that they can’t move quickly.  This inventory shortage may force some shoppers to take greater risks than they normally take, and  scammers won’t miss the opportunity to take advantage of busy shoppers who are so determined to get that elusive holiday gift this year that they are willing to do whatever it takes.

— Neal O’ Farrell, Why Black Friday Could Be a Red Carpet for Scammers

Talk to your kids about the importance of their Identity. Teach them not to fill out forms online or offline to win a car, a cruise, or any other freebies in magazines, restaurants, etc.  More often than not, those are marketing ploys and their personal information will be shared across many marketing databases. Parents should carefully monitor all Internet activity and stay actively involved with who their kids are meeting online. They should also keep kids out of Internet chat rooms. Predators are just as real online as they are in public places.  All they need is an unsuspecting child to provide their name and home address, and they could track them down.

— Identity Safety for Your Child

December

Think before you tweet (Twitter), or post anything on Facebook, MySpace, or YouTube. Always assume that what you say, how you say it, and to who you say it will always be only a search away from friends, potential employers, stalkers, Internet predators, etc.

— Identity Safety for Your Teens

— Jerry Thompson, Threats Facing Consumers Online

According to Facebook’s new privacy policy, if you don’t select your own privacy settings Facebook will automatically do it for you, and to a standard that you might not be comfortable with.

For example, under current privacy settings people who are not friends can’t even see your marital status, gender, photo, or location. Under the new default settings, this information will now be open for everyone to see unless you go in and change your personal privacy settings.

— Neal O’Farrell, Saving Facebook

A number of organizations including the National Association of Attorneys General and vendors including Intel, Google and Microsoft recently announced the establishment of “Data Privacy Day” which will be observed on January 28, 2010, and involve a number of promotional events meant to raise consumer privacy awareness.

In more targeted efforts, a group of leading Internet publishers and digital marketing services recently launched an online campaign to educate consumers about how they are tracked and targeted by marketers over the Web. The Interactive Advertising Bureau (IAB) unveiled a related “Privacy Matters” Web site and a number of IAB members including Yahoo, Google, Walt Disney Co. and The New York Times Co. have volunteered to support the effort via links featured prominently on their own pages.

— Matt Hines, Searching for Bright Spots

As you can see by the amount of information (and these are the highlights!) here, IDGuardian has delivered valuable insight and information regarding identity protection and personal safety both in the real and virtual world.

This is, also, merely the beginning.

IDGuardian will, in 2010, bring you the voices showcased here along with new contributors and new features geared to start dialogues and get you thinking. Awareness and education are key in protecting yourself, and IDGuardian is here to do both of these and so much more. We hope that we have aided you in making the latter quarter of 2009 a safe one, and assure you that IDGuardian will continue to offer you tips, advice, and guidance in the coming year.

Thank you for commenting, for subscribing, and for taking part in our community. Celebrate safely, and we will see you in 2010.

Related posts:

1. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
2. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. You can download and enjoy these audio and video columns either:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #002 — Looking Back to Look Ahead Welcome to the IDGuardian Podcast. On alternating weeks, we will...
3. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

The easiest thing to do in scoping out the electronic privacy landscape for 2010 would be to decry the incredible alignment of factors guaranteeing that next year has little hope of serving some sort of turning point compared to what we’ve seen of late.

But rather than merely highlighting the fact that according to PrivacyRightsClearinghouse’s experts more electronic records were exposed during 2009 than any year ever before, it’s worth attempting to find positive signs in terms of attempts to improve personal privacy in the upcoming year.

Legislation and Regulation

It’s debatable what affect mandates passed down by the government and various industry bodies have had in improving electronic privacy issues, but as flawed as the entire notion of improving security via regulation may be viewed by some experts, we will see more laws go into effect in 2010 aimed at spurring companies to do more.

On the statewide front, many legislatures continue to make their data protection requirements more stringent. For instance in my home state of Massachusetts we’ll have our new 201 CMR 17 law which enacts new Standards for the Protection of Personal Information go into effect. Along with laying out stricter requirements for local businesses regarding their the use of data encryption and other security measures, such laws are also aimed at having a nationwide impact as any company doing business with a resident of the state is also required to comply with the mandate.

