identity theft and scams
Welcome to
Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
 
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
identitytheft.info
spacer
spacer
There Have Been 
 
 Identity Theft Victims Year-To-Date
CATEGORIES
Latest Identity Theft News
Highly Confidential Psychotherapy Records From Behavioral Health Center in Bangor, Maine Listed on Dark Web
Monday, April 24, 2017
databreaches.net
In what may be the worst breach of 2017 so far in terms of highly sensitive and confidential patient records, a behavioral and mental health center in Maine recently learned that its patients’ records – including evaluations, session notes, and records of sex offenders and sex abuse victims – had not only been in the hands of one criminal, but had reportedly been sold to an unknown party for unknown purposes.
AZ Man Struggles With IRS for Decade to Try and Fix Case of Identity Theft
Monday, April 24, 2017
abc15.com
Tony Chilicas and his fiancé, Holly, are getting married in July. But their walk down the aisle will only be symbolic. Chilicas refused to make it legally official. “I don’t want her taking my last name until this is done,” he said. It’s because of another man: Jorge Campos Ramirez. But this isn’t some messy love triangle. It’s an unbelievable case of identity theft that’s messed with Chilicas’ life for a decade.
6 Factors Impacting Identity Theft Risks
Monday, April 24, 2017
cutimes.com
The threats posed by cyber attacks and identity theft continue to grow as cyber criminals always seem to be on offense while consumers and insurers are on defense.
Indian Police Allege IRS, FBI, Other Law Enforcement Not Interested in Phone Scam Arrests
Monday, April 24, 2017
forbes.com
Taxpayers across the country breathed a sigh of relief after the arrest of Sagar Thakkar, a 24-year-old Indian man accused of running those Internal Revenue Service (IRS) phone scams. Indian police arrested Thakkar earlier this month, claiming he was the mastermind behind the scam where callers posed as IRS agents to collect bogus tax debts. According to the local police, the lack of response from American law enforcement authorities familiar with the investigation has been deafening.
Russian Hacker Behind Kelihos Botnet Indicted in U.S.
Monday, April 24, 2017
news.softpedia.com
Russian hacker Peter Levashov was indicted on eight counts of fraud, conspiracy, and identity theft. Levashov, who was arrested in Spain early this month, is believed to be Severa, the hacker behind the Kelihos botnet, one of the largest spam operations in the world. The indictment comes from a federal grand jury in Connecticut, which came together on Friday in order to lay out all accusations the US has against Levashov.
Fake Delta Airline Receipts Spread Financial Malware
Monday, April 24, 2017
news.softpedia.com
The phishing email is specifically constructed to make you curious. There is no information about the flight included, which is something that such emails normally contain, but there is a link that you are urged to follow. On the other hand, if you pay attention to the email you've received, you'll notice that the email address is wrong, as it comes from @deltaa, instead of @delta.com. Similarly, if you're a frequent Delta flyer, you'll know the legitimate emails from the airline look a bit different.
The Backstory Behind Carder Kingpin Seleznev’s Record 27 Year Prison Sentence
Monday, April 24, 2017
krebsonsecurity.com
Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev’s record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial.
New Password Guidelines Say Everything We Thought About Passwords Is Wrong
Monday, April 24, 2017
venturebeat-com.cdn.ampproject.org
When I recently discovered a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology), I was amazed about the number of very progressive changes they proposed. Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals use them as base standards and best practices when forming policies for their companies. Thus, another fact I was surprised about was a lack of attention to this document, finalized March 31, from both official media and the blogosphere. After all, those changes are supposed to affect literally everyone who browses the Internet. Here is a quick look at the three main changes the NIST has proposed.
Is Identity Theft Protection Worth It?
Monday, April 24, 2017
usatoday.com
Many turn to identity theft service providers. It's a market worth $3 billion, according to the research firm IBISWorld. According to the Government Accountability Office, about 50 to 60 companies provide these services. But do they work? That was the question posed in a recent GAO study. Its report described four types of identity theft services -- credit monitoring, identity monitoring, identity restoration and identity theft insurance.
Sheriff: Thousands of Victims Affected by Identity Theft Scheme
Friday, April 21, 2017
kcbd.com
Lubbock County Sheriff Kelly Rowe said his office has discovered a massive identity theft scheme with 14,000 victims.
Ignoring a WhatsApp Scam
Friday, April 21, 2017
nytimes.com
Q. I signed up for WhatsApp out of curiosity last year but never used it. Today I got an email message about someone sending me a WhatsApp voice mail. Is this for real?
Beware of a New Scam Involving "Relatives" and Gift Cards
Friday, April 21, 2017
cbsnews.com
In a new twist on an old phone scam, criminals are preying on family ties by asking people to buy gift cards to help relatives they falsely claim are in trouble.
Ransomware Kit Offered at Bargain-Basement Prices
Friday, April 21, 2017
govinfosecurity.com
A look at a Russian-speaking hacker offering novice cybercriminals a cheap way to conduct ransomware attacks leads the latest edition of the ISMG Security Report.
'Trust Attacks' Fueled by IoT Risks
Friday, April 21, 2017
bankinfosecurity.com
So-called "trust attacks" aren't waged for financial gain. They're waged to compromise data, data integrity and to expose sensitive information. Darktrace CEO Nicole Eagan says trust attacks will be among our greatest IoT worries in 2017, because organizations are likely to see attackers using machine learning and artificial intelligence to turn internet-connected devices against us.
Cybersecurity Firm Exposed Non-Anonymized Hospital Data in Demos
Friday, April 21, 2017
scmagazine.com
Cybersecurity startup Tanium is in hot water after exposing non-anonymized network data from a California hospital during live product demonstrations and online videos. The hospital is one of Tanium's clients and while the firm says that it had permission to use the hospital's environment, the company's Chief Executive Officer Orion Hindawi admitted in an open letter to its consumers that the firm “should have done better anonymizing that customer's data.”
Fake Marine Sentenced in Identity Theft
Friday, April 21, 2017
wrn.com
In a case that was less about “Semper Fi” and more about semper fib, a man who pretended to be a U.S. Marine in order to rip off local businesses in Menomonee Falls has been sentenced to three years in prison.
Identity Theft Ring That Used Stolen IDs to Buy Cars
Friday, April 21, 2017
wsoctv.com
Investigators say the suspects created fake driver’s licenses and included their picture. They presented the IDs with a fraudulent credit application, deputies said. The suspects got busted when deputies said they used the same driver’s license number in back-to-back in two weeks, using different names.
Tax Scam: A Game of Speed and Numbers
Wednesday, April 19, 2017
gcn.com
“Tax season is the perfect opportunity for cybercriminals to monetize data obtained from relatively low effort phishing, like the W-2 scam,” said David Vergara, head of global product marketing for VASCO Data Security. “The volume of tax activity, coupled with the speed in which they submit fraudulent returns, makes it virtually impossible for the IRS to catch it all." Cybercriminals who file fraudulent tax returns before the taxpayer and can successfully repeat the process get the biggest prize, he added: “It’s a game of speed and numbers.”
Job Seekers on ZipRecruiter Being Targeted by Scams via Email and Text
Wednesday, April 19, 2017
csoonline.com
Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.
Jodi Gissel: Fighting Fraud
Wednesday, April 19, 2017
acamstoday.org
The Justice for Fraud Victims Project (JFVP) began at Marquette University in the fall of 2014, based on a program that originated at Gonzaga University. The JFVP partners the University’s Department of Accounting with local law enforcement and the district attorney’s office in order to provide fraud examination services to smaller organizations in the Milwaukee area that are in need of these services. Fraud investigations are costly. Smaller organizations often cannot afford them and law enforcement generally has limited resources available to provide the necessary in-depth investigation of financial records. The JFVP has accounting students, working under the guidance of a professional forensic examiner mentor, who complete the fraud investigation; thereby gaining valuable experience with an actual fraud examination and providing a valuable service to the community.
Advanced, Low-Cost Ransomware Tools on the Rise
Wednesday, April 19, 2017
darkreading.com
Malware developers keep making it easier for even the most broke and technically inept bad guys to jump on the ransomware craze with cheap and user-friendly tools that are bound to fuel plenty more computer blackmail attacks in 2017. The latest evidence of the trend comes from a report out today of a new variant offered up by Russian cybercriminals through a software-as-a-service delivery mechanism that costs criminals only $175 to get started.
InterContinental Hotel Chain Breach Expands
Wednesday, April 19, 2017
krebsonsecurity.com
IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
Man Pleads Guilty to ID Theft in Which He Stole $150G in Unemployment Benefits
Wednesday, April 19, 2017
nydailynews.com
A Bronx man already on probation for texting a terror threat to Emirate Airlines in 2013 is headed to prison for stealing the identities of multiple people and filing fake unemployment claims.
Florida Men Sentenced in Identity Theft Crimes Against New Yorkers
Wednesday, April 19, 2017
wellsvilledaily.com
The fraudsters had also repeatedly contacted the Tax Department call center in Albany. Investigators were able to listen to the recordings and crack the fraud scheme. They traced the calls and computer traffic used to create the false OLS accounts to the exact location where Mirville and Jacques were operating. This provided sufficient evidence to support issuance of a search warrant.
This Google Chrome and Firefox Phishing Scam Is ‘Practically Impossible to Spot’
Wednesday, April 19, 2017
fortune.com
The attack is a variety of phishing, an age-old con that involves tricking people into trusting a malicious website by directing them to a malicious link or, alternatively, into downloading a booby-trapped computer file. The hackers then steal the victims' passwords or install malware on their computers.
Former Bank Officer Pleads in Identity Theft Case
Tuesday, April 18, 2017
ozarkradionews.com
The crimes occurred when Smith was a bank loan officer and compliance officer at Community Bank in Summersville. In his guilty plea, Smith admitted taking out loans worth $81,040 between 2015 and June 2016, using bank customers’ names, their bank account information and social security numbers without their permission. He then transferred the money to his personal account and spent it on gambling or personal expenses. He also admitted using his mother’s and brother’s personal information to apply for about $70,000 in loans without their approval in 2010 and 2011 to pay for gambling.
Identity Theft Isn’t Just for the Living
Tuesday, April 18, 2017
natlawreview.com
With income tax season upon us, we are inundated with warnings from the IRS to take extra caution when filing our individual income tax returns with identity theft on the rise. But identity theft also happens to decedents.
Five Reasons to Worry About the ShadowBrokers Hack
Tuesday, April 18, 2017
thehill.com
WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential. Since August, the group has been dropping apparent NSA hacking tools, outing NSA operations and possible endangering the public. If you haven’t been paying attention to the ShadowBrokers, here are five reasons to start.
Hackers Dump 1.7 Million Snapchat Users Data on Dark Web
Tuesday, April 18, 2017
news.softpedia.com
Anonymous Indian hackers are taking revenge on Snapchat's CEO and claim to have leaked a database containing the credentials of 1.7 million users.
Identity Thief Faces Potential 22-Year Prison Sentence
Tuesday, April 18, 2017
darkreading.com
A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
How to Block Robocalls Once and For All (video)
Tuesday, April 18, 2017
nbcnews.com
Robocallers made 2.5 billion calls in March alone. Tom Costello shares tips for how you can block robocalls and spam text messages.
How to Stop Those Annoying, Endless Robocalls to Your Smartphone
Tuesday, April 18, 2017
9news.com
According to the Federal Communications Commission, there are nearly 2.4 billion robocalls made every month. That’s more than 7 calls per person, according to new research from the YouMail Robocall Index. At best, the calls are frustrating. At worst, they’re robbing us blind. So what can we do about it once and for all?
Border Agents Can Legally Search Electronic Devices
Tuesday, April 18, 2017
govtech.com
While the Fourth Amendment typically protects people around the country from unreasonable searches without warrants, agents along the Canadian and Mexican borders can search all travelers’ belongings, including electronic devices, with or without reasonable suspicion or a warrant.
Identity Theft Suspect Tripped up by Ancestry.Com
Tuesday, April 18, 2017
yorkdispatch.com
A Texas man on the run for more than two decades after escaping from a prison halfway house stayed under the radar by stealing and assuming a dead baby's identity, according to federal court documents...Vincent's scheme unraveled when an aunt of the real Nathan Laskoski added the dead boy's name to the family's lineage at Ancestry.com and discovered someone with the same name had already been entered on the genealogy website, linked to several marriages and homes in multiple states, according to documents.
