Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
Bitcoin Rise Fuels Social Media Scams Monday, March 27, 2017 csoonline.com The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media. Victims are lured in with fake Bitcoin wallets, fake Bitcoin search services, fake surveys about Bitcoin, too-good-to-be-true money making offers, and classic pyramid scams now dressed up with Bitcoins, according to a report released this week.
Cybercriminals Exploit March Madness Frenzy Monday, March 27, 2017 darkreading.com The last 15 days of the annual NCAA basketball tournament has seen heightened malicious activity involving phishing pages, adware downloads and mishandling of user data.
Alleged vDOS Owners Poised to Stand Trial Monday, March 27, 2017 krebsonsecurity.com Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline...The police are preparing to recommend prosecutors charge the men with computer fraud and extortion, alleging they caused more than six million shekels worth of damage (approximately USD $1.65 million).
Identity Theft Victim Sues Albuquerque Police Department Monday, March 27, 2017 abqjournal.com An investigation into a fraudulent check led Albuquerque police to arrest the victim of identity theft, even though the perpetrator who used his ID to cash the check looked dramatically different, according to a lawsuit filed this month.
New Scam Tricks Victims out of Thousands of Dollars Using Old Con Monday, March 27, 2017 wreg.com It’s a new twist on an old scam designed to steal thousands of dollars from unsuspecting consumers nationwide. It used to be called the Secret Shopper scam. The new version goes by the name Secret Surveyor, but the con is the same.
Mass. State Police Warn of Phone Scam Seeking Money to Clear Warrants Monday, March 27, 2017 turnto10.com Massachusetts State Police say they've received numerous complaints about calls that appear to come from a phone number for the department's South Boston barracks. The caller is identified as an officer and then instructs victims to meet at local shopping centers to provide money to clear up police warrants.
Push for Internet Privacy Rules Moves to Statehouses Monday, March 27, 2017 nytimes.com As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights.
Inside the Hunt for Russia’s Most Notorious Hacker Saturday, March 25, 2017 wired.com America's war with Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
T-Mobile is Rolling Out Scam Warnings on Incoming Calls Friday, March 24, 2017 theverge.com The carrier is going to begin warning subscribers when an incoming phone call appears to be from a scammer. If a scam call is detected, the caller ID will display as “Scam Likely,” giving subscribers a heads up before they answer or the chance to just ignore it outright.
Congress Moves to Strike Internet Privacy Rules From Obama Era Friday, March 24, 2017 nytimes.com Republican senators moved Thursday to dismantle landmark internet privacy protections for consumers in the first decisive strike against telecommunications and technology regulations created during the Obama administration, and a harbinger of further deregulation.
Judge OKs Subway’s Record $31M FACTA Settlement Friday, March 24, 2017 law360.com A Florida federal judge has signed off on the largest settlement in the history of the Fair and Accurate Credit Transactions Act, a nearly $31 million deal between Subway and a class of consumers alleging the sandwich chain unlawfully printed full credit card expiration dates on receipts...FACTA regulations require retailers to omit card expiration dates on receipts, as emphasized in the Credit and Debit Card Clarification Act.
Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already Friday, March 24, 2017 news.softpedia.com A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.
Instagram Has Two-Factor Authentication Now, So Turn It On Friday, March 24, 2017 wired.com Because you care greatly about your personal security hygiene, you’ve already enlisted two-factor authentication to help protect most of your online accounts. That’s good! Instagram, though, hasn’t given you the option. That changes today. Go get it.
Yahoo Breach Lessons IT Can't Ignore Friday, March 24, 2017 infoworld.com The indictment against the attackers behind the Yahoo breach illustrates just how vulnerable corporate networks are when thieves get their hands on employees' personal information.
Aviation Phishing Scams Friday, March 24, 2017 us-cert.gov US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.
Beware of Crooks Trying to Steal Your Cryptocurrency With These Schemes Friday, March 24, 2017 zdnet.com Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency has become invaluable to cybercriminals who exploit its anonymous, decentralised nature as a tool for demanding ransomware payments and laundering various other ill-gotten gains. This month social media Bitcoin scams have reached a new high, with over 125 million malicious links across Twitter, Facebook, and Instagram designed to attack victims and extort Bitcoin.
How Many Dossiers Do Corporations Have on You? at Least 78 — That You Can See Friday, March 24, 2017 bobsullivan.net Most folks don’t know there are dozens of other credit reports maintained by a handful of low-profile companies. These track everything from your check-writing habits to your health insurance claims. Mistakes on these other credit reports can be just as financially painful. Consumers have the right to see what’s in these reports too, but that right is useless to consumers who’ve never heard of the companies involved. That’s why American consumers should know a lot more about what are called “specialty credit reports” in the industry.
PBSO Deputy Pleads Guilty to Fraud Charges in Identity Theft Scam Friday, March 24, 2017 palmbeachpost.com A Palm Beach County sheriff’s deputy, who in December was named officer of the year for the Delray district, on Thursday pleaded guilty to federal fraud charges, admitting he used his access to law enforcement databases to propel an identity theft scheme.
New Details on Massive Vermont Data Breach Friday, March 24, 2017 wcax.com Gov. Phil Scott says state leaders initially thought hackers only had the opportunity to snatch one year's worth of account data. Turns out the culprits could have their hands on 14 years' worth. "This is appalling and I know this will be incredibly burdensome to the tens of thousands of Vermonters who are impacted," said Scott, R-Vermont. The governor says he's disappointed by how long it took the third-party contractor that runs the site to notify them of the breach and its possible extent.
Maine Job Match Service Hit With Data Breach Friday, March 24, 2017 mainebiz.biz The vendor of a web-based job link service used by Maine and at least nine other states reported Tuesday it had been the victim of a malicious data breach. A release posted on the MDOL's website reported that America's JobLink, a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from a "malicious third party 'hacker.'" The hacker exploited a "vulnerability in the AJL application code to view the names, Social Security numbers and dates of birth of job seekers in the AJL systems of up to 10 states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont," according to the release.
