identity theft and scams
Welcome to
Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
 
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
identitytheft.info
spacer
spacer
There Have Been 
 
 Identity Theft Victims Year-To-Date
CATEGORIES
Latest Identity Theft News
Identity Theft, Credit Card Fraud Suspects Arrested in Raid
Wednesday, May 24, 2017
nbclosangeles.com
Eleven people were arrested in a series of early morning raids in Los Angeles and Orange counties Tuesday as part of a years-long federal identity-theft and credit card fraud probe...The warrants were served in connection with a 27-count federal indictment unsealed Tuesday detailing a credit and debit card "skimming" operation. Skimmers — small devices that can scan and store data from the magnetic strips on the back of credit and debit cards — were allegedly installed by conspirators in area restaurants, according to the indictment. The eateries were not identified.
Married Upper Dublin Business Owners Face Jail for Identity Theft Scheme
Wednesday, May 24, 2017
montgomerynews.com
A husband and wife who operated an Upper Dublin heating and air conditioning business are headed to jail together after they fraudulently used the identities of people from Montgomery, Chester and Bucks counties to open credit accounts with a financial institution.
Medical Identity Theft on the Rise - 5 Tips to Protect Your Employees and Clients
Wednesday, May 24, 2017
scmagazine.com
In the U.S., medical identities are 20 to 50 times more valuable to criminals than financial identities. According to BankRate.com, the average cost for victims of medical identity theft is $22,000 to resolve the crime.
Woman Pleads No Contest to Charges of Felony Elder Abuse, Identity Theft
Wednesday, May 24, 2017
smdailyjournal.com
Jeanine Jantoc, 45, admitted she took more than $100,000 from her parents while she was living with them in South San Francisco between 2013 and 2016.
Data Breach: The Target Cyberattack
Wednesday, May 24, 2017
nydailynews.com
One of the biggest data breaches in history, the holiday hack on Target stores affected up to one-third of all American adults. @RepMikeRogers explains how Russian cyber thieves snuck into Target's payment system through an HVAC vendor, stealing 40 million credit cards over the course of two weeks before anyone noticed.
State Attorneys General and Target Resolve Investigation of 2013 Data Breach
Wednesday, May 24, 2017
huntonprivacyblog.com
On May 23, 2017, various Attorneys General of 47 states and the District of Columbia announced that they had reached an $18.5 million settlement with Target regarding the states’ investigation of the company’s 2013 data breach. This represents the largest multi-state data breach settlement achieved to date.
Using Bitcoin to Prevent Identity Theft
Wednesday, May 24, 2017
mit.edu
At the IEEE Symposium on Security and Privacy this week, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory are presenting a new system that uses Bitcoin’s security machinery to defend against online identity theft.
Russian Cron Malware Operators Arrested Before Banking Malware Taken Abroad
Wednesday, May 24, 2017
news.softpedia.com
With the help of an Android malware, Russian cyber criminals were able to steal from local bank customers and were planning to move their operation to the rest of Europe. Twenty people were arrested as law enforcement tried to kill off the "Cron" malware campaign.
Ukrainian Hacker Gets 2 Years in Press Release Hacking Scheme
Tuesday, May 23, 2017
thehill.com
A Ukrainian hacker has been sentenced to more than two years in prison for his role in an international scheme that involved hacking unpublished news releases to net roughly $30 million in illegal profits...The scheme involved hacking into three business newswires, stealing not-yet-published press releases by public companies that contained financial information and using that information to make trades generating roughly $30 million in illegal profits.
WannaCry: Ransomware Attacks Show Strong Links to Lazarus Group
Tuesday, May 23, 2017
symantec.com
Tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus, the group that was responsible for the destructive attacks on Sony Pictures and the theft of $81 million from the Bangladesh Central Bank.
Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump
Tuesday, May 23, 2017
krebsonsecurity.com
In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump.
Man Gets State Prison in Identity Theft Case
Tuesday, May 23, 2017
goerie.com
The bonds, which were valued at $8,000, belonged to a man who had been the victim of an “impostor scam,” in which he had lost several thousand dollars in cash and savings bonds, according to the affidavit of probable cause.
Data Breach Exposes Social Security Numbers, Concealed Weapons Holders
Tuesday, May 23, 2017
tampabay.com
Social Security numbers for up to 469 people and information about thousands of concealed weapons holders were exposed in a data breach at Florida the Department of Agriculture and Consumer Services.
DocuSign Users Sent Phishing Emails After Data Breach
Tuesday, May 23, 2017
bbc.com
Electronic signature service provider DocuSign has admitted customer email addresses were accessed in a data breach. The addresses were then targeted in a series of phishing emails from "a malicious third party."
Mastermind Sagar Thakkar's Aide Arrested in Delhi in IRS Call Center Scam
Tuesday, May 23, 2017
economictimes.indiatimes.com
A key aide of Sagar Thakkar, the alleged kingpin of the IRS scam ­­ which duped thousands of Americans of over $300 million by reaching them via call centers posing as US officials to extort money ­­ has been arrested from Delhi, Thane Police said today.
Woman Loses $41,000 in IRS Scam
Tuesday, May 23, 2017
mywebtimes.com
"The scam started when the victim, a 63-year-old woman, received a call from a man with an accent who told her she owed thousands in back taxes," Bergeron said. "The caller led her to believe her arrest was imminent and that payments must be made immediately to avoid the police serving warrants."
Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division
Monday, May 22, 2017
krebsonsecurity.com
Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.
Ransomware Is Likely Most Devastating Cybersecurity Threat Ever Faced
Monday, May 22, 2017
tennessean.com
The notoriety of ransomware is so great that the United States Department of Health and Human Services has issued guidance specific to this threat, and the FBI has confirmed the devastation of ransomware, indicating that no industry is immune.
WannaCry Ransomware Deadline Passes, but Few Pay Up
Monday, May 22, 2017
zdnet.com
While WannaCry hit over 300,000 organisations around the world -- including European car manufacturers, the UK's National Health Service, and government institutions in Russia and China -- and heavily impacted on productivity, only a tiny percentage of victims have given into the demands of hackers.
Woman Gets 5+ Years for Widespread Identity Theft of Freddie Mac Employees
Monday, May 22, 2017
housingwire.com
A Maryland woman will spend more than the next five years in federal prison after being convicted of stealing the identities of more than 2,000 employees and affiliates of Freddie Mac and using those identities to fund a lavish lifestyle.
EDD Former Employee Charged With Fraud, Identity Theft
Monday, May 22, 2017
northbaybusinessjournal.com
The Dept. of Justice arrested two of five defendants in an alleged fraud for unemployment benefits and identity theft using personal information of workers throughout California. Fraudulent unemployment benefits totaled more than $800,000 with more than 250 stolen identities, the DOJ alleged.
Florida Deputy Withdraws Guilty Plea in ID Theft Case
Monday, May 22, 2017
usnews.com
Authorities say Felisma used a law enforcement database to steal personal identification information of people and sold it to an accomplice. The scheme was used to obtain credit cards fraudulently.
2 Men Sentenced for Bilking Iowa Woman in IRS Scam
Monday, May 22, 2017
wqad.com
Police say Phillips and Cruz had called the woman and threatened her with arrest if she didn’t pay them money they said she owed the government.
Banking Scam Sees Fraudsters Open 'Twin' Account Next to Your Real One
Monday, May 22, 2017
telegraph.co.uk
Halifax customer Mark Mansfield discovered a criminal had opened another Halifax current account online in his name, despite the fraudster providing fabricated information about his salary and employment details.
Man Loses Thousands of Dollars After Identity Theft, Police Say
Thursday, May 18, 2017
scarsdale.dailyvoice.com
According to police, last week, the man received “an unusual” email from the company Coinbase, stating that an account had been opened in his name, using his bank account. The man told police he did not open the account and advised both the company and his bank of the email so the account could be closed. Police said that when the man subsequently checked his online accounts with Chase Bank, there were eight unauthorized withdrawals from his savings account, totaling thousands of dollars, made between April 27 and May 10 this year. There were also a series of unauthorized small credits made during that time period.
Three Suspects Arrested in Identity Theft, Counterfeit Bills Operation
Thursday, May 18, 2017
koaa.com
Deputies found $12,500 in counterfeit bills, 12 different ID cards, a 13-year-old girl who had run away from home, a sawed off shotgun and 1.5 grams of heroin. Authorities said the bills had holographic markings that passed the marker test.
N.J. Woman Charged in $2.5M Sweepstakes Scam
Thursday, May 18, 2017
nj.com
The victim, a Weatherly, Pa. woman, was tricked by phone into believing she won $2.5 million and a Mercedes from a national sweepstakes company, the report said...The victim followed instructions from someone claiming to be from the sweepstakes company's legal department and sent Morgan $555 through a Walmart money transfer. Minutes later, she received another call asking her to send Morgan a $2,500 check to cover taxes.
ICS-CERT Releases WannaCry Fact Sheet
Thursday, May 18, 2017
us-cert.gov
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar attacks in the future.
OCR Fines Texas Health System for Alleged HIPAA Privacy Rule Violation
Thursday, May 18, 2017
huntonprivacyblog.com
The penalty followed an OCR compliance review of MHHS based on multiple media reports suggesting that MHHS had disclosed a patient’s protected health information (“PHI”) without authorization. OCR’s review focused on an incident that occurred when a MHHS patient allegedly presented fraudulent identification and was subsequently arrested. MHHS senior management approved the publishing of a press release about the incident that contained the patient’s name, an impermissible disclosure of PHI in violation of the Privacy Rule.
FTC Releases Alert on Fraudulent Emails
Thursday, May 18, 2017
us-cert.gov
The Federal Trade Commission (FTC) has released an alert about scammers sending out fake emails that look authentic to trick you into sending money to them. Users should be suspicious of unsolicited phone calls or email messages from individuals asking about your information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Senate Approves Encrypted App Signal for Staff Use
Thursday, May 18, 2017
thehill.com
The Senate Sergeant at Arms has approved the encrypted messaging app Signal for lawmakers and staff. The move was first noticed by the tech publication ZDNet in a letter from Sen. Ron Wyden (D-Ore.) thanking Sergeant at Arms Frank Larkin for the decision. In a letter last week, the senator thanked Larkin for improving the security of Senate websites and also praised him for “the recent announcement by your office that the end-to-end encrypted messaging app Signal is approved for Senate staff use.”
Woman Accused in Multi-State Identity Theft Scam, Police Say
Thursday, May 18, 2017
wapt.com
Officers said they found several fraudulent forms of ID, stolen credit cards and checks on Anthony when she was arrested. She also had several wigs.
Thousands of Patient Records Leaked in New York Hospital Data Breach
Friday, May 12, 2017
nbcnews.com
Medical records of at least 7,000 people compromised in a data breach involving Bronx Lebanon Hospital Center in New York disclosed patients' mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports, according to records reviewed by NBC News. Other information in the compromised records, which online security experts said spanned 2014 to 2017, included names, home addresses, addiction histories and religious affiliations.
Robocalls Flooding Your Cellphone? Here’s How to Stop Them
Friday, May 12, 2017
nytimes.com
An unfamiliar number appears on your cellphone. It’s from your area code, so you answer it, thinking it might be important. There is an unnatural pause after you say hello, and what follows is a recording telling you how you can reduce your credit card interest rates or electric bill or prescription drug costs or any of a number of other sales pitches. Another day, another irritating robocall. If it feels as if your cellphone has increasingly been flooded with them, you’re right.
The Google Docs Phishing Scam: A Win for Security Awareness
Friday, May 12, 2017
tripwire.com
Even if you weren’t aware of it, you likely contributed to the security awareness of the global Internet community in early May 2017. By now, you’ve undoubtedly heard of the phishing scam using a phony Google Docs third-party extension. Across all sectors of social media, word spread like wildfire.
In the Grey Area Between Espionage and Cyberwar
Friday, May 12, 2017
zdnet.com
Nation-state backed hackers continue to probe the defence, government and private sector networks on a daily basis, according to the head of the US military cyber forces, and understanding their intentions is a key challenge. While espionage is the most likely aim, there is also concern that some of these incidents could be preparation for future attacks, according to Admiral Michael Rogers, head of US Cyber Command in testimony to the US Senate Committee on Armed Forces.
Over 80 Percent of Americans Are More Worried About Privacy, Security Than a Year Ago
Friday, May 12, 2017
esecurityplanet.com
More than 80 percent of Americans are more concerned about their online privacy and security today than they were a year ago...And more than 95 percent are concerned about companies collecting and selling their personal information without their consent, a recent survey found.
