Identity theft is America’s fastest growing crime -

More than 70 million identities will be lost this year alone with as many as 3 million social security numbers being stolen. http://www.computerprotectionsecrets.com/ has just issued an alert to businesses and consumers on new trends in identity theft.


As more and more of our financial transactions take place online, our laptops and desktops are loaded with incredibly sensitive information – social security numbers, tax filings, banking passwords, credit card numbers, medical records and more. This manifests in an alarming trend, discovered by IdentityTruth– in 2009, reported cases of stolen computers have more than doubled over 2008.


Additional surprising trends uncovered by IdentityTruth’s research:


o Hacking is UP: Think that cryptic passwords and anti-virus software keep you safe? Think again. Today’s identity thieves use software that monitors keystrokes and sends passwords to remote locations, and even devices that allow for remotely copying an individual’s desktop within a certain range! IdentityTruth’s data collected over the course of the year from all the reported data breaches shows that cases of hacking have more than doubled for 2009 (vs. 2008).


o Phishing is DOWN: There is a reason why you haven’t heard from the Prince of Namibia in a while – IdentityTruth’s research points to a significant decrease in phishing emails as thieves are finding new, more effective ways to perpetrate fraud.


o Social Networking increases risk: Consumers regularly share personal information – including date of birth, home addresses, vacation dates and typical password retrieval prompts like “pet’s name” and “city of birth”- on social networking sites, and identity thieves are taking notice. As these sites have given rise to an ocean of valuable personal data, IdentityTruth’s data points to a 50% increase over the past year, in cases of web-generated identity theft.


0 Returning to the classics: IdentityTruth’s data points to a 100% increase in snail-mail based fraud – a special warning for consumers who may be unassuming of low-tech tactics. Diverting a person’s mail is a relatively easy way to acquire valuable personal information.

I'm giving you this assessment free of charge! There are absolutely NO strings attached. Get your free assessment now…before I start charging for it. This has a very real value of $97.00, however, if you act now, right now, it’s yours 100% FREE.

No fine print. No gimmicks. Get piece of mind right now.

No fine print. No gimmicks. Get piece of mind right now.

I thought this info might inspire interesting conversations with your readers. Please let me know if you have any questions or if you’d like more information.


Thanks so much for your time!


Regards,


Rosemarie Grabowski

Online holiday shoppers should beware of scams

Posted: Nov 25, 2009 8:00 PM CST Updated: Nov 26, 2009 8:27 PM CST


by Larry Lemmons

Newschannel 10

Amarillo, Texas - Scams and identity theft are dangers for online shoppers as the holiday shopping season gets underway.

Believe it or not more than half of consumers are expected to shop online for holiday gifts.

But there are some simple rules to follow if you do. The best way to protect yourself when ordering online is to go to well-known secure sites, preferably with a local outlet.

Cpl. Jerry Neufeld of the Amarillo Police Department says, "If you're going to buy something, if there's at least a local connection like Best Buy, or whoever, that if you have a problem with your statement or you didn't receive the product, I can go out here off Soncy and go talk to a manager and say, hey, this is what I've done.

Brian Hughes, Manager of the Best Buy in Amarillo says, "Here at Best Buy we always strive to take care of our customers not only in the store but online too."

It's also important that your own computer be secure. Hughes says, "So many things going on now with hacking and people stealing data that it's very important that you have your computer protected, anti-spyware, antivirus, very important. If not, you go on to three or four websites right off the bat you get a virus and you're shut down."

Skimming is when thieves use small devices at a card swiping machine to steal your information. Police say they haven't seen many if any instances of skimming here in Amarillo but if you're traveling or you want to be cautious you might give the slot a little shake, just to see if it comes off."

Finally, if you think you're a victim of identity theft, place a fraud alert on your credit reports quickly and file a police report.

Online shopping is becoming a lot more popular with folks who don't like to fight the crowds. In fact, 26 percent more folks will be doing that over last year.

http://www.newschannel10.com/global/story.asp?s=11575900

Phishing Scam Imitates cPanel, Targets Webmasters

By Liam Eagle, December 08,


(WEB HOST INDUSTRY REVIEW) -- A report published Monday on the Register said a new phishing scam has been uncovered, targeting the webmasters of legitimate websites by appearing to be their hosting providers and asking for their administrator login details.

