Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
Federal Regulators Propose New Cybersecurity Rule for Big Banks Friday, October 21, 2016 huntonprivacyblog.com The Proposed Standards address five categories of cybersecurity: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience and situational awareness.
Self-Checkout Skimmers Go Bluetooth Friday, October 21, 2016 krebsonsecurity.com Here’s a look at one overlay skimmer equipped with Bluetooth technology that allows thieves to snarf swiped card data and PINs wirelessly using nothing more than a mobile phone.
Massive DDoS Attack Against Dyn DNS Causes Major Outages to Popular Sites Friday, October 21, 2016 thehackernews.com A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Hacker News.
Hackers Steal Research and User Data From Japanese Nuclear Research Lab Thursday, October 20, 2016 softpedia.com Officials said the attacker managed to steal files on multiple occasions, taking both research data and the personal details of nuclear scientists. According to University officials, the attackers sent spear-phishing emails to several researchers working at its nuclear research laboratory.
Online Prescription Drug Scam Thursday, October 20, 2016 idtheftcenter.org Individuals are being threatened with warrants for their arrest by scammers posing as agents from the Drug Enforcement Administration.
Fight Fraud: Scams, Identity Theft, Ransomware Attacks Thursday, October 20, 2016 helpnetsecurity.com In an increasingly technology-oriented world, cybercrime has become all too common for both consumers and businesses. Internet crime takes many forms and includes everything from large-scale data breaches to consumer issues like identity theft and cyberstalking to widespread scams and ransomware.
Virtual Kidnapping Thursday, October 20, 2016 schneier.com This is a harrowing story of a scam artist that convinced a mother that her daughter had been kidnapped. More stories are here. It's unclear if these virtual kidnappers use data about their victims, or just call people at random and hope to get lucky. Still, it's a new criminal use of smartphones and ubiquitous information.
Hackers Hit U.S. Senate GOP Committee Monday, October 17, 2016 krebsonsecurity.com The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC).
G-7 Endorses Best Practices for Bank Cybersecurity Monday, October 17, 2016 huntonprivacyblog.com On October 11, 2016, Group of Seven (“G-7”) financial leaders endorsed the Fundamental Elements of Cybersecurity for the Financial Sector (“Best Practices”), a set of non-binding best practices for banks and financial institutions to address cybersecurity threats. The endorsement was motivated by recent large hacks on international banks, including the February 2016 theft of $81 million from the central bank of Bangladesh’s account at the New York Federal Reserve.
Report: Using More Social Networks Raises Your Risk of ID Theft Monday, October 17, 2016 bobsullivan.net ID Analytics, a fraud-fighting firm, has produced numerous studies through the years examining millions of fraud reports and credit applications in data it collects from lenders. It had never studied the direct relationship between sharing information online and the odds that someone would become a fraud victim, however. Until now.
Darkweb Marketplaces Can Get You More Than Just Spam and Phish Tuesday, October 18, 2016 csoonline.com Underground markets offer a great variety of services for cyber criminals to profit from. These forums offer items ranging from physical world items like drugs and weapons to digital world items such as spam/phishing delivery, exploit kit services, "Crypters", "Binders", custom malware development, zero-day exploits, and bulletproof hosting.
IoT Devices as Proxies for Cybercrime Tuesday, October 18, 2016 krebsonsecurity.com This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.
Facebook, Twitter Block Surveillance Tool Tuesday, October 18, 2016 thehill.com Facebook and Twitter are cutting off Geofeedia's access to their data after an ACLU report that the company created tools to help law enforcement with surveillance.
Dozens Arrested at India Call Center Linked to IRS Scam Calls Friday, October 14, 2016 abc27.com Indian police have arrested 70 people and are questioning hundreds more after uncovering a massive scam to cheat thousands of Americans out of millions of dollars by posing as U.S. tax authorities and demanding unpaid taxes.
Feds Charge Two in Lizard Squad Investigation Wednesday, October 12, 2016 krebsonsecurity.com The U.S. Justice Department has charged two 19-year-old men alleged to be core members of the hacking groups Lizard Squad and PoodleCorp. The pair are charged with credit card theft and operating so-called “booter”or “stresser” services that allowed paying customers to launch powerful attacks designed to knock Web sites offline.
NSA Contractor Thought to Have Taken Classified Material the Old-Fashioned Way Wednesday, October 12, 2016 washingtonpost.com Harold T. Martin III is accused of stealing mounds of classified information from the government for at least a decade, and investigators also believe some of the information was taken the old-fashioned way — by walking out of the workplace with printed-out papers he had hidden, according to U.S. officials.
Youndoo Creates New Chrome Profile Wednesday, October 12, 2016 blog.malwarebytes.com We have found members of the Elex family to create an extra Firefox profile and wrote about it on our blog in a post called GsearchFinder hijackers add extra Firefox profile. Now they took on the task of doing the same for Chrome (and succeeded). They copy some settings from your current profile to create the new profile and give it a natural “feel”.
Microsoft: No More Pick-and-Choose Patching Wednesday, October 12, 2016 krebsonsecurity.com Starting this month, home and business Windows users will no longer be able to pick and choose which updates to install and which to leave for another time.
DoD Finalizes Rule on Policies for Cyber Incident Reporting Wednesday, October 12, 2016 insidegovernmentcontracts.com On October 4th, the Department of Defense (DoD) issued a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors who have “agreements” with DoD. The Final Rule also highlights DoD’s desire to encourage greater participation in the voluntary Defense Industrial Base (DIB) cybersecurity information sharing program. This Rule is effective on November 3, 2016.
FTC Enforcement Possible for Failing to Guard Against Ransomware Wednesday, October 12, 2016 dataprotectionreport.com Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may foreshadow additional FTC action, building upon a developing trend of US regulators engaging in pre-breach enforcement action.
Court Rules Consumer Bureau's Structure Unconstitutional, Allows It to Operate Tuesday, October 11, 2016 thehill.com In its 2-1 ruling, the U.S. Court of Appeals for the D.C. Circuit said the independent agency's structure is unconstitutional because it’s headed by a single director instead of a multi-member board. The court, however, allowed the CFPB to continue to function by giving the president the power to remove and supervise the director.
66 Ways to Protect Your Privacy Right Now Tuesday, October 11, 2016 consumerreports.org The tips here, compiled with input from dozens of security experts, will help you take control. We also have pulled out a shorter list of just seven, super-fast steps you can take right now, in less than 10 minutes.
Yahoo Secretly Scanned Customer Emails for U.S. Intelligence - Sources Friday, October 07, 2016 reuters.com Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Grandmother Scammed out of $6,000 Friday, October 07, 2016 channel3000.com The 82-year-old woman told police she got a call Wednesday from a man claiming he was her grandson and that he was drunk when he was involved in a crash that injured another motorist. He told her the reason he sounded a bit nasally was because his nose had been broken in the collision.
How to Encrypt Your Facebook Messages Friday, October 07, 2016 techcrunch.com All 1 billion Facebook Messenger users can now encrypt their messages so that governments, hackers, and even Facebook itself can’t read them. Facebook announced its “Secret” messages feature back in July. Now it’s fully rolled out, but still a bit tricky to use. Messenger threads aren’t secret by default, so here’s a step-by-step guide for how to turn on encryption.
‘We Have Your Daughter’: A Virtual Kidnapping and a Mother’s Five Hours of Hell Wednesday, October 05, 2016 washingtonpost.com Wendy Mueller was standing at the copper sink in her gorgeous, historic Leesburg, Va., home last Wednesday afternoon when the knife she was holding slipped and cut her thumb. Then the phone rang. It wasn’t a number she recognized, but distracted by the bleeding thumb, she answered it. Mom always answers the phone.
Who Makes the IoT Things Under Attack? Wednesday, October 05, 2016 krebsonsecurity.com The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.
Recognize the Warning Signs of Mail Scams Wednesday, October 05, 2016 connect.usa.gov You, or someone you know, may have fallen victim to a mass mailing fraud campaign that is targeting individuals all over the world. U.S. consumers have lost millions of dollars in recent years and the elderly are targeted most.
Maintaining Security and Stability in the Internet Ecosystem Friday, October 07, 2016 circleid.com DDoS attacks, phishing scams and malware. We battle these dark forces every day — and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack.
Hackers Target Election Systems in 20 States Friday, September 30, 2016 nbcnews.com There have been hacking attempts on election systems in more than 20 states — far more than had been previously acknowledged — a senior Department of Homeland Security official told NBC News on Thursday. The "attempted intrusions" targeted online systems like registration databases, and not the actual voting or tabulation machines that will be used on Election Day and are not tied to the Internet.
U.S. Set to Hand Over Internet Address Book Friday, September 30, 2016 usatoday.com The United States doesn’t own the Internet, but it’s held the oversight contract for the organization that runs its address book for many years. That’s set to change Friday. The U.S. contract with the non-profit organization in charge of all Internet domain names expires then, and the non-profit running the database will become autonomous and be accountable to international stakeholders in the Internet community.
