Posted: Nov 25, 2009 8:00 PM CST Updated: Nov 26, 2009 8:27 PM CST
by Larry Lemmons
Newschannel 10
Amarillo, Texas - Scams and identity theft are dangers for online shoppers as the holiday shopping season gets underway.
Believe it or not more than half of consumers are expected to shop online for holiday gifts.
But there are some simple rules to follow if you do. The best way to protect yourself when ordering online is to go to well-known secure sites, preferably with a local outlet.
Cpl. Jerry Neufeld of the Amarillo Police Department says, "If you're going to buy something, if there's at least a local connection like Best Buy, or whoever, that if you have a problem with your statement or you didn't receive the product, I can go out here off Soncy and go talk to a manager and say, hey, this is what I've done.
Brian Hughes, Manager of the Best Buy in Amarillo says, "Here at Best Buy we always strive to take care of our customers not only in the store but online too."
It's also important that your own computer be secure. Hughes says, "So many things going on now with hacking and people stealing data that it's very important that you have your computer protected, anti-spyware, antivirus, very important. If not, you go on to three or four websites right off the bat you get a virus and you're shut down."
Skimming is when thieves use small devices at a card swiping machine to steal your information. Police say they haven't seen many if any instances of skimming here in Amarillo but if you're traveling or you want to be cautious you might give the slot a little shake, just to see if it comes off."
Finally, if you think you're a victim of identity theft, place a fraud alert on your credit reports quickly and file a police report.
Online shopping is becoming a lot more popular with folks who don't like to fight the crowds. In fact, 26 percent more folks will be doing that over last year.
http://www.newschannel10.com/global/story.asp?s=11575900
Friday, December 11, 2009
Phishing Scam Imitates cPanel, Targets Webmasters
By Liam Eagle, December 08,
(WEB HOST INDUSTRY REVIEW) -- A report published Monday on the Register said a new phishing scam has been uncovered, targeting the webmasters of legitimate websites by appearing to be their hosting providers and asking for their administrator login details.
The new scam, which was reported on Saturday by security researcher Gary Warner, via a post on his blog, targets the customers of a long list of hosting providers, including some of the most widely used hosting companies – Go Daddy, Hostgator and Yahoo! among them.
Customers of these and other hosting companies, a list of more than 90 in total, have received emails that vary somewhat in content, but ultimately ask, “due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.”
Clicking on a link in the email takes the user to a page that imitates the appearance of the widely-used hosting control panel cPanel. Should the customer enter their information, they are then forwarded to their hosting provider’s login page.
“The goal seems to really be capturing the FTP userids and passwords of webmasters,” writes Werner. “You can imagine what sorts of badness this campaign may lead to.”
As pointed out in the Register story, an increasingly popular tactic among phishers, and distributers of Malware, is corrupting trusted websites, often a step in the distribution of the viruses that create botnets then used to distribute spam.
The Register cites recently-launched security firm Dasient, a company that provides antivirus-type security scanning and repair for websites, as reporting that 640,000 websites were infected with code designed to launch malware attacks on visitors.
From the webmaster’s perspective, having a website corrupted with malware can lead to a site being added on blacklists that can be very difficult to make it away from. Those blacklists are used by Google and Firefox, as well as other tools, to warn users they may be entering unsafe websites.
Werner advises webmasters targeted by the attack to let their web hosting companies know they have been targeted. We would similarly advise web hosting companies named on Werner’s list to let customers know they might be targeted by this sort of phishing email, in much the way banks have been doing for several years.
http://www.thewhir.com/web-hosting-news/120809_Phishing_Scam_Imitates_cPanel_Targets_Webmasters
Wednesday, November 18, 2009
Job Search Scams: 6 Ways to Protect Yourself Against Identity Theft
Identity theft rings have set their sights on the 15.7 million Americans who are unemployed and looking for work. Here's how to ensure you don't end up a victim.
Fri, November 13, 2009 -- CIO-- As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.
"We have seen a large proliferation of these scams over the past six to nine months because of the employment situation," says Lyn Chitow Oaks, chief marketing officer of TrustedID, which provides identity-theft protection services to individuals, families and businesses.
1. Never share your bank account information up front. Legitimate employers don't need to access your bank account until you become an employee, says Oaks. If they ask for it as part of the application process, it's a warning sign that this "employer" may be up to no good.
2. Never share your Social Security number up front. Legitimate employers will ask for your Social Security number only when they're serious about making a job offer (e.g., after they've interviewed you) and need to conduct a background check, or after you've accepted their offer and they need your Social Security number for tax purposes, says Oaks. Identity thieves will find sneaky ways to ask for your Social Security number up front. Don't fall for their ploys.
3. Never agree to a background check up front. "Until you know you're a candidate for a position, it's not necessary for an employer to do a background check," says Oaks, adding that the only exception may be the government. "They need your Social Security number to complete a background check," she says, "and if you give them the opportunity to do that, they'll learn all kinds of personal information."
4. Research potential employers. If you're unsure whether a potential employer you've found on a job search site is legitimate, Oaks says to find out whether the business has a physical address and to check with the Better Business Bureau in the state where the business is allegedly located to make sure they're licensed.
5. Consider sharing less information on your resume. Many people include their phone numbers and mailing addresses on their resumes, and indeed, employers like to know job applicants' area codes and Zip codes because they sometimes screen candidates based on that information. But if you're wary of identity theft, you may want to include only an e-mail address, at least during initial stages with prospective employers, says Oaks. She also recommends creating a unique e-mail address for your job search. "If employers are interested in you," she says, "they'll contact you."
6. Opt out. When you sign up for e-mail newsletters and offers from legitimate businesses, opt out of receiving offers from their third-party business partners. That can cut down on the amount of spam e-mail you receive and decrease the chances of your personal information ending up on the black market.
Fri, November 13, 2009 -- CIO-- As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.
"We have seen a large proliferation of these scams over the past six to nine months because of the employment situation," says Lyn Chitow Oaks, chief marketing officer of TrustedID, which provides identity-theft protection services to individuals, families and businesses.
1. Never share your bank account information up front. Legitimate employers don't need to access your bank account until you become an employee, says Oaks. If they ask for it as part of the application process, it's a warning sign that this "employer" may be up to no good.
2. Never share your Social Security number up front. Legitimate employers will ask for your Social Security number only when they're serious about making a job offer (e.g., after they've interviewed you) and need to conduct a background check, or after you've accepted their offer and they need your Social Security number for tax purposes, says Oaks. Identity thieves will find sneaky ways to ask for your Social Security number up front. Don't fall for their ploys.
3. Never agree to a background check up front. "Until you know you're a candidate for a position, it's not necessary for an employer to do a background check," says Oaks, adding that the only exception may be the government. "They need your Social Security number to complete a background check," she says, "and if you give them the opportunity to do that, they'll learn all kinds of personal information."
4. Research potential employers. If you're unsure whether a potential employer you've found on a job search site is legitimate, Oaks says to find out whether the business has a physical address and to check with the Better Business Bureau in the state where the business is allegedly located to make sure they're licensed.
6. Opt out. When you sign up for e-mail newsletters and offers from legitimate businesses, opt out of receiving offers from their third-party business partners. That can cut down on the amount of spam e-mail you receive and decrease the chances of your personal information ending up on the black market.
Friday, November 13, 2009
This Incident has been confirmed. In Katy , TX
As a woman was putting gas in her car, a man came over and offered his services as a painter, and had his business card in his hand. She said no, but accepted his card out of kindness and got in the car. The man then got into a car driven by another gentleman. As the lady left the service station, she saw the men following her out of the station at the same time. Almost immediately, she started to feel dizzy and could not catch her breath. She tried to open the window and realized that the odor was on her hand; the same hand which accepted the card from the gentleman at the gas station.
She then noticed the men were immediately behind her and she felt she needed to do something at that moment. She drove into the first driveway and began to honk her horn repeatedly to ask for help.. The men drove away but the lady still felt pretty bad for several minutes after she could finally catch her breath. Apparently, there was a substance on the card that could have seriously injured her.
This drug is called 'BURUNDANGA ' and it is used by people who wish to incapacitate a victim in order to steal from or take advantage of them.
This drug is four times dangerous than the date rape drug and is transferable on simple cards.
So take heed and make sure you don ' t accept business cards at any given time alone or from someone on the streets. This applies to those making house calls and slipping you a card when they offer their services.
http://www.snopes.com/crime/warnings/burundanga.asp
She then noticed the men were immediately behind her and she felt she needed to do something at that moment. She drove into the first driveway and began to honk her horn repeatedly to ask for help.. The men drove away but the lady still felt pretty bad for several minutes after she could finally catch her breath. Apparently, there was a substance on the card that could have seriously injured her.
This drug is called 'BURUNDANGA ' and it is used by people who wish to incapacitate a victim in order to steal from or take advantage of them.
This drug is four times dangerous than the date rape drug and is transferable on simple cards.
So take heed and make sure you don ' t accept business cards at any given time alone or from someone on the streets. This applies to those making house calls and slipping you a card when they offer their services.
http://www.snopes.com/crime/warnings/burundanga.asp
Tuesday, November 10, 2009
Customer Data May be Too Risky to Keep
CIO Insight
With data security an oxymoron at many companies, it's time to rethink who controls customer data in the first place.
By Dan Gillmor - 2005-09-05
Companies keep finding ways to misplace consumers' personal data. Courier services lose tapes on their way to long-term storage facilities; malevolent social engineers con their way into access; laptop computers holding multiple databases are stolen.
We hear a lot about these kinds of things now because a new California law requires companies to disclose to consumers when their data has been compromised. It should be obvious, though, that data loss has been happening for some time, because the level of security in these cases seems to have been, at best, pervasively inadequate.
All of which makes me wonder: Why are companies keeping our data at all? Wouldn't they—and we—be better off in the long run if data wasn't collected and stored in the first place?
