One of the first pieces of business this year should be to put a few strategies in place to protect whats left of your assets and personal privacy. Unfortunately, the fraudsters are still in the game stronger than ever before, due to the relatively risk-free nature of modern financial crime.

The reality is that most financial crimes are under-reported and left unsolved due to a scarcity of investigative resources and the endless supply of fresh target information available to most criminals.

Here are three areas to watch in 2011 according to Bank Info Security:

1. Mobile Banking Risks

“Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile. Mobile banking applications from Bank of America, Chase, Wells Fargo and TD Ameritrade have all suffered from security flaws, and CitiGroup in 2009 noted vulnerabilities when it learned some banking apps stored sensitive user details in hidden files on smart phones.”

2. Social Networks and Web 2.0

“The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking, says Rasmussen, Internet Identity’s chief technology officer. “With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information,” including banking login credentials and Social Security numbers, he says.”

3. Malware, Botnets and DDoS Attacks

“Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters, says RSA’s Rivner. Botnet operators now see opportunity for additional income.”

Smart phones, social networking and sustained attacks on closed systems, leave plenty of room for mischief in the coming year. Stay tuned for ways to short-circuit these uninvited cyber-guests in 2011 and beyond.

You can’t help but wonder, if the U.S. Defense Department can be hacked and attacked from the inside-out,  just how safe is the personal data belonging to the average U.S. citizen?

Here are 10 tips from the Better Business Bureau to help keep you safe online not just during the holidays, but all year long.

The BBB offers this advice:

1. Protect your computer – A computer should always have the most recent updates installed for spam filters, anti-virus and anti-spyware software and a secure firewall.

2. Shop on trustworthy websites – Shoppers should start with BBB to check on the seller’s reputation and record for customer satisfaction. Always look for the BBB seal and other widely-recognized “trustmarks” on retailer websites and click on the seals to confirm that they are valid.

3. Protect your personal information – BBB recommends taking the time to read the site’s privacy policy and understand what personal information is being requested and how it will be used. If there isn’t one posted, it should be taken as a red flag that personal information may be sold to others without permission.

4. Beware of deals that sound too good to be true – Offers on websites and in unsolicited e-mails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a “deal” that might cost them dearly in the end.

5. Beware of phishing – Legitimate businesses do not send e-mails claiming problems with an order or an account to lure the “buyer” into revealing financial information. If a consumer receives such an e-mail, BBB recommends picking up the phone and calling the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction.

6. Confirm your online purchase is secure – Shoppers should always look in the address box for the “s” in https:// and in the lower-right corner for the “lock” symbol before paying. If there are any doubts about a site, BBB recommends right-clicking anywhere on the page and select “Properties.” This will let you see the real URL (website address) and the dialog box will reveal if the site is not encrypted.

7. Pay with a credit card – It’s best to use a credit card, because under federal law, the shopper can dispute the charges if he or she doesn’t receive the item. Shoppers also have dispute rights if there are unauthorized charges on their credit card, and many card issuers have “zero liability” policies under which the card holder pays nothing if someone steals the credit card number and uses it. Never wire money and only shop locally on sites like Craigslist.

8. Keep documentation of your order – After completing the online order process, there may be a final confirmation page or the shopper might receive confirmation by e-mail – BBB recommends saving a copy of the Web page and any e-mails for future reference and as a record of the purchase.

9. Check your credit card statements often – Don’t wait for paper statements; BBB recommends consumers check their credit card statements for suspicious activity by either calling credit card companies or by checking statements online regularly.

10. Know your rights – Federal law requires that orders made by mail, phone or online be shipped by the date promised or, if no delivery time was stated, within 30 days. If the goods aren’t shipped on time, the shopper can cancel and demand a refund. There is no general three-day cancellation right, but consumers do have the right to reject merchandise if it’s defective or was misrepresented. Otherwise, it’s the company’s policies that determine if the shopper can cancel the purchase and receive a refund or credit.

From our family at Penn and Associates to yours,  enjoy this Christmas holiday season. Expect bigger things from this blog in 2011 !

According to a Congressional committee, attacks on the Department of Defense computer systems jumped 60 percent in 2009.

Russia, China and North Korea have all launched sustained attacks on U.S. government agencies including the Federal Trade Commission and the Department of the Treasury.