Georgia Voters’ Personal Data at Risk in Cobb Theft
Tuesday, April 18, 2017
ajc.com
State officials are investigating the theft last week of equipment from a Cobb County precinct manager’s car that could make every Georgia voters’ personal information vulnerable to theft. The equipment, used to check-in voters at the polls, was stolen Saturday evening, Secretary of State Brian Kemp said Monday. Cobb County elections director Janine Eveler said the stolen machine, known as an ExpressPoll unit, cannot be used to fraudulently vote in Tuesday’s election but that it does contain a copy of Georgia’s statewide voter file. “We have managed that so that what’s stolen could not impact the election,” Eveler said. While the file includes drivers’ license numbers, addresses and other data, it does not include Social Security numbers, Eveler said.
Cybercrime—From Inside an Ohio Prison
Tuesday, April 18, 2017
networkworld.com
According to local news reports that blew up over the internet last week, at least five prisoners built a pair of working PC out of parts scavenged from e-waste as part of a program designed to teach computer skills by having inmates break down end-of-life computers and recycle the parts. The inmates smuggled the PCs to a training room, hid them in the ceiling and then ran wiring to connect to the prison network...they attempted to use the machines for a number of cybercrimes, including identity theft of another inmate serving a long sentence, applying for multiple credit and debit cards in his name. One of the inmates even used the computers to send text messages to his mother, telling her where to go pick up the fraudulently obtained cards.
SWIFT Warns on Vendor Security After Documents Leaked by Hackers
Tuesday, April 18, 2017
reuters.com
SWIFT, the global bank messaging system, on Monday advised clients to pay close attention to security when selecting firms to help them access the network following the release of data that suggested the U.S. government sought to spy on their clients...A hacking group calling itself the Shadow Brokers on Friday released files that cyber security experts said suggest the U.S. National Security Agency sought to monitor messaging traffic by hacking into the networks of two firms in the Middle East and Latin America known as service bureaus, which help SWIFT clients access SWIFT.
Microsoft Addresses Shadow Brokers Exploits
Tuesday, April 18, 2017
us-cert.gov
The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.
Cuban National Pleads Guilty in Tax Scam That Used Stolen UPMC IDs
Tuesday, April 18, 2017
post-gazette.com
Assistant U.S. Attorney Greg Melucci said today that Llanes was part of a network of conspirators who took advantage of tens of thousands of UPMC W-2 forms that hackers stole and sold on the darknet, an encrypted web marketplace for cyber criminals.
Two-Thirds of Seniors Are Scam Victims
Tuesday, April 18, 2017
thefranklinnewspost.com
A new survey by Home Instead, Inc. found that two-thirds (67 percent) of U.S. seniors have been the victim or target of at least one common online scam or hack. In addition, more than a third (38 percent) report that someone has tried to scam them online, and 28 percent of surveyed seniors have mistakenly downloaded a computer virus.
Nigerian Wanted by FBI for $5 Million Email Scam
Tuesday, April 18, 2017
africanews.com
32-year-old Kelechi Declan James, suspected to be in New York City, is alleged to have run a business e-mail compromise scheme that resulted in victims losing more than $5 million. “As part of the scheme, James and his co-conspirators defrauded victims across the U.S. by tricking them into wiring money to bank accounts the victims believed were owned by family members, friends, or business associates,” the FBI said in a statement last week.
Health Savings Account Fraud: The Rapidly Growing Threat
Monday, April 17, 2017
darkreading.com
While information security and anti-fraud teams remain on high-alert for potential indicators of income tax fraud, given the rapidly approaching April 18th filing deadline, a lesser-known yet serious threat with ties to both income tax fraud and 2016’s healthcare breaches continues to emerge: health savings account fraud.
Shoney’s Hit by Apparent Credit Card Breach
Monday, April 17, 2017
krebsonsecurity.com
Multiple sources in the financial industry say they’ve traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney’s, a 70-year-old restaurant chain that operates primarily in the southern United States.
EFF Releases Spying on Students Ed Tech Report
Monday, April 17, 2017
eff.org
"They are collecting and storing data to be used against my child in the future, creating a profile before he can intellectually understand the consequences of his searches and digital behavior." This was the response of one parent to an online survey EFF conducted to learn more about the use of mobile devices and cloud services in K-12 classrooms across the country—so called education technology or “ed tech.” Today, EFF released a report entitled “Spying on Students: School-Issued Devices and Student Privacy” that summarizes the results of this survey.
Virus Knocks Erie County Medical Center Offline for Days
Monday, April 17, 2017
healthcareitnews.com
The entire computer system of Buffalo-based Erie County Medical Center and its Long-Term Care at Terrace View facility was shut down early April 9, after a virus was detected on the system. While it was primarily the email system hit with a virus, ECMC took the whole system offline to prevent spreading the virus, officials said in a statement. As of Thursday morning, parts of the computer system were still offline. Hospital officials wouldn’t comment if the virus was ransomware.
9 Ways to Protect Your Aging Parent From Identity Theft
Monday, April 17, 2017
forbes.com
When Peter’s father became too infirm to live independently, Peter took on the job of moving him into an assisted living facility. Using his power of attorney, Peter then began to dig into his father’s financial records. What he found shocked him. His father had become an unsuspecting victim of identity theft.
How to Spot a Skimmer and Avoid Identity Theft
Monday, April 17, 2017
abc13.com
Skimming devices are used by criminals to secretly capture credit and debit card data from unsuspecting users. Once the credit/ debit data is captured, the data is downloaded and then used for fraudulent transactions. The data can be sold, immediately used for online purchases or re-encoding and creation of counterfeit credit/debit cards.
Westminster College Reports Employee Data Breach
Monday, April 17, 2017
columbiatribune.com
The breach of employee information was discovered March 26, according to a statement from Lana Poole, vice president and chief communications officer at Westminster. Poole said the breach was the result of a phishing scam and was reported to law enforcement authorities.
Researchers Find Data Breaches More Likely at Large Teaching Hospitals
Monday, April 17, 2017
baltimoresun.com
Large health care providers and teaching hospitals face a greater risk of having their medical records compromised by hackers, researchers say in a new study published in the Journal of the American Medical Association.
Fifth Person Pleads Guilty in $5 Million ID Theft Case
Thursday, April 13, 2017
darkreading.com
A Russian national has been arrested in connection with a payment card fraud scheme between 2014 and 2016 that led to $5 million in losses to businesses including an airline and two healthcare administrators. The fifth person to be arrested in the case, Irina Fedoseeva, was allegedly responsible for cheating victims out of $225,000 through illegal use of their payment cards, the US Department of Justice said.
Police Stumble Onto Apparent Major Fraud Ring During Traffic Stop
Thursday, April 13, 2017
onlineathens.com
A man last week may have inadvertently led authorities to uncover a major fraud ring in which manufactured fraudulent credit cards were used to illegally purchase thousands of dollars’ worth of merchandise and services in at least two states.
LinkedIn Scam Wants Job Seekers to Hand Over Their CVs
Thursday, April 13, 2017
tripwire.com
Fraudsters have designed a new LinkedIn scam that uses phishing emails and a fake website to trick job seekers into handing over their CVs.
Norton Schools Computer System Hacked
Thursday, April 13, 2017
thesunchronicle.com
The school department is seeking an emergency transfer of $43,000 to upgrade its computer security after its system was hacked last month, causing files to freeze, Superintendent Joseph Baeta said Wednesday. Baeta said the hack happened on March 15 when someone opened an email that contained “ransomware.” The hackers sought to get the school department to pay a ransom for it to unlock the files, he said.
Internet Privacy Fight Enters New Phase
Thursday, April 13, 2017
thehill.com
The fight over internet privacy is entering a new stage. The Republican chairman of the Federal Communications Commission is moving to roll back his agency's net neutrality rules, a plan critics warn could deal another blow to online privacy protections. It comes on the heels of Republicans repealing Obama-era rules that would have required internet service providers to get customer consent before sharing their data, putting digital privacy back in the national spotlight. Both sides are quickly gearing up for the next fight.
Detecting Insider Threats Is Easier Than You Think
Thursday, April 13, 2017
cio.com
The biggest factor to deter insider risks is to give ongoing security awareness training to all employees, said Scottie Cole, network and security administrator at AppRiver. “This trains employees on what is expected of them and provides them the signs to identify a risk. Insider risk teams should also have ongoing assessments and auditing of company assets can help identify risks that would otherwise be ignored.”
SWIFT Codes Targeted in Union Bank of India Cyberattack
Wednesday, April 12, 2017
scmagazine.com
Hackers launched an attack against the Union Bank of India that was very similar to the Bangladesh bank heist that resulted in the theft of $81 million last year. The attack against the Union Bank started in July 2016 when scammers sent an email containing a malicious attachment to an employee at the Union Bank of India, Reuters reported citing the Wall Street Journal. The employee opened the email, which initiated malware that stole Union Bank's Society for Worldwide Interbank Financial Telecommunication (SWIFT) codes that are necessary to transfer funds. The hackers then used the codes to send instructions to transfer $170 million to a Union Bank account at Citigroup Inc in New York however, Union Bank was able to spot the fraud and block the transfer.
Budget Woes Hinder US Cybersecurity Buildup
Wednesday, April 12, 2017
thehill.com
Experts and officials are warning of the negative effects that another stopgap funding bill would have on cybersecurity as Congress finds itself embroiled in another budget showdown.
Easter Holiday Phishing Scams and Malware Campaigns
Wednesday, April 12, 2017
us-cert.gov
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns...
Tax Season Surprise: W-2 Fraud
Wednesday, April 12, 2017
darkreading.com
What was once a scam known for exclusively targeting the corporate world has expanded to other sectors, including school districts, tribal organizations, and nonprofits. W-2 fraudsters show no prejudice — regardless of geographic location, industry, and organization size, we're seeing employees across the spectrum fall victim.
Phishing with a Light Touch: Advances in Social Engineering
Wednesday, April 12, 2017
scmagazine.com
At the heart of every phish that lands in users' inboxes is a social engineering job -- an attempt to con gullible users into believing claims that are contrary to reality and then persuade them to take dangerous actions based on their belief in a lie.
How the FBI Took Down Russia’s Spam King—and His Massive Botnet
Wednesday, April 12, 2017
wired.com
One of the world’s most notorious spammers appears to have been tripped up by a basic cybersecurity no-no, according to the FBI: He used the same log-in credentials to both run his criminal enterprise and also log into sites like iTunes.
Ransomware Attack on Texas Pediatric Provider Exposes Data of 55,000 Patients
Wednesday, April 12, 2017
healthcareitnews.com
A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers.
Hundreds of W-2s Stolen From City of San Marcos
Wednesday, April 12, 2017
statesman.com
Confidential information of more than 800 current and former city of San Marcos employees has been compromised after one employee fell for a phishing scam.
Amazon’s Third-Party Sellers Hit by Hackers
Monday, April 10, 2017
wsj.com
In recent weeks, attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each, according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven’t used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash, those people say.
Alleged Spam King Pyotr Levashov Arrested
Monday, April 10, 2017
krebsonsecurity.com
Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins...Levashov is currently listed as #7 in the the world’s Top 10 Worst Spammers list maintained by anti-spam group Spamhaus. The U.S. Justice Department maintains that Severa was the Russian partner of Alan Ralsky, a convicted American spammer who specialized in “pump-and-dump” spam schemes designed to artificially inflate the value of penny stocks.
Symantec Attributes 40 Cyber Attacks to CIA-Linked Hacking Tools
Monday, April 10, 2017
reuters.com
Past cyber attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by the Web publisher Wikileaks, the security researcher Symantec Corp (SYMC.O) said on Monday. That means the attacks were likely conducted by the U.S. Central Intelligence Agency. The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.
Spain Arrests Russian Thought to Be Kingpin of Computer Spam
Monday, April 10, 2017
nytimes.com
The initial reports in Russian news media of Mr. Levashov’s arrest did not say if he was suspected by United States intelligence agencies of being involved in attempts by Russian government hackers to meddle in the 2016 American presidential election. The American intelligence agencies have said Russian hackers broke into the servers of the Democratic National Committee and the email of Hillary Clinton’s campaign chairman and released documents in an effort to sway the election toward Donald J. Trump. But computer researchers who have linked the long-running computer spam business of the man known as Peter Severa to malware used in 2012 to influence a domestic election in Russia say his arrest could give other investigations important information.
Hacking Attack Woke Up Dallas With Emergency Sirens, Officials Say
Monday, April 10, 2017
nytimes.com
Officials in Dallas said the city’s warning system was hacked late on Friday night, disrupting the city when all 156 of its emergency sirens sounded into the early hours of Saturday morning. The alarms, which started going off around 11:40 p.m. Friday and lasted until 1:20 a.m. Saturday, created a sense of fear and confusion, jarring residents awake and flooding 911 with thousands of calls, officials said.
Teaching Hospitals at Greater Data Breach Risk
Monday, April 10, 2017
darkreading.com
Research on data breaches at hospitals has revealed that those with major teaching facilities and more beds were at greater breach risk, says a Johns Hopkins University report.