FCC Cracks Down on Annoying Robocalls Friday, March 24, 2017 nbcnews.com You might get interrupted a little less during dinner by annoying "robocalls" thanks to a new FCC proposal that passed today. "Robocall" telemarketers use machines armed with a list of phone numbers and pre-recorded pitch messages. Basically they spam you over your home telephone lines. One way the groups making the calls avoid detection and get around consumer call blockers is to disguise their where they're calling from using "spoofed" phone numbers.
Grayson County Public Schools Catches W-2 Phishing Scam Email Thursday, March 23, 2017 wdbj7.com A popular scam that happens around tax time has returned, but this time it's targeting schools, but one local division caught it immediately. The district's Human Resources Director Janice Linker received an email Tuesday from, what appeared to be, Superintendent Kelly Wilmore. It asked her to send a list of all employee W-2s in PDF form. But the division was already on high alert for this scam.
Idaho Department of Labor Hacked, Possible Identity Theft of 170,000 Job-Seekers Thursday, March 23, 2017 idahostatesman.com The Idaho Department of Labor reported Wednesday that about 170,000 of the state’s 530,000 job-seeker accounts – active and historical – were compromised by a hacking incident on March 12 and March 13...The account information that may have been viewed includes customers’ name, Social Security number and date of birth.
Charles Man Sentenced to Prison for Identity Theft Thursday, March 23, 2017 thebaynet.com A search of the vehicle, which was the same one used by Lee and Williamson to travel to the department stores in August, revealed gift cards, sales receipts, clothing and other merchandise, a laptop computer portable Wi-Fi device, as well as items used to create gift and credit cards encoded with stolen account information, including an embosser and electronic encoder.
Med Center Health Reports Stolen Patient Billing Information Thursday, March 23, 2017 wbko.com The information included name, address, Social Security number, health insurance information, diagnosis and procedure codes, and charges for medical service. However, the information obtained did not include patient medical records.
Urology Austin Was Victim of Ransomware Attack Thursday, March 23, 2017 oag.ca.gov Personal information may have been impacted by the ransomware, including name, address, date of birth, Social Security number, and medical information.
Health Care Facility Hacked by Ex-Employee Using 2-Year-Old Credentials Thursday, March 23, 2017 washingtontimes.com The former systems administrator of a Pennsylvania health care facility was charged with criminal hacking Monday after prosecutors said he wreaked havoc using administrative credentials that went unchanged more than two years after he resigned...Mr. Coughlin, the former computer technician of an unnamed health care facility, is accused of purging records from his old job’s databases and purchasing nearly $5,000 worth of iPads on the company’s dime after he was asked to resign from the gig in February 2013 following three weeks of employment.
Woman Loses More Than $700,000 in Online-Dating Site Scam Thursday, March 23, 2017 clickondetroit.com A Troy woman was scammed out of more than $700,000 when she believed the lies of someone posting a fake profile on a dating website...police said the 58-year-old grandmother was that trusting, and perhaps lonely. She was looking for companionship on the singles dating site Match.com. A man who called himself Donny Koch met her on the site and said he was from London. He said he worked on an oil rig and needed money, so she started sending thousands of dollars. The man then told her he was caught with all the cash she sent him and was jailed. He said he needed money for bail, so she sent more and more money. "She has given him approximately $703,000," said Troy police Captain Robert Redmond.
Grandmother Loses More Than $17,000 in Scam Thursday, March 23, 2017 kwch.com Saline County Sheriff Roger Soldan says a man identifying himself as Sgt. Bradshaw with the U.S. Embassy in the Dominican Republic told the woman over the phone Monday that her grandson had been arrested in the country for possessing marijuana. The man than convinced the Saline County woman that she needed to spend $17,720 for her grandson's freedom and to cover court fees and his transport out of the country.
6 N.J. Men Charged With Running Telemarketing Scam Targeting Seniors Thursday, March 23, 2017 nj.com Six New Jersey residents scammed senior citizens out of hundreds of thousands of dollars by running phony telemarketing investment scams, authorities said. The men established seven companies and successfully convinced more than 30 people to invest money...A representative from each of the companies called potential marks and advised them they could make money through marketing websites that would be set up on their behalf, according to court papers. The victims, many of whom didn't know how to use a computer, were told they had to do nothing more than send a check or provide a credit card number. The majority of the victims are more than 70 years old.
Lithuanian Con Artist Scams Two US Tech Giants out of $100 Million Wednesday, March 22, 2017 zdnet.com A man from Lithuania has been arrested after he conned two large technology firms out of $100 million in an elaborate phishing scheme. The US Department of Justice (DoJ) said on Tuesday that Evaldas Rimasauskas orchestrated a phishing scheme which targeted US technology giants specifically, and he was able to swindle $100 million by pretending to be a legitimate business partner of at least one of the victims.
Scammers Are Not “Friends” to Small Business Owners Wednesday, March 22, 2017 ftc.gov Lately we’ve been hearing about scammers who reach out to small businesses through Facebook messages. People have reported receiving messages on Facebook telling them that they’re eligible for – or that they’ve won – a business grant. If you get a message like this through your personal Facebook account or on your company’s page, don’t respond. It’s a scam. The government won’t contact you on social media to offer you money.
Study: 67% of Taxpayers Worry About Tax Fraud, Identity Theft Wednesday, March 22, 2017 hartfordbusiness.com Sixty-seven percent of U.S. taxpayers are concerned about tax fraud and identity theft this year, according to a study released Wednesday by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
Hialeah Police Officer Accused of Identity Theft Wednesday, March 22, 2017 patch.com The indictment alleges that Castellon used his law enforcement access to DAVID to log into the system, conduct searches and take screen shots of other personal identifying information between June 1, 2016, and Oct. 19, 2016, officials said. Castellon allegedly sent more than 25 screen shots to codefendant Neilin Gonzalez Diaz in exchange for gifts.
