Lost Wallet?

Sensei Posted in Identity Theft
0

Loose your wallet or a credit card? You better start checking your credit. A friend recently lost her credit card at a gas station, with 12 hours over $500 in gas charges were recorded across town at a station with no cameras. Thieves are smart. In another case Jose F.Lara got a check in the mail for almost $2,800 from a bank in Arlington County, VA for an overpayment on his second mortgage. Problem is…you guessed it he didn’t have a second mortgage and had never done business with that bank! The news left him just a little stunned and confused. Turns out that a year prior Lara lost his wallet and Elizabeth Cabrera-Rivera found it. She then used Lara’s identification to buy a $419,000 townhouse with no money down. A townhouse she and her family moved into, refinanced and then quickly fled not long after Lara turned up at the bank in December. Mari J. Frank, a California lawyer, identity fraud victim and author of numerous books and articles on the subject, said, “They don’t really see themselves as doing something wrong as long as they pay the bill.” Well this story has a happy ending, Elizabeth Cabrera-Rivera found out that there is something wrong with what she did and plead guilty to identity fraud, credit card theft, conspiracy and obtaining a loan under false pretenses. So where is your wallet? And what is in it?

ID Theft Protection

Sensei Posted in Identity Theft
0

So you think you are safe…You make sure you protect your credit cards, your receipts, you only shop in trusted stores, you are doing everything right. Where is your old computer? How about your old cellphone? Have you ever lost a USB Key or portable storage device? Not feeling so safe now are you! Well these are valid concerns because the popular (among criminal types) sport of Dumpster Diving is back. In the past hackers and ID Thieves would dive in the dumpster and go through your mail looking for old credit card statements or other identifying information. Well they the sport is back except this time they are going after your old hard drives and storage devices. Yes even phones can be useful if your data and/or address/phone book wasn’t properly deleted. Other reasons for criminals to going through trash bins is the hope of finding customer lists, email addresses, account information and passwords unintentionally left behind on old hard drives, USB flash drives and portable music players. Every user who throws away (or loses) a key chain-size flash drive could be unintentionally leaking critical information to a criminal. Any of the tens of millions of desktop and notebook computers disposed of each year in landfills, junkyards and yard sales could be a rich trove of personal and corporate data left on a hard drive by lazy users or IT departments. Best estimates indicate that over 50 million PCs, laptops, and servers are thrown away every year. The information they hold pose a growing risk for their former owners. This risk is rising because we increasingly dump information onto multiple drives. Most people forget what is stored on old drives. Even data that has been deleted is accessible with the right tools! Most people do not realize that data can be recovered after it has been deleted (yes even after the trash bin on a Windows system has been emptied).
So what is a person to do? First if you are going to use technology take a moment to learn a little about it. To help you out KarateTraining.org is planning on offering a few free introductory technology courses in the near future. Until then don’t discard your old computers without removing the hard drives. Even if you plan on giving the system to someone it is inexpensive to replace the hard drives. Remember you don’t know what they will do with the computer. If you carry a USB flash drive look into getting an encrypted USB flash drive. Most importantly don’t store any sensitive information on a portable device since you could lose it and you don’t know who may find it! Also put some form of ID on your portable devices like a phone number or email address. Chances are you’ll be safe from this problem but like all self-defense, awareness is 90% of the game. Stay safe and train hard!