In Congress we’ll see if the Personal Data Privacy and Security Act of 2009 — which requires entities keeping personal data to establish “effective programs” for ensuring that sensetive data is kept confidential — will pass muster. The FTC is also deep into a set of debates over issues of online privacy protection, specifically looking into user tracking and advertising practices.

Technology

In terms of technological improvements, new products and services will launch in 2010 with the specific goal of helping people better protect their identities. In addition to technologies that aim to help banks, vendors and other companies connect more safely with legitimate customers, owners of popular social networking sites, including Facebook, have begun to introduce new privacy features after having become targets of both attackers and pundits for their previous lack of controls.

In a nod to the aforementioned interests of the FTC, major search engine providers including Yahoo are promising to lend greater transparency to their user tracking policies, specifically around the use of targeted advertising. Yahoo recently launched an advertising privacy tool intended to provide people with more information about the types of data being collected about their usage patterns and how their related user profiles are handled. Microsoft’s newer Bing search engine has also been tweaked to offer users greater insight into and control over their saved usage data.

Awareness

One could argue that like legislation, it’s hard to say that increased awareness of the electronic privacy epidemic has markedly improved the overall situation, but if knowledge is power it does seem that there will be continued focus placed by many in the private and public sectors on reinforcing to people how mindful of their privacy matters they need to be.

A number of organizations including the National Association of Attorneys General and vendors including Intel, Google and Microsoft recently announced the establishment of “Data Privacy Day” which will be observed on January 28, 2010, and involve a number of promotional events meant to raise consumer privacy awareness.

In more targeted efforts, a group of leading Internet publishers and digital marketing services recently launched an online campaign to educate consumers about how they are tracked and targeted by marketers over the Web. The Interactive Advertising Bureau (IAB) unveiled a related “Privacy Matters” Web site and a number of IAB members including Yahoo, Google, Walt Disney Co. and The New York Times Co. have volunteered to support the effort via links featured prominently on their own pages.

So while the doubters and naysayers among us will still have plenty to fret over in 2010, the push to help us all better navigate the privacy quagmire will at the same time be carried on.

Because in terms of improving the current state of play, things can’t get much worse. Right?

Related posts:

1. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
2. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

If you are on Facebook (as are over 300 million people in the world) then you are used to receiving a variety of notifications of different things happening within your network, such as photo tagging, status comments, and friend requests. Nothing unusual about that, unless you receive something like this…

…on an account other than the one you used to open your Facebook account.

On closer investigation, here is what you should notice about this new Facebook spoof:

1. Note the mailing addresses in the header. Facebook’s reply here is usually “no-reply” address. Also, if this is someone you know and performed a generic search, you would have come up in a page of results. Facebook would have sent this “invitation” to an already approved email for a Facebook account.
2. Take a closer look at the photo. This is actor Jake Gyllenhaal. True, Facebook users do use famous people as their profile pictures on occasion, and it is these new, unknown users that you should take caution with before approving.
3. While there are famous people on Facebook, they would probably NOT identify themselves as (FIRST NAME) Doe.
4. Another problem with this scam is when legitimate friends of yours appear in the notification. (Our advice: Notify these friends as soon as possible that they are being associated with this scam, and advise them to take caution.)

The nice thing about scams like this is they tend to appear in pairs. Another bogus invitation received within minutes of the first spoof mail, and this one threw its first warning sign out in a more blatant fashion. The profile picture featured a woman giving the camera a cheeky grin and revealing a good amount of skin. Security experts refer to this as a “Hot Chick” Approach. In this second invite, the four “random friends” as selected by Facebook are the same “random friends” showcased in the first invite.

Here are a few tips to follow if you receive a suspicious invitation like this:

• DO NOT CLICK ON ANY LINKS PROVIDED IN THE EMAIL. Take a look at the earlier mentioned details outlined earlier to see if this is, in fact, a legitimate invitation or not.
• As stated earlier, notify friends featured in these spoof as soon as possible. Advise them to take caution when working in Facebook and communicating with others.
• Click here to find out more about Facebook’s policy against false identities. You can also forward the potentially fraudulent emails to abuse (at) facebook (dot) com with any additional information you can provide on the spoof mails (i.e. frequency, time of arrival, etc.)

