Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
Highly Confidential Psychotherapy Records From Behavioral Health Center in Bangor, Maine Listed on Dark Web Monday, April 24, 2017 databreaches.net In what may be the worst breach of 2017 so far in terms of highly sensitive and confidential patient records, a behavioral and mental health center in Maine recently learned that its patients’ records – including evaluations, session notes, and records of sex offenders and sex abuse victims – had not only been in the hands of one criminal, but had reportedly been sold to an unknown party for unknown purposes.
AZ Man Struggles With IRS for Decade to Try and Fix Case of Identity Theft Monday, April 24, 2017 abc15.com Tony Chilicas and his fiancé, Holly, are getting married in July. But their walk down the aisle will only be symbolic. Chilicas refused to make it legally official. “I don’t want her taking my last name until this is done,” he said. It’s because of another man: Jorge Campos Ramirez. But this isn’t some messy love triangle. It’s an unbelievable case of identity theft that’s messed with Chilicas’ life for a decade.
6 Factors Impacting Identity Theft Risks Monday, April 24, 2017 cutimes.com The threats posed by cyber attacks and identity theft continue to grow as cyber criminals always seem to be on offense while consumers and insurers are on defense.
Indian Police Allege IRS, FBI, Other Law Enforcement Not Interested in Phone Scam Arrests Monday, April 24, 2017 forbes.com Taxpayers across the country breathed a sigh of relief after the arrest of Sagar Thakkar, a 24-year-old Indian man accused of running those Internal Revenue Service (IRS) phone scams. Indian police arrested Thakkar earlier this month, claiming he was the mastermind behind the scam where callers posed as IRS agents to collect bogus tax debts. According to the local police, the lack of response from American law enforcement authorities familiar with the investigation has been deafening.
Russian Hacker Behind Kelihos Botnet Indicted in U.S. Monday, April 24, 2017 news.softpedia.com Russian hacker Peter Levashov was indicted on eight counts of fraud, conspiracy, and identity theft. Levashov, who was arrested in Spain early this month, is believed to be Severa, the hacker behind the Kelihos botnet, one of the largest spam operations in the world. The indictment comes from a federal grand jury in Connecticut, which came together on Friday in order to lay out all accusations the US has against Levashov.
Fake Delta Airline Receipts Spread Financial Malware Monday, April 24, 2017 news.softpedia.com The phishing email is specifically constructed to make you curious. There is no information about the flight included, which is something that such emails normally contain, but there is a link that you are urged to follow. On the other hand, if you pay attention to the email you've received, you'll notice that the email address is wrong, as it comes from @deltaa, instead of @delta.com. Similarly, if you're a frequent Delta flyer, you'll know the legitimate emails from the airline look a bit different.
The Backstory Behind Carder Kingpin Seleznev’s Record 27 Year Prison Sentence Monday, April 24, 2017 krebsonsecurity.com Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev’s record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial.
New Password Guidelines Say Everything We Thought About Passwords Is Wrong Monday, April 24, 2017 venturebeat-com.cdn.ampproject.org When I recently discovered a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology), I was amazed about the number of very progressive changes they proposed. Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals use them as base standards and best practices when forming policies for their companies. Thus, another fact I was surprised about was a lack of attention to this document, finalized March 31, from both official media and the blogosphere. After all, those changes are supposed to affect literally everyone who browses the Internet. Here is a quick look at the three main changes the NIST has proposed.
Is Identity Theft Protection Worth It? Monday, April 24, 2017 usatoday.com Many turn to identity theft service providers. It's a market worth $3 billion, according to the research firm IBISWorld. According to the Government Accountability Office, about 50 to 60 companies provide these services. But do they work? That was the question posed in a recent GAO study. Its report described four types of identity theft services -- credit monitoring, identity monitoring, identity restoration and identity theft insurance.
Ignoring a WhatsApp Scam Friday, April 21, 2017 nytimes.com Q. I signed up for WhatsApp out of curiosity last year but never used it. Today I got an email message about someone sending me a WhatsApp voice mail. Is this for real?
Ransomware Kit Offered at Bargain-Basement Prices Friday, April 21, 2017 govinfosecurity.com A look at a Russian-speaking hacker offering novice cybercriminals a cheap way to conduct ransomware attacks leads the latest edition of the ISMG Security Report.
'Trust Attacks' Fueled by IoT Risks Friday, April 21, 2017 bankinfosecurity.com So-called "trust attacks" aren't waged for financial gain. They're waged to compromise data, data integrity and to expose sensitive information. Darktrace CEO Nicole Eagan says trust attacks will be among our greatest IoT worries in 2017, because organizations are likely to see attackers using machine learning and artificial intelligence to turn internet-connected devices against us.
Cybersecurity Firm Exposed Non-Anonymized Hospital Data in Demos Friday, April 21, 2017 scmagazine.com Cybersecurity startup Tanium is in hot water after exposing non-anonymized network data from a California hospital during live product demonstrations and online videos. The hospital is one of Tanium's clients and while the firm says that it had permission to use the hospital's environment, the company's Chief Executive Officer Orion Hindawi admitted in an open letter to its consumers that the firm “should have done better anonymizing that customer's data.”
Fake Marine Sentenced in Identity Theft Friday, April 21, 2017 wrn.com In a case that was less about “Semper Fi” and more about semper fib, a man who pretended to be a U.S. Marine in order to rip off local businesses in Menomonee Falls has been sentenced to three years in prison.
Identity Theft Ring That Used Stolen IDs to Buy Cars Friday, April 21, 2017 wsoctv.com Investigators say the suspects created fake driver’s licenses and included their picture. They presented the IDs with a fraudulent credit application, deputies said. The suspects got busted when deputies said they used the same driver’s license number in back-to-back in two weeks, using different names.
Tax Scam: A Game of Speed and Numbers Wednesday, April 19, 2017 gcn.com “Tax season is the perfect opportunity for cybercriminals to monetize data obtained from relatively low effort phishing, like the W-2 scam,” said David Vergara, head of global product marketing for VASCO Data Security. “The volume of tax activity, coupled with the speed in which they submit fraudulent returns, makes it virtually impossible for the IRS to catch it all." Cybercriminals who file fraudulent tax returns before the taxpayer and can successfully repeat the process get the biggest prize, he added: “It’s a game of speed and numbers.”
Job Seekers on ZipRecruiter Being Targeted by Scams via Email and Text Wednesday, April 19, 2017 csoonline.com Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.
Jodi Gissel: Fighting Fraud Wednesday, April 19, 2017 acamstoday.org The Justice for Fraud Victims Project (JFVP) began at Marquette University in the fall of 2014, based on a program that originated at Gonzaga University. The JFVP partners the University’s Department of Accounting with local law enforcement and the district attorney’s office in order to provide fraud examination services to smaller organizations in the Milwaukee area that are in need of these services. Fraud investigations are costly. Smaller organizations often cannot afford them and law enforcement generally has limited resources available to provide the necessary in-depth investigation of financial records. The JFVP has accounting students, working under the guidance of a professional forensic examiner mentor, who complete the fraud investigation; thereby gaining valuable experience with an actual fraud examination and providing a valuable service to the community.
Advanced, Low-Cost Ransomware Tools on the Rise Wednesday, April 19, 2017 darkreading.com Malware developers keep making it easier for even the most broke and technically inept bad guys to jump on the ransomware craze with cheap and user-friendly tools that are bound to fuel plenty more computer blackmail attacks in 2017. The latest evidence of the trend comes from a report out today of a new variant offered up by Russian cybercriminals through a software-as-a-service delivery mechanism that costs criminals only $175 to get started.
InterContinental Hotel Chain Breach Expands Wednesday, April 19, 2017 krebsonsecurity.com IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
Florida Men Sentenced in Identity Theft Crimes Against New Yorkers Wednesday, April 19, 2017 wellsvilledaily.com The fraudsters had also repeatedly contacted the Tax Department call center in Albany. Investigators were able to listen to the recordings and crack the fraud scheme. They traced the calls and computer traffic used to create the false OLS accounts to the exact location where Mirville and Jacques were operating. This provided sufficient evidence to support issuance of a search warrant.
This Google Chrome and Firefox Phishing Scam Is ‘Practically Impossible to Spot’ Wednesday, April 19, 2017 fortune.com The attack is a variety of phishing, an age-old con that involves tricking people into trusting a malicious website by directing them to a malicious link or, alternatively, into downloading a booby-trapped computer file. The hackers then steal the victims' passwords or install malware on their computers.
Former Bank Officer Pleads in Identity Theft Case Tuesday, April 18, 2017 ozarkradionews.com The crimes occurred when Smith was a bank loan officer and compliance officer at Community Bank in Summersville. In his guilty plea, Smith admitted taking out loans worth $81,040 between 2015 and June 2016, using bank customers’ names, their bank account information and social security numbers without their permission. He then transferred the money to his personal account and spent it on gambling or personal expenses. He also admitted using his mother’s and brother’s personal information to apply for about $70,000 in loans without their approval in 2010 and 2011 to pay for gambling.
Identity Theft Isn’t Just for the Living Tuesday, April 18, 2017 natlawreview.com With income tax season upon us, we are inundated with warnings from the IRS to take extra caution when filing our individual income tax returns with identity theft on the rise. But identity theft also happens to decedents.
Five Reasons to Worry About the ShadowBrokers Hack Tuesday, April 18, 2017 thehill.com WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential. Since August, the group has been dropping apparent NSA hacking tools, outing NSA operations and possible endangering the public. If you haven’t been paying attention to the ShadowBrokers, here are five reasons to start.
Identity Thief Faces Potential 22-Year Prison Sentence Tuesday, April 18, 2017 darkreading.com A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
How to Stop Those Annoying, Endless Robocalls to Your Smartphone Tuesday, April 18, 2017 9news.com According to the Federal Communications Commission, there are nearly 2.4 billion robocalls made every month. That’s more than 7 calls per person, according to new research from the YouMail Robocall Index. At best, the calls are frustrating. At worst, they’re robbing us blind. So what can we do about it once and for all?
Border Agents Can Legally Search Electronic Devices Tuesday, April 18, 2017 govtech.com While the Fourth Amendment typically protects people around the country from unreasonable searches without warrants, agents along the Canadian and Mexican borders can search all travelers’ belongings, including electronic devices, with or without reasonable suspicion or a warrant.
Identity Theft Suspect Tripped up by Ancestry.Com Tuesday, April 18, 2017 yorkdispatch.com A Texas man on the run for more than two decades after escaping from a prison halfway house stayed under the radar by stealing and assuming a dead baby's identity, according to federal court documents...Vincent's scheme unraveled when an aunt of the real Nathan Laskoski added the dead boy's name to the family's lineage at Ancestry.com and discovered someone with the same name had already been entered on the genealogy website, linked to several marriages and homes in multiple states, according to documents.
