This month as part of Cyber Security Awareness Month I had the opportunity to talk to expert, Jennifer Jolly about cyber security, especially about being safer and protecting my privacy on Facebook.
“President Obama designated October as National Cyber Security Awareness Month. National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.”
Jennifer and I discussed:
What are three quick steps you can take to help make sure only the people you want can see your stuff?
What are some security controls that are available to protect our accounts and privacy?
How can login approvals help to keep our Facebook account safe?
Why is it so important to have unique passwords for our social media accounts?
How can we control what information we share with apps when we login using our Facebook account?
Why do we need to periodically review the apps connected to our accounts and clean house? What is an easy way to do this?
Where can we go to for more information?
Our interview is audio, so grab a pen and paper and take a few notes. I was surprised at how fast and easy I was able to tighten up the security and privacy settings on my personal Facebook page – and how many apps I had actually given access to. You will be too!
Jennifer Jollyis an Emmy award-winning consumer tech journalist and “geek speak translator.” She’s one of the nation’s most trusted experts when it comes to reviewing and explaining consumer electronics and the days’ top tech trends. A 20-year broadcast industry veteran, Jennifer writes the weekly New York Times Wired Well column and is the host and syndicated columnist of TechNow. Jennifer is also frequent guest contributor for the Today Show, The Meredith Vieira Show, The Talk, CNN, HLN, Dr. Oz, and the Rachel Ray Show.
Today’s award for the least convincing spam message goes to the “purchase order” I received. The funny thing is I don’t sell anything so I’m not sure how it could possibly pertain to me. It just goes to show they grab, harvest or purchase email addresses and then send them out in bulk, sort of like fishing with a bucket of bait. With that much bait you are sure to catch something.
If you receive something like this one, which also has a “zip” file to download my suggestion is to send it to spam and keep going. What are the keys to knowing this isn’t a real purchase interest?
It was in my spam folder – which I do check regularly since sometimes items are mistakenly marked as spam.
The problems with grammar and punctuation.
The fact that I don’t sell any items.
And, that it’s “near” somewhere in Egypt.
That it has a zip file. Beware of downloadable files, links, and images, especially those that come from those you don’t know.
Sample Email below
A dead giveaway is when my spam filler has this in the RE:
****SPAM**** HIGH * Purchase order-
We are interested to Purchase your product, i got your contact information
from two of our customers.
Please contact us with the following below:-
– Your minimum order quantity.
– Your FOB Prices and FOB Port.
– Your estimated delivery time.
Please fine attached company details and requirements below to preview the samples/specifications needed.
GMCC LTD IMPORT & EXPORT
Sheraton Bldgs. Heliopolis,Cairo
Landmark:Near To Radisson Blu Cairo Egypt
CISA or the Cybersecurity Information Sharing Act of 2015 has not been passed yet. It could be up for a vote as early as next week but it appears that it might be delayed until fall. President Obama has made no promises to veto this bill. The Electronic Frontier Foundation (EFF) believes that grassroots activism can kill this bill like it has other bad cybersecurity legislation in the past.
So, what is CISA? The Cybersecurity Information Sharing Act of 2015 was intended to balance security and privacy. Senate Intelligence Committee Chairman Senator Richard Burr said that fifteen new amendments to the bill were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyber attacks, according to a Wired article from January.
Critics of the bill argue that the bill does nothing to boost security and does nothing to prevent major cyber attacks that endanger the privacy of individuals. EFF argues that the bill encourages companies to share private information with the government and gives them sweeping liability protection when they do so.
“CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers,” says the EFF Week of Action page, “Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That’s why we’re launching a week of action to make sure Congress is getting the message loud and clear: CISA must not pass.”
Organizations that have joined with EFF for Week of Action include the American Civil Liberties Union, the American Library Association, The Constitution Project, and Freedom of the Press Foundation. EFF has a list of organizations that will be participating in the Week of Action and will update it as new organizations join the fight to #StopCISA.
CNN has reported that the major cyber breach of IRS records that happened recently originated in Russia. According to the CNN news report over 100,000 people had their tax returns stolen, but just how big of a breach actually occurred hasn’t been determined yet as the IRS’ Criminal Investigation Unit and the Treasury Inspector General for Tax Administration are still conducting their investigation.