The new scam, which was reported on Saturday by security researcher Gary Warner, via a post on his blog, targets the customers of a long list of hosting providers, including some of the most widely used hosting companies – Go Daddy, Hostgator and Yahoo! among them.

Customers of these and other hosting companies, a list of more than 90 in total, have received emails that vary somewhat in content, but ultimately ask, “due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.”

Clicking on a link in the email takes the user to a page that imitates the appearance of the widely-used hosting control panel cPanel. Should the customer enter their information, they are then forwarded to their hosting provider’s login page.

“The goal seems to really be capturing the FTP userids and passwords of webmasters,” writes Werner. “You can imagine what sorts of badness this campaign may lead to.”

As pointed out in the Register story, an increasingly popular tactic among phishers, and distributers of Malware, is corrupting trusted websites, often a step in the distribution of the viruses that create botnets then used to distribute spam.

The Register cites recently-launched security firm Dasient, a company that provides antivirus-type security scanning and repair for websites, as reporting that 640,000 websites were infected with code designed to launch malware attacks on visitors.

From the webmaster’s perspective, having a website corrupted with malware can lead to a site being added on blacklists that can be very difficult to make it away from. Those blacklists are used by Google and Firefox, as well as other tools, to warn users they may be entering unsafe websites.

Werner advises webmasters targeted by the attack to let their web hosting companies know they have been targeted. We would similarly advise web hosting companies named on Werner’s list to let customers know they might be targeted by this sort of phishing email, in much the way banks have been doing for several years.

http://www.thewhir.com/web-hosting-news/120809_Phishing_Scam_Imitates_cPanel_Targets_Webmasters

Job Search Scams: 6 Ways to Protect Yourself Against Identity Theft

Identity theft rings have set their sights on the 15.7 million Americans who are unemployed and looking for work. Here's how to ensure you don't end up a victim.



Fri, November 13, 2009 -- CIO-- As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.

"We have seen a large proliferation of these scams over the past six to nine months because of the employment situation," says Lyn Chitow Oaks, chief marketing officer of TrustedID, which provides identity-theft protection services to individuals, families and businesses.

1. Never share your bank account information up front. Legitimate employers don't need to access your bank account until you become an employee, says Oaks. If they ask for it as part of the application process, it's a warning sign that this "employer" may be up to no good.


2. Never share your Social Security number up front. Legitimate employers will ask for your Social Security number only when they're serious about making a job offer (e.g., after they've interviewed you) and need to conduct a background check, or after you've accepted their offer and they need your Social Security number for tax purposes, says Oaks. Identity thieves will find sneaky ways to ask for your Social Security number up front. Don't fall for their ploys.

3. Never agree to a background check up front. "Until you know you're a candidate for a position, it's not necessary for an employer to do a background check," says Oaks, adding that the only exception may be the government. "They need your Social Security number to complete a background check," she says, "and if you give them the opportunity to do that, they'll learn all kinds of personal information."

4. Research potential employers. If you're unsure whether a potential employer you've found on a job search site is legitimate, Oaks says to find out whether the business has a physical address and to check with the Better Business Bureau in the state where the business is allegedly located to make sure they're licensed.

5. Consider sharing less information on your resume. Many people include their phone numbers and mailing addresses on their resumes, and indeed, employers like to know job applicants' area codes and Zip codes because they sometimes screen candidates based on that information. But if you're wary of identity theft, you may want to include only an e-mail address, at least during initial stages with prospective employers, says Oaks. She also recommends creating a unique e-mail address for your job search. "If employers are interested in you," she says, "they'll contact you."

6. Opt out. When you sign up for e-mail newsletters and offers from legitimate businesses, opt out of receiving offers from their third-party business partners. That can cut down on the amount of spam e-mail you receive and decrease the chances of your personal information ending up on the black market.

This Incident has been confirmed. In Katy , TX

As a woman was putting gas in her car, a man came over and offered his services as a painter, and had his business card in his hand. She said no, but accepted his card out of kindness and got in the car. The man then got into a car driven by another gentleman. As the lady left the service station, she saw the men following her out of the station at the same time. Almost immediately, she started to feel dizzy and could not catch her breath. She tried to open the window and realized that the odor was on her hand; the same hand which accepted the card from the gentleman at the gas station.