Georgia Voters’ Personal Data at Risk in Cobb Theft Tuesday, April 18, 2017 ajc.com State officials are investigating the theft last week of equipment from a Cobb County precinct manager’s car that could make every Georgia voters’ personal information vulnerable to theft. The equipment, used to check-in voters at the polls, was stolen Saturday evening, Secretary of State Brian Kemp said Monday. Cobb County elections director Janine Eveler said the stolen machine, known as an ExpressPoll unit, cannot be used to fraudulently vote in Tuesday’s election but that it does contain a copy of Georgia’s statewide voter file. “We have managed that so that what’s stolen could not impact the election,” Eveler said. While the file includes drivers’ license numbers, addresses and other data, it does not include Social Security numbers, Eveler said.
Cybercrime—From Inside an Ohio Prison Tuesday, April 18, 2017 networkworld.com According to local news reports that blew up over the internet last week, at least five prisoners built a pair of working PC out of parts scavenged from e-waste as part of a program designed to teach computer skills by having inmates break down end-of-life computers and recycle the parts. The inmates smuggled the PCs to a training room, hid them in the ceiling and then ran wiring to connect to the prison network...they attempted to use the machines for a number of cybercrimes, including identity theft of another inmate serving a long sentence, applying for multiple credit and debit cards in his name. One of the inmates even used the computers to send text messages to his mother, telling her where to go pick up the fraudulently obtained cards.
SWIFT Warns on Vendor Security After Documents Leaked by Hackers Tuesday, April 18, 2017 reuters.com SWIFT, the global bank messaging system, on Monday advised clients to pay close attention to security when selecting firms to help them access the network following the release of data that suggested the U.S. government sought to spy on their clients...A hacking group calling itself the Shadow Brokers on Friday released files that cyber security experts said suggest the U.S. National Security Agency sought to monitor messaging traffic by hacking into the networks of two firms in the Middle East and Latin America known as service bureaus, which help SWIFT clients access SWIFT.
Microsoft Addresses Shadow Brokers Exploits Tuesday, April 18, 2017 us-cert.gov The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.
Cuban National Pleads Guilty in Tax Scam That Used Stolen UPMC IDs Tuesday, April 18, 2017 post-gazette.com Assistant U.S. Attorney Greg Melucci said today that Llanes was part of a network of conspirators who took advantage of tens of thousands of UPMC W-2 forms that hackers stole and sold on the darknet, an encrypted web marketplace for cyber criminals.
Two-Thirds of Seniors Are Scam Victims Tuesday, April 18, 2017 thefranklinnewspost.com A new survey by Home Instead, Inc. found that two-thirds (67 percent) of U.S. seniors have been the victim or target of at least one common online scam or hack. In addition, more than a third (38 percent) report that someone has tried to scam them online, and 28 percent of surveyed seniors have mistakenly downloaded a computer virus.
Nigerian Wanted by FBI for $5 Million Email Scam Tuesday, April 18, 2017 africanews.com 32-year-old Kelechi Declan James, suspected to be in New York City, is alleged to have run a business e-mail compromise scheme that resulted in victims losing more than $5 million. “As part of the scheme, James and his co-conspirators defrauded victims across the U.S. by tricking them into wiring money to bank accounts the victims believed were owned by family members, friends, or business associates,” the FBI said in a statement last week.
Health Savings Account Fraud: The Rapidly Growing Threat Monday, April 17, 2017 darkreading.com While information security and anti-fraud teams remain on high-alert for potential indicators of income tax fraud, given the rapidly approaching April 18th filing deadline, a lesser-known yet serious threat with ties to both income tax fraud and 2016’s healthcare breaches continues to emerge: health savings account fraud.
Shoney’s Hit by Apparent Credit Card Breach Monday, April 17, 2017 krebsonsecurity.com Multiple sources in the financial industry say they’ve traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney’s, a 70-year-old restaurant chain that operates primarily in the southern United States.
EFF Releases Spying on Students Ed Tech Report Monday, April 17, 2017 eff.org "They are collecting and storing data to be used against my child in the future, creating a profile before he can intellectually understand the consequences of his searches and digital behavior." This was the response of one parent to an online survey EFF conducted to learn more about the use of mobile devices and cloud services in K-12 classrooms across the country—so called education technology or “ed tech.” Today, EFF released a report entitled “Spying on Students: School-Issued Devices and Student Privacy” that summarizes the results of this survey.
Virus Knocks Erie County Medical Center Offline for Days Monday, April 17, 2017 healthcareitnews.com The entire computer system of Buffalo-based Erie County Medical Center and its Long-Term Care at Terrace View facility was shut down early April 9, after a virus was detected on the system. While it was primarily the email system hit with a virus, ECMC took the whole system offline to prevent spreading the virus, officials said in a statement. As of Thursday morning, parts of the computer system were still offline. Hospital officials wouldn’t comment if the virus was ransomware.
9 Ways to Protect Your Aging Parent From Identity Theft Monday, April 17, 2017 forbes.com When Peter’s father became too infirm to live independently, Peter took on the job of moving him into an assisted living facility. Using his power of attorney, Peter then began to dig into his father’s financial records. What he found shocked him. His father had become an unsuspecting victim of identity theft.
How to Spot a Skimmer and Avoid Identity Theft Monday, April 17, 2017 abc13.com Skimming devices are used by criminals to secretly capture credit and debit card data from unsuspecting users. Once the credit/ debit data is captured, the data is downloaded and then used for fraudulent transactions. The data can be sold, immediately used for online purchases or re-encoding and creation of counterfeit credit/debit cards.
Westminster College Reports Employee Data Breach Monday, April 17, 2017 columbiatribune.com The breach of employee information was discovered March 26, according to a statement from Lana Poole, vice president and chief communications officer at Westminster. Poole said the breach was the result of a phishing scam and was reported to law enforcement authorities.
Fifth Person Pleads Guilty in $5 Million ID Theft Case Thursday, April 13, 2017 darkreading.com A Russian national has been arrested in connection with a payment card fraud scheme between 2014 and 2016 that led to $5 million in losses to businesses including an airline and two healthcare administrators. The fifth person to be arrested in the case, Irina Fedoseeva, was allegedly responsible for cheating victims out of $225,000 through illegal use of their payment cards, the US Department of Justice said.
Police Stumble Onto Apparent Major Fraud Ring During Traffic Stop Thursday, April 13, 2017 onlineathens.com A man last week may have inadvertently led authorities to uncover a major fraud ring in which manufactured fraudulent credit cards were used to illegally purchase thousands of dollars’ worth of merchandise and services in at least two states.
Norton Schools Computer System Hacked Thursday, April 13, 2017 thesunchronicle.com The school department is seeking an emergency transfer of $43,000 to upgrade its computer security after its system was hacked last month, causing files to freeze, Superintendent Joseph Baeta said Wednesday. Baeta said the hack happened on March 15 when someone opened an email that contained “ransomware.” The hackers sought to get the school department to pay a ransom for it to unlock the files, he said.
Internet Privacy Fight Enters New Phase Thursday, April 13, 2017 thehill.com The fight over internet privacy is entering a new stage. The Republican chairman of the Federal Communications Commission is moving to roll back his agency's net neutrality rules, a plan critics warn could deal another blow to online privacy protections. It comes on the heels of Republicans repealing Obama-era rules that would have required internet service providers to get customer consent before sharing their data, putting digital privacy back in the national spotlight. Both sides are quickly gearing up for the next fight.
Detecting Insider Threats Is Easier Than You Think Thursday, April 13, 2017 cio.com The biggest factor to deter insider risks is to give ongoing security awareness training to all employees, said Scottie Cole, network and security administrator at AppRiver. “This trains employees on what is expected of them and provides them the signs to identify a risk. Insider risk teams should also have ongoing assessments and auditing of company assets can help identify risks that would otherwise be ignored.”
SWIFT Codes Targeted in Union Bank of India Cyberattack Wednesday, April 12, 2017 scmagazine.com Hackers launched an attack against the Union Bank of India that was very similar to the Bangladesh bank heist that resulted in the theft of $81 million last year. The attack against the Union Bank started in July 2016 when scammers sent an email containing a malicious attachment to an employee at the Union Bank of India, Reuters reported citing the Wall Street Journal. The employee opened the email, which initiated malware that stole Union Bank's Society for Worldwide Interbank Financial Telecommunication (SWIFT) codes that are necessary to transfer funds. The hackers then used the codes to send instructions to transfer $170 million to a Union Bank account at Citigroup Inc in New York however, Union Bank was able to spot the fraud and block the transfer.
Budget Woes Hinder US Cybersecurity Buildup Wednesday, April 12, 2017 thehill.com Experts and officials are warning of the negative effects that another stopgap funding bill would have on cybersecurity as Congress finds itself embroiled in another budget showdown.
Tax Season Surprise: W-2 Fraud Wednesday, April 12, 2017 darkreading.com What was once a scam known for exclusively targeting the corporate world has expanded to other sectors, including school districts, tribal organizations, and nonprofits. W-2 fraudsters show no prejudice — regardless of geographic location, industry, and organization size, we're seeing employees across the spectrum fall victim.
Phishing with a Light Touch: Advances in Social Engineering Wednesday, April 12, 2017 scmagazine.com At the heart of every phish that lands in users' inboxes is a social engineering job -- an attempt to con gullible users into believing claims that are contrary to reality and then persuade them to take dangerous actions based on their belief in a lie.
How the FBI Took Down Russia’s Spam King—and His Massive Botnet Wednesday, April 12, 2017 wired.com One of the world’s most notorious spammers appears to have been tripped up by a basic cybersecurity no-no, according to the FBI: He used the same log-in credentials to both run his criminal enterprise and also log into sites like iTunes.
Ransomware Attack on Texas Pediatric Provider Exposes Data of 55,000 Patients Wednesday, April 12, 2017 healthcareitnews.com A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers.
Hundreds of W-2s Stolen From City of San Marcos Wednesday, April 12, 2017 statesman.com Confidential information of more than 800 current and former city of San Marcos employees has been compromised after one employee fell for a phishing scam.
Amazon’s Third-Party Sellers Hit by Hackers Monday, April 10, 2017 wsj.com In recent weeks, attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each, according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven’t used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash, those people say.
Alleged Spam King Pyotr Levashov Arrested Monday, April 10, 2017 krebsonsecurity.com Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins...Levashov is currently listed as #7 in the the world’s Top 10 Worst Spammers list maintained by anti-spam group Spamhaus. The U.S. Justice Department maintains that Severa was the Russian partner of Alan Ralsky, a convicted American spammer who specialized in “pump-and-dump” spam schemes designed to artificially inflate the value of penny stocks.
Symantec Attributes 40 Cyber Attacks to CIA-Linked Hacking Tools Monday, April 10, 2017 reuters.com Past cyber attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by the Web publisher Wikileaks, the security researcher Symantec Corp (SYMC.O) said on Monday. That means the attacks were likely conducted by the U.S. Central Intelligence Agency. The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.