New Virus Disables Computers by Encrypting Hard Drives Friday, September 30, 2016 healthdatamanagement.com A new strain of ransomware, called Mamba, is circulating through multiple industries, including healthcare, and crippling computers by encrypting entire hard drives. So far, there really isn’t much that can be done except pay the ransom to gain a key to decrypt the hard drive, experts say.
‘Money Mule’ Gangs Turn to Bitcoin ATMs Monday, October 03, 2016 krebsonsecurity.com Fraudsters who hack corporate bank accounts typically launder stolen funds by making deposits from the hacked company into accounts owned by “money mules,” willing or unwitting dupes recruited through work-at-home job scams. The mules usually are then asked to withdraw the funds in cash and wire the money to the scammers. Increasingly, however, the mules are being instructed to remit the stolen money via Bitcoin ATMs.
House, Senate Leaders Urge States to Bolster Election Cybersecurity Monday, October 03, 2016 thehill.com The top four leaders in Congress on Thursday issued a joint letter urging state election officials to shore up defenses against hackers who could interfere with the election. The letter highlights the worries across the country that hackers might seek to influence the U.S. election.
Feds Charge Ten Virgin Islands Women With Tax Fraud, Identity Theft Monday, October 03, 2016 viconsortium.com The ten women are accused of using sham IDs to file federal tax returns, and in the process receiving over $300,000 in refunds...The alleged plot involved acquiring personal information for multiple persons, including some who knew of the scheme and others who did not. The illegal plan also entailed the acquiring of bank and debit card numbers for the deposit of the illegally obtained tax refunds; the illegal withdrawing thereof, and filing multiple tax returns.
Verizon Technician Sold Calling, Location Data to Private Investigator Thursday, September 29, 2016 arstechnica.com An Alabama man who worked as a Verizon Wireless technician has agreed to plead guilty to a federal hacking charge in connection to his illegal use of the company's computers to acquire customer calling and location data. The man, Daniel Eugene Traeger, faces a maximum five years in prison next month. He admitted Thursday that he sold customer data—from 2009 to 2014—to a private investigator whom the authorities have not named.
FBI Reports More Attempts to Hack Voter Registration System Thursday, September 29, 2016 networkworld.com "There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August," FBI Director James Comey told the House Judiciary Committee on Wednesday.
Inside Arizona’s Pump Skimmer Scourge Wednesday, September 28, 2016 krebsonsecurity.com Crooks who deploy skimming devices made to steal payment card details from fuel station pumps don’t just target filling stations at random: They tend to focus on those that neglect to deploy various tools designed to minimize such scams, including security cameras, non-standard pump locks and tamper-proof security tape.
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say Wednesday, September 28, 2016 nytimes.com When Marissa Mayer took over as chief executive of the flailing company in mid-2012, security was one of many problems she inherited. With so many competing priorities, she emphasized creating a cleaner look for services like Yahoo Mail and developing new products over making security improvements, the Yahoo employees said. The “Paranoids,” the internal name for Yahoo’s security team, often clashed with other parts of the business over security costs. And their requests were often overridden because of concerns that the inconvenience of added protection would make people stop using the company’s products.
Six Senators Demand More Details About the Yahoo Data Breach Wednesday, September 28, 2016 csoonline.com Six U.S. senators have called Yahoo's massive data breach "unacceptable," and they're demanding that the company provide more details about the incident. In a letter addressed to Yahoo's CEO, the lawmakers said they were particularly "disturbed" that the breach occurred in 2014, but that Yahoo only publicized it last week. "That means millions of Americans' data may have been compromised for two years," the letter said. "This is unacceptable."
Google Just Saved the Journalist Who Was Hit By a 'Record' Cyberattack Thursday, September 29, 2016 businessinsider.com Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks.
Hackers Are Trying to Hold a Los Angeles Investment Bank to Ransom Thursday, September 29, 2016 motherboard.vice.com Hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company. The hacker or hackers, who call themselves The Dark Overlord, recently tried to extort a series of health care organisations into paying hefty ransoms. This most recent target, however, is WestPark Capital, based in Los Angeles.
Cyber Is Everything Thursday, September 29, 2016 forbes.com The great rewrite in cybersecurity is that protection efforts must be taken just as seriously as revenue goals. If not, company reputations, customer relationships and even public safety can suffer.
The Democratization of Censorship Monday, September 26, 2016 krebsonsecurity.com Krebs: "Events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach."
Appalachian Regional Back Online Three Weeks After Cyberattack Monday, September 26, 2016 healthcareitnews.com After an almost three-week shutdown of computer systems due to a crippling cyberattack that the system first revealed in late August, Appalachian Regional Healthcare system is back online, officials said.
FTC Releases Data Breach Recovery and Prevention Video Monday, September 26, 2016 us-cert.gov The Federal Trade Commission (FTC) has released a step-by-step video to users whose personal information may have been exposed in a data breach. This video provides instruction on how to report an incident and develop a personal recovery plan after a data breach has occurred.
Police Warn of Shady USB Drives Appearing in Mailboxes Monday, September 26, 2016 cnet.com A person or a group of people have been dropping malicious USB sticks in mailboxes around Victoria, Australia. The State Police on Wednesday issued a warning, saying these USB drives are "believed to be extremely harmful," urging the public not to use them.
Five Social Engineering Scams Employees Still Fall For Monday, September 26, 2016 csoonline.com You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.
Yahoo's Mega Breach: Security Takeaways Monday, September 26, 2016 databreachtoday.com Security expert Sean Sullivan says he's not surprised that the 2014 breach of Yahoo, which exposed at least 500 million account details, only recently came to light.
Who's Stalking: What to Know About Mobile Spyware Monday, September 26, 2016 consumer.ftc.gov Do you think an abusive partner or ex is monitoring you through your phone? They might be using stalking apps (spyware) that secretly track your devices. Here’s information about what stalking apps are, how to tell if they’re on your device, and what to do if they are.
Another Way to Violate Privacy: PHI in Court Documents Monday, September 26, 2016 healthcareinfosecurity.com A recent court ruling illustrates yet another way patient privacy can be compromised. A federal court slapped WakeMed Health and Hospitals, a North Carolina healthcare system, with financial penalties for exposing patient information in filings it made for cases.
Anonymous Hacks Four Italian Healthcare Organizations Friday, September 23, 2016 softpedia.com Anonymous Italia and AntiSec-Italia, two hacktivist groups associated with the Anonymous hacker collective, have hacked and defaced four Italian healthcare organizations and leaked data from two.
Keeping Your Files Safe in the Sky Tuesday, September 20, 2016 nytimes.com Online storage services like Dropbox and iCloud use encryption to help keep your data secure, but you should be vigilant about password management.
ONC's New Leader Lays Out Security, Privacy Goals Friday, September 23, 2016 healthcareinfosecurity.com B. Vindell Washington, M.D., the new leader of the Office of the National Coordinator for Health IT, pledges to continue the agency's push toward standards-based interoperable, secure health data exchange as a way of improving healthcare.
Scam Alert: Online Dating Fraud Monday, September 19, 2016 forbes.com Online dating is more popular than ever. The ability to pull up a profile of a prospective date and make a “swipe” decision is a powerful tool. Despite the convenient marriage between technology and possible romance, some online dating set-ups can be frauds. You have to be careful.
Swindled by a Phone Scam? You're Not Alone, Police Say Monday, September 19, 2016 wwnytv.com Several phone scams have swindled northern New York residents out of their money. That warning comes from state police who gave several examples of the types of scams hitting the area and some advice about how to avoid them.
Former Wells Fargo Employee Recounts Unauthorized Accounts Scam Monday, September 19, 2016 thv11.com Early in September, Wells Fargo Bank was hit with a $185 million fine for illegally opening millions of deposit and credit card accounts. Officials said this was done to boost sales figures by secretly transferring money from people's authorized accounts without permission.
MCSO Warns Public of Death Threat Email Scam Monday, September 19, 2016 greenepublishing.com The sender of this email identifies themselves as “DEATH” and the email is sent to “Recipients.” The body of the email states “Someone paid me to kill you…get spared, 48hrs to pay $5,000.” The email also makes reference to 'Death Coming' if the recipient contacts the police or anyone else.
Edward Snowden Says Disclosures Bolstered Individual Privacy Monday, September 19, 2016 nytimes.com Edward J. Snowden, the former American intelligence contractor who leaked documents about surveillance programs, said on Friday that his disclosures had improved privacy for individuals in the United States, and he declared that “being patriotic doesn’t mean simply agreeing with your government.”
Investment Fund Loses $6 Million in BEC Scam, Suspends Operations Monday, September 19, 2016 csoonline.com A lawsuit filed on Friday by Tillage Commodities Fund alleges that SS&C Technology showed an egregious lack of diligence and care, when they fell for an email scam that ultimately led to hackers in China looting $5.9 million.
Suit Challenging Data Breach Caused by Hacking May Proceed Monday, September 19, 2016 dataprotectionreport.com The U.S. Court of Appeals for the Sixth Circuit concluded that certain allegations of harm after a data breach caused by hacking are sufficiently concrete to confer Article III standing. This case may make it more difficult for companies defending data breach suits to quickly obtain dismissal of plaintiffs’ claims.