This sounds counterintuitive, and it certainly goes against today's common business practices. It's basically been an article of faith that gathering, storing and massaging ever more data is a good thing. Information can be power. It helps determine risk and reward. It helps a company know its various constituents better, including customers and suppliers. And it's worth money.
The current model fails in two areas. One, as noted, is with shamefully lax security. The other is the perverse notion that our personal lives are a commodity to be bought, sold and traded without serious regard for privacy or the consequences of sloppy handling. This doesn't even take into account the common problem of data that is outright false.
It is distressing that most personal information—such as what we spend and where we spend it, not to mention the ultimate skeleton key for identity thieves, our Social Security numbers—can be bartered at all. And when information is compromised or incorrect, consumers are largely responsible for cleaning up the chaos that results.
The data collection system is, at long last, beginning to fray at the edges. Consumers are growing more worried and angry over what they're learning about shoddy storage and trading practices. A recent survey by Harris Interactive found an increase in identity theft and a decrease in consumer confidence that negatively affected purchasing decisions.
The worst practices are drawing the attention of trial lawyers who, in the absence of more serious government enforcement, are prosecuting the promise-breakers.
But the California law may be a canary in the coal mine for keepers of data, because it signals the possible reappearance of legislators into an arena they've tried hard to avoid—a natural tendency, given the prodigious amounts of campaign contributions legislators have collected from the data collectors and sellers.
It's in this context that we should be asking whether the rewards of holding on to consumer data are worth the trouble—and whether it's possible to create an infrastructure that gives consumers much more control over their information from the outset.
Eric Norlin, a vice president at Ping Identity Corp., and a longtime writer on these matters, advocates "federated identity"—a decentralized system that would have the effect of giving consumers just this sort of granular control. "This is about customers being able to make their identities portable," he says, "to allow individuals to present the ID they choose to present to the service provider."
For example, if I were buying a plane ticket, I could give the airline permission to charge a certain amount of money to my credit card. But the airline wouldn't need access to the actual credit card number if I'd simultaneously given the card issuer enough information about the transaction to make the transfer. The bank or other card issuer would need my permission to pay the airline, but the entire transaction could take place in a seamless mesh of business logic, using advanced Web services, that lends parts of my identity to those who need it on a temporary basis.
This leaves a single potential point of failure (for this transaction, at any rate) from an identity-theft standpoint: the bank. Even though banks can, and sometimes do, get careless with data, a financial institution that builds and maintains an excellent record for data security will win more business. Competition for customers would bring more business to providers that are the most careful.
For such a system to have any chance of working, a variety of technologies is required. Ultimately, consumers and merchants must trust that the parties they're dealing with on either side of the transaction are indeed who they're supposed to be. Also, data cannot be easy to compromise. So encryption as well as the ability to digitally "sign" what we send around are crucial.
A viable public-key encryption infrastructure meets these requirements, and the technology's inventor is Whitfield Diffie, Sun Microsystems' chief security officer. He questions whether institutions would ever buy into an identity system where the data resided solely with consumers, but says there's no fundamental technical barrier.
Still, the practical difficulties are not trivial. Mortgage lenders may lose some of their ability to uncover information borrowers may have failed to disclose, and that would mean greater lending risk. One way around the problem might be harsher contract sanctions for failing to give lenders correct information when asked, plus a higher interest rate for more limited kinds of disclosure. In such transactions, people will have to make visible more verified data about themselves than in deals, such as a simple purchase, where the stakes are lower.
Another real-world barrier, Diffie notes, is the lack of a ubiquitous key infrastructure. The old AT&T could have created that, given its one-time dominance of communications. Federal agencies such as the National Security Agency had the wherewithal to do it, but the NSA damaged its credibility with the public by trying to exert improper control over encryption. Federated identity advocates are painstakingly building an infrastructure today that they hope will solve the problems of tomorrow.
One drawback with user-controlled data has nothing to do with business, and that is the government's wish to spy on us. Law enforcement might find its job complicated by an identity system that decentralized control and collection of information.
Even so, there is enormous logic and value to society in returning people's personal lives to their own control. The credibility of future electronically based commerce may depend on consumers' trust in the system. They are losing faith already, and a data Chernobyl is in no one's interest.
The way we're going, however, such a meltdown might be hard to avoid. It would be wise to plan now for the aftermath, wiser still if companies would consider—just consider—the possibility that data retention itself could be the heart of the problem, and seriously analyze the alternatives. That alone would move the ball ahead.
Corporate America has an unfortunate addiction to centralized data that it doesn't need. Sometimes, losing control is an advantage.
http://www.myinvisusdirect.com/Rgrabowski
http://www.cioinsight.com/c/a/Past-Opinions/Customer-Data-May-be-Too-Risky-to-Keep/
By Dan Gillmor - 2005-09-05
Companies keep finding ways to misplace consumers' personal data. Courier services lose tapes on their way to long-term storage facilities; malevolent social engineers con their way into access; laptop computers holding multiple databases are stolen.
We hear a lot about these kinds of things now because a new California law requires companies to disclose to consumers when their data has been compromised. It should be obvious, though, that data loss has been happening for some time, because the level of security in these cases seems to have been, at best, pervasively inadequate.
All of which makes me wonder: Why are companies keeping our data at all? Wouldn't they—and we—be better off in the long run if data wasn't collected and stored in the first place?
This sounds counterintuitive, and it certainly goes against today's common business practices. It's basically been an article of faith that gathering, storing and massaging ever more data is a good thing. Information can be power. It helps determine risk and reward. It helps a company know its various constituents better, including customers and suppliers. And it's worth money.
The current model fails in two areas. One, as noted, is with shamefully lax security. The other is the perverse notion that our personal lives are a commodity to be bought, sold and traded without serious regard for privacy or the consequences of sloppy handling. This doesn't even take into account the common problem of data that is outright false.
It is distressing that most personal information—such as what we spend and where we spend it, not to mention the ultimate skeleton key for identity thieves, our Social Security numbers—can be bartered at all. And when information is compromised or incorrect, consumers are largely responsible for cleaning up the chaos that results.
The data collection system is, at long last, beginning to fray at the edges. Consumers are growing more worried and angry over what they're learning about shoddy storage and trading practices. A recent survey by Harris Interactive found an increase in identity theft and a decrease in consumer confidence that negatively affected purchasing decisions.
The worst practices are drawing the attention of trial lawyers who, in the absence of more serious government enforcement, are prosecuting the promise-breakers.
But the California law may be a canary in the coal mine for keepers of data, because it signals the possible reappearance of legislators into an arena they've tried hard to avoid—a natural tendency, given the prodigious amounts of campaign contributions legislators have collected from the data collectors and sellers.
It's in this context that we should be asking whether the rewards of holding on to consumer data are worth the trouble—and whether it's possible to create an infrastructure that gives consumers much more control over their information from the outset.
Eric Norlin, a vice president at Ping Identity Corp., and a longtime writer on these matters, advocates "federated identity"—a decentralized system that would have the effect of giving consumers just this sort of granular control. "This is about customers being able to make their identities portable," he says, "to allow individuals to present the ID they choose to present to the service provider."
For example, if I were buying a plane ticket, I could give the airline permission to charge a certain amount of money to my credit card. But the airline wouldn't need access to the actual credit card number if I'd simultaneously given the card issuer enough information about the transaction to make the transfer. The bank or other card issuer would need my permission to pay the airline, but the entire transaction could take place in a seamless mesh of business logic, using advanced Web services, that lends parts of my identity to those who need it on a temporary basis.
This leaves a single potential point of failure (for this transaction, at any rate) from an identity-theft standpoint: the bank. Even though banks can, and sometimes do, get careless with data, a financial institution that builds and maintains an excellent record for data security will win more business. Competition for customers would bring more business to providers that are the most careful.
For such a system to have any chance of working, a variety of technologies is required. Ultimately, consumers and merchants must trust that the parties they're dealing with on either side of the transaction are indeed who they're supposed to be. Also, data cannot be easy to compromise. So encryption as well as the ability to digitally "sign" what we send around are crucial.
A viable public-key encryption infrastructure meets these requirements, and the technology's inventor is Whitfield Diffie, Sun Microsystems' chief security officer. He questions whether institutions would ever buy into an identity system where the data resided solely with consumers, but says there's no fundamental technical barrier.
Still, the practical difficulties are not trivial. Mortgage lenders may lose some of their ability to uncover information borrowers may have failed to disclose, and that would mean greater lending risk. One way around the problem might be harsher contract sanctions for failing to give lenders correct information when asked, plus a higher interest rate for more limited kinds of disclosure. In such transactions, people will have to make visible more verified data about themselves than in deals, such as a simple purchase, where the stakes are lower.
Another real-world barrier, Diffie notes, is the lack of a ubiquitous key infrastructure. The old AT&T could have created that, given its one-time dominance of communications. Federal agencies such as the National Security Agency had the wherewithal to do it, but the NSA damaged its credibility with the public by trying to exert improper control over encryption. Federated identity advocates are painstakingly building an infrastructure today that they hope will solve the problems of tomorrow.
One drawback with user-controlled data has nothing to do with business, and that is the government's wish to spy on us. Law enforcement might find its job complicated by an identity system that decentralized control and collection of information.
Even so, there is enormous logic and value to society in returning people's personal lives to their own control. The credibility of future electronically based commerce may depend on consumers' trust in the system. They are losing faith already, and a data Chernobyl is in no one's interest.
The way we're going, however, such a meltdown might be hard to avoid. It would be wise to plan now for the aftermath, wiser still if companies would consider—just consider—the possibility that data retention itself could be the heart of the problem, and seriously analyze the alternatives. That alone would move the ball ahead.
Corporate America has an unfortunate addiction to centralized data that it doesn't need. Sometimes, losing control is an advantage.
http://www.myinvisusdirect.com/Rgrabowski
http://www.cioinsight.com/c/a/Past-Opinions/Customer-Data-May-be-Too-Risky-to-Keep/
Friday, November 6, 2009
Cyber Crime Statistics
Cyber Crime Statistics from the 2006 Internet Crime Report*
In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints.