On Thursday, May 28 the FBI also opened their own investigation, and the Homeland Security Department was alerted. None of these agencies are discussing their ongoing investigations with the publci. Essentially, what is known is that the Russians have infiltrated the computer systems in both the White House and the State Department. This isn’t the first time that taxpayer data has been released. Taxpayer’s data security has actually been a problem for many years now (since 1997 according to the testimony about IRS Systems Security given before the Committee on Governmental Affairs at the U.S. Senate on Thursday, April 10, 1997). In fact, the IRS even goes so far as to call this their “number one problem.” With this breach, lawmakers on Capitol Hill began demanding answers.
As Rep. Peter Roskam said, “It’s a problem, no matter where it’s coming from.” However, the IRS isn’t alone when it comes to security breaches. Recently, millions of customers at Target, as well as Anthem Blue Cross, Blue Shield have also had their data compromised. Even Turbo Tax temporarily halted their service because of fraud. So, in today’s day and age, it is more important than ever to keep an eye on our private information. There are even some people who claim that things will get worse before getting better.
Regardless of whether the IRS contacted you or not, it is a good idea to sign up for a credit monitoring service. If you are one of the more than 100,000 households that were affected, the IRS will offer you these services for free. This is a significant step to engage in because this stolen information is oftentimes used to open credit card accounts on which the criminals rack up a lot of fraudulent charges. It is important to understand that even this doesn’t give you a full protection but it does provide for some against criminals who are trying to open new lines of credit in your name.
Most Americans can successfully play the “six degrees of separation” game when it comes to knowing someone whose credit card was hacked in the last couple of years. In fact, stolen Target cards in 2013 alone accounted for $53.7 million in income for hackers. Although many folks remember the Target breach, few people remember that 20 other major data breaches occurred in 2014. The reason, is at least in part, is due to the lackluster security technology in our existing credit cards.
The traditional magnetic stripe cards require only a signature for security purposes, and any security system built around low paid retail employees checking signature verification is destined to fail. Who hasn’t sent a friend or relative off with a credit card to buy gas or to purchase groceries where no one questioned the difference in signature on the back of the card and the signature on the terminal or receipt?
Thankfully, there is a more secure form of credit card. Chip Cards, known as EMV or “smart cards”, add another layer of fraud protection through an embedded microchip that turns card member information into unique codes that is difficult to replicate. Plus, if your card is stolen, thieves cannot use EMV data to create usable counterfeit payment cards.
EMV enabled cards, have been around for about ten years in about 80 countries worldwide, but are only recently being adopted by the US, due to legislation that forces merchants to accept them by October 1, 2015. Currently, about 10-15 million chip credit cards already have been issued to U.S. consumers. Additionally, about one million out of more than 10 million POS (Point of Sale) terminals have already made the transition, and as merchants renew with their existing provider or pick a new credit card processor, they are adding the capability.
What Can You Do Now?
1. Find Out If Your Card Is Available in EMV Format: Check out this page at EMV Connection, which shows an up-to-date list of EMV issuers and the availability of EMV cards in the U.S. You can use this list to know what to ask for when you call your credit card company for a replacement card. Or, you can learn more about the card you may already have in hand. In fact, if you received a new credit card from your issuer sometime in the past year, you may already have experienced the technology without realizing it.
2. Request a Free EMV Enabled Card: Will you need to pay for these chip cards? Not if you already own a credit card. All you need to do is call your card issuer or go online to that issuer’s website and request an EMV card. Although banks have been rolling EMV cards out as renewal card replacements, you may need to ask your issuer specifically for that EMV card if you are traveling soon. Most credit card companies won’t issue a card at any time other than renewal unless you ask.
3. Start Using It Wherever Possible: Most new cards issued will contain both the stripe and the chip. So, if you’re standing at a credit card terminal and you aren’t sure what to do, just enter the card in the card slot. If the EMV terminal isn’t ready for your card yet, the machine will show an error and you’ll be prompted to swipe it. If you try to swipe a chip card in an EMV-activated terminal, the same thing will occur – an error message and a prompt to insert the card differently so the machine will read the chip.
4. Memorize Your PIN: Unmanned terminals at automated kiosks may now ask for a PIN number with EMV cards. This is when you DO need to worry. In the past, card holders didn’t need to memorize their PINs, and now they do. Don’t carry a list of PINs around with you, either, because the risk of that EMV card and your PIN list being stolen is just as high as it’s ever been.
