Creative Commons License


» How your credit utilization ratio is calculated

The calculation of your credit score combines a wide-angle view of your total combined credit utilization -- including any authorized credit card accounts -- with a close-up view of each individual credit card account. 

FICO says it takes that approach in order to get the most accurate view possible of a person's credit utilization, or their existing debt levels compared to their available lines of credit. As you already know, FICO's scoring model -- by far the most widely used in the United States -- pays close attention to that ratio, and you're wise to do the same.

"The utilization rate is an important indicator of lending risk. A person who is charging to the limit on their credit cards is far more likely to suddenly have repayment problems than a person who uses their credit cards sparingly," says Rod Griffin, director of public education with credit bureau Experian. For credit scores, "the lower the utilization rate, the better," Griffin says.

Read more 


Posted on March 20, 2013 at 11:35 AM | Permalink | Comments (0)

» What everyone should know about credit reports and scores

Don't be overly concerned with your credit score. It can be a serious challenge to ever really "know" that number. That's because these scores vary based on when they are calculated (since they originate from a momentary snapshot of your credit report) and the scoring model itself. (There are many scores out there, including FICO, VantageScore, proprietary models and "educational" scores that aren't used by any lenders). Your credit score number can -- and does -- vary from day to day and lender to lender. As a result, at a given moment in time, it's extremely difficult to truly "know" your credit score with any certainty.    

So instead of placing emphasis on that score, focus on your credit reports. Those reports are the basis for lending decisions, regardless of the scoring model used. In some cases, they are even used for hiring decisions. Note that I said "credit reports" -- plural. That's because you've got a report with each of the three major credit bureaus (Equifax, Experian and TransUnion) that maintain a record of individual U.S. consumers' borrowing behavior. Unless lenders tell you, it's difficult to know what report they may be working with. Since the information listed in those bureaus' reports can differ, you need to look at each one for a complete picture of where you stand.

Read more  


Posted on March 20, 2013 at 11:29 AM | Permalink | Comments (0)

» 5 traits that go along with a lower credit score

You know how important good credit is, so you watch your credit-related activity closely. You limit credit inquiries, maintain a respectable debt-to-income ratio and -- of course -- pay the bills on time.

But know this: The credit industry is watching right back. If you've checked your credit report, you can see it tracks your individual behavior, but did you know it tracks how we behave in groups? In search of ways to identify the most creditworthy customers, the industry and academics have studied where we live, who we are, how we behave -- and how these traits relate to credit scores.

So, the studies say, a pack-a-day smoker from Harlingen, Texas, is likely to have a worse credit score than a very patient woman from Wausau, Wis.

Hold the e-mails, though -- these unexpected traits that go along with lower credit scores are just correlations, not causations. It's not cause and effect. "None of these things are factored into your score, but have been studied alongside credit scores," explains Michele Raneri, vice president of analytics for Experian.

Keep reading to learn about five things that tend to go along with a lower credit score.

Read more


Posted on March 20, 2013 at 11:27 AM | Permalink | Comments (0)

» 10 things you should know about identity theft

Identity theft is often in the news, but there are a lot of misconceptions swirling around about how to best protect yourself.

While some identity thieves focus on getting your credit cards and maxing them out before you even realize they're missing, an increasing number are using one piece of information about you -- often a credit card number -- in order to steal your entire identity.

Though many folks worry about keeping their credit card information secure when shopping online, the top methods that identity thieves use to steal personal data are still low-tech, according to Justin Yurek, president of ID Watchdog, an identity theft-monitoring firm. "Watch your personal documents, be careful to whom you give out your data over the phone, and be careful of mail theft," he says.

Read more


Posted on March 20, 2013 at 11:25 AM | Permalink | Comments (0)

» Cybercriminals Recruit Dupes With Bogus Job Offer Emails

It’s not uncommon for users to receive links that point to a shady website that advertises work-from-home jobs. However, this is not the only method preferred by fraudsters and in some cases they’re looking for much more than someone who’s willing to pay a small fee for the key to success. The crooks continue by highlighting the fact that it’s not a scam and present a short list of basic requirements. Finally, they mention the amount of money that can be earned and, as expected, the amount is fairly high for a job that involves typing and making a few calls.

A noteworthy fact is that the emails originate from email addresses hosted at careerin-finance.com, a domain registered at a Chinese registrar that’s known to support shady operations. However, this is not just a regular job scam. In reality, it’s an attempt to recruit money mules – knowing or unknowing individuals who help fraudsters launder money.

So, if you reply to such an offer (we highly recommend against doing so), you shouldn’t be surprised if your “employer” would ask you to transfer some money to and from your bank account, send money via Western Union, or perform other suspicious transactions.

More


Posted on July 8, 2012 at 11:01 PM | Permalink | Comments (0)

» Medical Identity Theft: What it is and How to Protect Yourself

While it's the fastest-growing type of identity theft, a new Nationwide Insurance survey reveals few people know what medical identity theft is or how devastating it can be to your credit and your health.

The national telephone survey commissioned by Nationwide Insurance was conducted by Harris Interactive in February among 2,001 adults with health insurance. It found only 1 in 6 (15%) of insured adults say they are familiar with medical identity theft. Of that 15% only one in three (38 percent) could correctly define "medical identity."

"A stolen medical identity has a $50 street value -- whereas a stolen social security number, on the other hand, only sells for $1*," said Kirk Herath, Nationwide Chief Privacy Officer. "However, while most people are very careful with their social security number to protect their credit and personal information, they tend to be less careful when it comes to their medical information."

What is "Medical Identify Theft?"

Medical ID theft occurs when one person steals another's medical information to obtain or pay for health care treatment. It's a crime that can have a serious impact on your personal, financial and medical well being.

According to the World Privacy Foundation, medical identity theft has affected 1.5 million Americans at a cost of more than $30 billion.

If someone steals your medical information they illegally can use your health care insurance to obtain medical care, buy prescription drugs or submit false insurance claims in your name, all of which can lead to devastating financial results or potentially hazardous changes to your medical records.

The three most common ways your medical identity could be compromised are:

-- Financial medical identity theft -- Someone is getting medical help using your name and/or other information.

-- Criminal medical identity theft -- You are being held responsible for the actions of another's criminal behavior.

-- Government benefit fraud -- Your medical benefits are being used by another person.

Devastating Consequences, Difficult Recovery

According to a Nationwide Insurance survey, more than half (56%) of insured adults said it's likely that their credit card or credit card number would be stolen, while only one-third (32%) say they expect their medical identification to be stolen.

About one in five (22%) believe the most likely consequence would be that their health insurance could be cancelled, when in reality hazardous changes could be made to their medical records compromising their health.

"These are warning signs that should not be ignored," Herath said. "The cost and time associated with cleaning up a medical account is sizeable."

The personal expense of resolving a medical identity theft is about $20,000, according to actual victims. The same victims also said they had spent four to six months resolving the theft**.

More than half of the study participants underestimated how long it would take to restore their medical identity. Nineteen percent or about 1 in 5 said it would take less than two weeks. And more than half underestimated or didn't know how much it would cost.

When it comes to taking proactive measures to review their medical records for errors, 75 percent or 3 of 4 study participants "trust" that their medical records are correct.

