Prevent A Breach

Study warns of facebook ID privacy risks

2011-08-02T13:10:00.000-07:00

A new study raises privacy concerns about the ability to correctly identify people and parts of their Social Security numbers by matching pictures taken in public with images and information they post on social networks such as Facebook , Twitter or Google +.
The study by researchers at Carnegie Mellon in Pittsburgh found that they were able to correctly ID student volunteers about a third of the time using pictures shot with a webcam and information they posted to Facebook.
The first five digits of their Social Security numbers were correctly determined about 27 percent of the time.
The study was funded principally by a grant from the National Science Foundation, with support of Carnegie Mellon and the U.S. Army.
Prof. Alessandro Acquisti, the study's author, told the Wall Street Journal that Facebook is becoming a de facto ID service because of the amount of information and pictures it has from its 750 million users worldwide.
"We call it the democratization of surveillance," he said.

Is Your Agency Vulnerable to Identity Theft?

2011-07-25T08:24:00.000-07:00

Identity Theft is the fastest-growing crime in America and it is destined to get worse before it gets better. How do we know? Just look at the facts here in Alabama.

The Federal Trade Commission complies statistics every year regarding identity theft complaints per 100,000 residents. In 2007, Alabama ranked#37 nationally. We rose to #35 in 2008 and in 2009, we were #27. According to the March 11, 2011 issue ofThe Birmingham Business Journal, Alabama had risen to #15 nationally in identity theft complaints. To move from #37 to #15 may be great for college football teams, but with identity theft complaints it means we are going the wrong way!

How does this impact Big "I" insurance agency members? It has a monumental effect on the way we do business in the present day as well as moving forward.

In 2003, Congress passed the Fair & Accurate Credit Transactions Act (FACTA). There are two key components to this legislation. First, it required that every American have the opportunity to receive a free copy of his/her credit report once a year from each of the three credit reporting agencies. Second, any businesses that accepted debit or credit cards were required to "truncate the numbers," that is "xxxx" out all but the last four digits on the cards/ receipts along with the expiration date.

The section of the legislation affecting agencies is this... effective July 1, 2005, every business owner-whether public or private, for profit or non-profit, or employing any number of employees - must be taking "reasonable measures" to insure that non-public information is not compromised. If a customer, client, vendor, contractor, employee or prospective employee can trace the theft of their identity to your agency, you could incur serious liability.

Furthermore, in the last few years, the FTC added the "Red Flags Rule." This stipulates that any business running credit on another individual or business is required to supply training for all employees regarding the handling of sensitive and non-public information. The deadline for implementation of this training was December 31, 2010.

This by no means states that all agencies need to undergo Identity Theft Risk Management Training with specific emphasis on the Red Flags Rule. First, if your agency runs credit on individuals and/or businesses as part of your daily functions, you might want to check into whether or not this training applies to you and your employees. Second, even if it not required by law, doesn't it just make good business sense to train all your employees on the handling of personal identifying information that could compromise someone's identity and discuss your course of action if the unthinkable did occur?

Here are some items to think about to protect your clients' personal data:

How are your files stored? Do the files that need to be secured have locks on them? Are you logging off of computers before leaving the office for lunch, going to the restroom, leaving at the end of the day? Is your website secure and or encrypted? Are your emails encrypted? Who empties trash cans every evening? Are those individuals trustworthy? Are sensitive items discarded appropriately?

These are just common sense tactics that can go a long way to insure the safety of information in your agency. When was the last time you trained your employees in this area of identity theft risk management? Make a point to do so before the end of the year.

This article is written by Jimmy Parrish of TBG Fraud Solutions in Birmingham. Jimmy is a Certified Identity Theft Risk Management Specialist. A 12-year veteran of the identity theft industry, he is an Associate Member of AIIA and offers identity theft risk management train to business accounts of all sizes in 27 states. Contact Jimmy at 205.585.8595.

Employee Error Causes Data Breach of 3.5 Million TX Employees

2011-04-12T11:15:00.000-07:00

Communicating data between entities always opens the door to opportunities for mistakes, and that is what has happened for the State of Texas Comptroller. Today we are learning that 3.5 million state employees, teachers, and retirees personal information has been available on a publicly accessible server for up to a year.

It is an example of having good policy, but not having it followed and it has resulted in those involved being fired. The difference between what your policy says and what your employees do is one of the greatest data breach vulnerabilities for your organization. This is a prime example.