Trading out your old magnetic stripe credit card for a chip enabled credit card provides you with a more secure, but equally convenient, way to pay for your transactions. Additionally, remember, that you should use the chip on your card whenever possible, you shouldn’t carry a PIN list around with you, and you should shred your old cards. Taking these simple measures can go a long way to minimizing the risk of credit card and identity theft.
Rich McIver regularly writes about consumer protection and advocacy as it relates to the credit card processing industry. He is the founder of MerchantNegotiators.com, and can be reached via Twitter or Facebook.
Here’s one of the more interesting messages that my spam folder caught this week. Apparently there’s some money the Federal Bureau of Investigations just can’t wait to give me.
Federal Bureau of Investigation (FBI) Anti-Terrorist And Monitory Crime Division.
Federal Bureau Of Investigation. INTERNATIONAL MONETARY FUNDS
J.Edgar.Hoover Building Washington Dc
Customers Service Hours / Monday To Saturday Office Hours Monday to Saturday:
Dear Beneficiary, Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of $2.3million Usd due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund. The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation and the International monetary funds have successfully passed a mandate to the current president of Nigeria his Excellency President Good luck Jonathan to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes.
Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?
ATM Card: We will be issuing you a custom pin based ATM card which you will use to withdraw up to $3,000 per day from any ATM machine that has the Master Card Logo on it and the card have to be renewed in 4 years time which is 2015. Also with the ATM card you will be able to transfer your funds to your local bank account. The ATM card comes with a handbook or manual to enlighten you about how to use it. Even if you do not have a bank account.
Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire in the next three weeks you will only need to pay $280 instead of $620 saving you $340 So if you pay before the three weeks you save $340 Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop any communication with every other person if you have been in contact with any. Also remember that all you will ever have to spend is $280.00 nothing more! Nothing less! And we guarantee the receipt of your fund to be successfully delivered to you within the next 24hrs after the receipt of payment has been confirmed.
Note: Everything has been taken care of by the Federal Government of Nigeria the International Monetary Funds, The United Nation and also the FBI and including taxes, custom paper and clearance duty so all you will ever need to pay is $280.
DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because UPS have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $620 to $280 nothing more and no hidden fees of any sort!To effect the release of your fund valued at $2.3million Usd you are advised to contact our correspondent in Africa the delivery officer Mr James Morgan with the information below,
Full Name:DANNY BLESSED Email: +++++++@gmail.com Telephone: (512) 240-XXXX
You are advised to contact him with the information as stated below: Your full Name : Your Address: . Home & Cell Phone: Occupation: Preferred Payment Method (ATM & Cashier Check) Upon receipt of payment the delivery officer will ensure that your package is sent within 24 working hours. Because we are so sure of everything we are giving you a 100% money back guarantee if you do not receive payment/package within the next 24hrs after you have made the payment for shipping. Yours sincerely, Miss Donna Story FEDERAL BUREAU OF INVESTIGATION UNITED STATES DEPARTMENT OF JUSTICE WASHINGTON, D.C. 20535
5 tips to help you recognize that it is a spam or phishing email:
If they ask you for money it’s spam/phishing – let’s start with that.
Bad grammar – there are quite a few mistakes in it – including the dropping of articles like “a” “the” look for those mistakes. I’m pretty sure the FBI has someone who proofs their emails before they send them out.
If official it would have come certified mail, not in your email.
If it sounds too good to be true it most likely is.
It’s a plain text with no logo and uses an unusual email address, for example in this case it was +++++@163.com.
Tax fraud is an issue in the United States. The Internal Revenue Service has been taking steps to protect and prevent consumers from become victims of identity theft through tax refund fraud. More than 236,000 tax returns processed last year were considered fraudulent due to identity theft.
“Tax refund fraud associated with identity theft (IDT) continues to be an evolving threat, one that imposes a serious financial and emotional toll on honest taxpayers and threatens the integrity of the tax administration system,” the Government Accountability Office said in a report in August.
Nearly $1.2 billion in refunds were blocked last year. The IRS has been investing in addressing the issue of identity theft for consumers. The number of identity theft returns is down significantly from 2012. The IRS reported that the numbers have been improved because of new filters that the IRS has put in place.