Analysts believe that security standards like the ones created by the National Institute of Standards and Technology (NIST), should be implemented immediately. According to the experts, NIST could get us 90 percent closer to where we need to be.

In Congressional testimony earlier this year, former National Intelligence Director Mike McConnell said that we could be on the brink of an all-out cyberwar. McConnell’s view has been repudiated by the current Secretary of Defense Robert Gates.

If  Moore’s law is true,  (every 24 months a dollar buys twice the amount of computing power that it did before) our enemies may be able to buy, beg, borrow or hack twice as much of our data as  they can today for the same effort.

Computer scientist Daniel Geer Jr. aptly reveals what is at stake:

” We have spent centuries learning about securing the physical world, plus a few years learning about securing the digital world. What we know to be common to both is this: That which cannot be tolerated must be prevented.”

America’s most valued, electronically stored data is being targeted. Government agencies, private think tanks and university data warehouses are all vulnerable. The enemy operates from a distance with virtually no risk of personal danger.

What defense mechanisms can we construct to prevent our data from being stolen at the speed of light?

On the other hand, non- geeks simply want a worry-free, hacker-free Internet experience and we generally don’t care about the details of the international day to day battle of tech wits.

However, some tech experts on the front lines are alarmed these days. They have known about the foreign threat for years, but they have come to realize something that is both disturbing and revealing about our own willingness to fight back.

Elan Winkler over at McAfee surveyed 200 critical infrastructure IT professionals and discovered an eye opening attitude. These industry insiders blame cost and complacency for our predicament. Winkler states:

“So, if the people in the know, knew, how come we’re still vulnerable? I asked them that question as well. The number one answer: cost. Number two: complacency. No real surprises there; those are the same answers that we used to get from IT departments 15 years ago on why they didn’t have defense in depth technologies set up to protect servers and databases.”

The survey respondents also provided the following comments:

• “There hasn’t been a real incident so no one takes it seriously.”
• “Lack of knowledge and understanding.”
• “Inability of decision makers to commit to security upgrades.”
• “No one wants to pay for security.”
• “False sense of security.”
• “Security competes with other priorities for resources.”
• “We, as Americans, believe we are invulnerable to this kind of attack.”

In neighborhoods across our great country,  most power outages are often simply a result of the forces of  Mother Nature. For example, a nasty December storm blew through our neighborhood just last night leaving about 700 homes in the dark, well into the night.

Imagine what could happen if our own complacency and budget constraints were to put the entire nation at risk.

Government’s job is to protect citizens from both foreign and domestic threats.  Our job is to support them in any way we can.

This pervasive, lazy attitude held by many inside the IT community, renders the term”computer geek” more laughable than it already is.

MSNBC and the Associated Press reported:

“…Iran producing a nuclear weapon and a cyber attack on critical government or private computer networks top the list of concerns nagging at National Intelligence Director Michael McConnell as he prepares to leave office.”

There are many well intentioned observers who seem to think that cyber-crime in general is on the decline inside the United States. Although there is statistically no need for mass panic, it is foolish to assume that our computer infrastructure isn’t the greatest information target in the world. As a practical matter, I think we are all better off with “someone on the gate” to guard our repositories of personal, commercial,  educational, financial and military data.

The truth is that many potentially damaging breaches go undetected and are often intentionally unreported. Back in 2005, the Department of Homeland Security constructed a worst-case-scenario type cyber-attack and concluded that over 20 million credit cards might be affected over a period as short as just one week. The Department concluded that an event like this could undermine faith in the entire U.S. financial system.

We all pray that President Obama’s team remains watchful and vigilant on the cyber-front during these desperate times. The Obama Administration has already declared our nation’s cyber-infrastructure a “strategic asset” and has pledged to protect “America’s competitive advantage”.

Great start Mr. President.

Today was unlike most days when I open my email, yawn and shrug my shoulders. This evening, my KEEN eye caught three names of email senders that I didn’t recognize. That generally means “junk or spam email, but today was different due to the sheer volume and ridiculously (laughable) transparency of these scammers.

These emails were online scams, so phony looking that anyone with “half-a-brain” could spot them a mile away. Three in one day! I had to look in a mirror to make sure the word “sucka” wasn’t pinned to my back.

Not only did the senders promise OUTRAGEOUS sums of money for my help, the spelllinngg was so bad that I actually laughed out loud.