She then noticed the men were immediately behind her and she felt she needed to do something at that moment. She drove into the first driveway and began to honk her horn repeatedly to ask for help.. The men drove away but the lady still felt pretty bad for several minutes after she could finally catch her breath. Apparently, there was a substance on the card that could have seriously injured her.

This drug is called 'BURUNDANGA ' and it is used by people who wish to incapacitate a victim in order to steal from or take advantage of them.

This drug is four times dangerous than the date rape drug and is transferable on simple cards.

So take heed and make sure you don ' t accept business cards at any given time alone or from someone on the streets. This applies to those making house calls and slipping you a card when they offer their services.

http://www.snopes.com/crime/warnings/burundanga.asp

Customer Data May be Too Risky to Keep

CIO Insight

With data security an oxymoron at many companies, it's time to rethink who controls customer data in the first place.


By Dan Gillmor - 2005-09-05

Companies keep finding ways to misplace consumers' personal data. Courier services lose tapes on their way to long-term storage facilities; malevolent social engineers con their way into access; laptop computers holding multiple databases are stolen.

We hear a lot about these kinds of things now because a new California law requires companies to disclose to consumers when their data has been compromised. It should be obvious, though, that data loss has been happening for some time, because the level of security in these cases seems to have been, at best, pervasively inadequate.

All of which makes me wonder: Why are companies keeping our data at all? Wouldn't they—and we—be better off in the long run if data wasn't collected and stored in the first place?

This sounds counterintuitive, and it certainly goes against today's common business practices. It's basically been an article of faith that gathering, storing and massaging ever more data is a good thing. Information can be power. It helps determine risk and reward. It helps a company know its various constituents better, including customers and suppliers. And it's worth money.

The current model fails in two areas. One, as noted, is with shamefully lax security. The other is the perverse notion that our personal lives are a commodity to be bought, sold and traded without serious regard for privacy or the consequences of sloppy handling. This doesn't even take into account the common problem of data that is outright false.

It is distressing that most personal information—such as what we spend and where we spend it, not to mention the ultimate skeleton key for identity thieves, our Social Security numbers—can be bartered at all. And when information is compromised or incorrect, consumers are largely responsible for cleaning up the chaos that results.

The data collection system is, at long last, beginning to fray at the edges. Consumers are growing more worried and angry over what they're learning about shoddy storage and trading practices. A recent survey by Harris Interactive found an increase in identity theft and a decrease in consumer confidence that negatively affected purchasing decisions.

The worst practices are drawing the attention of trial lawyers who, in the absence of more serious government enforcement, are prosecuting the promise-breakers.

But the California law may be a canary in the coal mine for keepers of data, because it signals the possible reappearance of legislators into an arena they've tried hard to avoid—a natural tendency, given the prodigious amounts of campaign contributions legislators have collected from the data collectors and sellers.

It's in this context that we should be asking whether the rewards of holding on to consumer data are worth the trouble—and whether it's possible to create an infrastructure that gives consumers much more control over their information from the outset.

Eric Norlin, a vice president at Ping Identity Corp., and a longtime writer on these matters, advocates "federated identity"—a decentralized system that would have the effect of giving consumers just this sort of granular control. "This is about customers being able to make their identities portable," he says, "to allow individuals to present the ID they choose to present to the service provider."

For example, if I were buying a plane ticket, I could give the airline permission to charge a certain amount of money to my credit card. But the airline wouldn't need access to the actual credit card number if I'd simultaneously given the card issuer enough information about the transaction to make the transfer. The bank or other card issuer would need my permission to pay the airline, but the entire transaction could take place in a seamless mesh of business logic, using advanced Web services, that lends parts of my identity to those who need it on a temporary basis.

This leaves a single potential point of failure (for this transaction, at any rate) from an identity-theft standpoint: the bank. Even though banks can, and sometimes do, get careless with data, a financial institution that builds and maintains an excellent record for data security will win more business. Competition for customers would bring more business to providers that are the most careful.

For such a system to have any chance of working, a variety of technologies is required. Ultimately, consumers and merchants must trust that the parties they're dealing with on either side of the transaction are indeed who they're supposed to be. Also, data cannot be easy to compromise. So encryption as well as the ability to digitally "sign" what we send around are crucial.

A viable public-key encryption infrastructure meets these requirements, and the technology's inventor is Whitfield Diffie, Sun Microsystems' chief security officer. He questions whether institutions would ever buy into an identity system where the data resided solely with consumers, but says there's no fundamental technical barrier.