More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies.
Most of these were consumers and persons filing as private persons.
Total alleged dollar losses were more than $194 million.
Email and websites were the two primary mechanisms for fraud.
Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million.
The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud.
Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).
* The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the National White Collar Crime Center’s site, at http://www.ic3.gov/media/annualreport/2006_IC3Report.pdf .
Cyber Crime Statistics from the 12th Annual Computer Crime and Security Survey*
Between 2006 and 2007 there was a net increase in IT budget spent on security.
Significantly, however, the percentage of IT budget spent on security awareness training was very low, with 71% of respondents saying less than 5% of the security budget was spent on awareness training, 22% saying less than 1% was spent on such training.
90% of respondents said their company experienced a computer security incident in the past 12 months.
64% of losses were due to the actions of insiders at the company.
The top 3 types of attack, ranked by dollar losses, were:
financial fraud ($21.1 million)
viruses/worms/trojans ($8.4 million)
system penetration by outsiders ($6.8 million)
* The complete results of this study, as well as past studies, which are conducted annually by the Computer Security Institute, can be found at the CSI website www.gocsi.com . Interestingly, these statistics are compiled from voluntary responses of computer security professionals. Thus, there is certainly an inference that the damages due to computer security incidents are much higher than those cited here, as companies without responding security professionals undoubtedly were the victim of computer security incidents.
Cyber Crime Statistics from the Online Victimization of Youth, Five Years Later study*
Increasing numbers of children are being exposed to unwanted sexual materials online.
Reports of online sexual solicitations of youth decreased while reports of aggressive sexual solicitation of youth did not (perhaps indicating that some prevention and education measures may be working, while the most serious offenders may not be deterred).
Online child solicitation offenses are rarely reported to any authority.
Incidents of online harassment and bullying increased.
*This is an empirical study based on approximately 1500 surveys conducted with online youth in 2005 that were compared to the results of a similar study in 2001. The study was conducted by the National Center for Missing and Exploited Children, the Crimes Against Children Research Center, and the Office for Juvenile Justice and Delinquency Prevention at the United States Department of Justice. The complete results of the study can be found here http://www.missingkids.com/en_US/publications/NC167.pdf .
Thursday, October 22, 2009
Cybercrime threat rising sharply
The threat of cybercrime is rising sharply, experts have called for a new system to tackle well-organised gangs of cybercriminals.
Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they said.
The internet was vulnerable, they said, but as it was now part of society's central nervous system, attacks could threaten whole economies.
The past year had seen "more vulnerabilities, more cybercrime, more malicious software than ever before", more than had been seen in the past five years combined, one of the experts reported.
But does that really put "the internet at risk?", was the topic of session at the annual Davos meeting.
On the panel discussing the issue were Mozilla chairwoman Mitchell Baker (makers of the Firefox browser), McAfee chief executive Dave Dewalt, Harvard law professor and leading internet expert Jonathan Zittrain, Andre Kudelski of Kudelski group, which provides digital security solutions, and Tom Ilube, the boss of Garlik, a firm working on online web identity protection.
They were also joined by Microsoft's chief research officer, Craig Mundie.
To encourage frank debate, Davos rules do not allow the attribution of comments to individual panellists
Threat #1: Crime
The experts on the panel outlined a wide range of threats facing the internet.
There was traditional cybercrime: committing fraud or theft by stealing somebody's identity, their credit card details and other data, or tricking them into paying for services or goods that do not exist.
The majority of these crimes, one participant said, were not being committed by a youngster sitting in a basement at their computer.
Rather, they were executed by very large and very well-organised criminal gangs.
One panellist described the case of a lawyer who had realised that he could make more money though cybercrime.
He went on to assemble a gang of about 300 people with specialised roles - computer experts, lawyers, people harvesting the data etc.
Such criminals use viruses to take control of computers, combine thousands of them into so-called "botnets" that are used for concerted cyber attacks.
In the United States, a "virtual" group had managed to hijack and redirect the details of 25 million credit card transactions to Ukraine. The group used the data to buy a large number of goods, which were then sold on eBay.
This suggested organisation on a huge scale.
"This is not vandalism anymore, but organised criminality," a panellist said, while another added that "this is it is not about technology, but our economy".
Threat #2: the system
A much larger problem, though, are flaws in the set-up of the web itself.
It is organised around the principle of trust, which can have unexpected knock-on effects.
Nearly a year ago, Pakistan tried to ban a YouTube video that it deemed to be offensive to Islam.
The country's internet service providers (ISPs) were ordered to stop all YouTube traffic within Pakistan.
However, one ISP inadvertently managed to make YouTube inaccessible from anywhere in the world.
But in cyberspace, nobody is responsible for dealing with such incidents.
It fell to a loose group of volunteers to analyse the problem and distribute a patch globally within 90 minutes.
"Fortunately there was no Star Trek convention and they were all around," a panellist joked.
Threat #3: cyber warfare
Design flaws are one thing, cyber warfare is another.
Two years ago, a political dispute between Russia and Estonia escalated when the small Baltic country came under a sustained denial-of-service attack which disabled the country's banking industry and its utilities like the electricity network.
This was repeated last year, when Georgia's web infrastructure was brought down on its knees during its conflict with Russia.
"2008 was the year when cyber warfare began.. it showed that you can bring down a country within minutes," one panellist said.
"It was like cyber riot, Russia started it and then many hackers jumped on the bandwagon," said another.
This threat was now getting even greater because of the "multiplication of web-enabled devices" - from cars to fridges, from environmental sensors to digital television networks.
The panel discussed methods that terrorists could use to attack or undermine the whole internet, and posed the question whether the web would be able to survive such an assault.
The real problem, concluded one of the experts, was not the individual loss.
It was the systemic risk, where fraud and attacks undermine either trust in or the functionality of the system, to the point where it becomes unusable.
What solution?
"The problems are daunting, and it's getting worse," said one of the experts. "Do we need a true disaster to bring people together?," asked another.
One panellist noted that unlike the real world - where we know whether a certain neighbourhood is safe or not - cyberspace was still too new for most of us to make such judgements. This uncertainty created fear.
And as "the internet is a global network, it doesn't obey traditional boundaries, and traditional ways of policing don't work," one expert said.
Comparing virus-infected computers to people carrying highly infectious diseases like Sars, he proposed the creation of a World Health Organisation for the internet.
"If you have a highly communicable disease, you don't have any civil liberties at that point. We quarantine people."
"We can identify the machines that have been co-opted, that provide the energy to botnets, but right now we have no way to sequester them."
But several panellists worried about the heavy hand of government. The internet's strength was its open nature. Centralising it would be a huge threat to innovation, evolution and growth of the web.
"The amount of control required [to exclude all risk] is quite totalitarian," one of them warned.
Instead they suggested to foster the civic spirit of the web, similar to the open source software movement and the team that had sorted the YouTube problem.
"Would a formalised internet police following protocols have been able to find the [internet service provider] in Pakistan as quickly and deployed a fix that quickly?" one of them asked.
http://news.bbc.co.uk/2/hi/business/davos/7862549.stm
Cyber criminals targeting small businesses
By LOLITA C. BALDOR (AP) - Sept, 14, 2009
WASHINGTON — Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities.
Many of the attacks are being waged by organized cyber groups that are based abroad, and they are able to steal not only credit card numbers, but personal information — including Social Security numbers — of the card holders, said Michael Merritt, assistant director of the U.S. Secret Service's office of investigations.
Merritt, in testimony prepared for the Senate Homeland Security and Governmental Affairs, said that as larger companies have taken on more sophisticated computer network protections, cyber criminals have adapted and gone after the smaller businesses who do not have such high-level security.
Phil Reitinger, the deputy under secretary at the Department of Homeland Security said there are many simple steps that businesses can take to protect themselves.
"Securing the entrances of one's factory or store is second nature to any business owner and so cyber security protections mu st become," he said in his testimony to the panel. He added that a recent study suggested that as many as 87 percent of data breaches could be avoided by installing simple to intermediate preventative measures.
Reitinger and Merritt said government agencies are working to coordinate more both with each other and with the private sector to improve cyber security.
But lawmakers working on cyber security legislation in several committees across Capitol Hill are pressing for the administration to do more.
"Security cannot be achieved by the government alone," said Sen. Joseph I. Lieberman, I-Conn. and chairman of the homeland security panel. "Public-private partnership is essential. Together, business, government, law enforcement, and our foreign allies must partner to mitigate these attacks and bring these criminals to justice."
http://www.google.com/hostednews/ap/article/ALeqM5irz01lk0wZFR1RjIr9rXOFrrM72gD9AN4P3G1
WASHINGTON — Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities.
Many of the attacks are being waged by organized cyber groups that are based abroad, and they are able to steal not only credit card numbers, but personal information — including Social Security numbers — of the card holders, said Michael Merritt, assistant director of the U.S. Secret Service's office of investigations.
Merritt, in testimony prepared for the Senate Homeland Security and Governmental Affairs, said that as larger companies have taken on more sophisticated computer network protections, cyber criminals have adapted and gone after the smaller businesses who do not have such high-level security.
Phil Reitinger, the deputy under secretary at the Department of Homeland Security said there are many simple steps that businesses can take to protect themselves.
"Securing the entrances of one's factory or store is second nature to any business owner and so cyber security protections mu st become," he said in his testimony to the panel. He added that a recent study suggested that as many as 87 percent of data breaches could be avoided by installing simple to intermediate preventative measures.
Reitinger and Merritt said government agencies are working to coordinate more both with each other and with the private sector to improve cyber security.
But lawmakers working on cyber security legislation in several committees across Capitol Hill are pressing for the administration to do more.
"Security cannot be achieved by the government alone," said Sen. Joseph I. Lieberman, I-Conn. and chairman of the homeland security panel. "Public-private partnership is essential. Together, business, government, law enforcement, and our foreign allies must partner to mitigate these attacks and bring these criminals to justice."
http://www.google.com/hostednews/ap/article/ALeqM5irz01lk0wZFR1RjIr9rXOFrrM72gD9AN4P3G1
Is that ATM safe?