Central OH Group Charged With Running Identity Theft Ring
Friday, May 12, 2017
circlevilleherald.com
The 24-count indictment alleges that from January 2014 until January 2016 the group bought store merchandise after fraudulently obtaining new and using existing credit from retail stores. McCauley allegedly obtained victims’ social security numbers and dates of birth. Afterwards, he ran their credit history reports from websites like creditkarma.com.
Chinese Hackers Must Pay $9M Over Insider Trading Scam
Friday, May 12, 2017
bbc.com
The US Securities Exchange Commission (SEC) said Iat Hong, 26, Bo Zheng, 30, and Hung Chin, 50, breached the websites of US law firms and accessed confidential information about mergers and acquisitions.
NatWest Text Message Scam Is Allowing Fraudsters to Steal Bank Customers' Cash
Friday, May 12, 2017
independent.co.uk
NatWest customers are being warned about a new ‘smishing’ scam that allows fraudsters to steal their cash. The new type of scam, sees criminals sending unsuspecting victims a text message that appears to be sent from their bank.
Military Cadets Battle the NSA in Mock Cyberwar Games
Thursday, May 11, 2017
cnet.com
The US is a prime target for cyberattacks in the new age of digital warfare. Here's how officers-to-be are preparing for the future.
Texas Health System Settles Potential HIPAA Disclosure Violations
Thursday, May 11, 2017
hhs.gov
Memorial Hermann Health System (MHHS) has agreed to pay $2.4 million to the U.S. Department of Health and Human Services (HHS) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Rounding up Foreign Lottery Scammers
Thursday, May 11, 2017
consumer.ftc.gov
Just last week, the US Department of Justice (DOJ) announced that eight Jamaicans were extradited to the US and now are in custody in North Dakota. These eight people were charged with using a lottery scam to trick at least 90 people out of more than $5.7 million dollars.
Patient Portal Flaw Exposes Lab Records
Thursday, May 11, 2017
healthcareinfosecurity.com
A recent patient portal security mishap at a Texas-based cancer testing laboratory is the latest reminder of the need to safeguard sensitive health information on web-based applications and websites.
Bank of America Text Message Phishing Scam Resurfaces
Thursday, May 11, 2017
abc11.com
A Bank of America (BOA) phishing scam is making its way back onto the screens of mobile users.
Woman Pleads Guilty to Fraud, Identity Theft
Thursday, May 11, 2017
lakenewsonline.com
Bernstein opened accounts at Central Bank of the Lake of the Ozarks and at Landmark Bank in the names of persons whose names and Social Security numbers she obtained without their permission or knowledge. Bernstein admitted she altered the payee on some of the stolen checks she obtained in order to cash them in the names of a mother and daughter in California whose identities she had stolen.
Harrisburg Gastroenterology Victim to Data Breach — 93K Records Potentially Exposed
Thursday, May 11, 2017
beckersasc.com
The potential information contained names, demographic information, Social Security numbers, health insurance numbers, diagnostic information and clinical information.
Ohio AG Warns Consumers of Online Puppy Scams
Thursday, May 11, 2017
fox45now.com
If you're looking to add a four-legged friend to the family, the Ohio Attorney General has a warning for you.
FTC Launches Cybersecurity Resource Website for SMBs
Wednesday, May 10, 2017
darkreading.com
The Federal Trade Commission rolled out a website this week for small businesses that provides tips and resources on cybersecurity. The new ftc.gov/SmallBusiness website aims to help small businesses protect their networks and systems from cyberattacks, as well as protect customer and employee data. Access to the FTC's tips and advice are free.
SSA.GOV to Require Stronger Authentication
Wednesday, May 10, 2017
krebsonsecurity.com
The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users.
How America's Small Businesses Can Become Cyber Savvy and Scam-Free
Wednesday, May 10, 2017
thehill.com
As acting chairman of the U.S. Federal Trade Commission (FTC) and administrator of the U.S. Small Business Administration (SBA), our joint mission is to help businesses focus on business. That’s why we’ve teamed up to develop tools so companies take on two of their biggest concerns: fraud and cyber threats.
Identity Theft Ring Busted After Suspects Spend $150K at Macy’s
Wednesday, May 10, 2017
nypost.com
An identity-theft ring was busted Tuesday for using forged credit cards to rack up $150,000 in luxury cosmetics at Macy’s flagship store in Herald Square, officials said. The six defendants allegedly used credit car??d information stolen from more than a dozen customers at major banks...
Woman, Pushing Tot in Cart, Commits Identity Theft at Walmart
Wednesday, May 10, 2017
nbcsandiego.com
The woman placed an order for groceries via the Walmart smartphone app using a stolen credit card number. She picked up the items at the Santee store.
Thousands Potentially Exposed to Identity Theft After County Published Sensitive Information Online
Wednesday, May 10, 2017
thedenverchannel.com
The Larimer County Clerk and Recorder's office made sweeping changes to how it conducts business amid a Denver7 investigation, which revealed how officials had published sensitive information belonging to thousands of people online for months.
$10-Million Identity Theft Ring Busted After Joint U.S.-Canada Investigation
Wednesday, May 10, 2017
huffingtonpost.ca
Police say they've busted an identity theft ring in the Toronto area that allegedly caused $10 million in losses to residents in Canada and abroad. The cross-border investigation — dubbed Project Royal — involved Toronto police, the RCMP, several provincial ministries and U.S. agencies.
Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
Wednesday, May 10, 2017
huntonprivacyblog.com
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative data breach class action against Michaels Stores. The plaintiff’s injury theories were as follows: (1) the plaintiff’s credit card information was stolen and twice used to attempt fraudulent purchases; (2) the risk of future identity fraud and (3) lost time and money resolving the attempted fraudulent charges and monitoring credit. The plaintiff, however, quickly cancelled her card after learning of the unauthorized charges and did not allege that she was held responsible for any of those charges.
Hackers Find Celebrities’ Weak Links in Their Vendor Chains
Tuesday, May 09, 2017
nytimes.com
In December, hackers impersonating an executive at Interscope Records, the record label owned by Universal Music Group, managed to bypass all the latest in digital defenses with a simple email. In a carefully tailored message, the hackers urged an executive at September Management, a music management business, and another at Cherrytree Music Company, a management and record company, to send them Lady Gaga’s stem files — files used by music engineers and producers for remixing and remastering.
Privacy Awareness Week: A Time to Learn
Wednesday, May 10, 2017
consumer.ftc.gov
Privacy Awareness Week is May 8-12, 2017. It’s an annual initiative of the Asia Pacific Privacy Authorities Forum that combines the efforts of privacy agencies in the region to share information about privacy practices and rules.
Consumer Blames Reporting Agencies for Identity Theft
Tuesday, May 09, 2017
setexasrecord.com
A consumer is suing reporting agencies, alleging false reporting. Kristine Castillo filed a complaint May 4 in the Houston Division of the Southern District of Texas against Equifax Information Services LLC, Experian Information Solutions Inc., TransUnion LLC, Harvest Associates Inc., et al, alleging they violated the Fair Credit Reporting Act. According to the complaint, Castillo was a victim of identity theft. The suit says as a result of the defendants providing false information to third parties, this information negatively reflects on Castillo's credit history, financial responsibilities and credit worthiness.
Police: Transit District Employee Stole $20K Through Identity Theft
Wednesday, May 10, 2017
norwalk.dailyvoice.com
Weeks manipulated payroll, adding hours to a certain employee's pay, which generated a separate paycheck, police said. He then stole these checks and forged the employee's signatures in order to deposit them, according to police.
Woman Charged With Felony Identity Theft
Wednesday, May 10, 2017
conradrecord.com
According to affidavits dated April 14 and May 1, Cynthia Ann Dreesman, age 52, used the personal information of Taresa Tripp, a Reinbeck woman who had no knowledge of the events and did not give her consent, to procure an ATM card with access to Tripp’s bank account. Dreesman is then charged with spending a total of $1,089 of Tripp’s money between February 11 and March 29 in Grundy Center.
Police Warn of Ongoing Phone Scams Affecting Residents
Wednesday, May 10, 2017
abc7.com
Yucaipa police are warning residents to be aware of ongoing scams involving phone calls from people posing as Edison, FBI and San Bernardino sheriff's officials.
FBI/IC3: Vile $5B Business E-Mail Scam Continues to Breed
Wednesday, May 10, 2017
networkworld.com
The FBI’s Internet Crime Complaint Center (IC3) this week said the plague it calls the Business Email Compromise continues to rack-up victims and money – over 40,000 worldwide victims and $5 billion in the latest count.
Monson Resident Falls Victim to IRS Scam, Turns $1,000 Over to Caller
Tuesday, May 09, 2017
masslive.com
The resident received the scam telephone call and was told he must pay $1,000 or risk a warrant being issued for his arrest, Monson Police officials said. "The resident followed the caller's instructions and immediately went out to purchase a gift card in the amount of $1,000," police said.
Identity Theft: Planning for the Future
Monday, May 08, 2017
ftc.gov
On May 24, 2017, the Federal Trade Commission will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what we can do to address this challenge in the future.
Cybersecurity Reports Agree on Espionage, Differ on Public-Sector Data Breaches
Monday, May 08, 2017
govtech.com
Two studies of Internet security released within one day of each other had many similar findings, primarily that the public sector generally fared no better or worse than retail, business and other areas last year — but it continues to be a significant target for cyber- espionage and email-based attacks, though not necessarily other common U.S. attacks like identity theft.
Government Organizations Targeted in "Netrepser" Attacks
Monday, May 08, 2017
securityweek.com
A report published by Bitdefender on Friday details a previously undocumented cyber espionage campaign that leverages a piece of malware dubbed “Netrepser” to target government organizations.
Ontario Government Scrambling After Printing Mistake Causes Data Breach
Monday, May 08, 2017
ottawacitizen.com
The provincial government is scrambling to notify thousands of Ontarians that they have been victims of a data breach that has exposed the health card numbers, birth dates and homes addresses of at least 5,600 people.
How to Protect Your Privacy as More Apps Harvest Your Data
Monday, May 08, 2017
nytimes.com
For consumers, giving up some data has become part of the trade-off of receiving compelling, personalized services. But that doesn’t mean you have to be caught by surprise. Here are some tips from privacy experts on protecting yourself from tricky data collection.
Homeland Security Issues Warning on Cyberattack Campaign
Monday, May 08, 2017
healthcareinfosecurity.com
The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems.
Assessing the Latest Draft Cybersecurity Executive Order
Monday, May 08, 2017
govinfosecurity.com
The latest draft version of the Trump administration's cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Barack Obama White House, including modernizing federal IT.
Bank Account Hackers Used SS7 to Intercept Security Codes
Monday, May 08, 2017
bankinfosecurity.com
Hackers have exploited the Signaling System #7 international telecommunications signaling protocol as part of a two-stage attack designed to drain money from online bank accounts.
Cop Pleads Guilty in Identity Theft Scam
Friday, May 05, 2017
miami.cbslocal.com
A former Hialeah police officer accused of using a confidential driver’s license data base to access personal information in an identity theft scheme has pleaded guilty to corruption charges. Raul Castellon, 38, admitted in court documents using Florida’s Driver and Vehicle Information Database in 2016 to access identities of at least 25 people. Those identities were passed to co-conspirators who used them to buy goods with credit cards that were later sold for cash.
Email Scam Targets Homebuyers
Friday, May 05, 2017
wfmynews2.com
A Minnesota couple lost more than $200,000 in a sophisticated email scam authorities say is sweeping the country...Authorities say what happened to Tadevich and his wife should be a warning to anyone who uses email or does some of their banking online.
Debenhams Data Breach Underlines Need for Supply Chain Security
Friday, May 05, 2017
computerweekly.com
Debenhams is contacting 26,000 customers whose personal data is believed to have been exposed in a malware-enabled cyber attack on Ecomnova, which runs the Debenhams Flowers online florist.
Windows Backdoor Malware Disguises Itself as Adobe Flash on macOS
Friday, May 05, 2017
9to5mac.com
A new piece of backdoor malware originally discovered on Windows has found a new home in macOS. Disguising itself as a legitimate Adobe Flash Player installer, the malware burrows into pre-existing macOS folders making it harder to spot. Having used a valid developer’s certificate, the malware was set to run free on macOS even with Gatekeeper enabled.
Garage Burglary Leads Detectives to Identity Theft Operation
Friday, May 05, 2017
sacbee.com
Detectives learned that the identifying information of victims in the case had been stolen in various ways, including stolen mail, purses or wallets taken from cars, or during residential burglaries.
