Category Archives: Identity Theft Prevention

When a purchase order email is not what it seems

Image By: Ian Lamont
Image By: Ian Lamont

Today’s award for the least convincing spam message goes to the “purchase order” I received. The funny thing is I don’t sell anything so I’m not sure how it could possibly pertain to me. It just goes to show they grab, harvest or purchase email addresses and then send them out in bulk, sort of like fishing with a bucket of bait. With that much bait you are sure to catch something.

If you receive something like this one, which also has a “zip” file to download my suggestion is to send it to spam and keep going. What are the keys to knowing this isn’t a real purchase interest?

  1. It was in my spam folder – which I do check regularly since sometimes items are mistakenly marked as spam.
  2. The problems with grammar and punctuation.
  3. The fact that I don’t sell any items.
  4. And, that it’s “near” somewhere in Egypt.
  5. That it has a zip file. Beware of downloadable files, links, and images, especially those that come from those you don’t know.

Sample Email below

A dead giveaway is when my spam filler has this in the RE:

****SPAM**** HIGH * Purchase order-
Dear Sir

We are interested to Purchase your product, i got your contact information

from two of our customers.

Please contact us with the following below:-

– Your minimum order quantity.

– Your FOB Prices and FOB Port.

– Your estimated delivery time.

Please fine attached company details and requirements below to preview the samples/specifications needed.

Best Regard
—————————————————————————————————————–
GMCC LTD  IMPORT & EXPORT
Address deleted
Sheraton Bldgs. Heliopolis,Cairo
Landmark:Near To Radisson Blu Cairo Egypt

Personal Data: Who Has Your Back?

By: byron alcantara

The Electronic Frontier Foundation has published its fourth annual “Who Has Your Back?” report. You might be surprised about which companies have your back and which companies don’t. The report looks at the policies and practices of various technology companies and gives companies stars for certain items that address security concerns of consumers.  Stars are given out if companies “require a warrant for content,” “tell users about government data requests,” “fight for users’ privacy rights in courts,” etc. A maximum of six stars can be obtained by each company.

Some of the top technology companies received gold stars across the board for protecting your data. Google, Apple, and Twitter all have your back and will fight for your privacy rights both in the courts and in Congress.  EFF was pleased to find out that many companies, rocked by high-profile disclosures of the National Surveillance Agency (NSA) spying on online accounts, responded by increasing their commitment to transparency and pushed back against mass surveillance.

The companies with the lowest amount of stars included Snapchat, Amazon, and AT&T. Snapchat was ranked least likely to have your back protecting your personal data. It does not require a warrant for content, does not promise to tell users if their data is sought by the government, and does not publicly oppose mass surveillance.

Amazon.com received credit for requiring a warrant for content. According to the EFF report, Amazon receives credit because of testimony from its Vice President for Global Public Policy, Paul Misener, before the House Judiciary Committee in 2010: “With respect to the content of electronic communications, we believe that ECPA requires law enforcement authorities to obtain a search warrant to compel disclosure. We do not release information without valid process and have not disclosed content without a search warrant.”

Although, Amazon.com’s stance is to obtain a warrant it does not promise users that it will tell them if the government demands data. The company has also never published a transparency report showing government requests for data, does not publish its guidelines for law enforcement seeking access to data, and it has not publicly opposed mass surveillance through a written statement.

Some companies have shown improvement over the past four years including Verizon (earned 4 stars), Microsoft (earned 6 stars), and Tumblr (earned 5 stars). Protecting personal data is extremely important to consumers and it is apparent that it is increasingly important to companies.

Skype Safety Tips for Kids and Parents

By: jayneandd

The internet is a dangerous place especially for kids who are not tech savvy enough to realize a potential threat lurking on the web. Skype is a free video chat and instant messaging service widely used for family and friends to keep in touch with each other. Parents and kids often use the service as it was intended, but sometimes kids and parents get a rude shock.

Skype users have been affected by such items as a video of a naked person, inappropriately touching themselves, tasteless messages sent to young unsuspecting individuals, and compromised personal information. Online safety is a priority to keep both children and parents out of harm’s way.

