identity theft and scams
Welcome to
Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
 
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
identitytheft.info
spacer
spacer
There Have Been 
 
 Identity Theft Victims Year-To-Date
CATEGORIES
Latest Identity Theft News
Bitcoin Rise Fuels Social Media Scams
Monday, March 27, 2017
csoonline.com
The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media. Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
Cybercriminals Exploit March Madness Frenzy
Monday, March 27, 2017
darkreading.com
The last 15 days of the annual NCAA basketball tournament has seen heightened malicious activity involving phishing pages, adware downloads and mishandling of user data.
Alleged vDOS Owners Poised to Stand Trial
Monday, March 27, 2017
krebsonsecurity.com
Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline...The police are preparing to recommend prosecutors charge the men with computer fraud and extortion, alleging they caused more than six million shekels worth of damage (approximately USD $1.65 million).
Identity Theft Victim Sues Albuquerque Police Department
Monday, March 27, 2017
abqjournal.com
An investigation into a fraudulent check led Albuquerque police to arrest the victim of identity theft, even though the perpetrator who used his ID to cash the check looked dramatically different, according to a lawsuit filed this month.
Identity Theft Suspect With 19 Fake Driver Licenses Arrested
Monday, March 27, 2017
kron4.com
According to sheriff deputies, the unidentified male suspect was arrested for containing 19 fake California Driver Licenses and several packages purchased from a false credit and debit cards.
New Scam Tricks Victims out of Thousands of Dollars Using Old Con
Monday, March 27, 2017
wreg.com
It’s a new twist on an old scam designed to steal thousands of dollars from unsuspecting consumers nationwide. It used to be called the Secret Shopper scam. The new version goes by the name Secret Surveyor, but the con is the same.
Mass. State Police Warn of Phone Scam Seeking Money to Clear Warrants
Monday, March 27, 2017
turnto10.com
Massachusetts State Police say they've received numerous complaints about calls that appear to come from a phone number for the department's South Boston barracks. The caller is identified as an officer and then instructs victims to meet at local shopping centers to provide money to clear up police warrants.
Push for Internet Privacy Rules Moves to Statehouses
Monday, March 27, 2017
nytimes.com
As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights.
Inside the Hunt for Russia’s Most Notorious Hacker
Saturday, March 25, 2017
wired.com
America's war with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
Police: Woman Used Stolen ID to Buy Plastic Surgery
Friday, March 24, 2017
fox13news.com
Police are trying to track down a Polk County identity theft suspect who may now be flaunting $10,000 in stolen breast implants and butt injections.
T-Mobile is Rolling Out Scam Warnings on Incoming Calls
Friday, March 24, 2017
theverge.com
The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
IRS Makes Tax Refund Scams Harder but W-2 Phishing Attacks Continue Unabated
Friday, March 24, 2017
csoonline.com
Anti-fraud measures by the Internal Revenue Service (IRS) and state agencies over the past two years have made tax refund scams harder for cyber criminals to pull off even as attacks targeting taxpayer information continue unabated.
Congress Moves to Strike Internet Privacy Rules From Obama Era
Friday, March 24, 2017
nytimes.com
Republican senators moved Thursday to dismantle landmark internet privacy protections for consumers in the first decisive strike against telecommunications and technology regulations created during the Obama administration, and a harbinger of further deregulation.
Judge OKs Subway’s Record $31M FACTA Settlement
Friday, March 24, 2017
law360.com
A Florida federal judge has signed off on the largest settlement in the history of the Fair and Accurate Credit Transactions Act, a nearly $31 million deal between Subway and a class of consumers alleging the sandwich chain unlawfully printed full credit card expiration dates on receipts...FACTA regulations require retailers to omit card expiration dates on receipts, as emphasized in the Credit and Debit Card Clarification Act.
Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already
Friday, March 24, 2017
news.softpedia.com
A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.
Instagram Has Two-Factor Authentication Now, So Turn It On
Friday, March 24, 2017
wired.com
Because you care greatly about your personal security hygiene, you’ve already enlisted two-factor authentication to help protect most of your online accounts. That’s good! Instagram, though, hasn’t given you the option. That changes today. Go get it.
Yahoo Breach Lessons IT Can't Ignore
Friday, March 24, 2017
infoworld.com
The indictment against the attackers behind the Yahoo breach illustrates just how vulnerable corporate networks are when thieves get their hands on employees' personal information.
Aviation Phishing Scams
Friday, March 24, 2017
us-cert.gov
US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.
Beware of Crooks Trying to Steal Your Cryptocurrency With These Schemes
Friday, March 24, 2017
zdnet.com
Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency has become invaluable to cybercriminals who exploit its anonymous, decentralised nature as a tool for demanding ransomware payments and laundering various other ill-gotten gains. This month social media Bitcoin scams have reached a new high, with over 125 million malicious links across Twitter, Facebook, and Instagram designed to attack victims and extort Bitcoin.
How Many Dossiers Do Corporations Have on You? at Least 78 — That You Can See
Friday, March 24, 2017
bobsullivan.net
Most folks don’t know there are dozens of other credit reports maintained by a handful of low-profile companies. These track everything from your check-writing habits to your health insurance claims. Mistakes on these other credit reports can be just as financially painful. Consumers have the right to see what’s in these reports too, but that right is useless to consumers who’ve never heard of the companies involved. That’s why American consumers should know a lot more about what are called “specialty credit reports” in the industry.
PBSO Deputy Pleads Guilty to Fraud Charges in Identity Theft Scam
Friday, March 24, 2017
palmbeachpost.com
A Palm Beach County sheriff’s deputy, who in December was named officer of the year for the Delray district, on Thursday pleaded guilty to federal fraud charges, admitting he used his access to law enforcement databases to propel an identity theft scheme.
New Details on Massive Vermont Data Breach
Friday, March 24, 2017
wcax.com
Gov. Phil Scott says state leaders initially thought hackers only had the opportunity to snatch one year's worth of account data. Turns out the culprits could have their hands on 14 years' worth. "This is appalling and I know this will be incredibly burdensome to the tens of thousands of Vermonters who are impacted," said Scott, R-Vermont. The governor says he's disappointed by how long it took the third-party contractor that runs the site to notify them of the breach and its possible extent.
Maine Job Match Service Hit With Data Breach
Friday, March 24, 2017
mainebiz.biz
The vendor of a web-based job link service used by Maine and at least nine other states reported Tuesday it had been the victim of a malicious data breach. A release posted on the MDOL's website reported that America's JobLink, a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from a "malicious third party 'hacker.'" The hacker exploited a "vulnerability in the AJL application code to view the names, Social Security numbers and dates of birth of job seekers in the AJL systems of up to 10 states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont," according to the release.
FCC Cracks Down on Annoying Robocalls
Friday, March 24, 2017
nbcnews.com
You might get interrupted a little less during dinner by annoying "robocalls" thanks to a new FCC proposal that passed today. "Robocall" telemarketers use machines armed with a list of phone numbers and pre-recorded pitch messages. Basically they spam you over your home telephone lines. One way the groups making the calls avoid detection and get around consumer call blockers is to disguise their where they're calling from using "spoofed" phone numbers.
North Korea Said to Be Target of Inquiry Over $81 Million Cyberheist
Friday, March 24, 2017
nytimes.com
Federal prosecutors are investigating North Korea’s possible role in the theft of $81 million from the central bank of Bangladesh in what security officials fear could be a new front in cyberwarfare.
Grayson County Public Schools Catches W-2 Phishing Scam Email
Thursday, March 23, 2017
wdbj7.com
A popular scam that happens around tax time has returned, but this time it's targeting schools, but one local division caught it immediately. The district's Human Resources Director Janice Linker received an email Tuesday from, what appeared to be, Superintendent Kelly Wilmore. It asked her to send a list of all employee W-2s in PDF form. But the division was already on high alert for this scam.
Idaho Department of Labor Hacked, Possible Identity Theft of 170,000 Job-Seekers
Thursday, March 23, 2017
idahostatesman.com
The Idaho Department of Labor reported Wednesday that about 170,000 of the state’s 530,000 job-seeker accounts – active and historical – were compromised by a hacking incident on March 12 and March 13...The account information that may have been viewed includes customers’ name, Social Security number and date of birth.
Charles Man Sentenced to Prison for Identity Theft
Thursday, March 23, 2017
thebaynet.com
A search of the vehicle, which was the same one used by Lee and Williamson to travel to the department stores in August, revealed gift cards, sales receipts, clothing and other merchandise, a laptop computer portable Wi-Fi device, as well as items used to create gift and credit cards encoded with stolen account information, including an embosser and electronic encoder.
Med Center Health Reports Stolen Patient Billing Information
Thursday, March 23, 2017
wbko.com
The information included name, address, Social Security number, health insurance information, diagnosis and procedure codes, and charges for medical service. However, the information obtained did not include patient medical records.
Urology Austin Was Victim of Ransomware Attack
Thursday, March 23, 2017
oag.ca.gov
Personal information may have been impacted by the ransomware, including
name, address, date of birth, Social Security number, and medical information.
Health Care Facility Hacked by Ex-Employee Using 2-Year-Old Credentials
Thursday, March 23, 2017
washingtontimes.com
The former systems administrator of a Pennsylvania health care facility was charged with criminal hacking Monday after prosecutors said he wreaked havoc using administrative credentials that went unchanged more than two years after he resigned...Mr. Coughlin, the former computer technician of an unnamed health care facility, is accused of purging records from his old job’s databases and purchasing nearly $5,000 worth of iPads on the company’s dime after he was asked to resign from the gig in February 2013 following three weeks of employment.
Woman Loses More Than $700,000 in Online-Dating Site Scam
Thursday, March 23, 2017
clickondetroit.com
A Troy woman was scammed out of more than $700,000 when she believed the lies of someone posting a fake profile on a dating website...police said the 58-year-old grandmother was that trusting, and perhaps lonely. She was looking for companionship on the singles dating site Match.com. A man who called himself Donny Koch met her on the site and said he was from London. He said he worked on an oil rig and needed money, so she started sending thousands of dollars. The man then told her he was caught with all the cash she sent him and was jailed. He said he needed money for bail, so she sent more and more money. "She has given him approximately $703,000," said Troy police Captain Robert Redmond.
Grandmother Loses More Than $17,000 in Scam
Thursday, March 23, 2017
kwch.com
Saline County Sheriff Roger Soldan says a man identifying himself as Sgt. Bradshaw with the U.S. Embassy in the Dominican Republic told the woman over the phone Monday that her grandson had been arrested in the country for possessing marijuana. The man than convinced the Saline County woman that she needed to spend $17,720 for her grandson's freedom and to cover court fees and his transport out of the country.
6 N.J. Men Charged With Running Telemarketing Scam Targeting Seniors
Thursday, March 23, 2017
nj.com
Six New Jersey residents scammed senior citizens out of hundreds of thousands of dollars by running phony telemarketing investment scams, authorities said. The men established seven companies and successfully convinced more than 30 people to invest money...A representative from each of the companies called potential marks and advised them they could make money through marketing websites that would be set up on their behalf, according to court papers. The victims, many of whom didn't know how to use a computer, were told they had to do nothing more than send a check or provide a credit card number. The majority of the victims are more than 70 years old.
Lithuanian Con Artist Scams Two US Tech Giants out of $100 Million
Wednesday, March 22, 2017
zdnet.com
A man from Lithuania has been arrested after he conned two large technology firms out of $100 million in an elaborate phishing scheme. The US Department of Justice (DoJ) said on Tuesday that Evaldas Rimasauskas orchestrated a phishing scheme which targeted US technology giants specifically, and he was able to swindle $100 million by pretending to be a legitimate business partner of at least one of the victims.
Scammers Are Not “Friends” to Small Business Owners
Wednesday, March 22, 2017
ftc.gov
Lately we’ve been hearing about scammers who reach out to small businesses through Facebook messages. People have reported receiving messages on Facebook telling them that they’re eligible for – or that they’ve won – a business grant. If you get a message like this through your personal Facebook account or on your company’s page, don’t respond. It’s a scam. The government won’t contact you on social media to offer you money.
Study: 67% of Taxpayers Worry About Tax Fraud, Identity Theft
Wednesday, March 22, 2017
hartfordbusiness.com
Sixty-seven percent of U.S. taxpayers are concerned about tax fraud and identity theft this year, according to a study released Wednesday by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
Hialeah Police Officer Accused of Identity Theft
Wednesday, March 22, 2017
patch.com
The indictment alleges that Castellon used his law enforcement access to DAVID to log into the system, conduct searches and take screen shots of other personal identifying information between June 1, 2016, and Oct. 19, 2016, officials said. Castellon allegedly sent more than 25 screen shots to codefendant Neilin Gonzalez Diaz in exchange for gifts.
Apple Pressured to Pay Ransom by Hackers Threatening to Remotely Wipe iPhones
Wednesday, March 22, 2017
softpedia.com
Apple is currently under pressure to pay a ransom to a group of hackers who are threatening to remotely wipe iPhones.
NY Attorney General: Record Number of Data Breach Notices Sent in 2016
Wednesday, March 22, 2017
news10.com
The New York Attorney General’s Office announced it received a record number of data breach notices in 2016. The office says it received 1,300 reported data breaches, that’s a 60 percent increase from the year before. The breaches exposed personal records of 1.6 million New Yorkers.