"Blind faith in a medical record is risky behavior," Herath said. "Nationwide Insurance recommends being as knowledgeable about your medical records as you are about your financial reports."

Tips to protect your Medical Identity

Here are a few things you can do to safeguard your medical identity:

-- Closely monitor any "Explanation of Benefits" sent by health insurers

-- Pro-actively request a listing of benefits from your health insurers

-- Request a copy of current medical files from each health care provider

-- If you are victim, file a police report

-- Correct erroneous and false information in your file

-- Keep an eye on your credit report

-- Request an accounting of disclosures

 


Posted on June 15, 2012 at 12:05 PM | Permalink | Comments (0)

» Merchant personal data may have been stolen from Global Payments

Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.

"We have recently learned of potential unauthorized access to servers containing personal information from a subset of merchant applicants," Paul Garcia, Global Payments' chairman and CEO, said during a conference call with shareholders on Tuesday.

Affected individuals will be offered free credit monitoring services and identity protection insurance of $1 million. The three U.S. major credit reporting agencies have also been advised about the incident, Garcia said.

Garcia declined to share an exact number of individuals potentially affected by the unauthorized access to servers that contained merchant data, citing an ongoing process of analyzing that information.

More


Posted on June 15, 2012 at 12:02 PM | Permalink | Comments (0)

» IRS Tax Return Identity Theft Hotline

If you think someone used your identity to file a fraudulent tax return and snatch your refund, call the new Tax Return Identity Theft Hotline.

Launched today by the IRS criminal investigations division and the U.S. Attorney's Office, the number is 412-395-4973.

Last summer, scam artists set up shop in Erie and began offering people help tapping into a fictitious federal stimulus program, then stole their identities, IRS criminal investigations spokesman Andrew Hromoko said. If anything similar happens this year, calls to the hotline could help the agency to identify the scheme quickly.

Callers who leave a message will receive a return call from a special agent within 24 to 48 hours.

A taxpayer who believes they are at risk of identity theft due to lost or stolen personal information should also contact the IRS Identity Protection Specialized Unit at 800-908-4490 so the agency can secure their tax account.

More


Posted on June 15, 2012 at 11:59 AM | Permalink | Comments (0)

» Hackers more aggressive in attacking bank accounts

A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded.

The total number of attacks to try and break in and transfer money out of hacked customer accounts was up to 314 over the course of 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and five service providers. That's an increase from 87 attacks against bank accounts in 2009 and 239 in 2010.

FS-ISAC is the group that coordinates on security issues with the Department of Homeland Security. The survey was conducted by the American Bankers Association.

The actual dollar losses taken by the financial institutions last year was $777,064, down from a high of $3.12 million in 2010. Dollar loss for customers was $489,672 in 2011, as compared with $1.16 million in 2010.

More


Posted on June 15, 2012 at 11:57 AM | Permalink | Comments (0)

» Utah CTO takes fall for data breach

The executive director of Utah's Department of Technology Services has resigned over a data breach two months ago that exposed the Social Security numbers and other personal data of about 280,000 Medicaid recipients.

Utah Governor Gary Herbert announced the resignation of Stephen Fletcher on Tuesday.
In a statement, Herbert also described various initiatives underway that aim to mitigate the risk of similar breaches in the future.

The State's plan includes an independent audit of all IT security systems, the appointment of a new health data security ombudsman and a continuing investigation of the breach by law enforcement personnel.

More


Posted on May 18, 2012 at 03:33 PM | Permalink | Comments (0)

» Banks are complacent about check fraud

Many banks are complacent about check fraud, perhaps because it's been around for so long. And yet, according to the 2012 Faces of Fraud survey, it remains the second-most common form of fraud institutions face.

Another reason for the complacency? Check fraud seems minor, relative to escalating fraud threats posed by emerging e-commerce channels. "Banks perceive the risk to be much higher in the electronic-payment channels," Tubin says. "With check fraud, they've been dealing with it forever, and they're used to it."

But the lines between old-school schemes such as check fraud, and emerging e-commerce scams are blurring. The advent of check images has married the check to the online channel. And financial institutions that continue to rely on manual processes to detect check fraud find themselves challenged by new cross-channel schemes.

More


Posted on May 18, 2012 at 03:30 PM | Permalink | Comments (0)

» BitCoin hacked, More than 18,000 Bitcoins Stolen

Bitcoinica, a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. It’s believed that at least 18,000 BTC ($90,000 or 68,000 EUR) have been stolen.
 
News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong:"Today, we have discovered a suspicious Bitcoin transaction that doesn't seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive.

More


Posted on May 18, 2012 at 03:29 PM | Permalink | Comments (0)

» 700,000 CA social services records lost

The California office of In-Home Supportive Services, which provides health support to elderly and disabled people, reported on Friday that the personal records of some 700,000 caregivers and care recipients were either lost or stolen.

But this data loss was not due to a server breach, or some complex phishing attack—instead, the Social Services office said that Hewlett Packard, which manages the data controlled by the office, notified the IHSS of the breach after a physical package containing microfiche with thousands of entries of payroll data went missing from a damaged package shipped by U.S. Postal Service to the State Compensation Insurance Fund in Riverside, CA.

As the package arrived damaged and incomplete, it’s unclear whether the information was lost or stolen, but the state has launched an internal investigation and notified law enforcement in the hopes of resolving the issue, according to the Los Angeles Times. "The possibly compromised information, dating from October to December 2011, for 375,000 workers included names, Social Security numbers and wages. For 326,000 recipients, state identification numbers may be at risk,” the LA Times reports. The In-Home Supportive Services office is also sending out hundreds of thousands of letters to potentially affected parties.


Posted on May 18, 2012 at 03:28 PM | Permalink | Comments (0)

» Your Dead Relative Could be a Victim of Identity Theft

Your lost loved one's financial identity could come back to life in a most unsettling way -- 2.5 million deceased Americans' identities are misused every year, according to ID Analytics, an ID theft risk assessment company. The company's research arm compared the names, Social Security numbers and birthdays listed on applications for credit against the Social Security Administration's master file of deaths to come up with those numbers.

ID Analytics says crooks intentionally steal the identities of about 800,000 deceased Americans each year. The company says identity thieves also make up Social Security numbers, and inadvertently make matches with about 1.6 million people a year who have died.

In addition, ID Analytics detected a disturbing pattern of theft of financial information belonging to people who were dying. It's easy to see how that could happen, since people who are gravely ill can easily lose track of the details of their finances. When you break it down, ID Analytics says con artists use dead people's identities more than 2,000 times a day.


Posted on May 18, 2012 at 03:26 PM | Permalink | Comments (0)

» UNC-Charlotte Data Breaches Expose 350,000 SSNs

Confidential data, including bank account and Social Security numbers for some 350,000 University of North Carolina-Charlotte students, staff and faculty, were accidentally exposed -- some for almost 15 years -- due to a system misconfiguration and incorrect access settings that made electronic data publicly available.

The school on Wednesday released a statement on an investigation it launched in February after staff discovered the data breach. The investigation revealed two separate incidents exposed data such as names, addresses, Social Security numbers and financial account information provided during university transactions.

One incident involved misconfigurations and incorrect access settings made during a general university system upgrade that left data stored on the university's H: drive exposed on the Internet from Nov. 9, 2011 to Jan. 31, 2012.