Southern California Edison Warns of 'ID Spoofing' Scam
Friday, May 05, 2017
keyt.com
Energy company Southern California Edison is warning residents about a rash of scam phone calls. The scam involves using special equipment to "spoof" or falsify caller ID information. Calls appear to be coming from Southern California Edison but are actually from a scammer. The scammer may pose as an SCE employee in order to obtain personal information or convince the recipient to purchase special products.
How a Suburban Man Fell Victim to Online Romance Scam
Friday, May 05, 2017
dailyherald.com
The 58-year-old man's troubles began in March, when he started corresponding via Facebook with a woman who told him she lived in Ohio, said Sugar Grove Police Chief Pat Rollins.
Fake Police Targeting Tourists in Wallet Scam
Friday, May 05, 2017
devonlive.com
Tourists are being targeted by fake police officers who check their wallets - only to return them with cash missing.
Hacker Arrested for Stealing $100 Million From Facebook and Google
Friday, May 05, 2017
esecurityplanet.com
Evaldas Rimasauskas allegedly used phishing attacks to trick the companies into transferring tens of millions of dollars to accounts he controlled.
Facebook Adds 3,000 Employees to Screen for Violence as It Nears 2 Billion Users
Friday, May 05, 2017
washingtonpost.com
Zuckerberg said that the social network is hiring 3,000 additional workers to its “community operations” team, which will field reports from users who flag inappropriate material on the site. The company would then have 7,500 workers on its global team. The new reviewers “will also help us get better at removing things we don't allow on Facebook like hate speech and child exploitation,” Zuckerberg said. Facebook will keep working with community groups — such as suicide prevention groups — and law enforcement to offer assistance to those who post or are seen in the videos who may need help, he said.
Who's Really Calling?
Friday, May 05, 2017
consumer.ftc.gov
The millions of people who reported scams last year told us that imposters were the top fraud of the year. Imposters have called many of us – maybe even most of us, pretending to be anyone from the IRS to a family member in trouble, from fake tech “help” for your computer to a business selling things that turned out to be bogus. Their goal? To get your money as quickly as possible.
TheDarkOverlord Dumps 180,000 Patients’ Records From 3 Hacks
Friday, May 05, 2017
databreaches.net
While thousands of their followers on Twitter seem to be eagerly waiting for TheDarkOverlord (TDO) to dump more tv films or episodes of popular series, TDO went non-fiction this morning, dumping patient/medical records from some of their hacks in the healthcare sector last year. All told, almost 180,000 patients had their personal information shared with the world.
Callers Claiming to Be From Boulder County Colorado Sheriff’s Office
Friday, May 05, 2017
kdvr.com
The district attorney’s office issued a new scam warning Thursday, saying there has been a “huge surge” in the number of people reporting calls from scammers claiming to be with the Boulder County Sheriff’s Office.
Police Investigating Card Skimming Scam at Gas Station
Friday, May 05, 2017
dailyitem.com
State Police Trooper Jared S. Mowen said they discovered a card skimming device at the Sunoco after several victims reported they found fraudulent charges on their credit and debit cards between April 4 and 30.
Lottery Scam Targeting Seniors Sends Man to Prison for 5 Years
Friday, May 05, 2017
buffalonews.com
With every promise of a multimillion-dollar sweepstakes prize came a quid pro quo – which is why a 72-year-old Western New York man coughed up $100,500 in savings to a stranger. And he wasn't alone.
Grandmother Likely Won’t Recover $150K Lost in Scam
Friday, May 05, 2017
wpri.com
Police in Rhode Island say they’re trying to recover $150,000 that a grandmother lost in a scam, but, at this point, there is little they can do. The Westerly Sun reports the Westerly woman transferred the money to Hong Kong, believing she was investing in a company. When her family found out, they called police, who determined the company does not exist.
“Google Docs” Worm Ransacks Gmail Users’ Contact Lists – What You Need to Know
Thursday, May 04, 2017
tripwire.com
You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you. If you made the mistake of clicking on the link, you could start a process that could potentially result in your email archive and contact lists being slurped up in strangers and the same dangerous message being forwarded to everyone in your address book.
Gannett Phishing Attack Compromised 18,000 Accounts
Thursday, May 04, 2017
scmagazine.com
Gannett Company was hit with a phishing attack that may have compromised the accounts of as many as 18,000 current and former employees. Officials said the attack appears to have originated from a malicious email sent to human resources staff and was spotted on March 30 when the perpetrator attempted to use one of the compromised accounts for a fraudulent corporate wire transfer request that was flagged as suspicious, according to USA Today which is owned by Gannett.
House Judiciary to Tackle Email Privacy, Spy Rules
Thursday, May 04, 2017
fcw.com
Moving the Email Privacy Act, renewing Section 702 of the Foreign Intelligence Surveillance Act, updating copyright laws and addressing data stored overseas are some of the items on the House Judiciary Committee's newly announced innovation and competitiveness agenda.
Sheriff's Reserve Commander Pleads Guilty to Identity Theft
Thursday, May 04, 2017
clickondetroit.com
A commander with the Wayne County Sheriff's Reserve Division pleaded guilty Wednesday to charges related to his day job as a car salesman. Cmdr. Wilson Roberts pleaded guilty to identity theft and obtaining a signature with the intent to defraud.
Missing Vehicle Links to Woman’s Identity Theft Case
Thursday, May 04, 2017
thisweeknews.com
When the car was not returned, the manager called the woman using the phone number the business had been given, but the woman who answered said she had no knowledge of a car being rented in her name and she was not the person who had made the transaction.
Atlanta Rapper Caught in Coffee House Sting, Charged in Elaborate Scam
Thursday, May 04, 2017
11alive.com
An Atlanta rapper is at the center of what investigators are calling an elaborate scam involving high-end vehicles, stolen identities, and a coffee house sting.
Lawmakers Warn of Scam Tied to Phony Veterans Program Line
Thursday, May 04, 2017
usnews.com
Maine's congressional delegation is warning residents of a phone scam where impostors try to imitate the Veterans Choice Program phone line.
Possible Data Breach at Harrisburg Gastroenterology
Thursday, May 04, 2017
fox43.com
The patient information in question includes names, demographic information, Social Security numbers, health insurance information, diagnostic information, and clinical information.
Lawsuit Looms in Wake of Massive School System Data Breach
Thursday, May 04, 2017
covingtonleader.com
A $19 million lawsuit has been filed in the federal court against the Tipton County Board of Education following a January data breach. The class action suit alleges a board of education employee acted willfully with gross negligence, releasing confidential information to a third party. On Jan. 23, the board of education received a phishing email from a third party in which the sender posed as director of schools Dr. William “Buddy” Bibb, asking for all employee W2 information. The email sent by the employee contained PDF files of nearly 2000 employee names, addresses, social security numbers nature of income, source of income, amounts of income, deductions, exemptions, tax withholdings and tax payments.
Fitchburg Data Breach Discovered
Thursday, May 04, 2017
sentinelandenterprise.com
City officials discovered last month the Social Security numbers of 1,800 state residents were released in a breach of city records three and a half years ago, according to a report filed with the Massachusetts Office of Consumer Affairs and Business Regulation.
Nearly Half of Federal IT Managers Report Breach in Last Six Months: Research
Thursday, May 04, 2017
thehill.com
Forty-two percent of high-level federal IT managers surveyed in new research reported experiencing a data breach in the last six months. According to the survey released by cybersecurity company BeyondTrust on Wednesday, 1 in 8 said their systems weathered a data breach in the last 30 days. The research comes as lawmakers raise concerns about the vulnerability of federal government systems to criminal hackers and nation-state spies.
Greenway Health Still Struggling With Ransomware Attack
Thursday, May 04, 2017
healthdatamanagement.com
A ransomware attack last week against hospital and ambulatory electronic health records vendor Greenway Health affected 400 client organizations using the vendor’s Intergy cloud-hosted platform. Half of those affected clients have had their EHR services restored, with the rest reverting to manual processes in the hope of full restoration by today, says Greg Schulenburg, Greenway Health’s COO.
Gang Members, Others Accused of Running Counterfeit-Check Ring
Thursday, May 04, 2017
wsj.com
More than 30 gang members are accused of operating a counterfeit-check ring that stole $1 million from major banks and recruited young bank-account-holders through social media, Manhattan District Attorney Cy Vance Jr. said on Wednesday.
Man Found Guity of Stealing $74K in Identity Theft Case
Thursday, May 04, 2017
nj.com
The investigation revealed that Cousar used the victim's stolen identifying information to open fraudulent online banking and fraudulent checking accounts in the victim's name. He then transferred money from the victim's legitimate savings account to the fraudulent accounts he controlled.
Identity Theft Leader Avoids Prison Time
Thursday, May 04, 2017
villagerpublishing.com
In a statement issued after the court’s decision, District Attorney George Brauchler noted the lack of minimum prison-sentencing requirements in such cases. “Colorado’s criminal laws are inequitable and need to be modernized to reflect the realities of identity theft and financial crime,” he said. “When a person steals $100 from someone at the end of a gun barrel just one time, he faces mandatory prison. But when someone steals numerous individuals’ identities, financial security and nearly $90,000 through repeated and prolonged acts of theft, fraud and deceit … he gets a halfway house.”
Data Breach of North Texas Company Could Affect Hotel Customer Payment Information
Thursday, May 04, 2017
nbcdfw.com
Southlake-based Sabre Hospitality Solutions says someone hacked its hotel reservation system. Sabre provides reservation system services for more than 36,000 properties.
Healthcare Breaches Hit All-Time High in 2016
Wednesday, May 03, 2017
darkreading.com
A record-breaking 328 healthcare businesses reported data breaches in 2016, surpassing the record of 268 set one year prior. Healthcare records of about 16.6 million Americans were exposed due to hacks, lost or stolen devices, unauthorized disclosure, and other activity.
Breach at Sabre Corp.’s Hospitality Unit
Wednesday, May 03, 2017
krebsonsecurity.com
Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.
California Auto Loan Firm Spills Customer Data
Wednesday, May 03, 2017
bankinfosecurity.com
A California financing company exposed up to 1 million records online that contained names, addresses, fragments of Social Security numbers and data related to vehicle loans, according to a researcher's report. The information, now offline, could be used for ID theft.
The Average DDoS Attack Cost for Businesses Rises to Over $2.5 Million
Wednesday, May 03, 2017
zdnet.com
DDoS campaigns are on the rise and the enterprise can now expect a bill of at least $2.5 million every time they become a victim. The mere threat of a distributed denial-of-service (DDoS) attack can cause businesses to sweat, and in some cases, cybercriminals earn big money just by threatening a company with a future attack unless they pay protection fees.
Facebook to Hire 3000 Employees to Review Content for Crime and Suicide
Wednesday, May 03, 2017
thehill.com
Facebook CEO Mark Zuckerberg announced on Wednesday that the company will hire 3,000 new employees to review its videos for crime and suicides.
Motel Was the Base for Identity Theft Crew, Police Say
Wednesday, May 03, 2017
dailybulletin.com
When police officers witnessed a man pushing a woman out of a motel, it led to the arrest of four people and recovery of stolen property and the equipment used to create fake IDs.
Woman Sentenced for $1.5 Million Embezzlement Schemes, Identity Theft
Wednesday, May 03, 2017
lstribune.net
Webb admitted that she embezzled at least $1,526,594 in total from Garmin International, Black and Veatch and TriStar Benefit Administrators over the course of four years, 2012 through 2016. Webb registered a business in the name of “Beauty Within Me” and opened a bank account in the name of the business. She then utilized this bank account to divert money stolen from her victims.
Fraud Probe as Facebook Scam Group Uses Stolen Credit Card Details to Offer Cut-Price Domino’s Pizza Deals
Wednesday, May 03, 2017
thesun.co.uk
The groups lure in takeaway fans with claims they use vouchers and discounts to arrange ultra-cheap orders – but customers are now being warned stolen credit cards may have been used to pay for the food.
Mexican Man Sentenced to 3 Years in Prison for Identity Theft
Tuesday, May 02, 2017
wcfcourier.com
At that time (of arrest), Hernandez-Espinoza turned over to agents identification documents, including a birth certificate, all in the name of the U.S. citizen whose identity he knowingly used. During the sentencing, he admitted that between 2011 and 2015, he was convicted eight times in Iowa and Minnesota of using the name of the U.S. citizen, including after being arrested for criminal sexual conduct and domestic abuse assault.