Spain Arrests Russian Thought to Be Kingpin of Computer Spam Monday, April 10, 2017 nytimes.com The initial reports in Russian news media of Mr. Levashov’s arrest did not say if he was suspected by United States intelligence agencies of being involved in attempts by Russian government hackers to meddle in the 2016 American presidential election. The American intelligence agencies have said Russian hackers broke into the servers of the Democratic National Committee and the email of Hillary Clinton’s campaign chairman and released documents in an effort to sway the election toward Donald J. Trump. But computer researchers who have linked the long-running computer spam business of the man known as Peter Severa to malware used in 2012 to influence a domestic election in Russia say his arrest could give other investigations important information.
Hacking Attack Woke Up Dallas With Emergency Sirens, Officials Say Monday, April 10, 2017 nytimes.com Officials in Dallas said the city’s warning system was hacked late on Friday night, disrupting the city when all 156 of its emergency sirens sounded into the early hours of Saturday morning. The alarms, which started going off around 11:40 p.m. Friday and lasted until 1:20 a.m. Saturday, created a sense of fear and confusion, jarring residents awake and flooding 911 with thousands of calls, officials said.
Teaching Hospitals at Greater Data Breach Risk Monday, April 10, 2017 darkreading.com Research on data breaches at hospitals has revealed that those with major teaching facilities and more beds were at greater breach risk, says a Johns Hopkins University report.
Former Allegro Worker Accused of Inserting ‘Time Bomb’ in Company Network Monday, April 10, 2017 telegram.com On January 31, 2016, Mr. Patel allegedly trespassed onto the grounds of Allegro to come within the wireless network’s range. Once in range, and using the secondary notebook from Allegro, Mr. Patel allegedly used the password for another employee of Allegro, to gain access to the company’s network. He then allegedly used a system administrator logon and password to upload and insert the malicious Oracle programming code to Allegro’s finance module.
Wells Fargo to Claw Back $75 Million From Former Executives Monday, April 10, 2017 nytimes.com In a scathing, 113-page report that made it clear that all the warning signs of the problem had been glaring, the board released the results of its six-month investigation into the conditions and culture that prompted thousands of Wells Fargo employees to create fraudulent accounts in an effort to meet aggressive sales goals.
Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers Friday, April 07, 2017 chronicle.com Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa, according to the IRS commissioner, John Koskinen, who testified on Thursday before the Senate Finance Committee.
Cybercriminals Seized Control of Brazilian Bank for 5 Hours Friday, April 07, 2017 darkreading.com Cybercriminals for five hours one day last fall took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an intricate attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure.
Mac Malware Grew 744% in 2016, Says McAfee Report Friday, April 07, 2017 9to5mac.com The latest McAfee Threat Report shows that macOS malware grew by 744% in 2016, with around 460,000 instances detected. Behind the headline number, though, are a couple of reassuring facts.
Scottrade Bank Data Breach Exposes 20,000 Customer Records Friday, April 07, 2017 csoonline.com Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc., recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to the public.
Dems Ask Treasury Chief for Cyber Briefing Friday, April 07, 2017 thehill.com Democratic lawmakers are requesting a briefing on the Treasury Department’s cybersecurity efforts, expressing alarm over nation-state cyberattacks targeting the financial sector. Reps. Robin Kelly (D-Ill.) and Jim Himes (D-Conn.) wrote to Treasury Secretary Steve Mnuchin on Thursday warning of the “rapid spread of cyber-attacks on the American banking and financial services industries by foreign actors.” They singled out North Korea, expressing concern that Pyongyang could use cyberattacks on banks and financial services institutions to fund its missile and nuclear programs.
Scammers Phishing for Financial Credentials on Twitter Friday, April 07, 2017 csoonline.com Scammers are using Twitter as a vehicle to target people looking for customer support or asking general questions. They interject themselves into legitimate discussions, offering friendly chatter and a link that directs the target to a Phishing page designed to harvest credentials. On Twitter, someone – or perhaps a group of people – are following support accounts for large financial institutions and watching their interactions with customers. Depending on the question asked, the scammers will respond to the customer (usually after the official account has) and direct them to take 'additional' measures. Social Engineering is a powerful tool, and given the right construct it can be hard to detect or defend against.
Don't Pay Ransoms. But If You Must, Here's Where to Buy the Bitcoins Tuesday, April 04, 2017 csoonline.com Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy. Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do? First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong. Instead, go to a reputable exchange.
Report: China-Based Cyber Campaign Targeting Managed IT, Cloud Services Tuesday, April 04, 2017 thehill.com A new report suggests a China-based espionage campaign is targeting managed IT service providers and cloud service providers in an attempt to spy on those firms' clients, including diplomatic and political organizations and companies' intellectual property. PriceWaterhouseCoopers and BAE Systems collaborated on the report, detailing a threat nicknamed "Operation Cloud Hopper."
Protecting Your Digital Life in 8 Easy Steps Friday, March 31, 2017 nytimes.com There are more reasons than ever to understand how to protect your personal information. Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer. And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.
Post-FCC Privacy Rules, Should You VPN? Friday, March 31, 2017 krebsonsecurity.com Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they’re looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move.
GAO: Identity Theft Services Study - March 2017 Friday, March 31, 2017 gao.gov GAO was asked to examine issues related to identity theft services and their usefulness. This report examines, among other objectives, (1) the potential benefits and limitations of identity theft services, and (2) factors that affect government and private-sector decision-making about them. GAO reviewed products, studies, laws, regulations, and federal guidance and contracts, and interviewed federal agencies, consumer groups, industry stakeholders, and eight providers selected because they were large market participants.
A Quick Guide to Backing Up Your Critical Data Friday, March 31, 2017 nytimes.com It’s World Backup Day, which is another way of saying it’s a good time to safeguard your digital photos, videos, documents and emails by creating second copies, or backups, of them and storing them somewhere secure.
Warning for Taxpayers: Identity Theft During Tax Season Friday, March 31, 2017 baltimore.cbslocal.com Thousands across Maryland have fallen victim to identity theft. Criminals steal information to file tax returns. State comptroller Peter Franchot says there’s at least 2,000 victims already. It’s that time of the year. While millions nationwide are waiting to find out just how much money they’ll get back, criminals are hacking away, trying to steal identities and cash in on tax returns in Maryland.
Beware This Simple Scam Targeting Job Seekers Thursday, March 30, 2017 inc.com In this fourth version of the "473 Scam," criminals post "help wanted" type ads on various online bulletin boards or physical job boards around a city - advertising jobs that are likely to be attractive with their intended target audience; the ads note, of course, that in order to obtain more information or to apply one should "call for more information."
IBM on the State of Network Security: Abysmal Thursday, March 30, 2017 networkworld.com The state of online security is darn dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years.
White House Extends Obama Executive Order on Cyber Threats Thursday, March 30, 2017 thehill.com "Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," reads the letter.
Avoiding ID Theft: Keeping Your Personal Information Safe Thursday, March 30, 2017 The Costco Connection "If you just took the time to look at your finances you would be able to head off a major problem," says Rob Douglas, a nationally recognized identity theft and information security consultant (identitytheft.info). "It's mind-blowing to me how many people don't do it." Account takeover fraud, card-not-present fraud, new account fraud and W-2 fraud are damaging forms of ID theft, and you should know how they work. We collaborated with Douglas to unpack this topic.
Scammers Scare iPhone Users Into Paying to Unlock Not-Really-Locked Safari Thursday, March 30, 2017 csoonline.com Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken. The flaw, fixed in Monday's iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.
None of Us Are Safe From Getting ‘Owned’ Thursday, March 30, 2017 nytimes.com In the escalating rhetoric of public shaming, being embarrassed online is tantamount to being wiped from the face of the earth. Whenever a late-night host upbraids a public figure in a monologue or a pundit bests another in a Twitter fight, onlookers crowd around to declare the loser DESTROYED! or EVISCERATED! or ETHERED! or ANNIHILATED! But alongside these symbols of destruction has risen another, more apt metaphor for the dynamics of the modern media power play. In this one, the defeated party wasn’t killed, but possessed: They got OWNED.
Senators Move to Bolster Cyber Resources for Small Businesses Thursday, March 30, 2017 thehill.com Five senators introduced legislation on Wednesday that would direct the National Institute of Standards and Technology (NIST) to consider small businesses when updating its cybersecurity framework and offer consistent resources for small businesses that decide to use the framework.
New Berlin Man Charged With Identity Theft, Accused of Luring Young Girls Online Thursday, March 30, 2017 tmj4.com Forty-four-year-old Craig Miller is charged with 18 counts including identity theft, and is accused of stealing a teenage boys photos to sexually exploit underage girls on the internet. Police said one of the teens he lured attempted suicide over the ordeal, prompting police to look into the case. Police identified photos of underage victims who live in Indiana, Colorado, Kentucky and Fond du Lac, Wisconsin.
3 Charged in $40K Identity Theft Scheme Thursday, March 30, 2017 pennlive.com The suspects are accused of using a Connecticut man's identity to open bank accounts and take out $40,000 in loans with an S&T Bank in Cambria County between Wednesday and Tuesday. After opening the accounts, state police in Ebensburg said the men applied for loans with the bank. After the loans were approved, the suspects received a check for $40,000, according to police.
If You Want to Stop Big Data Breaches, Start With Databases Thursday, March 30, 2017 wired.com Over the past few years, large-scale data breaches have become so common that even tens of millions of records leaking feels unremarkable. One frequent culprit that gets buried beneath the headlines? Poorly secured databases that connect directly to the internet.
FBI Warns of Attacks on Anonymous FTP Servers Wednesday, March 29, 2017 networkworld.com The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information. While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade. The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.
Millions of Stolen U.S. University Email Credentials for Sale on the Dark Web Wednesday, March 29, 2017 darkreading.com Stolen email addresses and passwords from the largest US universities are offered for sale on the Dark Web at anywhere from $3.50 to $10 apiece. But that's only a snapshot of a lucrative underground market for pilfered – and even spoofed and phony - student, faculty, staff, and alumni email credentials, according to new research published today by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities.
Beware of Evolving Income Tax Scams Wednesday, March 29, 2017 usatoday.com Income tax identity theft continues to be a big problem for the IRS and the individual victims of this crime. It happens when a criminal who has managed to steal someone’s Social Security number files an income tax return on behalf of that person using a counterfeit W-2 and then tricks the IRS into sending a fraudulent refund to the income tax identity thief.
The House Voted to Wipe Out the FCC’s Landmark Internet Privacy Protections Wednesday, March 29, 2017 washingtonpost.com House Republicans voted overwhelmingly Tuesday, by a margin of 215-205, to repeal a set of landmark privacy protections for Web users, issuing a sweeping rebuke of Internet policies enacted under the Obama administration. It also marks a sharp, partisan pivot toward letting Internet providers collect and sell their customers' Web browsing history, location information, health data and other personal details. The measure, which was approved by a 50-48 margin in the Senate last week, now heads to the White House, where President Trump is expected to sign it.