One of the ways that the IRS has been taking steps to prevent identity theft is through the use of personal identification numbers or PINs for those who have been victims tax fraud. PINs are used to keep consumer information protected and private. The number of identity protection PINs issued by the IRS increased from 770,000 in 2013 to 1.2 million in 2014.
The IRS will limit the number of refunds direct deposited into a single account beginning this year. The idea is that the limit to three direct deposits will reduce identity theft. If a taxpayer has more than 3 refunds, the rest will be mailed as a paper check.
The IRS has increased staff assigned to work on identity theft cases that are reported and the agency has increased the amount of information on the website for consumers. Consumers can learn about tax fraud, identity theft, and the ways to report suspicious activity.
Indiana is successfully putting a stop to identity theft due to new security measures. The Indiana Department of Revenue reported that the agency stopped over $88M in identity theft in 2014. Residents of Indiana should expect to see similar security measures in place for the 2015 tax season.
One of the security measures that the Department of Revenue will uses is an identity confirmation quiz. The quiz is two-minutes long and asks taxpayers to verify their identity.
According to WTHR, “The Department of Revenue says the $88 million figure came from stolen or manufactured identity theft tax refunds stopped (out of $800 million in total requested refunds); 74,000 fraudulent returns identified (out of 2.2 million total returns requesting refunds); 3.5 percent of all tax returns were fraudulent.”
The security features in place helped taxpayers realize that their identities had been stolen. Indiana residents, and residents of every state in the U.S., are reminded to take care when giving out personal information and to make sure that private information is secure.
Indiana offers residents a guide on protecting themselves from becoming victims of identity theft through the department’s Stop ID Theft website.
Sony Pictures Entertainment is attempting to recover from a mass hacking that took place earlier this month. The hackers, reportedly from North Korea, sent threatening messages to the studio and to movie fans who were hoping to see the film “The Interview” on Christmas Day. The hackers leaked sensitive personal data, embarrassing emails, and subjected numerous employees to identity theft through the release of Social Security numbers along with a list of high-ranking officials within Sony.
In an attempt to try and make matters right within Sony, the company has offered identity theft protection to directors and writers who work for the studio. Identity theft protection will be offered through AllClear ID. The service was offered to Sony’s 3,803 employees when the massive leaks began. Sony is now offering it to the Directors Guild of America and the Writers Guild of America West.
“The DGA supports Sony in its efforts to combat any ill effects of the attack on DGA members,” the DGA told Variety. “We do not know whether or whose personal information may have been compromised, but Sony is offering one year of identity protection at no charge to any present or former employee who requests it.”
Sony is offering the identity theft protection service for one year, at no charge, to present or former employees who request it and who fit certain criteria.
The three largest movie chains in the nation canceled the Christmas screening of “The Interview” and there are currently no plans for when the film will be released. There is no reports about whether it will get to the big screen or if it will go direct to video.
Hackers have won a round against Sony Pictures Entertainment this week after a devastating cyber attact. Sony pulled “The Interview” from theaters nation wide after the hackers spread fear throughout the entertainment industry. “The Interview” was to be released in theaters on Christmas Day. Sony said they would no longer hold screenings of the film in any of their theaters.
U.S. intelligence has linked the cyber attack on Sony to the North Korean government. The film portrays the fictional assassination of North Korean leader Kim Jong Un. It is believed that the hackers from North Korea were given the order to hack Sony’s computer system targetting sensitive data including emails, financial records and salaries of Sony’s top stars.
It is unclear whether “The Interview” will be released soon. The hackers made threats against Sony by promising movie goers with a “bitter fate” should they head to theaters to screen the film. The hackers threated a 9/11-like attack on all movie theaters that screen the Seth Rogen and James Franco comedy.
“We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.
Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
The world will be full of fear.
Remember the 11th of September 2001.
We recommend you to keep yourself distant from the places at that time.
(If your house is nearby, you’d better leave.)
Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
All the world will denounce the SONY.”
In addition to the terroristic threat, the hackers released the content of files called “Michael Lynton” (CEO of Sony Pictures Entertainment) which included embarrassing emails and sensitive personal data. The tactics used by the hackers worked to caused the nations three largest movie chains to cancel showings of “The Interview” with an unknown release date.
Sony has no current plans to release the film either to theaters or direct to video.
The Secrets that Identity Thieves Don't Want You To Know