Skype Safety Tip #1

Always monitor your child while they are using Skype. Know who your child is chatting with and make sure nothing inappropriate is happening in the chat room. One of the best ways to do this is to make sure that the computer or tablet being used is in a common room of the home.

Skype Safety Tip #2

Make sure personal information is kept private by updating privacy settings. First, make sure to use a long, unique password that uses a combination of numbers, letters and characters to prevent the account from being hacked. Next, update privacy settings on Skype to limit communications and protect your private information. Teach kids not to put personal information in a Skype profile because some of it could be made public.

Skype Safety Tip #3

Teach kids about “stranger danger” and what to do if they are approached out in the real world and what do to if they are approached online by a stranger.  Teach children to tell a trusted adult immediately if they are approached by a stranger on Skype or any other internet chat service.

Skype Safety Tip #4

Protect your computer by making sure an antivirus or anti-malware program is installed. Skype users can be subject to viruses and malware that can cause computers to run slowly, corrupt data, and cause vulnerabilities.

Skype Safety Tip #5

Report any incidents to local authorities.  Take a screen shot of the chat and save everything of importance to give to police.  This includes the username of the other party, the time and date of the conversation, and any other pertinent details about the conversation.  The incident will be investigated.

 

Medical Records are New Target for Cybercriminals

 medical records

Cybercriminals don’t have any scruples when it comes to gathering personal data. They have been known to steal credit card information as well as personal identification such as a social security number.  Now we can add medical identity theft to the list of things that cybercriminals are eager to steal from unsuspecting victims.

Redspin, a cybersecurity company, reports that approximately 30 million Americans have had their personal health information breached or disclosed since 2009. Redspin’s report also claims that 4 million records were breached in the single largest incident.

Health data is becoming increasingly vulnerable to cyber thieves because of the migration of information to mobile devices. Medical professionals use laptops, tablets and other mobile devices to access personal medical data which puts the data at risk if it isn’t encrypted properly or secured properly.

“This should be a clarion call to the healthcare industry,” reports Respin. “The trajectory is predictable yet preventable. With PHI data on more portable devices used by more “under-educated” employees, it is a virtual certainty that there will be more breaches. Mitigating that risk must become a higher priority throughout the entire industry.”

Cybercriminals who hack medical information are looking to steal everything from prescription information to Social Security numbers and credit card information. Medical billing records contain almost all of this information in one place.

Medical data is sought after for numerous reasons by thieves. Last year, CNBC ran a report about medical identity theft targeting victims in order to receive medical services, devices or prescription drugs.  It could take years before the theft of information is noticed.

Robert Gregg, chief executive of ID Experts, a cyber security firm, compared the value of different types of identity thefts for CNBC. He said, “A financial identity can be worth $5 to $10 if you have all the info. A medical identity can be five to 10 times that amount just because how easy it is to monetize that information once the bad guys get it.”

Signs that your medical information may have been breached:

-Unexpected medical bills for services not performed.

-Notice of health plan benefits saying benefit limit has been reached.

-Medical records show a condition you don’t have.

Review your medical history, report anything out of the ordinary, and never share medical information or personal identification information.

Stolen Identity Refund Fraud: Who, What and Why

Stolen Identity Refund Fraud (SIRF) is a category that falls under identity theft. It involves the theft of the “tax” identity of the victim. As the tax filing season descends upon us we need to be aware of the very real threats of having an identity stolen.

Victims of stolen identity refund fraud have had their lives ruined. The criminal steals the “tax” identity of an individual for the purpose of filing a tax return. The criminal will obtain information about the victim and use it to obtain his or her social security number. The thief will then submit a false tax return in the name of the victim claiming a tax return. Forbes report claims that “unfortunately, in many instances the refunds are issued.”