Proceed with caution on Facebook as this scam has been gaining momentum. Please feel free to comment here your own experiences, and stay safe in your Social Networking initiatives.

12/16/09 UPDATE:

Today, I was hit with another bogus invitation. While the profile picture appeared to be some random high school/workspace portrait, I noticed that the three random friends selected that I “might also know” were featured at the bottom of the screen. Additionally, the “Reply To” address was hidden.

Take care. Phishers are getting craftier.

Related posts:

1. Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
2. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

Like most Facebook users, last week as I checked my Facebook page, up popped a message announcing some changes to Facebook’s privacy rules. And like most users I know, I just clicked on the Skip button and moved on to the interesting stuff.  But I won’t be able to skip for long.

Facebook announced last week yet another major change in the privacy options it offers users. And if you’re not paying attention, some of the changes might surprise you.

The idea behind the change is supposedly to give Facebook’s 350 million users more control over who sees the information they post. But what Facebook is also trying to do is open up their global community to more traffic (which means more business), and the best way to do that is to “encourage” users to expose more search-friendly personal information than they currently do.

According to Facebook’s new privacy policy, if you don’t select your own privacy settings Facebook will automatically do it for you, and to a standard that you might not be comfortable with.

For example, under current privacy settings people who are not friends can’t even see your marital status, gender, photo, or location. Under the new default settings, this information will now be open for everyone to see unless you go in and change your personal privacy settings.

Facebook’s own announcement confirms that “we’ll be recommending that you make available to everyone a limited set of information that helps people find and connect with you, information like “About Me” and where you work or go to school.

Unfortunately, even personal information like where you work or go to school is of real value to identity thieves who need this kind of information to spoof or clone your identity.

The Achilles heel in Facebook is the ease with which users accept new friends. For hackers and identity thieves, their goal is to hack or trick their way into as many circles of friends as possible. They know that for most Facebook users the best way to trick them into clicking on a malicious link is to make the user believe it’s from a friend.

For example, last week I visited a friend’s page on Facebook where I found nearly a dozen emails from a mutual friend who wanted to share with us an easy way to make money from Google. Of course it was a scam, and clicking on the link would download a nasty Trojan that could create havoc for an unwary user. That mutual friend probably had her Facebook account hacked by a scammer who then used the hijacked identity to target as many other users as possible.

And when it comes to privacy there’s always plenty to worry about. Last week I posted a note on my wall telling people that I just met up with my brother-in-law Andy, visiting from Ireland. It was the first time I ever mentioned any “Andy” in any forum. Yet two days later I received a spam email to an address that has never been associated with my Facebook account that opened with the subject line “Neal, have some bad news about Andy.” Coincidence?

But hackers don’t have to work very hard to break into your circle of friends. A study announced just last week by security firm Sophos found that more than 4 out of 10 Facebook users were willing to friend complete strangers – fictitious users invented by Sophos.

Once friended, the Sophos gate crashers were able to access a wealth of information including birthdates, email addresses, schools, and neighborhoods of most of the friends in the group.

There are some simple things you can do improve your privacy and reduce your exposure:

• Go to your Facebook privacy settings now and set them the way you want. It took me less than ten seconds to go through the new privacy protocol and tell Facebook that I wanted things to stay just as they were. You can find your privacy settings at the top of the page under the link Settings and you basically have three choices: only Friends can see selected information, Friends of Friends can see it too, or Everyone can see it. You can also mouse over the pencil symbols on your page to edit specific settings.

• Even with maximum privacy, it’s always wise to post as little personal information as possible. Facebook will always be vulnerable to hacks which means your personal data could be vulnerable, too.

• Don’t use Facebook to tell your family history, like mentioning the names of your grandparents and parents, where you went to school, your first pet and so on. As you probably know, these are the answers to the common secret questions that your bank may use to verify your identity.

• Resist the temptation to click on links in messages from friends, even if you know them. Hijacked accounts could easily lead to viruses and Trojans.