VPNs Won’t Save You from Congress’ Internet Privacy Giveaway Wednesday, March 29, 2017 wired.com You’ll need to take your online privacy into your own hands. Several technical workarounds—especially virtual private networks, or VPNs—will return some semblance of control to you, the internet user. But even these solutions are far from perfect. When it comes to privacy, tech can help. But it doesn’t take the place of having the law on your side.
Woman Charged With Identity Theft Wednesday, March 29, 2017 wiscnews.com An Illinois woman is facing criminal charges in Sauk County for allegedly purchasing stolen credit card information online and having it transferred to fake cards that she used.
One of the Most Dangerous Forms of Ransomware Has Just Evolved to Be Harder to Spot Wednesday, March 29, 2017 zdnet.com Identified by Trend Micro, the new Cerber variant is - like most ransomware - delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox controlled by the attackers which downloads and self-extracts the Cerber payload.
Cyber Criminals Targeting Healthcare Orgs’ FTP Servers Wednesday, March 29, 2017 helpnetsecurity.com FBI’s Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes.
Apple Attributes Alleged iCloud Hack to Password Reuse Wednesday, March 29, 2017 esecurityplanet.com An unnamed person who's seen the data held by the hackers told Fortune that many of the email addresses and passwords match data from the LinkedIn breach that was disclosed last year.
Significant Data Breach Impacts Job Applicants in 10 States Tuesday, March 28, 2017 govtech.com According to an America's JobLink Alliance press release, millions of job-seekers in at least 10 states may have had their sensitive information accessed by hackers. The incident allowed unauthorized access to the names, Social Security numbers, and dates of birth of persons in their database. The access occurred between Feb. 23 and March 14, 2017.
Why It's a Good Idea to Clear Your Browser History and Cookies Tuesday, March 28, 2017 grahamcluley.com You've probably heard someone at one point tell you to delete your cookies/browsing history and/or clear your cache when you were experiencing technical issues online. In this article, I will discuss why users might consider deleting and clearing these elements at least periodically (if not regularly).
Ignore That Call From “Apple” About an iCloud Breach Tuesday, March 28, 2017 csoonline.com Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.
Data Breach May Put Daytona State College Students' Personal Info at Risk Tuesday, March 28, 2017 wftv.com Daytona State College students who applied for financial aid might find themselves in a financial mess. The school said a data breach involving financial aid forms means thieves could have personal information needed to steal students' identities. It marks the second security breach involving the school.
Cheney: Russian Election Interference Could Be ‘Act of War’ Tuesday, March 28, 2017 thehill.com Former Vice President Dick Cheney said Monday that Russia’s attempts to interfere in the 2016 presidential election could be considered an “act of war” against the U.S...Still, experts have cautioned against making such accusations. The U.S. government does not currently have a definition of what actions in cyberspace would necessitate a military response.
Passwords: Workers Say They Will Hand Them Over for Next to Nothing Tuesday, March 28, 2017 zdnet.com According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who'd sell their credentials to an outsider, nearly half would do it for less.
Email Scam Promises Millions From American Soldier in Syria Tuesday, March 28, 2017 fox17online.com One email currently making the rounds is from someone claiming to be a soldier from Alabama who's currently stationed in Syria fighting the war on terror. The soldier says he found a box with $14.6 million in it. He offers you a cut of the money if you open a bank account to help him secure and deposit the funds.
Bitcoin Rise Fuels Social Media Scams Monday, March 27, 2017 csoonline.com The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media. Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
Cybercriminals Exploit March Madness Frenzy Monday, March 27, 2017 darkreading.com The last 15 days of the annual NCAA basketball tournament has seen heightened malicious activity involving phishing pages, adware downloads and mishandling of user data.
Alleged vDOS Owners Poised to Stand Trial Monday, March 27, 2017 krebsonsecurity.com Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline...The police are preparing to recommend prosecutors charge the men with computer fraud and extortion, alleging they caused more than six million shekels worth of damage (approximately USD $1.65 million).
Identity Theft Victim Sues Albuquerque Police Department Monday, March 27, 2017 abqjournal.com An investigation into a fraudulent check led Albuquerque police to arrest the victim of identity theft, even though the perpetrator who used his ID to cash the check looked dramatically different, according to a lawsuit filed this month.
New Scam Tricks Victims out of Thousands of Dollars Using Old Con Monday, March 27, 2017 wreg.com It’s a new twist on an old scam designed to steal thousands of dollars from unsuspecting consumers nationwide. It used to be called the Secret Shopper scam. The new version goes by the name Secret Surveyor, but the con is the same.
Mass. State Police Warn of Phone Scam Seeking Money to Clear Warrants Monday, March 27, 2017 turnto10.com Massachusetts State Police say they've received numerous complaints about calls that appear to come from a phone number for the department's South Boston barracks. The caller is identified as an officer and then instructs victims to meet at local shopping centers to provide money to clear up police warrants.
Push for Internet Privacy Rules Moves to Statehouses Monday, March 27, 2017 nytimes.com As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights.
Inside the Hunt for Russia’s Most Notorious Hacker Saturday, March 25, 2017 wired.com America's war with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
T-Mobile is Rolling Out Scam Warnings on Incoming Calls Friday, March 24, 2017 theverge.com The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
Congress Moves to Strike Internet Privacy Rules From Obama Era Friday, March 24, 2017 nytimes.com Republican senators moved Thursday to dismantle landmark internet privacy protections for consumers in the first decisive strike against telecommunications and technology regulations created during the Obama administration, and a harbinger of further deregulation.
Judge OKs Subway’s Record $31M FACTA Settlement Friday, March 24, 2017 law360.com A Florida federal judge has signed off on the largest settlement in the history of the Fair and Accurate Credit Transactions Act, a nearly $31 million deal between Subway and a class of consumers alleging the sandwich chain unlawfully printed full credit card expiration dates on receipts...FACTA regulations require retailers to omit card expiration dates on receipts, as emphasized in the Credit and Debit Card Clarification Act.
Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already Friday, March 24, 2017 news.softpedia.com A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.
Instagram Has Two-Factor Authentication Now, So Turn It On Friday, March 24, 2017 wired.com Because you care greatly about your personal security hygiene, you’ve already enlisted two-factor authentication to help protect most of your online accounts. That’s good! Instagram, though, hasn’t given you the option. That changes today. Go get it.
Yahoo Breach Lessons IT Can't Ignore Friday, March 24, 2017 infoworld.com The indictment against the attackers behind the Yahoo breach illustrates just how vulnerable corporate networks are when thieves get their hands on employees' personal information.
Aviation Phishing Scams Friday, March 24, 2017 us-cert.gov US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.
Beware of Crooks Trying to Steal Your Cryptocurrency With These Schemes Friday, March 24, 2017 zdnet.com Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency has become invaluable to cybercriminals who exploit its anonymous, decentralised nature as a tool for demanding ransomware payments and laundering various other ill-gotten gains. This month social media Bitcoin scams have reached a new high, with over 125 million malicious links across Twitter, Facebook, and Instagram designed to attack victims and extort Bitcoin.
How Many Dossiers Do Corporations Have on You? at Least 78 — That You Can See Friday, March 24, 2017 bobsullivan.net Most folks don’t know there are dozens of other credit reports maintained by a handful of low-profile companies. These track everything from your check-writing habits to your health insurance claims. Mistakes on these other credit reports can be just as financially painful. Consumers have the right to see what’s in these reports too, but that right is useless to consumers who’ve never heard of the companies involved. That’s why American consumers should know a lot more about what are called “specialty credit reports” in the industry.
PBSO Deputy Pleads Guilty to Fraud Charges in Identity Theft Scam Friday, March 24, 2017 palmbeachpost.com A Palm Beach County sheriff’s deputy, who in December was named officer of the year for the Delray district, on Thursday pleaded guilty to federal fraud charges, admitting he used his access to law enforcement databases to propel an identity theft scheme.
New Details on Massive Vermont Data Breach Friday, March 24, 2017 wcax.com Gov. Phil Scott says state leaders initially thought hackers only had the opportunity to snatch one year's worth of account data. Turns out the culprits could have their hands on 14 years' worth. "This is appalling and I know this will be incredibly burdensome to the tens of thousands of Vermonters who are impacted," said Scott, R-Vermont. The governor says he's disappointed by how long it took the third-party contractor that runs the site to notify them of the breach and its possible extent.
Maine Job Match Service Hit With Data Breach Friday, March 24, 2017 mainebiz.biz The vendor of a web-based job link service used by Maine and at least nine other states reported Tuesday it had been the victim of a malicious data breach. A release posted on the MDOL's website reported that America's JobLink, a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from a "malicious third party 'hacker.'" The hacker exploited a "vulnerability in the AJL application code to view the names, Social Security numbers and dates of birth of job seekers in the AJL systems of up to 10 states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont," according to the release.
FCC Cracks Down on Annoying Robocalls Friday, March 24, 2017 nbcnews.com You might get interrupted a little less during dinner by annoying "robocalls" thanks to a new FCC proposal that passed today. "Robocall" telemarketers use machines armed with a list of phone numbers and pre-recorded pitch messages. Basically they spam you over your home telephone lines. One way the groups making the calls avoid detection and get around consumer call blockers is to disguise their where they're calling from using "spoofed" phone numbers.
Grayson County Public Schools Catches W-2 Phishing Scam Email Thursday, March 23, 2017 wdbj7.com A popular scam that happens around tax time has returned, but this time it's targeting schools, but one local division caught it immediately. The district's Human Resources Director Janice Linker received an email Tuesday from, what appeared to be, Superintendent Kelly Wilmore. It asked her to send a list of all employee W-2s in PDF form. But the division was already on high alert for this scam.
Idaho Department of Labor Hacked, Possible Identity Theft of 170,000 Job-Seekers Thursday, March 23, 2017 idahostatesman.com The Idaho Department of Labor reported Wednesday that about 170,000 of the state’s 530,000 job-seeker accounts – active and historical – were compromised by a hacking incident on March 12 and March 13...The account information that may have been viewed includes customers’ name, Social Security number and date of birth.
Charles Man Sentenced to Prison for Identity Theft Thursday, March 23, 2017 thebaynet.com A search of the vehicle, which was the same one used by Lee and Williamson to travel to the department stores in August, revealed gift cards, sales receipts, clothing and other merchandise, a laptop computer portable Wi-Fi device, as well as items used to create gift and credit cards encoded with stolen account information, including an embosser and electronic encoder.
Med Center Health Reports Stolen Patient Billing Information Thursday, March 23, 2017 wbko.com The information included name, address, Social Security number, health insurance information, diagnosis and procedure codes, and charges for medical service. However, the information obtained did not include patient medical records.