Men Sentenced in Mortgage Identity Theft Scam
Tuesday, May 02, 2017
warwickpost.com
Between 2007 and 2014, the defendants conspired to execute a scheme, which caused prospective homebuyers to obtain mortgages from financial institutions based upon materially false loan applications and fraudulent supporting documentation. As part of the conspiracy, false representations were made in order to obtain fees to which the defendants were not entitled or to make a profit selling property in which they had an ownership interest. In some instances, thousands of dollars were fraudulently obtained by misrepresenting on a HUD form the amount of funds due or to be paid to one of the parties involved in a transaction. In numerous instances, the defendants concealed their involvement in the scheme by conducting business under the names of several different entities and individuals. At times, the defendants used stolen identities to further the fraud and to conceal their connection to the real estate transactions.
Two Central PA Medical Practices Report Potential Data Breach
Tuesday, May 02, 2017
lancasteronline.com
Harrisburg Endoscopy & Surgery Center Inc. and Harrisburg Gastroenterology Ltd., both located at 4760 Union Deposit Road in Dauphin County, have identical notices on their websites about what they term a "privacy incident."
One-Third of Federal Agencies Reported Data Breaches in 2016
Tuesday, May 02, 2017
darkreading.com
One-third of federal government agencies reported experiencing a data breach in the last year, and 65% have experienced one in the past, according to the 2017 Thales Data Threat Report, Federal Edition. Nearly all (96%) respondents consider themselves "vulnerable" to data breaches; about half (48%) state they are "very" or "extremely" vulnerable.
Financial Services Sector the #1 Target of Cybercriminals
Tuesday, May 02, 2017
darkreading.com
The IBM X-Force Threat Intelligence Index discovered financial services topped the list of industry-specific targets, with 65% more attacks than the average organization across all industries. Attacks on the sector increase 29%, from 1,310 in 2015 to 1,684 in 2016. "The primary goal is money," says Dave Hylender, senior network engineer at Verizon. "That is the driving force behind most of these attacks."
Verizon Finds Phishing Attacks, Malware Top Data Breach Causes
Tuesday, May 02, 2017
healthitsecurity.com
Increased propriety research, prototypes, and amounts of confidential personal data have all helped fuel cyberespionage attacks, such as phishing attacks, according to a recent Verizon report.
Security Warnings as "10 Concerts" Lists, Free Coupon Scams Go Viral on Facebook
Tuesday, May 02, 2017
cbsnews.com
Concert-goers and shoppers are being warned about two unusual security risks on Facebook that have been going viral in the past few weeks. One involves fake coupons claiming to offer deals ahead of Mother's Day, which have been directing users to a survey site intended to steal information.
Man Accused of Scam Targeting Elderly Victims
Tuesday, May 02, 2017
tampabay.com
A 28-year-old handyman is accused of taking money from three elderly people for work he never completed, and Pinellas County sheriff's detectives think there may be more victims.
Bed Bath & Beyond Warns of Mother's Day Coupon Scam
Monday, May 01, 2017
wtsp.com
Another coupon that's just too good to be true on Facebook. You can't help but click it..but don't. The fake coupon says Bed Bath and Beyond offering $75 off in-store purchases. The ad claims it's celebrating Mother's Day.
Watch Out! There Are Apple ID SMS Phishers About!
Monday, May 01, 2017
grahamcluley.com
It's not just your bank accounts that online criminals are keen to break into. They would quite like to hijack your Apple ID credentials too. A number of people have reported receiving a text message from "AppleInc" over the weekend, claiming that their Apple IDs was about to expire - and urging them to click on a link if they wanted to keep it.
Pekin High School Subject of Cyberattack
Monday, May 01, 2017
pjstar.com
Pekin officials discovered the problem Monday. Sometime Sunday, a hacker apparently used malware to infect the school’s computers. Pekin officials have no idea who it was; Owens believed it might even be a non-American entity. The hacker used encryption to make it impossible for Pekin representatives to access information stored in the system. In return for unlocking it, the saboteur demanded a ransom — $37,000, according to Owens. It was not paid.
Malware Shuts Down Virginia State Police Email
Monday, May 01, 2017
scmagazine.com
The Virginia State Police network Wednesday was hit with a malware attack which shut down the department's email services. The attack also affected the department's ability to update the Virginia Sex Offender and Crimes Against Children Registry website and forced the department to suspend email services between 8 p.m. Wednesday and until noon Thursday, according to The Virginian-Pilot.
Identity Theft Is Alive and Well--And Fraudsters Keep Getting Richer
Monday, May 01, 2017
techrepublic.com
Last year, cyber criminals netted 16 billion dollars in the US alone. Find out why fraudsters are so successful and what you can do to stay safe.
Trio Attempting to Commit Identity Theft Behind Bars
Monday, May 01, 2017
patch.com
After learning Sebelius was on probation, the trio were detained and a check of the vehicle uncovered numerous "credit cards, California driver's licenses, ID cards, blank business checks, issued cashier's check, a U.S. passport and other miscellaneous mail and paperwork not addressed to any of the subjects," Gaskins said.
For Mesquite Thieves, Unlocked Cars Became the Keys to Identity Theft
Monday, May 01, 2017
dallasnews.com
Police say two suspects in Mesquite turned the city's most common crime — vehicle break-ins — into a much greater opportunity, using information they found in unlocked cars to steal identities.
Man Charged With Defrauding Parents, Identity Theft
Monday, May 01, 2017
ctvnews.ca
The pair noticed many unauthorized withdrawals from their bank accounts. They soon discovered forged cheques and a new credit card opened in their names, as well as items allegedly stolen from their home.
Blind Trust in Email Could Cost You Your Home
Friday, April 28, 2017
krebsonsecurity.com
The process of buying or selling a home can be extremely stressful and complex, but imagine the stress that would boil up if — at settlement — your money was wired to scammers in another country instead of to the settlement firm or escrow company. Here’s the story about a phishing email that cost a couple their home and left them scrambling for months to recover hundreds of thousands in cash that went missing.
9 Essential Tools for the Security-Conscious Mobile Worker
Friday, April 28, 2017
cio.com
The highly digitized and hyper-connected world that we live in today has heightened the security stakes for us all. But if work frequently takes you away from the home office, you have some particular security and privacy concerns.
IRS and Immigration Officials Impersonated in Call Center Scam
Friday, April 28, 2017
darkreading.com
With stolen data and a call center based in India, a group of thieves impersonated Internal Revenue Service and US Citizenship and Immigration Services officials to scare money out of US residents.
Verizon DBIR: Ransomware Incidents Surge, Education a Hot Bed for Data Breaches
Friday, April 28, 2017
zdnet.com
Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage, and 68 percent of healthcare security threats are internal, according to Verizon's 2017 Data Breach Incident Report (DBIR).
Owner of Immigration Services Business Headed to Prison for Identity Theft
Friday, April 28, 2017
sacbee.com
The owner of an immigration services business in Gold River has been sentenced to two years in prison for an identity theft scheme that involved filing a fraudulent tax return.
Ransomware Payout Doesn't Pay Off
Friday, April 28, 2017
darkreading.com
Ransomware, ironically, is a crime based on trust. Victims pay attackers who compromise their data with an expectation it will be returned to them. Unfortunately, a growing number of ransomware targets pay thousands of dollars to get their data back, but receive nothing.
IRS Employee Indicted for Identity Theft
Friday, April 28, 2017
accountingtoday.com
A grand jury in Georgia has indicted an Internal Revenue Service employee for stealing taxpayers’ identities and filing for tax refunds with their names.
Utah Family Warns of Terrifying ‘Virtual Kidnapping’ Scam
Thursday, April 27, 2017
wnep.com
“I heard a young girl crying saying ‘daddy, daddy I'm scared,’ then the kid voice went away and a man came on and told me he kidnapped my daughter and if I ever wanted to see her again I would not tell anybody or hang up,” Weber told Fox 13. “The guy sounded serious.”
The FTC Won’t Offer to Fix Your Computer
Thursday, April 27, 2017
consumer.ftc.gov
"Some cons send pop-up computer warnings to pitch unnecessary – and sometimes harmful – tech support services. Some make phone calls. Others – like one scammer the FTC just sued – send spam emails that falsely claim the FTC hired them to help remove problem software."
Penetration Testing: DIY or Hire a Pen Tester?
Thursday, April 27, 2017
esecurityplanet.com
"A penetration test, when carried out by outside experts, is the best way to establish how vulnerable your network is from a malicious hacker attack. But while thorough, third-party penetration testing can be expensive and is effectively out of date as soon as you make changes to your infrastructure or as new vulnerabilities that affect it are discovered."
Social Security Numbers Must Be Removed From Medicare Cards by April 2019
Thursday, April 27, 2017
cnbc.com
"Under the Medicare Access and CHIP Reauthorization Act of 2015, the agency is required to remove Social Security numbers from all Medicare cards by April 2019. Earlier this year, the Centers for Medicare and Medicaid Services announced plans to begin mailing replacement cards with a new "Medicare Beneficiary Identifier," or MBI, starting in April 2018."
Cloned Cards From Car Wash Data Breach Used at Store, Deputies Say
Thursday, April 27, 2017
wspa.com
"Whatta Wash Car Wash said in a notice last week that malware was placed on its point-of-sale system and that customers who used a payment card at the business between February 20 and March 2 were warned that their card information may be at risk."
Iowa Veterans Warned of Possible Data Breach
Thursday, April 27, 2017
scmagazine.com
"On April 21, the Iowa Veterans Home (IVH) began notifying thousands of residents, former residents and applicants that their personal information may have been compromised."
1.1 Billion Identities Exposed by Cyber Criminals in Data Breaches in 2016: Symantec
Thursday, April 27, 2017
zeenews.india.com
"In 2016, there were 15 breaches that saw over 10 million identities being compromised. This number stood at 13 in 2015. The year also saw ransomware continue to escalate as a global problem and a lucrative business for criminals with 36 per cent increase in ransomware attacks worldwide."
One in Eight People Have Suffered a Healthcare Data Breach
Thursday, April 27, 2017
computerweekly.com
"One in eight consumers in England have had private medical information about them stolen from systems that lack the right level of security, according to a survey."
Millennials Are Most Likely to Fall for an IRS Scam
Wednesday, April 26, 2017
bloomberg.com
"You must pay your taxes immediately, or else," an ominous voice on the other line says before demanding a credit-card number. Most Americans roll their eyes and hang up on these scam calls, but thousands have fallen victim, and millennials are more susceptible than older generations, a new study finds.
Don't Fall for This Facebook Mother's Day Coupon Scam
Wednesday, April 26, 2017
komando.com
Facebook has become one of the world's most popular social networking sites since it rolled out in 2004. There are nearly 2 billion active monthly users worldwide. With that many users, it's no surprise that cybercriminals are always populating the site with new scams. There is a new scam circulating now that you need to know about.
Call Center Fraud Spiked 113% in 2016
Wednesday, April 26, 2017
darkreading.com
One of the catalysts for this growth comes from attackers' enhanced skill in social engineering to coax information, or inadvertent nefarious action, out of call center employees, as well as the discovery of new spoofing and voice distortion technologies to give criminals more options when using the phone, according to the report.
Phishing Attacks Responsible for Three-Quarters of All Malware
Wednesday, April 26, 2017
helpnetsecurity.com
While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means. According to the GTIR, phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organizations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level. When it comes to attacks by country, the U.S. (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks.
Is 'Admin' Password Leaving Your IoT Device Vulnerable to Cyberattacks?
Wednesday, April 26, 2017
zdnet.com
Internet-connected devices in your home or office will be vulnerable to botnets and other attacks, if you don't change the original login credentials.
City of Newark Reportedly Hit in Ransomware Attack
Wednesday, April 26, 2017
scmagazine.com
According to the report, on Friday and over the weekend the malware encrypted infected files with an RAS-2048 algorithm, and the hacker demanded a ransom payment of 24 bitcoins, or approximately $30,000. "The virus compromised our network and disrupted many services that we offer," Wainer told TAPInto Newark. "Our police services are unaffected and continue operating normally," adding that the city is in “safe mode as we inspect each service to look for security gaps."
Children Need to Be Protected From Identity Theft, Too
Wednesday, April 26, 2017
prestoncitizen.com
Citizens are bombarded with warnings to guard their personal identification numbers (PIN), review their deposit accounts daily for fraud, and shred documents that contain sensitive information before disposing of them. But seldom are we reminded that our children’s sensitive information also could be targeted by identity thieves.
How To Spot A Bitcoin Scam
Wednesday, April 26, 2017
forbes.com
According to a recent report by Zerofox, a digital risk monitoring company, there's a considerable dark side to bitcoin. Here are some ways to spot scams...