Related posts:

1. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
2. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
3. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Jerry Thompson, co-founder of White Sky Inc. White Sky protects consumers from identity theft and online crime when they are at their most vulnerable: when they conduct financial transactions on the Internet. With Bill Loesch, Jerry founded White Sky around an easy-to-use, convenient solution to safeguard consumers against identity theft and online crime. Today, that solution — ID Vault — is used by tens of thousands of customers in all 50 states, the District of Columbia and Puerto Rico.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...
2. The IDGuardian Podcast: Episode #001 — What is ITAC? Welcome to the premiere of the IDGuardian Podcast. On alternating...
3. The IDGuardian Podcast: Episode #003 — Convenience Vs. Security Welcome to the IDGuardian Podcast. On alternating weeks, we will...

Related posts brought to you by Yet Another Related Posts Plugin.

In our previous posting, we looked at the dangers of Identity Theft for our kids. We asked the tough questions about how prepared our children are, and considered the scary notion of just how vulnerable children can be to fraud, scams, and identity theft.

The tips we offered could be applied to any age of child; but when your child enters their teenage years, everything changes. Along with dating, peer pressure, driving, and accountability, teenagers begin to enter the workforce, earn their own income, and begin to nurture a sense of independence. This new world of responsibilities also opens up teens to new threats in identity security; and considering the popularity of technology (illustrated here by Matt Hines’ column on Social Networks and their influence over online privacy), it is becoming easier to reveal and harder to protect personal details.

At IDGuardian, we wanted to share some strategies in keeping your teens and their identities protected.

• Do not open email from unknown senders and be careful about what file attachments you download. The next video or music file – even from a friend – could actually be hiding a computer virus, Trojan, or keylogger from an identity thief.  Teach your children what those online threats are and why firewalls, anti-virus, and anti-spam programs need to be kept up to date.
• Reveal as little as possible about yourself, pictures included. Always avoid revealing your date of birth, family names, pet names, home address, school, cell number, and home phone number whether on a social media site or blog. Once posted, most items cannot be removed.
• What may sound harmless to you, like sharing details about your birthday party (or your friend’s), showing pictures of gifts, and sharing vacation plans can provide enough detail  to a thief about your whereabouts, and expensive gifts, making your home an attractive target for a burglary.
• While it may be great to have more online friends than everyone else, always practice caution when accepting new friends into your network.  Just because they are virtual friends, doesn’t mean they can’t cause harm.
• Protect your information on social networking sites and restrict who can access your pages. Most social networking sites have strong privacy settings that you can customize. Learn how to use them.
• Don’t let your friends borrow your cell phone. Should they lose it, you and everyone in your contact list could be at risk for bogus texts (i.e. winning free things), unauthorized calls and charges, and even eavesdropping.
• Talk to your teen about why he/she should not give out personal financial information in response to phone calls from telemarketers or emails from unknown individuals or businesses.
• When your teen applies for his/her driver’s permit and license, make certain that the motor vehicle administration does not use Social Security numbers as the driver license identification number. If they do, ask for an alternative.
• Never, ever share your password with friends. They could share it with their friends, and so on. You do not want someone using your persona to speak with others or to post notes on other social networking sites.  You should also change your passwords frequently and be sure to use a strong combination of letters, numbers, and symbols so that nobody can easily guess it.
• Think before you tweet (Twitter), or post anything on Facebook, MySpace, or YouTube. Always assume that what you say, how you say it, and to who you say it will always be only a search away from friends, potential employers, stalkers, Internet predators, etc.

These tips will give you a starting point in impressing upon your teens the importance of identity protection, and maybe — just maybe — lay a foundation for them to be aware of their identity, where it goes, and what they can do to protect their credentials, their credit history, and themselves.

Related posts:

1. Identity Safety for Your Child The holiday’s bring out feelings of commonwealth, community, and goodwill.  ...
2. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
3. The IDGuardian Podcast: Episode #004 — Why Black Friday Could Be a Red Carpet for Scammers Welcome to the IDGuardian Podcast. These audio and video columns...

Related posts brought to you by Yet Another Related Posts Plugin.

