Password Self-Defense

ktadmin Posted in Identity Theft
2

Here are some simple rules to help with your Internet Self-Defense…

  • Passwords are like Underwear… Change Yours Often!
  • Passwords are like Underwear… Don’t Share Them with Friends!
  • Passwords are like Underwear… Be Mysterious!
  • Passwords are like Underwear… The Longer the Better!
  • Passwords are like Underwear… Don’t Leave Yours Lying Around!

Make sure you keep your identity safe on-line by remembering your underwear rules…I mean password rules!

Serious Home Network Threat

ktadmin Posted in Identity Theft, Self-Defense
3

Flash attack could take over your home router. Security researchers have released code showing how a pair of widely used technologies could be misused to take control of a victim’s Web browsing experience. The code, published last week by two researchers, exploits features in two technologies: The Universal Plug and Play (UPnP) protocol, which is used by many operating systems to make it easier for them to work with devices on a network; and Adobe Systems’ Flash multimedia software. By tricking a victim into viewing a malicious Flash file, an attacker could use UPnP to change the primary DNS (Domain Name System) server used by the router to find other computers on the Internet. This would give the attacker a virtually undetectable way to redirect the victim to fake Web sites. For example, a victim with a compromised router could be taken to the attacker’s Web server, even if he typed Citibank.com directly into the Web browser navigation bar. “The most malicious of all malicious things is to change the primary DNS server,” the researchers wrote. “That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it.” Because so many routers support UPnP, the researchers believe that “ninety nine percent of home routers are vulnerable to this attack.” In fact, many other types of UPnP devices, such as printers, digital entertainment systems and cameras are also potentially at risk, they added in a Frequently Asked Questions Web page explaining their research. The attack is particularly worrisome because it is cross-platform — any operating system that supports Flash is susceptible — and because it is based on features of UPnP and Flash, not bugs that could be easily fixed by Adobe or the router vendors. Source: http://www.networkworld.com/news/2008/011508-flash-attack-could-takeover.html

What this means is that if you are surfing the Internet and are being redirected to fake sites OR if the site looks correct but the URL appears odd you may want to check the Primary DNS setting on your router. This is a really sneaky attack that most people probably won’t detect. As usual be careful out there!!

Chinese Cyber Attacks Increase

ktadmin Posted in Identity Theft, News
0

As Reported here, there have been a sharp hike in cyber-attacks from China. Security experts at Finjan examined the new wave of Chinese attacks and the mechanisms used and claims and have identified an “intricate network of connections” between China-based servers run by cyber-criminals. While trojaned systems that initiate the attacks exist all over the world however they are eventually associated with servers registered as Chinese domains. The attackers are spreading the assaults by placing entry points on a variety of websites in different regions and listed differently by URL categorization engines. The infection consists of either an I-frame or a Script tag placed on the website that causes users visiting the site to be attacked. Examples for such entry point regions are shown in Finjan’s December 2007 Malicious Page of the Month Report (free subscription required), and were found on trusted websites in the U.S., China, and Western Europe, including government and education sites. After the victim reaches an entry point, the attackers use dynamic code obfuscation methods to limit signature-based technologies from detecting the attack. The victim is redirected to a series of sites containing I-frames that will eventually force the victim to visit a site that belongs to the Chinese network. In the first part of the actual malicious attack, the cyber-criminals use new or known exploits that will infect the victim with a crime-ware Trojan. “After the initial Trojan is loaded it initiates the downloading of other Trojans from different locations. The compromised computer will then redirect to other sites in order to send statistical information about the infected PC,” the firm stated. “Finjan has discovered that different Trojans send encoded information to the same sites in China that we identified as being unique to the attack.

The Confidence Attack

ktadmin Posted in Identity Theft, News
0

Confidence men know that a good Con will work over and over. So repeatedly we see old cons being applied in new ways using technology. So why is this important? Because it is one more threat to our safety and our identity. The problem is most people don’t think it can happen to them which is what the conman is counting on.

The latest old Con to resurface is exploiting the invoice play. Before technology a conman would present an invoice to a clerk and get them to think it was either authorized or that they would get in trouble if they checked because it was urgent. Well it is back in the latest email/phishing scams that are directed at certain employees at a company. The term for these attacks is “spear phishing“, cute huh? The first of these attacks surfaced two years ago but they were far and few between. But with some refining they seem ready for the mainstream and so they come in bulk.The these scams, the phisher find the name and email address of a company’s top executives, usually available on their website. Then a custom email is crafted specific to those people and their function at the company.