IRS Issues New Tax Scam Warnings, FSA Tool Suspended Due to Security Concerns
Wednesday, March 22, 2017
csoonline.com
The Internal Revenue Service (IRS) has issued a new warning to businesses, taxpayers, and tax prep professionals about Phishing scams targeting the sensitive information they work with on a daily basis. Soon after, the IRS and the US Department of Education suspended a tool that helps people obtain financial aid for college.
Walton School District Falls Victim to Scam
Wednesday, March 22, 2017
wjhg.com
"Well we were victims of basically a very elaborate phishing scheme," said Walton School District Superintendent A. Russell Hughes. "We received an email from an unknown person that was impersonating the superintendent," said Chief Information Officer, Henry Martin. Hughes said a scammer sent a series of emails pretending to be him to various employees asking for personal information. "One of my employees basically contacted me and said "Mr. Hughes, did you get the information request?" and I said I didn't request information and immediately they kicked into "oh my goodness, something has happened," Hughes explained.
Phishing Your Employees for Schooling & Security
Wednesday, March 22, 2017
darkreading.com
Imagine this fictional scenario: A student, hoping to become a surgeon, attends hours of medical courses. She never misses a class, always listens, and takes copious notes. Finally, after receiving the years of training necessary, the student receives her medical degree having never taken a test. Would you let this surgeon operate on you? I sure hope not! Testing is a crucial part of any form of education, for both teachers and students. That's why I believe your phishing education program isn't complete until you phish your own company's tank.
Data Breach May Involve Hundreds of UNC Health Prenatal Patients
Tuesday, March 21, 2017
wral.com
UNC Health Care said Monday it has begun notifying patients of a potential breach where personal data provided by prenatal patients at two obstetric clinics were mistakenly transmitted to local county health departments. The breach affects up to 1,300 patients who are believed to have completed Pregnancy Home Risk Screening Forms at their prenatal appointments at the Women’s Clinic at the North Carolina Women’s Hospital and UNC Maternal-Fetal Medicine at Rex Hospital between April 2014 and last month, officials said.
LCC Health Clinic Discovers Data Breach, Private Information Possibly at Risk
Tuesday, March 21, 2017
kval.com
If you used the Lane Community College Health Clinic between March of 2016 and February of 2017, your private information may be at risk...Staff found a virus on one health clinic computer during a routine check in February. The virus may have shared patient information, including names, dates of birth and social security numbers to a third party.
Teenage Boy Behind Traffic Violation Scam, Police Say
Tuesday, March 21, 2017
6abc.com
The notice included a photograph of each resident's vehicle along with the property owner's last name and complete mailing address. The notice directed individuals to leave the cash in their mailbox and send a notification e-mail to report the payment was ready for pick-up.
Watch out for These Tax-Themed Phishing and Malware Scams
Tuesday, March 21, 2017
zdnet.com
Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks. It isn't as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.
Hundreds of Powhatan School Employees Compromised in Data Breach
Tuesday, March 21, 2017
wtvr.com
The personal information exposed in the breach includes employees Social Security numbers, address, wages and taxes, and gross income. The data breach includes the personal information of 905 employees of Powhatan County Public Schools, a school spokesperson confirmed.
Palm Beach County Sheriff's Deputy Expected to Plead Guilty in Identity Theft Case
Tuesday, March 21, 2017
sun-sentinel.com
Federal prosecutors said the road patrol deputy used a law enforcement database to steal people’s identities and sold the information to another man, who pleaded guilty to federal charges.
Police Investigate Identity Theft, Discover Skimming Device at Gas Station
Tuesday, March 21, 2017
pottsmerc.com
During the investigation, police said they located and seized a skimming device that was attached to a card reader on one of the gas pumps. This device was not visible, police said, and could not be immediately detected without accessing the gas pump cabinet.
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them
Monday, March 20, 2017
wired.com
Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information. According to the the Anti-Phishing Working Group, 100,000 new phishing attacks get reported every month, and thousands of people fall for them. But you are smart. You can increase your chances of avoiding phishing scams if you follow these three steps and, above all, remember that when it comes to your email you can’t really trust anything.
Reports of Potential Data Breach at Saks Fifth Ave
Monday, March 20, 2017
nbcmiami.com
There are reports of Saks Fifth Avenue inadvertently exposing the personal information of customers online. The breach, which was first reported by Buzzfeed, had the e-mail addresses and phone numbers of shoppers visible on the Saks website.
Neiman Marcus to Pay $1.6 Million in Shopper Data Breach Lawsuit
Monday, March 20, 2017
dallasnews.com
Neiman Marcus has agreed to pay $1.6 million to settle a data breach class action in Illinois federal court. The three-year-old case stemmed from the December 2013 cyber attack that exposed credit card data of an estimated 350,000 Neiman Marcus shoppers.
District Attorney Launches Criminal Investigation Into St. Charles Data Breach
Monday, March 20, 2017
mycentraloregon.com
Deschutes County District Attorney John Hummel has launched a criminal investigation into the apparent breach of patient records at St. Charles Health System. “I was dismayed to learn via media reports that apparently a St. Charles employee impermissibly accessed records of thousands of patients,” said Hummel. “An alleged breach of this magnitude should have been reported to local police so that a proper criminal investigation could be conducted – as far as I’m aware this did not happen.”
'Please Be Extra Vigilant': NC Schools Warned About Email Scam Seeking Private Info
Monday, March 20, 2017
wral.com
Melisa Jessup checked her email. In her inbox was a strange request from her boss, Stokes County Schools Superintendent Brad Rice.
Energy Grid, Infrastructure Lag Behind in Protection Against Cyber Risk and Crimes
Monday, March 20, 2017
thestreet.com
The businesses in the energy sector have focused too much of their resources and attention on physical security such as their plants and machinery instead of their technology. These flaws leave companies more susceptible to attacks, said James Lee, executive vice president at Waratek, a Dublin, Ireland-based provider of application security solutions. "To a hacker, the ways you attack a control application is just the same as how you steal information from a retailer or bank," he said. "The difference is a cyberattack against control technology puts lives at risk."
Lawmakers Fear Infiltration of Defense Supply Chain
Monday, March 20, 2017
thehill.com
Lawmakers are worried about the vulnerabilities of the Defense Department’s supply chain and the risk of adversaries inserting malicious material into Pentagon weapons systems. “For a sophisticated adversary, this complex, multi-tiered supply chain offers numerous targets for attackers to potentially subvert the design, integrity and resilience of key national security assets,” Sen. Gary Peters (D-Mich.), a member of the Senate Armed Services Committee, told The Hill.
One Billion Yahoo Accounts Still for Sale, Despite Hacking Indictments
Sunday, March 19, 2017
nytimes.com
For sale: one billion Yahoo accounts, $200,000 or best offer. The passwords don’t work, but the dates of birth, telephone numbers and security questions could still be useful to an adept cyberthief. After federal prosecutors unsealed indictments this week against four men they say were responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts, data on one billion accounts — stolen in another attack on the company a year earlier — appeared to remain available on underground hacker forums on Friday.
At Least Two More School District Employees Report Being Identity Theft Victims After W-2 Theft
Sunday, March 19, 2017
bradenton.com
Two more Manatee County School District employees have reported being victims of identity theft believed to be a result of the data breach that resulted in the release of more than 7,700 W-2 tax forms to hackers.
This New Cyber Scam Has Targeted Thousands
Sunday, March 19, 2017
nypost.com
Cybercriminals have a new scam that has already taken in 65 companies throughout the state and harvested more than 7,000 employees’ Social Security numbers.
OPM Warns of Scam Targeting Federal Annuitants
Sunday, March 19, 2017
federalnewsradio.com
“The scammer threatens to end the annuitant’s retirement, threatens that a ‘magistrate’ will criminally prosecute, and demands an immediate payment. This is a government imposter scam — Do not send money,” wrote OPM’s Ken Zawodny, the associate director of Retirement Services, in a blog post. “Any communication of this type is NOT from an OPM official. OPM will not make such calls.”
Ethical Hacking: The Most Important Job No One Talks About
Sunday, March 19, 2017
darkreading.com
Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.
Experts Divided on Value of Cyber National Guard
Sunday, March 19, 2017
csoonline.com
This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community. According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.
Reality Star Becomes Victim of Identity Theft
Sunday, March 19, 2017
wsbtv.com
Police are searching for a suspect who stole the identity of a well-known Atlanta reality star. And now they fear the suspect may have struck again.
Search Warrant Issued for Everyone Who Googled Identity Theft Victim’s Name
Sunday, March 19, 2017
consumerist.com
Investigators believe the suspect used Google to create the passport and carry out the theft. However, when the Hennepin County Administrative Subpoena was sent to Google requesting subscriber information for anyone who had performed a search of the victim’s name, the company rejected the request.
Tax Department: 65 Companies Have Been Victimized by Tax Scams
Saturday, March 18, 2017
whec.com
The New York state Tax Department is warning companies and workers after it says 65 companies with New York employees have been victimized by tax scams.
3 Fla. Men Arrested for Using Skimming Device to Steal Credit Card Info at Va. Gas Station
Saturday, March 18, 2017
wjla.com
Police have arrested three men from Miami for using a skimming device to steal customer credit and debit card information from pumps at a gas station in Falls Church, Virginia.
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam
Saturday, March 18, 2017
krebsonsecurity.com
On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
IRS Warns of Last-Minute Tax Scams
Saturday, March 18, 2017
us-cert.gov
The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.
Trump Budget Adds $61 Million for FBI Cybercrime-Fighting Efforts
Saturday, March 18, 2017
darkreading.com
The Trump administration has proposed allotting an extra $61 million in its 2018 budget to the FBI and the Justice Department to strengthen their fight against terrorists and cybercriminals.
Google Points to Another POS Vendor Breach
Friday, March 17, 2017
krebsonsecurity.com
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Hacker Is a Villain to Russia and the United States, for Different Reasons
Friday, March 17, 2017
nytimes.com
Before United States prosecutors accused him of having orchestrated one of the largest computer thefts, Dmitry A. Dokuchaev’s legal problems were deepening in Russia, where he was once known by the hacker alias Forb and specialized in purloining credit card numbers. Mr. Dokuchaev, a stocky 33-year-old who appears on an F.B.I. “wanted” poster wearing a blue suit and with a mop of sandy hair, is emerging as a central figure in fraught relations between the United States and Russia on cybersecurity issues.
Cascading Effect: One Attack Led to Another at Yahoo
Friday, March 17, 2017
businessinsider.com
In effect, hackers created a Yahoo skeleton key by fooling the service into thinking they had already signed into particular accounts, even if they didn't know their passwords. Web service providers typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. The hackers used malware and the scrambled passwords in the user database to manufacture fake cookies. To Yahoo, it then appeared that the hacker was the authorized user, who was already logged in without entering a password.
Two-Thirds of Enterprises Use Advanced Tech Without Securing Data: Report
Thursday, March 16, 2017
thehill.com
The report comes amid high concerns over cyberattacks in the public and private sectors, following massive data breaches at Yahoo and the federal government’s Office of Personnel Management. According to Thales’s research, nearly 90 percent of respondents reported feeling some degree of vulnerability to data threats.
2 Men Arrested, 100 Stolen Credit Reports Recovered
Friday, March 17, 2017
koin.com
They seized more than 100 stolen credit reports and applications taken from All Car Auto Sales in Gladstone. Detectives learned the files were stored in a bathroom at the car lot.
Unencrypted Drive With 7 Years of Patient Data Stolen From Denton Heart Group
Friday, March 17, 2017
healthcareitnews.com
The backup files contained a hoard of patient data from 2009 until 2016: names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.
Inside the Russian Hack of Yahoo: How They Did It
Thursday, March 16, 2017
csoonline.com
One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people...The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.
Personal Data Leak Affects 33 Million US Employees
Thursday, March 16, 2017
darkreading.com
Security researcher Hunt got the data from a reportedly reliable source, and it is believed that it may have been stolen from the unprotected database of a D&B customer. The information includes personal details such as email addresses and company information. Affected employees include those of the Department of Defense, US Postal Service, AT&T, FedEx, Citigroup and others.
Mom and Daughter Who Hid Millions in Diapers Plead Guilty to Medicare Fraud
Friday, March 17, 2017
miamiherald.com
A mother and daughter who hid $2.4 million cash in diapers and baby towels when returning to Miami from the Dominican Republic pleaded guilty to running a $20 million Medicare scam through their Miami-Dade home healthcare agencies.
Even Tech-Savvy Gmail Users Are Getting Fooled by This Phishing Scam
Friday, March 17, 2017
komando.com
This attack is very convincing. Gmail users are receiving emails from people in their contacts list who have already been hacked. The fraudulent email looks even more authentic because the scammer goes through the senders' messages to find a topic that you are probably familiar with.
Wishbone App Data Breach Affects Huge Number of Users
Friday, March 17, 2017
slashgear.com
According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.
IRS Still Coping With Identity Theft and Service Problems
Thursday, March 16, 2017
accountingtoday.com
The Internal Revenue Service is continuing to face challenges with identity theft and taxpayer service this tax season, although there have been some improvements since last year.
People Who Identify as 'Tech Savvy' Are 18 Percent More Likely to Suffer ID Theft
Thursday, March 16, 2017
betanews.com
Identity theft is a growing problem, but who is falling victim to online ID fraud, why is it still happening, and how can you protect yourself?
