Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Consumer Reports Warns Email Theft Increases Identity Theft


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Consumer Reports is warning to consumers that use of email addresses as a user ID increases your risk of identity theft.  The report cites the theft of millions of Yahoo users who had their email addresses stolen recently. Yahoo identified the attack on user email accounts and immediately acted to protect users by prompting holders to reset their passwords, according to a blog post by the corporation.

While there is no evidence that data was breached from Yahoo’s computer network, according to Bloomberg Businessweek, there is evidence that user names and passwords may have been taken from a third-party database. Consumer Reports warning is to users who often use their email address as their user ID because it can increase the chance of hackers getting into any other accounts you have associated with that email/user ID.

Identity thieves call the maneuver multipurposing. They steal personal data from one account and use it to break into other accounts. The theft of an email address can also lead to phishing scams, malicious software being placed on users’ computers, and malicious and fraudulent links being sent to everyone on a users contact list.

Once a criminal has access to email and passwords he can use it to break into a users bank accounts, online accounts, and use the information gathered to steal a users identity.

Consumer Reports gives an example, “Once the criminal has your e-mail address, he tries to sign into accounts at some large banks or major shopping sites, claiming he forgot his password. Some institutions will e-mail a “password reset” link or, worse, the password itself, to your address.”

Consumer Reports goes on to explain that once the password has been reset to the criminals password he will have full use of banking or shopping accounts that were broken into. The best way users can protect themselves is to consistently change their passwords and never use the same user ID as their email.

Datapalooza , Tax Returns and Identity Theft


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Protecting personal information is important. It is extremely important in the online world. Identity theft is a real problem. Thieves who steal information often gather it easily from unsuspecting victims who willingly give out personal information to the wrong person or those who give out the information unwillingly but didn’t have their information protected.

Identity theft might become an even bigger problem with the announcements that were made at the White House’s “Datapalooza” event. “Datapalooza” is an ambitious new agenda that has been outlined by President Obama to combat rising college costs and to make college more affordable for American families.  It was a meeting of policy leaders and innovators exploring how open government data could help the education system in the United States. Part of the plan includes using technology for tools, services, and apps to help students evaluate and select colleges.

Apps will be used to help students access information about colleges including statistical data, program data, and form data (i.e. FAFSA).  Third party apps are also being considered for integration into the U.S. Department of Education’s financial aid toolkits. These applications should be viewed skeptically by students.  If the apps do not have the proper protections and encryptions against hack attacks then hackers might have “datapalooza” with student’s personal information.  Identity theft is a real concern with the potential data that would need to be stored online to use the governments’ apps.

The White House announced at “Datapalooza” that Americans will now be able to download their tax returns directly from the IRS’ new service Get Transcript.  Tax information is not easily accessible and for good reason. Tax papers have very personal information on them including names, birthdates, social security numbers, and wage information.  To obtain tax information before one would have to fill out a questionnaire, send it back and wait 5-10 business days for physical forms to arrive. Get Transcript makes it much easier for people to download their tax information instead of waiting to get the physical forms. But it also means that much more personal information is at risk of being stolen.

Legitimate debt collector or fraudulent data colletor?


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Data collection scams and debt collection scams have risen dramatically in the last few years.  Mal-ware at point of sale terminals has been used to steal customer data. Emails that phish for information have been used to steal consumer information and fake debt collectors who threaten victims with lawsuits and arrests have used information gained to exploit consumers.

“Unscrupulous scams hurt consumers and unnecessarily impedes legitimate debt collection efforts,” said ACA International CEO Pat Morris. “The recovery of consumer debt is vitally important to our local, state, and national economies. Those who purposely violate the law to exploit consumers should be held fully accountable for their actions.”

Consumers need to protect personal data and they need to know the difference between a legitimate debt collector and a fake scam being conducted to steal personal information.

ACA International recommends several important items in discerning a legitimate attempt to recover a debt. The first item is that a debt collector may not contact a consumer at times known to be inconvenient. Generally, a legitimate debt collector may not contact a consumer before 8 a.m. or after 9 p.m. in the consumers’ time zone.