The holiday’s bring out feelings of commonwealth, community, and goodwill.   For those of you joining us here at IDGuardian.com, we hope that you have benefited from the security tips and tactics discussed here every week.

But what about kids?  Does your child have a shredder in their room? (Considering the last hairdo your child performed on the cat or dog, probably not.) Does your child understand how dangerous Identity Theft works? Does your child grasp that their identity is just as susceptible as your own?

At IDGuardian, we wanted to share with you a few tips in keeping your kids protected this holiday season and well into the new year.

• Always ask why your child’s Social Security number or birth certificate is required for sport activities or medical information. If mandatory, ask how the information will be used and protected.
• Talk to your kids about the importance of their Identity. Teach them not to fill out forms online or offline to win a car, a cruise, or any other freebies in magazines, restaurants, etc.  More often than not, those are marketing ploys and their personal information will be shared across many marketing databases. Parents should carefully monitor all Internet activity and stay actively involved with who their kids are meeting online. They should also keep kids out of Internet chat rooms. Predators are just as real online as they are in public places.  All they need is an unsuspecting child to provide their name and home address, and they could track them down.
• Children under 18 do not have credit reports, but do check with the credit bureaus frequently to ensure no one has established a credit history in your minor’s name.
• Be a role model to your child. When you are asked for your phone number at the retail store,  tell the cashier you do not provide that information.  Always ask questions and let your child know that it is NOT okay to provide information to everyone that asks.

Happy Holidays from everyone here at IDGuardian.

Related posts:

1. Identity Safety for Your Teens In our previous posting, we looked at the dangers of...
2. Why Identity Protection for Kids Matters People blog. That may sound like an obvious statement, but...
3. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...

Related posts brought to you by Yet Another Related Posts Plugin.

For those of you following IDGuardian on Twitter, you may have noticed a change in how we are posting our popular TwitterTips. We have been thrilled with the amount of “retweets” (circulating attributed postings in other Twitter feeds) our TwitterTips have earned; but after talking with our network, a change was needed.

Originally, when we went online back in September, our TwitterTips originally looked like this:

IDGuardian TwitterTip: Perform random online searches of your name in order to find out what personal information is available.

In October, the format changed to:

TwitterTip: At 18 years of age, your credit is compiled and reported to the credit reporting agencies.

Now, our TwitterTips will appear in your feeds in this fashion:

In June 2010, the FTC will enforce “Red Flag” rules, designed to prevent identity fraud. (from @IDAssistanceCTR) #creditsecurity

The previous posting is still an IDGuardian TwitterTip; but here is what you need to know about our new approach to this old favorite:

Character Conservation. If you are new to Twitter, you will know that all the postings (or tweets) are limited to 140 characters, and those 140 characters include spaces. The earlier TwitterTips with their headers used valuable characters, making it difficult for others to retweet without dramatically editing the original post. Many users were removing the header, so in “rethinking the retweet” we decided to conserve on the characters and streamline our TwitterTips.

Trackable Tweets. You may notice in the new format a pound sign connected to a term. These are known as hashtags. Hashtags are keywords used within a tweet to track it via Twitter Search. This way, by establishing a hashtag as part of a tweet or  conversation, you can create a Trending Topic on Twitter, thereby increasing visibility. At present, the hashtags we are using are:

• #onlinesecurity
• #idprotection
• #creditsecurity
• #scam

By incorporating the hashtag, we can now make it easier to track who is talking about our TwitterTips and where they are being circulated.

Keep an eye out for our TwitterTips that still carry that same reliable news or helpful insight IDGuardian is known for, just in a more compact format. Thank you for following us on Twitter and here at our blog. Feel free to leave a review for our podcast on iTunes, and continue to share with us your thoughts, opinions, and reactions to the columns featured here.