More


Posted on May 18, 2012 at 03:20 PM | Permalink | Comments (0)

» Over 300,000 Complaints of Online Criminal Activity Reported in 2011

FBI's IC3 2011 Internet Crime Report Released 

The Internet Crime Complaint Center (IC3) today released the 2011 Internet Crime Report—an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million. As more Internet crimes are reported, IC3 can better assist law enforcement in the apprehension and prosecution of those responsible for perpetrating Internet crime.

In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams—schemes in which a criminal poses as the FBI to defraud victims—identity theft, and advance-fee fraud. The report also lists states with the top complaints, and provides loss and complaint statistics organized by state. It describes complaints by type, demographics, and state.

“This report is a testament to the work we do every day at IC3, which is ensuring our system is used to alert authorities of suspected criminal and civil violations,” said National White Collar Crime (NW3C) Center Director Don Brackman. “Each year we work to provide information that can link individuals and groups to these crimes for better outcomes and prosecution of cases.”

Acting Assistant Director of the FBI’s Cyber Division Michael Welch said, “Internet crime is a growing problem that affects computer users around the world and causes significant financial losses. The IC3 is an efficient mechanism for the public to report suspicious e-mail activity, fraudulent websites, and Internet crimes. These reports help law enforcement make connections between cases and identify criminals.”
IC3 is a partnership between the Federal Bureau of Investigation, the NW3C, and the Bureau of Justice Assistance. Since its start in 2000, IC3 has become a mainstay for victims reporting Internet crime and a way for law enforcement to be alerted of such crimes. IC3’s service to the law enforcement community includes federal, state, tribal, local, and international agencies that are combating Internet crime.


Posted on May 18, 2012 at 03:17 PM | Permalink | Comments (0)

» Three Reasons Skimmers Are Winning

Banks and credit unions say that losses linked to card-skimming and other sources of debit card fraud are increasingly concerning.

Arrests and financial losses linked to skimming continue to add up. Why do many institutions struggle to thwart attacks waged against ATMs and the vestibules that house them? 

Mike Urban, a financial fraud expert with Fiserv, a core processor that provides security services to financial institutions, says anti-skimming technologies just can't keep up.

Beyond outdated card technology, a number of factors have contributed to ATM skimming's success. Cardholder behavior, outdated or ineffective anti-skimming technology and too many endpoints are the top three, experts say.

More


Posted on May 18, 2012 at 03:14 PM | Permalink | Comments (0)

» Three Keys to Mobile Security

Mobile banking is being adopted by consumers at an increasing rate, but it's just one piece of the overall mobile financial services puzzle. As the mobility trend grows, banking institutions are still figuring out how far ahead they should look, and what strategies make the most sense.

But Paul Smocer, president of BITS, the technology policy division of the Financial Services Roundtable, says most institutions are doing much more than some observers give them credit for doing. Banking/security leaders are very concerned about mobile, and they're doing what they can to anticipate risks.

During this interview, Smocer discusses:

Three key areas that make up mobile financial services: 1) banking, payments and mobilized traditional services, such as remote deposit capture; 2) Why mobile payments poses the greatest security risks; 3) Steps BITS is taking to address mobile concerns, especially as they relate to FFIEC conformance.

 

More


Posted on May 18, 2012 at 03:11 PM | Permalink | Comments (0)

» Five tips for small biz to protect against security threats

The threat landscape on the Web is becoming more perilous. Security software maker Symantec, in its annual "Internet Security Threat Report" released April 30 found that even as the number of vulnerabilities in 2011 fell by 20 percent over the previous year, the number of malicious attacks grew 81 percent. 

The trend is similar to what Hewlett-Packard saw. In its "Top Cyber-Security Risks Report," announced April 19, HP officials also found that the number of vulnerabilities last year fell by 20 percent, but that the risks involved in those vulnerabilities grew. HP also found that the number of cyber-attacks more than doubled in the second half of 2011. And small and midsized businesses (SMBs) are in the thick of it. More than half of the targeted attacks seen in 2011 were aimed at organizations with fewer than 2,500 employees, and almost 18 percent targeted companies with fewer than 250 employees. The Internet has been a boon for SMBs, making it easier than ever before to do business. But it also raises the threats to smaller companies and their IT departments. 

The biggest risk is seeing their intellectual property, customers’ information or financial transaction data fall into the wrong hands. SMBs need to protect themselves, and Symantec has some ideas how.

More


Posted on May 7, 2012 at 12:15 PM | Permalink | Comments (0)

» Insiders played a role in healthcare data breaches

April has been a brutal month for healthcare, with three major breaches disclosed accounting for nearly 1.1 million records lost. The thread woven throughout each has been the role of insiders -- both malicious and inept -- in triggering the incidents.

In one case at the Utah Department of Health, approximately 780,000 Medicaid records were exposed due to the misconfiguration of a server containing these files. Human error also accounted for the loss of 315,000 patient records at Emory Healthcare, when 10 backup disks went missing from a storage facility at Emory University Hospital. Meanwhile at South Carolina's Department of Health and Human Services, an employee sent 228,000 Medicaid patient records to himself via email. The investigation is still ongoing, but already the employee, Christopher Lykes, was fired and arrested by the South Carolina State Law Enforcement Division for his malfeasance.

According to experts, these three incidents are representative of the types of consequences healthcare organizations face when they fail to address insider threats through improved employee screening, monitoring, data controls, and security awareness training. According to Rick Dakin, CEO of the IT security consulting firm Coalfire Systems, more than half of the insider incidents his company investigates involve an insider in some way, shape, or form.

More


Posted on May 7, 2012 at 12:11 PM | Permalink | Comments (0)

» Websites Selling Stolen Cards Shutdown

International law enforcement agencies last week touted the takedown of 36 websites that were used to sell stolen debit and credit data for more than 2.5 million accounts. But how much of an impact will the takedown ultimately have on card fraud?

It's easy for cyberthieves to just take their card numbers to new domains, Klein says. "It's so way down on the fraud chain, it won't have a big impact," he says. "What we need is more effort to arrest bot developers, and then we are really hitting them where it hurts."

A U.S. law enforcement source connected to the bust says that while investigators are combing through the details for connections to other ongoing cybercrime investigations, this source does not see this takedown as extremely significant. Even the amount of recovered card data is low, relative to the number of cards compromised in a typical database breach.

More


Posted on May 7, 2012 at 12:10 PM | Permalink | Comments (0)

» Apple mistake exposes passwords for Lion

Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

David I. Emery wrote on Cryptome that a debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault.

Users who are vulnerable are those who upgraded to Lion but are using the older version of FileVault. The debug switch will record the Lion passwords for anyone who has logged in since the upgrade to version 10.7.3, released in early February.

More


Posted on May 7, 2012 at 12:08 PM | Permalink | Comments (0)

» Tax refund fraud increasing identity theft

A wave of refund tax fraud is fueling demand for stolen IDs. A year ago I wrote about how one set of Florida-based scamsters had tricked the Internal Revenue Service out of  $12.1 million worth of refunds  using  the stolen names and Social Security numbers of 5,108 dead people–likely taken from the Social Security Death Index.  But that, as they say, is yesterday’s news. The IRS told Congress during recent hearings that it has set up a new computer screen to flag fraud relating to the tax returns of recently deceased taxpayers and Internet genealogy sites like Rootsweb.com have limited free access to the death index. So it appears there’s some progress, at least, on that front.