The policy said that when data is transfered between the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas that the data must be encrypted, and kept on a protected server. Smart policy, poor execution, and now names, addresses, social security numbers, and for some drivers license numbers and dates of birth were made available for anyone to find.

Are your employees doing what that policy, so neatly tucked up on a shelf, says they should do? Do they have a proper awareness of the issues a data breach causes the organization, and the impact for those that have their information lost or stolen? If not maybe they are also taking shortcuts, not taking the extra precaution they should be, and not worrying much about it.

After all the Texas Comptroller possibly like your organization has never had a breach before, is it really a big deal?

A great question for those that just got pink slips, and now have 3.5 Million folks prepared to ring their neck!

2011-01-12T15:50:00.000-08:00

The 12 SCAMS OF CHRISTMAS

By Jimmy Parrish of TBG Fraud Solutions

December is the most prevalent time of year for one's identity to be stolen. Identity Theft continues to be the fastest-growing crime in America. Big "I" agencies can do their clients a favor by keeping them informed of developments in this area that could affect their possessions and personal information... especially during these tough economic times.Last month McAfee, Inc., released "The 12 Scams of Christmas." These are defined as the most dangerous online scams this holiday season. "Scams continue to be big business for cybercriminals who have their sights set on capitalizing on open hearts and open wallets this holiday season," said Dave Marcus, director of security for the California-based security software company. "As people jump online to look for deals on gifts and travel, it is important to recognize common scams to safeguard against theft during the busy season ahead."
1. iPads: With Apple products topping lots of shopping lists this holiday season, scammers are busy distributing bogus offers for free iPads. McAfee found that in the Spam version of the scam, consumers are asked to purchase other products and to provide their credit card number to get the free iPad. 2. HELP ME! This travel scam sends phony distress messages to family and friends requesting that money be wired or transferred so they can get home. 3. Fake Gift Cards: Cybercrooks use social media to promote fake gift card offers with the goal of stealing customers' information and money, which is then sold to marketers or used for identity theft. One recent Facebook scam offered a "free $1000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a look-a-like. To apply for the gift card they had to provide personal information and take a series of quizzes.
4. Job Offers: As people seek extra cash for gifts this holiday season, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.
5. Smishing: Cybercrooks are now "smishing," or sending phishing SMS texts. These texts appear to be coming from your bank or online retailer saying there is something wrong with an account and you have to call a phone number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets.

6. Holiday Rentals: Cybercrooks post fake holiday rental sites that ask for down payments or properties by credit card or wire transfer.7. Recession Scams: Scammers target vulnerable consumers with recession-related scams such as pay-in-advance credit schemes. McAfee said it has seen a significant number of scam emails advertising pre-qualified, low-interest loans and credit cards if the recipient pays a processing fee. 8. Greetings: E-cards are a convenient and earth-friendly way to send greetings to friends and family, but cybercriminals load fake versions with links to viruses and malware. 9. Price Taps: Shoppers should be cautious of products offered at prices far below those of competitors. Cyberscammers use auction sites and fake websites to offer too-good-to-be true deals with the goal of stealing your money and information.10. Charity Scams: Common ploys include phone calls and spam emails asking you to donate to veterans' charities, children's causes and relief funds for the latest catastrophe.
11. Downloads: Holiday-theme screen savers, jingles and animations are an easy way for scammers to spread viruses and other computer threats, especially when links come from an email or IM that appears to be from a friend.12. Wi-Fi: During the holidays many people travel and use free Wi-Fi in places like hotels and airports. That is a tempting time for thieves to hack into networks hoping to find opportunities for theft. In summary, PLEASE BEWARE this holiday season and alert your clients to be safe and consider identity theft insurance to protect themselves and their possessions. It is a small investment to protect a lifetime of savings. Plus, it gives them peace of mind that someone is monitoring their sensitive information.

Facebook Safety Tips to Stop Social Networking Hangovers

2010-10-29T08:13:00.000-07:00

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.

There is no denying that Facebook and other social networking sites have a very luring appeal. You can sit in the comfort of your own home and suddenly have a thriving social life. You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles. It is easy to see why Facebook has acquired over 500 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.

Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace. It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one. The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves. It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.

Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.

Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission. It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.

Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:

1. Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.

2. Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others.

3. Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.

Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.

Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.

Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

Don’t be fooled by ‘friends’ – social network hackers are in for the kill

2010-10-25T07:55:00.000-07:00

Social network hacking and security breaches are becoming more and more prominent these days. Hackers set up fake profiles and attempt to gather personal and confidential information as your ‘friend’, using malicious code and malware to infiltrate systems. Hackers rely on the trust and ignorance of other social network users to gain access to private information from their computers.

