A Spyware Case Where Bigger Is Not Better

February 1st, 2009

The Heartland Payment Systems security breach is now considered to possibly be the biggest in history.

The massive theft which is thought to have occurred sometime in 2008, may have allowed the hackers to swipe credit card data from more than 100 million accounts. Apparently, it was spy-ware installed on the company’s internal network that grabbed the data.

PCWorld Magazine reported:

“Heartland says it didn’t discover the breach until Visa and MasterCard came knocking about suspicious activity involving card numbers processed by Heartland……

It’s all the more sad that we as consumers really can’t do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it’s handled by the plethora of companies that store and process our information.”

According to the Washington Post, Heartland President and CFO Robert Baldwin contacted the U.S. Secret Service as well as two breach forensics teams to investigate.

In terms of sheer volume, Baldwin said:

“The transactional data crossing our platform, in terms of magnitude… is about 1oo million transactions per month.”

This type of breach leaves you and I powerless to prevent it and vulnerable as a result. The stolen Heartland data is precisely what crooks need to create counterfeit credit cards.

That is why the following basics of Identity Theft Protection should be a part of YOUR financial planning.

  1. Carefully watch all your credit card statements for irregularities
  2. Be on the look out for small charges from unknown creditors and report them
  3. Consider freezing your credit files if you don’t plan to apply for new credit soon
  4. The use of a credit card leaves you LESS vulnerable than using a debit card card
  5. Grab a free credit report at least 3 times a year for FREE

CEO Baldwin was quoted as saying simply:

“….we recognize and feel badly about the inconvenience this is going to cause consumers.”

The giant credit card processor feels badly. I’ll sleep better now.

Posted in Credit card fraud, Credit industry, Data Breaches, Data security, Personal privacy | No Comments »

Looming Cyber-Threat Has Fed's Attention

January 22nd, 2009

Outgoing National Intelligence Director Michael McConnell reported last week that Cyber-threats are among his greatest concerns, second only to Iran’s continuing development of nuclear weapons.

MSNBC and the Associated Press reported:

“…Iran producing a nuclear weapon and a cyber attack on critical government or private computer networks top the list of concerns nagging at National Intelligence Director Michael McConnell as he prepares to leave office.”

There are many well intentioned observers who seem to think that cyber-crime in general is on the decline inside the United States. Although there is statistically no need for mass panic, it is foolish to assume that our computer infrastructure isn’t the greatest information target in the world. As a practical matter, I think we are all better off with “someone on the gate” to guard our repositories of personal, commercial,  educational, financial and military data.

The truth is that many potentially damaging breaches go undetected and are often intentionally unreported. Back in 2005, the Department of Homeland Security constructed a worst-case-scenario type cyber-attack and concluded that over 20 million credit cards might be affected over a period as short as just one week. The Department concluded that an event like this could undermine faith in the entire U.S. financial system.

We all pray that President Obama’s team remains watchful and vigilant on the cyber-front during these desperate times. The Obama Administration has already declared our nation’s cyber-infrastructure a “strategic asset” and has pledged to protect “America’s competitive advantage”.

Great start Mr. President.

Posted in Computer safety, Cyberwar, Data Breaches, Federal Government | No Comments »

Relentless Fraudsters Begin The Assault

January 17th, 2009

The New Year’s barrage arrives just days before President Obama is sworn in.

Today was unlike most days when I open my email, yawn and shrug my shoulders. This evening, my KEEN eye caught three names of email senders that I didn’t recognize. That generally means “junk or spam email, but today was different due to the sheer volume and ridiculously (laughable) transparency of these scammers.

These emails were online scams, so phony looking that anyone with “half-a-brain” could spot them a mile away. Three in one day! I had to look in a mirror to make sure the word “sucka” wasn’t pinned to my back.

Not only did the senders promise OUTRAGEOUS sums of money for my help, the spelllinngg was so bad that I actually laughed out loud.

Phishing scams come in many varieties including lottery scams, bill collector scams, fraud investigation scams, employment application scams, overseas bank transfer scams, credit card or banking verification scams and many  others.

According to the Yahoo Security Center:

“If you receive an email (or instant message) from someone you don’t know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don’t be fooled by a site that looks real. It’s easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.”

Unfortunately, the current economic downturn is expected to cause a dramatic increase in the number and frequency of these fraudulent attempts to separate the uninformed from their personal data.

The good news is that these crimes are getting harder and harder to pull off, due to greater consumer awareness and more advanced spam filtering technologies.

Despite the almost comical transparency of the three scams that entered my email box today, the potential for harm and the growing frequency of these annoying ploys is really no laughing matter.