Watch for Fake Tax Preparers Who Steal Your Identity and Run off With Your Cash
Thursday, March 16, 2017
nbcnews.com
These dishonest businesses "prey on unsuspecting taxpayers with outlandish promises of overly large refunds," the IRS said in a news release. Some also commit identity theft with the sensitive private information clients give them in order to prepare their return. "Choose your tax return preparer carefully because you entrust them with your private financial information that needs to be protected," IRS Commissioner John Koskinen said in a statement.
Justice Department Charging Russian Spies and Criminal Hackers in Yahoo Intrusion
Wednesday, March 15, 2017
washingtonpost.com
The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials. The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States.
More Than 120,000 Affected by W-2 Phishing Scams This Tax Season
Wednesday, March 15, 2017
csoonline.com
Tax season doesn't officially end in the United States until April 18. At last count, 110 organizations have reported successful Phishing attacks targeting W-2 records, placing more than 120,000 taxpayers at risk for identity fraud. Many of those working for the victimized firms have had a stressful time dealing with the fallout. Those who have experienced this unique type of crime say it's a nightmare. Some of those affected have had fraudulent returns filed under their name, in addition to issues with educational expenses. In one case, the scammers created flexible spending accounts with their stolen identities.
FTC Recommends Wider Implementation of DMARC to Combat Phishing Attacks
Wednesday, March 15, 2017
huntonprivacyblog.com
Fewer than 10 percent of the businesses evaluated, however, use Domain Message Authentication Reporting & Conformance (“DMARC”) – an email authentication technology which alerts the business about potential spoofing efforts and instructs ISPs to automatically reject unauthenticated messages that claim to be from the business’s email address. In its report, the FTC recommended “wider implementation” of DMARC, noting that using DMARC to reject unauthenticated messages would help businesses “further combat phishing by keeping these scam emails from ever showing up in consumers’ inboxes.”
Life Insurance Agents Convicted of Wire Fraud, Identity Theft
Wednesday, March 15, 2017
mercurynews.com
Prosecutors said personal information used to apply for the policies was collected through various means, including paying recruiters to find people to take medical exams and paying people to participate in a fictitious survey of a medical exam company. The trio opened hundreds of bank accounts to fund the premiums on the policies and typically paid the premiums for one to four months before letting the policies lapse, according to prosecutors. They also returned verification calls to the company purporting to be the applicants.
Credit Card Fraud in 130,000 Cases: Organized Crime Group Disrupted in Europe
Wednesday, March 15, 2017
europol.europa.eu
The Cypriot Police with the support of Europol, the US Secret Service and the Investigative Committee of the Republic of Belarus, have disrupted an organised criminal group that affected more than 130,000 payment card holders from 29 countries. Financial losses, including those for EU citizens, totalled EUR 8 million. Four members of the criminal organisation, including the leader, were identified and arrested during a police raid in Belarus.
Former IRS Agent From New Mexico Pleads Guilty to Identity Theft Charges
Wednesday, March 15, 2017
krqe.com
Joan Mobley, 54, pleaded guilty to aggravated identity theft and false statement charges. Mobley was responsible for performing audits of small businesses and self-employed individuals.
Arlington PD Searching for ID Theft Victims After Big Bust
Wednesday, March 15, 2017
dfw.cbslocal.com
Police say they seized backpacks full of mail and documents and piles of credit cards and IDs — even medical records. But, victims may not know they’ve been compromised...During a traffic stop, police found five backpacks full of mail and documents: 50 credit cards, social security cards, medical records, drugs and a BB gun replica of a semi-automatic pistol.
Two Charged With Identity Theft in Pa. Investigation
Wednesday, March 15, 2017
heraldmailmedia.com
Chambersburg police have charged two more people with identity theft in connection with an ongoing investigation into Social Security cards used to obtain employment.
Jo's iPhone, Pat's Laptop: Why Giving a Device Your Name Is a Serious Privacy Risk
Tuesday, March 14, 2017
zdnet.com
Using your first and or last name to designate your phone might seem harmless. But combined with other information, that hostname can reveal a user's identity, where they work, and potentially their social networks. The warning comes in a new informational memo from the Internet Engineering Task Force (IETF), entitled 'Current Hostname Practice Considered Harmful', which homes in on internet protocols that leak device hostnames.
Cincinnati Eye Institute: Possible Data Breach
Tuesday, March 14, 2017
wcpo.com
Cincinnati Eye Institute has sent a letter to all 500 employees informing them that personal information including Social Security Numbers may have been compromised, and offering them free ID theft protection. The letter explains that "a number of employees" report their tax returns have been rejected by the IRS, because someone already filed taxes this year using their name and Social Security number. The only thing these people have in common, they say, is that they all work at CEI.
Banks Spending Three Times More on Cybersecurity
Tuesday, March 14, 2017
itproportal.com
Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown...Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
IRS Says Tax Identity Theft on the Downswing
Tuesday, March 14, 2017
fox61.com
The IRS says identity theft income tax return fraud plummeted in 2016, with a 46 percent drop in the number of victims, to 376,000. In addition, the agency says it also stopped one million fraudulent refunds from being issued last year with savings of almost $6.6 billion.
IRS Guides Taxpayers to Avoid Online Scammers
Tuesday, March 14, 2017
darkreading.com
The Internal Revenue Service (IRS) has called on taxpayers to be extra vigilant of scammers and guard against identity theft, especially during tax-paying time. To assist taxpayers, the IRS has included online security steps in its sixth release of Tax Time Guide, a series of 10 IRS tax tips.
Boeing Insider Data Breach Serves as Reminder for HR
Tuesday, March 14, 2017
shrm.org
He couldn't format a spreadsheet. So he sent it to his spouse for help, ultimately causing a breach that could have exposed the personal data of 36,000 Boeing employees in four states, according to a report by The Associated Press. This is a good reminder of why HR needs to ensure employees are trained on proper data security measures.
Couple Lost $5,000 in IRS Scam
Tuesday, March 14, 2017
coshoctontribune.com
Sheriff's deputies report a Warsaw couple was scammed out of $5,150 last week by a telephone caller who claimed they owed back taxes.
CyberEdge: Ransomware Affected 61% of Organizations
Tuesday, March 14, 2017
softpedia.com
CyberEdge Group released its latest Cyberthreat Defense Report and, following its surveys, said that a huge number of organizations were affected by ransomware last year. Of those affected, 54% managed to get their data back without paying the ransom, while another 33% chose to pay the ransom to recover their info. Another 13% refused to pay and lost the data as a consequence.
Listen to ‘Tech Support’ Scam Calls That Bilk Millions out of Victims
Tuesday, March 14, 2017
wired.com
The scam starts with a warning on your computer—a shamelessly fake one, often imitating a blue screen of death or a blinking malware alert. It informs you that your PC suffers from a smorgasboard of security problems, ranging from stolen credit cards to breached family photos to stalkers watching you through your webcam. And it offers a toll-free number for a “Microsoft” support line.
Ark City School District Victim of Internet Phishing
Tuesday, March 14, 2017
newscow.net
The Ark City school district and its employees were recently the victims of an online phishing scheme in which certain employees’ tax account information was compromised.
Phone Scam Pretending to Be Publisher's Clearinghouse Steals Thousands
Tuesday, March 14, 2017
wpsdlocal6.com
The Weakley County, Tennessee, Sheriff's Department says the victim of the scam was told they won a car and millions of dollars from Publisher's Clearinghouse. They were told they needed to pay taxes on the car by wiring it to the scammers via Western Union. Before they sent the money, the victim was convinced not to tell anyone about their supposed winnings as well.
US Military Leak Exposes "Holy Grail" of Security Clearance Files
Monday, March 13, 2017
zdnet.com
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance...Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.
Hackers Steal Personal Data of Thousands of Hospital Staff
Monday, March 13, 2017
zdnet.com
Hackers have stolen information about thousands of NHS medical professionals by compromising the server of a private contractor. Cyberattackers infiltrated a data server operated by IT supplier Landauer, stealing a mix of names, dates of birth, radiation doses, and National Insurance numbers of staff who work with X-Rays.
Over 65.3M LinkedIn Users Have Weak Passwords, the Rest Can Be Easily Cracked
Monday, March 13, 2017
news.softpedia.com
Last year, LinkedIn has a massive data breach where millions of passwords were leaked, and it seems that out of the entire trove of data, 35% of users were using weak passwords to begin with, while other 65% were using passwords that can be cracked.
IRS Took Down FAFSA-Autofill Tool to Prevent Identity Theft
Monday, March 13, 2017
nextgov.com
An online tool that auto-filled tax data for federal student loan applications has been temporarily removed in an effort to stave off identity thieves.
N.J. Man Charged in Elaborate Identity Theft Scheme
Monday, March 13, 2017
nj.com
Clay is accused of diverting mail, hacking online accounts and applying for and receiving loans and credit cards under others' names.
Husband and Wife Charged With Identity Theft
Monday, March 13, 2017
thetimes-tribune.com
Ann Marie Comcowich, 47, worked as a “relationship management specialist” for Prudential Insurance Co. in Moosic. She used Social Security numbers and account numbers to funnel $84,161.53 from tax-deferred retirement plans into a bank account she shared with her husband, 52-year-old Kenneth Comcowich, Detective Renee Castellani charged in a complaint.
VCU Reports Breach of Medical Files
Monday, March 13, 2017
richmond.com
Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes...An investigation found that employees of some community physician groups and an employee of a contracted vendor accessed, without legitimate business reasons, information about services patients received at the VCU Health System. As a result of the incidents, the respective employers terminated those employees.
Phishing: Would You Fall for One of These Scam Emails?
Monday, March 13, 2017
zdnet.com
In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.
Home Depot Settles Data Breach Claims
Friday, March 10, 2017
huntonprivacyblog.com
Home Depot reached an agreement that includes the payment of $25 million and the implementation of new data security measures to resolve a class action brought by financial institutions impacted by the company’s 2014 data breach. The breach involved the theft of Home Depot customers’ personal information, including names, payment card numbers, expiration dates and security codes. Approximately 56 million payment card numbers were compromised. This information was sold to identity thieves, who used it to make fraudulent transactions. As a result, financial institutions were required to take steps such as cancelling the compromised cards and reimbursing customers for fraudulent charges.
Phishing Scam Catches NC Symphony
Friday, March 10, 2017
newsobserver.com
The North Carolina Symphony recently fell prey to an email “Phishing” scam – and it’s going to cost the organization nearly $60,000. According to a report filed with the North Carolina Attorney General’s office, the Feb. 7 leak involved the mistaken release of W-2 tax information for 262 people, including symphony musicians, staff and contract employees.
30 Accused in Queens Credit Card, Identity Theft Ring
Friday, March 10, 2017
newyork.cbslocal.com
The ring was responsible for stealing personal credit information from hundreds of consumers at a cost of more than $3.5 million in losses to individuals and financial institutions, prosecutors said...Seepersad allegedly accessed the financial records of potential buyers at car dealerships where he worked and gave them to the theft ring for a flat fee, prosecutors said. The theft ring then gave the stolen personal information to an “account activator” who took the information and prepared accounts to be taken over, prosecutors said.
Lawmakers Receive Lukewarm Assessment of Cyber Cooperation Between Feds, Private Sector
Thursday, March 09, 2017
thehill.com
Legislators received a lukewarm assessment of the federal government’s cooperation with the private sector on cybersecurity at a hearing on Thursday. Industry experts told a congressional panel with oversight of the Department of Homeland Security’s (DHS) cybersecurity and infrastructure protection efforts that the agency needs to share more information more quickly and robustly with private organizations to safeguard the nation against cyber threats.
Fake SEC Emails Target Execs for Inside Information
Thursday, March 09, 2017
fortune.com
Cyber scammers are using a new trick to get confidential corporate information: They are sending spoofed emails, purporting to be from the Security and Exchange Commission, and aiming them at lawyers, compliance managers, and other company officials who file documents with the SEC...The email attacks in question, known as "spear-phishing" are effective because they are addressed to specific people and appear to be from a legitimate source. In the case of the fake SEC emails, the targets included corporate officials with titles like SEC Reporting Manager and Senior Legal Specialist—the very people, in other words, responsible for securities filings, and who could expect to receive an email from the SEC.
Government Imposters Want to Get to Know You
Friday, March 10, 2017
consumer.ftc.gov
The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) and the FTC want you to know about a scam in which callers posing as federal employees are trying to get or verify personal information. This is a government imposter scam.
After CIA Leaks, Tech Giants Scramble to Patch Security Flaws
Thursday, March 09, 2017
zdnet.com
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA's Center for Cyber Intelligence.
HHS' IT 'Strategic Plan' Spotlights Cybersecurity, Privacy
Friday, March 10, 2017
healthcareinfosecurity.com
The Department of Health and Human Services' four-year information technology strategic plan includes a risk-based approach focused on improving security and privacy protections of HHS data and systems, more effectively preventing and responding to emerging threats, and beefing up HHS' cybersecurity-related workforce.
Credit Union Sues Eddie Bauer for Failing to Prevent Data Breach
Friday, March 10, 2017
seattletimes.com
Veridian Credit Union says Eddie Bauer should compensate financial institutions for their costs after a hack of the retailer’s point-of-sale system stole consumer payment card information last year.