Monitoring all your accounts is important, but these days you want to pay particular attention to what's going on in your checking and savings accounts, because thieves increasingly target bank accounts.
The bad guys have found plenty of ways to steal all-important PINs. Some set up bogus ATMs or install skimming devices or cameras on legitimate machines to record account numbers and PINs.
A few may even have cracked what MSNBC technology columnist Bob Sullivan calls the "holy grail" of bank-account hacking, by stealing and decoding encrypted PINs from a retailer's database.
So the answer to question No. 2 is also "false." You don't want to write down your PIN, of course, but keeping it a secret won't necessarily protect your account.
What you need to do:
Avoid unfamiliar ATMs.
Consider using your credit card instead of your debit card for transactions.
Monitor your bank transactions at least once a week and question any unfamiliar charges.
If your accounts have been compromised, shut them down and open new ones. The bank may resist, but once the bad guys have access to your account, there's really no foolproof way to keep them out, except by shutting it down and starting with a new account number.
'Helping' you as they help themselves
Finally, you need to know about a twist on "phishing" scams called "vishing."
In a phishing scam, you get an e-mail purportedly from your bank or another financial institution, or a site where you have an account, such as eBay or PayPal. The e-mail typically warns of some security problem and tries to get you to provide personal information, such as your login ID and password.
Vishing is like phishing, except a phone is involved. You may get an e-mail directing you to call a phony customer-service line, which prompts you to input account numbers, passwords and other identifying information.
Or you may get a phone call purporting to be from your bank or credit card issuer and be asked to provide critical information, such as the security code on your credit card. The criminal may already have some of your account information, to create a false sense of security.
By the way, you can't trust caller ID to separate legitimate calls from vishing calls. The criminals often use Internet calling services with software programs that create bogus customer-service numbers, or they hack into legitimate companies' phone lines.
To fight back: If you get an e-mail or phone call purporting to be from your financial institution, don't provide any information. Dial your institution's main number yourself and let it know what's happened. If it's a fraud call, you'll be connected to the right people for further action.
In other words, be vigilant. Always assume the sender of the e-mail, the caller on the phone and the person standing behind you in line are out to wreak havoc on your financial life. A little suspicion can go a long way toward protecting your wallet and your identity.
Liz Pulliam Weston's latest book, "Easy Money: How to Simplify Your Finances and Get What You Want Out of Life," is now available. Columns by Weston, the Web's most-read personal-finance writer and winner of the 2007 Clarion Award for online journalism, appear every Monday and Thursday, exclusively on MSN Money. She also answers reader questions on the Your Money message board.
http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/tough-times-are-ripe-for-ID-theft.aspx
MSN Money
Learn about the 'nuclear bomb' of identity-theft protection, the one way to freeze out ID thieves.
When the method the criminals used to steal IDs was known, old-school tactics were far more common than higher-tech approaches, according to Javelin. Here's how it broke down in 2007:
33% of the incidents were due to lost or stolen wallets.
23% of victims were "shoulder surfed" while conducting a transaction (the thief watched over the victim's shoulder as the victim punched in a PIN or used a credit card).
17% were victimized by family members or other people they knew. (Read "8 signs you may know an identity thief.")
12% were victimized online.
7% were victimized as a result of data breaches.
So the answer to the first question is "false."
Continued: How to protect your information
That's actually good news, since there's a lot more you can do to protect the information that's under your control than the stuff that's out there in somebody else's database.
Such as:
Program the following numbers into your cell phone so you can quickly report lost or stolen cards: American Express, 1-800-268-9824; Discover, 1-800-DISCOVER or 1-800-347-2683; MasterCard, 1-800-MASTERCARD or 800-627-8372; Visa, 1-800-VISA-911 or 1-800-847-2911.
Shield the keypad with your hand anytime you type in a PIN, and palm a credit card so the numbers don't show while you're waiting in line or finishing a transaction.
Keep your checks, account statements and other sensitive financial information in a locked filing cabinet. This is especially important whenever people you don't absolutely trust will be in your home, such as during parties, when you're having work done on your house or during any family gatherings that include sketchy relatives.
Set up e-mail alerts in your bank and credit card accounts to inform you when large transactions have been made or when your balance reaches certain limits.
Monitor your credit reports. You can access reports from each of the three major bureaus once a year at the government's free site. If you're at high risk for identity theft or will be in the market for a loan in the next few months, consider getting a credit-monitoring subscription. (Read "Should you hire a credit watchdog?" for details.)
Never click on a link embedded in an e-mail, even if the message looks like it legitimately came from one of your financial institutions. Open a new browser window and type in the institution's URL yourself.
Consider blocking access to your credit reports if you've already been a victim of identity theft or are at high risk. (Read "Should you freeze your credit report?")
Cancel paper bills and statements. Monitor your accounts and pay your bills online. People who monitor their accounts online tend to catch fraud much faster. (Read "Go paperless for safer banking.")
When the method the criminals used to steal IDs was known, old-school tactics were far more common than higher-tech approaches, according to Javelin. Here's how it broke down in 2007:
33% of the incidents were due to lost or stolen wallets.
23% of victims were "shoulder surfed" while conducting a transaction (the thief watched over the victim's shoulder as the victim punched in a PIN or used a credit card).
17% were victimized by family members or other people they knew. (Read "8 signs you may know an identity thief.")
12% were victimized online.
7% were victimized as a result of data breaches.
So the answer to the first question is "false."
Continued: How to protect your information
That's actually good news, since there's a lot more you can do to protect the information that's under your control than the stuff that's out there in somebody else's database.
Such as:
Program the following numbers into your cell phone so you can quickly report lost or stolen cards: American Express, 1-800-268-9824; Discover, 1-800-DISCOVER or 1-800-347-2683; MasterCard, 1-800-MASTERCARD or 800-627-8372; Visa, 1-800-VISA-911 or 1-800-847-2911.
Shield the keypad with your hand anytime you type in a PIN, and palm a credit card so the numbers don't show while you're waiting in line or finishing a transaction.
Keep your checks, account statements and other sensitive financial information in a locked filing cabinet. This is especially important whenever people you don't absolutely trust will be in your home, such as during parties, when you're having work done on your house or during any family gatherings that include sketchy relatives.
Set up e-mail alerts in your bank and credit card accounts to inform you when large transactions have been made or when your balance reaches certain limits.
Monitor your credit reports. You can access reports from each of the three major bureaus once a year at the government's free site. If you're at high risk for identity theft or will be in the market for a loan in the next few months, consider getting a credit-monitoring subscription. (Read "Should you hire a credit watchdog?" for details.)
Never click on a link embedded in an e-mail, even if the message looks like it legitimately came from one of your financial institutions. Open a new browser window and type in the institution's URL yourself.
Consider blocking access to your credit reports if you've already been a victim of identity theft or are at high risk. (Read "Should you freeze your credit report?")
Cancel paper bills and statements. Monitor your accounts and pay your bills online. People who monitor their accounts online tend to catch fraud much faster. (Read "Go paperless for safer banking.")
Tough times are ripe for ID theft
MSN Money
If you don't know what 'vishing' is, you could be a scammer's
next sucker. As the economy turns down, you need to wise up on how your
personal data can be swiped.
By Liz Pulliam Weston - Published Oct. 20, 2008
Your job and your portfolio aren't the only things you have to worry about during a recession. You need to keep an eye on your identity as well.
Crime tends to increase during hard economic times, and security experts believe we may see a reversal in the recent trend of declining identity-theft cases. (The percentage of adult Americans victimized by ID theft was 3.58% last year, according to Javelin Strategy and Research, down from 4.25% in 2004.)
So it's timely that MSN Money has joined with the National Foundation for Credit Counseling, or NFCC, in promoting ID-theft awareness on a new Web site. On the site, you'll find:
A quiz to assess your ID-theft risk.
Recommendations for people who've been victimized.
Consumer tips.
A map with links to local events that promote ID-theft awareness during National Protect Your Identity Week, Oct. 19-25.
In addition, credit bureau Experian has partnered with MSN Money and the NFCC to give away 10,000 credit-monitoring subscriptions Tuesday, Nov. 25, through the Ask a Credit Counselor message board. We'll remind you as the date approaches.
Think you already know everything that’s needed to protect your identity? Try the following pop quiz:
Data breaches, in which personal information such as Social Security numbers are stolen or exposed by hackers, have become the leading cause of identity theft. True or false?
Consumers can prevent criminals from accessing their bank accounts by not writing down their personal identification numbers (PINs). True or false?
What is "vishing"?
For the answers, read on.
The biggest worry
Database breaches certainly get a lot of news coverage, probably because they remind us how much of our personal information floats around in the ether, beyond our ability to protect it.
As of this writing, more than 245 million consumer records have been exposed in data breaches in the past four years, according to the Privacy Rights Clearinghouse. We know about these incursions thanks to state laws enacted since 2004 that require companies and governments to report such cases.
Only a small fraction of those breaches were used to commit fraud, however.
Ask a Credit Counselor
to Javelin Strategy and Research
If you don't know what 'vishing' is, you could be a scammer's
next sucker. As the economy turns down, you need to wise up on how your
By Liz Pulliam Weston - Published Oct. 20, 2008
Your job and your portfolio aren't the only things you have to worry about during a recession. You need to keep an eye on your identity as well.
Crime tends to increase during hard economic times, and security experts believe we may see a reversal in the recent trend of declining identity-theft cases. (The percentage of adult Americans victimized by ID theft was 3.58% last year, according to Javelin Strategy and Research, down from 4.25% in 2004.)
So it's timely that MSN Money has joined with the National Foundation for Credit Counseling, or NFCC, in promoting ID-theft awareness on a new Web site. On the site, you'll find:
A quiz to assess your ID-theft risk.
Recommendations for people who've been victimized.
Consumer tips.
A map with links to local events that promote ID-theft awareness during National Protect Your Identity Week, Oct. 19-25.