Posted in Computer safety, Cyberwar, Financial Scams | No Comments »

Forecasters Make ID Theft Predictions For 2009

January 4th, 2009

Recently, the Identity Theft Resource Center looked forward to the coming year to predict events that will be the inevitable outcomes of the current economic crisis and the looming identity theft battles.

Real Estate: Homeowners who are behind on payments or seeking refinancing sources can easily fall prey to unscrupulous thieves who are more than willing to “take your information and see what we can do”. Bogus land grants and home equity scams will be commonplace. The recommendation is that homeowners speak directly with well known and established banking and mortgage companies in order to avoid the potential pitfalls of unknown solution providers.

Credit Cards: Many consumers may unknowingly turn to thieves in order to get access to credit cards, debit cards and debt consolidation loans. It is easy to imagine handing over private information to seemingly legitimate companies. Like the mortgage industry, the credit card world has been turned on it’s head in the current economic climate. Look before you “leap” into a deal that may be too good to be true.

Check Fraud: Due to the lack of easy credit, many thieves will turn to check fraud as a way to accomplish their crimes. Needless to say, safeguard your checkbook, deposit slips and banking statements as a first line of defense. Many financial advisers are steering clients away from using paper checks at all. If you must write paper checks, be sure to use an anti-check-washing gel pen and keep a close eye out for any irregularities on your statement.

Organized Crime and Cyber-Thieves- Rings of professional thieves from all over the world have helped make identity theft the fastest growing crime in the United States. Security experts agree that these attacks will become more brazen as time goes by. According to the Wall Street Journal, the U.S. Department of Homeland Security has been reviewing “worst case scenarios” for possible attacks against U.S. government, industrial and financial institutions.

Consumer Scams: Common and rampant scams with nicknames such as skimming, phishing, vishing, pharming and whaling will continue in 2009. This is largely due to the weak condition of the U.S. economy, the vulnerability of average consumer and law enforcement’s scarcity of resources to deal with the sheer volume of complaints.

Breaches: Corporate, educational and government security breaches continue to grow every year. According to the ITRC, there were 641 breaches in 2008, surpassing the total of 446 in 2007. Due to the portability of data, the easy theft of laptops, the cunning deception of “inside scam artists” and the desperation of global perpetrators, this number will continue to increase. At the very least, have your own laptop or PDA/smart-phone set up with encryption and password protection software.

Remaining diligent, alert and informed about the latest scams and threats is your best defense against being victimized in 2009. Stay tuned.

Tags: , , , , ,
Posted in Credit card fraud, Credit industry, Cyberwar, Data Breaches, Federal Government, Real Estate Fraud | No Comments »

ID Theft Scam Makes Front Page Headlines in L.A.

December 6th, 2008

The Los Angeles Daily News ran a front page headline yesterday that was right up my alley! The L.A.P.D . in this case, got their man and the bust was one of the most significant fraud arrests in recent Southern California memory.

Not only was the culprit apprehended after a lengthy investigation, but the tools of his trade were confiscated, making this arrest one of the more successful in terms of peeking into the secret world of a full time identity thief.

Like the illusionists in Las Vegas, these trade secrets are highly guarded from the public unless someone gets the chance to pull the curtain back to reveal the inner-workings of these clever con-men.

As reported in the Daily News yesterday:

“….underneath his cool and collected exterior, the 44-year old man was found to possess more than 1000 forged credit cards he used to scam San Fernando Valley residents and businesses in an operation estimated to have netted millions of dollars, police said. His bail was set at $2 million and we’re investigating mail fraud, grand theft and additional charges…”

Investigators discovered state-of-the-art tools and equipment that enabled the suspect to create magnetic strips for the back of the fake credit cards. Stores like Costco, Wal-mart and Sam’s Club were perfect locations for the suspect to go on shopping sprees with the fake credit cards.

Fortunately, an alert internal investigations team at Costco noticed the suspect’s unusual purchasing patterns in one of their stores and the investigation was finally brought to a conclusion several months later.

Thanks in part to Hollywood, the theft or misappropriation of an identity for the purpose of financial gain is all to common in television and movies, which desensitizes us to the devastating financial impact of this no-so-victimless crime in the “real world”.

Anyone who rents property should note that this particular case includes private financial information which was included on confiscated rental applications. Costco has partnered with Identity Guard to offer credit monitoring services to their members for a nominal monthly fee.

A few reminders are in order:

  • Don’t lend your credit cards to anyone (seems obvious I know)
  • Monitor your statements to detect unauthorized activity on your account
  • Report suspicious activity in writing to the card issuer
  • Make sure your mailbox is locked to protect statements or new cards that arrive
  • Minimize the number of credit cards that you carry
  • College dorms and apartments are rich targets for prying eyes and sticky fingers
  • Use online sites that start with https:// which tend to indicate they are “secure”

This case underscores the reality and vitality of professional identity theft gangs. Although credit isn’t as easy to obtain during this holiday season as it has been in the past, your chances of being victimized are better than ever.