Another item is that a debt collector must disclose its identity to the consumer and notify the consumer that the communication is from a debt collector, and (in the initial communication) that any information obtained will be used to effect collection of the debt. Debt collectors are not allowed to make false representations and may not threaten to take action against a consumer if it doesn’t actually intend to seek such action. Consumers also need to be aware that they can dispute the validity of the debt and during the time the debt is being dispute the debt collector must cease collection activity until verification of the debt has been provided. More guidelines can be found at ACA International.

Consumers can protect their personal data by checking credit and debit cards vigilantly and reporting any charges that appear questionable, even small amounts. Consumers can also monitor their credit profiles along with their card activity and consumers need to keep in mind that phishing scams for information don’t just happen via email and the phone. Phishing scams can come through snail mail also.  Shred paper with personal information before throwing it away, make online passwords stronger by using a mix of capital and lowercase letters, symbols and numbers, and take great care when giving out credit or debit card numbers, Social Security numbers or other personal information online and offline.

As Target breach grows, retailer embraces security options


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Target’s data breach over the holiday season turned out to span far wider than the original numbers estimated.  The major retailer said the breach that happened between Nov. 27 and Dec. 15, 2013 compromised the financial information of approximately 40 million shoppers shortly after the breach occurred. Recently, the company informed consumers that it had uncovered an additional 70 million to 110 million customers who may have had their names, mailing addresses, phone numbers and email addresses stolen.

The data stolen from Target was originally thought to come from the terminals where customers swipe credit and debit cards. The retailer said originally that the only information affected was the information stored in the magnetic strips on the back of customers’ cards. The retailer learned shortly after that customers’ encrypted PIN data had also been obtained. The latest revelation by Target is raising more concerns because personal information isn’t stored on the magnetic strips on credit and debit cards.

Target’s data breach has severely impacted the company and will continue to as long as more information about the breach becomes known. The retailer has apologizes to customers for the broadening violations of customers’ private information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement to the New York Times.

Target is now offering free credit monitoring and identity theft protection to customer’s for one-year free.  The one-year offer includes a credit report, daily credit monitoring, identity theft resolution, identity theft insurance and ProtectMyID ExtendCARE, personalized assistance from a highly-trained Fraud Resolution Agent after the one-year period expires.

Target has listed tips for customers who wish to protect their information:

“Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number. Delete texts immediately from numbers or names you don’t recognize. Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.”

A FAQ page has been set up on Target’s website to deal with information regarding the data breach and information related to other scams.

Snapchat Suffers Major Security Breach Plans to Make App More Secure


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Snapchat suffered a major security breach on New Year’s Eve when a reported 4 million usernames and passwords were collected by hackers.  Snapchat had been warned twice by security experts about a vulnerability in its system, according to Yahoo News.

Snapchat is a private company that has marketed itself on being a more secure alternative that Facebook and Instagram. It lets users send photo and video messages that disappear once viewed.  According to the New York Times, users of the self-destruct message service were sending 350 million photos a day in September –increased from 200 million in June.

Related content:  Are Instagram and Snapchat safe for Kids?

Security researchers were not convinced that the app actually deleted information.  The hackers who stole the usernames and passwords from Snapchat were actually security researchers with Gibson security who were able to hack into Snapchat’s servers and find the data that had been stored in a database similar to other big internet companies.

The security researchers posted the hacked information onto a website called SnapchatDB.info after privately warning Snapchat about the weakness in its system.  The researchers then posted a warning about the security hole online on Christmas Eve after the notice was ignored. Snapchat did patch the hole in the system but it didn’t do enough.  The data was not encrypted nor were there any basic security measures in place to prevent hacking.

The usernames and passwords put online in the data dump on New Year’s Eve had the last two digits of phone numbers removed. Snapchatdb.info has since been suspended for the data dump, but not before word spread of the breach.

The breach severely tarnishes Snapchat’s reputation and image. It could threaten the company’s rapid growth.

Gibson Security says users can delete their Snapchat accounts and ask their phone company to change their phone number in order to protect their information. Although, they warn that deleting the account won’t remove information from the leaked database information.

“Ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up –if you don’t think a service requires your phone number, don’t give it to them,” Gibson told the Associated Press.

Snapchat is trying to reassure users’ that is has adopted security measures that would prevent spam and abuse. They also claim they are working to prevent “future attempts to abuse our service.”

White House Not Inclined to Place Restraints on NSA Activities


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

The National Security Agency isn’t going away any time soon and the White House isn’t planning on placing new restraints on the agency. According to the Washington Post, “the Obama administration has decided to preserve a controversial arrangement under which a single military official is permitted to direct both the National Security Agency and the military’s cyberwarfare command despite an external review panel’s recommendation against doing so.”

A group of top U.S. intelligence officials got together and decided that the two divisions (NSA and Cyber Command) should be placed under separate leadership. The argument for the division is that it would ensure greater accountability and prevent investing too much power in one individual.  The two divisions also have different missions. The NSA mission is spying and the Cyber Command’s mission is to conduct military attacks.  Both divisions work closely together since the Cyber Command depends on the NSA’s ability to hack into the computer systems of enemies for intelligence and to conduct potential operations.

According to the Washington Post, an email from Caitlin Hayden, White House spokeswoman, said, “Following a thorough interagency review, the administration has decided that keeping the positions of NSA Director and Cyber Command commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies’ missions.”

There have been over 40 recommendations made by the intelligence panel. Currently, the White House appears not to want to add constraints onto the surveillance agency.  The NSA is working toward making changes within the organization to combat any leaks that could be comparable to the leak committed by Edward Snowden.

The leak committed by Snowden informed the public that the NSA was conducting surveillance and collecting virtually all phone calls of Americas through a metadata collection process. NSA still claims that their collection of billions of phone records was for counterterrorism purposes and that the content of the calls is unknown, the agency purportedly only collects where the calls were made and how long they lasted.

What do you think?  Is this collection of data necessary? Doesn’t it put us at an even greater risk?

Tips for keeping your teens and tweens safe online


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

I recently had the chance to talk to the experts at ZoneAlarm about  Facebook’s latest privacy changes – where teens can publicly share their photos and updates as well as be found by the general public.  What does this mean for a teen’s online security?  What are some concerns parents should have or be made aware of?  It’s no secret that from cyberbullies to online stalkers and predators, teens face an increasing range of online threats. What can parents do to help their teens protect themselves online? Their experts offered up this infographic as well as some helpful statistics and tips for keeping our kids safe.

Did you know that?

  • 23 percent say they have been victims of cyberbullying.
  • 62 percent of teenagers have witnessed taunting and other cruel behavior online.

Control who sees timeline posts. Under privacy settings, you can select: “Who can see my posts?” Then, by changing it from “Public” to “Friends” or “Close Friends”, all future posts that your teen creates will just be seen by the audience that she specifies. She can also change the “Limit who sees old posts” setting from “Public” to “Friends of Friends” or “Friends.”

Watch out for apps. Continue reading Tips for keeping your teens and tweens safe online

Credit Card Processors Stealing from Business Clients


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

credit card scamsConsumers already worry about businesses storing and possibly stealing financial information. Now consumers have to worry about the credit card processors stealing the information from businesses. Recently, several proprietors of a credit card processing company  have been indicted on several charges in Phoenix, Arizona.

The various charges include money laundering, wire fraud charges, and changing contract terms among other charges. Sean Clinton Mecham, 36, Ashley Brisbin Mecham, 27, Jonathon L. Cannon, 31, and Jake Brisbin, 26, were all indicted by a federal grand jury.

According to court documents, the accused were executives and employees at Icon Payment Solutions, Axiom Merchant Services and Oracle Payment Services. These companies are all the same company just under different names and they processed credit card payments for retailers.  Prosecutors allege that the quartet were misleading customers, forging the signatures of business owners and deposited $2.9 million of the ill-gotten gains into personal accounts. The money was then used to buy a luxury boat, Maserati cars and off-road trucks for racing.