Health Industry Plays Catch-Up on Cybersecurity
Thursday, March 09, 2017
thehill.com
All eyes are on an upcoming report from a Department of Health and Human Services (HHS) task force established under the Obama administration that will detail the industry’s cybersecurity shortfalls. “We have very few specific challenges to healthcare, but a lot of the smaller individual challenges that other sectors face, we have all of them,” Josh Corman, head of the Atlantic Council’s Cyber Statecraft Initiative and a member of the task force, told The Hill.
Internet-Connected 'Smart' Devices Are Dunces About Security
Thursday, March 09, 2017
sfgate.com
One problem: Many people don't realize they have to secure connected devices with passwords like they do with computers. "People don't think of a TV or a camera as a computer and that's all it is," said Gartner analyst Avivah Litan. If a device comes with a default password, it needs changing the moment you hook it up. Similarly, your Wi-Fi password shouldn't still be the one it came out of the box; it needs a hard-to-guess passphrase to ensure that it can't be easily hacked.
FBI Chief Calls for Private Sector to Help Battle Cybercrime
Thursday, March 09, 2017
cio.com
In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target's systems.
C.I.A. Scrambles to Contain Damage From WikiLeaks Documents
Thursday, March 09, 2017
nytimes.com
Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.
CAIF Raises Awareness of Medical Identity Theft
Thursday, March 09, 2017
effinghamdailynews.com
Coalition Against Insurance Fraud has advised that Identity Theft has spawned a vicious new crime: Medical Identity Theft...These scams include illegal and bogus treatment, the purchases of addictive drugs and the purchase of various medical devices and equipment such as oxygen tanks or wheelchairs. Additionally, the victims correct health history can be compromised by the actual scammer's medical file and treatments.
Madigan Finds Debt and Identity Theft to Be Reoccurring Complaints
Thursday, March 09, 2017
chicago.cbslocal.com
Consumer debt and identity theft continue to be the top sources of complaints to the Illinois attorney general...Madigan said the fact that her office has gotten these same complaints nine years in a row shows how some of the scams change, that people don’t know their rights and that she has more work to do.
Weekends Only Reports Credit Card Data Breach
Thursday, March 09, 2017
ksdk.com
The credit card information of Weekends Only online shoppers has been compromised, the furniture retailer has learned. The company says Aptos, the company that hosts its online payment platform experienced a data breach. That company is working with cyber security experts, the FBI and the U.S. Department of Justice in the investigation.
Daytona State College Warns Employees of Potential Data Breach
Thursday, March 09, 2017
clickorlando.com
Daytona State College is warning its staff about a potential data breach involving W-2 information after one employee had his or her personal information misused.
FBI Prepares for New Hunt for WikiLeaks’ Source
Wednesday, March 08, 2017
washingtonpost.com
The FBI has begun preparing for a major mole hunt to determine how anti-secrecy group WikiLeaks got an alleged arsenal of hacking tools the CIA has used to spy on espionage targets, according to people familiar with the matter. The leak rattled government and technology industry officials, who spent Tuesday scrambling to determine the accuracy and scope of the thousands of documents released by the group. They were also trying to assess the damage the revelations may cause, and what damage may come from future releases promised by WikiLeaks, these people said.
National Consumer Protection Week
Wednesday, March 08, 2017
us-cert.gov
March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.
Hackers Use Facebook Quizzes to Steal Personal Info
Wednesday, March 08, 2017
nbcnews.com
Security experts warn that hackers often use Facebook quizzes to access your personal information.
National Consumer Protection Week: A Closer Look at Child Identity Theft
Wednesday, March 08, 2017
lexch.com
Child identity theft is one of the worst forms of identity theft because it often goes unchecked and unnoticed for years. A child’s Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. Why would ID thieves wish to assume a child’s identity? Because that child’s credit is a clean slate, which likely means available credit.
Traffic Stop Helps Charlotte Police Blow Open Ring of Fake Credit Cards and Bogus IDs
Wednesday, March 08, 2017
charlotteobserver.com
A random traffic stop last month has provided a glimpse into an identity-theft ring in Charlotte that police say has claimed victims across the Carolinas and as far away as California.
Lake Kennedy McCulloch (CPAs) Data Breach
Wednesday, March 08, 2017
islandsweekly.com
After a preliminary investigation, it was discovered that perpetrators had illegally hacked into the company’s system, and accessed 2015 tax return information for a number of individual tax clients. Using this information, staff believe the perpetrators fraudulently filed some 2016 returns to obtain tax refunds.
Pa. Appellate Court: Employer Owes No Duty of Care to Protect Employee Data Against Breach
Wednesday, March 08, 2017
dataprotectionreport.com
The court ruled that under state law, UPMC did not owe a duty of reasonable care to its employees in the collection and storage of employee data. In coming to this conclusion, the court acknowledged the practical realities facing large employers, highlighting the utility of electronic storage of employee data. The court also considered the social and financial costs of holding employers responsible for third-party criminal acts, especially “when there is no true way to prevent data breaches altogether.”
Verizon: Most Breaches Trace to Phishing, Social Engineering
Wednesday, March 08, 2017
databreachtoday.com
Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one of the hottest commodities on underground or dark web marketplaces are credentials, which attackers can use to log into enterprises and make it appear that they're legitimate users. "Because organizations don't have multifactor [authentication] rolled out, it makes it trivial to get in," says Chris Novak, director of global investigative response for Verizon, in a discussion about the company's latest Data Breach Digest, a companion report to the company's annual Data Breach Investigations report.
Identity Theft Hits Manufacturing Plant
Wednesday, March 08, 2017
wnep.com
Workers at an auto parts plant in Columbia County have had their personal information stolen and the crooks have already victimized some of the workers by using their names to file phony tax returns.
How to Recognize the Signs of Tax Identity Theft
Wednesday, March 08, 2017
ksdk.com
Tax filing season is upon us. Soon you will be filing your paperwork and perhaps receiving a nice check — unless thieves file a return in your name first and falsely claim your refund.
Do Not Return Calls or Texts From These Area Codes--It May Be a Scam
Wednesday, March 08, 2017
inc.com
A scam that seems to reappear periodically is back and helping criminals steal people's money. Protecting yourself is simple--if you know how the scam works. So, here is what you need to know to protect yourself from the three variants of the scam.
In Wake of Trump's Immigration Restrictions, Scam Artists Prey on the Undocumented
Wednesday, March 08, 2017
pri.org
From unscrupulous attorneys charging thousands of dollars for residency or work visas that never materialize to cheats bilking victims for documents freely available online and people passing themselves off as federal immigration agents, advocacy groups and officials say fraudsters are feasting on immigrant fears.
Realtors Caution of Final Notice Scam
Wednesday, March 08, 2017
orlandosentinel.com
Florida’s leading real estate industry group cautioned members against replying to a “Final Notice” bill from the Florida Board of Realtors. There is no Florida Board of Realtors. “It’s a scam,” said Florida Realtors chief executive Bill Martin. “And it’s not a simple scam. High-tech criminals put a great deal of work and planning into this.”
Obama’s Cyber Commissioners Nudge Trump on Cybersecurity Policy
Wednesday, March 08, 2017
thehill.com
Members of a commission established under former President Barack Obama to examine the federal government’s cybersecurity efforts are nudging the new Trump administration to move forward on its recommendations. Three members of the commission, including former Obama national security adviser Tom Donilon, on Monday reiterated their call for more cooperation between the public and private sector and more leadership in the White House to spearhead efforts on cybersecurity.
WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets
Wednesday, March 08, 2017
wired.com
Initial expert reactions are that the data seems legitimate and will create deep problems for the CIA on many fronts. The leak has the potential both to undermine the organization’s ability to carry out offensive intelligence gathering and to damage its international public perception. The leak exposes CIA capabilities and tools like unpatched iOS and Android vulnerabilities, strategies for compromising end-to-end encrypted chats (though not undermining the encryption itself), bugs in Windows, and even the ability to turn Samsung smart TVs into listening devices.
Ransomware Onslaught Continues: Old Foes, New Defenses
Wednesday, March 08, 2017
databreachtoday.com
Crypto-locking ransomware, which forcibly encrypts sensitive information on a system, then demands cryptocurrency for a promised decryption key, offers remote attackers a relatively low-cost, high-reward scheme, and they keep doubling down on related attacks. As the EU's law enforcement intelligence agency Europol noted in its Internet Organized Crime Assessment report last year, "cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data stealing malware and banking Trojans."
Retired FBI Agent Helps Nab Identity Fraud Suspect at Kinetic Credit Union
Tuesday, March 07, 2017
ledger-enquirer.com
A man attempting to take out an automobile loan at a Kinetic Credit Union branch was arrested by federal agents on Monday and charged with making false statements to a federally insured institution and aggravated identity theft.
FTC: Young People Are Frequent Identity Theft Victims
Tuesday, March 07, 2017
wgme.com
Federal investigators say thieves are intentionally targeting young people because it can be years before the crime is detected...The Federal Trade Commission estimates that those between the ages of 20 and 29 are among the most frequent victims of identity theft, adding up to about 18 percent of all identity theft complaints.
Spammers Accidentally Expose Database of 1.4 Billion Addresses
Tuesday, March 07, 2017
techspot.com
Earlier this year, MacKeeper security researcher Chris Vickery stumbled upon what he described as a suspicious (yet publicly exposed) collection of files. To make a long story short, someone had forgotten to put a password on the repository and now, one of the world’s largest spam empires is crumbling.
Public School Board Investigates Data Breach
Tuesday, March 07, 2017
windsorstar.com
A security breach at the public school board leaked personal and banking information of employees on an internal computer network, before school officials were alerted by students who discovered the information on Monday.
WikiLeaks Says It Has Obtained Trove of CIA Hacking Tools
Tuesday, March 07, 2017
washingtonpost.com
The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA’s computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community’s most closely guarded cyber weapons. WikiLeaks touted its trove as exceeding in scale and significance the massive collection of National Security Agency documents exposed by former U.S. intelligence contractor Edward Snowden...The data release alarmed cybersecurity experts.
WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents
Tuesday, March 07, 2017
nytimes.com
In scale, the Vault 7 archive appears to fall into the same category as the biggest leaks of classified information in recent years, including the quarter-million diplomatic cables taken by Chelsea Manning, the former Army intelligence analyst, and given to WikiLeaks in 2010, and the hundreds of thousands of documents taken from the National Security Agency by Edward J. Snowden and given to journalists in 2013.
Payments Giant Verifone Investigating Breach
Tuesday, March 07, 2017
krebsonsecurity.com
Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.
University of Minnesota Law Grad Admits Guilt in Porn-Troll Scheme
Tuesday, March 07, 2017
startribune.com
John L. Steele, a University of Minnesota Law School graduate who once bragged to a reporter that he and a colleague earned millions of dollars by suing hundreds of people for illegally downloading pornography, admitted Monday in a Minneapolis federal courtroom that it was a scam.
Dark Web Scheme Lets Wannabe Cybercriminals Get in on Ransomware - for Free
Tuesday, March 07, 2017
zdnet.com
A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50. Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.
Filing a Consumer Complaint
Tuesday, March 07, 2017
usa.gov
Find out what steps to take and who you should contact if you need to file a complaint against a company.
Why Awareness Needs to Teach Scam Detection and Reaction
Tuesday, March 07, 2017
csoonline.com
Does your awareness program provide specific examples of what to avoid, or does it provide blanket guidance for how to behave. In this case, while it wasn’t the predefined scam, what I experienced had the same effect. Does your phishing training teach people how to recognize the simulated phishing messages, or phishing messages in general? Does your social engineering program teach people to recognize specific scams, or all general scams? You need to be very sure you’re teaching people the right things.
Sunnyside School District Accidentally Releases Employees' Personal Information
Tuesday, March 07, 2017
tucsonnewsnow.com
Personal employee information was accidentally emailed to every Sunnyside Unified School District employee. That's more than 2,000 people. According to the district's IT department, at least 559 employees opened that email.
Microsoft Tech Support Scam Leverages Full-Screen Mode to Trick Victims
Tuesday, March 07, 2017
scmagazine.com
A new tech support scam website leverages deceptive visual elements to trick victims into thinking they have been redirected to a legitimate Microsoft support website, even though they actually never left the scam page.
Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security
Tuesday, March 07, 2017
consumerreports.org
We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions.
As Many as 7.5 Million Voter Records Involved in Georgia Data Breach
Monday, March 06, 2017
myajc.com
Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach. As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record.
Consumer Reports to Test Products for Privacy, Data Security
Monday, March 06, 2017
thehill.com
Consumer Reports is going to begin evaluating products for privacy and data security, the U.S. nonprofit product review group said on Monday. Consumer Reports has partnered with cybersecurity experts to develop an industry standard for testing devices for security and consumer data protection, an initial version of which is posted online to solicit feedback. “We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy — and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps,” the organization said in a blog post on its website.
16 People Linked to Frisco Hospice Indicted in Alleged $60 Million Fraud
Monday, March 06, 2017
nbcdfw.com
The owner of a Frisco hospice and 15 others including doctors and nurses were indicted Tuesday after an FBI investigation uncovered an alleged $60 million health care fraud scheme. The FBI raided the company's offices in September 2015 and in a search warrant accused Harris of telling nurses to deliberately overdose some patients with morphine or other drugs in order to maximize profits. "You need to make this patient go bye-bye," Novus told one of the nurses, according to the search warrant.
Imposter Scams Bypass Identity Theft for First Time
Monday, March 06, 2017
pymnts.com
Last year imposter scams bypassed identity theft for the first time as the second largest category of consumer complaints, according to the Federal Trade Commission’s Consumer Sentinel Network in 2016.