NY Attorney General: Record Number of Data Breach Notices Sent in 2016 Wednesday, March 22, 2017 news10.com The New York Attorney General’s Office announced it received a record number of data breach notices in 2016. The office says it received 1,300 reported data breaches, that’s a 60 percent increase from the year before. The breaches exposed personal records of 1.6 million New Yorkers.
IRS Issues New Tax Scam Warnings, FSA Tool Suspended Due to Security Concerns Wednesday, March 22, 2017 csoonline.com The Internal Revenue Service (IRS) has issued a new warning to businesses, taxpayers, and tax prep professionals about Phishing scams targeting the sensitive information they work with on a daily basis. Soon after, the IRS and the US Department of Education suspended a tool that helps people obtain financial aid for college.
Walton School District Falls Victim to Scam Wednesday, March 22, 2017 wjhg.com "Well we were victims of basically a very elaborate phishing scheme," said Walton School District Superintendent A. Russell Hughes. "We received an email from an unknown person that was impersonating the superintendent," said Chief Information Officer, Henry Martin. Hughes said a scammer sent a series of emails pretending to be him to various employees asking for personal information. "One of my employees basically contacted me and said "Mr. Hughes, did you get the information request?" and I said I didn't request information and immediately they kicked into "oh my goodness, something has happened," Hughes explained.
Phishing Your Employees for Schooling & Security Wednesday, March 22, 2017 darkreading.com Imagine this fictional scenario: A student, hoping to become a surgeon, attends hours of medical courses. She never misses a class, always listens, and takes copious notes. Finally, after receiving the years of training necessary, the student receives her medical degree having never taken a test. Would you let this surgeon operate on you? I sure hope not! Testing is a crucial part of any form of education, for both teachers and students. That's why I believe your phishing education program isn't complete until you phish your own company's tank.
Data Breach May Involve Hundreds of UNC Health Prenatal Patients Tuesday, March 21, 2017 wral.com UNC Health Care said Monday it has begun notifying patients of a potential breach where personal data provided by prenatal patients at two obstetric clinics were mistakenly transmitted to local county health departments. The breach affects up to 1,300 patients who are believed to have completed Pregnancy Home Risk Screening Forms at their prenatal appointments at the Women’s Clinic at the North Carolina Women’s Hospital and UNC Maternal-Fetal Medicine at Rex Hospital between April 2014 and last month, officials said.
LCC Health Clinic Discovers Data Breach, Private Information Possibly at Risk Tuesday, March 21, 2017 kval.com If you used the Lane Community College Health Clinic between March of 2016 and February of 2017, your private information may be at risk...Staff found a virus on one health clinic computer during a routine check in February. The virus may have shared patient information, including names, dates of birth and social security numbers to a third party.
Teenage Boy Behind Traffic Violation Scam, Police Say Tuesday, March 21, 2017 6abc.com The notice included a photograph of each resident's vehicle along with the property owner's last name and complete mailing address. The notice directed individuals to leave the cash in their mailbox and send a notification e-mail to report the payment was ready for pick-up.
Watch out for These Tax-Themed Phishing and Malware Scams Tuesday, March 21, 2017 zdnet.com Criminals sometimes take advantage of big events such as the Olympic Games to lure victims into hacks and cyber attacks. It isn't as glamorous as a big sporting occasion, but the US tax season, now in full steam ahead of the April 18 filing deadline, is a prime time for cybercriminals to steal financial information and personal data.
Hundreds of Powhatan School Employees Compromised in Data Breach Tuesday, March 21, 2017 wtvr.com The personal information exposed in the breach includes employees Social Security numbers, address, wages and taxes, and gross income. The data breach includes the personal information of 905 employees of Powhatan County Public Schools, a school spokesperson confirmed.
Police Investigate Identity Theft, Discover Skimming Device at Gas Station Tuesday, March 21, 2017 pottsmerc.com During the investigation, police said they located and seized a skimming device that was attached to a card reader on one of the gas pumps. This device was not visible, police said, and could not be immediately detected without accessing the gas pump cabinet.
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them Monday, March 20, 2017 wired.com Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information. According to the the Anti-Phishing Working Group, 100,000 new phishing attacks get reported every month, and thousands of people fall for them. But you are smart. You can increase your chances of avoiding phishing scams if you follow these three steps and, above all, remember that when it comes to your email you can’t really trust anything.
Reports of Potential Data Breach at Saks Fifth Ave Monday, March 20, 2017 nbcmiami.com There are reports of Saks Fifth Avenue inadvertently exposing the personal information of customers online. The breach, which was first reported by Buzzfeed, had the e-mail addresses and phone numbers of shoppers visible on the Saks website.
Neiman Marcus to Pay $1.6 Million in Shopper Data Breach Lawsuit Monday, March 20, 2017 dallasnews.com Neiman Marcus has agreed to pay $1.6 million to settle a data breach class action in Illinois federal court. The three-year-old case stemmed from the December 2013 cyber attack that exposed credit card data of an estimated 350,000 Neiman Marcus shoppers.
District Attorney Launches Criminal Investigation Into St. Charles Data Breach Monday, March 20, 2017 mycentraloregon.com Deschutes County District Attorney John Hummel has launched a criminal investigation into the apparent breach of patient records at St. Charles Health System. “I was dismayed to learn via media reports that apparently a St. Charles employee impermissibly accessed records of thousands of patients,” said Hummel. “An alleged breach of this magnitude should have been reported to local police so that a proper criminal investigation could be conducted – as far as I’m aware this did not happen.”
Energy Grid, Infrastructure Lag Behind in Protection Against Cyber Risk and Crimes Monday, March 20, 2017 thestreet.com The businesses in the energy sector have focused too much of their resources and attention on physical security such as their plants and machinery instead of their technology. These flaws leave companies more susceptible to attacks, said James Lee, executive vice president at Waratek, a Dublin, Ireland-based provider of application security solutions. "To a hacker, the ways you attack a control application is just the same as how you steal information from a retailer or bank," he said. "The difference is a cyberattack against control technology puts lives at risk."