Former Allegro Worker Accused of Inserting ‘Time Bomb’ in Company Network
Monday, April 10, 2017
telegram.com
On January 31, 2016, Mr. Patel allegedly trespassed onto the grounds of Allegro to come within the wireless network’s range. Once in range, and using the secondary notebook from Allegro, Mr. Patel allegedly used the password for another employee of Allegro, to gain access to the company’s network. He then allegedly used a system administrator logon and password to upload and insert the malicious Oracle programming code to Allegro’s finance module.
Wells Fargo to Claw Back $75 Million From Former Executives
Monday, April 10, 2017
nytimes.com
In a scathing, 113-page report that made it clear that all the warning signs of the problem had been glaring, the board released the results of its six-month investigation into the conditions and culture that prompted thousands of Wells Fargo employees to create fraudulent accounts in an effort to meet aggressive sales goals.
Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers
Friday, April 07, 2017
chronicle.com
Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa, according to the IRS commissioner, John Koskinen, who testified on Thursday before the Senate Finance Committee.
Alert: New Highly Customized Phishing Attack Has a 90% Open Rate
Friday, April 07, 2017
blog.barkly.com
Researchers at Barracuda Networks have uncovered a new wave of sophisticated phishing attacks with one of the highest initial success rates they've ever seen.
Cybercriminals Seized Control of Brazilian Bank for 5 Hours
Friday, April 07, 2017
darkreading.com
Cybercriminals for five hours one day last fall took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an intricate attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure.
Mac Malware Grew 744% in 2016, Says McAfee Report
Friday, April 07, 2017
9to5mac.com
The latest McAfee Threat Report shows that macOS malware grew by 744% in 2016, with around 460,000 instances detected. Behind the headline number, though, are a couple of reassuring facts.
Scottrade Bank Data Breach Exposes 20,000 Customer Records
Friday, April 07, 2017
csoonline.com
Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc., recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to the public.
Dems Ask Treasury Chief for Cyber Briefing
Friday, April 07, 2017
thehill.com
Democratic lawmakers are requesting a briefing on the Treasury Department’s cybersecurity efforts, expressing alarm over nation-state cyberattacks targeting the financial sector. Reps. Robin Kelly (D-Ill.) and Jim Himes (D-Conn.) wrote to Treasury Secretary Steve Mnuchin on Thursday warning of the “rapid spread of cyber-attacks on the American banking and financial services industries by foreign actors.” They singled out North Korea, expressing concern that Pyongyang could use cyberattacks on banks and financial services institutions to fund its missile and nuclear programs.
Wikileaks Posts CIA Documents on Ways to Install Malware
Friday, April 07, 2017
thehill.com
WikiLeaks on Friday published a new package of leaked CIA documents outlining the Grasshopper framework, a customizable malware installer.
Scammers Phishing for Financial Credentials on Twitter
Friday, April 07, 2017
csoonline.com
Scammers are using Twitter as a vehicle to target people looking for customer support or asking general questions. They interject themselves into legitimate discussions, offering friendly chatter and a link that directs the target to a Phishing page designed to harvest credentials. On Twitter, someone – or perhaps a group of people – are following support accounts for large financial institutions and watching their interactions with customers. Depending on the question asked, the scammers will respond to the customer (usually after the official account has) and direct them to take 'additional' measures. Social Engineering is a powerful tool, and given the right construct it can be hard to detect or defend against.
Don't Pay Ransoms. But If You Must, Here's Where to Buy the Bitcoins
Tuesday, April 04, 2017
csoonline.com
Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy. Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do? First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong. Instead, go to a reputable exchange.
Report: China-Based Cyber Campaign Targeting Managed IT, Cloud Services
Tuesday, April 04, 2017
thehill.com
A new report suggests a China-based espionage campaign is targeting managed IT service providers and cloud service providers in an attempt to spy on those firms' clients, including diplomatic and political organizations and companies' intellectual property. PriceWaterhouseCoopers and BAE Systems collaborated on the report, detailing a threat nicknamed "Operation Cloud Hopper."
Woman Learns of Identity Theft When Doctor Tells Her She's Pregnant
Friday, March 31, 2017
wlos.com
An Asheville woman is cleaning up her record after her identity was stolen last fall by a pregnant woman. Rhonda Proffitt went to the doctor in October. To her surprise, they asked her how her baby was.
OPM Pays Too Much Protecting Breach Victims From Identity Theft, Watchdog Says
Friday, March 31, 2017
nextgov.com
The Office of Personnel Management is probably shelling out too much money for identity theft insurance for current and former federal employees compromised in the agency’s massive 2015 data breach, a government watchdog said Thursday.
Protecting Your Digital Life in 8 Easy Steps
Friday, March 31, 2017
nytimes.com
There are more reasons than ever to understand how to protect your personal information. Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer. And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.
Post-FCC Privacy Rules, Should You VPN?
Friday, March 31, 2017
krebsonsecurity.com
Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they’re looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move.
GAO: Identity Theft Services Study - March 2017
Friday, March 31, 2017
gao.gov
GAO was asked to examine issues related to identity theft services and their usefulness. This report examines, among other objectives, (1) the potential benefits and limitations of identity theft services, and (2) factors that affect government and private-sector
decision-making about them. GAO reviewed products, studies, laws, regulations, and federal guidance and contracts, and interviewed federal agencies, consumer groups, industry stakeholders, and eight providers selected because they were large market participants.
Custom Phishing Attacks Grow as Crooks Create Fake Flight Confirmations, Receipts
Friday, March 31, 2017
zdnet.com
Well-researched attacks designed for cyber espionage and malware distribution specifically target those who regularly use air travel.
A Quick Guide to Backing Up Your Critical Data
Friday, March 31, 2017
nytimes.com
It’s World Backup Day, which is another way of saying it’s a good time to safeguard your digital photos, videos, documents and emails by creating second copies, or backups, of them and storing them somewhere secure.
Warning for Taxpayers: Identity Theft During Tax Season
Friday, March 31, 2017
baltimore.cbslocal.com
Thousands across Maryland have fallen victim to identity theft. Criminals steal information to file tax returns. State comptroller Peter Franchot says there’s at least 2,000 victims already. It’s that time of the year. While millions nationwide are waiting to find out just how much money they’ll get back, criminals are hacking away, trying to steal identities and cash in on tax returns in Maryland.
Beware This Simple Scam Targeting Job Seekers
Thursday, March 30, 2017
inc.com
In this fourth version of the "473 Scam," criminals post "help wanted" type ads on various online bulletin boards or physical job boards around a city - advertising jobs that are likely to be attractive with their intended target audience; the ads note, of course, that in order to obtain more information or to apply one should "call for more information."
IBM on the State of Network Security: Abysmal
Thursday, March 30, 2017
networkworld.com
The state of online security is darn dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years.
White House Extends Obama Executive Order on Cyber Threats
Thursday, March 30, 2017
thehill.com
"Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," reads the letter.
Avoiding ID Theft: Keeping Your Personal Information Safe
Thursday, March 30, 2017
The Costco Connection
"If you just took the time to look at your finances you would be able to head off a major problem," says Rob Douglas, a nationally recognized identity theft and information security consultant (identitytheft.info). "It's mind-blowing to me how many people don't do it." Account takeover fraud, card-not-present fraud, new account fraud and W-2 fraud are damaging forms of ID theft, and you should know how they work. We collaborated with Douglas to unpack this topic.
Scammers Scare iPhone Users Into Paying to Unlock Not-Really-Locked Safari
Thursday, March 30, 2017
csoonline.com
Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken. The flaw, fixed in Monday's iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.
None of Us Are Safe From Getting ‘Owned’
Thursday, March 30, 2017
nytimes.com
In the escalating rhetoric of public shaming, being embarrassed online is tantamount to being wiped from the face of the earth. Whenever a late-night host upbraids a public figure in a monologue or a pundit bests another in a Twitter fight, onlookers crowd around to declare the loser DESTROYED! or EVISCERATED! or ETHERED! or ANNIHILATED! But alongside these symbols of destruction has risen another, more apt metaphor for the dynamics of the modern media power play. In this one, the defeated party wasn’t killed, but possessed: They got OWNED.
Senators Move to Bolster Cyber Resources for Small Businesses
Thursday, March 30, 2017
thehill.com
Five senators introduced legislation on Wednesday that would direct the National Institute of Standards and Technology (NIST) to consider small businesses when updating its cybersecurity framework and offer consistent resources for small businesses that decide to use the framework.
New Berlin Man Charged With Identity Theft, Accused of Luring Young Girls Online
Thursday, March 30, 2017
tmj4.com
Forty-four-year-old Craig Miller is charged with 18 counts including identity theft, and is accused of stealing a teenage boys photos to sexually exploit underage girls on the internet. Police said one of the teens he lured attempted suicide over the ordeal, prompting police to look into the case. Police identified photos of underage victims who live in Indiana, Colorado, Kentucky and Fond du Lac, Wisconsin.
Trenton-Area Post Office Struck by Anthrax Gets Ensnared in Identity Theft Scheme
Thursday, March 30, 2017
trentonian.com
The prominent mail processing facility off Route 130 that suffered from a crippling anthrax attack nearly 16 years ago has now been identified as the base of operations for an employee’s alleged thievery.
3 Charged in $40K Identity Theft Scheme
Thursday, March 30, 2017
pennlive.com
The suspects are accused of using a Connecticut man's identity to open bank accounts and take out $40,000 in loans with an S&T Bank in Cambria County between Wednesday and Tuesday. After opening the accounts, state police in Ebensburg said the men applied for loans with the bank. After the loans were approved, the suspects received a check for $40,000, according to police.
If You Want to Stop Big Data Breaches, Start With Databases
Thursday, March 30, 2017
wired.com
Over the past few years, large-scale data breaches have become so common that even tens of millions of records leaking feels unremarkable. One frequent culprit that gets buried beneath the headlines? Poorly secured databases that connect directly to the internet.
FBI Warns of Attacks on Anonymous FTP Servers
Wednesday, March 29, 2017
networkworld.com
The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information. While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade. The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.
Study Finds Devices Are Not Wiped Properly
Wednesday, March 29, 2017
csoonline.com
Smartphones and tablets among those found on second-hand market with Personally Identifiable Information.
Millions of Stolen U.S. University Email Credentials for Sale on the Dark Web
Wednesday, March 29, 2017
darkreading.com
Stolen email addresses and passwords from the largest US universities are offered for sale on the Dark Web at anywhere from $3.50 to $10 apiece. But that's only a snapshot of a lucrative underground market for pilfered – and even spoofed and phony - student, faculty, staff, and alumni email credentials, according to new research published today by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities.
Beware of Evolving Income Tax Scams
Wednesday, March 29, 2017
usatoday.com
Income tax identity theft continues to be a big problem for the IRS and the individual victims of this crime. It happens when a criminal who has managed to steal someone’s Social Security number files an income tax return on behalf of that person using a counterfeit W-2 and then tricks the IRS into sending a fraudulent refund to the income tax identity thief.
The House Voted to Wipe Out the FCC’s Landmark Internet Privacy Protections
Wednesday, March 29, 2017
washingtonpost.com
House Republicans voted overwhelmingly Tuesday, by a margin of 215-205, to repeal a set of landmark privacy protections for Web users, issuing a sweeping rebuke of Internet policies enacted under the Obama administration. It also marks a sharp, partisan pivot toward letting Internet providers collect and sell their customers' Web browsing history, location information, health data and other personal details. The measure, which was approved by a 50-48 margin in the Senate last week, now heads to the White House, where President Trump is expected to sign it.
Facebook Live Location Service Raises Privacy, Safety Concerns
Wednesday, March 29, 2017
scmagazine.com
Cybersecurity experts are questioning whether Facebook's addition of Live Location to its Messenger texting app will pose a privacy issue for its users.
VPNs Won’t Save You from Congress’ Internet Privacy Giveaway
Wednesday, March 29, 2017
wired.com
You’ll need to take your online privacy into your own hands. Several technical workarounds—especially virtual private networks, or VPNs—will return some semblance of control to you, the internet user. But even these solutions are far from perfect. When it comes to privacy, tech can help. But it doesn’t take the place of having the law on your side.
Woman Charged With Identity Theft
Wednesday, March 29, 2017
wiscnews.com
An Illinois woman is facing criminal charges in Sauk County for allegedly purchasing stolen credit card information online and having it transferred to fake cards that she used.
One of the Most Dangerous Forms of Ransomware Has Just Evolved to Be Harder to Spot
Wednesday, March 29, 2017
zdnet.com
Identified by Trend Micro, the new Cerber variant is - like most ransomware - delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox controlled by the attackers which downloads and self-extracts the Cerber payload.