New York Proposes Cybersecurity Regulation for Financial Services Institutions Monday, September 19, 2016 insideprivacy.com On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register.
New Jersey Moves Forward With Shopper Privacy Bill Monday, September 19, 2016 huntonprivacyblog.com On September 15, 2016, the New Jersey Senate unanimously approved a bill that seeks to limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.
NIST Unveils a Cybersecurity Self-Assessment Tool Monday, September 19, 2016 databreachtoday.com The National Institute of Standards and Technology has issued a draft of a self-assessment tool that's designed to help enterprises gauge the impact and effectiveness of their cybersecurity risk management initiatives.
OCR: Business Associate HIPAA Audits Coming Soon Monday, September 19, 2016 healthcareinfosecurity.com The Department of Health and Human Services is gearing up to kick off in October its first-ever round of HIPAA compliance audits of business associates. And the agency is also developing a variety of new guidance aimed at helping healthcare organizations deal with a surge in cyber threats.
Firefox Browser Vulnerable to Man-In-The-Middle Attack Monday, September 19, 2016 thehackernews.com A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network.
Helping Police Solve Cybercrimes Monday, September 19, 2016 bankinfosecurity.com How qualified is law enforcement to investigate today's cybercrimes? While many big-city police departments have all the necessary skills, those in smaller markets often do not, according to a panel of experts.
FBI Trying to Build Legal Cases Against Russian Hackers Friday, September 16, 2016 reuters.com The Federal Bureau of Investigation is intensifying efforts to find enough evidence to enable the Justice Department to indict some of the Russians that U.S. intelligence agencies have concluded are hacking into American political parties and figures, U.S. law enforcement and intelligence officials said on Thursday.
Alleged British Hacker to Be Extradited to US Friday, September 16, 2016 thehill.com A U.K. court on Friday ruled that computer activist and hacker Lauri Love would be extradited to the U.S. for hacking government and military computer systems. Love faces a 99-year prison sentence in the U.S. for allegedly hacking NASA, the FBI, Federal Reserve and other institutions.
Russian Hackers Get Bolder in Anti-Doping Agency Attack Friday, September 16, 2016 wired.com On Tuesday, a group identifying itself as Russian hackers announced that it had breached the World Anti-Doping Agency and leaked the records of American athletes, including gymnast Simone Biles and tennis stars Venus and Serena Williams...The actions seemed designed to tie the hack to the Russian group Fancy Bear, one of two teams of hackers with links to Russian intelligence agencies that the Democratic National Committee says it found digging through its files earlier this summer. Some cyberespionage experts view it all as a sign of an evolving Russian hacker mentality that’s traded stealth for flashy public dumps of adversaries’ data.
Ransomware Getting More Targeted, Expensive Friday, September 16, 2016 krebsonsecurity.com What we can expect is not only more targeted and destructive attacks, but also ransom demands that vary based on the attacker’s estimation of the value of the data being held hostage and/or the ability of the victim to pay some approximation of what it might be worth.
Securing Voter Registration Data Friday, September 16, 2016 us-cert.gov Voter registration databases (VRDB) and election systems are rich targets and may continue to experience frequent attempted intrusions. This problem is not unique to individual states—it is shared across the nation. The keys to good cybersecurity are awareness and constant vigilance.
Awareness Training: How Much Is Too Much? Friday, September 16, 2016 csoonline.com Security awareness training is one of the most effective ways to strengthen what is generally known as “the weakest link in the security chain.” The key is to make employees skeptical without paralyzing them with paranoia.
Houston Man Heads to Prison for Credit Card Fraud Friday, September 16, 2016 justice.gov Menard admitted he purchased approximately 1,000 stolen credit card numbers over the Internet from websites outside the United States. He then created fraudulent credit cards by encoding stolen credit card numbers onto magnetic stripes on the back of gift and debit cards. He then used those fraudulent cards to purchase legitimate gift cards from Kroger and HEB grocery stores in Conroe and others during 2014 and 2015.
Someone Is Learning How to Take Down the Internet Thursday, September 15, 2016 lawfareblog.com Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state.
Secret Service Warns of ‘Periscope’ Skimmers Thursday, September 15, 2016 krebsonsecurity.com The U.S. Secret Service is warning banks and ATM owners about a new technological advance in cash machine skimming known as “periscope skimming,” which involves a specialized skimming probe that connects directly to the ATM’s internal circuit board to steal card data.
FBI Monitoring for Foreign Meddling in Elections Friday, September 09, 2016 thehill.com U.S. security experts have suggested Russia was behind recent cyberattacks on the Democratic National Committee and other Democratic organizations, including Hillary Clinton’s campaign. Reports emerged last month hackers may have penetrated voter databases in Arizona and Illinois, prompting the FBI to investigate the possible breach.
Data Hoarders Are Shining a Spotlight on Past Breaches Friday, September 09, 2016 networkworld.com Vigilante.pw is among numerous data breach monitoring sites started by anonymous internet users that routinely post details on newly uncovered stolen data. They're a big part of the reason why, week after week, the full scale of past hacks is gradually beginning to surface. Recent news on a 2012 Dropbox breach, for example, was initially sourced from a separate service known as Leakbase. That site obtained a copy of the stolen accounts and found email addresses and hashed passwords belonging to 68 million users.
FBI Searches for Man Wanted in $50M Scam Thursday, September 08, 2016 wbaltv.com “They would send out fraudulent bills for supplies like light bulbs and cleaning supplies,” FBI Special Agent in Charge Scott Hinkley said. “These invoices would then be greatly increased as to what they would normally cost and then these people would reply by paying these invoices.”
2 Psychologists Plead Guilty in $25 Million Medicare Scam Thursday, September 08, 2016 abcnews.go.com Psychologists from Louisiana and Mississippi admitted participating in a $25 million Medicare scam by billing for unnecessary or nonexistent tests on nursing home patients across the Southeast, federal authorities said Wednesday.
PayPal Scam Hits the Twitter Universe, What to Watch Out For Monday, September 12, 2016 itechpost.com Here's how they the bad guys do it on Twitter: First, they create a Twitter account with a username related to PayPal (ex. PayPalTech or AskPayPal). Then, they look for users tweeting the real PayPal Twitter account for customer related concerns. After which, the scammers will contact these users and pretend to be legit representatives of PayPal.
IRS Impersonator Scam Still Going Strong Monday, September 12, 2016 ksdk.com It's a pervasive shake-down taking place across the country and the IRS warns the IRS impersonator scam is as strong as ever.
The Feds Pore Over Your Mail to Flag Scams Monday, September 12, 2016 winknews.com Stacks of scams are piled in every corner of Curtis’ home, whose last name we withheld to protect him from more scammers. As the phone ringed non-stop, he told us the scammers are “constantly calling, constantly asking for money.”
Carnegie Mellon University Helps You Control Your Privacy Monday, September 12, 2016 cio.com Managing your personal data in the digital age has become almost impossible. But Carnegie Mellon University has found that a combination of natural language processing, privacy preference modeling, machine lanuguage, crowdsourcing and privacy interface design may make the impossible possible.
4 Ways You Can Report Identity Theft Thursday, September 08, 2016 time.com The following steps cover how to report identity theft and what measures to take to ensure the compromised accounts are secured or closed.
Hutton Hotel Guests Credit Card Info Exposed During Three-Year Long Breach Thursday, September 08, 2016 scmagazine.com The Nashville hotel said in a statement that its payment processing company notified the hotel of a security incident and a follow-up investigation by an outside security firm determined that malware had been placed on the Hutton Hotel payment processing system capable of capturing the cardholder name, payment card account number, card expiration date, and verification code. The system was vulnerable from September 19, 2012 to April 16, 2015, or for those who made purchases at the onsite food and beverage outlets from September 19, 2012 to January 15, 2015, and from August 12, 2015 to June 10, 2016.
Cybersecurity Expert Says 'Almost Everything Can Be Hacked' and Endpoint Protection Is Not Enough Thursday, September 08, 2016 healthcareitnews.com Digital records of healthcare information have become quite valuable to cybercriminals, and healthcare is widely considered to be behind other industries in figuring out and implementing the best tactics and technologies to protect its data. What’s more, healthcare has some fairly unique security problems, including unusual variables in personnel access control, the challenges of mobile health, and dated, hackable equipment such as drug pumps.
Mobile Device Infections Surged by 96 Percent in First Half of 2016 Thursday, September 08, 2016 esecurityplanet.com According to the Nokia Threat Intelligence Report - H1 2016, smartphone infections rose by 96 percent between January and July 2016 compared to the latter half of 2015, with smartphones accounting for 78 percent of all mobile network infections.
The Limits of SMS for 2-Factor Authentication Thursday, September 08, 2016 krebsonsecurity.com Text messaging codes to users isn’t the safest way to do two-factor authentication, even if some entities — like the U.S. Social Security Administration and Sony’s Playstation network — are just getting around to offering two-factor via SMS.
Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes [PDF] Wednesday, September 07, 2016 fincen.gov The Financial Crimes Enforcement Network (FinCEN) today issued an advisory to help financial institutions guard against a growing number of e-mail fraud schemes in which criminals misappropriate funds by deceiving financial institutions and their customers into conducting wire transfers.
Trio Stole $1M in Identity Theft, Mortgage Fraud Scheme, AG Says Wednesday, September 07, 2016 nj.com Hunter, Phillip and Jones allegedly used stolen or fake identities not only for the borrowers, but for others, too, to create all of the hallmarks of a legitimate transaction. They used stolen and fake identities for "all of the required roles," including seller, attorneys, settlement agent, title agent, homeowner's insurance company, notary and others...
Congressional Report Slams OPM on Data Breach Wednesday, September 07, 2016 krebsonsecurity.com The massive data breach at the U.S. Office of Personnel Management (OPM) that exposed background investigations and fingerprint data on millions of Americans was the result of a cascading series of cybersecurity blunders from the agency’s senior leadership on down to the outdated technology used to secure the sensitive data, according to a lengthy report released today by a key government oversight panel.
ACLU Questions How Tor Email Users Got FBI-Deployed Malware Wednesday, September 07, 2016 thehill.com The ACLU filed a motion in Maryland court for information on why the FBI seemingly indiscriminately infected users of a free email service with malware. Lawyers from the civil liberties group are seeking to unseal the docket sheets connected with a warrant to use the malware on users of TorMail, a service that was only accessible on the Tor anonymous web browsing network.
Clapper: Russians Hack U.S. 'All the Time' Wednesday, September 07, 2016 politico.com Russian hackers are trying to infiltrate U.S. networks “all the time,” Director of National Intelligence James Clapper said on Wednesday, skirting the issue of whether Moscow is tied to the recent hacks of the Democratic National Committee and other Democratic institutions.
Location Privacy: The Purview of the Rich and Indigent Tuesday, September 06, 2016 krebsonsecurity.com Increasingly, location privacy is the exclusive purview of two groups of Americans: Those who are indigent and/or homeless and those who are wealthy. Only the well-off can afford the substantial costs and many petty inconveniences associated with separating one’s name from their address, vehicle, phone records and other modern niceties that make one easy to track and find.
Police Warn of Online Rental Scams Tuesday, September 06, 2016 baltimoresun.com Nationally, rental and real estate scams rose 11 percent over the past two years, to 11,562 victims in 2015 from 10,384 victims in 2013, according to the FBI's annual Internet Crime Report, which is based on data collected through the Internet Crime Complaint Center. The category also includes real estate investment fraud; scams involving home mortgages, refinancing, short sales and foreclosures; and property involved in money laundering, such as a grow house.
Internet Tracking Has Moved Beyond Cookies Tuesday, September 06, 2016 fivethirtyeight.com A new survey from a group of Princeton researchers of one million websites sheds some light on the cutting-edge tricks being used to follow your digital trail. Rather than placing a tracker on your browser, many sites are now “fingerprinting” — using information about your computer such as battery status or browser window size to identify your presence.
FTC Seeks Input on GLB Safeguards Rule Tuesday, September 06, 2016 huntonprivacyblog.com On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment on the Gramm-Leach-Bliley Act (“GLB”) Safeguards Rule. The GLB Safeguards Rule, which became effective in 2003, requires financial institutions to develop, implement and maintain a comprehensive information security program to safeguard customer information.
An Email Scam Cost One of Europe's Biggest Companies $40 Million Friday, September 02, 2016 gizmodo.com Earlier this month, Leoni AG, one of the world’s largest manufacturers of wires and electrical cables, informed investors that the German company lost almost 40 million euros (or about $44.6 million) to online scammers. Today, we finally know how: According to investigators, the thieves simply spoofed emails to look like official payment requests, a tactic known as “CEO fraud.”
FTC Releases Alert on Securing Personal Information When Using Rental Vehicles Thursday, September 01, 2016 us-cert.gov The Federal Trade Commission (FTC) has released recommendations for consumers to protect their personal data when using rental vehicles. Rental vehicles may contain infotainment systems that can connect with personal devices to stream music, allow hands-free calls and texts, or guide navigation. However, using connected vehicles can increase the risks of having personal data compromised. By taking precautions, users can protect themselves and their personal information.
Kimpton Hotels Acknowledges Data Breach Friday, September 02, 2016 krebsonsecurity.com Kimpton Hotels on Wednesday formally acknowledged that malware found on payment terminals in many of its hotels and restaurants may have compromised credit/debit cards of guests who patronized the properties in the first half of this year.
SWIFT Sees New Hack Attacks Against Banks Friday, September 02, 2016 bankinfosecurity.com Attackers have been continuing to compromise banks' local security controls to send fraudulent messages via SWIFT's interbank messaging network.
Implementing a Behavioral-Based Approach to Security Friday, September 02, 2016 healthcareinfosecurity.com Just as seasonal flu viruses change from year to year, so too malware threats quickly evolve, necessitating a behavioral-based approach to security, says John Woods, CISO of pharmacy software vendor PDX Inc.
Cybercrime as a Tax on the Internet Economy Friday, September 02, 2016 schneier.com If our estimates are right, cybercrime extracts between 15% and 20% of the value created by the Internet, a heavy tax on the potential for economic growth and job creation and a share of revenue that is significantly larger than any other transnational criminal activity.
Watchdog: IRS Found Nearly 1.1M Employment-Related ID Theft Victims Wednesday, August 31, 2016 thehill.com The Internal Revenue Service identified close to 1.1 million taxpayers who were victims of employment-related identity theft from 2011 through 2015, but almost all of the victims were not informed, a Treasury Department watchdog found in a report made public this week...Employment-related identity theft is when people use others' Social Security numbers (SSNs) to get a job. The IRS identifies cases of employment-related ID theft when electronic tax returns are filed with an individual taxpayer identification number (ITINs) but are associated with income documents with an SSN that don't match.
Woman Pleads Guilty for Part in ID Theft Scheme That Ensnared ‘Smallville’ Actress Wednesday, August 31, 2016 washingtonpost.com Starting in 2012, Green-Morris would file fake invoices for work never performed by companies owned by Amit Chaudhry, an Ashburn resident accused of masterminding the criminal group’s U.S. operations. In exchange, she was paid several thousand dollars per invoice. She made several million dollars over four years from her involvement, according to prosecutors, which her plea agreement requires her to repay. She has agreed to give up claims to her home and car as part of that effort. She will also have to pay back taxes on undeclared income.
High-Income Investors Very Concerned About Identity Theft Wednesday, August 31, 2016 lowcards.com Data breaches are always in the news, and high net worth (HNW) investors are as worried about them as the rest of us. According to Morgan Stanley’s Investor Pulse Poll, 72% of high net worth investors are worried about identity theft, ranking it higher on their list of concerns than terrorism (65%) or a major illness in their household (56%).
FBI Warns State Election Offices to Be Wary of Hackers Wednesday, August 31, 2016 npr.org FBI Director James Comey says the United States takes seriously any effort to influence U.S. elections through a cyberattack. He said this after hackers tried to get into at least two state voter databases.
Dropbox Hack Leaks 2012 Info From 60 Million Accounts Wednesday, August 31, 2016 thehill.com Account information dated in 2012 for 68 million current and former Dropbox users leaked to a variety of media websites Tuesday evening. The list was shared with Motherboard, who confirmed it with a “senior Dropbox employee” as well as breach protection websites like Have I Been Pwned.
Baltimore County Police Warn of Online Rental Scams Wednesday, August 31, 2016 baltimoresun.com In March, researchers in the New York University Tandon School of Engineering published a study that found Craigslist had failed to identify more than half of scam rental listings. The study also found postings that were reported as suspicious would remain on the website for as long as 20 hours before they were removed.
U.S. Fines Big Nebraska Bank Over Credit Card, ID Theft Marketing Wednesday, August 31, 2016 reuters.com First National Bank of Omaha will pay $35.25 million of fines and refunds to settle charges by two U.S. regulators that it duped hundreds of thousands of customers into buying credit card and identity theft services they did not want, understand or receive.
Consumers, Security Pros Troubled by IoT Issues Monday, August 29, 2016 mediapost.com IoT security continues to be an area of concern for both businesses and consumers, and a new study shows that fear also includes potential weaponization of IoT devices.
POS Malware Hits Two Hotel Chains Monday, August 29, 2016 databreachtoday.com Two hotel chains are warning that they've suffered point-of-sale malware infections that compromised customers' payment card data. Both say they were alerted to related card fraud by the U.S. Secret Service and that they're now assisting law enforcement agencies' investigations.
Report on Cardiac Device Cyber Vulnerabilities Fuels Debate Monday, August 29, 2016 healthcareinfosecurity.com Medical device cybersecurity is an important area of focus that needs a brighter spotlight. But a new report questioning the security of certain cardiac devices from St. Jude Medical Inc. raises some serious ethical issues about the whistleblowers.
Considering Privacy in the Age of the Camera Tuesday, August 30, 2016 govtech.com Surveillance cameras offer a powerful tool for law enforcement, but there are implications to consider for privacy, footage retention and public safety.