Ashley Madison Blackmail Roars Back to Life
Wednesday, April 26, 2017
zdnet.com
A group with a Ukrainian top level domain is sending out blackmail threats, using Ashley Madison information...The price for "opting out"? About $500 at today's bitcoin value. Of course, they're lying. You can't opt out. The AM data is out on the dark web, accessible by criminals, forever.
Clean Break: Block Ex-Employees' Access
Wednesday, April 26, 2017
databreachtoday.com
When an employee exits the organization, it's essential to make sure their access rights don't go with them. Too often, however, organizations fail to keep track of what individuals have access to while employed - or to monitor and refine that access as necessary. As a result, they're at greater risk of failing to spot malicious activity by insiders or former insiders who might still be accessing corporate resources.
HHS Smacks Heart Monitoring Firm With $2.5 Million Settlement
Wednesday, April 26, 2017
healthcareinfosecurity.com
The Department of Health and Human Services has smacked a mobile heart-monitoring technology firm with a $2.5 million HIPAA settlement related to findings from an investigation into a 2012 breach involving a stolen unencrypted laptop computer. The hefty fine reflects regulators finding that the organization lacked a sufficient risk analysis and risk mitigation.
72% of Employees Would Share Confidential Company Information, Finds Survey
Wednesday, April 26, 2017
tripwire.com
A new survey found that nearly three in four employees would be willing to share sensitive, confidential or regulated company information under certain circumstances. Conducted by computer tech company Dell, the end-user security survey polled over 2,600 professionals who handle confidential data at companies with 250 or more employees.
Nondigital, Analog Theft Is Main Driver in Identity Theft
Wednesday, April 26, 2017
phys.org
Although identity theft is frequently associated with mega-data breaches such as the Target breach in 2013, new research from the Center for Identity at The University of Texas at Austin has found that old-fashioned "analog" theft is the major driver in identity-related crimes. The findings, detailed in the newly released "2017 Identity Theft Assessment and Prediction Report," shed light on the criminal processes behind identity theft. The report found that approximately 50 percent of identity theft incidents analyzed between 2006 and 2016 resulted from criminals exploiting nondigital vulnerabilities, such as empty prescription drug bottles or sensitive paper documents. In other words, vulnerabilities caused by human error are often used by identity theft fraudsters.
BBB: That Email From Your Boss Could Be a Scam
Wednesday, April 26, 2017
kristv.com
According to the FBI, the CEO scam continues to evolve, targeting businesses of all sizes. Thieves send an email that appears to be from the CEO, employer or head of an organization. The email address will be identical or very similar, and may even be from an account which has been hacked. Since 2016, this scam has a combined exposed dollar loss of more than $3 billion.
Chipotle Data Breach Overshadows Big Earnings Beat
Wednesday, April 26, 2017
cnbc.com
Shares of the company rose as much as 6.8 percent after the earnings release, but the gains were erased when the company revealed it had experienced a data breach.
Bangor Mental Health Provider Details Extent of Hackers' Data Breach
Wednesday, April 26, 2017
mainepublic.org
More than 4,000 clients of a Bangor mental health provider may have had their personal information stolen through a data breach last month. A spokesman for Behavioral Health Center, David Farmer, says the compromised data includes Social Security numbers and notes on services they received.
Russian ‘Pioneer’ of Identity Theft and Card Fraud Jailed for 27 Years
Tuesday, April 25, 2017
nakedsecurity.sophos.com
He was convicted for running a vast credit card and identity theft operation from his homes in Bali, Indonesia, and Vladivostok, Russia, and for selling more than 2m credit card numbers on the black market. Losses from his crimes, which targeted 3,700 financial institutions and 500 businesses around the world, came to at least $170m. Among his prey were small businesses, some of which struggled to defend against his attacks, and some of which failed to recover at all. Court documents said that total losses could grow to billions of dollars.
Lowe's $50 Off Coupon on Facebook Is a Scam, Company Says
Tuesday, April 25, 2017
wistv.com
A coupon seen on social media offering $50 off at Lowe's for Mothers Day is not legitimate, the company stated. "These coupons are not offers extended by Lowe's," said the company in a response on its Facebook page. "It is a scam and Lowe's is unable to honor the coupon."
Raleigh Woman Loses $500 to Jury Scam
Tuesday, April 25, 2017
abc11.com
A jury scam is making the rounds once again, and this time it cost one Raleigh woman more than $500 bucks. Like many others, Joedy Black got an unexpected call about missing jury duty. The scammer told Black that she would be locked up because she didn't serve her juror summons.
Healthcare Records for Sale on Dark Web
Tuesday, April 25, 2017
csoonline.com
Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to DataBreaches.net. The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information. In the DataBreaches.net blog, the hacker “Return,” who they think is Russian, described how he compromised the Man Alive clinic: “With the help of the social engineer, applied to one of the employees. Word file with malicious code was downloaded.”
4 Industries Account for Majority of Global Ransomware Attacks
Tuesday, April 25, 2017
darkreading.com
Ransomware is rapidly on the rise and four industry sectors are taking the largest hit, accounting for 77% of the action, according to NTT Security's 2017 Global Threat Intelligence Report released today.
Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service
Tuesday, April 25, 2017
krebsonsecurity.com
A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to “Titanium Stresser,” a simple-to-use service that let paying customers launch crippling online attacks against Web sites and individual Internet users.
Caregiver Charged With Forgery, Identity Theft
Tuesday, April 25, 2017
chattanoogan.com
Special Agents with the Medicaid Fraud Control Unit of the Tennessee Bureau of Investigation have obtained indictments for a former caregiver who is charged with identity theft, abuse or neglect of an impaired adult, and forging a check of one of her clients.
Highly Confidential Psychotherapy Records From Behavioral Health Center in Bangor, Maine Listed on Dark Web
Monday, April 24, 2017
databreaches.net
In what may be the worst breach of 2017 so far in terms of highly sensitive and confidential patient records, a behavioral and mental health center in Maine recently learned that its patients’ records – including evaluations, session notes, and records of sex offenders and sex abuse victims – had not only been in the hands of one criminal, but had reportedly been sold to an unknown party for unknown purposes.
AZ Man Struggles With IRS for Decade to Try and Fix Case of Identity Theft
Monday, April 24, 2017
abc15.com
Tony Chilicas and his fiancé, Holly, are getting married in July. But their walk down the aisle will only be symbolic. Chilicas refused to make it legally official. “I don’t want her taking my last name until this is done,” he said. It’s because of another man: Jorge Campos Ramirez. But this isn’t some messy love triangle. It’s an unbelievable case of identity theft that’s messed with Chilicas’ life for a decade.
6 Factors Impacting Identity Theft Risks
Monday, April 24, 2017
cutimes.com
The threats posed by cyber attacks and identity theft continue to grow as cyber criminals always seem to be on offense while consumers and insurers are on defense.
Indian Police Allege IRS, FBI, Other Law Enforcement Not Interested in Phone Scam Arrests
Monday, April 24, 2017
forbes.com
Taxpayers across the country breathed a sigh of relief after the arrest of Sagar Thakkar, a 24-year-old Indian man accused of running those Internal Revenue Service (IRS) phone scams. Indian police arrested Thakkar earlier this month, claiming he was the mastermind behind the scam where callers posed as IRS agents to collect bogus tax debts. According to the local police, the lack of response from American law enforcement authorities familiar with the investigation has been deafening.
Russian Hacker Behind Kelihos Botnet Indicted in U.S.
Monday, April 24, 2017
news.softpedia.com
Russian hacker Peter Levashov was indicted on eight counts of fraud, conspiracy, and identity theft. Levashov, who was arrested in Spain early this month, is believed to be Severa, the hacker behind the Kelihos botnet, one of the largest spam operations in the world. The indictment comes from a federal grand jury in Connecticut, which came together on Friday in order to lay out all accusations the US has against Levashov.
Fake Delta Airline Receipts Spread Financial Malware
Monday, April 24, 2017
news.softpedia.com
The phishing email is specifically constructed to make you curious. There is no information about the flight included, which is something that such emails normally contain, but there is a link that you are urged to follow. On the other hand, if you pay attention to the email you've received, you'll notice that the email address is wrong, as it comes from @deltaa, instead of @delta.com. Similarly, if you're a frequent Delta flyer, you'll know the legitimate emails from the airline look a bit different.
The Backstory Behind Carder Kingpin Seleznev’s Record 27 Year Prison Sentence
Monday, April 24, 2017
krebsonsecurity.com
Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev’s record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial.
New Password Guidelines Say Everything We Thought About Passwords Is Wrong
Monday, April 24, 2017
venturebeat-com.cdn.ampproject.org
When I recently discovered a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology), I was amazed about the number of very progressive changes they proposed. Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals use them as base standards and best practices when forming policies for their companies. Thus, another fact I was surprised about was a lack of attention to this document, finalized March 31, from both official media and the blogosphere. After all, those changes are supposed to affect literally everyone who browses the Internet. Here is a quick look at the three main changes the NIST has proposed.
Is Identity Theft Protection Worth It?
Monday, April 24, 2017
usatoday.com
Many turn to identity theft service providers. It's a market worth $3 billion, according to the research firm IBISWorld. According to the Government Accountability Office, about 50 to 60 companies provide these services. But do they work? That was the question posed in a recent GAO study. Its report described four types of identity theft services -- credit monitoring, identity monitoring, identity restoration and identity theft insurance.
Sheriff: Thousands of Victims Affected by Identity Theft Scheme
Friday, April 21, 2017
kcbd.com
Lubbock County Sheriff Kelly Rowe said his office has discovered a massive identity theft scheme with 14,000 victims.
Ignoring a WhatsApp Scam
Friday, April 21, 2017
nytimes.com
Q. I signed up for WhatsApp out of curiosity last year but never used it. Today I got an email message about someone sending me a WhatsApp voice mail. Is this for real?
Beware of a New Scam Involving "Relatives" and Gift Cards
Friday, April 21, 2017
cbsnews.com
In a new twist on an old phone scam, criminals are preying on family ties by asking people to buy gift cards to help relatives they falsely claim are in trouble.
'Trust Attacks' Fueled by IoT Risks
Friday, April 21, 2017
bankinfosecurity.com
So-called "trust attacks" aren't waged for financial gain. They're waged to compromise data, data integrity and to expose sensitive information. Darktrace CEO Nicole Eagan says trust attacks will be among our greatest IoT worries in 2017, because organizations are likely to see attackers using machine learning and artificial intelligence to turn internet-connected devices against us.
Cybersecurity Firm Exposed Non-Anonymized Hospital Data in Demos
Friday, April 21, 2017
scmagazine.com
Cybersecurity startup Tanium is in hot water after exposing non-anonymized network data from a California hospital during live product demonstrations and online videos. The hospital is one of Tanium's clients and while the firm says that it had permission to use the hospital's environment, the company's Chief Executive Officer Orion Hindawi admitted in an open letter to its consumers that the firm “should have done better anonymizing that customer's data.”
Fake Marine Sentenced in Identity Theft
Friday, April 21, 2017
wrn.com
In a case that was less about “Semper Fi” and more about semper fib, a man who pretended to be a U.S. Marine in order to rip off local businesses in Menomonee Falls has been sentenced to three years in prison.
Identity Theft Ring That Used Stolen IDs to Buy Cars
Friday, April 21, 2017
wsoctv.com
Investigators say the suspects created fake driver’s licenses and included their picture. They presented the IDs with a fraudulent credit application, deputies said. The suspects got busted when deputies said they used the same driver’s license number in back-to-back in two weeks, using different names.
Tax Scam: A Game of Speed and Numbers
Wednesday, April 19, 2017
gcn.com
“Tax season is the perfect opportunity for cybercriminals to monetize data obtained from relatively low effort phishing, like the W-2 scam,” said David Vergara, head of global product marketing for VASCO Data Security. “The volume of tax activity, coupled with the speed in which they submit fraudulent returns, makes it virtually impossible for the IRS to catch it all." Cybercriminals who file fraudulent tax returns before the taxpayer and can successfully repeat the process get the biggest prize, he added: “It’s a game of speed and numbers.”
Job Seekers on ZipRecruiter Being Targeted by Scams via Email and Text
Wednesday, April 19, 2017
csoonline.com
Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.