Urology Austin Was Victim of Ransomware Attack Thursday, March 23, 2017 oag.ca.gov Personal information may have been impacted by the ransomware, including name, address, date of birth, Social Security number, and medical information.
Health Care Facility Hacked by Ex-Employee Using 2-Year-Old Credentials Thursday, March 23, 2017 washingtontimes.com The former systems administrator of a Pennsylvania health care facility was charged with criminal hacking Monday after prosecutors said he wreaked havoc using administrative credentials that went unchanged more than two years after he resigned...Mr. Coughlin, the former computer technician of an unnamed health care facility, is accused of purging records from his old job’s databases and purchasing nearly $5,000 worth of iPads on the company’s dime after he was asked to resign from the gig in February 2013 following three weeks of employment.
Woman Loses More Than $700,000 in Online-Dating Site Scam Thursday, March 23, 2017 clickondetroit.com A Troy woman was scammed out of more than $700,000 when she believed the lies of someone posting a fake profile on a dating website...police said the 58-year-old grandmother was that trusting, and perhaps lonely. She was looking for companionship on the singles dating site Match.com. A man who called himself Donny Koch met her on the site and said he was from London. He said he worked on an oil rig and needed money, so she started sending thousands of dollars. The man then told her he was caught with all the cash she sent him and was jailed. He said he needed money for bail, so she sent more and more money. "She has given him approximately $703,000," said Troy police Captain Robert Redmond.
Grandmother Loses More Than $17,000 in Scam Thursday, March 23, 2017 kwch.com Saline County Sheriff Roger Soldan says a man identifying himself as Sgt. Bradshaw with the U.S. Embassy in the Dominican Republic told the woman over the phone Monday that her grandson had been arrested in the country for possessing marijuana. The man than convinced the Saline County woman that she needed to spend $17,720 for her grandson's freedom and to cover court fees and his transport out of the country.
6 N.J. Men Charged With Running Telemarketing Scam Targeting Seniors Thursday, March 23, 2017 nj.com Six New Jersey residents scammed senior citizens out of hundreds of thousands of dollars by running phony telemarketing investment scams, authorities said. The men established seven companies and successfully convinced more than 30 people to invest money...A representative from each of the companies called potential marks and advised them they could make money through marketing websites that would be set up on their behalf, according to court papers. The victims, many of whom didn't know how to use a computer, were told they had to do nothing more than send a check or provide a credit card number. The majority of the victims are more than 70 years old.
Lithuanian Con Artist Scams Two US Tech Giants out of $100 Million Wednesday, March 22, 2017 zdnet.com A man from Lithuania has been arrested after he conned two large technology firms out of $100 million in an elaborate phishing scheme. The US Department of Justice (DoJ) said on Tuesday that Evaldas Rimasauskas orchestrated a phishing scheme which targeted US technology giants specifically, and he was able to swindle $100 million by pretending to be a legitimate business partner of at least one of the victims.
Scammers Are Not “Friends” to Small Business Owners Wednesday, March 22, 2017 ftc.gov Lately we’ve been hearing about scammers who reach out to small businesses through Facebook messages. People have reported receiving messages on Facebook telling them that they’re eligible for – or that they’ve won – a business grant. If you get a message like this through your personal Facebook account or on your company’s page, don’t respond. It’s a scam. The government won’t contact you on social media to offer you money.
Study: 67% of Taxpayers Worry About Tax Fraud, Identity Theft Wednesday, March 22, 2017 hartfordbusiness.com Sixty-seven percent of U.S. taxpayers are concerned about tax fraud and identity theft this year, according to a study released Wednesday by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
Hialeah Police Officer Accused of Identity Theft Wednesday, March 22, 2017 patch.com The indictment alleges that Castellon used his law enforcement access to DAVID to log into the system, conduct searches and take screen shots of other personal identifying information between June 1, 2016, and Oct. 19, 2016, officials said. Castellon allegedly sent more than 25 screen shots to codefendant Neilin Gonzalez Diaz in exchange for gifts.
NY Attorney General: Record Number of Data Breach Notices Sent in 2016 Wednesday, March 22, 2017 news10.com The New York Attorney General’s Office announced it received a record number of data breach notices in 2016. The office says it received 1,300 reported data breaches, that’s a 60 percent increase from the year before. The breaches exposed personal records of 1.6 million New Yorkers.
IRS Issues New Tax Scam Warnings, FSA Tool Suspended Due to Security Concerns Wednesday, March 22, 2017 csoonline.com The Internal Revenue Service (IRS) has issued a new warning to businesses, taxpayers, and tax prep professionals about Phishing scams targeting the sensitive information they work with on a daily basis. Soon after, the IRS and the US Department of Education suspended a tool that helps people obtain financial aid for college.
Walton School District Falls Victim to Scam Wednesday, March 22, 2017 wjhg.com "Well we were victims of basically a very elaborate phishing scheme," said Walton School District Superintendent A. Russell Hughes. "We received an email from an unknown person that was impersonating the superintendent," said Chief Information Officer, Henry Martin. Hughes said a scammer sent a series of emails pretending to be him to various employees asking for personal information. "One of my employees basically contacted me and said "Mr. Hughes, did you get the information request?" and I said I didn't request information and immediately they kicked into "oh my goodness, something has happened," Hughes explained.
Phishing Your Employees for Schooling & Security Wednesday, March 22, 2017 darkreading.com Imagine this fictional scenario: A student, hoping to become a surgeon, attends hours of medical courses. She never misses a class, always listens, and takes copious notes. Finally, after receiving the years of training necessary, the student receives her medical degree having never taken a test. Would you let this surgeon operate on you? I sure hope not! Testing is a crucial part of any form of education, for both teachers and students. That's why I believe your phishing education program isn't complete until you phish your own company's tank.
Data Breach May Involve Hundreds of UNC Health Prenatal Patients Tuesday, March 21, 2017 wral.com UNC Health Care said Monday it has begun notifying patients of a potential breach where personal data provided by prenatal patients at two obstetric clinics were mistakenly transmitted to local county health departments. The breach affects up to 1,300 patients who are believed to have completed Pregnancy Home Risk Screening Forms at their prenatal appointments at the Women’s Clinic at the North Carolina Women’s Hospital and UNC Maternal-Fetal Medicine at Rex Hospital between April 2014 and last month, officials said.
LCC Health Clinic Discovers Data Breach, Private Information Possibly at Risk Tuesday, March 21, 2017 kval.com If you used the Lane Community College Health Clinic between March of 2016 and February of 2017, your private information may be at risk...Staff found a virus on one health clinic computer during a routine check in February. The virus may have shared patient information, including names, dates of birth and social security numbers to a third party.
Teenage Boy Behind Traffic Violation Scam, Police Say Tuesday, March 21, 2017 6abc.com The notice included a photograph of each resident's vehicle along with the property owner's last name and complete mailing address. The notice directed individuals to leave the cash in their mailbox and send a notification e-mail to report the payment was ready for pick-up.
Watch out for These Tax-Themed Phishing and Malware Scams Tuesday, March 21, 2017 zdnet.com Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks. It isn't as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.
Hundreds of Powhatan School Employees Compromised in Data Breach Tuesday, March 21, 2017 wtvr.com The personal information exposed in the breach includes employees Social Security numbers, address, wages and taxes, and gross income. The data breach includes the personal information of 905 employees of Powhatan County Public Schools, a school spokesperson confirmed.
Police Investigate Identity Theft, Discover Skimming Device at Gas Station Tuesday, March 21, 2017 pottsmerc.com During the investigation, police said they located and seized a skimming device that was attached to a card reader on one of the gas pumps. This device was not visible, police said, and could not be immediately detected without accessing the gas pump cabinet.
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them Monday, March 20, 2017 wired.com Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information. According to the the Anti-Phishing Working Group, 100,000 new phishing attacks get reported every month, and thousands of people fall for them. But you are smart. You can increase your chances of avoiding phishing scams if you follow these three steps and, above all, remember that when it comes to your email you can’t really trust anything.
Reports of Potential Data Breach at Saks Fifth Ave Monday, March 20, 2017 nbcmiami.com There are reports of Saks Fifth Avenue inadvertently exposing the personal information of customers online. The breach, which was first reported by Buzzfeed, had the e-mail addresses and phone numbers of shoppers visible on the Saks website.
Neiman Marcus to Pay $1.6 Million in Shopper Data Breach Lawsuit Monday, March 20, 2017 dallasnews.com Neiman Marcus has agreed to pay $1.6 million to settle a data breach class action in Illinois federal court. The three-year-old case stemmed from the December 2013 cyber attack that exposed credit card data of an estimated 350,000 Neiman Marcus shoppers.
District Attorney Launches Criminal Investigation Into St. Charles Data Breach Monday, March 20, 2017 mycentraloregon.com Deschutes County District Attorney John Hummel has launched a criminal investigation into the apparent breach of patient records at St. Charles Health System. “I was dismayed to learn via media reports that apparently a St. Charles employee impermissibly accessed records of thousands of patients,” said Hummel. “An alleged breach of this magnitude should have been reported to local police so that a proper criminal investigation could be conducted – as far as I’m aware this did not happen.”
Energy Grid, Infrastructure Lag Behind in Protection Against Cyber Risk and Crimes Monday, March 20, 2017 thestreet.com The businesses in the energy sector have focused too much of their resources and attention on physical security such as their plants and machinery instead of their technology. These flaws leave companies more susceptible to attacks, said James Lee, executive vice president at Waratek, a Dublin, Ireland-based provider of application security solutions. "To a hacker, the ways you attack a control application is just the same as how you steal information from a retailer or bank," he said. "The difference is a cyberattack against control technology puts lives at risk."
Lawmakers Fear Infiltration of Defense Supply Chain Monday, March 20, 2017 thehill.com Lawmakers are worried about the vulnerabilities of the Defense Department’s supply chain and the risk of adversaries inserting malicious material into Pentagon weapons systems. “For a sophisticated adversary, this complex, multi-tiered supply chain offers numerous targets for attackers to potentially subvert the design, integrity and resilience of key national security assets,” Sen. Gary Peters (D-Mich.), a member of the Senate Armed Services Committee, told The Hill.
One Billion Yahoo Accounts Still for Sale, Despite Hacking Indictments Sunday, March 19, 2017 nytimes.com For sale: one billion Yahoo accounts, $200,000 or best offer. The passwords don’t work, but the dates of birth, telephone numbers and security questions could still be useful to an adept cyberthief. After federal prosecutors unsealed indictments this week against four men they say were responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts, data on one billion accounts — stolen in another attack on the company a year earlier — appeared to remain available on underground hacker forums on Friday.
This New Cyber Scam Has Targeted Thousands Sunday, March 19, 2017 nypost.com Cybercriminals have a new scam that has already taken in 65 companies throughout the state and harvested more than 7,000 employees’ Social Security numbers.