(full Story)

Facebook Inc. have been transmitting YOUR identifying information...

2010-10-18T09:19:00.000-07:00

Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found. Continue reading at The Wall Street Jounal

Teacher Schooled In Facebook Privacy Policy

2010-08-23T09:28:00.000-07:00

Facebook's share-everything-with-everyone default settings appear to have blindsided ex-teacher June Talvitie-Siple, who lost her job after making unflattering comments about her students and their parents.

Talvitie-Siple, of Cohasset, Mass., allegedly called students "germ bags" on her Facebook page, where she also stated that she continually caught new illnesses from them. She additionally allegedly wrote that her students' parents are "arrogant" and "snobby." Some parents saw the posts and complained, following which Talvitie-Siple was asked to resign.

She reportedly says she believed her posts were viewable only by her contacts -- apparently because she didn't realize that Facebook recently changed most of its default privacy settings to share-everything-with-everyone. Of course, comments like Talvitie-Siple's could have backfired without Facebook. (Full Story)

7 Things to Stop Doing Now on Facebook

2010-07-13T11:03:00.001-07:00

Using a Weak Password

Avoid simple names or words you can find in a dictionary, even with numbers tacked on the end. Instead, mix upper- and lower-case letters, numbers, and symbols. A password should have at least eight characters. One good technique is to insert numbers or symbols in the middle of a word, such as this variant on the word "houses": hO27usEs!

Leaving Your Full Birth Date in Your Profile

It's an ideal target for identity thieves, who could use it to obtain more information about you and potentially gain access to your bank or credit card account. If you've already entered a birth date, go to your profile page and click on the Info tab, then on Edit Information. Under the Basic Information section, choose to show only the month and day or no birthday at all.

Overlooking Useful Privacy Controls

For almost everything in your Facebook profile, you can limit access to only your friends, friends of friends, or yourself. Restrict access to photos, birth date, religious views, and family information, among other things. You can give only certain people or groups access to items such as photos, or block particular people from seeing them. Consider leaving out contact info, such as phone number and address, since you probably don't want anyone to have access to that information anyway.

Posting Your Child's Name in a Caption

Don't use a child's name in photo tags or captions. If someone else does, delete it by clicking on Remove Tag. If your child isn't on Facebook and someone includes his or her name in a caption, ask that person to remove the name.

Mentioning That You'll Be Away From Home

That's like putting a "no one's home" sign on your door. Wait until you get home to tell everyone how awesome your vacation was and be vague about the date of any trip.

Letting Search Engines Find You

To help prevent strangers from accessing your page, go to the Search section of Facebook's privacy controls and select Only Friends for Facebook search results. Be sure the box for public search results isn't checked.

Permitting Youngsters to Use Facebook Unsupervised

Facebook limits its members to ages 13 and over, but children younger than that do use it. If you have a young child or teenager on Facebook, the best way to provide oversight is to become one of their online friends. Use your e-mail address as the contact for their account so that you receive their notifications and monitor their activities. "What they think is nothing can actually be pretty serious," says Charles Pavelites, a supervisory special agent at the Internet Crime Complaint Center. For example, a child who posts the comment "Mom will be home soon, I need to do the dishes" every day at the same time is revealing too much about the parents' regular comings and goings. (See Full Story)

Should a teacher’s Facebook posts ruin her career?

2010-06-11T11:55:00.000-07:00

A former high school teacher is suing a north Georgia school district, alleging she was forced to resign over photos and expletives on Facebook.

Ashley Payne contends that the Barrow County school district violated state labor law because she was never told she was entitled to a hearing. Her attorney, Richard Storrs, says the 24-year-old former Apalachee High School teacher was “not made aware of her rights” and should be granted the hearing.

After teaching at the school for two years, Payne resigned in August after her principal questioned her about her Facebook page, which included photos of her holding wine and beer and an expletive.

(Payne told the Athens Banner Herald it was the “B” word that landed her in hot water with her principal. She posted it in the context of saying she was going to an Atlanta restaurant that featured a game called Crazy “B” Bingo. Here is a link to the bars that hold Crazy Bxxxx Bingo games.) According to the AJC.com

Breach-Proofing your organization brings many benefits...

2010-06-03T08:50:00.000-07:00

Roanoke City Public Schools Surplus computers sold containing 2000 employees’ names and Social Security numbers...