Phishing scams come in many varieties including lottery scams, bill collector scams, fraud investigation scams, employment application scams, overseas bank transfer scams, credit card or banking verification scams and many  others.

According to the Yahoo Security Center:

“If you receive an email (or instant message) from someone you don’t know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don’t be fooled by a site that looks real. It’s easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.”

Unfortunately, the current economic downturn is expected to cause a dramatic increase in the number and frequency of these fraudulent attempts to separate the uninformed from their personal data.

The good news is that these crimes are getting harder and harder to pull off, due to greater consumer awareness and more advanced spam filtering technologies.

Despite the almost comical transparency of the three scams that entered my email box today, the potential for harm and the growing frequency of these annoying ploys is really no laughing matter.

Real Estate: Homeowners who are behind on payments or seeking refinancing sources can easily fall prey to unscrupulous thieves who are more than willing to “take your information and see what we can do”. Bogus land grants and home equity scams will be commonplace. The recommendation is that homeowners speak directly with well known and established banking and mortgage companies in order to avoid the potential pitfalls of unknown solution providers.

Credit Cards: Many consumers may unknowingly turn to thieves in order to get access to credit cards, debit cards and debt consolidation loans. It is easy to imagine handing over private information to seemingly legitimate companies. Like the mortgage industry, the credit card world has been turned on it’s head in the current economic climate. Look before you “leap” into a deal that may be too good to be true.

Check Fraud: Due to the lack of easy credit, many thieves will turn to check fraud as a way to accomplish their crimes. Needless to say, safeguard your checkbook, deposit slips and banking statements as a first line of defense. Many financial advisers are steering clients away from using paper checks at all. If you must write paper checks, be sure to use an anti-check-washing gel pen and keep a close eye out for any irregularities on your statement.

Organized Crime and Cyber-Thieves- Rings of professional thieves from all over the world have helped make identity theft the fastest growing crime in the United States. Security experts agree that these attacks will become more brazen as time goes by. According to the Wall Street Journal, the U.S. Department of Homeland Security has been reviewing “worst case scenarios” for possible attacks against U.S. government, industrial and financial institutions.

Consumer Scams: Common and rampant scams with nicknames such as skimming, phishing, vishing, pharming and whaling will continue in 2009. This is largely due to the weak condition of the U.S. economy, the vulnerability of average consumer and law enforcement’s scarcity of resources to deal with the sheer volume of complaints.

Breaches: Corporate, educational and government security breaches continue to grow every year. According to the ITRC, there were 641 breaches in 2008, surpassing the total of 446 in 2007. Due to the portability of data, the easy theft of laptops, the cunning deception of “inside scam artists” and the desperation of global perpetrators, this number will continue to increase. At the very least, have your own laptop or PDA/smart-phone set up with encryption and password protection software.

Remaining diligent, alert and informed about the latest scams and threats is your best defense against being victimized in 2009. Stay tuned.

If you haven’t seen reports of  the latest Identity Theft attacks plaguing our country, you haven’t been reading much news lately. Where have you been?

Even the U.S. Air Force has waged an ad campaign designed to capture the imagination of a new crop of tech savvy young recruits to help fight the current “cyber-war”. This war is not imagined or “virtual”, it is very real indeed.  

The battle is raging on many fronts. In addition to the constant daily threat from foreign governments, bored adolescent hackers and low level organized criminals, there is a new enemy emerging.

Symantec Corporation is losing sleep due to concerns about the next virulent strain of Trojan horse programs.  According to the April 2008 issue of PC Magazine, the Trojan.Silentbanker program can perform “man in the middle” attacks between users and more than 400 banks.

This Trojan monitors usage patterns on the web, while looking for bank data that it can manipulate. This program can actually re-route the account destination of banking customer transfers. Apparently, the Trojan.Silentbanker can even overcome the “safeguard” of two -factor authentication.

The article correctly distinguishes between a single bank target like those that are cloned by realistic looking “phishing” sites and the multiple bank sites susceptible to this Trojan program.

Symantec’s well known suite of anti-virus and personal firewall products are designed to protect from these threats. If you are not in the habit of updating yours, you are headed for a hard fall someday. PC Magazine also reminds never to run executables we get from strangers.

Thank goodness for warriors like our Air Force and Symantec who “sit on the wall” for us and fight evil at every turn, keeping us from losing more than just our shirts.