OPM Warns of Scam Targeting Federal Annuitants Sunday, March 19, 2017 federalnewsradio.com “The scammer threatens to end the annuitant’s retirement, threatens that a ‘magistrate’ will criminally prosecute, and demands an immediate payment. This is a government imposter scam — Do not send money,” wrote OPM’s Ken Zawodny, the associate director of Retirement Services, in a blog post. “Any communication of this type is NOT from an OPM official. OPM will not make such calls.”
Ethical Hacking: The Most Important Job No One Talks About Sunday, March 19, 2017 darkreading.com Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.
Experts Divided on Value of Cyber National Guard Sunday, March 19, 2017 csoonline.com This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community. According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.
Reality Star Becomes Victim of Identity Theft Sunday, March 19, 2017 wsbtv.com Police are searching for a suspect who stole the identity of a well-known Atlanta reality star. And now they fear the suspect may have struck again.
Search Warrant Issued for Everyone Who Googled Identity Theft Victim’s Name Sunday, March 19, 2017 consumerist.com Investigators believe the suspect used Google to create the passport and carry out the theft. However, when the Hennepin County Administrative Subpoena was sent to Google requesting subscriber information for anyone who had performed a search of the victim’s name, the company rejected the request.
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam Saturday, March 18, 2017 krebsonsecurity.com On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
IRS Warns of Last-Minute Tax Scams Saturday, March 18, 2017 us-cert.gov The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to firstname.lastname@example.org.
Google Points to Another POS Vendor Breach Friday, March 17, 2017 krebsonsecurity.com For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Hacker Is a Villain to Russia and the United States, for Different Reasons Friday, March 17, 2017 nytimes.com Before United States prosecutors accused him of having orchestrated one of the largest computer thefts, Dmitry A. Dokuchaev’s legal problems were deepening in Russia, where he was once known by the hacker alias Forb and specialized in purloining credit card numbers. Mr. Dokuchaev, a stocky 33-year-old who appears on an F.B.I. “wanted” poster wearing a blue suit and with a mop of sandy hair, is emerging as a central figure in fraught relations between the United States and Russia on cybersecurity issues.
Cascading Effect: One Attack Led to Another at Yahoo Friday, March 17, 2017 businessinsider.com In effect, hackers created a Yahoo skeleton key by fooling the service into thinking they had already signed into particular accounts, even if they didn't know their passwords. Web service providers typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. The hackers used malware and the scrambled passwords in the user database to manufacture fake cookies. To Yahoo, it then appeared that the hacker was the authorized user, who was already logged in without entering a password.
Two-Thirds of Enterprises Use Advanced Tech Without Securing Data: Report Thursday, March 16, 2017 thehill.com The report comes amid high concerns over cyberattacks in the public and private sectors, following massive data breaches at Yahoo and the federal government’s Office of Personnel Management. According to Thales’s research, nearly 90 percent of respondents reported feeling some degree of vulnerability to data threats.
2 Men Arrested, 100 Stolen Credit Reports Recovered Friday, March 17, 2017 koin.com They seized more than 100 stolen credit reports and applications taken from All Car Auto Sales in Gladstone. Detectives learned the files were stored in a bathroom at the car lot.
Unencrypted Drive With 7 Years of Patient Data Stolen From Denton Heart Group Friday, March 17, 2017 healthcareitnews.com The backup files contained a hoard of patient data from 2009 until 2016: names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.
Inside the Russian Hack of Yahoo: How They Did It Thursday, March 16, 2017 csoonline.com One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people...The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.
Personal Data Leak Affects 33 Million US Employees Thursday, March 16, 2017 darkreading.com Security researcher Hunt got the data from a reportedly reliable source, and it is believed that it may have been stolen from the unprotected database of a D&B customer. The information includes personal details such as email addresses and company information. Affected employees include those of the Department of Defense, US Postal Service, AT&T, FedEx, Citigroup and others.
Even Tech-Savvy Gmail Users Are Getting Fooled by This Phishing Scam Friday, March 17, 2017 komando.com This attack is very convincing. Gmail users are receiving emails from people in their contacts list who have already been hacked. The fraudulent email looks even more authentic because the scammer goes through the senders' messages to find a topic that you are probably familiar with.
Wishbone App Data Breach Affects Huge Number of Users Friday, March 17, 2017 slashgear.com According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.
Watch for Fake Tax Preparers Who Steal Your Identity and Run off With Your Cash Thursday, March 16, 2017 nbcnews.com These dishonest businesses "prey on unsuspecting taxpayers with outlandish promises of overly large refunds," the IRS said in a news release. Some also commit identity theft with the sensitive private information clients give them in order to prepare their return. "Choose your tax return preparer carefully because you entrust them with your private financial information that needs to be protected," IRS Commissioner John Koskinen said in a statement.
Justice Department Charging Russian Spies and Criminal Hackers in Yahoo Intrusion Wednesday, March 15, 2017 washingtonpost.com The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials. The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States.
More Than 120,000 Affected by W-2 Phishing Scams This Tax Season Wednesday, March 15, 2017 csoonline.com Tax season doesn't officially end in the United States until April 18. At last count, 110 organizations have reported successful Phishing attacks targeting W-2 records, placing more than 120,000 taxpayers at risk for identity fraud. Many of those working for the victimized firms have had a stressful time dealing with the fallout. Those who have experienced this unique type of crime say it's a nightmare. Some of those affected have had fraudulent returns filed under their name, in addition to issues with educational expenses. In one case, the scammers created flexible spending accounts with their stolen identities.
FTC Recommends Wider Implementation of DMARC to Combat Phishing Attacks Wednesday, March 15, 2017 huntonprivacyblog.com Fewer than 10 percent of the businesses evaluated, however, use Domain Message Authentication Reporting & Conformance (“DMARC”) – an email authentication technology which alerts the business about potential spoofing efforts and instructs ISPs to automatically reject unauthenticated messages that claim to be from the business’s email address. In its report, the FTC recommended “wider implementation” of DMARC, noting that using DMARC to reject unauthenticated messages would help businesses “further combat phishing by keeping these scam emails from ever showing up in consumers’ inboxes.”
Life Insurance Agents Convicted of Wire Fraud, Identity Theft Wednesday, March 15, 2017 mercurynews.com Prosecutors said personal information used to apply for the policies was collected through various means, including paying recruiters to find people to take medical exams and paying people to participate in a fictitious survey of a medical exam company. The trio opened hundreds of bank accounts to fund the premiums on the policies and typically paid the premiums for one to four months before letting the policies lapse, according to prosecutors. They also returned verification calls to the company purporting to be the applicants.
Credit Card Fraud in 130,000 Cases: Organized Crime Group Disrupted in Europe Wednesday, March 15, 2017 europol.europa.eu The Cypriot Police with the support of Europol, the US Secret Service and the Investigative Committee of the Republic of Belarus, have disrupted an organised criminal group that affected more than 130,000 payment card holders from 29 countries. Financial losses, including those for EU citizens, totalled EUR 8 million. Four members of the criminal organisation, including the leader, were identified and arrested during a police raid in Belarus.
Arlington PD Searching for ID Theft Victims After Big Bust Wednesday, March 15, 2017 dfw.cbslocal.com Police say they seized backpacks full of mail and documents and piles of credit cards and IDs — even medical records. But, victims may not know they’ve been compromised...During a traffic stop, police found five backpacks full of mail and documents: 50 credit cards, social security cards, medical records, drugs and a BB gun replica of a semi-automatic pistol.
Two Charged With Identity Theft in Pa. Investigation Wednesday, March 15, 2017 heraldmailmedia.com Chambersburg police have charged two more people with identity theft in connection with an ongoing investigation into Social Security cards used to obtain employment.
Jo's iPhone, Pat's Laptop: Why Giving a Device Your Name Is a Serious Privacy Risk Tuesday, March 14, 2017 zdnet.com Using your first and or last name to designate your phone might seem harmless. But combined with other information, that hostname can reveal a user's identity, where they work, and potentially their social networks. The warning comes in a new informational memo from the Internet Engineering Task Force (IETF), entitled 'Current Hostname Practice Considered Harmful', which homes in on internet protocols that leak device hostnames.
Cincinnati Eye Institute: Possible Data Breach Tuesday, March 14, 2017 wcpo.com Cincinnati Eye Institute has sent a letter to all 500 employees informing them that personal information including Social Security Numbers may have been compromised, and offering them free ID theft protection. The letter explains that "a number of employees" report their tax returns have been rejected by the IRS, because someone already filed taxes this year using their name and Social Security number. The only thing these people have in common, they say, is that they all work at CEI.
Banks Spending Three Times More on Cybersecurity Tuesday, March 14, 2017 itproportal.com Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown...Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
IRS Says Tax Identity Theft on the Downswing Tuesday, March 14, 2017 fox61.com The IRS says identity theft income tax return fraud plummeted in 2016, with a 46 percent drop in the number of victims, to 376,000. In addition, the agency says it also stopped one million fraudulent refunds from being issued last year with savings of almost $6.6 billion.
IRS Guides Taxpayers to Avoid Online Scammers Tuesday, March 14, 2017 darkreading.com The Internal Revenue Service (IRS) has called on taxpayers to be extra vigilant of scammers and guard against identity theft, especially during tax-paying time. To assist taxpayers, the IRS has included online security steps in its sixth release of Tax Time Guide, a series of 10 IRS tax tips.
Boeing Insider Data Breach Serves as Reminder for HR Tuesday, March 14, 2017 shrm.org He couldn't format a spreadsheet. So he sent it to his spouse for help, ultimately causing a breach that could have exposed the personal data of 36,000 Boeing employees in four states, according to a report by The Associated Press. This is a good reminder of why HR needs to ensure employees are trained on proper data security measures.
Couple Lost $5,000 in IRS Scam Tuesday, March 14, 2017 coshoctontribune.com Sheriff's deputies report a Warsaw couple was scammed out of $5,150 last week by a telephone caller who claimed they owed back taxes.
CyberEdge: Ransomware Affected 61% of Organizations Tuesday, March 14, 2017 softpedia.com CyberEdge Group released its latest Cyberthreat Defense Report and, following its surveys, said that a huge number of organizations were affected by ransomware last year. Of those affected, 54% managed to get their data back without paying the ransom, while another 33% chose to pay the ransom to recover their info. Another 13% refused to pay and lost the data as a consequence.
Listen to ‘Tech Support’ Scam Calls That Bilk Millions out of Victims Tuesday, March 14, 2017 wired.com The scam starts with a warning on your computer—a shamelessly fake one, often imitating a blue screen of death or a blinking malware alert. It informs you that your PC suffers from a smorgasboard of security problems, ranging from stolen credit cards to breached family photos to stalkers watching you through your webcam. And it offers a toll-free number for a “Microsoft” support line.