The victims are left to discover the fraud when they go to file their tax returns. The IRS refuses to send out a refund because a return was already filed under the name of the individual.  The burden of proof rests on the individual to prove that their identity was actually stolen and that they did not file a return in the first place. It can be a very lengthy process for an individual to get straightened out with the IRS and it can be an even lengthier amount of time for any resolution to happen.

Sadly, stolen identity refund fraud victims are the elderly and individuals who are not required to file tax returns. Criminals who steal this information often get away with it for a long time before being caught. Often the victim finds out when they apply for state or federal benefits and cannot receive them due to information found on the fraudulent returns.

The IRS and the Justice Department have begun cracking down on identity theft and have been active in fighting identity fraud. The IRS makes it clear that the agency is devoted to preventing identity fraud. The website has information on how to report suspected identity theft and the precautionary measures that people can so they don’t become a victim.

Consumer Reports Warns Email Theft Increases Identity Theft

Consumer Reports is warning to consumers that use of email addresses as a user ID increases your risk of identity theft.  The report cites the theft of millions of Yahoo users who had their email addresses stolen recently. Yahoo identified the attack on user email accounts and immediately acted to protect users by prompting holders to reset their passwords, according to a blog post by the corporation.

While there is no evidence that data was breached from Yahoo’s computer network, according to Bloomberg Businessweek, there is evidence that user names and passwords may have been taken from a third-party database. Consumer Reports warning is to users who often use their email address as their user ID because it can increase the chance of hackers getting into any other accounts you have associated with that email/user ID.

Identity thieves call the maneuver multipurposing. They steal personal data from one account and use it to break into other accounts. The theft of an email address can also lead to phishing scams, malicious software being placed on users’ computers, and malicious and fraudulent links being sent to everyone on a users contact list.

Once a criminal has access to email and passwords he can use it to break into a users bank accounts, online accounts, and use the information gathered to steal a users identity.

Consumer Reports gives an example, “Once the criminal has your e-mail address, he tries to sign into accounts at some large banks or major shopping sites, claiming he forgot his password. Some institutions will e-mail a “password reset” link or, worse, the password itself, to your address.”

Consumer Reports goes on to explain that once the password has been reset to the criminals password he will have full use of banking or shopping accounts that were broken into. The best way users can protect themselves is to consistently change their passwords and never use the same user ID as their email.

Datapalooza , Tax Returns and Identity Theft

Protecting personal information is important. It is extremely important in the online world. Identity theft is a real problem. Thieves who steal information often gather it easily from unsuspecting victims who willingly give out personal information to the wrong person or those who give out the information unwillingly but didn’t have their information protected.

Identity theft might become an even bigger problem with the announcements that were made at the White House’s “Datapalooza” event. “Datapalooza” is an ambitious new agenda that has been outlined by President Obama to combat rising college costs and to make college more affordable for American families.  It was a meeting of policy leaders and innovators exploring how open government data could help the education system in the United States. Part of the plan includes using technology for tools, services, and apps to help students evaluate and select colleges.

Apps will be used to help students access information about colleges including statistical data, program data, and form data (i.e. FAFSA).  Third party apps are also being considered for integration into the U.S. Department of Education’s financial aid toolkits. These applications should be viewed skeptically by students.  If the apps do not have the proper protections and encryptions against hack attacks then hackers might have “datapalooza” with student’s personal information.  Identity theft is a real concern with the potential data that would need to be stored online to use the governments’ apps.

The White House announced at “Datapalooza” that Americans will now be able to download their tax returns directly from the IRS’ new service Get Transcript.  Tax information is not easily accessible and for good reason. Tax papers have very personal information on them including names, birthdates, social security numbers, and wage information.  To obtain tax information before one would have to fill out a questionnaire, send it back and wait 5-10 business days for physical forms to arrive. Get Transcript makes it much easier for people to download their tax information instead of waiting to get the physical forms. But it also means that much more personal information is at risk of being stolen.