Hacker Reveals How He Could Have Hacked Multiple Facebook Accounts Tuesday, August 30, 2016 thehackernews.com Gurkirat Singh from California recently discovered a loophole in Facebook's password reset mechanism that could have given hackers complete access to the victim's Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can.
Man, Woman Arrested on Suspicion of Child Abuse, ID Theft Tuesday, August 30, 2016 sbsun.com A child abuse investigation by a San Bernardino County sheriff’s deputy turned up evidence of identity theft as well, leading to the arrest of a San Bernardino man and woman, authorities said Saturday.
Car Hacking Is the Future – and Sooner or Later You'll Be Hit Monday, August 29, 2016 theguardian.com It’s hard to find unanimity among hackers on anything. People who use “herding cats” as the apotheosis of a tricky organizational challenge have never had to herd information security experts. But the group of people united by the motivation to push computer security to its absolute limit seem to agree on one thing, at least: car hacking is here to stay, and sooner or later, you’ll be hit too.
Enhanced DMV Facial Recognition Technology Helps NY Nab 100 ID Thieves Monday, August 29, 2016 arstechnica.com In January, the New York State DMV enhanced its facial recognition technology by doubling the number of measurement points on a driver's photograph, a move the state's governor says has led to the arrest of 100 suspected identity thieves and opened 900 unsolved cases. In all, since New York implemented facial recognition technology in 2010, more than 14,000 people have been hampered trying to get multiple licenses.
America's Schools Have a Big Cybersecurity Problem Monday, August 29, 2016 huffingtonpost.com With the 2016-2017 school year already underway, it’s time to draw attention to an ongoing and very serious problem facing the US education system: our schools are ill-equipped to face the mounting threats posed by hackers.
Opera Warns Sync Users of Possible Data Breach Monday, August 29, 2016 csoonline.com On Friday, Opera, the Norwegian company responsible for the popular browser, warned users that the Opera Sync service might have been compromised. In response, the company issued a forced password reset for all Sync users.
The Rise of Medical Identity Theft Friday, August 26, 2016 consumerreports.org When thieves take your personal data to get prescription drugs, doctor care, or surgery, it can endanger your health and trash your finances.
Do Your Kids Know Good Password Hygiene? Here Are Some Rules Friday, August 26, 2016 welivesecurity.com Growing up before the age of the internet and social networks has left many older users unprepared for risks looming in the virtual world. From that perspective, today’s kids are lucky, as the best cybersecurity practices, such as good password hygiene, are at hand. So, if you are not exactly the most security savvy of parents, try our password essentials.
Lost Devices Leading Cause of Data Breaches, Report Friday, August 26, 2016 scmagazine.com Phishing scams and ransomware attacks may grab the headlines, but for the financial sector lost or stolen mobile devices were the leading cause of data breaches over the last decade.
How Can We Improve Awareness Training? Thursday, August 25, 2016 csoonline.com As more companies face the realities of cybercrime, malware and data breaches, many of them are turning to security awareness training programs to keep their employees from becoming the next victim of an attack. But a lot of these programs are ineffective, giving employees a “read this email, watch this video” program, and the CSO a “box to check off”.
ATM in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers Thursday, August 25, 2016 thehackernews.com An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network; police said Wednesday. The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were exploited to steal cash from the machines.
Are Cybersecurity Fears Warranted? Thursday, August 25, 2016 govtech.com If cybersecurity is not fortified, experts say, aggression and hostility could steadily overtake the web. The “internet of things” may morph, as one recent study forecasts, into the “weaponization of everything.” Imagine elevators going haywire, or pacemakers under the control of extortionists.
Ransomware Extortion: A Question of Time Thursday, August 25, 2016 healthcareinfosecurity.com Ransomware attackers increasingly target organizations that might be able to recover from crypto-locking malware infections, but which might not be able to do so in a timely manner, says attorney Mark Rasch, security evangelist at Verizon Enterprise Solutions, in this video interview.
Ransomware: The Evolution of Cybercrime, a Roundtable Thursday, August 25, 2016 scmagazine.com The threat from ransomware continues to grow and the situation will only get darker before mitigation efforts prove reliable and the miscreants move on to another attack vector.
Hackers Publish Nude Pictures on Leslie Jones’s Website Thursday, August 25, 2016 nytimes.com Leslie Jones, a co-star of this year’s “Ghostbusters” movie who has been besieged in the past month by online abusers who have targeted her appearance and her race, was victimized again on Wednesday when her personal website appeared to have been hacked.
Advocates Want FCC to Address Car Hacking Threat Thursday, August 25, 2016 morningconsult.com Hackers could exploit vehicles’ use of airwaves to steal personal information or even take control of driving functions. Those worries have prompted advocacy groups and some Senate Democrats to call on the Federal Communications Commission to issue rules requiring automakers to bolster cybersecurity and privacy protections for consumers.
Personal Information of Pulse Victims, Survivors Breached Thursday, August 25, 2016 wftv.com Orlando Health employees said at least one of its employees broke the rules and went through the personal information of Pulse survivors...the hospital said in an email that more than one worker did it, saying, “Team members giving in to their personal curiosities violated our policies and steps have been taken internally to discipline those involved.”
USAA Members Hit With Multiple Phishing Attacks Thursday, August 25, 2016 scmagazine.com Multiple phishing campaign that play off consumers' fear of having their financial information being hacked are hitting customers of United Services Automobile Association (USAA).
The Details Behind HHS Breach Investigation Ramp-Up Thursday, August 25, 2016 healthcareinfosecurity.com The Department of Health and Human Services' Office for Civil Rights is ramping up and standardizing how smaller health data breaches are investigated by its regional offices, adding staff to support the effort, says Iliana Peters, OCR's senior adviser for HIPAA compliance and enforcement.
United Airlines Sets Minimum Bar on Security Thursday, August 25, 2016 krebsonsecurity.com United Airlines has rolled out a series of updates to its Web site that the company claims will help beef up the security of customer accounts. But at first glance, the core changes — moving from a 4-digit PINs to password and requiring customers to pick five different security questions and answers — may seem like a security playbook copied from Yahoo.com, circa 2009. Here’s a closer look at what’s changed in how United authenticates customers, and hopefully a bit of insight into what the nation’s fourth-largest airline is trying to accomplish with its new system.
Submarine Builder Declares ‘Economic Warfare’ as Plans for Ship Said to Be Hacked; Now What? Thursday, August 25, 2016 bobsullivan.net Get used to another term in world of computer hacking: “economic warfare.” A French firm building multi-billion-dollar submarines for Australia and several other nations says it was the victim of economic warfare after some of its schematics for similar subs being built for India were released online, allegedly by hackers. The data was published by Australian media.
DHS: Don't Fall for Louisiana Flood Charity Scams Thursday, August 25, 2016 nextgov.com Donors must be extra vigilant when donating to charities claiming to aid victims of Louisiana's devastating floods because they could be fraudulent entities, a federal alert said.
A Life or Death Case of Identity Theft? Wednesday, August 24, 2016 krebsonsecurity.com Identity thieves have perfected a scam in which they impersonate existing customers at retail mobile phone stores, pay a small cash deposit on pricey new phones, and then charge the rest to the victim’s account. In most cases, switching on the new phones causes the victim account owner’s phone(s) to go dead. This is the story of a Pennsylvania man who allegedly died of a heart attack because his wife’s phone was switched off by ID thieves and she was temporarily unable to call for help.
Turkish Journalist Jailed for Terrorism Was Framed, Forensics Report Shows Wednesday, August 24, 2016 motherboard.vice.com Turkish investigative journalist Baris Pehlivan spent 19 months in jail, accused of terrorism based on documents found on his work computer. But when digital forensics experts examined his PC, they discovered that those files were put there by someone who removed the hard drive from the case, copied the documents, and then reinstalled the hard drive.
States Should Prep for Ransomware Attacks Wednesday, August 24, 2016 gcn.com Although the number of malware attacks against state governments have trended downward over the past few months, ransomware has made up a larger portion of those overall attacks, according to data from the Multi-State Information Sharing and Analysis Center.
Scammers Hijack Customer Support Requests on Twitter Wednesday, August 24, 2016 softpedia.com Crooks are using look-alike Twitter accounts to insert themselves into legitimate customer support Twitter conversations and lead customers back to phishing sites to collect their login credentials and account details.
Twitter Security Tips: How to Improve Your Security and Privacy in 10 Easy Steps Wednesday, August 24, 2016 heimdalsecurity.com It would be reckless for someone to consider its Twitter account bulletproof from online dangers – nothing is 100% safe, no matter what anyone will say to you to try to convince you otherwise. However, there are a few things that you can do to increase your security and privacy.
New York Times Denies Hack of Moscow Bureau Wednesday, August 24, 2016 thehill.com The New York Times on Tuesday night refuted reports that Russian hackers successfully breached its systems. The Times’ Moscow bureau was targeted by hackers believed to Russian, earlier this month — but there are no signs that the attempt was successful, according to a spokeswoman, who was quoted in the paper.