Lawmakers Fear Infiltration of Defense Supply Chain Monday, March 20, 2017 thehill.com Lawmakers are worried about the vulnerabilities of the Defense Department’s supply chain and the risk of adversaries inserting malicious material into Pentagon weapons systems. “For a sophisticated adversary, this complex, multi-tiered supply chain offers numerous targets for attackers to potentially subvert the design, integrity and resilience of key national security assets,” Sen. Gary Peters (D-Mich.), a member of the Senate Armed Services Committee, told The Hill.
One Billion Yahoo Accounts Still for Sale, Despite Hacking Indictments Sunday, March 19, 2017 nytimes.com For sale: one billion Yahoo accounts, $200,000 or best offer. The passwords don’t work, but the dates of birth, telephone numbers and security questions could still be useful to an adept cyberthief. After federal prosecutors unsealed indictments this week against four men they say were responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts, data on one billion accounts — stolen in another attack on the company a year earlier — appeared to remain available on underground hacker forums on Friday.
This New Cyber Scam Has Targeted Thousands Sunday, March 19, 2017 nypost.com Cybercriminals have a new scam that has already taken in 65 companies throughout the state and harvested more than 7,000 employees’ Social Security numbers.
OPM Warns of Scam Targeting Federal Annuitants Sunday, March 19, 2017 federalnewsradio.com “The scammer threatens to end the annuitant’s retirement, threatens that a ‘magistrate’ will criminally prosecute, and demands an immediate payment. This is a government imposter scam — Do not send money,” wrote OPM’s Ken Zawodny, the associate director of Retirement Services, in a blog post. “Any communication of this type is NOT from an OPM official. OPM will not make such calls.”
Ethical Hacking: The Most Important Job No One Talks About Sunday, March 19, 2017 darkreading.com Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.
Experts Divided on Value of Cyber National Guard Sunday, March 19, 2017 csoonline.com This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community. According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.
Reality Star Becomes Victim of Identity Theft Sunday, March 19, 2017 wsbtv.com Police are searching for a suspect who stole the identity of a well-known Atlanta reality star. And now they fear the suspect may have struck again.
Search Warrant Issued for Everyone Who Googled Identity Theft Victim’s Name Sunday, March 19, 2017 consumerist.com Investigators believe the suspect used Google to create the passport and carry out the theft. However, when the Hennepin County Administrative Subpoena was sent to Google requesting subscriber information for anyone who had performed a search of the victim’s name, the company rejected the request.
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam Saturday, March 18, 2017 krebsonsecurity.com On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
IRS Warns of Last-Minute Tax Scams Saturday, March 18, 2017 us-cert.gov The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to email@example.com.
Google Points to Another POS Vendor Breach Friday, March 17, 2017 krebsonsecurity.com For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Hacker Is a Villain to Russia and the United States, for Different Reasons Friday, March 17, 2017 nytimes.com Before United States prosecutors accused him of having orchestrated one of the largest computer thefts, Dmitry A. Dokuchaev’s legal problems were deepening in Russia, where he was once known by the hacker alias Forb and specialized in purloining credit card numbers. Mr. Dokuchaev, a stocky 33-year-old who appears on an F.B.I. “wanted” poster wearing a blue suit and with a mop of sandy hair, is emerging as a central figure in fraught relations between the United States and Russia on cybersecurity issues.
Cascading Effect: One Attack Led to Another at Yahoo Friday, March 17, 2017 businessinsider.com In effect, hackers created a Yahoo skeleton key by fooling the service into thinking they had already signed into particular accounts, even if they didn't know their passwords. Web service providers typically use bits of data called cookies to let you stay signed into an account via a web browser. This is how you keep Gmail, for instance, open even if you close your browser and restart it. The hackers used malware and the scrambled passwords in the user database to manufacture fake cookies. To Yahoo, it then appeared that the hacker was the authorized user, who was already logged in without entering a password.
Two-Thirds of Enterprises Use Advanced Tech Without Securing Data: Report Thursday, March 16, 2017 thehill.com The report comes amid high concerns over cyberattacks in the public and private sectors, following massive data breaches at Yahoo and the federal government’s Office of Personnel Management. According to Thales’s research, nearly 90 percent of respondents reported feeling some degree of vulnerability to data threats.
2 Men Arrested, 100 Stolen Credit Reports Recovered Friday, March 17, 2017 koin.com They seized more than 100 stolen credit reports and applications taken from All Car Auto Sales in Gladstone. Detectives learned the files were stored in a bathroom at the car lot.
Unencrypted Drive With 7 Years of Patient Data Stolen From Denton Heart Group Friday, March 17, 2017 healthcareitnews.com The backup files contained a hoard of patient data from 2009 until 2016: names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.
Inside the Russian Hack of Yahoo: How They Did It Thursday, March 16, 2017 csoonline.com One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people...The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.
Personal Data Leak Affects 33 Million US Employees Thursday, March 16, 2017 darkreading.com Security researcher Hunt got the data from a reportedly reliable source, and it is believed that it may have been stolen from the unprotected database of a D&B customer. The information includes personal details such as email addresses and company information. Affected employees include those of the Department of Defense, US Postal Service, AT&T, FedEx, Citigroup and others.
Even Tech-Savvy Gmail Users Are Getting Fooled by This Phishing Scam Friday, March 17, 2017 komando.com This attack is very convincing. Gmail users are receiving emails from people in their contacts list who have already been hacked. The fraudulent email looks even more authentic because the scammer goes through the senders' messages to find a topic that you are probably familiar with.
Wishbone App Data Breach Affects Huge Number of Users Friday, March 17, 2017 slashgear.com According to the notification, the stolen data includes personal names, telephone numbers, usernames, and email addresses. Anyone who provided their birthday information for the account will also likely have had that data stolen, however the thieves did not acquire any account passwords or financial data.