Meanwhile, the fraudsters are collecting lists of living identity theft victims, either by planting employees in jobs with access to personal data or corrupting employees who already have such jobs. Former federal prosecutor Latour “L.T.” Lafferty, head of the white collar and corporate compliance practice at Florida’s Fowler White Boggs, reports that he  has been hired in the past year by two local employers to investigate employee theft of information. In one case, he found, an employee had used her smart phone to take pictures of records. (The iPhone takes such good pictures that you can actually take a picture of your W-2 with it, and have the information entered into Intuit’s TurboTax app.) “The old identity theft,’’ Laferty observes, “was `may we send you a fake email and find out if you’re dumb enough to give me a Social Security number’ or going through your trash.’’  The new trend, he says, is for employees to steal names and numbers in bulk and then use TurboTax or other software to file large numbers of refund claims. (If they get in a bogus 1040 before the real, live taxpayer, or smartly pick the identity of an American who doesn’t have to file, they may be able to get thousands of dollars back.)


Posted on April 26, 2012 at 05:22 PM | Permalink | Comments (0)

» Man emails identities of 228,435 people to himself

A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.

Christopher Lykes Jr., 36, of Swansea, South Carolina was charged with five counts of violating the confidentiality of the state's Medically Indigent Assistance Act and another count of disclosing confidential information, according to paperwork from South Carolina Law Enforcement uncovered by the newspaper. 

Lykes, a former employee of the South Carolina Department of Health and Human Services (SCDHHS), transferred the personal information of 228,435 South Carolinians to his personal Yahoo! e-mail account from January 31 to April 2.


Posted on April 26, 2012 at 05:18 PM | Permalink | Comments (0)

» Russian hackers take lead in cybercrime

Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics and are thus responsible for 36% of the estimated total of $12.5 billion earned globally by cybercriminals in 2011, Russian security analyst firm Group-IB said in a report published on Tuesday.

In the report, Group-IB differentiates between cybercriminals living in Russia and Russian-speaking cybercriminals, who include citizens of the countries of the former Soviet Union and other countries. In the 28-page report the researchers estimate that the total share of the Russian cybercrime market alone doubled to $2.3 billion, while the whole Russian-speaking segment of the global cybercrime market also almost doubled, to $4.5 billion. The researchers noted that the Russian-speaking segment of the global cybercrime market traditionally encompasses twice the amount of the Russian segment.

The Group-IB analysts highlighted general trends in the development of online crimes in 2011. The market was embraced by traditional organized crime groups that are trying to control the entire theft process, which led to the merging of two criminal worlds and a refocusing of the Russian mafia's traditional emphasis on crimes such as drug and arms trafficking to cybercrimes, according to the report. This could lead to "an explosive increase of attacks" on the financial sector, the researchers warned. Online banking fraud is one of the fastest growing segments of cybercrime, with a big increase in 2011, Group-IB said.

www.computerworld.com


Posted on April 26, 2012 at 05:05 PM | Permalink | Comments (0)

» Tacoma woman sentenced for ID theft

A Tacoma woman who victimized more than a dozen visitors to Mount Rainier National Park, was sentenced to two years in prison, three years of supervised release and $7,034 in restitution for conspiracy and aggravated identity theft. 

U.S. Attorney Jenny A. Durkan said 25-year-old Pamela Williams and co-defendant Matthew Mortinson broke into vehicles parked at various trailheads, stealing computers, credit cards and other valuables. 

www.kirotv.com


Posted on April 26, 2012 at 05:03 PM | Permalink | Comments (0)

» Man found with 38 credit cards convicted of ID theft

A man who pleaded guilty in January to aggravated identity theft and credit card fraud was sentenced Monday to 75 months in federal prison, the U.S. attorney’s office said.

Sharif John Reid, 37, of League City, also must pay $157,501 in restitution related to his attempts to purchase Apple iPads and iPhones at the Memorial City Apple store on Aug. 7.

He was accused of using unauthorized credit card numbers to buy $200,000 in Apple products in Louisiana and Texas.

Authorities found 38 credit cards in Reid’s possession that were stolen or obtained by Reid with the intent to defraud, the U.S. attorney’s office said in a statement.

galvestondailynews.com

 


Posted on April 26, 2012 at 05:02 PM | Permalink | Comments (0)

» Identity thieves filing phony tax returns

The Indiana Attorney General’s Office announced today it has received more tax-related identity theft complaints this year than in all of 2011.

Indiana Attorney General Greg Zoeller said 20 Indiana taxpayers have filed complaints so far, because they believe their personal information or their children’s information was used to file fake tax returns and claim refunds. In some cases, Social Security numbers were stolen to obtain employment and as a result the victims are seen as not having reported all their income on their returns.

“Identity theft knows no season, but as Hoosiers file their taxes it provides a unique opportunity for thieves to use names and Social Security numbers to claim significant refunds,” Zoeller said. “These complaints underscore the need for all consumers to be proactive in guarding their personal information whether online, at home or on their person.”

In 2011, the office received 19 tax-related identity theft complaints with only two of those submitted during the three-month period leading up to April. Zoeller said the spike in numbers could be because the Internal Revenue Service (IRS) is doing a better job of finding suspicious activity earlier and reporting it to taxpayers.


Posted on April 3, 2012 at 12:03 PM | Permalink | Comments (0)

» Visa Drops Global Payments Following Data Breach

Visa has dropped Global Payments from its list of companies that are deemed compliant with security policies following a data breach that may have compromised as many as 1.5 million Visa and MasterCard accounts.

Visa’s decision to drop Global Payments from its registry of service providers that meet the credit card company’s data security standards came April 1, two days after the breach became public. During a conference call April 2 to discuss the situation, Global Payments CEO Paul Garcia talked about Visa’s move, and reportedly said he expects his company to be returned to the list after it comes back into compliance with the Visa policies. However, Garcia didn’t say when that may be.

Officials with Visa and MasterCard announced last week that data from credit card accounts was stolen following a data breach at a third-party processor, and stressed that their own servers had not been compromised. The credit card companies initially did not say which transaction processing company was attacked, but it soon leaked out that it was Global Payments.

More


Posted on April 3, 2012 at 11:57 AM | Permalink | Comments (0)

» Mail carrier convicted in massive identity fraud case

A jury in federal district court returned a guilty verdict late yesterday against OPEOLUWA ADIGUN, age unknown, and CHUKWUKA ONYEKABA a/k/a Gabriel Onyekaba, 34, both of Marietta, Georgia on charges of stealing the identities of more than 85 individuals in the Atlanta area and opening credit cards, loans, and bank accounts in their names.  ADIGUN was also convicted of immigration, social security, and passport fraud.

United States Attorney Sally Quillian Yates said of the case, “Identity theft is a growing problem that destroys the lives of innocent citizens, resulting in years of victimization as they try to clear their good names and credit of the damage done by the criminals.  These defendants ran a sophisticated identity theft scheme that included opening multiple accounts in victims’ names, moving the criminal proceeds among different banks in victim names, using fake identifications, and buying ordinary gift cards with stolen credit cards to conceal the source of the proceeds.  The jury’s verdict brings some measure of justice to the many victims of these two defendants’ crimes.”