New York’s Cybersecurity Rules: What Insurance Professionals Should Know
Monday, March 06, 2017
insurancejournal.com
The cyber rules require insurance and insurance-related companies as well as brokers, agents and adjusters licensed in New York to assess their specific cyber risk profiles and design cybersecurity programs that address such risk in a “robust fashion.”
Hackers Leak Kate Moss’ Nude Wedding Day Images After Hacking Her Computer
Monday, March 06, 2017
techworm.net
Hackers managed to breach supermodel Kate Moss’ computer and access her online accounts. The unknown hackers then proceed to leak nude images of Kate Moss in a state of undressing and changing into her wedding gown during her wedding to Jamie Hince in 2011.
Former Social Security Worker Indicted on Identity Theft Charges
Monday, March 06, 2017
nydailynews.com
An ex-Social Security Administration worker was indicted by a Brooklyn federal grand jury for swiping social security numbers and birthdates, authorities said Friday. Sharon Coffee-Dean, of Queens, is charged with stealing the information of 41 people and selling them to individuals who filed fraudulent tax returns.
Lawmakers Fear Us Has Fallen Behind in Cyber Warfare
Monday, March 06, 2017
thehill.com
Lawmakers in both chambers of Congress are confronting hard truths about the U.S. military’s cyber vulnerabilities and lack of a comprehensive strategy to deter and respond to cyberattacks. Members of Congress worry that adversaries could potentially breach the defense industry supply chain or exploit the military’s dependence on computers and high-tech systems for operations, fears that were confirmed by testimony from experts and former officials this week.
Missouri Proposal Requires Schools to Tell You When Child's Information Stolen
Monday, March 06, 2017
kspr.com
The state auditor said Missouri law currently does not require school districts to alert parents or guardians when student's sensitive information is stolen.
In Defense of Assuming Another’s Identity
Monday, March 06, 2017
networkworld.com
My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health. As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner. Lie to them.
Glastonbury Schools Phishing Scandals Impacts 1,600 Workers
Saturday, March 04, 2017
nbcconnecticut.com
A phishing scandal has hit another Connecticut school district. Glastonbury school's superintendent said the district became victim of the W-2 phishing scam that has impacted other districts in the country and Groton. Superintendent Alan B. Bookman said that 2016 employee W-2 tax form information was compromised for 1,600 workers.
"With the exception of Food Service personnel, any Glastonbury Public Schools employee who was issued a W-2 for the 2016 tax year could be affected," a letter sent out to Glastonbury Public School employees said. Groton Public Schools reported a similar incident on Thursday.
Cancer-Stricken 5-Year-Old's Photo Used in Charity Scam, Family Claims
Saturday, March 04, 2017
cnn.com
It's hard enough to have a 5-year-old son battling brain cancer. But when Kelly Incandela learned that a woman apparently was going around Brooklyn in New York City fraudulently asking for donations for a funeral for her son, sadness quickly morphed into something else.
The Golden Age of Email Hacks Is Only Getting Started
Saturday, March 04, 2017
wired.com
As Governor of Indiana, Mike Pence conducted state business using his personal email account. An AOL account. So of course someone hacked it. With a phishing scam...Let’s start with the obvious: Personal email has no place in government business. Legally speaking, all state and federal employees must maintain a record of their communications. Transparency demands it. A government email account provides a digital paper trail, and something the public, or journalists, can demand access to. Personal accounts do not, because you may not even know they exist. Equally important, they don’t offer the security of a .gov account. From a basic security perspective, no one earning a government paycheck should use Yahoo, or Gmail, or AOL, or anything else because, honestly. Despite this, public officials continue using personal email. So do you. So do I, switching back and forth between work Outlook and personal Gmail. We all do it, for the same fundamental inalienable reason: We find it so much easier. That’s doubly true for people toiling away in tightly controlled environments, where draconian restrictions on access and attachments can make logging onto work emails literally more trouble than it’s worth.
FAFSA and Student Loan Identity Theft
Saturday, March 04, 2017
idtheftcenter.org
Too many young people discover their identities have been stolen when they apply for student loans or financial aid.
U.S. Marshals Warn Against Dual Phone Scams
Saturday, March 04, 2017
networkworld.com
The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.
Cryptolocker Bursts Onto Scene Again, Targeting Europe and U.S.
Saturday, March 04, 2017
scmagazine.com
Researchers have spotted a sudden resurgence of the Windows-based ransomware CryptoLocker early this year, specifically identifying clusters of attacks targeting Italy, Dutch-speaking victims, and even the U.S.
German Researchers Find Flaws in Nine Major Password Managers
Saturday, March 04, 2017
scmagazine.com
A group of security researchers called TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities.
FTC Releases Annual Summary of Consumer Complaints
Friday, March 03, 2017
ftc.gov
Imposter scam complaints surpassed identity theft for the first time as the second most common category of consumer complaints received by the Federal Trade Commission’s Consumer Sentinel Network in 2016, according to the agency’s new Data Book...The rise in impostor scam reports is due to an increase in complaints about government imposters. Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician to convince a consumer to send money. Imposter scams also topped the list of complaints from military consumers followed by identity theft complaints.
Cyberstalking Charge Brought in Manhattan Federal Court Against Missouri Man for a Pattern of Harrassment Involving Threats to Jewish Community Centers
Friday, March 03, 2017
justice.gov
In July 2016, an email was sent to Victim-1’s employer that made false allegations about Victim-1, including that she had broken the law, using an internet protocol (“IP”) address that Thompson had previously used to access his social media account. On October 15, 2016, an IP address that traced back to Thompson’s residence was used to report falsely that Victim-1 possessed child pornography. When confronted by law enforcement on November 22, 2016, Thompson claimed that his email account had been hacked a few weeks earlier...
Nickelback Drummer is Victim of Identity Theft
Friday, March 03, 2017
radio.com
Someone tried to impersonate the drummer from Nickelback, Daniel Adair, to the tune of $25,000. A Florida man, Howard Koenig, tried to purchase musical equipment using Daniel Adair’s name and credit card, reports the TCPalm.
19 Indicted in International Fraud and Money Laundering Schemes
Friday, March 03, 2017
fbi.gov
Federal indictments unsealed today in Washington, D.C., charged 19 people in the U.S. and abroad with participating in various international fraud and money laundering conspiracies that resulted in the theft of more than $13 million from more than 170 victims, primarily in the U.S...The investigation began in 2011, when the Bureau’s Washington Field Office received information about abandoned property in a hotel room in Washington, D.C. From that, the FBI was able to link the recovered evidence to a transnational organized crime operation involving an online vehicle fraud scheme...The investigation into the online vehicle fraud scheme led to the realization that some of the criminals involved in that scheme had branched out to much more lucrative activity—a BEC scheme that resulted in losses of more than $10 million from victim companies.
America Has a 'Cybersecurity Crisis': Symantec CEO
Friday, March 03, 2017
cnbc.com
Do you feel safe browsing online? Have you ever been a victim of credit card fraud? Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec Chief Executive Greg Clack told CNBC on Thursday. "I think that's a very big crisis."
Yahoo’s Top Lawyer Resigns and C.E.O. Marissa Mayer Loses Bonus in Wake of Hack
Friday, March 03, 2017
nytimes.com
Yahoo’s top lawyer, Ronald S. Bell, resigned Wednesday, and its chief executive, Marissa Mayer, lost her 2016 bonus after a board investigation of the 2014 theft of information on more than 500 million user accounts. Senior executives, company lawyers and information security staff were aware of the hack in 2014 and also knew about subsequent attempts to break into the affected accounts in 2015 and 2016, but failed to “properly comprehend or investigate” the situation, the company’s board of directors said in a securities filing on Wednesday.
iPhone Robbers Try to iPhish Victims
Friday, March 03, 2017
krebsonsecurity.com
In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone — offering to buy back the locked device — he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple’s site.
One Million Coachella User Accounts Found for Sale on the Dark Web
Friday, March 03, 2017
tripwire.com
Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace. According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords. The data trader, who identifies as ‘Berkut,’ wrote on the Tochka marketplace listing: “Coachella complete database dump from this month.”
Yahoo Punishes CEO in Latest Fallout From Security Breakdown
Thursday, March 02, 2017
washingtonpost.com
Yahoo is punishing CEO Marissa Mayer and jettisoning its top lawyer for the mishandling of two security breaches that exposed the personal information of more than 1 billion users and already have cost the company $350 million. Mayer won’t be paid her annual bonus nor receive a potentially lucrative stock award because a Yahoo investigation concluded her management team reacted too slowly to one breach discovered in 2014. Yahoo’s general counsel, Ronald Bell, resigned without severance pay for his department’s lackadaisical response to the security lapses.
Ransomware for Dummies: Anyone Can Do It
Thursday, March 02, 2017
krebsonsecurity.com
Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.
Another 32 Million Yahoo Accounts Breached
Thursday, March 02, 2017
pcmag.com
Last month, Yahoo started notifying people that it had discovered yet another account breach had occurred. Apparently a forged cookie attack had been used to access a new set of accounts over the past two years. At the time, it wasn't known how many accounts had been accessed, but now we know and it's in the millions again.
That Cool Robot May Be a Security Risk
Thursday, March 02, 2017
nytimes.com
Significant security flaws were found in an examination of six home and industrial robots, according to a report to be released Wednesday by IOActive, a computer security consulting firm with headquarters in Seattle. The report notes that only four of the six companies responded to the firm’s alert, and only two said they planned to make patches after being informed of the problems. The researchers, who described the categories of vulnerabilities they had discovered in the report but not the specific flaws, said their research was simply an early reconnaissance of the field. “It’s important to note that our testing was not even a deep, extensive security audit, as that would have taken a much larger investment of time and resources,” the authors wrote. “The goal for this work was to gain a high-level sense of how insecure today’s robots are, which we accomplished.”
Three Nigerian Nationals From South Africa Convicted in International Cyber Financial Fraud Scheme
Thursday, March 02, 2017
justice.gov
The defendants participated in numerous complex Internet-based financial fraud schemes, including romance scams, re-shipping scams, fraudulent check scams, and work-at-home scams, as well as bank, financial, and credit card account takeovers.
Who Should Be on an Insider Risk Team?
Thursday, March 02, 2017
csoonline.com
Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in — group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.
As EMV Chips Make In-Store Fraud Harder, Fraudsters Move Online
Thursday, March 02, 2017
forbes.com
The EMV chips on American credit and debit cards aren’t just annoying consumers who find themselves waiting for 20 to 30 seconds at checkout. They are also inconveniencing fraudsters who are taking more business to online merchants.
Business E-Mail Compromise
Thursday, March 02, 2017
fbi.gov
At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.
Best Practices for Lowering Ransomware Risk
Thursday, March 02, 2017
darkreading.com
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
Report: 85% of Ransomware Victims Get Taken Offline for a Week or More
Wednesday, March 01, 2017
tripwire.com
New research reveals that the majority of ransomware victims (85 percent) had their systems taken offline for at least a week, costing businesses thousands in financial damage each day. Despite the risk of data loss and financial damages, the report produced by Timico and Datto found that organizations still lack awareness and readiness when it comes to responding to ransomware attacks...Well over half of respondents said their data systems went from fully functional to essentially useless within seconds and minutes, the report noted.
New York’s Cyber Security Regulations Aren’t Perfect, but Other States Should Pay Attention to Them
Wednesday, March 01, 2017
recode.net
These planned regulations are pretty groundbreaking; they’re first of their kind in the nation. Going into place on March 1, they’re coming at a time when organizations are finally starting to wake up to the realities of cyber vulnerability. Breaches, both high-profile and under the radar, are an almost daily occurrence, and public and private organizations alike have started to take concrete steps toward safeguarding their systems. New York is the first state to take this bold step, but it’s only a matter of time before other states follow suit. And yet, while we’re seeing the financial sector as the first to be regulated in this way, it’s important for us not to forget that cyberattacks are a huge threat to all industries that needs to be addressed — quickly.
Legislators Grapple With Cyberwar Rules
Wednesday, March 01, 2017
thehill.com
Members of Congress are grappling with the new era of cyber warfare as the government works to define what acts in cyberspace should warrant a military response. The Trump administration is required by law to spell out, within a year, what behaviors in cyberspace may constitute acts of war against the United States.
FBI Warns of Identity Theft After Independence Missouri School District Employees Fall Victim
Wednesday, March 01, 2017
fox4kc.com
Police are taking reports from educators and other school district employees who say their personal information has been stolen as part of a phishing scam. Police said the data breach happened last month, but wasn't recognized until recently...Independence police said at least 15 school district employees have filed criminal complaints, claiming that their personal information has been used to file fraudulent tax returns.
Redmond Oregon Data Breach Affects 1,000 School District Employees
Wednesday, March 01, 2017
opb.org
A recent data breach in the Redmond School District has affected more than 1,000 current and former district employees. The breach occurred when an employee sent W-2 tax forms for all district workers to an email hacker impersonating the superintendent. W-2s contain names, addresses, Social Security numbers and other sensitive information.
Don’t Click That Link! A Sneaky New Postal Scam Is Making the Rounds
Wednesday, March 01, 2017
idtheftcenter.org
The sender claimed to be the US Postal Service, and the email address even looked legitimate. You would have had to know that it isn’t a real in-house email address to spot that one. But the very first clue was in the subject line, which included a “parcel number.” The USPS uses tracking numbers, not parcel numbers, and a search for the term “parcel number” on the USPS website turned up zero results.