Watch for Fake Tax Preparers Who Steal Your Identity and Run off With Your Cash Thursday, March 16, 2017 nbcnews.com These dishonest businesses "prey on unsuspecting taxpayers with outlandish promises of overly large refunds," the IRS said in a news release. Some also commit identity theft with the sensitive private information clients give them in order to prepare their return. "Choose your tax return preparer carefully because you entrust them with your private financial information that needs to be protected," IRS Commissioner John Koskinen said in a statement.
Justice Department Charging Russian Spies and Criminal Hackers in Yahoo Intrusion Wednesday, March 15, 2017 washingtonpost.com The Justice Department is set to announce Wednesday the indictments of two Russian spies and two criminal hackers in connection with the heist of 500 million Yahoo user accounts in 2014, marking the first U.S. criminal cyber charges ever against Russian government officials. The indictments target two members of the Russian intelligence agency FSB, and two hackers hired by the Russians. The charges include hacking, wire fraud, trade secret theft and economic espionage, according to officials, who spoke on the condition of anonymity because the charges have not yet been announced. The indictments are part of the largest hacking case brought by the United States.
More Than 120,000 Affected by W-2 Phishing Scams This Tax Season Wednesday, March 15, 2017 csoonline.com Tax season doesn't officially end in the United States until April 18. At last count, 110 organizations have reported successful Phishing attacks targeting W-2 records, placing more than 120,000 taxpayers at risk for identity fraud. Many of those working for the victimized firms have had a stressful time dealing with the fallout. Those who have experienced this unique type of crime say it's a nightmare. Some of those affected have had fraudulent returns filed under their name, in addition to issues with educational expenses. In one case, the scammers created flexible spending accounts with their stolen identities.
FTC Recommends Wider Implementation of DMARC to Combat Phishing Attacks Wednesday, March 15, 2017 huntonprivacyblog.com Fewer than 10 percent of the businesses evaluated, however, use Domain Message Authentication Reporting & Conformance (“DMARC”) – an email authentication technology which alerts the business about potential spoofing efforts and instructs ISPs to automatically reject unauthenticated messages that claim to be from the business’s email address. In its report, the FTC recommended “wider implementation” of DMARC, noting that using DMARC to reject unauthenticated messages would help businesses “further combat phishing by keeping these scam emails from ever showing up in consumers’ inboxes.”
Life Insurance Agents Convicted of Wire Fraud, Identity Theft Wednesday, March 15, 2017 mercurynews.com Prosecutors said personal information used to apply for the policies was collected through various means, including paying recruiters to find people to take medical exams and paying people to participate in a fictitious survey of a medical exam company. The trio opened hundreds of bank accounts to fund the premiums on the policies and typically paid the premiums for one to four months before letting the policies lapse, according to prosecutors. They also returned verification calls to the company purporting to be the applicants.
Credit Card Fraud in 130,000 Cases: Organized Crime Group Disrupted in Europe Wednesday, March 15, 2017 europol.europa.eu The Cypriot Police with the support of Europol, the US Secret Service and the Investigative Committee of the Republic of Belarus, have disrupted an organised criminal group that affected more than 130,000 payment card holders from 29 countries. Financial losses, including those for EU citizens, totalled EUR 8 million. Four members of the criminal organisation, including the leader, were identified and arrested during a police raid in Belarus.
Arlington PD Searching for ID Theft Victims After Big Bust Wednesday, March 15, 2017 dfw.cbslocal.com Police say they seized backpacks full of mail and documents and piles of credit cards and IDs — even medical records. But, victims may not know they’ve been compromised...During a traffic stop, police found five backpacks full of mail and documents: 50 credit cards, social security cards, medical records, drugs and a BB gun replica of a semi-automatic pistol.
Two Charged With Identity Theft in Pa. Investigation Wednesday, March 15, 2017 heraldmailmedia.com Chambersburg police have charged two more people with identity theft in connection with an ongoing investigation into Social Security cards used to obtain employment.
Jo's iPhone, Pat's Laptop: Why Giving a Device Your Name Is a Serious Privacy Risk Tuesday, March 14, 2017 zdnet.com Using your first and or last name to designate your phone might seem harmless. But combined with other information, that hostname can reveal a user's identity, where they work, and potentially their social networks. The warning comes in a new informational memo from the Internet Engineering Task Force (IETF), entitled 'Current Hostname Practice Considered Harmful', which homes in on internet protocols that leak device hostnames.
Cincinnati Eye Institute: Possible Data Breach Tuesday, March 14, 2017 wcpo.com Cincinnati Eye Institute has sent a letter to all 500 employees informing them that personal information including Social Security Numbers may have been compromised, and offering them free ID theft protection. The letter explains that "a number of employees" report their tax returns have been rejected by the IRS, because someone already filed taxes this year using their name and Social Security number. The only thing these people have in common, they say, is that they all work at CEI.
Banks Spending Three Times More on Cybersecurity Tuesday, March 14, 2017 itproportal.com Banks and other financial institutions spend three times the amount non-financial organisations are spending on cyber security, a new report by Kaspersky Lab has shown...Phishing seems to be the biggest security threat, with almost half (46 per cent) of banks saying their customers are being attacked on an everyday basis, and 70 per cent of banks reported financial fraud incidents that led to loss of money.
IRS Says Tax Identity Theft on the Downswing Tuesday, March 14, 2017 fox61.com The IRS says identity theft income tax return fraud plummeted in 2016, with a 46 percent drop in the number of victims, to 376,000. In addition, the agency says it also stopped one million fraudulent refunds from being issued last year with savings of almost $6.6 billion.
IRS Guides Taxpayers to Avoid Online Scammers Tuesday, March 14, 2017 darkreading.com The Internal Revenue Service (IRS) has called on taxpayers to be extra vigilant of scammers and guard against identity theft, especially during tax-paying time. To assist taxpayers, the IRS has included online security steps in its sixth release of Tax Time Guide, a series of 10 IRS tax tips.
Boeing Insider Data Breach Serves as Reminder for HR Tuesday, March 14, 2017 shrm.org He couldn't format a spreadsheet. So he sent it to his spouse for help, ultimately causing a breach that could have exposed the personal data of 36,000 Boeing employees in four states, according to a report by The Associated Press. This is a good reminder of why HR needs to ensure employees are trained on proper data security measures.