According to Paul Bowman, Area Special Agent in Charge of the United States Postal Service, Office of Inspector General, “Opeoluwa Adigun reflects just a very small percentage of employees who failed to uphold the trust and integrity placed in them.  The U.S. Postal Service, Office of Inspector General takes these cases very serious and investigates them to the fullest extent of the law.”

“The U.S. Postal Inspection Service is pleased with the jury’s verdict. Identity theft continues to plague the American public. As long as thieves target the U.S. Mail, Postal Inspectors will continue to target those responsible,” said Keith Morris, Postal Inspector in Charge of the Atlanta Division.

“The Paulding County Sheriff's Office, the investigating officer and I are all very happy with the verdict rendered by this jury,” said Paulding County Sheriff Gary Gulledge.  “It is always rewarding to see our justice system work as intended - to hold the guilty accountable and protect the innocent public from further harm. It is also satisfying to see resolution brought to the 85+ victims of the crimes committed by Opeoluwa Adigun and Chukwuka Onyekaba. This case is the perfect example of good police work, inter-agency cooperation, careful prosecuting and an intelligent jury. I commend all involved for the great work and great result.”

“This type of crime is even more egregious when it is conducted by a government employee using his or her position of trust for fraudulent purposes and financial gains,”  said  Brock D. Nicholson, Special Agent in Charge of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) Atlanta, “HSI will continue to vigilantly investigate any individual who engages in activities that  jeopardize public safety and national security.” Nicholson oversees all HSI activities in Georgia and the Carolinas.

According to United States Attorney Yates, the charges and other information presented at trial:  Between May 2006 and March 2010, ADIGUN and ONYEKABA stole mail, credit cards, and other personal information from individuals in the Atlanta area, and then opened a variety of financial accounts under the victims’ names.  As part of the scheme, ADIGUN obtained a job as a mail carrier in the Hiram Post Office under the name “Mary Afolabi,” an identity she had stolen from another person from Nigeria before ADIGUN entered the United States in 2004.  During ADIGUN’s time with the Hiram Post Office, over 85 victims on her mail route reported that their identities were stolen and used to open multiple financial accounts in their names.

Using the information stolen from the mail route customers, ADIGUN and ONYEKABA applied for credit cards and bank loans in their victims’ names.  They deposited the fraudulent loan proceeds into bank accounts opened under yet other victims’ names and then wrote checks from those accounts to their two fraudulent businesses, GMO Auto Services in Douglasville and Gabmike Limousine Service in Smyrna.  They also used the fraudulent credit cards at their businesses. 

Further, ADIGUN and ONYEKABA purchased gift cards and thousands of dollars of merchandise with the fraudulent credit cards.  In March 2010, law enforcement officers stopped the defendants driving a Lincoln Navigator and found dozens of American Express, Walmart, and Target gift cards that were purchased with stolen credit cards issued to individuals residing on ADIGUN’s mail route in Hiram.

ADIGUN obtained a social security card and a U.S. passport and, in March 2009, was naturalized as a U.S. citizen – all under the assumed name of “Mary Afolabi.”

After a seven day trial, the jury returned guilty verdicts on all 44 counts it considered, including conspiracy, access device or credit card fraud, aggravated identity theft, bank fraud, mail theft, immigration fraud, social security fraud, and passport fraud.  The charges carry maximum sentences that range from five to 30 years in prison each, and fines of up to $1,000,000 per count.  The aggravated identity theft charges require a mandatory minimum sentence of 2 years in addition to any other sentence imposed.  Sentencing has not yet been scheduled before United States District Judge Richard W. Story.  In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.

This case was investigated by the United States Postal Service, Office of Inspector General; United States Postal Inspection Service; United States Immigration and Customs Enforcement’s Homeland Security Investigations; United States Secret Service; Social Security Administration; Paulding County Sheriff’s Office; Douglas County Sheriff’s Office; Cobb County Sheriff’s Office; Hiram Police Department; and Cobb County Police Department.

Assistant United States Attorneys Stephen H. McClain and Shanya J. Dingle are prosecuting the case.

 


Posted on April 2, 2012 at 03:36 PM | Permalink | Comments (0)

» How to protect personal data on old devices you sell

Thinking of selling or giving away your smartphone or laptop computer? If you have a BlackBerry or an iPhone, go right ahead. But if you have an Android phone or a computer running Windows XP, you may want to hold off.

It turns out that it's almost impossible to get rid of personal information from some devices, even if you follow the manufacturer's directions for wiping the device clean.

Robert Siciliano, identity theft expert for the technology security firm McAfee, found this out in an experiment he conducted over the fall and winter. He bought 30 electronic devices from Craigslist — mostly smartphones and laptops — to see how effective people were at removing personal information from their gadgets before selling them.

More


Posted on April 2, 2012 at 03:21 PM | Permalink | Comments (0)

» MasterCard, Visa Report Data Breach of Card Processor

VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.

In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.

More from Krebs


Posted on March 30, 2012 at 09:42 AM | Permalink | Comments (0)

» Microsoft Founder Paul Allen Victim of Identity Theft

Microsoft co-founder Paul Allen has become the victim of identity theft, with an AWOL U.S. soldier in Pittsburgh charged with changing the address on a Seattle bank account owned by Allen and attempting to redirect funds to a personal account.

Brandon Lee Price allegedly changed the address on a Citibank account owned by Allen from Seattle to Pittsburgh, and then had a debit card sent to his home in Pittsburgh. According to a report by the AP, Price attempted to wire $15,000 to the new account and to make a $658.81 payment on an Armed Forces Bank loan. He then allegedly attempted to make purchases at a GameStop and Family Dollar store.

One of the stupider headlines or memes around this news is that if a billionaire's identity isn't safe, then how can anyone elses be? There is nothing about a billionaire that makes his or her identity any more protected than anyone elses. If you think there is than by all means name it. Just being rich doesn't inherently give you protections against ID theft.


Posted on March 27, 2012 at 03:51 PM | Permalink | Comments (0)

» Debit card fraud up, while check fraud declines

No surprise here. The use of debt cards are way up, so of course fraud increased. The opposite is true for paper checks.

During a year that saw a record rise in financial crime reports, one scam that has plagued banks and consumers for decades is fading away: check fraud.

Reports of suspected counterfeiting, check fraud, and check kiting were among the financial crimes that saw declines during 2011, dropping 7.5 percent from 2010.

The drop in check fraud came as the Financial Crime Enforcement Network (FinCEN) had a record number of suspicious activity reports (SARs) in 2011 throughout the financial industry.

The number of check-related suspected crimes peaked in 2008, with banks sending 152,874 suspicious activity reports to FinCEN. From there, the cases are investigated by federal, state, or local authorities, depending on the amount of money involved in the crime.

Since 2008, the number of check-related crimes has dropped to 107,041.

The drop in check fraud numbers points to a trend many Americans are familiar with, the slow disappearance of checks.

The use of checks as a form of payment has been declining in recent years. Personal check use has dropped by 12 percent among consumers between 2008 and 2010, according to the American Bankers Association.

Meanwhile, the use of debit cards has increased, and with it, debit card-related crime.

From 2006 to 2009, the use of debit cards as a form of payment rose 14 percent among Americans, while debit card crimes rose 41 percent, according to data from the Federal Reserve and FinCEN.