Most of the emails take two approaches. In the first, the email purports to be from the Better Business Bureau alerting the recipient to a complaint posted on “their” website. The web site is actually a phished (fake) version of the Better Business Bureau site. Once there the executive is lured further into entering identity and financial information that can be used to defraud the company. In the second approach, an email is sent to the executive(s) of a company about a delinquent invoice or bill. In most cases an assistance reads the executives’ email and in most cases these emails will be forwarded to the accounting or accounts payable person without the executives knowledge. Since the email is forwarded internally from an executive email the recipient might trust the source and either pay the receipt electronically or visit the accompanying link to garner further information about the invoice.

This may not seem like much of a risk to many people but it does illustrate nicely the risk of inferred trust I speak with parents about so often. This is really a play on social engineering, when you gain a little information about someone and use that to gain more. Inferred trust means that you give the appearance of knowing X so you can exploit Y, given that Y trusts X. So this age old ploy is now being crafted as an email. Just remember though to be successful it requires a few people to either not think or trust the source. We think these things can’t suceed but remember that there are still people falling victim to the Nigerian scams! SO be careful our there…

ALERT: Chinese Espionage Test

ktadmin Posted in Identity Theft, News
0

China wants you!  Or at least your sensitive computer data…  This is a story of potential identity theft on a grand scale.  While the details seem small in scale most scouting missions are small and seem insignificant.  Bearing that in mind here’s what has me fired up…

Once again the Chinese government has been caught “Red” handed testing its espionage capabilities and Western detection capabilities.  The recent incident involves a pair of Trojan horse (malicious unauthorized programs) on new Maxtor Hard Drives before they left the factory.  The function of these Trojans was to steal passwords and then “phone home” to a pair of websites hosted in Beijing reporting all data recorded on theses Trojaned drives.  The Trojaned drives are Seagate Technology, Maxtor Basics 3200, 500GB drives.   Approximately 1800 of the Trojaned drives were shipped from the factory with 300 being sold before the problem was detected.

The Taiwanese government’s security service detected the problem and issued a warning this weekend.  Their investigation uncovered the link to China and suspects Chinese authorities are responsible for planting the Trojan software on the drives in the factory.  Seagate Technologies attempted to distance itself from the allegations again China stating it had no proof of Chinese government involvement.  Internet logs (records) show that the information was sent to 2 Chinese sites registered with one of China’s largest domain registrars using what appears to be bogus information.

This latest story seems to demonstrate a dangerous trend in Chinese activity that one has to be blind (or corrupt) to not see.  From hacking the Pentagon and German Government Offices to showing off their military advances the Chinese government is increasingly flexing its muscles and testing its abilities.  When you couple these types of events with the massive military buildup in China over the past decade few historians disagree about the potential future threat to world peace.  Of course there is no public outcry, no Congressional or Presidential complaint or investigation.  Instead we will increase the worker visa program and continue to pump billions a year from our economy to theirs.

ALERT – Social Security, IRS Refund Scam

ktadmin Posted in Identity Theft, Self-Defense
0

All scam artists are scum but this one is really low. Some scams take advantage of greedy people or people who think they are looking to rip someone else off. This scam targets senior citizens, the sad part about this scam is the victims get warned before they get ripped off but they ignore the warning! Guess they may fall into the greedy category after all but I still think this one is low. Here is how it works:

According to the Social Security Administration (SSA), someone approaches an elderly citizen and asks if they have filed to get the tax back on their Social Security benefits. They tell the victim (the Social Security beneficiary) to get a 1099 from Social Security so that they can file the income tax refund for the beneficiary. The beneficiary requests the last 3 years 1099 statements showing their Social Security Benefit. The SSA has no choice except to give them the information because it gives them the total payments they have received. (here comes the warning I mentioned) The Social Security Administration does tell them that what they are about to participate in is a scam. Few believe them — or want to. The tax preparer files three years’ tax returns showing SS benefits as income. They put in the standard deduction and come up with a refund amount. The beneficiary files the tax return. The Internal Revenue Service sends them a refund. The beneficiary pays the preparer between $40 and $100. IRS realizes the error and either takes the refund out of the beneficiary’s bank account or sends a demand letter for the refund. The preparer has gotten their money and has moved on, while the beneficiary is out the amount of money paid the preparer and must repay the “refund” to IRS. For more information, visit: http://www.ssa.gov/.

Now I don’t know about you but that sounds like a lot of work to do for $40 to $100! For all the time and their risk you would think the scam artist would want more for their time. Well no one said criminals are smart, just the ones that don’t get caught. The one thing that this report forgets to mention is that the scam artist also walks away with your social security number, date of birth, signature, and if they are crafty a copy of your driver’s license…that is a self-made identity theft gift pack!! So as always protect yourself and for goodness sake use some common sense because if it sounds to good to be true then it probably is!