Cyber Criminals Targeting Healthcare Orgs’ FTP Servers
Wednesday, March 29, 2017
helpnetsecurity.com
FBI’s Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes.
Apple Attributes Alleged iCloud Hack to Password Reuse
Wednesday, March 29, 2017
esecurityplanet.com
An unnamed person who's seen the data held by the hackers told Fortune that many of the email addresses and passwords match data from the LinkedIn breach that was disclosed last year.
Significant Data Breach Impacts Job Applicants in 10 States
Tuesday, March 28, 2017
govtech.com
According to an America's JobLink Alliance press release, millions of job-seekers in at least 10 states may have had their sensitive information accessed by hackers. The incident allowed unauthorized access to the names, Social Security numbers, and dates of birth of persons in their database. The access occurred between Feb. 23 and March 14, 2017.
Security? What Security? Four Million Data Records Are Stolen or Lost Every Day
Tuesday, March 28, 2017
zdnet.com
Nearly 1.4 billion data records were stolen by hackers or lost during 2016 - almost double the number which were comprised the previous year and indicating the ever growing threat posed not only by cyberattackers but accidental data breaches and malicious insiders.
Why It's a Good Idea to Clear Your Browser History and Cookies
Tuesday, March 28, 2017
grahamcluley.com
You've probably heard someone at one point tell you to delete your cookies/browsing history and/or clear your cache when you were experiencing technical issues online. In this article, I will discuss why users might consider deleting and clearing these elements at least periodically (if not regularly).
Washington University Med School Hit by Phishing Attack, Patient Info May Have Been Accessed
Tuesday, March 28, 2017
ksdk.com
A third party may have gained unauthorized access to patient information — including names, birth dates and social security numbers — after a phishing attack at Washington University's medical school.
Ignore That Call From “Apple” About an iCloud Breach
Tuesday, March 28, 2017
csoonline.com
Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.
Data Breach May Put Daytona State College Students' Personal Info at Risk
Tuesday, March 28, 2017
wftv.com
Daytona State College students who applied for financial aid might find themselves in a financial mess. The school said a data breach involving financial aid forms means thieves could have personal information needed to steal students' identities. It marks the second security breach involving the school.
Cheney: Russian Election Interference Could Be ‘Act of War’
Tuesday, March 28, 2017
thehill.com
Former Vice President Dick Cheney said Monday that Russia’s attempts to interfere in the 2016 presidential election could be considered an “act of war” against the U.S...Still, experts have cautioned against making such accusations. The U.S. government does not currently have a definition of what actions in cyberspace would necessitate a military response.
Passwords: Workers Say They Will Hand Them Over for Next to Nothing
Tuesday, March 28, 2017
zdnet.com
According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who'd sell their credentials to an outsider, nearly half would do it for less.
Two Laptops with Hong Kong's 3.7 Million Voters' Data Stolen
Tuesday, March 28, 2017
news.softpedia.com
Hong Kong may be going through one of the most significant data breaches in its history after two computers holding personal data of 3.7 million voters have been stolen.
Navy Senior Chief Gets Over 4 Year Sentence for Identity Theft, Bank Fraud
Tuesday, March 28, 2017
wavy.com
Court documents say Pressley used his position as a senior enlisted member of a local military command to steal personal identity information and identification documents of two subordinates. He used that information to take out several loans totaling $24,000.
Woman Accused of Identity Theft Had More Than a Dozen Victims in 3 Counties
Tuesday, March 28, 2017
komonews.com
Detectives served a search warrant last week at Garner's Mount Vernon home where they found hundreds of pieces of mail belonging to people who live in Skagit, Snohomish, and Island counties.
Email Scam Promises Millions From American Soldier in Syria
Tuesday, March 28, 2017
fox17online.com
One email currently making the rounds is from someone claiming to be a soldier from Alabama who's currently stationed in Syria fighting the war on terror. The soldier says he found a box with $14.6 million in it. He offers you a cut of the money if you open a bank account to help him secure and deposit the funds.
Bitcoin Rise Fuels Social Media Scams
Monday, March 27, 2017
csoonline.com
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media. Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
Cybercriminals Exploit March Madness Frenzy
Monday, March 27, 2017
darkreading.com
The last 15 days of the annual NCAA basketball tournament has seen heightened malicious activity involving phishing pages, adware downloads and mishandling of user data.
Alleged vDOS Owners Poised to Stand Trial
Monday, March 27, 2017
krebsonsecurity.com
Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline...The police are preparing to recommend prosecutors charge the men with computer fraud and extortion, alleging they caused more than six million shekels worth of damage (approximately USD $1.65 million).
Identity Theft Victim Sues Albuquerque Police Department
Monday, March 27, 2017
abqjournal.com
An investigation into a fraudulent check led Albuquerque police to arrest the victim of identity theft, even though the perpetrator who used his ID to cash the check looked dramatically different, according to a lawsuit filed this month.
Identity Theft Suspect With 19 Fake Driver Licenses Arrested
Monday, March 27, 2017
kron4.com
According to sheriff deputies, the unidentified male suspect was arrested for containing 19 fake California Driver Licenses and several packages purchased from a false credit and debit cards.
New Scam Tricks Victims out of Thousands of Dollars Using Old Con
Monday, March 27, 2017
wreg.com
It’s a new twist on an old scam designed to steal thousands of dollars from unsuspecting consumers nationwide. It used to be called the Secret Shopper scam. The new version goes by the name Secret Surveyor, but the con is the same.
Mass. State Police Warn of Phone Scam Seeking Money to Clear Warrants
Monday, March 27, 2017
turnto10.com
Massachusetts State Police say they've received numerous complaints about calls that appear to come from a phone number for the department's South Boston barracks. The caller is identified as an officer and then instructs victims to meet at local shopping centers to provide money to clear up police warrants.
Push for Internet Privacy Rules Moves to Statehouses
Monday, March 27, 2017
nytimes.com
As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights.
Inside the Hunt for Russia’s Most Notorious Hacker
Saturday, March 25, 2017
wired.com
America's war with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
Police: Woman Used Stolen ID to Buy Plastic Surgery
Friday, March 24, 2017
fox13news.com
Police are trying to track down a Polk County identity theft suspect who may now be flaunting $10,000 in stolen breast implants and butt injections.
T-Mobile is Rolling Out Scam Warnings on Incoming Calls
Friday, March 24, 2017
theverge.com
The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
IRS Makes Tax Refund Scams Harder but W-2 Phishing Attacks Continue Unabated
Friday, March 24, 2017
csoonline.com
Anti-fraud measures by the Internal Revenue Service (IRS) and state agencies over the past two years have made tax refund scams harder for cyber criminals to pull off even as attacks targeting taxpayer information continue unabated.
Congress Moves to Strike Internet Privacy Rules From Obama Era
Friday, March 24, 2017
nytimes.com
Republican senators moved Thursday to dismantle landmark internet privacy protections for consumers in the first decisive strike against telecommunications and technology regulations created during the Obama administration, and a harbinger of further deregulation.
Judge OKs Subway’s Record $31M FACTA Settlement
Friday, March 24, 2017
law360.com
A Florida federal judge has signed off on the largest settlement in the history of the Fair and Accurate Credit Transactions Act, a nearly $31 million deal between Subway and a class of consumers alleging the sandwich chain unlawfully printed full credit card expiration dates on receipts...FACTA regulations require retailers to omit card expiration dates on receipts, as emphasized in the Credit and Debit Card Clarification Act.
Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already
Friday, March 24, 2017
news.softpedia.com
A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.
Instagram Has Two-Factor Authentication Now, So Turn It On
Friday, March 24, 2017
wired.com
Because you care greatly about your personal security hygiene, you’ve already enlisted two-factor authentication to help protect most of your online accounts. That’s good! Instagram, though, hasn’t given you the option. That changes today. Go get it.
Yahoo Breach Lessons IT Can't Ignore
Friday, March 24, 2017
infoworld.com
The indictment against the attackers behind the Yahoo breach illustrates just how vulnerable corporate networks are when thieves get their hands on employees' personal information.
Aviation Phishing Scams
Friday, March 24, 2017
us-cert.gov
US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.
Beware of Crooks Trying to Steal Your Cryptocurrency With These Schemes
Friday, March 24, 2017
zdnet.com
Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency has become invaluable to cybercriminals who exploit its anonymous, decentralised nature as a tool for demanding ransomware payments and laundering various other ill-gotten gains. This month social media Bitcoin scams have reached a new high, with over 125 million malicious links across Twitter, Facebook, and Instagram designed to attack victims and extort Bitcoin.
How Many Dossiers Do Corporations Have on You? at Least 78 — That You Can See
Friday, March 24, 2017
bobsullivan.net
Most folks don’t know there are dozens of other credit reports maintained by a handful of low-profile companies. These track everything from your check-writing habits to your health insurance claims. Mistakes on these other credit reports can be just as financially painful. Consumers have the right to see what’s in these reports too, but that right is useless to consumers who’ve never heard of the companies involved. That’s why American consumers should know a lot more about what are called “specialty credit reports” in the industry.
PBSO Deputy Pleads Guilty to Fraud Charges in Identity Theft Scam
Friday, March 24, 2017
palmbeachpost.com
A Palm Beach County sheriff’s deputy, who in December was named officer of the year for the Delray district, on Thursday pleaded guilty to federal fraud charges, admitting he used his access to law enforcement databases to propel an identity theft scheme.
New Details on Massive Vermont Data Breach
Friday, March 24, 2017
wcax.com
Gov. Phil Scott says state leaders initially thought hackers only had the opportunity to snatch one year's worth of account data. Turns out the culprits could have their hands on 14 years' worth. "This is appalling and I know this will be incredibly burdensome to the tens of thousands of Vermonters who are impacted," said Scott, R-Vermont. The governor says he's disappointed by how long it took the third-party contractor that runs the site to notify them of the breach and its possible extent.
Maine Job Match Service Hit With Data Breach
Friday, March 24, 2017
mainebiz.biz
The vendor of a web-based job link service used by Maine and at least nine other states reported Tuesday it had been the victim of a malicious data breach. A release posted on the MDOL's website reported that America's JobLink, a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from a "malicious third party 'hacker.'" The hacker exploited a "vulnerability in the AJL application code to view the names, Social Security numbers and dates of birth of job seekers in the AJL systems of up to 10 states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont," according to the release.
FCC Cracks Down on Annoying Robocalls
Friday, March 24, 2017
nbcnews.com
You might get interrupted a little less during dinner by annoying "robocalls" thanks to a new FCC proposal that passed today. "Robocall" telemarketers use machines armed with a list of phone numbers and pre-recorded pitch messages. Basically they spam you over your home telephone lines. One way the groups making the calls avoid detection and get around consumer call blockers is to disguise their where they're calling from using "spoofed" phone numbers.
North Korea Said to Be Target of Inquiry Over $81 Million Cyberheist
Friday, March 24, 2017
nytimes.com
Federal prosecutors are investigating North Korea’s possible role in the theft of $81 million from the central bank of Bangladesh in what security officials fear could be a new front in cyberwarfare.
Grayson County Public Schools Catches W-2 Phishing Scam Email
Thursday, March 23, 2017
wdbj7.com
A popular scam that happens around tax time has returned, but this time it's targeting schools, but one local division caught it immediately. The district's Human Resources Director Janice Linker received an email Tuesday from, what appeared to be, Superintendent Kelly Wilmore. It asked her to send a list of all employee W-2s in PDF form. But the division was already on high alert for this scam.
Idaho Department of Labor Hacked, Possible Identity Theft of 170,000 Job-Seekers
Thursday, March 23, 2017
idahostatesman.com
The Idaho Department of Labor reported Wednesday that about 170,000 of the state’s 530,000 job-seeker accounts – active and historical – were compromised by a hacking incident on March 12 and March 13...The account information that may have been viewed includes customers’ name, Social Security number and date of birth.
Charles Man Sentenced to Prison for Identity Theft
Thursday, March 23, 2017
thebaynet.com
A search of the vehicle, which was the same one used by Lee and Williamson to travel to the department stores in August, revealed gift cards, sales receipts, clothing and other merchandise, a laptop computer portable Wi-Fi device, as well as items used to create gift and credit cards encoded with stolen account information, including an embosser and electronic encoder.
Med Center Health Reports Stolen Patient Billing Information
Thursday, March 23, 2017
wbko.com
The information included name, address, Social Security number, health insurance information, diagnosis and procedure codes, and charges for medical service. However, the information obtained did not include patient medical records.
Urology Austin Was Victim of Ransomware Attack
Thursday, March 23, 2017
oag.ca.gov
Personal information may have been impacted by the ransomware, including
name, address, date of birth, Social Security number, and medical information.