Posted on March 27, 2012 at 09:31 AM | Permalink

» Children 51 times more likely to be ID theft victim

Why are kids so vulnerable? Because they have unused, unblemished credit profiles. Richard Power, Distinguished Fellow, Carnegie Mellon CyLab, recently published the first ever child identity theft report based on identity protection scans of over 40,000 U.S. children. It is extremely alarming that 10.2% of the children in the report had someone else using their Social Security numbers. That figure is 51 times higher than the rate for adults of the same population.

Most people can't imagine a child's identity would be valuable. That comes from a lack of understanding of how the credit system works in the US.

Because children have untouched and unblemished credit records, they are highly attractive targets. More importantly, their credit reports are usually never looked at for years and years, so the thief can get away with the crime for longer. Child identity theft is profitable, hard to detect and a nightmare to recover. Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it. If it’s not discovered in time, fraudulent use of your child’s identity could mean the loss of educational and job opportunities and starting off adulthood at a serious disadvantage with someone else’s bad credit in her name. All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.


Posted on March 27, 2012 at 09:27 AM | Permalink

» Social media use leads to increase in identity theft

Big users of social networks and smartphones have a higher risk of ID theft.

About 12 million Americans got hit by identity fraud in 2011, a 13% increase from a year earlier, thanks to consumers' growing use of social-media websites and smartphones, plus a sharp jump in security breaches, according to a recent report from Javelin Strategy & Research.

"The new ways in which people can communicate with each other create new risks," says Joel Winston, chief privacy officer at ID Analytics, a consumer risk-management company.
Some 7% of smartphone owners became identity-fraud victims in 2011, the Javelin survey of 5,000 consumers found. Smartphone users are about one-third more likely to fall prey to identity fraud than the general public, the report found.

Why? Because smartphones are minicomputers that store vast quantities of personal information, yet many users don't protect their smartphones the way they do laptops and PCs.

WSJ


Posted on March 25, 2012 at 04:00 PM | Permalink

» Facebook pushes back against employers demanding passwords

Is it legal or even fair for prospective employers to request -- or in some cases demand -- your Facebook password?

Facebook, perhaps anxious to avoid public controversy as it prepares for a much-publicized initial public offering, is moving to squelch a widely reported practice of employers asking job applicants for their Facebook passwords.

“If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends,” Erin Egan, Facebook’s chief privacy officer, wrote in a March 23 note. “As a user, you shouldn’t be forced to share your private information and communications just to get a job.”

Egan also hinted at the legal repercussions: “If an employer sees on Facebook that someone is a member of a protected group [e.g., over a certain age, etc.], that employer may open themselves up to claims of discrimination if they don’t hire that person.”

Employers also may not “have the proper policies and training for reviewers to handle private information,” Egan added. “If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen.” That information may also incur certain responsibilities, such as reporting the possible commission of a crime.

EWeek


Posted on March 25, 2012 at 03:23 PM | Permalink

» FTC report says credit bureaus upsell ID theft victims

A new report by the Federal Trade Commission slams the nation's credit bureaus for upselling identity theft prevention services when victims call looking for help.

The report found that consumers face frustrating voice mail systems that often make it hard to reach a live operator, are confused about their rights and face unnecessary hurdles fixing credit report errors caused by identity thieves. It also pointedly raises the possibility that the new Consumer Financial Protection Bureau could initiate enforcement actions against the bureaus -- Equifax, Experian and TransUnion.

The report comes as that new agency is about to take on regulation of the credit bureaus, a major shift in the way they are policed. The bureau’s new powers will kick in this summer.

More from MSNBC


Posted on March 23, 2012 at 10:46 AM | Permalink

» Armenian Mobsters Convicted in LA for Identity Theft

WASHINGTON – After a five week trial, four defendants have been convicted for their roles in one of the largest bank fraud and identity theft schemes in California history, with dozens of victims in four states and millions of dollars in losses.

The convictions were announced by Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney Andre Birotte Jr. of the Central District of California, Assistant Director in Charge of the FBI’s Los Angeles Field Office Steven Martinez and Special Agent in Charge of the U.S. Secret Service (USSS) Joseph Beaty.

Arman Sharopetrosian, Karen Markosian, Artush Margaryan and Kristine Ogandzhanyan were found guilty of conspiring to commit bank fraud, attempted bank fraud and various counts of aggravated identity theft.  Sharopetrosian, Markosian and Ogandzhanyan waived a jury trial and consented to trial by the judge, and Margaryan proceeded with a jury trial.  

Yesterday, U.S. District Judge David O. Carter found Ogandzhanyan, 28, of Burbank, Calif., guilty of one count of bank fraud conspiracy, two counts of attempted bank fraud and four counts of aggravated identity theft.  On March 16, 2012, the judge found Sharopetrosian, 33, of Burbank, guilty of one count of bank fraud conspiracy, four counts of bank fraud and seven counts of aggravated identify theft.  On March 16, 2012, the judge also found Markosian, 39, of Glendale, Calif., guilty of one count of bank fraud conspiracy, one count of attempted bank fraud and two counts of aggravated identity theft.  A jury convicted the fourth defendant, Artush Margaryan, 28, of Van Nuys, Calif., on March 16, 2012, of one count of bank fraud conspiracy, one count of attempted bank fraud and three counts of aggravated identity theft. 

Evidence was presented at trial that Sharopetrosian is a member of the Armenian Power organized crime group, and Margaryan, Markosian and Ogandzhanyan are Armenian Power associates.

According to evidence presented at trial, Sharopetrosian directed the massive fraud scheme along with co-defendant Angus Brown, while the two were incarcerated at Avenal State Prison.  Using cellular telephones that were smuggled into the prison, Sharopetrosian and Brown worked from behind bars to coordinate with others, including Ogandzhanyn, Markosian and Margaryan, to obtain confidential bank profile information and steal money from victim account holders.  Often targeting high-value bank accounts, the defendants used account holders’ personal identifying information – including names, Social Security numbers and dates of birth – to impersonate victims in phone calls to the bank.  The defendants gathered account information, transferred funds between victims’ accounts and placed unauthorized check orders for the accounts.  They then stole the checks, obtained the victims’ signatures from public documents and paid conspirators to cash the forged checks.  Over the course of the six-year conspiracy, the defendants and their co-conspirators caused more than $10 million dollars in losses to victims in Southern California, Nevada, Arizona and Texas.

“These defendants, including two individuals who were operating from a prison cell, perpetrated a massive fraudulent scheme on behalf of a dangerous criminal enterprise,” said Assistant Attorney General Breuer.  “As members and associates of Armenian Power, they stole sensitive personal and financial information from innocent consumers and caused millions of dollars in losses.  Whether organized criminal groups traffic in drugs, commit financial fraud or wreak other havoc to keep themselves going, they must be stopped.  We are doing everything possible to shut down dangerous gangs like Armenian Power.”

“The safety and sanctity of confidential financial information is paramount in today’s society,” said U.S. Attorney Birotte.  “Identity theft is a fundamental invasion of consumer privacy that cannot be tolerated.  These convictions demonstrate that violators, whoever and wherever they may be, will be caught and will be prosecuted to the fullest extent of the federal law.”