In addition, credit bureau Experian has partnered with MSN Money and the NFCC to give away 10,000 credit-monitoring subscriptions Tuesday, Nov. 25, through the Ask a Credit Counselor message board. We'll remind you as the date approaches.
Think you already know everything that’s needed to protect your identity? Try the following pop quiz:
Data breaches, in which personal information such as Social Security numbers are stolen or exposed by hackers, have become the leading cause of identity theft. True or false?
Consumers can prevent criminals from accessing their bank accounts by not writing down their personal identification numbers (PINs). True or false?
What is "vishing"?
For the answers, read on.
The biggest worry
Database breaches certainly get a lot of news coverage, probably because they remind us how much of our personal information floats around in the ether, beyond our ability to protect it.
As of this writing, more than 245 million consumer records have been exposed in data breaches in the past four years, according to the Privacy Rights Clearinghouse. We know about these incursions thanks to state laws enacted since 2004 that require companies and governments to report such cases.
Only a small fraction of those breaches were used to commit fraud, however.
Ask a Credit Counselor
to Javelin Strategy and Research
Hackers Breach Heartland Payment Credit Card System
USA TODAY
By Byron Acohido, USA TODAY - Posted 1/20/2009 8:37 PM
Heartland Payment Systems
(HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.
Robert Baldwin, Heartland's president and CFO, said in a USA TODAY interview that the intruders had access to Heartland's system for "longer than weeks" in late 2008. The number of victims is unknown. "We just don't have the information right now," Baldwin said.
Tech security experts said the breach could set a record. Retail giant TJX lost 94 million customer records to hackers in 2007. With more than 100 million transactions per month, they could discover that several months' worth of transactions were captured, says Michael Maloof, chief technology officer at TriGeo Network Security.
Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems. Investigators then found the data-stealing program planted by the thieves.
"Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions," said Baldwin. "This is a very sophisticated attack." Once it sorts out the matter, Heartland plans to notify each victim whose data were stolen to comply with data-loss disclosure laws in more than 30 states, Baldwin said.
"Cleaning up the mess could be potentially much more expensive than any fines or penalties," says Michael Argast, senior analyst at security firm Sophos.
Heartland's disclosure coincides with reports of heightened criminal activities involving stolen payment card numbers. Security firm CardCops has been tracking a 20% year-over-year increase in Internet chat room activity where hackers test batches of payment card numbers to make sure that they're active. "The numbers could have come from a processor, like Heartland, or some other source that has access to a lot of customer data but is not a retailer," says Dan Clements, CardCops president.
Also, Forcht Bank in Kentucky last week began issuing replacement debit cards to 8,500 patrons, due to reports of fraudulent card activity. "There are several other banks affected, and this is not isolated to Forcht Bank customers," the bank said in a Jan. 12 statement to customers.
http://www.newsday.com/news/local/newyork/ny-nycomp0108,0,1374063.story
Saturday, October 10, 2009
2010 Census to Begin
THIS IS PRETTY BASIC ADVICE; BUT, IN TODAY'S TIMES, I CAN SEE IT COULD
LEAVE AN OPEN DOOR FOR PASSING OUT YOUR PRIVATE INFORMATION.
WARNING: 2010 Census Cautions from the Better Business Bureau
Be Cautious About Giving Info to Census Workers by Susan Johnson
With the U.S. Census process beginning, the Better Business
Bureau (BBB) advises people to be cooperative, but cautious, so as
not to become a victim of fraud or identity theft. The first phase of
the 2010 U.S. Census is under way as workers have begun verifying the
addresses of households across the country. Eventually, more than
140,000 U.S. Census workers will count every person in the United
States and will gather information about every person living at each
address including name, age, gender, race, and other relevant data.
The big question is - how do you tell the difference between a U.S. Census
worker and a con artist? BBB offers the following advice:
If a U.S. Census worker knocks on your door, they will have a
badge, a handheld device, a Census Bureau canvas bag, and a
confidentiality notice. Ask to see their identification and their
badge before answering their questions. However, you should never
invite anyone you don't know into your home.
Census workers are currently only knocking on doors to verify
address information. Do not give your Social Security number, credit
card or banking information to anyone, even if they claim they need it
for the U.S. >Census.
REMEMBER, NO MATTER WHAT THEY ASK, YOU REALLY ONLY NEED TO TELL THEM
HOW MANY PEOPLE LIVE AT YOUR ADDRESS.
While the Census Bureau might ask for basic financial information,
such as a salary range, YOU DON'T HAVE TO ANSWER ANYTHING AT ALL ABOUT
YOUR FINANCIAL SITUATION. The Census Bureau will not ask for Social
Security, bank account, or credit card numbers, nor will employees
solicit donations. Any one asking for that information is NOT with
the Census Bureau.
AND REMEMBER, THE CENSUS BUREAU HAS DECIDED NOT TO WORK WITH ACORN
ON GATHERING THIS INFORMATION.. No Acorn worker should approach you
saying he/she is with the Census Bureau.
Eventually, Census workers may contact you by telephone, mail, or in
person at home. However, the Census Bureau will not contact you by
Email, so be on the lookout for Email scams impersonating the Census.
Never click on a link or open any attachments in an Email that are
supposedly from the U.S. Census Bureau.
For more advice on avoiding identity theft and fraud, visit http://www.bbb.org/
PLEASE SHARE THIS INFO WITH FAMILY AND FRIENDS.
http://www.bbb.org/
2010 Census to Begin - Warning from Better Business Bureau
LEAVE AN OPEN DOOR FOR PASSING OUT YOUR PRIVATE INFORMATION.
WARNING: 2010 Census Cautions from the Better Business Bureau
Be Cautious About Giving Info to Census Workers by Susan Johnson
With the U.S. Census process beginning, the Better Business
Bureau (BBB) advises people to be cooperative, but cautious, so as
not to become a victim of fraud or identity theft. The first phase of
the 2010 U.S. Census is under way as workers have begun verifying the
addresses of households across the country. Eventually, more than
140,000 U.S. Census workers will count every person in the United
States and will gather information about every person living at each
address including name, age, gender, race, and other relevant data.
The big question is - how do you tell the difference between a U.S. Census
worker and a con artist? BBB offers the following advice:
If a U.S. Census worker knocks on your door, they will have a
badge, a handheld device, a Census Bureau canvas bag, and a
confidentiality notice. Ask to see their identification and their
badge before answering their questions. However, you should never
invite anyone you don't know into your home.
Census workers are currently only knocking on doors to verify
address information. Do not give your Social Security number, credit
card or banking information to anyone, even if they claim they need it
for the U.S. >Census.
REMEMBER, NO MATTER WHAT THEY ASK, YOU REALLY ONLY NEED TO TELL THEM
HOW MANY PEOPLE LIVE AT YOUR ADDRESS.
While the Census Bureau might ask for basic financial information,
such as a salary range, YOU DON'T HAVE TO ANSWER ANYTHING AT ALL ABOUT
YOUR FINANCIAL SITUATION. The Census Bureau will not ask for Social
Security, bank account, or credit card numbers, nor will employees
solicit donations. Any one asking for that information is NOT with
the Census Bureau.
AND REMEMBER, THE CENSUS BUREAU HAS DECIDED NOT TO WORK WITH ACORN
ON GATHERING THIS INFORMATION.. No Acorn worker should approach you
saying he/she is with the Census Bureau.
Eventually, Census workers may contact you by telephone, mail, or in
person at home. However, the Census Bureau will not contact you by
Email, so be on the lookout for Email scams impersonating the Census.
Never click on a link or open any attachments in an Email that are
supposedly from the U.S. Census Bureau.
For more advice on avoiding identity theft and fraud, visit http://www.bbb.org/
PLEASE SHARE THIS INFO WITH FAMILY AND FRIENDS.
http://www.bbb.org/
2010 Census to Begin - Warning from Better Business Bureau
Wednesday, September 30, 2009
Featured Article
Robert Halsey
Apr. 16, 2009
The Real Cost of Data Breach (It’s more than you think—and you’re more at risk than you know.)
Confusion. Denial. Plain old wishful thinking. That’s what we hear when we talk to people about the real cost of data breach. Whether you’re an ISO, an acquirer, or a merchant, maybe you’ve even said (or at least thought) some of these things yourself...
Unfortunately, that’s just the kind of thinking that gets businesses into trouble—the kind of trouble that all too often ends in bankruptcy. (And that’s not media hype—the U.S. National Archives & Records Administration reports 50% of businesses that lose their critical data for 10 days or more have to file for bankruptcy immediately.)
Read more...
Unfortunately, that’s just the kind of thinking that gets businesses into trouble—the kind of trouble that all too often ends in bankruptcy. (And that’s not media hype—the U.S. National Archives & Records Administration reports 50% of businesses that lose their critical data for 10 days or more have to file for bankruptcy immediately.)
Read more...
Friday, September 25, 2009
Beware the “Bahama” Botnet
Just when you thought the fraudsters couldn’t get any more sophisticated … they surprise you. Click Forensics researchers have recently discovered one of the most advanced sources of click fraud we’ve seen. We’ve named it the "Bahama Botnet" because when first discovered it was redirecting traffic through 200,000 parked domain sites located in the Bahamas. It has since been reprogrammed to redirect through other intermediate sites hosted in Amsterdam, the U.K., and even San Jose, CA, but the Bahama name stuck.
Interestingly, the Bahama botnet appears to be closely related to the recent spate of "scareware" attacks, such as the one perpetrated against The New York timesdigital site just a few days ago, reported by Computer World. Visitors to the NYTimes.com site were greeted with a pop-up informing them their computer was infected and directed to an authentic-looking site where they could install a program called Personal Antivirus. Users duped into purchasing this phony software were then infected with a Trojan that gave control of their computer to an unknown third party that we now know to be part of a gang in the Ukraine.
We believe the Bahama botnet is controlled by this same gang, or their neighbors down the street. More info about the We’re pretty sure the Bahama botnet is related to the Ukranian fan club and the NYTimes.com scareware because they each phone back to a bogus "Windows protection" domain located on the same IP address.
