Posts Tagged ‘Data Breaches’

Global Spear-Phishing: A New Threat

Thursday, April 7th, 2011

While Charlie Sheen maniacally pronounces his  self induced “winning” status to a saddened, bewildered and exhausted fan base, another  growing menace actually seems poised for “winning”.

Consumers got a wake up call on two fronts with the disclosure of the massive Epsilon Interactive data breach last week.

Our  first wake up call stems from the sheer length of the  list of companies who utilize Epsilon’s email  service to reach their customers.

The second wake up call is the reality that so many trusted brands outsource our names and email addresses to a third party  email service provider (ESP)  who has now been exposed as functionally incapable of protecting the  private personal data that was entrusted to them.

The truth is that there is nothing you or I can do to prevent these leaks when the repository for our data is in the hands of other people.

According to the consumer advocacy group Cauce, the following  financial institutions were affected by the breach:

  • Ameriprise Financial
  • Barclays Bank of Delaware
  • Capital One
  • CITI
  • JP Morgan Chase
  • Moneygram
  • Scottrade
  • TD Ameritrade
  • TIAA-CREF
  • U.S. Bank
  • World Financial Network National Bank (Victoria’s Secret card)

The CAUCE report went on to explain:

“As well, these marketing and retail companies have reportedly had their client email, names and in some cases, other information stolen”:

  1. 1800Flowers.com
  2. AbeBooks (division of Amazon)
  3. Airmiles
  4. Beachbody
  5. Benefit Cosmetics
  6. Best Buy
  7. Best Buy Canada Reward Zone
  8. Brookstone
  9. City Market
  10. CollegeBoard
  11. Dillons
  12. Disney Destinations
  13. Eileen Fisher
  14. Ethan Allen
  15. Food 4 Less
  16. Fred Meyer
  17. Fry’s
  18. Hilton HHonors
  19. Home Shopping Network
  20. Jay C
  21. King Soopers
  22. Krogers
  23. Lacoste
  24. L.L. Bean credit card
  25. Marks and Spencer
  26. Marriott Rewards (Update: Marriottt confirmed NO points totals were taken)
  27. McKinsey Quarterly
  28. New York & Company
  29. QFC
  30. Ralphs
  31. Red Roof Inns
  32. Ritz-Carlton (Update: Ritz-Carlton confirmed NO points totals were taken)
  33. Robert Half
  34. Smith’s
  35. Soccer.com
  36. Target
  37. TiVo
  38. Verizon
  39. Viking River Cruises (unconfirmed)
  40. Walgreens (for the second time)

The impact of the Epsilon breach is expected to cause a sharp, severe and extended series of spear phishing attacks. These phishing attacks will  target and exploit the trusting relationship between the victimized brands and their clients.

It is estimated that tens of millions of people’s names and email addresses have been exposed as a result of this breach. In the past three days, our own household has received at least three notifications from worried banks and retailers.

Consumers should brace themselves for what could be a barrage of incoming phishing attempts, disguised as communication from a trusted vendor. Although most savvy internet users are aware of these ploys, now is a good time for a few timely reminders.

  • Consumers can report attempted phishing attacks to the U.S. Secret Service by emailing them at: phishing-report@uscert.gov
  • Never click on a link in an email, just type the web address into your browser yourself to avoid infectious malware.
  • Security expert Brian Krebs reported that over 100  ESP’s (email service providers) have been under attack by fraudsters in recent months. This is an ongoing, sustained effort to grab your information!
  • Gmail, Earthlink and Yahoo all provide tools to help fight spam and phishing attacks.

An ancient proverb comes to mind: ” Trust in the gods, but tie up  your camel anyway!”

 

Tags: , ,
Posted in Data Breaches, Data security, Financial Scams, Internet, Phishing | No Comments »

“Trolls” Attack Rahm Emanuel’s iPad

Thursday, January 20th, 2011

Internet trolls are lurking in our midst.