“The defendants were convicted in a trial that uncovered a sophisticated and lengthy scheme that targeted victims in multiple states, and included disturbing details, such as orders made from within prison walls and assistance from bank insiders enlisted by the defendants,” said FBI Assistant Director Martinez.  “This case is also indicative of the growing trend of gang or organized crime-affiliated groups now engaging in identity theft and other financial crimes in furtherance of their enterprise.”    

 

These defendants are four of 20 defendants who were charged with operating the bank fraud and identity theft scheme in one of a series of federal indictments unsealed on Feb. 16, 2011.  The indictments allege various federal crimes against members and associates of the Armenian Power criminal organization.  To date, 19 of the 20 defendants charged in the bank fraud indictment have been convicted, including Brown.  One defendant, Faye Bell, was arrested earlier this year and is still awaiting trial.

Sharopetrosian, Margaryan, Markosian and Ogandzhanyan face maximum sentences of 30 years in federal prison for each count of bank fraud, 30 years for each count of conspiracy to commit bank fraud and additional mandatory two year sentences for each count of aggravated identity theft.

 Sentencing for all four defendants is scheduled for Aug. 6, 2012, before Judge Carter.

The case is being prosecuted by Assistant U.S. Attorneys Martin Estrada and Joseph McNally of the Central District of California and Trial Attorney Cristina Moreno of the Organized Crime and Gang Section in the Justice Department’s Criminal Division.  The case was investigated by the Eurasian Organized Crime Task Force, which includes the FBI, the USSS, the Los Angeles Police Department, the Glendale Police Department, the Burbank Police Department, the Internal Revenue Service and the U.S. Immigration and Customs Enforcement.


Posted on March 23, 2012 at 10:44 AM | Permalink

» University of Tampa Data Breach

A breach at the University of Tampa may have exposed the sensitive information of thousands of students, faculty and staff members, including their names, identification numbers, social security numbers and birth dates, according to a press release posted to their the University's Web site over the weekend.

The information of approximately 6,800 students from fall semester 2011 was discovered online by students in a UT class who were searching online. A subsequent investigation turned up two more files containing roughly 30,000 more records from between January 2000 and July 2011.

More from ThreatPost


Posted on March 22, 2012 at 06:04 PM | Permalink

» Unidentified hackers behind Stuxnet and Duqu still at work

The still-unidentified group of attackers behind Stuxnet and Duqu have drawn quite a bit of attention to themselves in the last couple of years with their creations. Researchers, law enforcement and some particularly angry governments all would like to have a long talk with the crew. But that attention apparently hasn't persuaded the group that it's time to tone down their pursuits, as evidenced by the fact that researchers have discovered a newly compiled driver for Duqu within the last couple of days.

One of the unique things about Duqu is that the malware appears to be specifically tailored to each new victim. Rather than writing one piece of malware and spreading it out to a large potential victim base, the crew behind Duqu had a small, specially selected group of targets, each of which got its own specifically crafted components and drivers. Researchers say that the number of known victims of Duqu is quite small, perhaps fewer than 50.

More from ThreatPost


Posted on March 22, 2012 at 06:02 PM | Permalink

» NASA Data Breach Discovered by Hackers

Members of two hacker collectives, Team r00tw0rm and Team inj3ct0r, identified an SQL injection vulnerability on one of the subdomains owned by NASA and hosted on the domainnasa.gov. By leveraging the security hole, the hackers obtained a 6 gigabyte database, but refused to disclose the name of the flawed subdomain to give the agency time to patch it up.

A sample of the database reveals information such as usernames, email addresses, names, IDs, login dates, passwords, and other data.“Complete Database is in GB’s, well we aren’t leaking it. We may keep all parts in our private home! Yet only little bit dump or few columns data is released just to inform NASA that being National Aeronautics and Space Administration you must also keep your servers up to date!”the hackers said.

They claim they informed NASA a few days ago, but since the organization failed to respond, they leaked part of the database to attract the agency’s attention.

More from ITN


Posted on March 22, 2012 at 05:59 PM | Permalink

» When to Consider Bankruptcy

Filing for bankruptcy is a process that many debtors turn to once they realize that they need help with a large debt load. Bankruptcy is a legal procedure that you can use to have your debt discharged right away. While there are some times that bankruptcy is not your best option, there are a few times where bankruptcy is definitely the best option to pursue. Read more...


Posted on March 8, 2012 at 06:10 PM | Permalink

» Data breaches take months or years to be discovered

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.

Called the Verizon 2011 Investigative Response Caseload Review, it compiles statistics from 90 data breach cases investigated by the company's incident response team last year, and provides a preview of Verizon's larger annual report that will contain data collected from additional sources like national CERTs and law enforcement agencies.

The report concludes that 92 percent of data breach incidents have had an external cause, which conflicts with the findings of other security vendors, according to whom most data breaches are the result of internal threats.

More from IDG


Posted on March 8, 2012 at 05:48 PM | Permalink | Comments (0)

» Business Identity Theft A Growing Concern

You've heard of identity theft — someone using a person's credit information or a Social Security number for ill-gotten gains. Well, experts say similar crimes are also affecting businesses.

Business identity theft involves posing as a legitimate business in order to get access to credit lines or steal customers. Experts believe that the practice has become more prevalent in the past two years.

"Business identity theft is incredibly underreported," says Hugh Thompson, who teaches at Columbia University and chairs an annual conference on security. No federal or state statistics track the problem. And Thompson says few victims are willing to report it.

"There's a big stigma attached with it," he says. "Imagine you're a company trying to portray an image of being solid and reliable out to your customers. It's not something that you want to readily admit to."

Business identity theft takes many forms. Posing as a look-alike or sound-alike business to lure customers is one of them. But in many cases, shady operators go after information to tap into business' credit and reputation. They change a business's contact information, for example, then use it to obtain credit cards or order goods, skipping town before bills arrive.

More from NPR


Posted on March 8, 2012 at 05:45 PM | Permalink | Comments (0)

» EU May Propose 24-Hour Breach Notification, Data Privacy Rules

Companies operating in the European Union may be required to disclose data breaches within 24 hours if proposed new rules are approved.

The European Commission will propose several changes to the data protection and privacy rules to protect individual rights and ensure a high level of data protection on Jan. 25. The proposed changes will simultaneously simplify and toughen the current mishmash of rules and policies currently used by the European Union's 27 member countries.

Along with the data breach notification rule, the commission's proposal includes stricter sanctions and would provide national data-protection officials with authority to levy administrative sanctions and fines, such as fining companies a percentage of their global revenue for violating the rules. The proposed changes would overhaul the EU's 17-year-old data protection policies addressing online advertising and social networking sites.

"Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay," EU Justice Commissioner Viviane Reding said at a conference in Munich on Jan. 22, according to Bloomberg.

eweek


Posted on January 27, 2012 at 09:32 AM | Permalink

» Symantec Warns pcAnywhere Users Due to Source Code Theft

Symantec has confirmed that pcAnywhere users are at "increased risk" because attackers have stolen source code to the remote control tool.

The saga over Symantec's stolen code took another twist as the company acknowledged that pcAnywhere customers are at risk for man-in-the-middle attacks and new exploits.

The breach actually occurred on Symantec servers in 2006, and attackers stole source code to several Norton security products and the pcAnywhere remote access tool, Symantec confirmed last week. At the time, the company assured customers that there was no risk to the products because the source code was so old and the company had made security improvements over the past six years.