Jodi Gissel: Fighting Fraud
Wednesday, April 19, 2017
acamstoday.org
The Justice for Fraud Victims Project (JFVP) began at Marquette University in the fall of 2014, based on a program that originated at Gonzaga University. The JFVP partners the University’s Department of Accounting with local law enforcement and the district attorney’s office in order to provide fraud examination services to smaller organizations in the Milwaukee area that are in need of these services. Fraud investigations are costly. Smaller organizations often cannot afford them and law enforcement generally has limited resources available to provide the necessary in-depth investigation of financial records. The JFVP has accounting students, working under the guidance of a professional forensic examiner mentor, who complete the fraud investigation; thereby gaining valuable experience with an actual fraud examination and providing a valuable service to the community.
Advanced, Low-Cost Ransomware Tools on the Rise
Wednesday, April 19, 2017
darkreading.com
Malware developers keep making it easier for even the most broke and technically inept bad guys to jump on the ransomware craze with cheap and user-friendly tools that are bound to fuel plenty more computer blackmail attacks in 2017. The latest evidence of the trend comes from a report out today of a new variant offered up by Russian cybercriminals through a software-as-a-service delivery mechanism that costs criminals only $175 to get started.
InterContinental Hotel Chain Breach Expands
Wednesday, April 19, 2017
krebsonsecurity.com
IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
Man Pleads Guilty to ID Theft in Which He Stole $150G in Unemployment Benefits
Wednesday, April 19, 2017
nydailynews.com
A Bronx man already on probation for texting a terror threat to Emirate Airlines in 2013 is headed to prison for stealing the identities of multiple people and filing fake unemployment claims.
Florida Men Sentenced in Identity Theft Crimes Against New Yorkers
Wednesday, April 19, 2017
wellsvilledaily.com
The fraudsters had also repeatedly contacted the Tax Department call center in Albany. Investigators were able to listen to the recordings and crack the fraud scheme. They traced the calls and computer traffic used to create the false OLS accounts to the exact location where Mirville and Jacques were operating. This provided sufficient evidence to support issuance of a search warrant.
This Google Chrome and Firefox Phishing Scam Is ‘Practically Impossible to Spot’
Wednesday, April 19, 2017
fortune.com
The attack is a variety of phishing, an age-old con that involves tricking people into trusting a malicious website by directing them to a malicious link or, alternatively, into downloading a booby-trapped computer file. The hackers then steal the victims' passwords or install malware on their computers.
Former Bank Officer Pleads in Identity Theft Case
Tuesday, April 18, 2017
ozarkradionews.com
The crimes occurred when Smith was a bank loan officer and compliance officer at Community Bank in Summersville. In his guilty plea, Smith admitted taking out loans worth $81,040 between 2015 and June 2016, using bank customers’ names, their bank account information and social security numbers without their permission. He then transferred the money to his personal account and spent it on gambling or personal expenses. He also admitted using his mother’s and brother’s personal information to apply for about $70,000 in loans without their approval in 2010 and 2011 to pay for gambling.
Identity Theft Isn’t Just for the Living
Tuesday, April 18, 2017
natlawreview.com
With income tax season upon us, we are inundated with warnings from the IRS to take extra caution when filing our individual income tax returns with identity theft on the rise. But identity theft also happens to decedents.
Five Reasons to Worry About the ShadowBrokers Hack
Tuesday, April 18, 2017
thehill.com
WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential. Since August, the group has been dropping apparent NSA hacking tools, outing NSA operations and possible endangering the public. If you haven’t been paying attention to the ShadowBrokers, here are five reasons to start.
Hackers Dump 1.7 Million Snapchat Users Data on Dark Web
Tuesday, April 18, 2017
news.softpedia.com
Anonymous Indian hackers are taking revenge on Snapchat's CEO and claim to have leaked a database containing the credentials of 1.7 million users.
Identity Thief Faces Potential 22-Year Prison Sentence
Tuesday, April 18, 2017
darkreading.com
A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
How to Block Robocalls Once and For All (video)
Tuesday, April 18, 2017
nbcnews.com
Robocallers made 2.5 billion calls in March alone. Tom Costello shares tips for how you can block robocalls and spam text messages.
How to Stop Those Annoying, Endless Robocalls to Your Smartphone
Tuesday, April 18, 2017
9news.com
According to the Federal Communications Commission, there are nearly 2.4 billion robocalls made every month. That’s more than 7 calls per person, according to new research from the YouMail Robocall Index. At best, the calls are frustrating. At worst, they’re robbing us blind. So what can we do about it once and for all?
Border Agents Can Legally Search Electronic Devices
Tuesday, April 18, 2017
govtech.com
While the Fourth Amendment typically protects people around the country from unreasonable searches without warrants, agents along the Canadian and Mexican borders can search all travelers’ belongings, including electronic devices, with or without reasonable suspicion or a warrant.
Identity Theft Suspect Tripped up by Ancestry.Com
Tuesday, April 18, 2017
yorkdispatch.com
A Texas man on the run for more than two decades after escaping from a prison halfway house stayed under the radar by stealing and assuming a dead baby's identity, according to federal court documents...Vincent's scheme unraveled when an aunt of the real Nathan Laskoski added the dead boy's name to the family's lineage at Ancestry.com and discovered someone with the same name had already been entered on the genealogy website, linked to several marriages and homes in multiple states, according to documents.
Georgia Voters’ Personal Data at Risk in Cobb Theft
Tuesday, April 18, 2017
ajc.com
State officials are investigating the theft last week of equipment from a Cobb County precinct manager’s car that could make every Georgia voters’ personal information vulnerable to theft. The equipment, used to check-in voters at the polls, was stolen Saturday evening, Secretary of State Brian Kemp said Monday. Cobb County elections director Janine Eveler said the stolen machine, known as an ExpressPoll unit, cannot be used to fraudulently vote in Tuesday’s election but that it does contain a copy of Georgia’s statewide voter file. “We have managed that so that what’s stolen could not impact the election,” Eveler said. While the file includes drivers’ license numbers, addresses and other data, it does not include Social Security numbers, Eveler said.
Cybercrime—From Inside an Ohio Prison
Tuesday, April 18, 2017
networkworld.com
According to local news reports that blew up over the internet last week, at least five prisoners built a pair of working PC out of parts scavenged from e-waste as part of a program designed to teach computer skills by having inmates break down end-of-life computers and recycle the parts. The inmates smuggled the PCs to a training room, hid them in the ceiling and then ran wiring to connect to the prison network...they attempted to use the machines for a number of cybercrimes, including identity theft of another inmate serving a long sentence, applying for multiple credit and debit cards in his name. One of the inmates even used the computers to send text messages to his mother, telling her where to go pick up the fraudulently obtained cards.
SWIFT Warns on Vendor Security After Documents Leaked by Hackers
Tuesday, April 18, 2017
reuters.com
SWIFT, the global bank messaging system, on Monday advised clients to pay close attention to security when selecting firms to help them access the network following the release of data that suggested the U.S. government sought to spy on their clients...A hacking group calling itself the Shadow Brokers on Friday released files that cyber security experts said suggest the U.S. National Security Agency sought to monitor messaging traffic by hacking into the networks of two firms in the Middle East and Latin America known as service bureaus, which help SWIFT clients access SWIFT.
Microsoft Addresses Shadow Brokers Exploits
Tuesday, April 18, 2017
us-cert.gov
The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.
Cuban National Pleads Guilty in Tax Scam That Used Stolen UPMC IDs
Tuesday, April 18, 2017
post-gazette.com
Assistant U.S. Attorney Greg Melucci said today that Llanes was part of a network of conspirators who took advantage of tens of thousands of UPMC W-2 forms that hackers stole and sold on the darknet, an encrypted web marketplace for cyber criminals.
Two-Thirds of Seniors Are Scam Victims
Tuesday, April 18, 2017
thefranklinnewspost.com
A new survey by Home Instead, Inc. found that two-thirds (67 percent) of U.S. seniors have been the victim or target of at least one common online scam or hack. In addition, more than a third (38 percent) report that someone has tried to scam them online, and 28 percent of surveyed seniors have mistakenly downloaded a computer virus.
Nigerian Wanted by FBI for $5 Million Email Scam
Tuesday, April 18, 2017
africanews.com
32-year-old Kelechi Declan James, suspected to be in New York City, is alleged to have run a business e-mail compromise scheme that resulted in victims losing more than $5 million. “As part of the scheme, James and his co-conspirators defrauded victims across the U.S. by tricking them into wiring money to bank accounts the victims believed were owned by family members, friends, or business associates,” the FBI said in a statement last week.
Health Savings Account Fraud: The Rapidly Growing Threat
Monday, April 17, 2017
darkreading.com
While information security and anti-fraud teams remain on high-alert for potential indicators of income tax fraud, given the rapidly approaching April 18th filing deadline, a lesser-known yet serious threat with ties to both income tax fraud and 2016’s healthcare breaches continues to emerge: health savings account fraud.
Shoney’s Hit by Apparent Credit Card Breach
Monday, April 17, 2017
krebsonsecurity.com
Multiple sources in the financial industry say they’ve traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney’s, a 70-year-old restaurant chain that operates primarily in the southern United States.
EFF Releases Spying on Students Ed Tech Report
Monday, April 17, 2017
eff.org
"They are collecting and storing data to be used against my child in the future, creating a profile before he can intellectually understand the consequences of his searches and digital behavior." This was the response of one parent to an online survey EFF conducted to learn more about the use of mobile devices and cloud services in K-12 classrooms across the country—so called education technology or “ed tech.” Today, EFF released a report entitled “Spying on Students: School-Issued Devices and Student Privacy” that summarizes the results of this survey.
Virus Knocks Erie County Medical Center Offline for Days
Monday, April 17, 2017
healthcareitnews.com
The entire computer system of Buffalo-based Erie County Medical Center and its Long-Term Care at Terrace View facility was shut down early April 9, after a virus was detected on the system. While it was primarily the email system hit with a virus, ECMC took the whole system offline to prevent spreading the virus, officials said in a statement. As of Thursday morning, parts of the computer system were still offline. Hospital officials wouldn’t comment if the virus was ransomware.
9 Ways to Protect Your Aging Parent From Identity Theft
Monday, April 17, 2017
forbes.com
When Peter’s father became too infirm to live independently, Peter took on the job of moving him into an assisted living facility. Using his power of attorney, Peter then began to dig into his father’s financial records. What he found shocked him. His father had become an unsuspecting victim of identity theft.
How to Spot a Skimmer and Avoid Identity Theft
Monday, April 17, 2017
abc13.com
Skimming devices are used by criminals to secretly capture credit and debit card data from unsuspecting users. Once the credit/ debit data is captured, the data is downloaded and then used for fraudulent transactions. The data can be sold, immediately used for online purchases or re-encoding and creation of counterfeit credit/debit cards.
Westminster College Reports Employee Data Breach
Monday, April 17, 2017
columbiatribune.com
The breach of employee information was discovered March 26, according to a statement from Lana Poole, vice president and chief communications officer at Westminster. Poole said the breach was the result of a phishing scam and was reported to law enforcement authorities.
Researchers Find Data Breaches More Likely at Large Teaching Hospitals
Monday, April 17, 2017
baltimoresun.com
Large health care providers and teaching hospitals face a greater risk of having their medical records compromised by hackers, researchers say in a new study published in the Journal of the American Medical Association.
Fifth Person Pleads Guilty in $5 Million ID Theft Case
Thursday, April 13, 2017
darkreading.com
A Russian national has been arrested in connection with a payment card fraud scheme between 2014 and 2016 that led to $5 million in losses to businesses including an airline and two healthcare administrators. The fifth person to be arrested in the case, Irina Fedoseeva, was allegedly responsible for cheating victims out of $225,000 through illegal use of their payment cards, the US Department of Justice said.
Police Stumble Onto Apparent Major Fraud Ring During Traffic Stop
Thursday, April 13, 2017
onlineathens.com
A man last week may have inadvertently led authorities to uncover a major fraud ring in which manufactured fraudulent credit cards were used to illegally purchase thousands of dollars’ worth of merchandise and services in at least two states.
LinkedIn Scam Wants Job Seekers to Hand Over Their CVs
Thursday, April 13, 2017
tripwire.com
Fraudsters have designed a new LinkedIn scam that uses phishing emails and a fake website to trick job seekers into handing over their CVs.
Norton Schools Computer System Hacked
Thursday, April 13, 2017
thesunchronicle.com
The school department is seeking an emergency transfer of $43,000 to upgrade its computer security after its system was hacked last month, causing files to freeze, Superintendent Joseph Baeta said Wednesday. Baeta said the hack happened on March 15 when someone opened an email that contained “ransomware.” The hackers sought to get the school department to pay a ransom for it to unlock the files, he said.