Phone Scam Pretending to Be Publisher's Clearinghouse Steals Thousands Tuesday, March 14, 2017 wpsdlocal6.com The Weakley County, Tennessee, Sheriff's Department says the victim of the scam was told they won a car and millions of dollars from Publisher's Clearinghouse. They were told they needed to pay taxes on the car by wiring it to the scammers via Western Union. Before they sent the money, the victim was convinced not to tell anyone about their supposed winnings as well.
US Military Leak Exposes "Holy Grail" of Security Clearance Files Monday, March 13, 2017 zdnet.com The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance...Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.
Hackers Steal Personal Data of Thousands of Hospital Staff Monday, March 13, 2017 zdnet.com Hackers have stolen information about thousands of NHS medical professionals by compromising the server of a private contractor. Cyberattackers infiltrated a data server operated by IT supplier Landauer, stealing a mix of names, dates of birth, radiation doses, and National Insurance numbers of staff who work with X-Rays.
Husband and Wife Charged With Identity Theft Monday, March 13, 2017 thetimes-tribune.com Ann Marie Comcowich, 47, worked as a “relationship management specialist” for Prudential Insurance Co. in Moosic. She used Social Security numbers and account numbers to funnel $84,161.53 from tax-deferred retirement plans into a bank account she shared with her husband, 52-year-old Kenneth Comcowich, Detective Renee Castellani charged in a complaint.
VCU Reports Breach of Medical Files Monday, March 13, 2017 richmond.com Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes...An investigation found that employees of some community physician groups and an employee of a contracted vendor accessed, without legitimate business reasons, information about services patients received at the VCU Health System. As a result of the incidents, the respective employers terminated those employees.
Phishing: Would You Fall for One of These Scam Emails? Monday, March 13, 2017 zdnet.com In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.
Home Depot Settles Data Breach Claims Friday, March 10, 2017 huntonprivacyblog.com Home Depot reached an agreement that includes the payment of $25 million and the implementation of new data security measures to resolve a class action brought by financial institutions impacted by the company’s 2014 data breach. The breach involved the theft of Home Depot customers’ personal information, including names, payment card numbers, expiration dates and security codes. Approximately 56 million payment card numbers were compromised. This information was sold to identity thieves, who used it to make fraudulent transactions. As a result, financial institutions were required to take steps such as cancelling the compromised cards and reimbursing customers for fraudulent charges.
Phishing Scam Catches NC Symphony Friday, March 10, 2017 newsobserver.com The North Carolina Symphony recently fell prey to an email “Phishing” scam – and it’s going to cost the organization nearly $60,000. According to a report filed with the North Carolina Attorney General’s office, the Feb. 7 leak involved the mistaken release of W-2 tax information for 262 people, including symphony musicians, staff and contract employees.
30 Accused in Queens Credit Card, Identity Theft Ring Friday, March 10, 2017 newyork.cbslocal.com The ring was responsible for stealing personal credit information from hundreds of consumers at a cost of more than $3.5 million in losses to individuals and financial institutions, prosecutors said...Seepersad allegedly accessed the financial records of potential buyers at car dealerships where he worked and gave them to the theft ring for a flat fee, prosecutors said. The theft ring then gave the stolen personal information to an “account activator” who took the information and prepared accounts to be taken over, prosecutors said.
Lawmakers Receive Lukewarm Assessment of Cyber Cooperation Between Feds, Private Sector Thursday, March 09, 2017 thehill.com Legislators received a lukewarm assessment of the federal government’s cooperation with the private sector on cybersecurity at a hearing on Thursday. Industry experts told a congressional panel with oversight of the Department of Homeland Security’s (DHS) cybersecurity and infrastructure protection efforts that the agency needs to share more information more quickly and robustly with private organizations to safeguard the nation against cyber threats.
Fake SEC Emails Target Execs for Inside Information Thursday, March 09, 2017 fortune.com Cyber scammers are using a new trick to get confidential corporate information: They are sending spoofed emails, purporting to be from the Security and Exchange Commission, and aiming them at lawyers, compliance managers, and other company officials who file documents with the SEC...The email attacks in question, known as "spear-phishing" are effective because they are addressed to specific people and appear to be from a legitimate source. In the case of the fake SEC emails, the targets included corporate officials with titles like SEC Reporting Manager and Senior Legal Specialist—the very people, in other words, responsible for securities filings, and who could expect to receive an email from the SEC.
Government Imposters Want to Get to Know You Friday, March 10, 2017 consumer.ftc.gov The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) and the FTC want you to know about a scam in which callers posing as federal employees are trying to get or verify personal information. This is a government imposter scam.
After CIA Leaks, Tech Giants Scramble to Patch Security Flaws Thursday, March 09, 2017 zdnet.com Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA's Center for Cyber Intelligence.
HHS' IT 'Strategic Plan' Spotlights Cybersecurity, Privacy Friday, March 10, 2017 healthcareinfosecurity.com The Department of Health and Human Services' four-year information technology strategic plan includes a risk-based approach focused on improving security and privacy protections of HHS data and systems, more effectively preventing and responding to emerging threats, and beefing up HHS' cybersecurity-related workforce.
Health Industry Plays Catch-Up on Cybersecurity Thursday, March 09, 2017 thehill.com All eyes are on an upcoming report from a Department of Health and Human Services (HHS) task force established under the Obama administration that will detail the industry’s cybersecurity shortfalls. “We have very few specific challenges to healthcare, but a lot of the smaller individual challenges that other sectors face, we have all of them,” Josh Corman, head of the Atlantic Council’s Cyber Statecraft Initiative and a member of the task force, told The Hill.
Internet-Connected 'Smart' Devices Are Dunces About Security Thursday, March 09, 2017 sfgate.com One problem: Many people don't realize they have to secure connected devices with passwords like they do with computers. "People don't think of a TV or a camera as a computer and that's all it is," said Gartner analyst Avivah Litan. If a device comes with a default password, it needs changing the moment you hook it up. Similarly, your Wi-Fi password shouldn't still be the one it came out of the box; it needs a hard-to-guess passphrase to ensure that it can't be easily hacked.
FBI Chief Calls for Private Sector to Help Battle Cybercrime Thursday, March 09, 2017 cio.com In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target's systems.
C.I.A. Scrambles to Contain Damage From WikiLeaks Documents Thursday, March 09, 2017 nytimes.com Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.
CAIF Raises Awareness of Medical Identity Theft Thursday, March 09, 2017 effinghamdailynews.com Coalition Against Insurance Fraud has advised that Identity Theft has spawned a vicious new crime: Medical Identity Theft...These scams include illegal and bogus treatment, the purchases of addictive drugs and the purchase of various medical devices and equipment such as oxygen tanks or wheelchairs. Additionally, the victims correct health history can be compromised by the actual scammer's medical file and treatments.
Madigan Finds Debt and Identity Theft to Be Reoccurring Complaints Thursday, March 09, 2017 chicago.cbslocal.com Consumer debt and identity theft continue to be the top sources of complaints to the Illinois attorney general...Madigan said the fact that her office has gotten these same complaints nine years in a row shows how some of the scams change, that people don’t know their rights and that she has more work to do.
Weekends Only Reports Credit Card Data Breach Thursday, March 09, 2017 ksdk.com The credit card information of Weekends Only online shoppers has been compromised, the furniture retailer has learned. The company says Aptos, the company that hosts its online payment platform experienced a data breach. That company is working with cyber security experts, the FBI and the U.S. Department of Justice in the investigation.
FBI Prepares for New Hunt for WikiLeaks’ Source Wednesday, March 08, 2017 washingtonpost.com The FBI has begun preparing for a major mole hunt to determine how anti-secrecy group WikiLeaks got an alleged arsenal of hacking tools the CIA has used to spy on espionage targets, according to people familiar with the matter. The leak rattled government and technology industry officials, who spent Tuesday scrambling to determine the accuracy and scope of the thousands of documents released by the group. They were also trying to assess the damage the revelations may cause, and what damage may come from future releases promised by WikiLeaks, these people said.
National Consumer Protection Week Wednesday, March 08, 2017 us-cert.gov March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.
National Consumer Protection Week: A Closer Look at Child Identity Theft Wednesday, March 08, 2017 lexch.com Child identity theft is one of the worst forms of identity theft because it often goes unchecked and unnoticed for years. A child’s Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. Why would ID thieves wish to assume a child’s identity? Because that child’s credit is a clean slate, which likely means available credit.
Lake Kennedy McCulloch (CPAs) Data Breach Wednesday, March 08, 2017 islandsweekly.com After a preliminary investigation, it was discovered that perpetrators had illegally hacked into the company’s system, and accessed 2015 tax return information for a number of individual tax clients. Using this information, staff believe the perpetrators fraudulently filed some 2016 returns to obtain tax refunds.
Pa. Appellate Court: Employer Owes No Duty of Care to Protect Employee Data Against Breach Wednesday, March 08, 2017 dataprotectionreport.com The court ruled that under state law, UPMC did not owe a duty of reasonable care to its employees in the collection and storage of employee data. In coming to this conclusion, the court acknowledged the practical realities facing large employers, highlighting the utility of electronic storage of employee data. The court also considered the social and financial costs of holding employers responsible for third-party criminal acts, especially “when there is no true way to prevent data breaches altogether.”
Verizon: Most Breaches Trace to Phishing, Social Engineering Wednesday, March 08, 2017 databreachtoday.com Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one of the hottest commodities on underground or dark web marketplaces are credentials, which attackers can use to log into enterprises and make it appear that they're legitimate users. "Because organizations don't have multifactor [authentication] rolled out, it makes it trivial to get in," says Chris Novak, director of global investigative response for Verizon, in a discussion about the company's latest Data Breach Digest, a companion report to the company's annual Data Breach Investigations report.
Identity Theft Hits Manufacturing Plant Wednesday, March 08, 2017 wnep.com Workers at an auto parts plant in Columbia County have had their personal information stolen and the crooks have already victimized some of the workers by using their names to file phony tax returns.
How to Recognize the Signs of Tax Identity Theft Wednesday, March 08, 2017 ksdk.com Tax filing season is upon us. Soon you will be filing your paperwork and perhaps receiving a nice check — unless thieves file a return in your name first and falsely claim your refund.
Do Not Return Calls or Texts From These Area Codes--It May Be a Scam Wednesday, March 08, 2017 inc.com A scam that seems to reappear periodically is back and helping criminals steal people's money. Protecting yourself is simple--if you know how the scam works. So, here is what you need to know to protect yourself from the three variants of the scam.
In Wake of Trump's Immigration Restrictions, Scam Artists Prey on the Undocumented Wednesday, March 08, 2017 pri.org From unscrupulous attorneys charging thousands of dollars for residency or work visas that never materialize to cheats bilking victims for documents freely available online and people passing themselves off as federal immigration agents, advocacy groups and officials say fraudsters are feasting on immigrant fears.