As Target breach grows, retailer embraces security options

Target’s data breach over the holiday season turned out to span far wider than the original numbers estimated.  The major retailer said the breach that happened between Nov. 27 and Dec. 15, 2013 compromised the financial information of approximately 40 million shoppers shortly after the breach occurred. Recently, the company informed consumers that it had uncovered an additional 70 million to 110 million customers who may have had their names, mailing addresses, phone numbers and email addresses stolen.

The data stolen from Target was originally thought to come from the terminals where customers swipe credit and debit cards. The retailer said originally that the only information affected was the information stored in the magnetic strips on the back of customers’ cards. The retailer learned shortly after that customers’ encrypted PIN data had also been obtained. The latest revelation by Target is raising more concerns because personal information isn’t stored on the magnetic strips on credit and debit cards.

Target’s data breach has severely impacted the company and will continue to as long as more information about the breach becomes known. The retailer has apologizes to customers for the broadening violations of customers’ private information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement to the New York Times.

Target is now offering free credit monitoring and identity theft protection to customer’s for one-year free.  The one-year offer includes a credit report, daily credit monitoring, identity theft resolution, identity theft insurance and ProtectMyID ExtendCARE, personalized assistance from a highly-trained Fraud Resolution Agent after the one-year period expires.

Target has listed tips for customers who wish to protect their information:

“Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number. Delete texts immediately from numbers or names you don’t recognize. Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.”

A FAQ page has been set up on Target’s website to deal with information regarding the data breach and information related to other scams.

Snapchat Suffers Major Security Breach Plans to Make App More Secure

Snapchat suffered a major security breach on New Year’s Eve when a reported 4 million usernames and passwords were collected by hackers.  Snapchat had been warned twice by security experts about a vulnerability in its system, according to Yahoo News.

Snapchat is a private company that has marketed itself on being a more secure alternative that Facebook and Instagram. It lets users send photo and video messages that disappear once viewed.  According to the New York Times, users of the self-destruct message service were sending 350 million photos a day in September –increased from 200 million in June.

Related content:  Are Instagram and Snapchat safe for Kids?

Security researchers were not convinced that the app actually deleted information.  The hackers who stole the usernames and passwords from Snapchat were actually security researchers with Gibson security who were able to hack into Snapchat’s servers and find the data that had been stored in a database similar to other big internet companies.

The security researchers posted the hacked information onto a website called SnapchatDB.info after privately warning Snapchat about the weakness in its system.  The researchers then posted a warning about the security hole online on Christmas Eve after the notice was ignored. Snapchat did patch the hole in the system but it didn’t do enough.  The data was not encrypted nor were there any basic security measures in place to prevent hacking.

The usernames and passwords put online in the data dump on New Year’s Eve had the last two digits of phone numbers removed. Snapchatdb.info has since been suspended for the data dump, but not before word spread of the breach.

The breach severely tarnishes Snapchat’s reputation and image. It could threaten the company’s rapid growth.

Gibson Security says users can delete their Snapchat accounts and ask their phone company to change their phone number in order to protect their information. Although, they warn that deleting the account won’t remove information from the leaked database information.

“Ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up –if you don’t think a service requires your phone number, don’t give it to them,” Gibson told the Associated Press.

Snapchat is trying to reassure users’ that is has adopted security measures that would prevent spam and abuse. They also claim they are working to prevent “future attempts to abuse our service.”

5 Credit Card Safety Tips for Travel during the Holidays

credit card scamsTraveling during the holidays should be fun. It shouldn’t be filled with worry and stress. Using a credit card instead of cash or a debit card can make travel during the holidays less stressful and less risky. Use these five tips to keep from becoming a victim of credit card fraud.

Pick One Card

Pick one credit card to take with you. Make sure you have a copy of it, but store this copy in a safe place. Carrying multiple cards can lead to the loss of one or more of them.  When you pack for traveling remember to remove all other cards and store them in a secure location.  If your wallet or purse get stolen while you are traveling it is much easier to deal with one stolen card instead of six.

Separate Your Credit Card from Purse or Wallet

Don’t keep your credit card in your purse or wallet. Purses and wallets, particularly  Continue reading 5 Credit Card Safety Tips for Travel during the Holidays