Internet Privacy Fight Enters New Phase
Thursday, April 13, 2017
thehill.com
The fight over internet privacy is entering a new stage. The Republican chairman of the Federal Communications Commission is moving to roll back his agency's net neutrality rules, a plan critics warn could deal another blow to online privacy protections. It comes on the heels of Republicans repealing Obama-era rules that would have required internet service providers to get customer consent before sharing their data, putting digital privacy back in the national spotlight. Both sides are quickly gearing up for the next fight.
Detecting Insider Threats Is Easier Than You Think
Thursday, April 13, 2017
cio.com
The biggest factor to deter insider risks is to give ongoing security awareness training to all employees, said Scottie Cole, network and security administrator at AppRiver. “This trains employees on what is expected of them and provides them the signs to identify a risk. Insider risk teams should also have ongoing assessments and auditing of company assets can help identify risks that would otherwise be ignored.”
SWIFT Codes Targeted in Union Bank of India Cyberattack
Wednesday, April 12, 2017
scmagazine.com
Hackers launched an attack against the Union Bank of India that was very similar to the Bangladesh bank heist that resulted in the theft of $81 million last year. The attack against the Union Bank started in July 2016 when scammers sent an email containing a malicious attachment to an employee at the Union Bank of India, Reuters reported citing the Wall Street Journal. The employee opened the email, which initiated malware that stole Union Bank's Society for Worldwide Interbank Financial Telecommunication (SWIFT) codes that are necessary to transfer funds. The hackers then used the codes to send instructions to transfer $170 million to a Union Bank account at Citigroup Inc in New York however, Union Bank was able to spot the fraud and block the transfer.
Budget Woes Hinder US Cybersecurity Buildup
Wednesday, April 12, 2017
thehill.com
Experts and officials are warning of the negative effects that another stopgap funding bill would have on cybersecurity as Congress finds itself embroiled in another budget showdown.
Easter Holiday Phishing Scams and Malware Campaigns
Wednesday, April 12, 2017
us-cert.gov
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns...
Tax Season Surprise: W-2 Fraud
Wednesday, April 12, 2017
darkreading.com
What was once a scam known for exclusively targeting the corporate world has expanded to other sectors, including school districts, tribal organizations, and nonprofits. W-2 fraudsters show no prejudice — regardless of geographic location, industry, and organization size, we're seeing employees across the spectrum fall victim.
Phishing with a Light Touch: Advances in Social Engineering
Wednesday, April 12, 2017
scmagazine.com
At the heart of every phish that lands in users' inboxes is a social engineering job -- an attempt to con gullible users into believing claims that are contrary to reality and then persuade them to take dangerous actions based on their belief in a lie.
How the FBI Took Down Russia’s Spam King—and His Massive Botnet
Wednesday, April 12, 2017
wired.com
One of the world’s most notorious spammers appears to have been tripped up by a basic cybersecurity no-no, according to the FBI: He used the same log-in credentials to both run his criminal enterprise and also log into sites like iTunes.
Ransomware Attack on Texas Pediatric Provider Exposes Data of 55,000 Patients
Wednesday, April 12, 2017
healthcareitnews.com
A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers.
Hundreds of W-2s Stolen From City of San Marcos
Wednesday, April 12, 2017
statesman.com
Confidential information of more than 800 current and former city of San Marcos employees has been compromised after one employee fell for a phishing scam.
Amazon’s Third-Party Sellers Hit by Hackers
Monday, April 10, 2017
wsj.com
In recent weeks, attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each, according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven’t used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash, those people say.
Alleged Spam King Pyotr Levashov Arrested
Monday, April 10, 2017
krebsonsecurity.com
Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins...Levashov is currently listed as #7 in the the world’s Top 10 Worst Spammers list maintained by anti-spam group Spamhaus. The U.S. Justice Department maintains that Severa was the Russian partner of Alan Ralsky, a convicted American spammer who specialized in “pump-and-dump” spam schemes designed to artificially inflate the value of penny stocks.
Symantec Attributes 40 Cyber Attacks to CIA-Linked Hacking Tools
Monday, April 10, 2017
reuters.com
Past cyber attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by the Web publisher Wikileaks, the security researcher Symantec Corp (SYMC.O) said on Monday. That means the attacks were likely conducted by the U.S. Central Intelligence Agency. The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.
Spain Arrests Russian Thought to Be Kingpin of Computer Spam
Monday, April 10, 2017
nytimes.com
The initial reports in Russian news media of Mr. Levashov’s arrest did not say if he was suspected by United States intelligence agencies of being involved in attempts by Russian government hackers to meddle in the 2016 American presidential election. The American intelligence agencies have said Russian hackers broke into the servers of the Democratic National Committee and the email of Hillary Clinton’s campaign chairman and released documents in an effort to sway the election toward Donald J. Trump. But computer researchers who have linked the long-running computer spam business of the man known as Peter Severa to malware used in 2012 to influence a domestic election in Russia say his arrest could give other investigations important information.
Hacking Attack Woke Up Dallas With Emergency Sirens, Officials Say
Monday, April 10, 2017
nytimes.com
Officials in Dallas said the city’s warning system was hacked late on Friday night, disrupting the city when all 156 of its emergency sirens sounded into the early hours of Saturday morning. The alarms, which started going off around 11:40 p.m. Friday and lasted until 1:20 a.m. Saturday, created a sense of fear and confusion, jarring residents awake and flooding 911 with thousands of calls, officials said.
Teaching Hospitals at Greater Data Breach Risk
Monday, April 10, 2017
darkreading.com
Research on data breaches at hospitals has revealed that those with major teaching facilities and more beds were at greater breach risk, says a Johns Hopkins University report.
Former Allegro Worker Accused of Inserting ‘Time Bomb’ in Company Network
Monday, April 10, 2017
telegram.com
On January 31, 2016, Mr. Patel allegedly trespassed onto the grounds of Allegro to come within the wireless network’s range. Once in range, and using the secondary notebook from Allegro, Mr. Patel allegedly used the password for another employee of Allegro, to gain access to the company’s network. He then allegedly used a system administrator logon and password to upload and insert the malicious Oracle programming code to Allegro’s finance module.
Wells Fargo to Claw Back $75 Million From Former Executives
Monday, April 10, 2017
nytimes.com
In a scathing, 113-page report that made it clear that all the warning signs of the problem had been glaring, the board released the results of its six-month investigation into the conditions and culture that prompted thousands of Wells Fargo employees to create fraudulent accounts in an effort to meet aggressive sales goals.
Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers
Friday, April 07, 2017
chronicle.com
Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa, according to the IRS commissioner, John Koskinen, who testified on Thursday before the Senate Finance Committee.
Alert: New Highly Customized Phishing Attack Has a 90% Open Rate
Friday, April 07, 2017
blog.barkly.com
Researchers at Barracuda Networks have uncovered a new wave of sophisticated phishing attacks with one of the highest initial success rates they've ever seen.
Cybercriminals Seized Control of Brazilian Bank for 5 Hours
Friday, April 07, 2017
darkreading.com
Cybercriminals for five hours one day last fall took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an intricate attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure.
Mac Malware Grew 744% in 2016, Says McAfee Report
Friday, April 07, 2017
9to5mac.com
The latest McAfee Threat Report shows that macOS malware grew by 744% in 2016, with around 460,000 instances detected. Behind the headline number, though, are a couple of reassuring facts.
Scottrade Bank Data Breach Exposes 20,000 Customer Records
Friday, April 07, 2017
csoonline.com
Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc., recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to the public.
Dems Ask Treasury Chief for Cyber Briefing
Friday, April 07, 2017
thehill.com
Democratic lawmakers are requesting a briefing on the Treasury Department’s cybersecurity efforts, expressing alarm over nation-state cyberattacks targeting the financial sector. Reps. Robin Kelly (D-Ill.) and Jim Himes (D-Conn.) wrote to Treasury Secretary Steve Mnuchin on Thursday warning of the “rapid spread of cyber-attacks on the American banking and financial services industries by foreign actors.” They singled out North Korea, expressing concern that Pyongyang could use cyberattacks on banks and financial services institutions to fund its missile and nuclear programs.
Wikileaks Posts CIA Documents on Ways to Install Malware
Friday, April 07, 2017
thehill.com
WikiLeaks on Friday published a new package of leaked CIA documents outlining the Grasshopper framework, a customizable malware installer.
Scammers Phishing for Financial Credentials on Twitter
Friday, April 07, 2017
csoonline.com
Scammers are using Twitter as a vehicle to target people looking for customer support or asking general questions. They interject themselves into legitimate discussions, offering friendly chatter and a link that directs the target to a Phishing page designed to harvest credentials. On Twitter, someone – or perhaps a group of people – are following support accounts for large financial institutions and watching their interactions with customers. Depending on the question asked, the scammers will respond to the customer (usually after the official account has) and direct them to take 'additional' measures. Social Engineering is a powerful tool, and given the right construct it can be hard to detect or defend against.
Don't Pay Ransoms. But If You Must, Here's Where to Buy the Bitcoins
Tuesday, April 04, 2017
csoonline.com
Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy. Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do? First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong. Instead, go to a reputable exchange.
Report: China-Based Cyber Campaign Targeting Managed IT, Cloud Services
Tuesday, April 04, 2017
thehill.com
A new report suggests a China-based espionage campaign is targeting managed IT service providers and cloud service providers in an attempt to spy on those firms' clients, including diplomatic and political organizations and companies' intellectual property. PriceWaterhouseCoopers and BAE Systems collaborated on the report, detailing a threat nicknamed "Operation Cloud Hopper."
Woman Learns of Identity Theft When Doctor Tells Her She's Pregnant
Friday, March 31, 2017
wlos.com
An Asheville woman is cleaning up her record after her identity was stolen last fall by a pregnant woman. Rhonda Proffitt went to the doctor in October. To her surprise, they asked her how her baby was.
OPM Pays Too Much Protecting Breach Victims From Identity Theft, Watchdog Says
Friday, March 31, 2017
nextgov.com
The Office of Personnel Management is probably shelling out too much money for identity theft insurance for current and former federal employees compromised in the agency’s massive 2015 data breach, a government watchdog said Thursday.
Protecting Your Digital Life in 8 Easy Steps
Friday, March 31, 2017
nytimes.com
There are more reasons than ever to understand how to protect your personal information. Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer. And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.
Post-FCC Privacy Rules, Should You VPN?
Friday, March 31, 2017
krebsonsecurity.com
Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they’re looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move.
GAO: Identity Theft Services Study - March 2017
Friday, March 31, 2017
gao.gov
GAO was asked to examine issues related to identity theft services and their usefulness. This report examines, among other objectives, (1) the potential benefits and limitations of identity theft services, and (2) factors that affect government and private-sector
decision-making about them. GAO reviewed products, studies, laws, regulations, and federal guidance and contracts, and interviewed federal agencies, consumer groups, industry stakeholders, and eight providers selected because they were large market participants.
Custom Phishing Attacks Grow as Crooks Create Fake Flight Confirmations, Receipts
Friday, March 31, 2017
zdnet.com
Well-researched attacks designed for cyber espionage and malware distribution specifically target those who regularly use air travel.
A Quick Guide to Backing Up Your Critical Data
Friday, March 31, 2017
nytimes.com
It’s World Backup Day, which is another way of saying it’s a good time to safeguard your digital photos, videos, documents and emails by creating second copies, or backups, of them and storing them somewhere secure.
Warning for Taxpayers: Identity Theft During Tax Season
Friday, March 31, 2017
baltimore.cbslocal.com
Thousands across Maryland have fallen victim to identity theft. Criminals steal information to file tax returns. State comptroller Peter Franchot says there’s at least 2,000 victims already. It’s that time of the year. While millions nationwide are waiting to find out just how much money they’ll get back, criminals are hacking away, trying to steal identities and cash in on tax returns in Maryland.
Beware This Simple Scam Targeting Job Seekers
Thursday, March 30, 2017
inc.com
In this fourth version of the "473 Scam," criminals post "help wanted" type ads on various online bulletin boards or physical job boards around a city - advertising jobs that are likely to be attractive with their intended target audience; the ads note, of course, that in order to obtain more information or to apply one should "call for more information."
IBM on the State of Network Security: Abysmal
Thursday, March 30, 2017
networkworld.com
The state of online security is darn dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years.
White House Extends Obama Executive Order on Cyber Threats
Thursday, March 30, 2017
thehill.com
"Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," reads the letter.