These sources were originally identified by the Black Hat community, but we believe Click Forensics is the first to discover the breadth and depth of click fraud being perpetrated by the botnets it controls. And the botnet is incredibly insidious.
As seen in this video of the botnet in action, caught on film and narrated by Click Forensic’s own Matt Graham, the infected machine will exhibit some really funky behavior. Clicks on organic search results are redirected through a series of parked domains across a number of top-tier ad providers (search engines and ad networks), eventually arriving at an advertiser unrelated to the original query. The user is momentarily confused, but likely just performs the search again, this time with easy success.
What makes the botnet so insidious is that it operates intermittently so that the user doesn’t really know that anything is wrong. Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries. And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent. But these auto-generated clicks were not able to disguise themselves well enough to escape Click Forensics anomaly detection algorithms. Additionally, large amounts of non-converting clicks were spotted in the data we receive from advertisers. From there, our team was able to hone in on the source of the Bahama botnet.
Beware the “Bahama” Botnet
Interestingly, the Bahama botnet appears to be closely related to the recent spate of "scareware" attacks, such as the one perpetrated against The New York timesdigital site just a few days ago, reported by Computer World. Visitors to the NYTimes.com site were greeted with a pop-up informing them their computer was infected and directed to an authentic-looking site where they could install a program called Personal Antivirus. Users duped into purchasing this phony software were then infected with a Trojan that gave control of their computer to an unknown third party that we now know to be part of a gang in the Ukraine.
We believe the Bahama botnet is controlled by this same gang, or their neighbors down the street. More info about the We’re pretty sure the Bahama botnet is related to the Ukranian fan club and the NYTimes.com scareware because they each phone back to a bogus "Windows protection" domain located on the same IP address.
These sources were originally identified by the Black Hat community, but we believe Click Forensics is the first to discover the breadth and depth of click fraud being perpetrated by the botnets it controls. And the botnet is incredibly insidious.
As seen in this video of the botnet in action, caught on film and narrated by Click Forensic’s own Matt Graham, the infected machine will exhibit some really funky behavior. Clicks on organic search results are redirected through a series of parked domains across a number of top-tier ad providers (search engines and ad networks), eventually arriving at an advertiser unrelated to the original query. The user is momentarily confused, but likely just performs the search again, this time with easy success.
What makes the botnet so insidious is that it operates intermittently so that the user doesn’t really know that anything is wrong. Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries. And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent. But these auto-generated clicks were not able to disguise themselves well enough to escape Click Forensics anomaly detection algorithms. Additionally, large amounts of non-converting clicks were spotted in the data we receive from advertisers. From there, our team was able to hone in on the source of the Bahama botnet.
Beware the “Bahama” Botnet
The Doctors Are ‘In’
In February of 2006, Click Forensics was just getting off the ground. We recognized the problem of click fraud was a big problem and that building a solution would be tough technical challenge. We decided to bring in an expert in the field of data mining and anomaly detection in clickstream analysis. That expert was Dr. Alex Tuzhilin. Alex spent the day with us at our offices in San Antonio and provided us a roadmap for the evolution of our approach to indentifying invalid traffic.
His contribution to us at that point was essential and provided tremendous insight. After reviewing our approach he commented,
"Click Forensics has good data and this is a source of their advantage over the search engines. To work with them to refine the scoring methodology to improve accuracy. Their approach is to incorporate as much data as possible to improve accuracy. The search providers simply don’t have enough data to have the most accurate approach."Shortly after Alex’s visit to Texas, a call from the lead attorney representing Lane’s Gifts in their lawsuit against Google. He said, "just hired your Ph.D!" The judge in that case had mandated that an outside consultant review Google’s click fraud detection methods and publish a paper on the efficacy. Alex spent many weeks at Google and wrote an insightful paper detailing their approach, ultimately describing it as "reasonable". The Lane’s Gift case was settled and Alex returned to his role as a professor at NYU.
Today we are thrilled to announce that Dr. Tuzhilin has joined the Click Forensics Advisory Board. Few individuals have had more real-world and academic experience in the measurement of online traffic quality and its effect on advertisers. His work has helped move the industry toward standards and cooperation. After visiting us in Austin a few weeks ago and meeting with our technology team, Alex said,
"Having firsthand experience reviewing the state of the art in ad network traffic management, I was impressed with the level of technical sophistication the team exhibits and I was impressed with the directions they are going, Click Forensics has played a leadership role in helping the online advertising community to monitor quality of clicks on ads, including identification of invalid clicks. Look forward to continuing to work with the team.
"In addition to Dr. Tuzhilin, we have also added Dr. William Wright, the Chief Scientist at Paypal. Dr.Wright, a Ph.D. in cognitive science, is an artificial intelligence expert who has built numerous analytical and predictive systems over the past twenty years, including the Falcon Credit Card Fraud Detection System at HNC, the Advanced Fraud Screen system at CyberSource, and numerous adversarial modeling systems for the U.S. military. After spending time with our team, William concluded,
"Click Forensics has built a strong team of developers using very advanced machine learning and data mining techniques to detect fraud and measure traffic quality, they are pioneering a new area of fraud detection and I’m finding it satisfying to work closely with them on leveraging lessons from my past experience combating credit card and banking fraud.
"One out of every five employees at Click Forensics holds a Ph.D. Adding the expertise of Alex and William dramatically enhances our ability to meet our goal of providing the state of the art approach to traffic quality management. Appreciate their contributions and look forward to benefiting from their knowledge in the future.
Pay per Click Fraud Scammers Are Increasingly Resorting To Botnets
Recently, extremely bad news for advertisers running PPC campaigns, Click Forensics has seen some horrific scenarios in which as much as 30 percent of a monthly ad budget is swallowed by Bahama botnet click-fraud traffic. This is why being educated on cybersecurity issues is:
CRITICAL for your financial survival as a marketer! This is no joke and no small matter! If you are or have been running any pay-per-click campaigns (and notice funky things happening), you could likely be a victim of click fraud.
Sophisticated Botnet Causing a Surge in Click Fraud Click Forensics has been warning recently that click fraud scammers are increasingly resorting to botnets, which are networks of computers that have been secretly compromised for a variety of malicious tasks.
The Bahama botnet is masking the source of its clicks to convince click-fraud filters they are coming from high-quality, legitimate sources, such as U.S. libraries and schools. The botnet is also altering the "interval and breadth" of the attacks from the compromised PCs, according to
Click Forensics.
Click Forensics is a company which provides services to monitor ad campaigns for click fraud and they report on click fraud incidence every quarter of each year. Click Forensics has been warning recently that click fraud scammers are increasingly resorting to botnets, which are networks of ordinary consumers’ PCs that have been secretly compromised for a variety of malicious tasks.
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because initially it was redirecting traffic through 200,000 parked domains in the Bahamas, although it now is using sites in Amsterdam, the U.K. and Silicon Valley.
Click fraud affects marketers who spend money on pay-per-click (PPC) advertising on search engines and Web pages. It happens when a person or a machine clicks on a PPC ad with malicious intent or by mistake.
For example, a competitor may click on a rival's PPC ads in order to drive up their ad spending. Also, a rogue Web publisher may click on PPC ads on its site to trigger more commissions, which is probably what's behind the Bahama botnet.
Click fraud also includes nonmalicious activity that nonetheless yields a click of little or no value to the advertiser, such as when someone clicks on an ad by mistake or two consecutive times.
In a piece of extremely bad news for advertisers running PPC campaigns, Click Forensics has seen worst-case scenarios in which as much as 30 percent of a monthly ad budget is swallowed by Bahama botnet click-fraud traffic.
Ordinary users' PCs are made part of the Bahama botnet with malware. Click Forensics found links to the malware in search results for queries about the non-existent Facebook Fan Check virus.
Last week, security company Sophos and Facebook both warned that malicious hackers were setting up malware-infested Web sites that falsely claimed to remove a non-existent virus from a new Facebook application called Fan Check.
False rumors spread that Fan Check infected PCs with malware, so scammers tried to capitalize on the concern that many Facebook members had about the application.
As Facebook members used popular search engines to find antivirus information about Fan
Check, they got results that pointed to sites that offered false virus removal kits and instead infected their computers with malware.
Friday, September 4, 2009
Social Network Users Fail At Security
The fast-growing, widespread use of social networking Web sites is putting users in "serious danger" of cybercrime, according to a study by the Chief Marketing Officers Council.
Furthermore, despite concerns about the overall security of such public spaces, few users are taking even basic precautions to protect themselves against online crimes.
Indeed, the study found that the majority of social networking users are afflicted by Web borne security problems, but fewer than one in three are taking actions to protect themselves online.
"As social networking populations grow globally and the proliferation of niche social networks and mobile offerings extends the reach of social communities, the threats and vulnerabilities are escalating accordingly," said Donovan Neale-May, executive director of the CMO Council.
"More frequent breaches and outbreaks on popular social sites are a testament to the need for a more preventative mindset and threat-alert culture among community users."
The survey, entitled "Bringing Social Security to the Online Community", polled a random sampling of more than 250 consumers during the second quarter of 2009.
Study participants indicated concern over growing phishing, spam and malware attacks, with nearly 50 percent of those surveyed saying they were "very concerned" about their personal identity being stolen in an online community.
According to the poll results, despite widespread use (86 percent) of social networks, most failed to conduct basic security measures on a consistent basis.
For example, 64 percent reported changing their passwords only infrequently or never, while 57 percent said they adjusted their privacy settings infrequently or never. Meanwhile, 90 percent said they rarely or never informed their social network administrator of potential problems.
Despite the security risks, participants identified several practices that could cause harm to unprotected users. For instance, 21 percent said they had accepted contact offerings from members they didn’t know, while more than half allowed acquaintances or roommates to access social networks on their machines.