University of Louisville A database with the names, social security numbers and other personal information of 708 dialysis patients was accessible via the Internet for more than a year, university officials announced Wednesday morning.

In order to prevent data breaches before they occur requires building a “Breach-Free Culture” within your organization. Properly training employees across all areas of your business is a necessary component to breach-proofing your organization.

Another reason to incorporate training into your data breach prevention efforts is that, although cyber-criminals may get the headlines and media attention, the fact is that more than 88% of all breaches are caused by human error and process failures. Technology can't stop someone from making mistakes, however, training that changes behavior can!

Breach-Proofing your organization brings many benefits. We've all seen the statistics... Data breaches cost an average of $202 per record lost... 40% of consumers change their relationship with affected businesses... fines for non-compliance with the law can run into tens of thousands of dollars... lawsuits cost hundreds of thousands of dollars to defend and even millions of dollars to settle.

Creating a Breach-Proof Culture, where employees across all departments and areas share a heightened sensitivity, understanding and commitment to eliminating breaches can reduce your organizations risk.

University of Toledo, 200 reported incidents of Identity Theft...

2010-05-17T09:56:00.000-07:00

At the University of Toledo, there have been 200 reported incidents of credit card and identity theft of students, faculty and staff in the past year, according to Marge Dell, head teller at UT’s Credit Union.

According to Dell, five of those incidents occurred on-campus.

“We had a counselor here that had their identity stolen by her secretary,” she said. “They actually took a mortgage out for their house for $80,000.”

Joseph Slater, professor of law instruction, became a victim of identity theft after someone obtained his social security number and home address in late 2004.

“I would get things in the mail from Circuit City saying, ‘thank you for opening up an account with us. You have reached your $600 limit. Please pay us,’” Slater said.

The man who stole Slater’s identity used his information to max out six credit card accounts with stores in Atlanta, Ga. and was not caught until the seventh account he tried to open... The Federal Trade Commission estimates 9 million Americans have their identities stolen each year.

According to Dell, five of those incidents occurred on-campus.

“We had a counselor here that had their identity stolen by her secretary,” she said. “They actually took a mortgage out for their house for $80,000.”

Joseph Slater, professor of law instruction, became a victim of identity theft after someone obtained his social security number and home address in late 2004.

“I would get things in the mail from Circuit City saying, ‘thank you for opening up an account with us. You have reached your $600 limit. Please pay us,’” Slater said.

Copy Machines, a Security Risk?

2010-05-06T08:12:00.000-07:00

This year marks the 50th anniversary of the good, old-fashioned copy machine. But, as Armen Keteyian reports, advanced technology
opened a dangerous hole in data security...

The House of Representatives has passed a bill outlawing all caller ID spoofing

2010-04-15T15:42:00.000-07:00

The House of Representatives has passed a bill outlawing all caller ID spoofing "with the intent to defraud or deceive".

So no more prank calls - but more importantly, no more calls from criminals aiming to trick people into giving away banking information.

The sponsors of the bill, Eliot Engel and Joe Barton, cited an identity theft operation in New York City which netted its operators more than $15 million - and another where a woman used the caller ID of a pharmacist to trick a love rival into taking an abortion drug. See Full Story

Facebook has begun warning its users...

2010-04-14T08:44:00.000-07:00

Facebook has begun warning its users to avoid bogus links and fan pages that offer free gift cards because they are scams aimed at stealing user identities.

Facebook Security says it tries to remove these links and pages as quickly as it finds them.

"Watch out for suspicious offers for free gift cards," the site warns. "We've been removing groups and Pages that promise free gift cards but instead trick people into entering information or spamming their friends. If you come across one, report it to us immediately." (Link to full Article)

Colorado patients mailed protected health data; investigation under way

2010-04-07T07:28:00.000-07:00

Since March 29, the Boulder Community Hospital (BCH) in Colorado has been contacted by patients of Lafayette, Colo.-based Family Medical Associates (FMA), who were mailed copies of their own protected health information by an anonymous source. An accompanying letter claims that the information was stolen from Community Medical Center’s recycling bins, according to BCH.
Colorado patients mailed protected health data; investigation under way

New Privacy Concern for Americans

2010-04-01T14:02:00.000-07:00

There is a new privacy concern for Americans because of a new website called Spokeo.com. All anyone has to do is enter your name on the website and it pulls up a list of personal information from addresses, to interests and even credit scores. Spokeo is a fairly new website but it’s already got many people upset and worried about their p... (Read Full Article)

Citibank apologizes after exposing 600,000 Social Security numbers

2010-03-12T06:40:00.000-08:00

Citibank representatives call it a processing error, which doesn’t sound too serious. But for more than half a million Citibank customers who received mail from the credit card company with their Social Security number printed on the outside of the envelope…it was more than a little disturbing. (Read Full Article)

New technology's impact on identity theft

2010-02-12T06:29:00.000-08:00

Qing Hu, a professor and chair of logistics, operations and management information systems at Iowa State, says those new technologies won't even make a dent on the identity theft problem.