Corporate Directors Focusing on Cybersecurity Wednesday, August 24, 2016 sandiegouniontribune.com As high profile data breaches continue to grab headlines, corporate boards need to make sure they’re deeply involved in the cybersafeguards at their companies.
How to Digitally Erase All Your Stuff When You Quit Your Job Wednesday, August 24, 2016 wired.com It's your last day at your job. There will be tears! Between the cheesy sendoff at the morning meeting and the after-work happy hour, you have to do something very important: back up all your stuff and securely clear your computer. Be smart about it with these steps.
Sage Employee Arrested for Insider Breach Wednesday, August 24, 2016 esecurityplanet.com An employee of the U.K. business software company Sage was arrested at London's Heathrow airport on August 17 in connection with an insider data breach that may have compromised the personal information of employees at 280 British companies, BBC News reports.
You’re Being Tracked (And Tracked and Tracked) on the Web Wednesday, August 24, 2016 spectrum.ieee.org The number of third parties sending information to and receiving data from popular websites each time you visit them has increased dramatically in the past 20 years, which means that visitors to those sites may be more closely watched by major corporations and advertisers than ever before, according to a new analysis of Web tracking.
Almost a Third of Staff Still Fall for Phishing Emails Wednesday, August 24, 2016 infosecurity-magazine.com This shows phishing is still a significant threat to companies as they attempt to stem the tide of cyber-attacks that continue to plague organizations across the globe.
Despite Billions Spent on Cybersecurity, Companies Aren’t Truly Safe From Hacks Wednesday, August 24, 2016 networkworld.com As security software has grown more sophisticated in recent years, so have the bad guys. Data breaches have soared in the past two years. One of the worst emerging problems is ransomware, where hackers demand payment to return sensitive data they’ve stolen or locked up to the rightful owner.
FBI Investigating Russian Hack of New York Times Reporters, Others Tuesday, August 23, 2016 cnn.com Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other US news organizations, according to US officials briefed on the matter. The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said.
Mother Details Horror She Experienced in Kidnapping Scam Tuesday, August 23, 2016 nbcbayarea.com A Milpitas mother victimized by a kidnapping scam last weekend provided some details about her ordeal in which a stranger called her and threatened to kill her daughter if she didn't wire money to a Mexico location. The woman unwittingly answered her phone and heard a girl's voice on the other end of the line pleading: “Mom, please help me! Someone grabbed me, and I am in a van."
Worried Grandparents Targeted in Phone Scam Tuesday, August 23, 2016 waaytv.com It is a scam that preys upon the fear of grandparents. A man or woman receives a phone call - the voice on the other end simply says "grandma," or "grandpa," and then unravels a disturbing story about being out of the country with friends and ending up in jail. The person needs money for bail, and grandma or grandpa are too embarrassed to admit they don't recognize which grandchild is on the phone, so they send the bail money.
Police Warns Students About Potential Scam Tuesday, August 23, 2016 keyetv.com In these scams, the caller uses a cloned number to call a student and claim they owe back taxes, tuition, or failed to complete necessary paperwork. The impostor then tells the student he or she will be either arrested of kicked-out of school if they fail to make a payment. Finally, the scammer guides the student through making a payment over the phone.
Report: Business Email Cons Rampant Tuesday, August 23, 2016 thehill.com Business Email Compromise (BEC), in which an attacker uses email to convince a victim to wire them money or send them goods, has caused over $3 billion in damage worldwide and hit more than 22,000 businesses since January 2015, according to the FBI.
Private Lives Are Exposed as WikiLeaks Spills Its Secrets Tuesday, August 23, 2016 hosted.ap.org WikiLeaks' global crusade to expose government secrets is causing collateral damage to the privacy of hundreds of innocent people, including survivors of sexual abuse, sick children and the mentally ill, The Associated Press has found.
Man Gets Prison for Identity Theft; Restitution Ordered Tuesday, August 23, 2016 jg-tc.com A man was sentenced to prison time and ordered to pay more than $11,000 to a rural Mattoon man's estate after he admitted using the other man's identification information to obtain a loan.
Chinese Cyber Spies May Be Watching You, Experts Warn Tuesday, August 23, 2016 cnn.com Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat.
Employee Arrested for Breach at Software Firm Sage Tuesday, August 23, 2016 darkreading.com An employee of software firm Sage has been arrested in connection with the recent breach at the company involving theft of customers’ financial details, reports Fortune. The 32-year-old woman was detained at Heathrow Airport, but is currently out on bail.
Woman Loses Over $9,000 in Phone Scam Tuesday, August 23, 2016 9news.com The woman told police the caller said they were with the IRS. The caller went on to say the woman had a warrant for her arrest for failing to pay back taxes. The woman was told to deposit over $4,500 into a bank account and to buy a separate gift card for nearly $6,000. After fulfilling some other requests, like sending a copy of her driver's license, the woman realized she had been scammed.
New Scam Targets Parents With College Kids Tuesday, August 23, 2016 westchester.news12.com The Internal Revenue Service has issued a warning about a new scam that targets college students and their parents. IRS officials say thieves are calling people and demanding that they pay a "Federal Student Tax" or risk going to jail. They say the tax doesn't exist.
Many Hospitals Transmit Your Health Records Unencrypted Tuesday, August 23, 2016 itworld.com About 32% of hospitals and 52% of non-acute providers -- such as outpatient clinics, rehabilitation facilities and physicians' offices -- are not encrypting data in transit, according to a new survey.
Facebook Scam Claims Delta Is Giving Away Airline Tickets, Cash Tuesday, August 23, 2016 wkbw.com The offer comes from a Facebook account called Delta Air, which includes the Delta logo as its profile picture. It claims to offer users a box containing five to 10 first-class tickets to any Delta destination along with $10,000 in cash.
NSA Leak Rattles Cybersecurity Industry Tuesday, August 23, 2016 csmonitor.com The National Security Agency stockpiled sophisticated tools designed to penetrate commonly used security software. Now that hackers have revealed some of those techniques, companies are left scrambling to secure their systems.
James Bamford: Evidence Points to Another Snowden at the NSA Monday, August 22, 2016 reuters.com We now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.
White House Sets out Suggestion Box for Cybersecurity Monday, August 22, 2016 thehill.com The National Institute of Standards and Technology, on behalf of the brand new White House Commission on Enhancing National Cybersecurity, placed a request for information (RFI) in the Federal Register. The list of topics was extensive, effectively asking for feedback on any issue related to cybersecurity that might come up over the next decade.
A Hacker's Best Friend Is a Nice Employee Monday, August 22, 2016 usatoday.com When it comes to hacking, the most dangerous thing at most companies may not be their computer network but the lowly desk telephone.
Man Used Cloned Credit Cards, Police Say Monday, August 22, 2016 pressconnects.com Webb purchased items with cloned credit cards that contained stolen personal account information from the victims, according to police.
Snooped-On Man Free to Sue Spyware Maker Monday, August 22, 2016 nakedsecurity.com A US court has said that a man can sue a spyware company whose software was used unlawfully by a jealous spouse to intercept his messages.
Malware Infected All Eddie Bauer Stores in U.S., Canada Monday, August 22, 2016 krebsonsecurity.com Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.
NSA Exploitation of Software Flaws Poses Risk Monday, August 22, 2016 triblive.com To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often resisted. Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.
Keep Using Password Managers -- Bugs and All Monday, August 22, 2016 csoonline.com Bugs in several password managers, including the vulnerabilities discovered in LastPass in late July, have scared away some users. But such fears go too far. Millions of users rely on password managers to keep track of passwords for applications and online services, and by all indications, they work better than trying to do it on your own.
Security Alerts Are Ignored 90% of the Time Monday, August 22, 2016 securitymagazine.com People ignore software security warnings up to 90 percent of the time, according to a new study from Brigham Young University.
OCR to Increase Investigations of Small PHI Breaches Monday, August 22, 2016 hipaajournal.com The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced it will be stepping up investigations of small PHI breaches with immediate effect. Breaches impacting fewer than 500 individuals will now be subjected to closer scrutiny, with the responsibility for investigating those breaches falling to the OCR’s Regional Offices.
Man Used Tax Fraud, ID Theft to Steal Millions Friday, August 19, 2016 wyff4.com Court records and testimony showed that Hill gave his co-conspirators, Senita Birt Dill and Ronald Jeremy Knowles, stolen personal identification information that Dill and Knowles used to file more than 1,000 false tax returns. The tax fraud ring collected more than $3.5 million in fraudulent tax refunds.
Recent POS Attacks: Are They Linked? Thursday, August 18, 2016 inforisktoday.com Just days after POS systems and services provider Oracle MICROS revealed a breach impacting its legacy POS systems, Visa issued an alert warning merchants to be on the lookout for malware attacks linked to MICROS.
Stranger Than Family Friday, August 19, 2016 consumer.ftc.gov Have you ever gotten a phone call from someone pretending to be a family member? They might say it is an emergency – maybe somebody is in jail, in the hospital, or being held hostage. What’s common to all of these calls is that they end with the caller asking you to send money. These calls are scams no matter how convincing they sound.