Still, the practical difficulties are not trivial. Mortgage lenders may lose some of their ability to uncover information borrowers may have failed to disclose, and that would mean greater lending risk. One way around the problem might be harsher contract sanctions for failing to give lenders correct information when asked, plus a higher interest rate for more limited kinds of disclosure. In such transactions, people will have to make visible more verified data about themselves than in deals, such as a simple purchase, where the stakes are lower.

Another real-world barrier, Diffie notes, is the lack of a ubiquitous key infrastructure. The old AT&T could have created that, given its one-time dominance of communications. Federal agencies such as the National Security Agency had the wherewithal to do it, but the NSA damaged its credibility with the public by trying to exert improper control over encryption. Federated identity advocates are painstakingly building an infrastructure today that they hope will solve the problems of tomorrow.

One drawback with user-controlled data has nothing to do with business, and that is the government's wish to spy on us. Law enforcement might find its job complicated by an identity system that decentralized control and collection of information.

Even so, there is enormous logic and value to society in returning people's personal lives to their own control. The credibility of future electronically based commerce may depend on consumers' trust in the system. They are losing faith already, and a data Chernobyl is in no one's interest.

The way we're going, however, such a meltdown might be hard to avoid. It would be wise to plan now for the aftermath, wiser still if companies would consider—just consider—the possibility that data retention itself could be the heart of the problem, and seriously analyze the alternatives. That alone would move the ball ahead.

Corporate America has an unfortunate addiction to centralized data that it doesn't need. Sometimes, losing control is an advantage.


http://www.myinvisusdirect.com/Rgrabowski
http://www.cioinsight.com/c/a/Past-Opinions/Customer-Data-May-be-Too-Risky-to-Keep/

Cyber Crime Statistics

The following cyber crime statistics illustrate of some of the general trends in the field of hi-tech crimes. Marked increases in cyber crime statistics result in an increasing need for professionals capable of responding to and investigating cyber crimes, and conducting computer forensic examinations of evidence in these cases.



Cyber Crime Statistics from the 2006 Internet Crime Report*


In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints.


More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies.


Most of these were consumers and persons filing as private persons.


Total alleged dollar losses were more than $194 million.


Email and websites were the two primary mechanisms for fraud.


Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million.


The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud.


Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).


* The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the National White Collar Crime Center’s site, at http://www.ic3.gov/media/annualreport/2006_IC3Report.pdf .


Cyber Crime Statistics from the 12th Annual Computer Crime and Security Survey*


Between 2006 and 2007 there was a net increase in IT budget spent on security.


Significantly, however, the percentage of IT budget spent on security awareness training was very low, with 71% of respondents saying less than 5% of the security budget was spent on awareness training, 22% saying less than 1% was spent on such training.

71% of respondents said their company has no external insurance to cover computer security incident losses.


90% of respondents said their company experienced a computer security incident in the past 12 months.


64% of losses were due to the actions of insiders at the company.


The top 3 types of attack, ranked by dollar losses, were:


financial fraud ($21.1 million)


viruses/worms/trojans ($8.4 million)


system penetration by outsiders ($6.8 million)


* The complete results of this study, as well as past studies, which are conducted annually by the Computer Security Institute, can be found at the CSI website www.gocsi.com . Interestingly, these statistics are compiled from voluntary responses of computer security professionals. Thus, there is certainly an inference that the damages due to computer security incidents are much higher than those cited here, as companies without responding security professionals undoubtedly were the victim of computer security incidents.


Cyber Crime Statistics from the Online Victimization of Youth, Five Years Later study*


Increasing numbers of children are being exposed to unwanted sexual materials online.


Reports of online sexual solicitations of youth decreased while reports of aggressive sexual solicitation of youth did not (perhaps indicating that some prevention and education measures may be working, while the most serious offenders may not be deterred).


Online child solicitation offenses are rarely reported to any authority.


Incidents of online harassment and bullying increased.


*This is an empirical study based on approximately 1500 surveys conducted with online youth in 2005 that were compared to the results of a similar study in 2001. The study was conducted by the National Center for Missing and Exploited Children, the Crimes Against Children Research Center, and the Office for Juvenile Justice and Delinquency Prevention at the United States Department of Justice. The complete results of the study can be found here http://www.missingkids.com/en_US/publications/NC167.pdf .