Think your iPad is safe from hackers? Think again.

Charges have been filed against a pair of self-described Internet “trolls” who claim responsibility for hacking into AT&T’s servers last summer.

New Jersey District Attorney Paul Fishman has filed charges against two computer hackers who are charged with exposing  over 120,000 names and email addresses.

“The hallmark of this criminal hacker subculture is malicious one-upmanship,” Fishman added. “The more their victims have to scramble to fix the holes and the bigger the humiliation in reputational and actual damage to the corporate victim, the more bragging rights these individuals have in their own community.”

Many of the victims in this case are well known  politicians,  entertainers, and business leaders. Some of the more prominent victims include former White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg, and ABC News anchor Diane Sawyer.

The “trolls”  bragged about their exploits in order to gain notoriety and street cred, prompting officials to charge them with fraud and conspiracy.

Because consumers have no direct control over the network security of their vendors, remember these tips:

  • Seek, read, print and safely store the privacy notices of your all your electronic and financial service providers.
  • Keep on guard for irregularities on all your monthly statements.
  • Regularly review your free credit report  several times per year at http://www.annualcreditreport.com

The volatile combination of hackers, organized crime, thrill seekers, and technology trolls have morphed into the next generation of  Dorothy’s lions and tigers and bears….oh my!

Tags: , ,
Posted in Data Breaches, Data security | No Comments »

Forecasters Make ID Theft Predictions For 2009

Sunday, January 4th, 2009

Recently, the Identity Theft Resource Center looked forward to the coming year to predict events that will be the inevitable outcomes of the current economic crisis and the looming identity theft battles.

Real Estate: Homeowners who are behind on payments or seeking refinancing sources can easily fall prey to unscrupulous thieves who are more than willing to “take your information and see what we can do”. Bogus land grants and home equity scams will be commonplace. The recommendation is that homeowners speak directly with well known and established banking and mortgage companies in order to avoid the potential pitfalls of unknown solution providers.

Credit Cards: Many consumers may unknowingly turn to thieves in order to get access to credit cards, debit cards and debt consolidation loans. It is easy to imagine handing over private information to seemingly legitimate companies. Like the mortgage industry, the credit card world has been turned on it’s head in the current economic climate. Look before you “leap” into a deal that may be too good to be true.

Check Fraud: Due to the lack of easy credit, many thieves will turn to check fraud as a way to accomplish their crimes. Needless to say, safeguard your checkbook, deposit slips and banking statements as a first line of defense. Many financial advisers are steering clients away from using paper checks at all. If you must write paper checks, be sure to use an anti-check-washing gel pen and keep a close eye out for any irregularities on your statement.

Organized Crime and Cyber-Thieves- Rings of professional thieves from all over the world have helped make identity theft the fastest growing crime in the United States. Security experts agree that these attacks will become more brazen as time goes by. According to the Wall Street Journal, the U.S. Department of Homeland Security has been reviewing “worst case scenarios” for possible attacks against U.S. government, industrial and financial institutions.

Consumer Scams: Common and rampant scams with nicknames such as skimming, phishing, vishing, pharming and whaling will continue in 2009. This is largely due to the weak condition of the U.S. economy, the vulnerability of average consumer and law enforcement’s scarcity of resources to deal with the sheer volume of complaints.

Breaches: Corporate, educational and government security breaches continue to grow every year. According to the ITRC, there were 641 breaches in 2008, surpassing the total of 446 in 2007. Due to the portability of data, the easy theft of laptops, the cunning deception of “inside scam artists” and the desperation of global perpetrators, this number will continue to increase. At the very least, have your own laptop or PDA/smart-phone set up with encryption and password protection software.

Remaining diligent, alert and informed about the latest scams and threats is your best defense against being victimized in 2009. Stay tuned.

Tags: , , , , ,
Posted in Credit card fraud, Credit industry, Cyberwar, Data Breaches, Federal Government, Real Estate Fraud | No Comments »