"Identities are sold around the world quickly after they are stolen through online auction sites operated by organized crime or hackers, and they are used for a number of purposes -- most of which do not need a personal presence where a retina scan might be used," said Hu, who has been conducting research on corporate information security management and user behavior toward information security technologies since 2005.

"They [stolen identities] can be used to apply for new credit cards, making duplicate cards for online purchases of digital services and products where physical delivery is not needed -- online games, pornographic material, music download, fake account for money laundering, etc.," he said. "It is rare that a criminal would take a fake ATM card to go to a physical machine to take cash out, knowing that almost all ATMs today have cameras to record every transaction."

Steffen Schmidt, a University Professor of political science who is also a researcher in ISU's Center for Information Protection, shares Hu's information security outlook amid new technology. The co-author of two books on preventing identity theft -- "Who Is You: The Coming Epidemic of Identity Theft" (The Consortium, 2005) and "The Silent Crime: What You Need to Know About Identity Theft" (Twin Lakes Press, 2008) -- Schmidt predicts identity theft will only escalate with technological advancements.

Study: Identity theft hits record high

2010-02-10T12:43:00.000-08:00

Criminals use social networks, online transactions to gather victims' information.

More people in the United States are falling victim to identity fraud. A study by Javelin Strategy & Research showed that the number of victims jumped by 12% to 11.1 million adults in 2009, the biggest increase since the survey began in 2003. Identity fraud continues on the upswing and we believe it will continue to rise if consumers fail to take proactive steps to prevent fraudsters from taking advantage of their offline and online transactions and their increasingly exposed personal information on social networks. The study said that total overall fraud rose by 12.5% to $54 billion. The perpetrator is often someone the victim knows, such as a family member or presumed friend, according to Javelin founder James Van Dyke. The number of new credit card accounts opened fraudulently rose 39% in 2009, with new online accounts more than doubling, and the number of new e-mail payment accounts rising 12%. The study also found that 29% of identity-fraud victims said that mobile phone accounts were fraudulently opened in their names.

We must be vigilant with whom you are sharing your personal information and where you are sharing it.

The Consequence of Even a Small Data Breach

2010-02-06T00:20:00.000-08:00

We often discuss with our clients the substantial increase recently in the cost of experiencing a breach of data. One aspect that isn't often considered in that increase is the new power of social media in our world. I experienced this recently when I was scheduled meet with a medical practice administrator and was unsure of this clinics location. Not to worry with the power of maps and Google on my I-Phone I'm a direction genius. (Never again can my wife make me ask for directions!) A couple key clicks later the top link in Google provided the information I needed on Citysearch.

Of course I noticed (as everyone else that Googled this clinic would have) that they were only given 2 out of 5 stars based upon their reviews. Curious as to why one click later I learned they have a very upset patient who shared the gory details of her medical chart that was lost by this clinic and her confidence in the fact that if you work with them they will also lose your information!!

Ouch! One person now has that much power. The story wasn't broadcast on the nightly news, not in the local paper, just where vast majority of new patients would go to find your location.

It's been reported that it costs $200+ per record lost when a breach is experienced. Somehow for this clinic I think that it is substantially higher.

Online Social-Networking / ID Theft

2010-01-31T15:05:00.000-08:00

If you’re a fan of Facebook, and an active user of the social-networking site, then you might be at risk of becoming a victim of identity theft. A story by the Miami Herald detailed all the ingenious ways that cyber criminals can steal your identity by using Facebook as the bait. The Herald story cites this popular scam: You’ll find a message in your Facebook inbox from either someone you don’t recognize or someone you rarely talk to. The subject line might be something like, “Is this you in this video?” When you open the message, you’ll find a link to a Web site. If you click on it, your computer will download a program that collects your personal information and then sends it across the Internet, where cyber criminals will happily collect it.