Health Care Facility Hacked by Ex-Employee Using 2-Year-Old Credentials
Thursday, March 23, 2017
washingtontimes.com
The former systems administrator of a Pennsylvania health care facility was charged with criminal hacking Monday after prosecutors said he wreaked havoc using administrative credentials that went unchanged more than two years after he resigned...Mr. Coughlin, the former computer technician of an unnamed health care facility, is accused of purging records from his old job’s databases and purchasing nearly $5,000 worth of iPads on the company’s dime after he was asked to resign from the gig in February 2013 following three weeks of employment.
Woman Loses More Than $700,000 in Online-Dating Site Scam
Thursday, March 23, 2017
clickondetroit.com
A Troy woman was scammed out of more than $700,000 when she believed the lies of someone posting a fake profile on a dating website...police said the 58-year-old grandmother was that trusting, and perhaps lonely. She was looking for companionship on the singles dating site Match.com. A man who called himself Donny Koch met her on the site and said he was from London. He said he worked on an oil rig and needed money, so she started sending thousands of dollars. The man then told her he was caught with all the cash she sent him and was jailed. He said he needed money for bail, so she sent more and more money. "She has given him approximately $703,000," said Troy police Captain Robert Redmond.
Grandmother Loses More Than $17,000 in Scam
Thursday, March 23, 2017
kwch.com
Saline County Sheriff Roger Soldan says a man identifying himself as Sgt. Bradshaw with the U.S. Embassy in the Dominican Republic told the woman over the phone Monday that her grandson had been arrested in the country for possessing marijuana. The man than convinced the Saline County woman that she needed to spend $17,720 for her grandson's freedom and to cover court fees and his transport out of the country.
6 N.J. Men Charged With Running Telemarketing Scam Targeting Seniors
Thursday, March 23, 2017
nj.com
Six New Jersey residents scammed senior citizens out of hundreds of thousands of dollars by running phony telemarketing investment scams, authorities said. The men established seven companies and successfully convinced more than 30 people to invest money...A representative from each of the companies called potential marks and advised them they could make money through marketing websites that would be set up on their behalf, according to court papers. The victims, many of whom didn't know how to use a computer, were told they had to do nothing more than send a check or provide a credit card number. The majority of the victims are more than 70 years old.
Lithuanian Con Artist Scams Two US Tech Giants out of $100 Million
Wednesday, March 22, 2017
zdnet.com
A man from Lithuania has been arrested after he conned two large technology firms out of $100 million in an elaborate phishing scheme. The US Department of Justice (DoJ) said on Tuesday that Evaldas Rimasauskas orchestrated a phishing scheme which targeted US technology giants specifically, and he was able to swindle $100 million by pretending to be a legitimate business partner of at least one of the victims.
Scammers Are Not “Friends” to Small Business Owners
Wednesday, March 22, 2017
ftc.gov
Lately we’ve been hearing about scammers who reach out to small businesses through Facebook messages. People have reported receiving messages on Facebook telling them that they’re eligible for – or that they’ve won – a business grant. If you get a message like this through your personal Facebook account or on your company’s page, don’t respond. It’s a scam. The government won’t contact you on social media to offer you money.
Study: 67% of Taxpayers Worry About Tax Fraud, Identity Theft
Wednesday, March 22, 2017
hartfordbusiness.com
Sixty-seven percent of U.S. taxpayers are concerned about tax fraud and identity theft this year, according to a study released Wednesday by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
Hialeah Police Officer Accused of Identity Theft
Wednesday, March 22, 2017
patch.com
The indictment alleges that Castellon used his law enforcement access to DAVID to log into the system, conduct searches and take screen shots of other personal identifying information between June 1, 2016, and Oct. 19, 2016, officials said. Castellon allegedly sent more than 25 screen shots to codefendant Neilin Gonzalez Diaz in exchange for gifts.
Apple Pressured to Pay Ransom by Hackers Threatening to Remotely Wipe iPhones
Wednesday, March 22, 2017
softpedia.com
Apple is currently under pressure to pay a ransom to a group of hackers who are threatening to remotely wipe iPhones.
NY Attorney General: Record Number of Data Breach Notices Sent in 2016
Wednesday, March 22, 2017
news10.com
The New York Attorney General’s Office announced it received a record number of data breach notices in 2016. The office says it received 1,300 reported data breaches, that’s a 60 percent increase from the year before. The breaches exposed personal records of 1.6 million New Yorkers.
IRS Issues New Tax Scam Warnings, FSA Tool Suspended Due to Security Concerns
Wednesday, March 22, 2017
csoonline.com
The Internal Revenue Service (IRS) has issued a new warning to businesses, taxpayers, and tax prep professionals about Phishing scams targeting the sensitive information they work with on a daily basis. Soon after, the IRS and the US Department of Education suspended a tool that helps people obtain financial aid for college.
Walton School District Falls Victim to Scam
Wednesday, March 22, 2017
wjhg.com
"Well we were victims of basically a very elaborate phishing scheme," said Walton School District Superintendent A. Russell Hughes. "We received an email from an unknown person that was impersonating the superintendent," said Chief Information Officer, Henry Martin. Hughes said a scammer sent a series of emails pretending to be him to various employees asking for personal information. "One of my employees basically contacted me and said "Mr. Hughes, did you get the information request?" and I said I didn't request information and immediately they kicked into "oh my goodness, something has happened," Hughes explained.
Phishing Your Employees for Schooling & Security
Wednesday, March 22, 2017
darkreading.com
Imagine this fictional scenario: A student, hoping to become a surgeon, attends hours of medical courses. She never misses a class, always listens, and takes copious notes. Finally, after receiving the years of training necessary, the student receives her medical degree having never taken a test. Would you let this surgeon operate on you? I sure hope not! Testing is a crucial part of any form of education, for both teachers and students. That's why I believe your phishing education program isn't complete until you phish your own company's tank.
Data Breach May Involve Hundreds of UNC Health Prenatal Patients
Tuesday, March 21, 2017
wral.com
UNC Health Care said Monday it has begun notifying patients of a potential breach where personal data provided by prenatal patients at two obstetric clinics were mistakenly transmitted to local county health departments. The breach affects up to 1,300 patients who are believed to have completed Pregnancy Home Risk Screening Forms at their prenatal appointments at the Women’s Clinic at the North Carolina Women’s Hospital and UNC Maternal-Fetal Medicine at Rex Hospital between April 2014 and last month, officials said.
LCC Health Clinic Discovers Data Breach, Private Information Possibly at Risk
Tuesday, March 21, 2017
kval.com
If you used the Lane Community College Health Clinic between March of 2016 and February of 2017, your private information may be at risk...Staff found a virus on one health clinic computer during a routine check in February. The virus may have shared patient information, including names, dates of birth and social security numbers to a third party.
Teenage Boy Behind Traffic Violation Scam, Police Say
Tuesday, March 21, 2017
6abc.com
The notice included a photograph of each resident's vehicle along with the property owner's last name and complete mailing address. The notice directed individuals to leave the cash in their mailbox and send a notification e-mail to report the payment was ready for pick-up.
Watch out for These Tax-Themed Phishing and Malware Scams
Tuesday, March 21, 2017
zdnet.com
Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks. It isn't as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.
Hundreds of Powhatan School Employees Compromised in Data Breach
Tuesday, March 21, 2017
wtvr.com
The personal information exposed in the breach includes employees Social Security numbers, address, wages and taxes, and gross income. The data breach includes the personal information of 905 employees of Powhatan County Public Schools, a school spokesperson confirmed.
Palm Beach County Sheriff's Deputy Expected to Plead Guilty in Identity Theft Case
Tuesday, March 21, 2017
sun-sentinel.com
Federal prosecutors said the road patrol deputy used a law enforcement database to steal people’s identities and sold the information to another man, who pleaded guilty to federal charges.
Police Investigate Identity Theft, Discover Skimming Device at Gas Station
Tuesday, March 21, 2017
pottsmerc.com
During the investigation, police said they located and seized a skimming device that was attached to a card reader on one of the gas pumps. This device was not visible, police said, and could not be immediately detected without accessing the gas pump cabinet.
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them
Monday, March 20, 2017
wired.com
Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information. According to the the Anti-Phishing Working Group, 100,000 new phishing attacks get reported every month, and thousands of people fall for them. But you are smart. You can increase your chances of avoiding phishing scams if you follow these three steps and, above all, remember that when it comes to your email you can’t really trust anything.
Reports of Potential Data Breach at Saks Fifth Ave
Monday, March 20, 2017
nbcmiami.com
There are reports of Saks Fifth Avenue inadvertently exposing the personal information of customers online. The breach, which was first reported by Buzzfeed, had the e-mail addresses and phone numbers of shoppers visible on the Saks website.
Neiman Marcus to Pay $1.6 Million in Shopper Data Breach Lawsuit
Monday, March 20, 2017
dallasnews.com
Neiman Marcus has agreed to pay $1.6 million to settle a data breach class action in Illinois federal court. The three-year-old case stemmed from the December 2013 cyber attack that exposed credit card data of an estimated 350,000 Neiman Marcus shoppers.
District Attorney Launches Criminal Investigation Into St. Charles Data Breach
Monday, March 20, 2017
mycentraloregon.com
Deschutes County District Attorney John Hummel has launched a criminal investigation into the apparent breach of patient records at St. Charles Health System. “I was dismayed to learn via media reports that apparently a St. Charles employee impermissibly accessed records of thousands of patients,” said Hummel. “An alleged breach of this magnitude should have been reported to local police so that a proper criminal investigation could be conducted – as far as I’m aware this did not happen.”
'Please Be Extra Vigilant': NC Schools Warned About Email Scam Seeking Private Info
Monday, March 20, 2017
wral.com
Melisa Jessup checked her email. In her inbox was a strange request from her boss, Stokes County Schools Superintendent Brad Rice.
Energy Grid, Infrastructure Lag Behind in Protection Against Cyber Risk and Crimes
Monday, March 20, 2017
thestreet.com
The businesses in the energy sector have focused too much of their resources and attention on physical security such as their plants and machinery instead of their technology. These flaws leave companies more susceptible to attacks, said James Lee, executive vice president at Waratek, a Dublin, Ireland-based provider of application security solutions. "To a hacker, the ways you attack a control application is just the same as how you steal information from a retailer or bank," he said. "The difference is a cyberattack against control technology puts lives at risk."
Lawmakers Fear Infiltration of Defense Supply Chain
Monday, March 20, 2017
thehill.com
Lawmakers are worried about the vulnerabilities of the Defense Department’s supply chain and the risk of adversaries inserting malicious material into Pentagon weapons systems. “For a sophisticated adversary, this complex, multi-tiered supply chain offers numerous targets for attackers to potentially subvert the design, integrity and resilience of key national security assets,” Sen. Gary Peters (D-Mich.), a member of the Senate Armed Services Committee, told The Hill.
One Billion Yahoo Accounts Still for Sale, Despite Hacking Indictments
Sunday, March 19, 2017
nytimes.com
For sale: one billion Yahoo accounts, $200,000 or best offer. The passwords don’t work, but the dates of birth, telephone numbers and security questions could still be useful to an adept cyberthief. After federal prosecutors unsealed indictments this week against four men they say were responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts, data on one billion accounts — stolen in another attack on the company a year earlier — appeared to remain available on underground hacker forums on Friday.
At Least Two More School District Employees Report Being Identity Theft Victims After W-2 Theft
Sunday, March 19, 2017
bradenton.com
Two more Manatee County School District employees have reported being victims of identity theft believed to be a result of the data breach that resulted in the release of more than 7,700 W-2 tax forms to hackers.
This New Cyber Scam Has Targeted Thousands
Sunday, March 19, 2017
nypost.com
Cybercriminals have a new scam that has already taken in 65 companies throughout the state and harvested more than 7,000 employees’ Social Security numbers.
OPM Warns of Scam Targeting Federal Annuitants
Sunday, March 19, 2017
federalnewsradio.com
“The scammer threatens to end the annuitant’s retirement, threatens that a ‘magistrate’ will criminally prosecute, and demands an immediate payment. This is a government imposter scam — Do not send money,” wrote OPM’s Ken Zawodny, the associate director of Retirement Services, in a blog post. “Any communication of this type is NOT from an OPM official. OPM will not make such calls.”
Ethical Hacking: The Most Important Job No One Talks About
Sunday, March 19, 2017
darkreading.com
Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.
Experts Divided on Value of Cyber National Guard
Sunday, March 19, 2017
csoonline.com
This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community. According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.
Reality Star Becomes Victim of Identity Theft
Sunday, March 19, 2017
wsbtv.com
Police are searching for a suspect who stole the identity of a well-known Atlanta reality star. And now they fear the suspect may have struck again.