Cracking down on ID Theft

ktadmin Posted in Identity Theft, News
0

Federal Agents conducted the second raid this year on Wednesday, August 22, at Smithfield Foods’ pork slaughterhouse in Bladen, NC. Immigration and Customs Enforcement spokesperson, Richard Rocha, reported that Twenty-eight people stand accused of entering the country illegally and committing identity theft. Twenty-five were from Mexico, two were from Guatemala and one from Honduras. Rocha said that the arrests were the result of an investigation and that the suspects were targeted, not part of a random sweep of illegal immigrants.

We need to see more of these stories if the government is really going to have an impact on Identity Theft in this country. It is a well known fact in the intelligence community that most identity theft goes to support illegal immigrants and labor. While illegal immigration is a politically charged topic for some people “we the people” must be realistic about the problem. Many feel illegal immigration is o.k. because they are doing the work “we don’t want to do”. Of course this is ridiculous because there isn’t any job I wouldn’t do to support my family. The real problem is these supporters are hypocrites because they are really supporting people being paid less then a minimum wage meaning these illegals either have to work inhuman hours or they need to turn to crime to survive. Enter Identity theft, this allows these illegals to fleece our bank accounts, our credit, and our government benefit system. The Federal Government needs to do more then a few raids that net a few criminals. We the People need to support Legal immigration into this country by people who want to be part of this country. The work will get done legally if employers don’t have access to cheap illegal labor.

Source

Credit Card Control?

Sensei Posted in Identity Theft
2

Have the Gun Control people joined forces with the Credit Card companies? You have to wonder. What does that mean?! Well with ID theft on the rise you have to wonder why Credit Card companies won’t enable consumers to protect themselves from fraudulent account use. Consumers are not allowed to set transaction limits or block certain types of transactions using their credit cards, such as restricting card use to purchases only made with U.S.. Additionally consumers are not allowed to set so-called user-defined limits and/or prohibitions on their accounts to help prevent unauthorized use. While there are a handful of credit card companies that offer these services the vast majority do not, which make you wonder why not? About 8 percent of Credit Card companies now offer consumers e-mail or telephone “transaction alerts” to advise them of account activity. That is only 8% offer this service! You would think these simple solutions would go a long way to allowing us to protect ourselves from fraud and ID theft! Perhaps the Credit Card companies think you are reliable enough to use these services accordingly. Like gun control they want you to rely on them for your protection and for a small monthly fee they can make sure you are protected from fraudulent charges and Identity theft! Call your legislator today and tell them you want more control over your own protection from Identity Thieves!

ID Theft, Are you a Victim?!

Sensei Posted in Identity Theft
0

Most people don’t know if they have fallen prey to an Identity theif. The ID theif is often someone close to you, someone you would never expect but it could just as easily be a complete stranger. You need to protect yourself and remain mindful of this risk. If you are cautious you check your credit card statements every month for suspicious charges. While this is a good practice it falls short of any real protection from Identity theft. That is because most ID theives obtain new credit cards and/or loans once they have your identity, then they don’t have to worry about you stumbling across their charges. Luckily there is something you can do to protect yourself and limit this risk. In 2003 the Fair and Accurate Credit Transactions Act of 2003 (FACTA) amends the Fair Credit Reporting Act (FCRA) and requires the nationwide credit bureaus to provide consumers, upon request, a free copy of their credit report once every 12 months. The three nationwide consumer reporting companies, Equifax, Experian, and TransUnion, will begin processing consumers’ requests for credit reports for free. Consumers also may request a copy of their credit report by phone or mail, but, for these methods, must fill out a standardized form. So what are you waiting for?! You can order your annual credit report today by using the request form is available at AnnualCreditReport.com. Don’t wait to find out the hard way, be proactive and protect yourself today.
More »

ID Theft ALERT

Sensei Posted in Identity Theft
0

Research shows that ID theft is soaring in the U.S. because ID thieves are increasingly targeting individuals living in rural communities. Identity fraud hot spots include the cities of Springfield, IL; and Bozeman and Missoula, MT. In fact, Montana makes multiple appearances in the top ten list: at number four with Whitefish, five with Lolo, seven with Hamilton and eight with Bigfork. Bismarck, ND, takes the number six slot, with Grand Forks and Fargo, also both in North Dakota, taking the ninth and tenth positions. The U.S. counties that emerged as hot spots in the last year include 13 counties in North Dakota and seven counties in Montana. Research also shows that in general identity fraud rates are increasing in the upper Midwest, Northern California, Utah, Nevada and Maine. Identity fraud rates appear to be decreasing in the Southern U.S. and staying consistent in such areas as Southern California, the Mexican border of Texas and in cities like Seattle, WA, and Portland, OR.