Related posts:

1. The Big “Phish” That Got Away (Thankfully) Yesterday started with a stir across the popular social network,...
2. Changes in Latitudes, Changes in Attitudes If you are like us here at IDGuardian, you may...
3. Why Identity Protection for Kids Matters People blog. That may sound like an obvious statement, but...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

From the IDGuardian Administrators: Due to the timeliness of this subject matter, IDGuardian has released this morning’s column as a podcast. Have a listen and share with those in your network these helpful Holiday shopping tips from security authority, Neal O’Farrell.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. Why Black Friday Could Be a Red Carpet for Scammers From the IDGuardian Administrators: Due to the timeliness of this...
2. The IDGuardian Podcast: Episode #002 — Looking Back to Look Ahead Welcome to the IDGuardian Podcast. On alternating weeks, we will...
3. The IDGuardian Podcast: Episode #001 — What is ITAC? Welcome to the premiere of the IDGuardian Podcast. On alternating...

Related posts brought to you by Yet Another Related Posts Plugin.

From the IDGuardian Administrators: Due to the timeliness of this subject matter, IDGuardian will also be, later today, releasing this column as a podcast. Enjoy the read, have a listen, and share with those in your network these helpful Holiday shopping tips from security authority, Neal O’Farrell.

As many Americans start preparing for a busy holiday season, cyberthieves are fine tuning their scams in anticipation of a bumper crop of victims who will be presented with scams so convincing they’ll gladly invite them into their homes like a group of cheery carol singers.  As in years past, scammers have perfected the art of social engineering – getting inside the heads of victims so they can deliver scams many victims won’t recognize until it is too late.  And looking to profit from the soft economy, criminals are preparing to exploit money-conscious consumers whose need for some good luck might overcome their normal caution.

One of the best gifts scammers will get this year will come from retailers. Shoppers and analysts are already reporting shortages of the hottest Christmas gifts this year, as retailers try to avoid getting stuck with merchandise that they can’t move quickly.  This inventory shortage may force some shoppers to take greater risks than they normally take, and  scammers won’t miss the opportunity to take advantage of busy shoppers who are so determined to get that elusive holiday gift this year that they are willing to do whatever it takes.

This holiday season there will be the inevitable rehash of the same scams we’ve seen in previous years, but the tides have changed and the scammers are becoming more professional, convincing, and ultimately, more effective.  Today’s breed of cybercriminals now pose the greatest threat to holiday shoppers because they have the skills, savvy, and resources to con even the most battle-hardened shopper.

Some of the newer scams you may come across include:

• Which Tweeples Can You Trust? Don’t Fall for the Tweet Trap! Scammers fully understand the power and reach of social networks, and gathering places like Facebook and Twitter are a feeding ground for all kinds of thieves. The biggest threat to be wary of this year is the “Tweet Trap” – a message that appears to be from a trusted friend or follower passing on some great news, a real bargain, or a worthy cause, but instead hides spam, phishing fraud, or a malicious download.
• Need to Make More Money Fast? How Your Dream Job Can Turn Into a Complete Nightmare. With so many people facing a tougher holiday than usual, it is not surprising that heartless crooks will try to appeal to consumers’ emotions with offers of instant income and risk free financial solutions.  One of the most dangerous versions of this scam advertises very appealing and convincing part-time jobs, with no experience or training required.  Behind this scam lies a very sophisticated and well-orchestrated criminal system that scams banks, credit card companies, consumers – and ultimately job hunters.  The job specifications typically require the job applicant to simply receive and then forward packages on behalf of a foreign company, and get paid thousands of dollars a month for what seems like easy work. The new employees quickly finds themselves “promoted” into receiving and forwarding payments instead of packages, which should be another red flag for most of us. Of course, the packages and payments turn out to be obtained fraudulently, turning that dream job into a costly nightmare and often turning the job seeker into a criminal accomplice.
• Trojan Infections: The Gift that Keeps on Giving (Your Money Away!) The goal for many hackers this year will be to give you their own special gift, like a Trojan infection on your computer. Once in residence on your computer, these Trojans can easily grab your bank account and credit card login info, disable your security software, and sneak into your bank account by pretending to be you. Trojans are even smart enough to quietly drain your bank account over the holiday period based on the assumption that you’ll be too busy to check exactly how much you’re spending until the New Year.
• Attaining the “Rare Find” Gift – Too Good to Be True? You bet. Traditionally this kind of scam has focused on promising shoppers the hard-to-find gift at an irresistible price. In most cases the gift doesn’t exist, doesn’t arrive, the seller demands far more for it, or simply steals the shopper’s credit card information.  But this year, hackers are upping the stakes by hacking into the search ranking systems of the major search engines like Yahoo! and Google so that their fraudulent or malware-infected web sites appear at the top of shopper searches.  And most shoppers still believe that if a Web site is at the top of a search engine’s list, it has to be legitimate.