There were multiple complaints against the quartet and the companies that they owned to the Better Business Bureau.  The accused Continue reading Credit Card Processors Stealing from Business Clients

5 Credit Card Safety Tips for Travel during the Holidays


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

credit card scamsTraveling during the holidays should be fun. It shouldn’t be filled with worry and stress. Using a credit card instead of cash or a debit card can make travel during the holidays less stressful and less risky. Use these five tips to keep from becoming a victim of credit card fraud.

Pick One Card

Pick one credit card to take with you. Make sure you have a copy of it, but store this copy in a safe place. Carrying multiple cards can lead to the loss of one or more of them.  When you pack for traveling remember to remove all other cards and store them in a secure location.  If your wallet or purse get stolen while you are traveling it is much easier to deal with one stolen card instead of six.

Separate Your Credit Card from Purse or Wallet

Don’t keep your credit card in your purse or wallet. Purses and wallets, particularly  Continue reading 5 Credit Card Safety Tips for Travel during the Holidays

Personal files containing financial data mistakenly sold at Goodwill stores


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

As the holiday approaches I begin to clean out my house.  I do this for several reasons.  First, I know that with the holidays there is going be some presents underneath the tree that are going to need so space to be stored in when they are not being played with.  I also know that especially during the winter months and holiday season charitable organizations are in big demand and can use all the help they can get in the form of monetary as well as physical donations to help meet the needs of the hundreds that call upon them.  Last but not least, I don’t like anything to go to waste and the coat my daughter wore four times (it doesn’t get really cold here in Houston) and has now outgrown doesn’t belong in the trash, but it does belong on another little girl who could use one.  But with all this peace on Earth and good will towards man, it’s important to pay attention to what’s going out the door and into the hands of others.

We have talked before about the importance of clearing your electronics like cell phones and computers of information, personal data and stored information and images.  But what I never imagined I would find is that important papers could be lost and then found again, but quite possibly the wrong person as many of us clean out closets and make donations.

NBC News recently reported about a purchase made at an Indiana Goodwill Outlet Store.  Edith Watson purchased a box during a bulk sale not knowing what it contained, but they were selling it for pennies per pound.  Hoping to find something good, she realized after she got home that if she was an identity thief she definitely would have “struck it rich” as the entire box contained document after document of financial information, social security numbers, credit card bills, medical records and more. After reporting it to her local televisions station a look at other Goodwill locations occurred, finding that this was not a singular incident.

Yahoo News reports:

Goodwill’s Marketing Vice President Cindy Graham admitted their mistake and told WTHR, “We do take this very seriously…They don’t want us to have it and we don’t really want to have it either.” Policy changes are on the way after the charity completes their internal investigation. Cindy Graham said, “We’re going to take a look and see how we can prevent that from happening. Our process would have been and should have been and will be, ‘Let’s shred this.’” She also adds that Goodwill encourages all donors to be cognizant of what they are donating so that sensitive documents do not mistakenly end up at their retail stores.

How did this happen?  Several different ways including cleaning out the home of a deceased family member and the cleaning service not properly disposing of or passing the information on to the family. In another case boxes marked for storage were sent to Goodwill instead of storage.  Apparently theses boxes were never inspected by Goodwill, simply placed in the outlet stores.

Graham told the Indy Star, “We’re looking at every one of our processes,” she said, “and seeing what needs to be done differently so that there isn’t a gap and that material that was donated doesn’t get into the wrong hands.”

I think it’s happened to everyone. You are cleaning out drawers and dressers, closets and desks and make stacks of to go, to stay to donate.  I know in our home one of my daughter’s beloved characters for her homemade videos were accidentally donated.  Not exactly on the same level as letting my personal documents out of my hands, but it’s just a small example of how anyone can make a mistake.

So, keep in mind this holiday season as you show goodwill toward men to double check your boxes, computers, cell phones and other items for anything personal.  It’s one thing to be charitable, it’s another thing to have your whole identity stolen.

The Secrets that Identity Thieves Don't Want You To Know


Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524

Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /home/secretidentity/public_html/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524