Couple Lost $5,000 in IRS Scam Tuesday, March 14, 2017 coshoctontribune.com Sheriff's deputies report a Warsaw couple was scammed out of $5,150 last week by a telephone caller who claimed they owed back taxes.
CyberEdge: Ransomware Affected 61% of Organizations Tuesday, March 14, 2017 softpedia.com CyberEdge Group released its latest Cyberthreat Defense Report and, following its surveys, said that a huge number of organizations were affected by ransomware last year. Of those affected, 54% managed to get their data back without paying the ransom, while another 33% chose to pay the ransom to recover their info. Another 13% refused to pay and lost the data as a consequence.
Listen to ‘Tech Support’ Scam Calls That Bilk Millions out of Victims Tuesday, March 14, 2017 wired.com The scam starts with a warning on your computer—a shamelessly fake one, often imitating a blue screen of death or a blinking malware alert. It informs you that your PC suffers from a smorgasboard of security problems, ranging from stolen credit cards to breached family photos to stalkers watching you through your webcam. And it offers a toll-free number for a “Microsoft” support line.
Phone Scam Pretending to Be Publisher's Clearinghouse Steals Thousands Tuesday, March 14, 2017 wpsdlocal6.com The Weakley County, Tennessee, Sheriff's Department says the victim of the scam was told they won a car and millions of dollars from Publisher's Clearinghouse. They were told they needed to pay taxes on the car by wiring it to the scammers via Western Union. Before they sent the money, the victim was convinced not to tell anyone about their supposed winnings as well.
US Military Leak Exposes "Holy Grail" of Security Clearance Files Monday, March 13, 2017 zdnet.com The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance...Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.
Hackers Steal Personal Data of Thousands of Hospital Staff Monday, March 13, 2017 zdnet.com Hackers have stolen information about thousands of NHS medical professionals by compromising the server of a private contractor. Cyberattackers infiltrated a data server operated by IT supplier Landauer, stealing a mix of names, dates of birth, radiation doses, and National Insurance numbers of staff who work with X-Rays.
Husband and Wife Charged With Identity Theft Monday, March 13, 2017 thetimes-tribune.com Ann Marie Comcowich, 47, worked as a “relationship management specialist” for Prudential Insurance Co. in Moosic. She used Social Security numbers and account numbers to funnel $84,161.53 from tax-deferred retirement plans into a bank account she shared with her husband, 52-year-old Kenneth Comcowich, Detective Renee Castellani charged in a complaint.
VCU Reports Breach of Medical Files Monday, March 13, 2017 richmond.com Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes...An investigation found that employees of some community physician groups and an employee of a contracted vendor accessed, without legitimate business reasons, information about services patients received at the VCU Health System. As a result of the incidents, the respective employers terminated those employees.
Phishing: Would You Fall for One of These Scam Emails? Monday, March 13, 2017 zdnet.com In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.
Home Depot Settles Data Breach Claims Friday, March 10, 2017 huntonprivacyblog.com Home Depot reached an agreement that includes the payment of $25 million and the implementation of new data security measures to resolve a class action brought by financial institutions impacted by the company’s 2014 data breach. The breach involved the theft of Home Depot customers’ personal information, including names, payment card numbers, expiration dates and security codes. Approximately 56 million payment card numbers were compromised. This information was sold to identity thieves, who used it to make fraudulent transactions. As a result, financial institutions were required to take steps such as cancelling the compromised cards and reimbursing customers for fraudulent charges.
Phishing Scam Catches NC Symphony Friday, March 10, 2017 newsobserver.com The North Carolina Symphony recently fell prey to an email “Phishing” scam – and it’s going to cost the organization nearly $60,000. According to a report filed with the North Carolina Attorney General’s office, the Feb. 7 leak involved the mistaken release of W-2 tax information for 262 people, including symphony musicians, staff and contract employees.
30 Accused in Queens Credit Card, Identity Theft Ring Friday, March 10, 2017 newyork.cbslocal.com The ring was responsible for stealing personal credit information from hundreds of consumers at a cost of more than $3.5 million in losses to individuals and financial institutions, prosecutors said...Seepersad allegedly accessed the financial records of potential buyers at car dealerships where he worked and gave them to the theft ring for a flat fee, prosecutors said. The theft ring then gave the stolen personal information to an “account activator” who took the information and prepared accounts to be taken over, prosecutors said.
Lawmakers Receive Lukewarm Assessment of Cyber Cooperation Between Feds, Private Sector Thursday, March 09, 2017 thehill.com Legislators received a lukewarm assessment of the federal government’s cooperation with the private sector on cybersecurity at a hearing on Thursday. Industry experts told a congressional panel with oversight of the Department of Homeland Security’s (DHS) cybersecurity and infrastructure protection efforts that the agency needs to share more information more quickly and robustly with private organizations to safeguard the nation against cyber threats.
Fake SEC Emails Target Execs for Inside Information Thursday, March 09, 2017 fortune.com Cyber scammers are using a new trick to get confidential corporate information: They are sending spoofed emails, purporting to be from the Security and Exchange Commission, and aiming them at lawyers, compliance managers, and other company officials who file documents with the SEC...The email attacks in question, known as "spear-phishing" are effective because they are addressed to specific people and appear to be from a legitimate source. In the case of the fake SEC emails, the targets included corporate officials with titles like SEC Reporting Manager and Senior Legal Specialist—the very people, in other words, responsible for securities filings, and who could expect to receive an email from the SEC.
Government Imposters Want to Get to Know You Friday, March 10, 2017 consumer.ftc.gov The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) and the FTC want you to know about a scam in which callers posing as federal employees are trying to get or verify personal information. This is a government imposter scam.
After CIA Leaks, Tech Giants Scramble to Patch Security Flaws Thursday, March 09, 2017 zdnet.com Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA's Center for Cyber Intelligence.