Search Warrant Issued for Everyone Who Googled Identity Theft Victim’s Name
Sunday, March 19, 2017
consumerist.com
Investigators believe the suspect used Google to create the passport and carry out the theft. However, when the Hennepin County Administrative Subpoena was sent to Google requesting subscriber information for anyone who had performed a search of the victim’s name, the company rejected the request.
Tax Department: 65 Companies Have Been Victimized by Tax Scams
Saturday, March 18, 2017
whec.com
The New York state Tax Department is warning companies and workers after it says 65 companies with New York employees have been victimized by tax scams.
3 Fla. Men Arrested for Using Skimming Device to Steal Credit Card Info at Va. Gas Station
Saturday, March 18, 2017
wjla.com
Police have arrested three men from Miami for using a skimming device to steal customer credit and debit card information from pumps at a gas station in Falls Church, Virginia.
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam
Saturday, March 18, 2017
krebsonsecurity.com
On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
IRS Warns of Last-Minute Tax Scams
Saturday, March 18, 2017
us-cert.gov
The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.
Trump Budget Adds $61 Million for FBI Cybercrime-Fighting Efforts
Saturday, March 18, 2017
darkreading.com
The Trump administration has proposed allotting an extra $61 million in its 2018 budget to the FBI and the Justice Department to strengthen their fight against terrorists and cybercriminals.
Google Points to Another POS Vendor Breach
Friday, March 17, 2017
krebsonsecurity.com
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Hacker Is a Villain to Russia and the United States, for Different Reasons
Friday, March 17, 2017
nytimes.com
Before United States prosecutors accused him of having orchestrated one of the largest computer thefts, Dmitry A. Dokuchaev’s legal problems were deepening in Russia, where he was once known by the hacker alias Forb and specialized in purloining credit card numbers. Mr. Dokuchaev, a stocky 33-year-old who appears on an F.B.I. “wanted” poster wearing a blue suit and with a mop of sandy hair, is emerging as a central figure in fraught relations between the United States and Russia on cybersecurity issues.
Cascading Effect: One Attack Led to Another at Yahoo
Friday, March 17, 2017
businessinsider.com
In effect, hackers created a Yahoo skeleton key by fooling the service into thinking they had already signed into particular accounts, even if they didn't know their passwords. Web service providers typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. The hackers used malware and the scrambled passwords in the user database to manufacture fake cookies. To Yahoo, it then appeared that the hacker was the authorized user, who was already logged in without entering a password.
Two-Thirds of Enterprises Use Advanced Tech Without Securing Data: Report
Thursday, March 16, 2017
thehill.com
The report comes amid high concerns over cyberattacks in the public and private sectors, following massive data breaches at Yahoo and the federal government’s Office of Personnel Management. According to Thales’s research, nearly 90 percent of respondents reported feeling some degree of vulnerability to data threats.
2 Men Arrested, 100 Stolen Credit Reports Recovered
Friday, March 17, 2017
koin.com
They seized more than 100 stolen credit reports and applications taken from All Car Auto Sales in Gladstone. Detectives learned the files were stored in a bathroom at the car lot.
Unencrypted Drive With 7 Years of Patient Data Stolen From Denton Heart Group
Friday, March 17, 2017
healthcareitnews.com
The backup files contained a hoard of patient data from 2009 until 2016: names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.
Inside the Russian Hack of Yahoo: How They Did It
Thursday, March 16, 2017
csoonline.com
One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people...The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.
Personal Data Leak Affects 33 Million US Employees
Thursday, March 16, 2017
darkreading.com
Security researcher Hunt got the data from a reportedly reliable source, and it is believed that it may have been stolen from the unprotected database of a D&B customer. The information includes personal details such as email addresses and company information. Affected employees include those of the Department of Defense, US Postal Service, AT&T, FedEx, Citigroup and others.
Mom and Daughter Who Hid Millions in Diapers Plead Guilty to Medicare Fraud
Friday, March 17, 2017
miamiherald.com
A mother and daughter who hid $2.4 million cash in diapers and baby towels when returning to Miami from the Dominican Republic pleaded guilty to running a $20 million Medicare scam through their Miami-Dade home healthcare agencies.
Even Tech-Savvy Gmail Users Are Getting Fooled by This Phishing Scam
Friday, March 17, 2017
komando.com
This attack is very convincing. Gmail users are receiving emails from people in their contacts list who have already been hacked. The fraudulent email looks even more authentic because the scammer goes through the senders' messages to find a topic that you are probably familiar with.
Wishbone App Data Breach Affects Huge Number of Users
Friday, March 17, 2017
slashgear.com
According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.
IRS Still Coping With Identity Theft and Service Problems
Thursday, March 16, 2017
accountingtoday.com
The Internal Revenue Service is continuing to face challenges with identity theft and taxpayer service this tax season, although there have been some improvements since last year.
People Who Identify as 'Tech Savvy' Are 18 Percent More Likely to Suffer ID Theft
Thursday, March 16, 2017
betanews.com
Identity theft is a growing problem, but who is falling victim to online ID fraud, why is it still happening, and how can you protect yourself?
Watch for Fake Tax Preparers Who Steal Your Identity and Run off With Your Cash
Thursday, March 16, 2017
nbcnews.com
These dishonest businesses "prey on unsuspecting taxpayers with outlandish promises of overly large refunds," the IRS said in a news release. Some also commit identity theft with the sensitive private information clients give them in order to prepare their return. "Choose your tax return preparer carefully because you entrust them with your private financial information that needs to be protected," IRS Commissioner John Koskinen said in a statement.
Justice Department Charging Russian Spies and Criminal Hackers in Yahoo Intrusion
Wednesday, March 15, 2017
washingtonpost.com
The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials. The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States.
More Than 120,000 Affected by W-2 Phishing Scams This Tax Season
Wednesday, March 15, 2017
csoonline.com
Tax season doesn't officially end in the United States until April 18. At last count, 110 organizations have reported successful Phishing attacks targeting W-2 records, placing more than 120,000 taxpayers at risk for identity fraud. Many of those working for the victimized firms have had a stressful time dealing with the fallout. Those who have experienced this unique type of crime say it's a nightmare. Some of those affected have had fraudulent returns filed under their name, in addition to issues with educational expenses. In one case, the scammers created flexible spending accounts with their stolen identities.
FTC Recommends Wider Implementation of DMARC to Combat Phishing Attacks
Wednesday, March 15, 2017
huntonprivacyblog.com
Fewer than 10 percent of the businesses evaluated, however, use Domain Message Authentication Reporting & Conformance (“DMARC”) – an email authentication technology which alerts the business about potential spoofing efforts and instructs ISPs to automatically reject unauthenticated messages that claim to be from the business’s email address. In its report, the FTC recommended “wider implementation” of DMARC, noting that using DMARC to reject unauthenticated messages would help businesses “further combat phishing by keeping these scam emails from ever showing up in consumers’ inboxes.”
Life Insurance Agents Convicted of Wire Fraud, Identity Theft
Wednesday, March 15, 2017
mercurynews.com
Prosecutors said personal information used to apply for the policies was collected through various means, including paying recruiters to find people to take medical exams and paying people to participate in a fictitious survey of a medical exam company. The trio opened hundreds of bank accounts to fund the premiums on the policies and typically paid the premiums for one to four months before letting the policies lapse, according to prosecutors. They also returned verification calls to the company purporting to be the applicants.
Credit Card Fraud in 130,000 Cases: Organized Crime Group Disrupted in Europe
Wednesday, March 15, 2017
europol.europa.eu
The Cypriot Police with the support of Europol, the US Secret Service and the Investigative Committee of the Republic of Belarus, have disrupted an organised criminal group that affected more than 130,000 payment card holders from 29 countries. Financial losses, including those for EU citizens, totalled EUR 8 million. Four members of the criminal organisation, including the leader, were identified and arrested during a police raid in Belarus.
Former IRS Agent From New Mexico Pleads Guilty to Identity Theft Charges
Wednesday, March 15, 2017
krqe.com
Joan Mobley, 54, pleaded guilty to aggravated identity theft and false statement charges. Mobley was responsible for performing audits of small businesses and self-employed individuals.
Arlington PD Searching for ID Theft Victims After Big Bust
Wednesday, March 15, 2017
dfw.cbslocal.com
Police say they seized backpacks full of mail and documents and piles of credit cards and IDs — even medical records. But, victims may not know they’ve been compromised...During a traffic stop, police found five backpacks full of mail and documents: 50 credit cards, social security cards, medical records, drugs and a BB gun replica of a semi-automatic pistol.
Two Charged With Identity Theft in Pa. Investigation
Wednesday, March 15, 2017
heraldmailmedia.com
Chambersburg police have charged two more people with identity theft in connection with an ongoing investigation into Social Security cards used to obtain employment.
Jo's iPhone, Pat's Laptop: Why Giving a Device Your Name Is a Serious Privacy Risk
Tuesday, March 14, 2017
zdnet.com
Using your first and or last name to designate your phone might seem harmless. But combined with other information, that hostname can reveal a user's identity, where they work, and potentially their social networks. The warning comes in a new informational memo from the Internet Engineering Task Force (IETF), entitled 'Current Hostname Practice Considered Harmful', which homes in on internet protocols that leak device hostnames.
Cincinnati Eye Institute: Possible Data Breach
Tuesday, March 14, 2017
wcpo.com
Cincinnati Eye Institute has sent a letter to all 500 employees informing them that personal information including Social Security Numbers may have been compromised, and offering them free ID theft protection. The letter explains that "a number of employees" report their tax returns have been rejected by the IRS, because someone already filed taxes this year using their name and Social Security number. The only thing these people have in common, they say, is that they all work at CEI.
Banks Spending Three Times More on Cybersecurity
Tuesday, March 14, 2017
itproportal.com
Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown...Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
IRS Says Tax Identity Theft on the Downswing
Tuesday, March 14, 2017
fox61.com
The IRS says identity theft income tax return fraud plummeted in 2016, with a 46 percent drop in the number of victims, to 376,000. In addition, the agency says it also stopped one million fraudulent refunds from being issued last year with savings of almost $6.6 billion.
IRS Guides Taxpayers to Avoid Online Scammers
Tuesday, March 14, 2017
darkreading.com
The Internal Revenue Service (IRS) has called on taxpayers to be extra vigilant of scammers and guard against identity theft, especially during tax-paying time. To assist taxpayers, the IRS has included online security steps in its sixth release of Tax Time Guide, a series of 10 IRS tax tips.
Boeing Insider Data Breach Serves as Reminder for HR
Tuesday, March 14, 2017
shrm.org
He couldn't format a spreadsheet. So he sent it to his spouse for help, ultimately causing a breach that could have exposed the personal data of 36,000 Boeing employees in four states, according to a report by The Associated Press. This is a good reminder of why HR needs to ensure employees are trained on proper data security measures.
Couple Lost $5,000 in IRS Scam
Tuesday, March 14, 2017
coshoctontribune.com
Sheriff's deputies report a Warsaw couple was scammed out of $5,150 last week by a telephone caller who claimed they owed back taxes.
CyberEdge: Ransomware Affected 61% of Organizations
Tuesday, March 14, 2017
softpedia.com
CyberEdge Group released its latest Cyberthreat Defense Report and, following its surveys, said that a huge number of organizations were affected by ransomware last year. Of those affected, 54% managed to get their data back without paying the ransom, while another 33% chose to pay the ransom to recover their info. Another 13% refused to pay and lost the data as a consequence.
Listen to ‘Tech Support’ Scam Calls That Bilk Millions out of Victims
Tuesday, March 14, 2017
wired.com
The scam starts with a warning on your computer—a shamelessly fake one, often imitating a blue screen of death or a blinking malware alert. It informs you that your PC suffers from a smorgasboard of security problems, ranging from stolen credit cards to breached family photos to stalkers watching you through your webcam. And it offers a toll-free number for a “Microsoft” support line.
Ark City School District Victim of Internet Phishing
Tuesday, March 14, 2017
newscow.net
The Ark City school district and its employees were recently the victims of an online phishing scheme in which certain employees’ tax account information was compromised.
Phone Scam Pretending to Be Publisher's Clearinghouse Steals Thousands
Tuesday, March 14, 2017
wpsdlocal6.com
The Weakley County, Tennessee, Sheriff's Department says the victim of the scam was told they won a car and millions of dollars from Publisher's Clearinghouse. They were told they needed to pay taxes on the car by wiring it to the scammers via Western Union. Before they sent the money, the victim was convinced not to tell anyone about their supposed winnings as well.
US Military Leak Exposes "Holy Grail" of Security Clearance Files
Monday, March 13, 2017
zdnet.com
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance...Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.