'Massive’ Arby’s Data Breach Put Customers at Risk, Lawsuits Allege
Wednesday, March 01, 2017
ajc.com
Arby’s Restaurant Group is facing several class-action lawsuits in U.S. District Court in Atlanta over a reported data breach that allegedly put customers’ financial security at risk. The fast food chain has acknowledged a breach perpetrated by hackers using “malware” at its corporate locations across the country from Oct. 25 to Jan. 19, according to the suits.
Vanderbilt UMC Notifies 3,000+ Patients of Data Breach
Wednesday, March 01, 2017
beckershospitalreview.com
Nashville, Tenn.-based Vanderbilt University Medical Center is notifying 3,247 patients that their medical information was accessed by unauthorized individuals...Between May 2015 and December 2016, two VUMC patient transporters accessed information from VUMC patients' electronic medical records, including names, birthdates, medical record identification numbers and some Social Security numbers.
Identity Theft Scam Hits Berkeley Medical Center
Tuesday, February 28, 2017
healthdatamanagement.com
WVU Medicine University Healthcare in West Virginia has confirmed 113 patients to date as victims of identity theft and is offering one year of identity monitoring services to a total of 7,445 patients after an employee at Berkeley Medical Center was found to be removing patient information from the premises. While investigating other instances of identity theft, the FBI and local law enforcement linked the hospital to the scam and notified officials of a potential breach on January 17, 2017, according to a WVU spokesperson.
Jewelry Store Owner Sentenced in Identity Theft Case That Targeted Marines
Tuesday, February 28, 2017
sandiegouniontribune.com
According to the prosecutor, Abalkhad and his employees — Carlos Omar Torres and Nellie Cha Noland — targeted young Marines from Camp Pendleton and “tricked” them into signing paperwork, which was then used to apply for credit on their behalf. To make the credit sales go though, they found a Marine who worked in the disbursement office of the MyPay military payroll system at Camp Pendleton and paid him to reset the victims’ PINs. The money could then be automatically withdrawn from the Marines’ accounts.
Research Shows Spike in Online Fraud
Tuesday, February 28, 2017
thehill.com
Cyber criminals are using more complex methods to commit fraud by targeting online financial services and e-commerce websites, according to new research. ThreatMetrix, a California-based company that analyzes and blocks cybercrime attacks in real-time, said it detected 122 million fraud attempts worldwide in the final three months of 2016, representing a 35 percent spike over the previous year. Attackers are using increasingly sophisticated device-spoofing tools, malware and bots to make fraudulent transactions — in some cases employing a combination of “multiple vectors” that makes them harder to detect.
A Major Security Flaw Means You Have to Change Your Passwords Again
Tuesday, February 28, 2017
washingtonpost.com
The security firm Cloudflare disclosed late Thursday that a long-running bug in its security systems may have leaked information, including potentially personal information, from thousands of sites including Uber, Fitbit and OKCupid. The problem was first uncovered by Google security expert Tavis Ormandy, who let Cloudflare know about the issue on Feb. 18. But the service had been leaking information for months in a way that allowed search engines to pick it up, according to Cloudflare. The issue is only known to have affected a small portion of the 5.5 million sites that Cloudflare services. Cloudfare did not release a comprehensive list of affected sites, though researchers have been trying to compile them. However, there may be some companies listed as leaking information that were not. For example, password manager 1Password told its users that none of their data were put at risk. Because there's so little information about the sites and Cloudflare services are widely used, it's a good idea to change your passwords on any site, in a “better safe than sorry” sort of way.
The Next Wave for Cybersecurity Awareness
Tuesday, February 28, 2017
tripwire.com
This year, I think we have reached an inflection point around the way we as a profession treat the “human element,” as RSA calls its track of sessions dealing specifically with human interaction with cybersecurity. For the “human element” crowd, of which I am a part, this is the year one battle was won: everyone accepted the importance of equipping employees to protect information. But I think when we look back, it will also be the year when we see the emergence of a new era of awareness programs, as the first wave of efforts to address the human element becomes old school and the more progressive organizations (who are growing weary of the old ways of educating employees) start to develop and deploy holistic ways to ensure their employees are following security best practices.
American Senior Communities Says 17,000 Employees Impacted by W-2 Scam
Tuesday, February 28, 2017
hipaajournal.com
American Senior Communities, a nursing home chain based in central Indiana, has announced that one of its employees responded to a W-2 phishing email and sent the tax information of more than 17,000 employees to tax fraudsters. There have now been more than 70 organizations that have responded to W-2 Form phishing emails so far this year according to Databreaches.net, although the latest addition to the list is the largest confirmed breach of employee information to have occurred this year.
New York Intros New Cyber Security Rules for Financial Companies
Tuesday, February 28, 2017
http://www.esecurityplanet.com/network-security/new-york-intros-new-cyber-security-rules-for-financial-companies.html
The regulation requires companies to examine security at third party vendors, and to maintain a cyber security program that's adequately funded and staffed, overseen by qualified management, and reported on periodically to the organization's most senior governing body.
The Devastating Impact of Healthcare Data Breaches
Tuesday, February 28, 2017
helpnetsecurity.com
One in four U.S. consumers have had their personal medical information stolen from technology systems, according to Accenture. The findings show that half of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.
Carders Capitalize on Cloudflare Problems, Claim 150 Million Logins for Sale
Monday, February 27, 2017
Steve Ragan / csoonline.com
A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix and Uber. The source of this data collection are the accounts exposed due to a recent problem on Cloudflare's infrastructure. CloudBleed is the name given to a flaw created by a faulty HTML parser chain that's responsible for dumping sensitive information from a number of Cloudflare customers across the web. The flaw was accidentally discovered last week by Google researcher Tavis Ormandy. The incident impacted several large brands, including Uber, OKCupid, and Fitbit.
Governors Put Spotlight on Cybersecurity
Monday, February 27, 2017
Morgan Chalfant / thehill.com
Governors from states across the country put the spotlight on cybersecurity at an annual gathering in Washington on Saturday. Virginia Gov. Terry McAuliffe (D) hosted a session at the National Governors Association winter meeting to discuss the “serious cybersecurity issues” facing the nation and how states need to improve their defenses against cyber threats. “Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year. “We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”
Scam Artist Sentenced to Prison for Telemarketing Fraud and Obstruction of Justice
Monday, February 27, 2017
secretservice.gov
Waddell incorporated, operated and controlled a variety of companies that purported to engage in the sale of precious metals. With the help of others who he met at a Tampa-area strip club, Waddell posted advertisements on the Internet that offered to sell gold and silver at deeply discounted prices. After potential customers contacted Waddell by phone or text message, Waddell then lied about the availability of the metals and falsely promised quick delivery. Relying on Waddell’s misrepresentations, his victims wired money into bank accounts Waddell controlled. Waddell used those funds to gamble at casinos and never made many of the shipments he had promised.
Laptop Stolen; Hanks Students at Risk of ID Theft
Monday, February 27, 2017
Lindsey Anderson / elpasotimes.com
Confidential information belonging to Hanks High School students might have been compromised after a laptop containing transcripts of every student at the school was stolen. A Hanks counselor downloaded and saved transcripts of all 1,700 students onto a personal laptop as part of her job, but the laptop and other items were stolen from her home on Feb. 18. Transcripts contain students' birth dates, Social Security numbers, home addresses and parents' or guardians' names.
Washington State to Begin Issuing New Driver Licenses Aimed at Deterring ID Theft
Monday, February 27, 2017
myedmondsnews.com
“This new card system has incredible security features in it that will really decrease the amount of counterfeit cards that exist in the world,” said Pat Kohler, director of the state’s Department of Licensing. Those security features include fine-line printing and ultraviolet ink.
Ongoing Fraud, Identity Theft Investigation Nets New Arrest
Monday, February 27, 2017
Adam Curtis / svherald.com
As part of the same investigation, detectives arrested 24-year-old Shannon Huston and 18-year-old Deanna Russell in December. They are currently facing charges tied to forging and cashing stolen bank checks taken from residential mailboxes in Sierra Vista.
Victorville Deputies Arrest Three in Connection With Identity Theft Ring
Monday, February 27, 2017
John M. Blodgett / sbsun.com
“The ring was using a Phelan business, Jr’s Tire Shop, to obtain credit card information from customers,” the news release states. “The criminals were able to obtain bank account information and create credit cards which they used to purchase goods and other pay-as-you-go type cards.”
Rapper Brisco Pleads Guilty to Fake Cash, Identity Theft and Fraud Charges
Monday, February 27, 2017
Paula McMahon / sun-sentinel.com
Mitchell and three friends were accused of being part of an identity theft and credit card fraud ring that used deception to buy items at local home-improvement stores, investigators said...The purchased items, including stoves and refrigerators, were then sold to contractors at reduced prices...he called some of the credit card companies to complain when fraudulent transactions were rejected and also called to check the balances on some cards.
5 Ways to Spot a Phishing Email
Thursday, February 23, 2017
csoonline.com
Think you're clever enough to recognize a phishing attempt? Think again. Cybercriminals are getting smarter and their phishing skills are getting better, but we've put together this list of clues to help you avoid a costly error.
Florida Man Accused of Clinton Foundation Hack to Plead Guilty
Thursday, February 23, 2017
reuters.com
A Florida man accused of trying to hack the Clinton Foundation in 2015 is expected to plead guilty on Thursday, months after he was sentenced in a related case to 42 years in prison over child pornography discovered on his computers during the probe.
Three Years in Prison for Selling Forged Driver’s Licenses, Posing as DMV Employee
Thursday, February 23, 2017
denverpost.com
The Colorado Bureau of Investigation says Hopkins would provide fraudulent driver’s licenses to people who had lost theirs because of a legal matter or who otherwise didn’t qualify for a license. Hopkins would allegedly impersonate a Colorado Division of Motor Vehicles employee while meeting with people and provide them with counterfeit temporary licenses in exchange for money, according to CBI.
Healthcare Data Breaches ‘Mostly Caused by Insiders’
Thursday, February 23, 2017
nakedsecurity.sophos.com
Targeting healthcare organizations remains about as easy as shooting fish in a barrel. The industry has one of the lowest rates of data encryption and the security culture is severely lacking. Employee education remains poor, leading to a lot of costly mistakes in how patient data is handled. Naked Security has written about the problem at length, and Sophos has done polling that makes the issues described above all too clear. The latest evidence comes in the form of two reports: one from Big Data analytics firm Protenus, the other from IBM Managed Security Services.
Scammers Are Posing as ICE Agents to Rip off People Afraid of Deportation
Thursday, February 23, 2017
businessinsider.com
Con artists and scammers have apparently seized on the recent, high-profile deportations of immigrants in the US in order to rip off people afraid of being detained and removed from the country. New York Attorney General Eric Schneiderman issued an urgent fraud alert warning immigrant communities in the state about reports of fraudsters impersonating Immigration and Customs Enforcement agents to intimidate immigrants and demand money.
Email Scam Tricking Drivers! Malware Hiding Behind Traffic Violation Threats
Thursday, February 23, 2017
komando.com
There is no limit to the depths cybercriminals will sink to rip us off. They use skimmers to steal credit and debit card data and ransomware to lock up our gadgets or encrypt sensitive files so they can charge us a fee to access our own information. Just ruthless! Now, some shady criminals behind a phishing scam are pretending to be the police in hopes of reeling in more victims.
Stolen Health Record Databases Sell for $500,000 in the Deep Web
Wednesday, February 22, 2017
darkreading.com
Medical insurance identification, medical profiles, and even complete electronic health record (EHR) databases have attracted the eyes of enterprising black hats, who increasingly see EHR-related documents as some of the hottest commodities peddled in the criminal underground. A new report today shows that complete EHR databases can fetch as much as $500,000 on the Deep Web, and attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.
More Than 4 Billion Data Records Were Stolen Globally in 2016
Wednesday, February 22, 2017
nbcnews.com
Cybercriminals are stealing data at an alarming rate. Both the number of breaches and the number of files stolen globally in these hacks rose dramatically to set a new record in 2016, according to a new report from Risk Based Security. The 4,149 confirmed breaches exposed more than 4.2 billion records. That's approximately 3.2 billion more records than were exposed in 2013, the previous all-time high.
ID Thieves Sentenced to Prison for Scheme Targeting Unemployment Benefits and Credit Unions
Wednesday, February 22, 2017
secretservice.gov
The thieves were arrested in August 2016, following an investigation that revealed they had used stolen identities to claim more than $50,000 in unemployment benefits and had defrauded multiple credit unions of more than $300,000.
Here’s Where Scammers Are Grabbing Your Tax Data
Wednesday, February 22, 2017
cnbc.com
To some extent, taxpayers make it easy for hackers to snatch up their private information. More than half of the participants in CyberScout's survey were unsure whether their tax preparer used two-factor authentication to access relevant documents. Thirteen percent said the service they use to file doesn't require this extra security measure at all.
We Talked to Windows Tech Support Scammers - You Shouldn't
Wednesday, February 22, 2017
zdnet.com
We wanted to see how these scammers operate and the tactics they used, so we can offer some advice to potential victims. There's a saying in journalism. "Don't feed the trolls." In other words, don't engage with someone you know to be malicious. But we thought this would be a reasonable exception. And so we went back to call the number on the website to see exactly what they wanted.