Desperate times call for deliberate counter-measures!

Posted in Credit card fraud, Data security | No Comments »

If Obama and Palin Can Be Hacked, So Can You!

December 1st, 2008

With the holiday season upon us and the election season behind us, the average consumer may have their attention diverted away from personal privacy issues.

President-elect Barack Obama and Alaska Gov. Sarah Palin were concentrating on the election, while high tech thieves smelled an opportunity to violate the candidates’ privacy with reckless abandon. These fraudsters were phone company insiders and random email hackers, not mobsters from an Eastern European crime family.

Here is an excerpt from a story posted on fiercewireless.com:

“Verizon Wireless has fired the employees who accessed President-elect Barack Obama’s personal cell phone account without authorization.

A report on CNN.com quoted an unnamed Verizon source, who would not disclose how many people were fired but said, “we now consider this matter closed.” Apparently the employees were involved in customer service and were not authorized to look at an account unless a customer requested it.

The source also said that records of no other well-known customers had been breached. The phone that was accessed was a flip phone that had been inactive for months, and was not a Blackberry or other smartphone from which email could have been sent or data services could have been accessed.”

In Palin’s case, a 20-year-old student at the University of Tennessee has been indicted for breaking into one of Palin’s accounts and posting the information on a public website.

Here’s the point. We are all vulnerable to attack even if we are careful to do everything right in the privacy arena. Recovering from the emotional roller-coaster and sense of violation after being victimized can be both traumatic and lengthy. In extreme cases, you could even be facing a run-in with the law.

Prepare to remain steadfast this holiday season. If you are a member of AAA, you can unwrap an early Christmas present from them just by visiting their website and reading about their “free”, yes FREE credit monitoring and alerts for members only.

Posted in Data security, Federal Government, Personal privacy | No Comments »

The U.S. Supreme Court Eyeballs Identity Theft

October 29th, 2008

“But your honor, I didn’t know…..”

The Associated Press reported this week that the United States Supreme Court has agreed to look into several cases in which undocumented foreign workers used false identities to obtain employment.

Federal prosecutors in these cases are adding more severe identity theft charges to the immigration violations they are uncovering, prompting defense lawyers to cry foul.

The government has persuaded defendants to plead guilty to lesser immigration violation charges in order to avoid the more serious identity theft charges which carry mandatory prison sentences.

In several cases, defendants have been convicted of aggravated identity theft. The defense is arguing that the more serious charges are unfounded because defendants did not knowingly use stolen Social Security numbers.

Federal appeals courts around the country have divided on the issue, which will now get the attention of the high court next year. The Bush administration claims that federal law makes it illegal to “knowingly” use another person’s identification. In 2004, President Bush signed a law requiring tougher penalties for those convicted of identity theft.

The U.S. Department of Homeland Security now serves as a “clearinghouse” for employers seeking to verify the identity of job applicants presenting identifying documents. Huge raids against illegal workers in Texas and elsewhere, make this case one to watch.

Posted in Federal Law, Illegal Immigration | No Comments »

How A Financial Crisis Leaves Our Data Vulnerable

October 15th, 2008

As major banks, insurance companies and investment firms fall victim to the current tsunami of financial storms, your privacy may suffer. When firms change hands, downsize their payrolls and transfer massive amounts of data, proprietary information is left exposed and privacy erodes.

At the end of September, the Dow Jones Industrial Average took the single biggest dive in history, dipping 777 points. In the wake of the impending reorganization of American business, your credit card balances, your mortgage, your savings accounts and your credit history will probably be reshuffled and reinserted into the database of the account’s new overseer.

After days of marathon negotiations, the bailout measure initially went down to defeat in the Congress by a vote of 228 to 205. After the Senate and the House gave final approval for a modified version of the $700 billion rescue plan, President Bush signed it into law on October 3rd, 2008.

Although the free markets globally are facing their toughest challenge ever, those markets do work. The problem is that they are controlled by human beings who are subject to behavior that is sometimes irrational, emotional and irresponsible.

Because of the irresponsible and sometimes deliberate misdeeds of the guardians of the financial gate, it is still your responsibility to to guard your personal information the best way you know how.

If you do not have a personal identity theft risk prevention, detection and mitigation plan in place, what are you waiting for? Visit the Privacy Rights Clearinghouse for great tips on how to protect yourself.

Posted in Data security, Federal Government, Personal privacy | No Comments »

6 Smart Ways to Safeguard Your Child's Identity

September 17th, 2008

Many of you who have kids may have wondered if your little crumb snatchers are vulnerable to identity theft. If that thought has ever crossed your mind, you are not alone.