Avoiding ID Theft: Keeping Your Personal Information Safe
Thursday, March 30, 2017
The Costco Connection
"If you just took the time to look at your finances you would be able to head off a major problem," says Rob Douglas, a nationally recognized identity theft and information security consultant (identitytheft.info). "It's mind-blowing to me how many people don't do it." Account takeover fraud, card-not-present fraud, new account fraud and W-2 fraud are damaging forms of ID theft, and you should know how they work. We collaborated with Douglas to unpack this topic.
Scammers Scare iPhone Users Into Paying to Unlock Not-Really-Locked Safari
Thursday, March 30, 2017
csoonline.com
Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken. The flaw, fixed in Monday's iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.
None of Us Are Safe From Getting ‘Owned’
Thursday, March 30, 2017
nytimes.com
In the escalating rhetoric of public shaming, being embarrassed online is tantamount to being wiped from the face of the earth. Whenever a late-night host upbraids a public figure in a monologue or a pundit bests another in a Twitter fight, onlookers crowd around to declare the loser DESTROYED! or EVISCERATED! or ETHERED! or ANNIHILATED! But alongside these symbols of destruction has risen another, more apt metaphor for the dynamics of the modern media power play. In this one, the defeated party wasn’t killed, but possessed: They got OWNED.
Senators Move to Bolster Cyber Resources for Small Businesses
Thursday, March 30, 2017
thehill.com
Five senators introduced legislation on Wednesday that would direct the National Institute of Standards and Technology (NIST) to consider small businesses when updating its cybersecurity framework and offer consistent resources for small businesses that decide to use the framework.
New Berlin Man Charged With Identity Theft, Accused of Luring Young Girls Online
Thursday, March 30, 2017
tmj4.com
Forty-four-year-old Craig Miller is charged with 18 counts including identity theft, and is accused of stealing a teenage boys photos to sexually exploit underage girls on the internet. Police said one of the teens he lured attempted suicide over the ordeal, prompting police to look into the case. Police identified photos of underage victims who live in Indiana, Colorado, Kentucky and Fond du Lac, Wisconsin.
Trenton-Area Post Office Struck by Anthrax Gets Ensnared in Identity Theft Scheme
Thursday, March 30, 2017
trentonian.com
The prominent mail processing facility off Route 130 that suffered from a crippling anthrax attack nearly 16 years ago has now been identified as the base of operations for an employee’s alleged thievery.
3 Charged in $40K Identity Theft Scheme
Thursday, March 30, 2017
pennlive.com
The suspects are accused of using a Connecticut man's identity to open bank accounts and take out $40,000 in loans with an S&T Bank in Cambria County between Wednesday and Tuesday. After opening the accounts, state police in Ebensburg said the men applied for loans with the bank. After the loans were approved, the suspects received a check for $40,000, according to police.
If You Want to Stop Big Data Breaches, Start With Databases
Thursday, March 30, 2017
wired.com
Over the past few years, large-scale data breaches have become so common that even tens of millions of records leaking feels unremarkable. One frequent culprit that gets buried beneath the headlines? Poorly secured databases that connect directly to the internet.
FBI Warns of Attacks on Anonymous FTP Servers
Wednesday, March 29, 2017
networkworld.com
The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information. While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade. The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.
Study Finds Devices Are Not Wiped Properly
Wednesday, March 29, 2017
csoonline.com
Smartphones and tablets among those found on second-hand market with Personally Identifiable Information.
Millions of Stolen U.S. University Email Credentials for Sale on the Dark Web
Wednesday, March 29, 2017
darkreading.com
Stolen email addresses and passwords from the largest US universities are offered for sale on the Dark Web at anywhere from $3.50 to $10 apiece. But that's only a snapshot of a lucrative underground market for pilfered – and even spoofed and phony - student, faculty, staff, and alumni email credentials, according to new research published today by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities.
The House Voted to Wipe Out the FCC’s Landmark Internet Privacy Protections
Wednesday, March 29, 2017
washingtonpost.com
House Republicans voted overwhelmingly Tuesday, by a margin of 215-205, to repeal a set of landmark privacy protections for Web users, issuing a sweeping rebuke of Internet policies enacted under the Obama administration. It also marks a sharp, partisan pivot toward letting Internet providers collect and sell their customers' Web browsing history, location information, health data and other personal details. The measure, which was approved by a 50-48 margin in the Senate last week, now heads to the White House, where President Trump is expected to sign it.
Beware of Evolving Income Tax Scams
Wednesday, March 29, 2017
usatoday.com
Income tax identity theft continues to be a big problem for the IRS and the individual victims of this crime. It happens when a criminal who has managed to steal someone’s Social Security number files an income tax return on behalf of that person using a counterfeit W-2 and then tricks the IRS into sending a fraudulent refund to the income tax identity thief.
Cyber Criminals Targeting Healthcare Orgs’ FTP Servers
Wednesday, March 29, 2017
helpnetsecurity.com
FBI’s Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes.
Apple Attributes Alleged iCloud Hack to Password Reuse
Wednesday, March 29, 2017
esecurityplanet.com
An unnamed person who's seen the data held by the hackers told Fortune that many of the email addresses and passwords match data from the LinkedIn breach that was disclosed last year.
Facebook Live Location Service Raises Privacy, Safety Concerns
Wednesday, March 29, 2017
scmagazine.com
Cybersecurity experts are questioning whether Facebook's addition of Live Location to its Messenger texting app will pose a privacy issue for its users.
VPNs Won’t Save You from Congress’ Internet Privacy Giveaway
Wednesday, March 29, 2017
wired.com
You’ll need to take your online privacy into your own hands. Several technical workarounds—especially virtual private networks, or VPNs—will return some semblance of control to you, the internet user. But even these solutions are far from perfect. When it comes to privacy, tech can help. But it doesn’t take the place of having the law on your side.
Woman Charged With Identity Theft
Wednesday, March 29, 2017
wiscnews.com
An Illinois woman is facing criminal charges in Sauk County for allegedly purchasing stolen credit card information online and having it transferred to fake cards that she used.
One of the Most Dangerous Forms of Ransomware Has Just Evolved to Be Harder to Spot
Wednesday, March 29, 2017
zdnet.com
Identified by Trend Micro, the new Cerber variant is - like most ransomware - delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox controlled by the attackers which downloads and self-extracts the Cerber payload.
Significant Data Breach Impacts Job Applicants in 10 States
Tuesday, March 28, 2017
govtech.com
According to an America's JobLink Alliance press release, millions of job-seekers in at least 10 states may have had their sensitive information accessed by hackers. The incident allowed unauthorized access to the names, Social Security numbers, and dates of birth of persons in their database. The access occurred between Feb. 23 and March 14, 2017.
Security? What Security? Four Million Data Records Are Stolen or Lost Every Day
Tuesday, March 28, 2017
zdnet.com
Nearly 1.4 billion data records were stolen by hackers or lost during 2016 - almost double the number which were comprised the previous year and indicating the ever growing threat posed not only by cyberattackers but accidental data breaches and malicious insiders.
Why It's a Good Idea to Clear Your Browser History and Cookies
Tuesday, March 28, 2017
grahamcluley.com
You've probably heard someone at one point tell you to delete your cookies/browsing history and/or clear your cache when you were experiencing technical issues online. In this article, I will discuss why users might consider deleting and clearing these elements at least periodically (if not regularly).
Washington University Med School Hit by Phishing Attack, Patient Info May Have Been Accessed
Tuesday, March 28, 2017
ksdk.com
A third party may have gained unauthorized access to patient information — including names, birth dates and social security numbers — after a phishing attack at Washington University's medical school.
Ignore That Call From “Apple” About an iCloud Breach
Tuesday, March 28, 2017
csoonline.com
Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.
Data Breach May Put Daytona State College Students' Personal Info at Risk
Tuesday, March 28, 2017
wftv.com
Daytona State College students who applied for financial aid might find themselves in a financial mess. The school said a data breach involving financial aid forms means thieves could have personal information needed to steal students' identities. It marks the second security breach involving the school.
Cheney: Russian Election Interference Could Be ‘Act of War’
Tuesday, March 28, 2017
thehill.com
Former Vice President Dick Cheney said Monday that Russia’s attempts to interfere in the 2016 presidential election could be considered an “act of war” against the U.S...Still, experts have cautioned against making such accusations. The U.S. government does not currently have a definition of what actions in cyberspace would necessitate a military response.
Passwords: Workers Say They Will Hand Them Over for Next to Nothing
Tuesday, March 28, 2017
zdnet.com
According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who'd sell their credentials to an outsider, nearly half would do it for less.
Two Laptops with Hong Kong's 3.7 Million Voters' Data Stolen
Tuesday, March 28, 2017
news.softpedia.com
Hong Kong may be going through one of the most significant data breaches in its history after two computers holding personal data of 3.7 million voters have been stolen.
Navy Senior Chief Gets Over 4 Year Sentence for Identity Theft, Bank Fraud
Tuesday, March 28, 2017
wavy.com
Court documents say Pressley used his position as a senior enlisted member of a local military command to steal personal identity information and identification documents of two subordinates. He used that information to take out several loans totaling $24,000.
Woman Accused of Identity Theft Had More Than a Dozen Victims in 3 Counties
Tuesday, March 28, 2017
komonews.com
Detectives served a search warrant last week at Garner's Mount Vernon home where they found hundreds of pieces of mail belonging to people who live in Skagit, Snohomish, and Island counties.
Email Scam Promises Millions From American Soldier in Syria
Tuesday, March 28, 2017
fox17online.com
One email currently making the rounds is from someone claiming to be a soldier from Alabama who's currently stationed in Syria fighting the war on terror. The soldier says he found a box with $14.6 million in it. He offers you a cut of the money if you open a bank account to help him secure and deposit the funds.
Bitcoin Rise Fuels Social Media Scams
Monday, March 27, 2017
csoonline.com
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media. Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
Cybercriminals Exploit March Madness Frenzy
Monday, March 27, 2017
darkreading.com
The last 15 days of the annual NCAA basketball tournament has seen heightened malicious activity involving phishing pages, adware downloads and mishandling of user data.
Alleged vDOS Owners Poised to Stand Trial
Monday, March 27, 2017
krebsonsecurity.com
Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline...The police are preparing to recommend prosecutors charge the men with computer fraud and extortion, alleging they caused more than six million shekels worth of damage (approximately USD $1.65 million).
Identity Theft Victim Sues Albuquerque Police Department
Monday, March 27, 2017
abqjournal.com
An investigation into a fraudulent check led Albuquerque police to arrest the victim of identity theft, even though the perpetrator who used his ID to cash the check looked dramatically different, according to a lawsuit filed this month.
Identity Theft Suspect With 19 Fake Driver Licenses Arrested
Monday, March 27, 2017
kron4.com
According to sheriff deputies, the unidentified male suspect was arrested for containing 19 fake California Driver Licenses and several packages purchased from a false credit and debit cards.
New Scam Tricks Victims out of Thousands of Dollars Using Old Con
Monday, March 27, 2017
wreg.com
It’s a new twist on an old scam designed to steal thousands of dollars from unsuspecting consumers nationwide. It used to be called the Secret Shopper scam. The new version goes by the name Secret Surveyor, but the con is the same.
Mass. State Police Warn of Phone Scam Seeking Money to Clear Warrants
Monday, March 27, 2017
turnto10.com
Massachusetts State Police say they've received numerous complaints about calls that appear to come from a phone number for the department's South Boston barracks. The caller is identified as an officer and then instructs victims to meet at local shopping centers to provide money to clear up police warrants.
Push for Internet Privacy Rules Moves to Statehouses
Monday, March 27, 2017
nytimes.com
As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights.
Inside the Hunt for Russia’s Most Notorious Hacker
Saturday, March 25, 2017
wired.com
America's war with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
Police: Woman Used Stolen ID to Buy Plastic Surgery
Friday, March 24, 2017
fox13news.com
Police are trying to track down a Polk County identity theft suspect who may now be flaunting $10,000 in stolen breast implants and butt injections.
T-Mobile is Rolling Out Scam Warnings on Incoming Calls
Friday, March 24, 2017
theverge.com
The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
IRS Makes Tax Refund Scams Harder but W-2 Phishing Attacks Continue Unabated
Friday, March 24, 2017
csoonline.com
Anti-fraud measures by the Internal Revenue Service (IRS) and state agencies over the past two years have made tax refund scams harder for cyber criminals to pull off even as attacks targeting taxpayer information continue unabated.
NEED AN EXPERT?
Rob Douglas identity theft expert

Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world? 

Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder? 

Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud? 

If so, we invite you to learn more about identity theft and scam expert Rob Douglas.