Today’s Ransomware Could Become Tomorrow’s Security Nightmare
Wednesday, February 22, 2017
gcn.com
The unfortunate reality is that any weak link breached by ransom-seeking hackers can also be exploited by bad actors with more malicious goals. Today’s ransomware scam could become tomorrow’s full-blown security nightmare.
OCR Settlement Emphasizes Importance of Audit Controls
Wednesday, February 22, 2017
huntonprivacyblog.com
Memorial Healthcare System submitted a breach report to OCR indicating that it had suffered a breach involving impermissible access to PHI by employees. Memorial supplemented that report three months later, indicating that it had discovered additional impermissible access that resulted in a total of 115,000 affected patients. The PHI involved consisted of patients’ names, dates of birth and Social Security numbers. OCR investigated Memorial and found that the entity had committed several HIPAA violations by (1) impermissibly disclosing PHI in violation of the Privacy Rule, (2) failing to implement procedures to regularly review records of information system activity such as audit logs and (3) failing to implement policies and procedures to review and modify users’ access to PHI.
Woman Files Federal Lawsuit Over Wrong-Number Robo-Calls
Wednesday, February 22, 2017
denverpost.com
Trudy Newell wasn’t messing around when she gave fair warning to stop calling. So when the Arvada woman called the law office of Maury Cobb, of Birmingham, Ala., and told his representatives she would sue if the barrage of robo-calls intended for someone else didn’t stop, she meant it. She kept that promise, hired a New Jersey lawyer and filed a lawsuit Monday in U.S. District Court in Denver.
Wells Fargo Fires Four Executives Amid Probe Into Account Scandal
Wednesday, February 22, 2017
reuters.com
Wells Fargo & Co has fired four mid-level executives and stripped them of bonuses and stock awards as a result of an investigation into improper sales practices in its retail bank, the company announced on Tuesday. The board of directors voted unanimously to fire them for cause as part of its investigation into employees opening as many as 2 million deposit and credit card accounts without customers' permission. Since the scandal and paying a $185 million fine to the U.S. government, the third-largest U.S. bank by deposits has been trying to show it is holding management accountable. The scandal led to the departure of former Chairman and Chief Executive Officer John Stumpf last October, who along with another executive forfeited tens of millions of dollars in compensation.
Wells Fargo’s New Account Openings Down 30% After Fake Account Fiasco
Wednesday, February 22, 2017
consumerist.com
Despite overhauling its teller pay system and ditching a high-pressure sales goal incentive program, Wells Fargo continues to face the consequences of its fake account fiasco perpetrated by employees who opened more than two million unauthorized accounts, as customers continue to avoid opening new accounts and credit cards with the banking biggie. The number of customers opening new checking accounts was down 31% in the last month compared to the same time last year, the company said in its January retail banking customer activity report released today.
Defense Chief Asks for Plan on Cyber Reform
Wednesday, February 22, 2017
thehill.com
“Develop an initial plan … for more optimized organizational structure and processes to support information management and cyber operations, considering the impact of the provisions in the NDAA for 2017 concerning the establishment of U.S. Cyber Command, and other relevant laws,” Mattis wrote in the memo, which was highlighted by the Pentagon on Tuesday. Congress aimed to strengthen cybersecurity with the defense legislation by elevating the U.S. Cyber Command — previously under the authority of the U.S. Strategic Command — to a unified command. It also put a hold on separating the dual-hat authority over the Cyber Command and National Security Agency, pending an assessment by the Pentagon.
Cyberattacks a Top Concern of Businesses Worldwide, Survey Finds
Wednesday, February 22, 2017
thehill.com
Nearly nine in 10 businesses worldwide are worried about the threat of cyberattacks, according to a new survey. Cyberattacks, followed by data breaches and unplanned IT and telecom outages are the leading causes of concern regarding operations among businesses globally, according to a study from the Business Continuity Institute and British Standards Institute.
Reworked N.Y. Cybersecurity Regulation Takes Effect in March
Wednesday, February 22, 2017
databreachtoday.com
New York's controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.
FTC Obtains Court Order Against Fake Prize Scheme Defendant
Wednesday, February 22, 2017
ftc.gov
One of the defendants in a fake prize scheme has agreed to settle Federal Trade Commission charges that he provided services for a direct mail scheme that tricked people into thinking they had won $1 million or more if they paid $25 to collect the fake prize. But those who paid received nothing. The operation targeted hundreds of thousands of mostly elderly consumers.
HIPAA Compliance Audits: The Very Latest Details
Wednesday, February 22, 2017
healthcareinfosecurity.com
Plans to launch some onsite HIPAA compliance audits are now on hold while the agency that enforces HIPAA completes more than 200 desk audit reports, says Deven McGraw, deputy director of the Department of Health and Human Services' Office for Civil Rights.
Three Men Sentenced in New Jersey for Hacking, Spamming Scheme
Tuesday, February 21, 2017
reuters.com
Three men have been sentenced for their roles in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people, including Comcast Corp customers.
Medical Identity Theft: Problems and Prevention
Tuesday, February 21, 2017
healthcareitnews.com
Protected health information (PHI) is highly valuable on the black market because it can be used to obtain pharmaceuticals, commit insurance fraud or obtain medical care through channels such as Medicaid and Medicare. In fact, according to the FBI, stolen health information currently fetches $60-$70 on the black market, while a Social Security number goes for less than $1.
Identity Theft Through Social Media: 8 Ways to Protect Yourself
Tuesday, February 21, 2017
huffingtonpost.com
Social media sites like Facebook, Instagram, and Twitter are perfect for staying in touch with old friends, discussing contemporary issues with colleagues, sharing photos of your family, and more. However, not every aspect of social media is a positive one. With all of our sharing of information online comes real dangers to our personal and financial security one of which is identity theft.
Identity Theft Remains on ‘Dirty Dozen’ List of Tax Scams
Tuesday, February 21, 2017
walkermn.com
The Internal Revenue Service has issued a filing season alert warning taxpayers and tax professionals to watch out for identity theft at tax time and highlighted the crime as a top scam in the agency’s “Dirty Dozen” series.
Former Nursing Home Administrator Charged With Identity Theft
Tuesday, February 21, 2017
stamfordadvocate.com
A former employee of a senior living facility has been accused of using the identities of patients — including one who died — to make thousands of dollars worth of credit card charges, police said.
How Fraud Victims 'Punish' Their Banks
Tuesday, February 21, 2017
bankinfosecurity.com
A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty. The stock price of a financial institution often takes a hit after a data breach. But it wasn't known to what extent customers may take action after an information security lapse, writes Rahul Telang, a professor of information systems and management, and Sriram Somachi, a Ph.D. candidate in information systems and public policy.
Global Connect Technical Support Scam, Part 2
Tuesday, February 21, 2017
consumer.ftc.gov
Last fall, the FTC shut down an operation called Global Connect, which sent deceptive pop-up messages to people’s computers. The pop-ups claimed the computers had problems when they really didn’t, and the operators scared thousands of people into paying hundreds of dollars each for tech support services they didn’t need. We recently learned that some of these same people are getting called again. The callers claim to be working with the company the FTC shut down, sometimes using the name “Global Connect.” People report that the caller asks for remote access to their computer, either to reestablish service or to process a refund into the person’s bank account.
Massive' Identity Theft Ring Could Affect 1 in 20 Utahns, Police Say
Monday, February 20, 2017
deseretnews.com
The group is accused of obtaining personal information — including the Social Security numbers and dates of birth of more than 143,000 people. That means approximately 1 in every 20 Utahns has the potential of becoming victims of identity theft by members of this group, said Diana Hagen, the first assistant U.S. attorney for Utah.
5 Data Breach Threats Your Small Business Should Prepare For
Monday, February 20, 2017
businessnewsdaily.com
Securing sensitive information has never been more difficult with new malware threats that seem to pop up every single year. Data breaches affect even the most renowned companies like Yahoo, LinkedIn and Dropbox, to name a few. For small businesses, in particular, being ready for a data breach is essential to survival if — or more likely, when — one occurs.
IRS Warns of Video Relay Scam Targeting Deaf and Hard of Hearing
Monday, February 20, 2017
irs.gov
Every day scammers come up with new ways to steal taxpayers’ identities and personal information. Some scammers pretend to be from the IRS with one goal in mind: to steal money. Be aware that con artists will use video relay services (VRS) to try to scam deaf and hard of hearing individuals. Don’t become a victim. Deaf and hard of hearing taxpayers should avoid giving out personal and financial information to anyone they do not know. Always confirm that the person requesting personal information is who they say they are. Do not automatically trust calls just because they are made through VRS. VRS interpreters do not screen calls for validity.
Tax Scams via Video Relay Service [video]
Monday, February 20, 2017
irs.gov
The IRS warns the Deaf and hard of hearing community about an increasing number of tax scammers that use the Video Relay Services (VRS).
RSA Conference: Lessons From a Billion Breached Data Records
Monday, February 20, 2017
esecurityplanet.com
Troy Hunt sees more breached records than most of us, running the popular ethical data breach search service "Have I been pwned." In a session at the RSA Conference this week, Hunt entertained the capacity crowd with tales both humorous and frightening about breaches that he has been involved with.
Phishing Campaign Uses Yahoo Breach to Hook Email
Monday, February 20, 2017
csoonline.com
The Yahoo breach news is another opportunity for industrious criminals to prey on user concern about account security. Here's what to look for in the latest phishing hook.
Senator Seeks Answers on Border Cell Phone Searches
Monday, February 20, 2017
cnn.com
Can the government demand you unlock your phone at the airport? A senior Senate Democrat is demanding the Department of Homeland Security explain reports that it's doing just that. Oregon Sen. Ron Wyden, a senior member of the Senate Intelligence Committee and privacy hawk, is set to send a letter to DHS Secretary John Kelly calling reports that Americans were required to unlock their smartphones "deeply troubling," asking what legal authority allows for it.
Law Firm Cybersecurity: An Industry at Serious Risk
Monday, February 20, 2017
teachprivacy.com
Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
Florida Man Gets 48 Months for $1.3M Spam Email Scheme
Saturday, February 18, 2017
darkreading.com
Florida resident Timothy Livingston has been sentenced by a US district court to 48 months in prison for computer hacking, identify theft, and email fraud. A US Department of Justice release said Livingston made more than $1.3 million in illegal profits through his hacking scheme.
The 2017 Phishing Trends & Intelligence Report Is Now Available
Saturday, February 18, 2017
info.phishlabs.com
As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening.
The Bright-Eyed Talking Doll That Just Might Be a Spy
Saturday, February 18, 2017
nytimes.com
Cayla is a blond, bright-eyed doll that chatters about horses and hobbies. She plays games and accurately answers questions about the world at large. She could also be eavesdropping on your child.
IRS Dirty Dozen: Phishing, Phone Cons and Identity Theft Lead Scam List for 2017
Saturday, February 18, 2017
networkworld.com
The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.
Tribal Members Warned of Data Breach After Hard Drive Theft
Saturday, February 18, 2017
nbcmontana.com
A Bureau of Indian Affairs spokeswoman says more than 20,000 members of two Montana American Indian tribes were notified of a potential data breach involving their personal information...The unencrypted device contained names, addresses, birthdates and tribal enrollment information for members of the Crow and Northern Cheyenne Tribes.
Brooklyn Gang Members Busted for Financial Fraud, Stealing From Banks
Saturday, February 18, 2017
nydailynews.com
A group of Brooklyn gang members were busted for stealing from various banks...Nine members of Folk Nation, Flatbush G-Stone Crips and a subset of the 8-Tray Crips gang called “Bosses in Business” allegedly deposited 241 counterfeit checks — then withdrew over $94,000 from 71 unsuspected financial institutions.
Ransomware Growth Fueled by Russian-Speaking Cybercriminals
Friday, February 17, 2017
darkreading.com
A study by security vendor Kaspersky Lab shows that Russian-speaking individuals and cybercrime groups are responsible for a major proportion of ransomware development and distribution activities globally.
Yahoo May Pay a Steep Price for Data Breaches
Friday, February 17, 2017
nytimes.com
So how much does it cost when hackers have breached your corporate defenses and stolen information from at least a billion user accounts? For Yahoo, the answer is close to $300 million. That’s how much may soon be knocked off the price that Verizon, the telecom giant, will pay to acquire the fading internet pioneer, write Michael de la Merced and Vindu Goel.
Lone Hacker Rasputin Breaches 60 Universities, Federal Agencies
Friday, February 17, 2017
zdnet.com
Universities are a top target, with Cornell University, New York University (NYU), Purdue University, Michigan State University, the Rochester Institute of Technology, and the University of Washington among those affected in the US. Over in the UK, Rasputin has also targeted academic institutions including the University of Cambridge, University of Oxford, the University of Edinburgh, and the Architectural Association School of Architecture.
Security Breach Steals Tax Info for All Bloomington Public School Employees
Thursday, February 16, 2017
startribune.com
Personal information for 2,800 current and former Bloomington public school employees was stolen in an e-mail phishing scam, school district officials said. The school district is investigating the security breach, in which the 2016 federal W-2 tax forms of all employees were released...The information was released when an employee in the district's finance department responded to an e-mail Friday morning appearing to be from someone in the school district requesting the information.