Hackers Steal Personal Data of Thousands of Hospital Staff
Monday, March 13, 2017
zdnet.com
Hackers have stolen information about thousands of NHS medical professionals by compromising the server of a private contractor. Cyberattackers infiltrated a data server operated by IT supplier Landauer, stealing a mix of names, dates of birth, radiation doses, and National Insurance numbers of staff who work with X-Rays.
Over 65.3M LinkedIn Users Have Weak Passwords, the Rest Can Be Easily Cracked
Monday, March 13, 2017
news.softpedia.com
Last year, LinkedIn has a massive data breach where millions of passwords were leaked, and it seems that out of the entire trove of data, 35% of users were using weak passwords to begin with, while other 65% were using passwords that can be cracked.
IRS Took Down FAFSA-Autofill Tool to Prevent Identity Theft
Monday, March 13, 2017
nextgov.com
An online tool that auto-filled tax data for federal student loan applications has been temporarily removed in an effort to stave off identity thieves.
N.J. Man Charged in Elaborate Identity Theft Scheme
Monday, March 13, 2017
nj.com
Clay is accused of diverting mail, hacking online accounts and applying for and receiving loans and credit cards under others' names.
Husband and Wife Charged With Identity Theft
Monday, March 13, 2017
thetimes-tribune.com
Ann Marie Comcowich, 47, worked as a “relationship management specialist” for Prudential Insurance Co. in Moosic. She used Social Security numbers and account numbers to funnel $84,161.53 from tax-deferred retirement plans into a bank account she shared with her husband, 52-year-old Kenneth Comcowich, Detective Renee Castellani charged in a complaint.
VCU Reports Breach of Medical Files
Monday, March 13, 2017
richmond.com
Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes...An investigation found that employees of some community physician groups and an employee of a contracted vendor accessed, without legitimate business reasons, information about services patients received at the VCU Health System. As a result of the incidents, the respective employers terminated those employees.
Phishing: Would You Fall for One of These Scam Emails?
Monday, March 13, 2017
zdnet.com
In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.
Home Depot Settles Data Breach Claims
Friday, March 10, 2017
huntonprivacyblog.com
Home Depot reached an agreement that includes the payment of $25 million and the implementation of new data security measures to resolve a class action brought by financial institutions impacted by the company’s 2014 data breach. The breach involved the theft of Home Depot customers’ personal information, including names, payment card numbers, expiration dates and security codes. Approximately 56 million payment card numbers were compromised. This information was sold to identity thieves, who used it to make fraudulent transactions. As a result, financial institutions were required to take steps such as cancelling the compromised cards and reimbursing customers for fraudulent charges.
Phishing Scam Catches NC Symphony
Friday, March 10, 2017
newsobserver.com
The North Carolina Symphony recently fell prey to an email “Phishing” scam – and it’s going to cost the organization nearly $60,000. According to a report filed with the North Carolina Attorney General’s office, the Feb. 7 leak involved the mistaken release of W-2 tax information for 262 people, including symphony musicians, staff and contract employees.
30 Accused in Queens Credit Card, Identity Theft Ring
Friday, March 10, 2017
newyork.cbslocal.com
The ring was responsible for stealing personal credit information from hundreds of consumers at a cost of more than $3.5 million in losses to individuals and financial institutions, prosecutors said...Seepersad allegedly accessed the financial records of potential buyers at car dealerships where he worked and gave them to the theft ring for a flat fee, prosecutors said. The theft ring then gave the stolen personal information to an “account activator” who took the information and prepared accounts to be taken over, prosecutors said.
Lawmakers Receive Lukewarm Assessment of Cyber Cooperation Between Feds, Private Sector
Thursday, March 09, 2017
thehill.com
Legislators received a lukewarm assessment of the federal government’s cooperation with the private sector on cybersecurity at a hearing on Thursday. Industry experts told a congressional panel with oversight of the Department of Homeland Security’s (DHS) cybersecurity and infrastructure protection efforts that the agency needs to share more information more quickly and robustly with private organizations to safeguard the nation against cyber threats.
Fake SEC Emails Target Execs for Inside Information
Thursday, March 09, 2017
fortune.com
Cyber scammers are using a new trick to get confidential corporate information: They are sending spoofed emails, purporting to be from the Security and Exchange Commission, and aiming them at lawyers, compliance managers, and other company officials who file documents with the SEC...The email attacks in question, known as "spear-phishing" are effective because they are addressed to specific people and appear to be from a legitimate source. In the case of the fake SEC emails, the targets included corporate officials with titles like SEC Reporting Manager and Senior Legal Specialist—the very people, in other words, responsible for securities filings, and who could expect to receive an email from the SEC.
Government Imposters Want to Get to Know You
Friday, March 10, 2017
consumer.ftc.gov
The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) and the FTC want you to know about a scam in which callers posing as federal employees are trying to get or verify personal information. This is a government imposter scam.
After CIA Leaks, Tech Giants Scramble to Patch Security Flaws
Thursday, March 09, 2017
zdnet.com
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA's Center for Cyber Intelligence.
HHS' IT 'Strategic Plan' Spotlights Cybersecurity, Privacy
Friday, March 10, 2017
healthcareinfosecurity.com
The Department of Health and Human Services' four-year information technology strategic plan includes a risk-based approach focused on improving security and privacy protections of HHS data and systems, more effectively preventing and responding to emerging threats, and beefing up HHS' cybersecurity-related workforce.
Credit Union Sues Eddie Bauer for Failing to Prevent Data Breach
Friday, March 10, 2017
seattletimes.com
Veridian Credit Union says Eddie Bauer should compensate financial institutions for their costs after a hack of the retailer’s point-of-sale system stole consumer payment card information last year.
Health Industry Plays Catch-Up on Cybersecurity
Thursday, March 09, 2017
thehill.com
All eyes are on an upcoming report from a Department of Health and Human Services (HHS) task force established under the Obama administration that will detail the industry’s cybersecurity shortfalls. “We have very few specific challenges to healthcare, but a lot of the smaller individual challenges that other sectors face, we have all of them,” Josh Corman, head of the Atlantic Council’s Cyber Statecraft Initiative and a member of the task force, told The Hill.
Internet-Connected 'Smart' Devices Are Dunces About Security
Thursday, March 09, 2017
sfgate.com
One problem: Many people don't realize they have to secure connected devices with passwords like they do with computers. "People don't think of a TV or a camera as a computer and that's all it is," said Gartner analyst Avivah Litan. If a device comes with a default password, it needs changing the moment you hook it up. Similarly, your Wi-Fi password shouldn't still be the one it came out of the box; it needs a hard-to-guess passphrase to ensure that it can't be easily hacked.
FBI Chief Calls for Private Sector to Help Battle Cybercrime
Thursday, March 09, 2017
cio.com
In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target's systems.
C.I.A. Scrambles to Contain Damage From WikiLeaks Documents
Thursday, March 09, 2017
nytimes.com
Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.
CAIF Raises Awareness of Medical Identity Theft
Thursday, March 09, 2017
effinghamdailynews.com
Coalition Against Insurance Fraud has advised that Identity Theft has spawned a vicious new crime: Medical Identity Theft...These scams include illegal and bogus treatment, the purchases of addictive drugs and the purchase of various medical devices and equipment such as oxygen tanks or wheelchairs. Additionally, the victims correct health history can be compromised by the actual scammer's medical file and treatments.
Madigan Finds Debt and Identity Theft to Be Reoccurring Complaints
Thursday, March 09, 2017
chicago.cbslocal.com
Consumer debt and identity theft continue to be the top sources of complaints to the Illinois attorney general...Madigan said the fact that her office has gotten these same complaints nine years in a row shows how some of the scams change, that people don’t know their rights and that she has more work to do.
Weekends Only Reports Credit Card Data Breach
Thursday, March 09, 2017
ksdk.com
The credit card information of Weekends Only online shoppers has been compromised, the furniture retailer has learned. The company says Aptos, the company that hosts its online payment platform experienced a data breach. That company is working with cyber security experts, the FBI and the U.S. Department of Justice in the investigation.
Daytona State College Warns Employees of Potential Data Breach
Thursday, March 09, 2017
clickorlando.com
Daytona State College is warning its staff about a potential data breach involving W-2 information after one employee had his or her personal information misused.
FBI Prepares for New Hunt for WikiLeaks’ Source
Wednesday, March 08, 2017
washingtonpost.com
The FBI has begun preparing for a major mole hunt to determine how anti-secrecy group WikiLeaks got an alleged arsenal of hacking tools the CIA has used to spy on espionage targets, according to people familiar with the matter. The leak rattled government and technology industry officials, who spent Tuesday scrambling to determine the accuracy and scope of the thousands of documents released by the group. They were also trying to assess the damage the revelations may cause, and what damage may come from future releases promised by WikiLeaks, these people said.
National Consumer Protection Week
Wednesday, March 08, 2017
us-cert.gov
March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.
Hackers Use Facebook Quizzes to Steal Personal Info
Wednesday, March 08, 2017
nbcnews.com
Security experts warn that hackers often use Facebook quizzes to access your personal information.
National Consumer Protection Week: A Closer Look at Child Identity Theft
Wednesday, March 08, 2017
lexch.com
Child identity theft is one of the worst forms of identity theft because it often goes unchecked and unnoticed for years. A child’s Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. Why would ID thieves wish to assume a child’s identity? Because that child’s credit is a clean slate, which likely means available credit.
Traffic Stop Helps Charlotte Police Blow Open Ring of Fake Credit Cards and Bogus IDs
Wednesday, March 08, 2017
charlotteobserver.com
A random traffic stop last month has provided a glimpse into an identity-theft ring in Charlotte that police say has claimed victims across the Carolinas and as far away as California.
Lake Kennedy McCulloch (CPAs) Data Breach
Wednesday, March 08, 2017
islandsweekly.com
After a preliminary investigation, it was discovered that perpetrators had illegally hacked into the company’s system, and accessed 2015 tax return information for a number of individual tax clients. Using this information, staff believe the perpetrators fraudulently filed some 2016 returns to obtain tax refunds.
Pa. Appellate Court: Employer Owes No Duty of Care to Protect Employee Data Against Breach
Wednesday, March 08, 2017
dataprotectionreport.com
The court ruled that under state law, UPMC did not owe a duty of reasonable care to its employees in the collection and storage of employee data. In coming to this conclusion, the court acknowledged the practical realities facing large employers, highlighting the utility of electronic storage of employee data. The court also considered the social and financial costs of holding employers responsible for third-party criminal acts, especially “when there is no true way to prevent data breaches altogether.”
Verizon: Most Breaches Trace to Phishing, Social Engineering
Wednesday, March 08, 2017
databreachtoday.com
Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one of the hottest commodities on underground or dark web marketplaces are credentials, which attackers can use to log into enterprises and make it appear that they're legitimate users. "Because organizations don't have multifactor [authentication] rolled out, it makes it trivial to get in," says Chris Novak, director of global investigative response for Verizon, in a discussion about the company's latest Data Breach Digest, a companion report to the company's annual Data Breach Investigations report.
Identity Theft Hits Manufacturing Plant
Wednesday, March 08, 2017
wnep.com
Workers at an auto parts plant in Columbia County have had their personal information stolen and the crooks have already victimized some of the workers by using their names to file phony tax returns.
How to Recognize the Signs of Tax Identity Theft
Wednesday, March 08, 2017
ksdk.com
Tax filing season is upon us. Soon you will be filing your paperwork and perhaps receiving a nice check — unless thieves file a return in your name first and falsely claim your refund.
Do Not Return Calls or Texts From These Area Codes--It May Be a Scam
Wednesday, March 08, 2017
inc.com
A scam that seems to reappear periodically is back and helping criminals steal people's money. Protecting yourself is simple--if you know how the scam works. So, here is what you need to know to protect yourself from the three variants of the scam.
In Wake of Trump's Immigration Restrictions, Scam Artists Prey on the Undocumented
Wednesday, March 08, 2017
pri.org
From unscrupulous attorneys charging thousands of dollars for residency or work visas that never materialize to cheats bilking victims for documents freely available online and people passing themselves off as federal immigration agents, advocacy groups and officials say fraudsters are feasting on immigrant fears.
Realtors Caution of Final Notice Scam
Wednesday, March 08, 2017
orlandosentinel.com
Florida’s leading real estate industry group cautioned members against replying to a “Final Notice” bill from the Florida Board of Realtors. There is no Florida Board of Realtors. “It’s a scam,” said Florida Realtors chief executive Bill Martin. “And it’s not a simple scam. High-tech criminals put a great deal of work and planning into this.”