Despite the security risks, participants identified several practices that could cause harm to unprotected users. For instance, 21 percent said they had accepted contact offerings from members they didn’t know, while more than half allowed acquaintances or roommates to access social networks on their machines.
The poll also found that 64 percent of respondents had clicked on links offered by community members or contacts, while 26 percent shared files within their social networks. This proliferation of files, links and unsolicited contacts has led to a number of breaches. Indeed, nearly 20 percent have experienced identity theft, 47 percent have been victims of malware infections and 55 percent have seen phishing attacks.
The company hopes to reverse this trend, MacDermott said.
"Our Data Snatchers campaign is a viral effort that will not only get consumers thinking about their personal security but will also provide them with simple tools to do something about it when they are in the spaces that make them feel the most vulnerable."
MacDermott also advises users to follow six steps to maximize their cyber: security
- Do not accept pop-ups or prompts for software, unless you're armed with software that scans each site for infections prior to access.
- Never provide, post, or submit any confidential personal data.
- Change your password at least once a month, and do not change it if you're prompted to (this can be a third party malicious link).
- Do not allow others to access their social networks on your computer, nor yours on their machine. This could introduce infections to your computer through unsafe practices, or your login security could be compromised via cookies saved on your computer.
- Never auto save your password information, and clear your history at least once a week.
- Do not accept friend requests from people you do not personally know.
---
---
On the Net:
Cybercrime Trend !
Cybercriminals never sleep. At least it sure seems like it. As the Internet turns 40 we should realize that everything that makes the Internet useful to us opens up opportunities for cybercriminals.
We must all be aware of our vulnerabilities on the net and do everything we can to stay safe and secure.
It's our goal to give you valuable information to help you better understand the problems we face in the 21st Century.
Social Network Users Fail At Security
Social Network Users Fail At Security
The fast-growing, widespread use of social networking Web sites is putting users in "serious danger" of cybercrime, according to a study released Wednesday by security software maker AVG Technologies and the Chief Marketing Officers Council.
Furthermore, despite concerns about the overall security of such public spaces, few users are taking even basic precautions to protect themselves against online crimes.
Furthermore, despite concerns about the overall security of such public spaces, few users are taking even basic precautions to protect themselves against online crimes.
The Invisus Direct Difference:
Tech support when you need it at the right price.
Are you like most people? Do you put off computer repair because you are afraid of the price? Do you wait until the horrible "blue screen" before you look for help?
What if there was a way to get computer help when the problem first came up and you didn't have to face those horrible problems again. Would that make life better for you?
You can be a raving fan, too. Call me and I'll share the details with you.
Keep an eye out for the Identity Theft Trend Next Newsletter September 15th...
until then be safe out there,
What if there was a way to get computer help when the problem first came up and you didn't have to face those horrible problems again. Would that make life better for you?
You can be a raving fan, too. Call me and I'll share the details with you.
Keep an eye out for the Identity Theft Trend Next Newsletter September 15th...
until then be safe out there,
Rosemarie Grabowski,
PC Security & Identity
Theft Protection
(308) 687-6085
http://www.topsecretfreereport.com/makeadifference-x
Thursday, September 3, 2009
Tough times are ripe for ID theft
If you don't know what 'vishing' is, you could be a scammer's next sucker. As the economy turns down, you need to wise
Your job and your portfolio aren't the only things you have to worry about during a recession. You need to keep an eye on your identity as well.
Crime tends to increase during hard economic times, and security experts believe we may see a reversal in the recent trend of declining identity-theft cases. (The percentage of adult Americans victimized by ID theft was 3.58% last year, according to Javelin Strategy and Research, down from 4.25% in 2004.)
So it's timely that MSN Money has joined with the National
Foundation for Credit Counseling, or NFCC, in promoting ID-theft awareness on a new Web site. On the site, you'll find:
A quiz to assess your ID-theft risk.
Recommendations for people who've been victimized.
Consumer tips.
A map with links to local events that promote ID-theft awareness during National Protect Your Identity Week, Oct. 19-25.
In addition, credit bureau Experian has partnered with MSN Money and the NFCC to give away 10,000 credit-monitoring subscriptions Tuesday, Nov. 25, through the Ask a Credit Counselor message board. We'll remind you as the date approaches.
Think you already know everything that’s needed to protect your identity? Try the following pop quiz:
Data breaches, in which personal information such as Social Security numbers are stolen or exposed by hackers, have become the leading cause of identity theft. True or false?
Consumers can prevent criminals from accessing their bank accounts by not writing down their personal identification numbers (PINs). True or false?
What is "vishing"?
For the answers, read on.
The biggest worry
Database breaches certainly get a lot of news coverage, probably because they remind us how much of our personal information floats around in the ether, beyond our ability to protect it.
As of this writing, more than 245 million consumer records have been exposed in data breaches in the past four years, according to the Privacy Rights Clearinghouse. We know about these incursions thanks to state laws enacted since 2004 that require companies and governments to report such cases.
Only a small fraction of those breaches were used to commit fraud, however.
Your job and your portfolio aren't the only things you have to worry about during a recession. You need to keep an eye on your identity as well.
Crime tends to increase during hard economic times, and security experts believe we may see a reversal in the recent trend of declining identity-theft cases. (The percentage of adult Americans victimized by ID theft was 3.58% last year, according to Javelin Strategy and Research, down from 4.25% in 2004.)
So it's timely that MSN Money has joined with the National
Foundation for Credit Counseling, or NFCC, in promoting ID-theft awareness on a new Web site. On the site, you'll find:
A quiz to assess your ID-theft risk.
Recommendations for people who've been victimized.
Consumer tips.
A map with links to local events that promote ID-theft awareness during National Protect Your Identity Week, Oct. 19-25.
In addition, credit bureau Experian has partnered with MSN Money and the NFCC to give away 10,000 credit-monitoring subscriptions Tuesday, Nov. 25, through the Ask a Credit Counselor message board. We'll remind you as the date approaches.
Think you already know everything that’s needed to protect your identity? Try the following pop quiz:
Data breaches, in which personal information such as Social Security numbers are stolen or exposed by hackers, have become the leading cause of identity theft. True or false?
Consumers can prevent criminals from accessing their bank accounts by not writing down their personal identification numbers (PINs). True or false?
What is "vishing"?
For the answers, read on.
The biggest worry
Database breaches certainly get a lot of news coverage, probably because they remind us how much of our personal information floats around in the ether, beyond our ability to protect it.
As of this writing, more than 245 million consumer records have been exposed in data breaches in the past four years, according to the Privacy Rights Clearinghouse. We know about these incursions thanks to state laws enacted since 2004 that require companies and governments to report such cases.
Only a small fraction of those breaches were used to commit fraud, however.
Wednesday, August 26, 2009
Phished?
It is getting to the point that before you open an e-mail with an attachment, link or request for information you should contact the person who supposedly sent you the message to verify the information actually came from them.
Hackers are developing better ways of disguising their phishing attacks on businesses and innocent people throughout the United States.
Recent headlines like “Online Phishing Attack Exposes Yahoo Accounts,” “Phishing Attack Uses BBB Name,” “Phishing Schemes Targets Area Credit Union,” and “French President Falls for Phishing Scam” illustrate hackers are getting more aggressive and creative in the way the attack.
However, there are more pointed phishing attacks on the rise that personalize the message. For example, phishing attacks today can look like a friendly e-mail from a friend simply asking you to take a look at a video. When you click on the video a pop up asks you to download the latest version of the video. When you click on to download the updated version melicous malware is downloaded on your computer.
Leave a Reply
www.rmgrabowski@mainstaycomm.net
Rosemarie Grabowski
308 687 6085
Hackers are developing better ways of disguising their phishing attacks on businesses and innocent people throughout the United States.
Recent headlines like “Online Phishing Attack Exposes Yahoo Accounts,” “Phishing Attack Uses BBB Name,” “Phishing Schemes Targets Area Credit Union,” and “French President Falls for Phishing Scam” illustrate hackers are getting more aggressive and creative in the way the attack.
However, there are more pointed phishing attacks on the rise that personalize the message. For example, phishing attacks today can look like a friendly e-mail from a friend simply asking you to take a look at a video. When you click on the video a pop up asks you to download the latest version of the video. When you click on to download the updated version melicous malware is downloaded on your computer.
Leave a Reply
www.rmgrabowski@mainstaycomm.net
Rosemarie Grabowski
308 687 6085
Monday, August 24, 2009
online banking? How dangerous is it?
Sure, the Web makes it simple to manage your money. It also makes your account easier to hack into. Here's a look at the risks and realities -- as well as 9 smart tips that can help you protect yourself.
Joe Lopez will never forget the day he checked his Bank of America account online and realized that more than $90,000 had vanished.
Months before, the Miami business owner had stopped making weekly visits to his local branch, opting instead to conduct his financial transactions entirely over the Internet.
"I absolutely thought it was safe," Lopez said. "And it was convenient."
What he didn't realize were the risks. A malicious virus had infected his computer and, in a matter of minutes, captured his user name and password -- allowing a hacker to transfer $90,348 to a rogue overseas account.
Lopez got most of his money back months later, after a federal investigation and, eventually, a lawsuit. But his experience taught him the hard way, he says, what many experts have concluded: "Online banking is a danger."
Since its debut just a decade ago, online banking has become one of the fastest-growing Internet activities. Roughly 43% of people who use the Internet, or about 63 million Americans, do some banking there, according to a 2006 survey by the Pew Internet & American Life Project -- even more than make travel reservations online.
But that growing popularity has also brought increasing anxiety over whether something as private and personal as a bank account can be fully protected in the relatively unregulated and unpoliced world of the Internet.
"It's pretty hard not to do online banking because it is so convenient, and people want convenience," said Atul Prakash, a University of Michigan researcher who conducted a study on the risks of Internet banking. "Nevertheless, there are reasons to worry."
Mia Jozwick, a student at Wagner College in New York City, was duped by a "phishing" e-mail made to look like a message from her bank. Thinking it was an important financial notification, Jozwick responded by firing off her user name and password; she learned it was a scam only after someone emptied her account.