Realtors Caution of Final Notice Scam Wednesday, March 08, 2017 orlandosentinel.com Florida’s leading real estate industry group cautioned members against replying to a “Final Notice” bill from the Florida Board of Realtors. There is no Florida Board of Realtors. “It’s a scam,” said Florida Realtors chief executive Bill Martin. “And it’s not a simple scam. High-tech criminals put a great deal of work and planning into this.”
Obama’s Cyber Commissioners Nudge Trump on Cybersecurity Policy Wednesday, March 08, 2017 thehill.com Members of a commission established under former President Barack Obama to examine the federal government’s cybersecurity efforts are nudging the new Trump administration to move forward on its recommendations. Three members of the commission, including former Obama national security adviser Tom Donilon, on Monday reiterated their call for more cooperation between the public and private sector and more leadership in the White House to spearhead efforts on cybersecurity.
WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets Wednesday, March 08, 2017 wired.com Initial expert reactions are that the data seems legitimate and will create deep problems for the CIA on many fronts. The leak has the potential both to undermine the organization’s ability to carry out offensive intelligence gathering and to damage its international public perception. The leak exposes CIA capabilities and tools like unpatched iOS and Android vulnerabilities, strategies for compromising end-to-end encrypted chats (though not undermining the encryption itself), bugs in Windows, and even the ability to turn Samsung smart TVs into listening devices.
Ransomware Onslaught Continues: Old Foes, New Defenses Wednesday, March 08, 2017 databreachtoday.com Crypto-locking ransomware, which forcibly encrypts sensitive information on a system, then demands cryptocurrency for a promised decryption key, offers remote attackers a relatively low-cost, high-reward scheme, and they keep doubling down on related attacks. As the EU's law enforcement intelligence agency Europol noted in its Internet Organized Crime Assessment report last year, "cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data stealing malware and banking Trojans."
FTC: Young People Are Frequent Identity Theft Victims Tuesday, March 07, 2017 wgme.com Federal investigators say thieves are intentionally targeting young people because it can be years before the crime is detected...The Federal Trade Commission estimates that those between the ages of 20 and 29 are among the most frequent victims of identity theft, adding up to about 18 percent of all identity theft complaints.
Spammers Accidentally Expose Database of 1.4 Billion Addresses Tuesday, March 07, 2017 techspot.com Earlier this year, MacKeeper security researcher Chris Vickery stumbled upon what he described as a suspicious (yet publicly exposed) collection of files. To make a long story short, someone had forgotten to put a password on the repository and now, one of the world’s largest spam empires is crumbling.
Public School Board Investigates Data Breach Tuesday, March 07, 2017 windsorstar.com A security breach at the public school board leaked personal and banking information of employees on an internal computer network, before school officials were alerted by students who discovered the information on Monday.
WikiLeaks Says It Has Obtained Trove of CIA Hacking Tools Tuesday, March 07, 2017 washingtonpost.com The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA’s computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community’s most closely guarded cyber weapons. WikiLeaks touted its trove as exceeding in scale and significance the massive collection of National Security Agency documents exposed by former U.S. intelligence contractor Edward Snowden...The data release alarmed cybersecurity experts.
WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents Tuesday, March 07, 2017 nytimes.com In scale, the Vault 7 archive appears to fall into the same category as the biggest leaks of classified information in recent years, including the quarter-million diplomatic cables taken by Chelsea Manning, the former Army intelligence analyst, and given to WikiLeaks in 2010, and the hundreds of thousands of documents taken from the National Security Agency by Edward J. Snowden and given to journalists in 2013.
Payments Giant Verifone Investigating Breach Tuesday, March 07, 2017 krebsonsecurity.com Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.
University of Minnesota Law Grad Admits Guilt in Porn-Troll Scheme Tuesday, March 07, 2017 startribune.com John L. Steele, a University of Minnesota Law School graduate who once bragged to a reporter that he and a colleague earned millions of dollars by suing hundreds of people for illegally downloading pornography, admitted Monday in a Minneapolis federal courtroom that it was a scam.
Dark Web Scheme Lets Wannabe Cybercriminals Get in on Ransomware - for Free Tuesday, March 07, 2017 zdnet.com A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50. Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.
Filing a Consumer Complaint Tuesday, March 07, 2017 usa.gov Find out what steps to take and who you should contact if you need to file a complaint against a company.
Why Awareness Needs to Teach Scam Detection and Reaction Tuesday, March 07, 2017 csoonline.com Does your awareness program provide specific examples of what to avoid, or does it provide blanket guidance for how to behave. In this case, while it wasn’t the predefined scam, what I experienced had the same effect. Does your phishing training teach people how to recognize the simulated phishing messages, or phishing messages in general? Does your social engineering program teach people to recognize specific scams, or all general scams? You need to be very sure you’re teaching people the right things.
Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security Tuesday, March 07, 2017 consumerreports.org We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions.
As Many as 7.5 Million Voter Records Involved in Georgia Data Breach Monday, March 06, 2017 myajc.com Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach. As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record.
Consumer Reports to Test Products for Privacy, Data Security Monday, March 06, 2017 thehill.com Consumer Reports is going to begin evaluating products for privacy and data security, the U.S. nonprofit product review group said on Monday. Consumer Reports has partnered with cybersecurity experts to develop an industry standard for testing devices for security and consumer data protection, an initial version of which is posted online to solicit feedback. “We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy — and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps,” the organization said in a blog post on its website.
16 People Linked to Frisco Hospice Indicted in Alleged $60 Million Fraud Monday, March 06, 2017 nbcdfw.com The owner of a Frisco hospice and 15 others including doctors and nurses were indicted Tuesday after an FBI investigation uncovered an alleged $60 million health care fraud scheme. The FBI raided the company's offices in September 2015 and in a search warrant accused Harris of telling nurses to deliberately overdose some patients with morphine or other drugs in order to maximize profits. "You need to make this patient go bye-bye," Novus told one of the nurses, according to the search warrant.
Imposter Scams Bypass Identity Theft for First Time Monday, March 06, 2017 pymnts.com Last year imposter scams bypassed identity theft for the first time as the second largest category of consumer complaints, according to the Federal Trade Commission’s Consumer Sentinel Network in 2016.
New York’s Cybersecurity Rules: What Insurance Professionals Should Know Monday, March 06, 2017 insurancejournal.com The cyber rules require insurance and insurance-related companies as well as brokers, agents and adjusters licensed in New York to assess their specific cyber risk profiles and design cybersecurity programs that address such risk in a “robust fashion.”
Lawmakers Fear Us Has Fallen Behind in Cyber Warfare Monday, March 06, 2017 thehill.com Lawmakers in both chambers of Congress are confronting hard truths about the U.S. military’s cyber vulnerabilities and lack of a comprehensive strategy to deter and respond to cyberattacks. Members of Congress worry that adversaries could potentially breach the defense industry supply chain or exploit the military’s dependence on computers and high-tech systems for operations, fears that were confirmed by testimony from experts and former officials this week.
In Defense of Assuming Another’s Identity Monday, March 06, 2017 networkworld.com My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health. As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner. Lie to them.
Glastonbury Schools Phishing Scandals Impacts 1,600 Workers Saturday, March 04, 2017 nbcconnecticut.com A phishing scandal has hit another Connecticut school district. Glastonbury school's superintendent said the district became victim of the W-2 phishing scam that has impacted other districts in the country and Groton. Superintendent Alan B. Bookman said that 2016 employee W-2 tax form information was compromised for 1,600 workers. "With the exception of Food Service personnel, any Glastonbury Public Schools employee who was issued a W-2 for the 2016 tax year could be affected," a letter sent out to Glastonbury Public School employees said. Groton Public Schools reported a similar incident on Thursday.
Cancer-Stricken 5-Year-Old's Photo Used in Charity Scam, Family Claims Saturday, March 04, 2017 cnn.com It's hard enough to have a 5-year-old son battling brain cancer. But when Kelly Incandela learned that a woman apparently was going around Brooklyn in New York City fraudulently asking for donations for a funeral for her son, sadness quickly morphed into something else.
The Golden Age of Email Hacks Is Only Getting Started Saturday, March 04, 2017 wired.com As Governor of Indiana, Mike Pence conducted state business using his personal email account. An AOL account. So of course someone hacked it. With a phishing scam...Let’s start with the obvious: Personal email has no place in government business. Legally speaking, all state and federal employees must maintain a record of their communications. Transparency demands it. A government email account provides a digital paper trail, and something the public, or journalists, can demand access to. Personal accounts do not, because you may not even know they exist. Equally important, they don’t offer the security of a .gov account. From a basic security perspective, no one earning a government paycheck should use Yahoo, or Gmail, or AOL, or anything else because, honestly. Despite this, public officials continue using personal email. So do you. So do I, switching back and forth between work Outlook and personal Gmail. We all do it, for the same fundamental inalienable reason: We find it so much easier. That’s doubly true for people toiling away in tightly controlled environments, where draconian restrictions on access and attachments can make logging onto work emails literally more trouble than it’s worth.
FAFSA and Student Loan Identity Theft Saturday, March 04, 2017 idtheftcenter.org Too many young people discover their identities have been stolen when they apply for student loans or financial aid.
U.S. Marshals Warn Against Dual Phone Scams Saturday, March 04, 2017 networkworld.com The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.
German Researchers Find Flaws in Nine Major Password Managers Saturday, March 04, 2017 scmagazine.com A group of security researchers called TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities.
FTC Releases Annual Summary of Consumer Complaints Friday, March 03, 2017 ftc.gov Imposter scam complaints surpassed identity theft for the first time as the second most common category of consumer complaints received by the Federal Trade Commission’s Consumer Sentinel Network in 2016, according to the agency’s new Data Book...The rise in impostor scam reports is due to an increase in complaints about government imposters. Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician to convince a consumer to send money. Imposter scams also topped the list of complaints from military consumers followed by identity theft complaints.
19 Indicted in International Fraud and Money Laundering Schemes Friday, March 03, 2017 fbi.gov Federal indictments unsealed today in Washington, D.C., charged 19 people in the U.S. and abroad with participating in various international fraud and money laundering conspiracies that resulted in the theft of more than $13 million from more than 170 victims, primarily in the U.S...The investigation began in 2011, when the Bureau’s Washington Field Office received information about abandoned property in a hotel room in Washington, D.C. From that, the FBI was able to link the recovered evidence to a transnational organized crime operation involving an online vehicle fraud scheme...The investigation into the online vehicle fraud scheme led to the realization that some of the criminals involved in that scheme had branched out to much more lucrative activity—a BEC scheme that resulted in losses of more than $10 million from victim companies.
America Has a 'Cybersecurity Crisis': Symantec CEO Friday, March 03, 2017 cnbc.com Do you feel safe browsing online? Have you ever been a victim of credit card fraud? Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec Chief Executive Greg Clack told CNBC on Thursday. "I think that's a very big crisis."
Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world?
Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder?
Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud?
If so, we invite you to learn more about identity theft and scam expert Rob Douglas.