HHS' IT 'Strategic Plan' Spotlights Cybersecurity, Privacy Friday, March 10, 2017 healthcareinfosecurity.com The Department of Health and Human Services' four-year information technology strategic plan includes a risk-based approach focused on improving security and privacy protections of HHS data and systems, more effectively preventing and responding to emerging threats, and beefing up HHS' cybersecurity-related workforce.
Health Industry Plays Catch-Up on Cybersecurity Thursday, March 09, 2017 thehill.com All eyes are on an upcoming report from a Department of Health and Human Services (HHS) task force established under the Obama administration that will detail the industry’s cybersecurity shortfalls. “We have very few specific challenges to healthcare, but a lot of the smaller individual challenges that other sectors face, we have all of them,” Josh Corman, head of the Atlantic Council’s Cyber Statecraft Initiative and a member of the task force, told The Hill.
Internet-Connected 'Smart' Devices Are Dunces About Security Thursday, March 09, 2017 sfgate.com One problem: Many people don't realize they have to secure connected devices with passwords like they do with computers. "People don't think of a TV or a camera as a computer and that's all it is," said Gartner analyst Avivah Litan. If a device comes with a default password, it needs changing the moment you hook it up. Similarly, your Wi-Fi password shouldn't still be the one it came out of the box; it needs a hard-to-guess passphrase to ensure that it can't be easily hacked.
FBI Chief Calls for Private Sector to Help Battle Cybercrime Thursday, March 09, 2017 cio.com In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target's systems.
C.I.A. Scrambles to Contain Damage From WikiLeaks Documents Thursday, March 09, 2017 nytimes.com Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.
CAIF Raises Awareness of Medical Identity Theft Thursday, March 09, 2017 effinghamdailynews.com Coalition Against Insurance Fraud has advised that Identity Theft has spawned a vicious new crime: Medical Identity Theft...These scams include illegal and bogus treatment, the purchases of addictive drugs and the purchase of various medical devices and equipment such as oxygen tanks or wheelchairs. Additionally, the victims correct health history can be compromised by the actual scammer's medical file and treatments.
Madigan Finds Debt and Identity Theft to Be Reoccurring Complaints Thursday, March 09, 2017 chicago.cbslocal.com Consumer debt and identity theft continue to be the top sources of complaints to the Illinois attorney general...Madigan said the fact that her office has gotten these same complaints nine years in a row shows how some of the scams change, that people don’t know their rights and that she has more work to do.
Weekends Only Reports Credit Card Data Breach Thursday, March 09, 2017 ksdk.com The credit card information of Weekends Only online shoppers has been compromised, the furniture retailer has learned. The company says Aptos, the company that hosts its online payment platform experienced a data breach. That company is working with cyber security experts, the FBI and the U.S. Department of Justice in the investigation.
FBI Prepares for New Hunt for WikiLeaks’ Source Wednesday, March 08, 2017 washingtonpost.com The FBI has begun preparing for a major mole hunt to determine how anti-secrecy group WikiLeaks got an alleged arsenal of hacking tools the CIA has used to spy on espionage targets, according to people familiar with the matter. The leak rattled government and technology industry officials, who spent Tuesday scrambling to determine the accuracy and scope of the thousands of documents released by the group. They were also trying to assess the damage the revelations may cause, and what damage may come from future releases promised by WikiLeaks, these people said.
National Consumer Protection Week Wednesday, March 08, 2017 us-cert.gov March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.
National Consumer Protection Week: A Closer Look at Child Identity Theft Wednesday, March 08, 2017 lexch.com Child identity theft is one of the worst forms of identity theft because it often goes unchecked and unnoticed for years. A child’s Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. Why would ID thieves wish to assume a child’s identity? Because that child’s credit is a clean slate, which likely means available credit.
Lake Kennedy McCulloch (CPAs) Data Breach Wednesday, March 08, 2017 islandsweekly.com After a preliminary investigation, it was discovered that perpetrators had illegally hacked into the company’s system, and accessed 2015 tax return information for a number of individual tax clients. Using this information, staff believe the perpetrators fraudulently filed some 2016 returns to obtain tax refunds.
Pa. Appellate Court: Employer Owes No Duty of Care to Protect Employee Data Against Breach Wednesday, March 08, 2017 dataprotectionreport.com The court ruled that under state law, UPMC did not owe a duty of reasonable care to its employees in the collection and storage of employee data. In coming to this conclusion, the court acknowledged the practical realities facing large employers, highlighting the utility of electronic storage of employee data. The court also considered the social and financial costs of holding employers responsible for third-party criminal acts, especially “when there is no true way to prevent data breaches altogether.”
Verizon: Most Breaches Trace to Phishing, Social Engineering Wednesday, March 08, 2017 databreachtoday.com Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one of the hottest commodities on underground or dark web marketplaces are credentials, which attackers can use to log into enterprises and make it appear that they're legitimate users. "Because organizations don't have multifactor [authentication] rolled out, it makes it trivial to get in," says Chris Novak, director of global investigative response for Verizon, in a discussion about the company's latest Data Breach Digest, a companion report to the company's annual Data Breach Investigations report.
Identity Theft Hits Manufacturing Plant Wednesday, March 08, 2017 wnep.com Workers at an auto parts plant in Columbia County have had their personal information stolen and the crooks have already victimized some of the workers by using their names to file phony tax returns.
How to Recognize the Signs of Tax Identity Theft Wednesday, March 08, 2017 ksdk.com Tax filing season is upon us. Soon you will be filing your paperwork and perhaps receiving a nice check — unless thieves file a return in your name first and falsely claim your refund.
Do Not Return Calls or Texts From These Area Codes--It May Be a Scam Wednesday, March 08, 2017 inc.com A scam that seems to reappear periodically is back and helping criminals steal people's money. Protecting yourself is simple--if you know how the scam works. So, here is what you need to know to protect yourself from the three variants of the scam.