To make matters worse: Thieves were also able to steal her identity, because her password was her Social Security number. It took her a year and help from Identity Theft 911, a service agency, to unravel the mess she found herself in.
"It was a nightmare," she said.
By Carolyn Salazar, MSN Money Published Jan. 28, 2009
Medical identity theft is the nation's fastest-growing form of health care fraud.
Picking our pockets surgically. The thieves going after medical identification numbers don't want someone's medical problems, of course, but there is gold in having data that permit insurance rip-offs and the filing of fake claims.
Securing medical identity is very difficult, according to health care experts, because unlike financial identity theft, there is no straightforward process for challenging false medical claims or correcting inaccurate medical records.
The experts say that there are several forms of medical identity theft, but most involve record theft by people working for health care facilities who then sell the information to organized-crime groups and others that fraudulently bill insurance companies.
Elaborate fraud rings using complicated schemes to maximize the use of stolen medical identity numbers have apparently become more commonplace.
Is this crazy or what? It is bad enough that the public feels insecure about finding a safe haven for their investments these days, but now we all have to worry about some sleazy character stealing our medical identity.
ALERT YOUR CLIENTS
According to the World Privacy Forum, a public interest research group in Cardiff by the Sea, Calif., as many as 500,000 consumers had been victims of medical identity theft as of mid-2006, the latest figures that it has compiled.
As a trusted financial advisory professional, you need to make your clients aware of these scams, which can cost victims thousands of dollars in unpaid charges, a damaged credit history and, even worse, dangerous false details cluttering up medical records for years to come.
You can assist them by urging that they take a more active role in preventing health care fraud by carefully reading and reviewing their medical and insurance documents.
According to the latest statistics from the Federal Trade Commission, 3% of all identity theft victims in 2005 were victims of medical identity theft, which translates into about 250,000 people.
It is easy to see why the problem is growing: Medical identity theft is a profitable business.
A WPF study found that while a stolen Social Security number brings about one buck on the street, a stolen medical identity number fetches about $50. (Come to think of it, this could be a new opportunity for Bernie Madoff now that the Ponzi scheme business has fallen on tough times.)
A WPF study found that while a stolen Social Security number brings about one buck on the street, a stolen medical identity number fetches about $50. (Come to think of it, this could be a new opportunity for Bernie Madoff now that the Ponzi scheme business has fallen on tough times.)
Identity theft in the health care world adds a layer of complexity because a thief can tap a person's medical information to get care or make false claims, potentially altering the course of the victims' future treatments if he or she doesn't catch and reverse the damage, according to health care experts.
For example, a thief could have a different blood type or drug allergies, and a doctor, nurse or health care facility may not detect the mixed patient files before administering treatment based on the impostor's medical history, not the victim's history.
What's more, victims may find that they hit their insurance caps, or become uninsurable or unemployable, based on medical problems that are someone else's.
What's more, victims may find that they hit their insurance caps, or become uninsurable or unemployable, based on medical problems that are someone else's.
TIME-CONSUMING
Spend some time with your clients now to alert them to this vicious scam. They will thank you for it.
Meanwhile, if any of your clients have questions about medical identity theft, direct them to worldprivacyforum.org.
A recent health care study found that 82% of medical identity theft victims discovered the problem only after they had been contacted by a collection agency or noticed money missing from their health accounts.
Fixing the mess can take a substantial amount of time. The study found that victims reported spending an average of 116 hours repairing damage to stolen health accounts.
In cases where accounts were created, the average correction time was 158 hours.
Rosemarie Grabowski
PC Security & Identity
Theft Protection
308 687 6085
PC Security & Identity
Theft Protection
308 687 6085
Saturday, August 22, 2009
Murky Chatrooms Peddled . . .
Stolen IDs Thieves Put Millions Up For Bid Online Each Year
(CBS) Someone's identity is stolen every three seconds in the United States.
Crooks are making billions buying and selling identities, and most consumers have no idea their information is out there, up for sale.
In the underground world of identity theft, credit card, bank account and Social Security numbers are being bought and sold by thieves around the globe, reported Early Show Consumer Correspondent Susan Koeppen Monday in the first of a three-part series, "Early on the Case: Stolen Identities."
"(Through) the selling of (personal) information en masse, they can make millions of dollars in one transaction, in terms of who they go after. Really everybody is exposed," Tom Rusin, CEO of Affinion Group, told Koeppen. Affinion helps safeguard consumers' identities.
More than 8 million Americans fall victim to identity theft each year, and many don't know their information is being offered on the Internet in chatrooms run by criminals.
A credit card number alone could be worth about $1.50, Rusin says. A name, address and social security number? Probably between $10 and $12.
Affinion's Dan Clement took Koeppen inside several chatrooms.
"I can't believe this is going on," Koeppen remarked. "The average consumer has no idea that people are sitting at computers and doing this sort of thing."
"No," Clement replied. "It's like the commodities market. It's just a different commodity. It's not real commodities, it's people's personal information."
In one, he pointed to identity thieves, security companies like Affinion, and law enforcement. "Everybody in there is kind of a fly on the wall, watching to see what these guys (the thieves) are doing," Clement explained.
Pointing to one entry, Clement said full login info for a Wachovia account with $11,000 in it was up for grabs. The account, he said, was sure to be liquidated, without its owner having a clue it was happening.
Koeppen says they "found entire personal profiles for sale, including names, addresses, phone numbers, credit card information, Social Security numbers, even mothers' maiden names.
One such profile belonged to Kellie Griffin, a working mom from Shreveport, La., who was shocked when Koeppen clued her in."
My jaw dropped when you told me why you were calling," Griffin told Koeppen.
Griffin says she spends hours a day working on her computer, but she has no idea how someone got so much of her information."It's amazing!"
Griffin exclaimed.Griffin says she thought she'd been doing everything right to protect herself, and now she wonders, "What else do they have? Do they know what I look like? Do they have a copy of my driver's license? I don't know what else they have, and I don't know what they've done with it."
In one of the chatrooms, Clement and Koeppen pretended to be a thief pitching two cards.
Within five minutes, the cards began getting some bites from would-be purchasers "checking it out. They're trying to see what the balance is on the card," Clement said.And within 10 minutes, the balance on both cards was nearly depleted."
It's like throwing tuna to the sharks," Clement said.
Koeppen and Clement even struck up a conversation with a scammer who had credit cards for sale.
"Shadow Girl" was trying to sell them credit cards for $6. But Clement "negotiated" and go her to offer four cards for $16.
To protect yourself, Koeppen says you could:
(CBS) Someone's identity is stolen every three seconds in the United States.
Crooks are making billions buying and selling identities, and most consumers have no idea their information is out there, up for sale.
In the underground world of identity theft, credit card, bank account and Social Security numbers are being bought and sold by thieves around the globe, reported Early Show Consumer Correspondent Susan Koeppen Monday in the first of a three-part series, "Early on the Case: Stolen Identities."
"(Through) the selling of (personal) information en masse, they can make millions of dollars in one transaction, in terms of who they go after. Really everybody is exposed," Tom Rusin, CEO of Affinion Group, told Koeppen. Affinion helps safeguard consumers' identities.
More than 8 million Americans fall victim to identity theft each year, and many don't know their information is being offered on the Internet in chatrooms run by criminals.
A credit card number alone could be worth about $1.50, Rusin says. A name, address and social security number? Probably between $10 and $12.
Affinion's Dan Clement took Koeppen inside several chatrooms.
"I can't believe this is going on," Koeppen remarked. "The average consumer has no idea that people are sitting at computers and doing this sort of thing."
"No," Clement replied. "It's like the commodities market. It's just a different commodity. It's not real commodities, it's people's personal information."
In one, he pointed to identity thieves, security companies like Affinion, and law enforcement. "Everybody in there is kind of a fly on the wall, watching to see what these guys (the thieves) are doing," Clement explained.
Pointing to one entry, Clement said full login info for a Wachovia account with $11,000 in it was up for grabs. The account, he said, was sure to be liquidated, without its owner having a clue it was happening.
Koeppen says they "found entire personal profiles for sale, including names, addresses, phone numbers, credit card information, Social Security numbers, even mothers' maiden names.
One such profile belonged to Kellie Griffin, a working mom from Shreveport, La., who was shocked when Koeppen clued her in."
My jaw dropped when you told me why you were calling," Griffin told Koeppen.
Griffin says she spends hours a day working on her computer, but she has no idea how someone got so much of her information."It's amazing!"
Griffin exclaimed.Griffin says she thought she'd been doing everything right to protect herself, and now she wonders, "What else do they have? Do they know what I look like? Do they have a copy of my driver's license? I don't know what else they have, and I don't know what they've done with it."
In one of the chatrooms, Clement and Koeppen pretended to be a thief pitching two cards.
Within five minutes, the cards began getting some bites from would-be purchasers "checking it out. They're trying to see what the balance is on the card," Clement said.And within 10 minutes, the balance on both cards was nearly depleted."
It's like throwing tuna to the sharks," Clement said.
Koeppen and Clement even struck up a conversation with a scammer who had credit cards for sale.
"Shadow Girl" was trying to sell them credit cards for $6. But Clement "negotiated" and go her to offer four cards for $16.
To protect yourself, Koeppen says you could:
- Monitor your credit reports.
- Shred documents.
- Change your password and user name frequently.
- Hire a service that monitors your information.
These chatrooms are usually overseas, Koeppen says, "so it's hard for law enforcement in the U.S. to crack down and shut them down. And these are sophisticated crooks. You shut one down, the pop up somewhere else."
Rosemarie Grabowski
PC Security & IdentityTheft Protection
308 687 6085
http://www.topsecretfreereport.com/makeadifference-z
http://www.amisafeidentitytheft.blogspot.com/
http://www.mypcsafefreefromspyware.blogspot.com/
http://www.cbsnews.com/stories/2008/11/17/earlyshow/contributors/susankoeppen/printable4608870.shtml
Subscribe to:
Posts (Atom)