My first clue that our own kids were potential victims, surfaced when unsolicited mail began showing up in the mailbox. Credit card offers with the names of pre-teens and teenagers are not uncommon.

If you have not opted-out of junk mail, you are probably still seeing offers from predatory lenders arrive pretty frequently. “Don’t they know that little Bobby has no job or income?”

Each year, experts estimate that more than 3 million people discover that a new credit account has been opened up in their name. Your child’s vital data has value in the dark world of identity thieves.

Many fraudsters troll in these waters and they know that their crimes could possibly go undetected simply because of the age of the victim. Targeting victims who are unaware of their exposure makes the chance of detection slimmer than usual.

Not only do young victims remain in the dark, but their parents may not uncover the damage for many years. When the young person tries to get a driver’s license or applies for a credit card, they discover a crime that could be years old with no way to fight back.

Here are 6 steps parents should take for the protection of their child’s identity.

  1. Never disclose your child’s social security number unless it is mandatory- such as school records, income tax returns or medical emergencies.
  2. Keep copies of birth certificates under lock and key and share them only when the information is mandatory.
  3. Don’t be intimidated or afraid to ask anyone who requests a personal document WHY that specific information is needed. Also ask WHAT steps they take to safeguard the information.
  4. Don’t let a child or adolescent carry a copy of his or her Social Security card in their purse or wallet.
  5. Watch the mail for credit offers or other personalized mail to your child. These early warning signs can signal danger ahead or possibly danger in progress.
  6. Opt out of junk mail for you and your kids. There are companies that will allow you to get your children’s name off of the direct marketers lists along with your own. Check out greendimes.com for a great example of this type of service.

You can also request a free credit report from each of the major credit reporting agencies once a year for your child. If the child is under age 13, the request must be in writing.

For more information go to annualcreditreport.com, a website operated by the three credit reporting agencies. While there, you can request a free copy of your own report.

Finally, remember that privacy leakage occurs often on the web and especially at social networking sites like MySpace and Facebook. These companies do what they can to help monitor activity on their sites, but ultimately your child’s identity safety practices are your responsibility.

Posted in Child ID Fraud, Personal privacy, Personal Responsibility | No Comments »

Identity Appreciation Month

September 1st, 2008

I appreciate the value of my intact identity profile…don’t you?

It has been too long since my last post. The past month has been a whirlwind for me as a result of my vacation to China.

As anyone who travels regularly will tell you, keeping tabs on your identity is a both a necessary evil and a blessing beyond belief when traveling abroad. Venturing off to China during the Olympics is certainly a test of all the safeguards that are supposed to be in place to make sure that you are really the real you when you travel.

Passing through customs, immigration and the tightest security I have ever witnessed gave me both a sense of awe and gratitude. Chinese security officials had their hands full and the world witnessed one of the most spectacular displays of pomp, ceremony and athletic achievement ever organized.

At the same time, security was at an all time high for good reason. The eyes of the world were fixed on Beijing and our hosts wanted the occasion to shine. I think we all agree …..it did.

The 12 hour flight from the West Coast gave me a chance to catch up on some of the latest and greatest scams we are facing here at home. One that caught my eye in particular was the number of credit card skimming cases which the Secret Service is investigating around the country.

In my seminars, I magically produce and vanish a card “reader” which could be called a “skimming device” if it fell into the wrong hands. The problem is that we are so used to seeing them, that we don’t even think about sliding our credit and debit cards into a device at an ATM, bank or retail location.

The challenge is that these high tech and deceptive skimmers don’t prevent the machine we are accessing from working and can be painted to match the color of any legitimate machine. According to USA Today, there are major investigations going on right now in California, Delaware, Nevada, Pennsylvania and Washington.

In Washington state alone, the number of recent victims could total as high as 250 people with losses totaling $500,000. The combined total of the cases totals between $1 million to $3.5 million stolen from victims.

The obvious first step for self protection is awareness and a keen eye for anything that may look suspicious. Thieves quite often place a small camera on or near the pump or ATM which records pin numbers as you key them in.

Diligent, constant awareness of irregularities and unauthorized activity on your accounts is your personal responsibility. The good news for American consumers is that reporting fraudulent or suspicious activity generally stops or reverses damage done with credit cards and most debit cards bearing the Mastercard or Visa logos. Irregularities must be reported in a “timely fashion” which generally means 60 days or less from discovery of the event.

Yes, old fashioned skimming is alive and well and being dispensed at an ATM or gas pump near you.

Posted in Credit card fraud, Data security, Personal privacy, Uncategorized | No Comments »

« Older Entries
Newer Entries »