Obama’s Cyber Commissioners Nudge Trump on Cybersecurity Policy
Wednesday, March 08, 2017
thehill.com
Members of a commission established under former President Barack Obama to examine the federal government’s cybersecurity efforts are nudging the new Trump administration to move forward on its recommendations. Three members of the commission, including former Obama national security adviser Tom Donilon, on Monday reiterated their call for more cooperation between the public and private sector and more leadership in the White House to spearhead efforts on cybersecurity.
WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets
Wednesday, March 08, 2017
wired.com
Initial expert reactions are that the data seems legitimate and will create deep problems for the CIA on many fronts. The leak has the potential both to undermine the organization’s ability to carry out offensive intelligence gathering and to damage its international public perception. The leak exposes CIA capabilities and tools like unpatched iOS and Android vulnerabilities, strategies for compromising end-to-end encrypted chats (though not undermining the encryption itself), bugs in Windows, and even the ability to turn Samsung smart TVs into listening devices.
Ransomware Onslaught Continues: Old Foes, New Defenses
Wednesday, March 08, 2017
databreachtoday.com
Crypto-locking ransomware, which forcibly encrypts sensitive information on a system, then demands cryptocurrency for a promised decryption key, offers remote attackers a relatively low-cost, high-reward scheme, and they keep doubling down on related attacks. As the EU's law enforcement intelligence agency Europol noted in its Internet Organized Crime Assessment report last year, "cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data stealing malware and banking Trojans."
Retired FBI Agent Helps Nab Identity Fraud Suspect at Kinetic Credit Union
Tuesday, March 07, 2017
ledger-enquirer.com
A man attempting to take out an automobile loan at a Kinetic Credit Union branch was arrested by federal agents on Monday and charged with making false statements to a federally insured institution and aggravated identity theft.
FTC: Young People Are Frequent Identity Theft Victims
Tuesday, March 07, 2017
wgme.com
Federal investigators say thieves are intentionally targeting young people because it can be years before the crime is detected...The Federal Trade Commission estimates that those between the ages of 20 and 29 are among the most frequent victims of identity theft, adding up to about 18 percent of all identity theft complaints.
Spammers Accidentally Expose Database of 1.4 Billion Addresses
Tuesday, March 07, 2017
techspot.com
Earlier this year, MacKeeper security researcher Chris Vickery stumbled upon what he described as a suspicious (yet publicly exposed) collection of files. To make a long story short, someone had forgotten to put a password on the repository and now, one of the world’s largest spam empires is crumbling.
Public School Board Investigates Data Breach
Tuesday, March 07, 2017
windsorstar.com
A security breach at the public school board leaked personal and banking information of employees on an internal computer network, before school officials were alerted by students who discovered the information on Monday.
WikiLeaks Says It Has Obtained Trove of CIA Hacking Tools
Tuesday, March 07, 2017
washingtonpost.com
The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA’s computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community’s most closely guarded cyber weapons. WikiLeaks touted its trove as exceeding in scale and significance the massive collection of National Security Agency documents exposed by former U.S. intelligence contractor Edward Snowden...The data release alarmed cybersecurity experts.
WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents
Tuesday, March 07, 2017
nytimes.com
In scale, the Vault 7 archive appears to fall into the same category as the biggest leaks of classified information in recent years, including the quarter-million diplomatic cables taken by Chelsea Manning, the former Army intelligence analyst, and given to WikiLeaks in 2010, and the hundreds of thousands of documents taken from the National Security Agency by Edward J. Snowden and given to journalists in 2013.
Payments Giant Verifone Investigating Breach
Tuesday, March 07, 2017
krebsonsecurity.com
Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.
University of Minnesota Law Grad Admits Guilt in Porn-Troll Scheme
Tuesday, March 07, 2017
startribune.com
John L. Steele, a University of Minnesota Law School graduate who once bragged to a reporter that he and a colleague earned millions of dollars by suing hundreds of people for illegally downloading pornography, admitted Monday in a Minneapolis federal courtroom that it was a scam.
Dark Web Scheme Lets Wannabe Cybercriminals Get in on Ransomware - for Free
Tuesday, March 07, 2017
zdnet.com
A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50. Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.
Filing a Consumer Complaint
Tuesday, March 07, 2017
usa.gov
Find out what steps to take and who you should contact if you need to file a complaint against a company.
Why Awareness Needs to Teach Scam Detection and Reaction
Tuesday, March 07, 2017
csoonline.com
Does your awareness program provide specific examples of what to avoid, or does it provide blanket guidance for how to behave. In this case, while it wasn’t the predefined scam, what I experienced had the same effect. Does your phishing training teach people how to recognize the simulated phishing messages, or phishing messages in general? Does your social engineering program teach people to recognize specific scams, or all general scams? You need to be very sure you’re teaching people the right things.
Sunnyside School District Accidentally Releases Employees' Personal Information
Tuesday, March 07, 2017
tucsonnewsnow.com
Personal employee information was accidentally emailed to every Sunnyside Unified School District employee. That's more than 2,000 people. According to the district's IT department, at least 559 employees opened that email.
Microsoft Tech Support Scam Leverages Full-Screen Mode to Trick Victims
Tuesday, March 07, 2017
scmagazine.com
A new tech support scam website leverages deceptive visual elements to trick victims into thinking they have been redirected to a legitimate Microsoft support website, even though they actually never left the scam page.
Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security
Tuesday, March 07, 2017
consumerreports.org
We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions.
As Many as 7.5 Million Voter Records Involved in Georgia Data Breach
Monday, March 06, 2017
myajc.com
Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach. As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record.
Consumer Reports to Test Products for Privacy, Data Security
Monday, March 06, 2017
thehill.com
Consumer Reports is going to begin evaluating products for privacy and data security, the U.S. nonprofit product review group said on Monday. Consumer Reports has partnered with cybersecurity experts to develop an industry standard for testing devices for security and consumer data protection, an initial version of which is posted online to solicit feedback. “We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy — and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps,” the organization said in a blog post on its website.
16 People Linked to Frisco Hospice Indicted in Alleged $60 Million Fraud
Monday, March 06, 2017
nbcdfw.com
The owner of a Frisco hospice and 15 others including doctors and nurses were indicted Tuesday after an FBI investigation uncovered an alleged $60 million health care fraud scheme. The FBI raided the company's offices in September 2015 and in a search warrant accused Harris of telling nurses to deliberately overdose some patients with morphine or other drugs in order to maximize profits. "You need to make this patient go bye-bye," Novus told one of the nurses, according to the search warrant.
Imposter Scams Bypass Identity Theft for First Time
Monday, March 06, 2017
pymnts.com
Last year imposter scams bypassed identity theft for the first time as the second largest category of consumer complaints, according to the Federal Trade Commission’s Consumer Sentinel Network in 2016.
New York’s Cybersecurity Rules: What Insurance Professionals Should Know
Monday, March 06, 2017
insurancejournal.com
The cyber rules require insurance and insurance-related companies as well as brokers, agents and adjusters licensed in New York to assess their specific cyber risk profiles and design cybersecurity programs that address such risk in a “robust fashion.”
Hackers Leak Kate Moss’ Nude Wedding Day Images After Hacking Her Computer
Monday, March 06, 2017
techworm.net
Hackers managed to breach supermodel Kate Moss’ computer and access her online accounts. The unknown hackers then proceed to leak nude images of Kate Moss in a state of undressing and changing into her wedding gown during her wedding to Jamie Hince in 2011.
Lawmakers Fear Us Has Fallen Behind in Cyber Warfare
Monday, March 06, 2017
thehill.com
Lawmakers in both chambers of Congress are confronting hard truths about the U.S. military’s cyber vulnerabilities and lack of a comprehensive strategy to deter and respond to cyberattacks. Members of Congress worry that adversaries could potentially breach the defense industry supply chain or exploit the military’s dependence on computers and high-tech systems for operations, fears that were confirmed by testimony from experts and former officials this week.
Missouri Proposal Requires Schools to Tell You When Child's Information Stolen
Monday, March 06, 2017
kspr.com
The state auditor said Missouri law currently does not require school districts to alert parents or guardians when student's sensitive information is stolen.
In Defense of Assuming Another’s Identity
Monday, March 06, 2017
networkworld.com
My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health. As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner. Lie to them.
Glastonbury Schools Phishing Scandals Impacts 1,600 Workers
Saturday, March 04, 2017
nbcconnecticut.com
A phishing scandal has hit another Connecticut school district. Glastonbury school's superintendent said the district became victim of the W-2 phishing scam that has impacted other districts in the country and Groton. Superintendent Alan B. Bookman said that 2016 employee W-2 tax form information was compromised for 1,600 workers.
"With the exception of Food Service personnel, any Glastonbury Public Schools employee who was issued a W-2 for the 2016 tax year could be affected," a letter sent out to Glastonbury Public School employees said. Groton Public Schools reported a similar incident on Thursday.
Cancer-Stricken 5-Year-Old's Photo Used in Charity Scam, Family Claims
Saturday, March 04, 2017
cnn.com
It's hard enough to have a 5-year-old son battling brain cancer. But when Kelly Incandela learned that a woman apparently was going around Brooklyn in New York City fraudulently asking for donations for a funeral for her son, sadness quickly morphed into something else.
The Golden Age of Email Hacks Is Only Getting Started
Saturday, March 04, 2017
wired.com
As Governor of Indiana, Mike Pence conducted state business using his personal email account. An AOL account. So of course someone hacked it. With a phishing scam...Let’s start with the obvious: Personal email has no place in government business. Legally speaking, all state and federal employees must maintain a record of their communications. Transparency demands it. A government email account provides a digital paper trail, and something the public, or journalists, can demand access to. Personal accounts do not, because you may not even know they exist. Equally important, they don’t offer the security of a .gov account. From a basic security perspective, no one earning a government paycheck should use Yahoo, or Gmail, or AOL, or anything else because, honestly. Despite this, public officials continue using personal email. So do you. So do I, switching back and forth between work Outlook and personal Gmail. We all do it, for the same fundamental inalienable reason: We find it so much easier. That’s doubly true for people toiling away in tightly controlled environments, where draconian restrictions on access and attachments can make logging onto work emails literally more trouble than it’s worth.
FAFSA and Student Loan Identity Theft
Saturday, March 04, 2017
idtheftcenter.org
Too many young people discover their identities have been stolen when they apply for student loans or financial aid.
U.S. Marshals Warn Against Dual Phone Scams
Saturday, March 04, 2017
networkworld.com
The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.
German Researchers Find Flaws in Nine Major Password Managers
Saturday, March 04, 2017
scmagazine.com
A group of security researchers called TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities.
FTC Releases Annual Summary of Consumer Complaints
Friday, March 03, 2017
ftc.gov
Imposter scam complaints surpassed identity theft for the first time as the second most common category of consumer complaints received by the Federal Trade Commission’s Consumer Sentinel Network in 2016, according to the agency’s new Data Book...The rise in impostor scam reports is due to an increase in complaints about government imposters. Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician to convince a consumer to send money. Imposter scams also topped the list of complaints from military consumers followed by identity theft complaints.
Cyberstalking Charge Brought in Manhattan Federal Court Against Missouri Man for a Pattern of Harrassment Involving Threats to Jewish Community Centers
Friday, March 03, 2017
justice.gov
In July 2016, an email was sent to Victim-1’s employer that made false allegations about Victim-1, including that she had broken the law, using an internet protocol (“IP”) address that Thompson had previously used to access his social media account. On October 15, 2016, an IP address that traced back to Thompson’s residence was used to report falsely that Victim-1 possessed child pornography. When confronted by law enforcement on November 22, 2016, Thompson claimed that his email account had been hacked a few weeks earlier...
19 Indicted in International Fraud and Money Laundering Schemes
Friday, March 03, 2017
fbi.gov
Federal indictments unsealed today in Washington, D.C., charged 19 people in the U.S. and abroad with participating in various international fraud and money laundering conspiracies that resulted in the theft of more than $13 million from more than 170 victims, primarily in the U.S...The investigation began in 2011, when the Bureau’s Washington Field Office received information about abandoned property in a hotel room in Washington, D.C. From that, the FBI was able to link the recovered evidence to a transnational organized crime operation involving an online vehicle fraud scheme...The investigation into the online vehicle fraud scheme led to the realization that some of the criminals involved in that scheme had branched out to much more lucrative activity—a BEC scheme that resulted in losses of more than $10 million from victim companies.
America Has a 'Cybersecurity Crisis': Symantec CEO
Friday, March 03, 2017
cnbc.com
Do you feel safe browsing online? Have you ever been a victim of credit card fraud? Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec Chief Executive Greg Clack told CNBC on Thursday. "I think that's a very big crisis."
NEED AN EXPERT?
Rob Douglas identity theft expert

Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world? 

Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder? 

Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud? 

If so, we invite you to learn more about identity theft and scam expert Rob Douglas.