ID Theft In-Depth

Sensei Posted in Identity Theft
0

Identity theft is a real problem today and despite all of the information out there on how to protect yourself and all the new laws people still fall prey to these crimes. This is one crime that is difficult to protect against. But there are things you should be aware of to limit your exposure. One thing to watch out for are unexpected or unsolicited phone calls or emails. Now we all get sales calls but you shouldn’t get a cluster of them on the same topic. For example let say you suddenly start getting calls from lenders when you have made no inquiry about a new loan. This should raise a red flag! When get these calls pay attention, see if they reference a recent inquiry or use your name or someone else’s. If they do start asking “innocent” questions, don’t interrogate the caller as you want information from them and they may hang up on you. Feel free to share your concerns about their call they will probably cooperate with you. If the source of the inquiry seems fraudulent then report it to the caller, get a number for their fraud department and report it to the source of their lead, follow through. The second thing you should do if this occurs is to check your credit report. A credit report will not only tell you what credit you have but who has checked your credit recently. Follow up on any unknown of new credit (debts) that appear on your credit report with the company listed AND the credit bureau.
Another at risk area are ways we may not realize we are exposing our own information. Some identity thieves literally dig for our information by going through our garbage! Using common sense you can mitigate most of this exposure, shred anything like a statement and remove your name and mailing address from catalogs before getting rid of them. Why worry about the catalogs? Because next to your name and address is a code which may be valuable (depending on the company) as a way of learning more about you. If the company has your credit card data stored then the ID thief could potentially finesse the sales person to put the sale on that card. So remove the name and address off the back cover and don’t forget it is on the order form inside too.
Mail is becoming another vulnerable point as some ID Thieves will go to your mailbox before you do and take some or all of your mail. This seems to happen more in rural areas but is something you should still be aware of.
Shopping is the most dangerous because we have a sense of security when we shop. We gladly give our credit card to strangers and trust it is safe. Now normally this is safe but there are a few things you need to watch for. Card skimmers, this is a device that is attached to the normal card reader that makes a copy of your card while your charge is processed. When you get gas make sure the card reader looks normal. The good news is that as long as you are physically in possession of your card you are not responsible for fraudulent charges. But make sure you look over your statement every month. The last thing to be aware of when shopping is that some restaurants put personal info on receipts. By law, businesses are supposed to truncate credit card numbers on the customer’s copy of the receipt. But recently many businesses from retailers to restaurants have been found to not be following this rule. Effective in December, Congress banned companies from putting complete credit card numbers or expiration dates on the customer’s copy of the receipt. Most receipts should only list the last four card numbers. Yet, more and more companies are being hauled into court, accused of not complying with the law. Some of these businesses include businesses like Bose, Max & Erma’s, Texas Roadhouse (my favorite) and others. Some of this fault lies with the banks/clearing houses that provide the businesses with their register equipment. The important thing is to look for these types of identifying information and take appropriate steps to protect your identity.
Now some people want to make everyone paranoid and afraid of this problem, that is not my stance. My stance is the same stance I suggest for your physical safety, be aware and think. The bad guys tend to prey on those who are NOT aware and who do not think or think it will never happen to them. To be clear though like all crime your risk is fairly low of falling victim to this crime due to any of your own actions, so relax, go shopping, grab a bite to eat, then get to the Dojo and work it off!!
Stay aware, stay safe.

Yahoo Mail Users – Alert

Sensei Posted in Identity Theft
0

I thought some of you might find this information useful…
News.com reports that Symantec incorrectly flags Yahoo Mail as a virus. Yahoo’s e-mail service is not infected with a computer virus, despite a warning from Symantec that says it is. Starting sometime on Tuesday, February 27, accessing the beta version of Yahoo Mail on a PC with Symantec’s updated antivirus software caused alarm bells to go off. The security software reported finding the “Feebs” worm on the Yahoo Webpages. That warning was in error, Symantec said Wednesday. “Symantec antivirus products…triggered a false-positive alert with Yahoo Mail beta,” said Vincent Weafer, a senior director at Symantec Security Response.

Phishing Tests coming soon…

Sensei Posted in Identity Theft
0

Military, agencies to phish their workers. The military services and some agencies, including the Department of Homeland Security and the Department of Veterans Affairs, can now launch diagnostic phishing attacks against their own workers. The government-sanctioned attacks will be designed to test how well federal workers adhere to organization’s e-mail security policies. The agencies will launch the attacks with IMPACT software that will keep track of how many employees click on the malicious links. With that information, agencies can gauge the effectiveness of their IT security education program. Organizations also can use the penetration testing software for spear phishing, a highly specialized form of phishing attack that targets information relevant to the organization under attack. Other agencies with plans for using the Core Security software include the Labor, Energy and Agriculture departments, the National Institute of Standards and Technology, the U.S. Agency for International Development, the U.S. Courts and the U.S. Postal Service.
This is a great move by the goverment as putting people to the test is the only way to truely assess how well our agencies protect sensitive data. Equivalent to the retail practice of “shopping” your employees this will help determine the effectiveness of internal training and employee awareness.