10 Year-Old Teaches Hackers a Valuable Lesson in Privacy Friday, August 19, 2016 csoonline.com Evan Robertson, age 10, took a science fair project and turned it into a valuable lesson in privacy earlier this month at rootz Asylum, a kids-only gathering at DEF CON where children can learn about security in a safe, encouraging environment.
Snowden: Alleged NSA Attack Is Russian Warning Friday, August 19, 2016 cnet.com The former NSA contractor says the auction of alleged NSA cyber tools is meant to warn the US from retaliating for two hacks of Democratic Party organizations.
We Asked Experts to Compare Trump’s and Clinton’s Cybersecurity Policies Thursday, August 18, 2016 washingtonpost.com The Washington Post reached out to cybersecurity policy experts, including academics, think-tankers and officials from previous Republican and Democratic administrations and asked them evaluate both candidates' cybersecurity policy strategies and whether they were more concerned about Clinton's private email server or Trump's hacking comments. Here's what they said:
NSA Hacking Tools Were Leaked Online - Here’s What You Need to Know Wednesday, August 17, 2016 washingtonpost.com A cache of powerful hacking tools used by the National Security Agency have leaked online in what could be the biggest blow to the agency since 2013, when Edward Snowden came forward with documents that exposed the scope of its surveillance capabilities.
China Fights Hackers With Quantum Physics Monday, August 15, 2016 marketwatch.com Aboard the Micius satellite is encryption technology that, if successful, could propel China to the forefront of hack-proof communications. Professor Hoi Fung Chau of Hong Kong University explains how quantum physics can be used to frustrate hackers.
Police Bust Identity Theft Scheme That Netted $650K Wednesday, August 17, 2016 abc13.com According to court records, Shalewa Olayinka, 53, applied for and obtained 116 credit cards from eight different financial institutions in 12 other people's names. He would allegedly apply for the credit card using a victim's information and then steal the card out of his or her mailbox when the card arrived.
Former Hotel Employee Accused of Identity Theft Wednesday, August 17, 2016 wbrc.com Former hotel employee Vicki Smith, 51, reportedly spent more than $3,000 on the debit card of a hotel guest. A police affidavit said Smith was working at the Four Points by Sheraton at the time. It also said detectives tracked the spending back to her after realizing the stolen card information was used to load money onto an account used to make phone calls to her son, Isiah Smith, in the Shelby County Jail.
Avoid the Scam: That’s Not the IRS Calling Monday, August 15, 2016 washingtonpost.com The sad thing is that lots of people are falling for schemes like these. In many cases, the scammers threaten people with arrest to try to scare them into paying. Some of the latest scams even ask people to put money on iTunes cards. The IRS would never ask you to pay your taxes using a gift card or prepaid debit cards.
Cybersecurity Skills Crisis Creating Vulnerabilities Monday, August 15, 2016 networkworld.com Cybersecurity staffing continues to be a problem, a new report has found. Intel Security says a massive 82 percent of IT professionals that it surveyed are battling a shortage in workers specializing in cybersecurity.
How Well Does Social Engineering Work? One Test Returned 150% Wednesday, August 17, 2016 csoonline.com In the wild, the most common attacks would be social engineering, typically involving some sort of email phishing campaign where the attacker sends an email that looks like it’s from a legitimate organization, or maybe from the company itself, and gets a user to click on a link.
The Election Won’t Be Rigged but It Could Be Hacked Wednesday, August 17, 2016 nytimes.com The United States needs to return, as soon as possible, to a paper-based, auditable voting system in all jurisdictions that still use electronic-only, unverifiable voting machines.
DNC Creates Cybersecurity Advisory Board Following Hack Friday, August 12, 2016 politico.com Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.
There’s a New Way to Make Strong Passwords, and It’s Way Easier Friday, August 12, 2016 washingtonpost.com People tend to hate computer passwords, that often nonsensical jumble of letters, numbers and special keystrokes said to be essential for digital security. The secret codes seem impossible to remember. It’s why every login page has a “Forgot password?” life preserver. The struggle even has a name: Password rage. Now, a new standard is emerging for passwords, backed by a growing number of businesses and government agencies — to the relief of computer users everywhere.
Brazil Superhackers Stalk Olympic Tourists Thursday, August 11, 2016 nbcnews.com As athletes from around the globe arrived in Rio last week to compete for Olympic gold, Brazil's notorious hacker underground was lurking just out of sight, competing to rip off as many of the hundreds of thousands of sports fans as possible during the games. Tourists flocking to Rio are descending into what security experts describe as one of the most potent cybercrime hotspots in the world, where a new generation of young hackers is perfecting and unleashing a spectrum of online attacks in and outside of the country.
Victim Loses $4,000 in IRS Scam Thursday, August 11, 2016 statesboroherald.com A senior citizen was bilked out of $4,000 Tuesday when a man claiming to be an Internal Revenue Service agent conned her into buying several Apple iTunes cards and giving him the card numbers.
IRS, States Fear Wave of Billion-Dollar Tax Frauds Thursday, August 11, 2016 thehill.com State and federal officials are preparing for a wave of fraudulent tax filings next year after hackers stole personal information belonging to tens of thousands of Americans in a series of high-profile cases...The IRS estimates it lost $5.8 billion paying out refunds on fraudulent returns in 2013. States lose an estimated $8 billion to $9 billion annually, experts say.
Road Warriors: Beware of ‘Video Jacking’ Thursday, August 11, 2016 krebsonsecurity.com A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping.
DOJ Shuts Down Identity Trafficking Scheme Thursday, August 11, 2016 pymnts.com The Department of Justice announced that a suspect accused of taking part in an identity trafficking scheme that involved identity document runners, suppliers and brokers all working in unison to steal identities and commit financial fraud has pleaded guilty.
Hack of Democrats’ Accounts Was Wider Than Believed, Officials Say Thursday, August 11, 2016 nytimes.com A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday...American intelligence agencies have said they have “high confidence” that the attack was the work of Russian intelligence agencies.
Michael Phelps Targeted by Hackers After Winning 19th Gold Medal Thursday, August 11, 2016 infosecurity-magazine.com A collective that calls itself the New World Hackers has claimed responsibility for taking down the U.S. swimmer’s website, just after he took home an Olympic gold medal in the 4x100-meter relay in Rio de Janeiro.
Family Warns of New Twist to Sweepstakes Scam Thursday, August 11, 2016 nbcmiami.com Betty Braddom thought she had won $1.2 million. But then the calls started coming telling her she had to pay money before she could claim her prize.
Inside Look at SWIFT-Related Bank Attacks Wednesday, August 10, 2016 bankinfosecurity.com Attacks waged against payments run through the SWIFT interbank messaging system - including the $81 million heist from the Bank of Bangladesh - have raised many questions about back-end security practices, fraudulent transaction liability and authentication. What is less discussed, however, is who is behind the attacks, and whether they could be linked to other cyberattacks against international banking systems beyond SWIFT.
Espionage Malware Penetrates Air-Gapped Networks Wednesday, August 10, 2016 bankinfosecurity.com Security researchers are warning that they've discovered a highly advanced and targeted cyber-espionage campaign that appears to have been running since 2011, and which remains active. The APT malware used by the group behind the campaign is remarkable in part not only for having remained undetected for so long, but also for its ability to exfiltrate data from air-gapped networks using multiple techniques, including by piggybacking on network protocols, researchers say.
Delta’s Massive Computer Outage Is Part of a Much Bigger Problem Wednesday, August 10, 2016 washingtonpost.com A systemwide computer outage at Delta Air Lines left passengers stranded and caused mass cancellations for customers who booked flights scheduled for Monday morning. The problem is a reminder that, in our increasingly digital world, computer outages, no matter the cause, can wreak havoc on even the largest companies and the customers they serve.
FDA Addresses Medical Device Cybersecurity Modifications Wednesday, August 10, 2016 healthcareinfosecurity.com New Food and Drug Administration draft guidance aims to alleviate a common topic of confusion in the healthcare sector: whether medical device makers need to submit for FDA review the modifications manufacturers make that affect cybersecurity in existing products.
Tarrant County, Texas, Security Team Foils Ransomware Attack Wednesday, August 10, 2016 govtech.com An emergency computer incident response crew swept in, isolated the employee’s data from the rest of the county’s system and restored files to where they were an hour before the software attack occurred, with no information lost or stolen.
Four Android Flaws Leave 900M Devices at Risk Wednesday, August 10, 2016 databreachtoday.com Four vulnerabilities relating to Qualcomm chipsets used by an estimated 900 million Android smartphones and tablets could each be exploited to seize control of devices and steal any data they store, warns Israeli cybersecurity firm Check Point.
Illinois Hospital Chain to Pay Record $5.5M for Exposing Data About Millions of Patients Tuesday, August 09, 2016 csoonline.com Illinois' largest hospital chain has agreed to pay a $5.5 million fine by the government for lax data security that led to the exposure of more than 4 million electronic patient records. The fine against Advocate Health Care Network, the largest ever levied under Health Insurance Portability and Accountability Act (HIPAA) regulations, is a result of the "extent and duration of the alleged noncompliance."