The good news is that you can slam the door on scammers, and all it takes is a little common sense:

• Take a tip from online merchants and “trust but verify.” Whether it’s online shopping searches, incredible gift offers, or holiday wishes from your Twitter “Tweeps” or Facebook friends, the best way to avoid gift-wrapping yourself for scammers this year is to turn your cynicism on to the highest level.  If you think before you click, you might just play Grinch to an identity thief.
• If your bank or credit card company sends you an email or even calls to warn you of insufficient funds or other problems with your account, contact them directly using the customer service numbers posted on their Web sites. Don’t respond to their emails or to any number they provide in an email or phone message.
• Watch your bank account balances daily. Trojans are smart enough to quietly drain your bank account over the holiday period based on the assumption that you’ll be too busy to check exactly how much you’re spending until the New Year.
• Don’t give a gift to digital burglars by Tweeting about your holiday plans (like when you’re going to be out of town) or all the cool stuff you bought.  Otherwise your new purchases may end up under someone else’s tree.
• Close the door on Trojans. The best way to avoid them is to:
  1. NOT  open attachments or click on email links
  2. Be careful where you surf and stick to “neighborhoods” where you really feel safe
  3. Regularly patch your computer and update your anti-virus and other security software.
• Give someone the gift of an identity monitoring service. It might not sound romantic, but it’s one of those gifts that will truly keep on giving, and will be treasured forever.

Related posts:

1. Social Networks Increase Risks to Online Privacy There’s so much being written and said about the risk...
2. Identity Theft: An International Conspiracy One of the reasons it has been difficult for the...
3. Be Prepared to Establish Your ID When Red Flag Rules Go into Effect For years I’ve said that identity theft is a complex...

Related posts brought to you by Yet Another Related Posts Plugin.

Welcome to the IDGuardian Podcast. On alternating weeks, we will present our contributors columns in brief audio or video segments. These media segments can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Matt Sarrel, Executive Director of the Sarrel Group, an editorial services, product test lab, and information technology consulting company. Matt has written and spoken internationally on information technology and information security. He is also a passionate gamer and audiophile, and brings all of this together in his writings, lectures, and consultancy.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Related posts:

1. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
2. The IDGuardian Podcast: Episode #009 — An Action Plan Welcome to the IDGuardian Podcast. These audio and video columns...
3. The IDGuardian Podcast: Episode #002 — Looking Back to Look Ahead Welcome to the IDGuardian Podcast. On alternating weeks, we will...

Related posts brought to you by Yet Another Related Posts Plugin.

For years I’ve said that identity theft is a complex problem that requires cooperation between consumers, business and law enforcement.  In June, 2010, the Federal Trade Commission (FTC) will begin enforcing the “red flag” rules on thousands of businesses and organizations with consumer accounts.

The rules are designed to prevent identity fraud and require businesses that handle sensitive consumer information to have a plan in place to detect suspicious activity, or patterns of activity, that could result in fraud.  The rules affect a host of accounts, including credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts.

Most consumers won’t experience any changes in the way you do business with these companies.  But in case you trigger a red flag, or plan to open a new account after June 1, you should be prepared to confirm that “you” are really “you” and explain facts that can trigger a “red flag.”

For example, a red flag could be triggered if your address on a credit application doesn’t match the address on your credit report, or if there is a fraud alert on your credit report. Expect the creditor to take extra steps to authenticate your identity by requesting additional identification or by asking questions only you can answer.

You should prepare for added scrutiny when opening a new account or applying for a loan.  First, take more than one form of identification – a drivers license and a passport or other government-issued identification document.  Second, be prepared to answer one or more probing questions about yourself or your financial affairs – addresses of past residences or the name of the company that hold your mortgage.