Protecting Yourself From Identity Theft

As social-networking sites like Facebook and Twitter have exploded in popularity, the risk of identity theft has skyrocketed. But social networkers can take steps to protect themselves. And most of these require little more than common sense. For instance, if you get an e-mail message in your Facebook inbox from someone you don’t recognize, delete it without opening it. If your curiosity gets the better of you and you can’t resist clicking open the message, don’t click on any links in the message. These links often lead to programs that will download your personal information. Be wary, too, of invitations to Facebook events from people you don’t recognize. Often these fake invites will take you to Web pages that look like Facebook events, but are actually Web sites that download malicious software onto your computer.

CBC News - Windsor - Private data of 8,600 Ont. teachers compromised

2010-01-29T11:49:00.000-08:00

Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen, CBC News has learned.
The three laptops contained names, addresses, birth dates and social insurance numbers of about 8,600 teachers, most of whom work at elementary schools for the Toronto District School Board.
The computers were stolen from the Waterloo, Ont., offices of the Ontario Teachers Insurance Plan on Dec. 3.
The organization provides insurance for teachers across the province. The affected teachers were informed of the theft earlier this week, said a spokeswoman for the non-profit insurance organization.
In a notice posted on its website, the organization said it found out about the theft Dec. 4. The group did not say when it determined that sensitive data may have been compromised.
"As soon as we did determine that there was member data involved we set out to put a plan together to notify the members who were affected," Julie Millard told CBC News on Wednesday.
The thieves also broke into a cafeteria cash register and tried to break into a closet containing office supplies, the organization said. No arrests have been made.
Waterloo Regional Police have characterized the theft as a routine "smash and grab."

Numerous possibilities for fraud

But Ken Anderson, Ontario's assistant privacy commissioner, said the situation may not be so cut and dried.
"There are actually professional theft rings now that are looking for laptops, BlackBerrys [and] other portable devices where they can get the information … they strip it out and it can be used in many ways."
For instance, the information can be used to obtain false passports and fake credit cards or for re-mortgaging a victim's home.
Anderson, who is charged with ensuring the government keeps public data safe, said it's "as important, and indeed in some cases, maybe even more important, that the private sector protects your information, especially if it's in a digital format."
Millard acknowledged none of the data on the laptops was encrypted but said the computers were password-protected.
She said a consulting firm is giving teachers advice about preventing fraudulent use of their information, including being told to call credit-rating agencies to flag the theft.
"We believe their identity is safe because of the measures we're taking to protect them," she said.
"Our goal right now is doing the right thing for the members that were affected and examining all of our security policies and procedures and improving [them]."
Teachers who think they might be affected by the theft but have not been contacted are advised to call the insurance firm at 1-800-267-6847.
News of the theft comes a month after a health worker in Whitby, Ont., lost a USB key containing the names and OHIP numbers of 80,000 people in Durham Region. Data on the key wasn't encrypted either.
This prompted Ontario's privacy commissioner to order government agencies to encrypt personal information on devices such as USB keys and laptops.

Read more: http://www.cbc.ca/canada/windsor/story/2010/01/27/teachers-laptop-data494.html#ixzz0e266Qmqh
CBC News - Windsor - Private data of 8,600 Ont. teachers compromised

Beware Haiti Charity Frauds

2010-01-16T22:33:00.000-08:00

Whenever a tragedy takes place in the world Americans step up and illustrate their generosity. In turn every well publicized event creates an opportunity that scam artists inevitable will use to their advantage. A few months ago it was fake Michael Jackson charities and now it is fake charities and scams using the names of legitimate charities to steal funds intended for those in Haiti who need our help.

Please make sure as you give and as you speak to others about giving to the assist those in Haiti, that we remind everyone to be aware of fraud, especially when someone contacts us seeking a donation. The following article reveals some of the scams that are currently being seen.

http://www.cbsnews.com/stories/2010/01/13/cbsnews_investigates/main6092813.shtml

Phishing Application Appears On Google Android Market | Geeky Gadgets

2010-01-12T14:02:00.000-08:00

Phishing Application Appears On Google Android Market | Geeky Gadgets: "It seems that an phishing app has made its way onto Google’s Android Market, in the form of a fake banking application published by an Android developer called ‘Droid09′.
The application was attempting to get hold of users banking information, and it was spotted by the First Tech Credit Union, here is what they had to say about it.

We recently learned that a fraudster developed a rogue Android Smartphone app. It creates a shell of mobile banking apps that tries to gain access to a consumer’s financial information.
Droid09 launched this phishing attack from the Android Marketplace and it’s since been removed. It’s called phishing because scammers go fishing for information about you or your financial account that may be used for identity theft."