HIPAA Criminal Prosecutions on the Rise Tuesday, August 09, 2016 healthcareinfosecurity.com A former Tampa General Hospital worker has been sentenced to 37 months in federal prison in a case involving criminal HIPAA violations and tax fraud. Some privacy and security experts say such prosecutions of HIPAA cases could be on the rise - especially when the violations are tied to other crimes. The Tampa case joins a handful of other recent cases involving insiders who also received prison sentences for their illegal access or disclosure of patient data.
FBI Ramps up IC3 Visibility Tuesday, August 09, 2016 fcw.com The FBI is putting a more public face on its Internet Crime Complaint Center (IC3) with a billboard campaign to increase awareness of the center as a mechanism for reporting suspected internet crime to the FBI.
Cyber Risks for Small Businesses Tuesday, August 09, 2016 insurancebusiness.ca If you have sensitive or protected data in your care, custody or control, you have obligations to safeguard it and can be held liable for its disclosure. Data that is crucial to a company’s success is also highly valuable and easily monetized. Calculating criminals are looking for personally identifiable information, protected healthcare information, payment card information, intellectual property, authentication credentials, insider information and more.
Health Files Make for a Juicy Target for Thieves Tuesday, August 09, 2016 bostonglobe.com Today, according to cybersecurity specialists, criminals hoping to scoop up valuable personal data are increasingly targeting health care companies — from local doctor’s offices to major health insurers.
Healthcare Hacker Attacks: No End in Sight Tuesday, August 09, 2016 databreachtoday.com Once federal regulators confirm the details, the recent cyberattack on Banner Health Care, which may have compromised the data of as many as 3.7 million individuals, likely will be the largest healthcare data breach reported so far in 2016 - a year that's seen a string of disturbing hacker attacks in the sector.
Man Charged With Selling Stolen Bank Accounts on Dark Web Tuesday, August 09, 2016 tripwire.com On 19 March, 2016, the dark web vendor advertised “Hacked SunTrust Bank Account Logins $100-$500 Balances” for sale at USD 9.99 a piece and claimed he had sold 32 logins since November. Two months later, on 4 May, 2016, Glende put up a sale of “High Balance SunTrust Logins 30K-150K.” Those accounts were listed at USD 66.99 each. In his post, IcyEagle claimed to have sold 11 login credentials since 5 November.
Back-to-School Safety Tech That Helps Keep Kids Safe Tuesday, August 09, 2016 nbcnews.com With back-to-school season kicking into high gear, millions of parents in the U.S. will allow their children to walk to and from school. No matter how mature and responsible a child is, those few blocks without adult supervision are enough to make most parents worry. Luckily, technology can help assuage concern and keep track of a child's whereabouts. Read on for options ranging from a free app to wearables and connected home devices.
Churchgoing Nigerians Drive Business Email Attacks Tuesday, August 09, 2016 databreachtoday.com When the computer security company SecureWorks began studying email fraud schemes out of West Africa, the profiles of one particular group surprised them. Instead of young adults working out of cyber cafes, they were older, deeply religious men working at home.
OCR Warns of Threat of Insider Data Breaches Tuesday, August 09, 2016 hipaajournal.com While attacks by external malicious actors have resulted in the exposure and theft of a huge amount of patient data, healthcare organizations should not ignore the threat from within. The threat of insider data breaches is considerable and insider data breaches are fast becoming one of the biggest threats to healthcare organizations. Cyberattacks conducted by external malicious actors may also be facilitated by insiders or insider-driven.
Want Cheaper Internet Access? Hand Over Your Privacy Tuesday, August 09, 2016 latimes.com Chris Hoofnagle, an Internet law professor at UC Berkeley, said Comcast’s filing last week should serve as a reminder that the broadband Internet industry is different. These companies aren’t selling a luxury. They’re selling a necessity. “What Comcast is saying is somewhat akin to the water authority offering a discount for less purified water,” Hoofnagle said. “It is time to conceive of broadband as a utility, one that needs to satisfy basic standards for quality, which include freedom from unwarranted surveillance.”
Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges Monday, August 08, 2016 wired.com Fake boarding passes are hardly a new hacker trick. Cryptographer Bruce Schneier wrote about the technique to make them back in 2003 and privacy activist Chris Soghoian was investigated by the FBI for creating a website that automatically generated the fake passes. But Jaroszewski’s Defcon talk is intended to point out that even now, a decade later, the boarding pass security issue persists, and in some ways is easier than ever to exploit thanks to airports’ use of automated QR-code readers.
This Company Has Built a Profile on Every American Adult Monday, August 08, 2016 bloomberg.com Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.
Data Breach at Oracle’s Micros Point-Of-Sale Division Monday, August 08, 2016 krebsonsecurity.com A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
IRS Warns on Super Summer Scam Scourge Monday, August 08, 2016 csoonline.com The Internal Revenue Service this week warned taxpayers to stay vigilant against an increase of IRS impersonation scams in the form of automated calls and new tactics from scammers demanding tax payments on iTunes and other gift cards.
Tax Preparer Guilty of $500,000 Tax Fraud, Identity Theft and Passport Fraud Tuesday, August 02, 2016 justice.gov Bayuo prepared and submitted to the IRS false and fraudulent tax returns for her clients that resulted in increased tax refunds by fabricating or overstating unreimbursed employment expenses, gifts to charity, and business losses. Bayuo also charged clients additional fees to use stolen identifying information of minors, including names, dates of birth, and social security numbers, to claim false minor dependents on their tax returns to increase the taxpayers’ refund amount. In addition, from 2010 through 2014, Bayuo used stolen identifying information to file fraudulent income tax returns that generated tax refunds to which Bayuo was not entitled.
Hacker Selling 200 Million Yahoo Accounts on Dark Web Friday, August 05, 2016 thehackernews.com The same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web.
Phishing Study Reveals Frightening Password Habits Tuesday, August 02, 2016 csoonline.com Passwords are a problem, and yet they're the primary means of authentication used when at work or at home. Recently, Salted Hash examined 126,357 passwords for accounts compromised during Phishing attacks in 2016. What we discovered was both sad and frustrating.
Emails That Won't Embarrass Later Friday, August 05, 2016 usatoday.com Not a day goes by now that we don't hear about yet another email hack. The recent hacks of Hillary Clinton and Democratic National Committee emails are just the latest, and all leads to one undisputed truth — our supposedly private communication is anything but.
NASA Credentials Leaked on Pastebin Friday, August 05, 2016 scmagazine.com A trove of leaked email and password login credentials belonging to employees at the National Aeronautics and Space Administration (NASA). The leaked email and password data was posted on a Pastebin by a user called ‘PLASTYNE (Anarchy Ghost)' who appears to be associated with a hacktivist group known as ‘Brazil All Hack Team.'
ACSC Releases Risk Mitigation Strategies Against Malicious Email Tuesday, August 02, 2016 us-cert.gov The Australian Cyber Security Centre (ACSC) has published guidance to organizations on risks posed by malicious email. Systems infected through targeted email phishing campaigns act as an entry point for attackers to spread throughout an organization's entire enterprise, steal sensitive business or personal information, or disrupt business operations.
Identity Theft Concerns Span the Financial Spectrum Monday, August 01, 2016 nhregister.com A recent Morgan Stanley poll of high net worth investors (those with $100,000 or more in investible assets) between the ages of 25 and 75 years old showed that identity theft ranks as both an issue respondents are most concerned about — 72 percent — and an issue that 51 percent feel they are most likely to be impacted by, surpassing concerns over major illnesses and terrorism.
Five Myths About Patient Privacy Monday, August 01, 2016 washingtonpost.com Shortly after the recent massacre at an Orlando nightclub, the city’s mayor declared that the White House had agreed to waive federal privacy rules to allow doctors to update victims’ families. News of the waiver was widely reported, but as the Obama administration later clarified, both the mayor and the media were “simply mistaken.” No waiver was granted because none was needed. The confusion amid the tragedy in Orlando underscores widespread misconceptions about the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Here we shed light on a handful of myths that bedevil doctors and patients alike.
Predators Exploiting Personal Info in DNC Hack Monday, August 01, 2016 abcnews.go.com Major contributors to the Democratic Party are feeling the sting of the cyber intrusion into private Democratic National Committee donor files, which in some cases included such sensitive details as credit card and a bank account information -- details scam artists are already attempting to exploit.
Go-Go Bar Owner, Others Ran $9M Credit Card Theft Ring, AG Says Monday, August 01, 2016 nj.com The ring used the credit cards to buy prepaid gift cards at Target and other retailers which were redeemed in phony transactions at Smiles, with the money split among the members of the ring, Porrino said. The cards were also used for direct transactions at the bar, with the cash landing in the business accounts of She-Kev Inc., the bar's corporate name...Another facet of the alleged scheme involved phony sales of cars on eBay and Craigslist.
Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world?
Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder?
Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud?
If so, we invite you to learn more about identity theft and scam expert Rob Douglas.