Wendy's Should Face Data Breach Suit, Magistrate Says
Thursday, February 16, 2017
law360.com
A federal magistrate judge recommended on Monday that the district court reject Wendy's bid to dismiss a class action brought by 26 financial institutions against the fast-food giant for allegedly failing to thwart a data breach, saying the plaintiffs have adequately pled negligence and deceptive trade practices claims.
Who Ran Leakedsource.com?
Thursday, February 16, 2017
krebsonsecurity.com
Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn and Myspace. In a development that could turn out to be deeply ironic, it seems that the real-life identity of LeakedSource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.
Former Google CEO Says Everyone Forgot Criminals When Building the Internet
Thursday, February 16, 2017
money.cnn.com
When people built the internet, they forgot about the bad guys. At least, that's according to Eric Schmidt, executive chairman of Alphabet and former Google CEO. At the RSA security conference in San Francisco on Wednesday, Schmidt spoke about the early days of his career building a network and mail system in the late 1970s while in a Masters program at the University of California, Berkeley. He touched on why internet security is still an ongoing issue, and why it's not completely secure by default. "We now find ourselves back fixing it over and over again," Schmidt said. "You keep saying, 'Why didn't we think about this?' Well the answer is, it didn't occur to us that there were criminals."
You Can’t Depend on Antivirus Software Anymore
Thursday, February 16, 2017
slate.com
In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second. And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.
Retailers Push Back Against Plans to Boost Security of Online Shopping
Thursday, February 16, 2017
nakedsecurity.com
The European Union is set to insist on better security for online purchases, but a number of retailers are digging their heels in. The idea, which comes from the London-based European Banking Authority, consists of urging extra security for purchases over €10, such as a user-selected passcode number. Computer Business Review is among the publications suggesting that retailers believe any extra steps in a purchase process would reduce the amount of sales actually made. Visa Europe, for example, conducted a survey that suggested €11.2bn a year in online sales, some 2% of the whole market, would be put at risk. It also found that 61% of customers would abandon a purchase if there were an extra step involved.
What Real-Life Kidnappings Can Teach Us About Dealing With Digital Ones
Thursday, February 16, 2017
nbcnews.com
While the methods are literally as old as ancient history, cyber security experts are now looking to the kidnapping and ransom industry to better understand how to deal with the growing threat of ransomware, which is now a billion dollar a year industry.
Clinton Campaign Tested Staffers With Fake Phishing Emails
Thursday, February 16, 2017
darkreading.com
Email leaks notwithstanding, Hillary Clinton's campaign manager Robby Mook says the campaign conducted regular security training for staffers, which included sending fake phishing emails to campaign staffers to see how they'd be handled.
Valentine's Day Warning: Romance Scams Hit All-Time High
Tuesday, February 14, 2017
bobsullivan.net
Romance Scams — also known as Sweetheart Scams — continue to flourish. Yes, I know you’ve heard about them before, but you need to hear about them again. Loneliness drives people to do crazy things. There isn’t a soul on the planet who hasn’t suffered that fate. Keep a close eye on older, widowed family members who can’t get around much. And on yourself, too. Anyone can be fragile. And the scams are getting more and more clever.
Banks Look to Cellphones to Replace A.T.M. Cards
Tuesday, February 14, 2017
nytimes.com
Wallets can be lost, stolen or forgotten, but most people today wouldn’t be caught dead without their phones. Banks understand, and are grabbing on to that trend. Customers who don’t want to fumble around in their wallet for their A.T.M. card — or who have misplaced it for the umpteenth time — will soon be able to unlock cash dispensers’ coffers by using their phone.
Russell Simmons' RushCard Fined $13 Million for 2015 Outage
Tuesday, February 14, 2017
apnews.com
RushCard, the debit card company founded by hip-hop mogul Russell Simmons, is being fined and forced to pay millions in restitution to customers that were affected by a 2015 outage that cut users off from their money. The Consumer Financial Protection Bureau said Wednesday that it has ordered RushCard and its payment processor, MasterCard, to pay $10 million in restitution to customers as well as a $3 million fine.
ZeekRewards Founder Sentenced for Role in $850 Million Scam
Tuesday, February 14, 2017
abcnews.go.com
The founder of ZeekRewards has been sentenced to nearly 15 years behind bars for his lead role in an $850 million online Ponzi scheme that bilked nearly a million people in the U.S. and abroad.
New Phone Scam Poses as Department of Health Services
Tuesday, February 14, 2017
ktar.com
The Arizona Department of Health Services is warning citizens to beware of a new phone scam. According to a release from the department, the AZDHS received an usual number of phone calls on Monday morning from individuals complaining of a telephone scam. People from nearly 40 different states told the department that they received calls from people asking for personal information, and that the caller ID showed the agency’s phone number.
Woman Warns of IRS Tax Scam
Tuesday, February 14, 2017
kdvr.com
It is tax season and scammers are at it again, posing as the IRS in an effort to steal personal information. Nancy Moore of Greeley says scammers called her and threatened to take her to court if she didn’t pay them thousands of dollars.
'Shock And Awe' Ransomware Attacks Multiply
Tuesday, February 14, 2017
darkreading.com
The data-hostage crisis isn't going away anytime soon: In fact, it's starting to get a lot scarier and destructive, and with a more unpredictable outcome.
Verizon Data Breach Digest Triangulates Humanity Inside Security
Tuesday, February 14, 2017
darkreading.com
If the whole security management services thing doesn't work out, Verizon may want to consider getting into the techno-thriller mystery writing business. Its newly released Data Breach Digest is chockablock with stories of online shenanigans (with some identifying details altered) that would be right at home in an episode of Mr. Robot. The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
Alleged Russian Hacker With Ties to ‘Notorious Cybercriminals’ Arrested in LA
Monday, February 13, 2017
darkreading.com
Law enforcement authorities in Los Angeles have arrested a Russian-born individual on charges that he stole money from thousands of U.S. bank accounts in a cybercrime career dating back to at least 2008. In court papers filed in connection with the February 1 arrest, prosecuting attorneys described Alexander Tverdokhlebov as a well-connected member of several elite Russian-speaking cybercrime forums engaged in extensive money laundering services, selling stolen personal data, and malware tools. The four-count indictment against Tverdokhlebov charges him of using a botnet of around 10,000 infected computers to steal passwords and login credentials to online bank accounts which he and an accomplice, Vadim Polyakov, then used to make fraudulent purchases and illegal withdrawals.
Expert: Line Between Cyber Crooks and Cyber Spies Getting More Blurry
Monday, February 13, 2017
networkworld.com
Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice’s national security division.
Polish Bank Malware Targets IP Addresses in 31 Countries - Symantec
Monday, February 13, 2017
finextra.com
Hackers who succeeded in penetrating the Websites of several Polish banks last week appear to be behind a wave of malware attacks that have targeted banks in 31 countries since the end of last year.
Data Breach at PIP Printing Company Leaks Thousands of Sensitive Documents
Monday, February 13, 2017
nbcnews.com
An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands.
DHS to Demo Cyber Defenses at RSA
Monday, February 13, 2017
gcn.com
The Department of Homeland Security will be showcasing a number of new cybersecurity technologies at the RSA Conference from Feb. 14 to 16 in San Francisco. This year, the DHS Science and Technology Directorate will demonstrate 12 government-funded solutions that are ready for pilot deployment and commercialization.
Seniors Targeted in Massive Fake Lottery Operation
Monday, February 13, 2017
mynewsla.com
Bullock promised mostly elderly victims that they had won large lottery or sweepstakes prizes and, in order to obtain their “winnings,” would need to send money to pay for taxes, fees and other expenses, according to the U.S. Attorney’s Office. Hoping to collect the winnings, victims sent money via wire transfer, money orders and cash, prosecutors said.
Why the CSO Needs to Be Involved in Active Shooter Prep
Monday, February 13, 2017
csoonline.com
The sad reality of today’s modern world is that companies and employees need to start planning for potential emergency situations. It’s no longer just getting them out of the building in case of a fire or earthquake - today’s emergency planning also needs to account for active shooter and terrorism scenarios. While most of today’s CSOs concentrate on protecting a company’s data, there are still some who need to worry about physical security at their companies.
Credit Card Skimmers Lead to Identity Theft at the Gas Pump
Monday, February 13, 2017
minnesota.cbslocal.com
One of the fastest growing areas for identity theft is happening at the gas pump. Credit card skimmers that are installed into the gas pump allow thieves to steal your information when you fill up your vehicle.
FBI Official: No Immediate Changes to Encryption Policy Under Trump
Thursday, February 09, 2017
thehill.com
Encryption is a hot-button issue in the ongoing debate about privacy and the federal government’s access to secured communications. While the use of encryption is broadly recognized as important to privacy and cybersecurity, it has created problems for federal investigators as they pursue criminal and counterterrorism cases. The issue took center stage last year in the legal fight between Apple and the FBI as the bureau fought to access an iPhone used by one of the attackers in the San Bernardino, Calif., shooting in December 2015.
Programmer Releases Bot Army to Crush Windows Support Scammers
Thursday, February 09, 2017
zdnet.com
One developer has declared war on these types of scammers and wants to wipe them out entirely with the help of a bot army. Programmer Roger Anderson from the Jolly Roger Telephone Company recently revealed that he created a slew of bots programmed to waste as much of the operator's time as possible. Anderson, known for the Jolly Roger bot which intercepts scam robocalls and creates never-ending loops to keep the calls away from legitimate people, has stocked the bot army with a variety of pre-recorded conversations and responses.
Google Let Scammers Post a Perfectly Spoofed Amazon Ad in Its Search Results
Thursday, February 09, 2017
zdnet.com
Anyone who used Google search to look for Amazon, the internet retail giant, on Wednesday was likely served a malicious ad -- and didn't even realize it. The good news is that unlike other rogue ads, your machine wasn't infected or served malware in any way. But anyone who clicked on it would not have been sent to Amazon.com as they would have hoped, but instead, they were pointed to a fake Windows support scam posing as Microsoft. From there, scammers would have tried to trick the user into calling a number for fear that their computer was in fact infected with malware.
Beware: Most Mobile VPNs Aren’t as Safe as They Seem
Friday, February 10, 2017
wired.com
Before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.
‘Top 10 Spammer’ Indicted for Wire Fraud
Friday, February 10, 2017
krebsonsecurity.com
The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad. Prosecutors charge that Persaud often used false names to register the domains, and he created fraudulent “From:” address fields to conceal that he was the true sender of the emails. The government also accuses Persaud of “illegally transferring and selling millions of email addresses for the purpose of transmitting spam.”
Woman With History of Identity Theft Arrested Again
Friday, February 10, 2017
thedenverchannel.com
In the past, Morris has used other people’s identity to apply for and create accounts at Walmart, Lowe’s, Kohl’s, Amazon.com, among others...Morris used the fake accounts she created to buy jewelry, cooking pots, makeup, children’s clothes and items from Victoria’s Secret.
Email Scam Sent to University of Alabama Community Members
Friday, February 10, 2017
cw.ua.edu
An email sent to many UA employees, students and alumni was a phishing attempt to steal account information through a PDF attachment and link.
House Passes Long-Sought Email Privacy Bill
Wednesday, February 08, 2017
krebsonsecurity.com
The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
Criminals Release Fewer New Types of Malware, Double Down on Ransomware
Wednesday, February 08, 2017
cio.com
Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks. The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall.
Study: 1 in 3 Website Visitors Is an Attack Bot
Wednesday, February 08, 2017
csoonline.com
For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October’s attack against DNS provider Dyn.
Michigan's Unemployment Agency Confiscates Money From Innocent ID Theft Victim
Wednesday, February 08, 2017
wzzm13.com
A months-long WZZM 13 Watchdog investigation found a local woman among many people in the state of Michigan victimized by identity theft and unable to gain the trust of Michigan's Unemployment Insurance Agency, or UIA. The identity theft caused Michigan's UIA to incorrectly confiscate income tax return money from innocent people who had never filed for unemployment.
Identity Theft Hit an All-Time High in 2016
Wednesday, February 08, 2017
usatoday.com
Despite years of battling by the financial industry and a massive change in the way Americans use debit and credit cards, the rate of identity theft soared during 2016, a new report has found. In fact, it hit an all-time high.
Hackers Are Seeking out Company Insiders on the Black Market
Tuesday, February 07, 2017
csoonline.com
If you’re the CEO of a company, here’s another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes. Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers.
Head of NSA to Brief Senators on Cyber Threats
Tuesday, February 07, 2017
thehill.com
Senators on the Armed Services Committee will be briefed by a top intelligence official on cyber threats Tuesday morning. The hearing, which will be closed to the public, will feature testimony from Adm. Michael Rogers, who holds the dual-leadership role at U.S. Cyber Command and the National Security Agency (NSA). The closed-door briefing will give lawmakers an opportunity to press Rogers on the intelligence community’s recent findings about Russia’s cyber attacks aimed at the U.S. presidential election.
Federal Magistrate Orders Google to Turn Over Foreign Email
Tuesday, February 07, 2017
govinfosecurity.com
A federal magistrate has ordered Google to turn over emails stored on servers outside the U.S., a ruling that is at odds with a recent federal appeals court decision favoring Microsoft.
NEED AN EXPERT?
Rob Douglas identity theft expert

Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world? 

Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder? 

Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud? 

If so, we invite you to learn more about identity theft and scam expert Rob Douglas.