These rules may seem inconvenient or overly cautious to many consumers, but they are designed to help you by keeping the crooks from pretending to be you.  My goal is to make identity theft prevention a part of our learned safety behaviors, like putting on a seatbelt.  You don’t think twice about it.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The Washington Post and National Public Radio (NPR) recently released stories about personal data compilation and the security and privacy of that data. According to the Washington Post’s article, the national study from the Fordham University Center on Law and Information Policy concludes that states may collect and store more information that is necessary from elementary to high school students and raises the question on the security and vulnerability of that data.

NPR’s All Thing’s Considered aired Online Data Present a Privacy Minefield focusing on the distribution and flow of personal information as it is collected from an identifiable source and distributed to another.

Technology is both a blessing and a curse. It has allowed us to move in to a digital world where we are more efficient and productive, but it subjects us to an environment where our personal information is not personal anymore. Each of us has our own set of activities and behaviors and personal identifiers that define us. That’s our identity. But the concept of identity has changed over the years with the explosion of the digital age, exposing our identities even more. Facebook, Twitter, email, online purchases, visits to the doctor’s office, and everyday mundane activities like grocery shopping and using your reward savings card requires us to our personal information to get what we want.

Even if you have limited your activity online and have been cautious with your personal information, the average adult still has thousands of pieces of data associated with them. For example, if you register to participate in a sports event like a 10K race, you must provide your name, address, phone number, and date of birth. This is information is then sold to other vendors who will market their products or events to you, and may collect additional information, and then sell that information to another vendor, and so on. So one innocent application to participate in a sporting event can equate to your personal information being sold and distributed to a dozen more vendors who match that information to other lists with more of your personal data that builds a more complete profile of you. You have no control over how far and wide your personal information can be distributed.

Many of us have established habits and lifestyles that, quite frankly, we don’t want to change. We like the convenience and benefits associated with loyalty/rewards programs, online shopping, and social media networks. Our information is already in cyberspace in so many different shapes and forms that it’s not likely we can pull it back and start over again. But we don’t need to panic. What we can do is be more vigilant about who we share our information with and ask why it is needed. Does the retailer really need your phone number? (They don’t; it’s for marketing purposes only.) Does your son’s baseball team really need a birth certificate? (Have them verify your son’s age at school.) Ask questions and if you don’t like the answer you get, don’t provide the information.

Identity thieves are having a field day with the unending trail of information that is accessible to them through social networking sites, and openly available through Google searches. Think before you post or share any information with friends or family. The best defense against identity theft is to protect yourself and to make yourself aware of what information is out there on you (personal, credit, etc.) and to review if for accuracy. Remember, criminals use bits of data to find ways to infiltrate your personal space and computer so they can gather highly confidential information to steal. Protect your data, protect your computer and methods of transmitting data, and be on guard against phishers, keyloggers, and other “collectors” that may attack your phone or your computer in search of highly confidential keys to your financial resources.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

IDGuardian is now available on iTunes. If you have the popular media player on your computer, you now can use it to subscribe to the IDGuardian podcast. (And it’s free!) Here’s how you do it:

Step 1: Make sure you have iTunes installed on your Windows or Macintosh computer.

Step 2: Click here to go directly to IDGuardian’s page on iTunes.

Step 3: Single click the “Subscribe” button.

Step 4: Listen through iTunes.

If you have an iPhone, iPod, or some other mp3 player, you can follow directions native to each portable player and take the IDGuardian podcast with you. If you like what you hear or wish to comment on a specific show, feel free to leave a review on iTunes and tell a friend about IDGuardian.com.

Do you have a topic you’d like to see covered here?
What would you like to see added to IDGuardian?
Let IDGuardian.com know
what you would like our contributors to address.
Thanks for giving our podcast your attention,
and stay safe online.

Related posts:

1. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling Welcome to the IDGuardian Podcast. You can download and enjoy...
2. IDGuardian on Twitter For those of you following IDGuardian on Twitter, you may...
3. About IDGuardian IDGuardian.com is the trusted source of information concerning identity exposure,...

Related posts brought to you by Yet Another Related Posts Plugin.