Exploiting Holiday Charity

Sensei Posted in Identity Theft
2

Phishing site offers ‘job’ at children’s charity but is really a money laundering scam. A Website that purports to help underprivileged children is actually a scam to dupe users into laundering money, a security company has warned. A mass email detected by PandaLabs offers jobs at a supposed organization committed to helping deprived children, but is actually a strategy to find unwary people to launder stolen money. The emails have subjects like ‘Best Job No Experience Needed’, while the message body offers a well-paid job working only a few hours a day for the bogus organization. If a user contacts the fraudsters through the site they receive more details about the job. However, the operators also request money to be wired to a bank account. Panda recommends all users to delete any messages of this type that reach their inboxes and not to provide any personal details that could be used for criminal activities.
As always please confirm who you are dealing with before sending them your money!

MySpace Video Spreads Adware

Sensei Posted in Identity Theft
0

In case you use the site MySpace let this be a reminder warning to you, no matter what site you are using think twice before accepting any popup requests to install any type of software! Several MySpace pages offer what appear to be YouTube videos that trigger installation of adware when played. There is no way of figuring out which videos are good or bad, they look like YouTube videos, however they are in fact hosted on a copycat “Yootube.info” Website. That Website, youtube.info, was still online as of Tuesday evening. When users click on the video, they are directed to a copy of the video. People are then redirected to the Windows Media Player, which will pop up a license agreement with installation of an adware program called Zango Cash. Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash. You’ve been warned!

RFID Credit Cards Major Security Risk

Sensei Posted in Identity Theft
0

Hacking contactless credit cards made easy. U.S. security researchers have demonstrated how easy it might be for crooks to read sensitive personal information from RFID-based credit and debit cards. Researchers from the RFID Consortium for Security and Privacy have shown how crooks might be able to skim sensitive information from cards — including card number, expiration, and issue dates, and a cardholder’s name — without actually physically stealing the latest generation of credit cards. The attack uses off-the-shelf radio and card reader equipment that could cost as little as $150. Although the attack fails to yield verification codes normally needed to make online purchases, it would still be possible for crooks to use the data to order goods and services from online stores that don’t request this information. Despite assurances by the issuing companies that data contained on RFID-based credit cards would be encrypted, the researchers found that the majority of cards they tested did not use encryption or other data protection technology. Source

People still being caught in Phisher’s nets

Sensei Posted in Identity Theft
0

The Fifth Third Bank, Toledo Blade, Ohio is warning its customers of an e-mail con. The online customers of Fifth Third Bank are the
latest victims of increasingly sophisticated “phishing” schemes that attempt to extract personal information from people who are unaware banks don’t ask for it through e-mails. Since early July, would-be thieves have sent fraudulent e-mails claiming Fifth Third’s technical department is doing a scheduled software upgrade and asking recipients to click onto a link, where they then are asked to provide personal information. “We have been immune to this for a long time, but now we’re a target,” said Karen Fraker, senior vice president at the bank. Customers should not reply to the bogus e-mails but contact the bank so they can be tracked, she said.
Having worked with the FBI on similar cases I can’t emphasize enough the importance of forwarding these emails to the appropriate people. The bank is usually the appropriate person as they will then work in conjunction with the FBI. If you aren’t sure who to contact feel free to send me a note and I can check with my FBI contact if necessary. However, the best way to combat this type of crime, like most, is through awareness. So please think before you click!

In other Phishing news…

Sensei Posted in Identity Theft
0

Multiple phishing alert: Commercial Bank of Dubai, UBS, Oxford Federal Credit Union have received reports of a new phishing attack that targets customers of the Commercial Bank of Dubai. A new phishing attack that targets customers of UBS sends users a spoofed email message, which claims that their account has been locked, and that they must logon to restore access to their online banking service. Another new phishing attack targets customers of Oxford Federal Credit Union. Basically remember that if you get an email from a banl telling you about some security threat or asking for your acount information to verify something DON’T!! Banks don’t send out these types of emails!! You have been warned AGAIN. If you aren’t sure, call your bank, but please look up the number don’t call the phone number provided in the email!…remember your best defensive tool is your brain…use it!