However, upon further investigation, it appears that pcAnywhere customers are at risk, especially if they are not following "general security best practices" to protect the endpoint, network and remote access, as well as properly configuring the remote access tool, Christine Ewing, director of product marketing in the endpoint management group, wrote on the Endpoint Management Community blog Jan. 24. Those customers are susceptible to man-in-the-middle attacks, which can reveal authentication and session information.

"Customers of Symantec's pcAnywhere have increased risk as a result of this incident," Ewing wrote.

The encoding and encryption elements within pcAnywhere are vulnerable to being intercepted in man-in-the-middle attacks, according to a whitepaper addressing the issues in the remote access tool released by Symantec Jan. 25. If attacker manage to obtain the cryptographic key, they would be able to launch unauthorized remote control sessions and access other systems and sensitive data. If the key is using Active Directory credentials, the attackers would be able to access other parts of the network.

The company released a patch fixing three vulnerabilities in the latest version of pcAnywhere, version 12.5, for Windows on Jan. 23. Symantec plans to release additional patches during the week for older versions of pcAnywhere, including versions 12.0 and 12.1. Symantec is also expected to patch more issues in version 12.5. Symantec will keep updating the software until "a new version of pcAnywhere that addresses all currently known vulnerabilities" is released, Ewing said.

Customers should disable pcAnywhere because malicious developers would be able to identify vulnerabilities within the source code and launch new exploits, Symantec said in the whitepaper. The remote access tool should be disabled unless it is vitally needed for business use, and in those situations customers should use the latest version of pcAnywhere with all the relevant patches and "follow the general security best practices," Symantec said.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the company said.

Since pcAnywhere is available as a stand-alone product, bundled with other Symantec products and also as part of Altiris-based packages, customers should check to see if the tool is enabled. A remote access component called pcAnywhere Thin Host is also bundled with several backup and security products from Symantec.

The company again asserted that its antivirus and endpoint security products are not at risk. "Our analysis shows that due to the age of the exposed source Symantec antivirus or endpoint security customers, including those running Norton products, should not be in any increased danger of cyber-attacks resulting from this incident," Symantec said in a statement.

The theft was limited to the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks, which includes Norton Utilities and Norton GoBack; and pcAnywhere, Symantec said. The Norton Antivirus Corporate Edition code "represents a small percentage" of the code that appeared in the prerelease source for Symantec Antivirus 10.2, which was discontinued in 2007. Symantec Endpoint Protection 11, which replaced Symantec Antivirus Corporate Edition, was based on a separate code branch "that we do not believe was exposed," Symantec said. Customers running Symantec Endpoint Protection 11.x are at "no increased security risk" due to the code theft.

Customers should follow recommended best practices, such as making sure antivirus definitions are up to date and running the latest version of the software. If it makes sense for the organization, Symantec recommends upgrading to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1, but there is no rush.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," Symantec said.


Posted on January 27, 2012 at 09:29 AM | Permalink

» McAllen insurance agent indicted on charges of mail fraud and ID theft

From a Jan. 26 news release issued by the U.S. Attorney's Office for the Southern District of Texas:

McALLEN, Texas – A McAllen area insurance agent has been indicted on multiple counts of mail fraud and aggravated identity theft arising from a scheme to defraud several private insurance companies offering Medicare Advantage plans and other insurance products, United States Attorney Kenneth Magidson announced today.
 
San Juana Lopez, 59, of Edinburg, Texas, was charged with five counts of mail fraud and three counts of aggravated identity theft in a federal indictment, returned under seal Tuesday, Jan. 24, 2012. The indictment was unsealed this morning upon her arrest by federal agents at her residence and she is expected to make an initial appearance in federal court later this morning before U.S. Magistrate Judge Dorina Ramos.
 
According to the indictment, from 2007 through 2008, Lopez worked for a San Antonio, Texas, insurance agency, selling Medicare Advantage insurance plans. These plans provide Medicare beneficiaries with the option to receive their benefits through a wide variety of private managed care plans, rather than through the traditional Medicare program. The indictment alleges Lopez obtained identifiers of beneficiaries through a variety of illegal means and used the identifiers to enroll the beneficiaries in a Medicare Advantage plan offered by Care Improvement Plus - a Baltimore, Md., insurance company - without the authorization or knowledge of the beneficiaries. Lopez received thousands in commissions as a result of the false enrollments. 
 
The indictment further alleges that only a few days after being suspended by Care Improvement Plus, Lopez entered into a sales agent agreement with United Funeral Directors Benefit Life Insurance Company (United), of Richardson, Texas, which offered pre-need funeral contracts allowing insured individuals to pre-plan and pre-fund funeral expenses. According to the indictment, soon after becoming an agent for United, Lopez began enrolling numerous individuals in United’s pre-need funeral insurance policy without their authorization or knowledge. The indictment alleges Lopez used bank account information belonging to unsuspecting United clients, whom she had previously enrolled, to make premium payments on the false policies. Lopez received thousands of dollars in commissions from United in connection with the alleged fraud.
 
Each count of mail fraud carries a sentence of up to 20 years in federal prison without parole and a $250,000 fine upon conviction. Lopez also faces a mandatory two-year prison term for each count of aggravated identity theft which must be served consecutive to any prison sentence imposed on the underlying charges. 
 
The investigation leading to the charges was conducted by the U.S. Department of Health and Human Services–Office of Inspector General and the U.S. Secret Service. Assistant United States Attorney Greg Saikin is prosecuting the case.
 
An indictment is a formal accusation of criminal conduct, not evidence.
A defendant is presumed innocent unless convicted through due process of law.

 

 


Posted on January 27, 2012 at 09:25 AM | Permalink

» Malware Poses as Google+ Plug-In

Spammers are cashing in on the popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.

The fraudulent email advertises Google+ Hangouts as “the most popular online meeting service,” which is apparently true, according to a recent article from Lifehacker.

The fake Google+ plug-in promises to make you “look and sound your best with high quality audio and video,” apparently an effort to fool G+ users into believing that the free Web conferencing feature can be juiced. Malware City reports that clicking the link won’t install a Google+ plug-in but downloads an executable file instead.

Despite concerns about privacy, there have been few threats that specifically target the Google+ network since its launch. The company has promised to prevent brand squatting and other nuisance behaviors, but G+ specific malware and attacks have been far and few between. That may change, however, as the size of the nascent social network continues to grow.


Posted on January 27, 2012 at 09:23 AM | Permalink

» ID theft scam in NY has victims in 30 states

Two New York women are accused of scamming $75,000 from victims in 30 states by posting phony Craigslist ads for nonexistent jobs and apartments.

A Long Island prosecutor has announced identity theft charges against the woman and her niece.
Nassau County District Attorney Kathleen Rice said Thursday a grand jury filed grand larceny and other charges against the pair earlier this week. Her spokesman said the women will be arraigned at a later date. Defense attorneys did not immediately respond to calls for comment.

Prosecutors say the pair posted online ads and then asked responders to provide personal information, including Social Security numbers.

The women then allegedly used the information to file more than 250 phony tax returns, obtain bank loans and credit cards in the victims’ names.

From AP


Posted on January 27, 2012 at 09:18 AM | Permalink