In Wake of Trump's Immigration Restrictions, Scam Artists Prey on the Undocumented Wednesday, March 08, 2017 pri.org From unscrupulous attorneys charging thousands of dollars for residency or work visas that never materialize to cheats bilking victims for documents freely available online and people passing themselves off as federal immigration agents, advocacy groups and officials say fraudsters are feasting on immigrant fears.
Realtors Caution of Final Notice Scam Wednesday, March 08, 2017 orlandosentinel.com Florida’s leading real estate industry group cautioned members against replying to a “Final Notice” bill from the Florida Board of Realtors. There is no Florida Board of Realtors. “It’s a scam,” said Florida Realtors chief executive Bill Martin. “And it’s not a simple scam. High-tech criminals put a great deal of work and planning into this.”
Obama’s Cyber Commissioners Nudge Trump on Cybersecurity Policy Wednesday, March 08, 2017 thehill.com Members of a commission established under former President Barack Obama to examine the federal government’s cybersecurity efforts are nudging the new Trump administration to move forward on its recommendations. Three members of the commission, including former Obama national security adviser Tom Donilon, on Monday reiterated their call for more cooperation between the public and private sector and more leadership in the White House to spearhead efforts on cybersecurity.
WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets Wednesday, March 08, 2017 wired.com Initial expert reactions are that the data seems legitimate and will create deep problems for the CIA on many fronts. The leak has the potential both to undermine the organization’s ability to carry out offensive intelligence gathering and to damage its international public perception. The leak exposes CIA capabilities and tools like unpatched iOS and Android vulnerabilities, strategies for compromising end-to-end encrypted chats (though not undermining the encryption itself), bugs in Windows, and even the ability to turn Samsung smart TVs into listening devices.
Ransomware Onslaught Continues: Old Foes, New Defenses Wednesday, March 08, 2017 databreachtoday.com Crypto-locking ransomware, which forcibly encrypts sensitive information on a system, then demands cryptocurrency for a promised decryption key, offers remote attackers a relatively low-cost, high-reward scheme, and they keep doubling down on related attacks. As the EU's law enforcement intelligence agency Europol noted in its Internet Organized Crime Assessment report last year, "cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data stealing malware and banking Trojans."
FTC: Young People Are Frequent Identity Theft Victims Tuesday, March 07, 2017 wgme.com Federal investigators say thieves are intentionally targeting young people because it can be years before the crime is detected...The Federal Trade Commission estimates that those between the ages of 20 and 29 are among the most frequent victims of identity theft, adding up to about 18 percent of all identity theft complaints.
Spammers Accidentally Expose Database of 1.4 Billion Addresses Tuesday, March 07, 2017 techspot.com Earlier this year, MacKeeper security researcher Chris Vickery stumbled upon what he described as a suspicious (yet publicly exposed) collection of files. To make a long story short, someone had forgotten to put a password on the repository and now, one of the world’s largest spam empires is crumbling.
Public School Board Investigates Data Breach Tuesday, March 07, 2017 windsorstar.com A security breach at the public school board leaked personal and banking information of employees on an internal computer network, before school officials were alerted by students who discovered the information on Monday.
WikiLeaks Says It Has Obtained Trove of CIA Hacking Tools Tuesday, March 07, 2017 washingtonpost.com The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA’s computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community’s most closely guarded cyber weapons. WikiLeaks touted its trove as exceeding in scale and significance the massive collection of National Security Agency documents exposed by former U.S. intelligence contractor Edward Snowden...The data release alarmed cybersecurity experts.
WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents Tuesday, March 07, 2017 nytimes.com In scale, the Vault 7 archive appears to fall into the same category as the biggest leaks of classified information in recent years, including the quarter-million diplomatic cables taken by Chelsea Manning, the former Army intelligence analyst, and given to WikiLeaks in 2010, and the hundreds of thousands of documents taken from the National Security Agency by Edward J. Snowden and given to journalists in 2013.
Payments Giant Verifone Investigating Breach Tuesday, March 07, 2017 krebsonsecurity.com Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.
University of Minnesota Law Grad Admits Guilt in Porn-Troll Scheme Tuesday, March 07, 2017 startribune.com John L. Steele, a University of Minnesota Law School graduate who once bragged to a reporter that he and a colleague earned millions of dollars by suing hundreds of people for illegally downloading pornography, admitted Monday in a Minneapolis federal courtroom that it was a scam.
Dark Web Scheme Lets Wannabe Cybercriminals Get in on Ransomware - for Free Tuesday, March 07, 2017 zdnet.com A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50. Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.
Filing a Consumer Complaint Tuesday, March 07, 2017 usa.gov Find out what steps to take and who you should contact if you need to file a complaint against a company.
Why Awareness Needs to Teach Scam Detection and Reaction Tuesday, March 07, 2017 csoonline.com Does your awareness program provide specific examples of what to avoid, or does it provide blanket guidance for how to behave. In this case, while it wasn’t the predefined scam, what I experienced had the same effect. Does your phishing training teach people how to recognize the simulated phishing messages, or phishing messages in general? Does your social engineering program teach people to recognize specific scams, or all general scams? You need to be very sure you’re teaching people the right things.
Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security Tuesday, March 07, 2017 consumerreports.org We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions.
As Many as 7.5 Million Voter Records Involved in Georgia Data Breach Monday, March 06, 2017 myajc.com Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach. As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record.
Consumer Reports to Test Products for Privacy, Data Security Monday, March 06, 2017 thehill.com Consumer Reports is going to begin evaluating products for privacy and data security, the U.S. nonprofit product review group said on Monday. Consumer Reports has partnered with cybersecurity experts to develop an industry standard for testing devices for security and consumer data protection, an initial version of which is posted online to solicit feedback. “We’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy — and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps,” the organization said in a blog post on its website.
16 People Linked to Frisco Hospice Indicted in Alleged $60 Million Fraud Monday, March 06, 2017 nbcdfw.com The owner of a Frisco hospice and 15 others including doctors and nurses were indicted Tuesday after an FBI investigation uncovered an alleged $60 million health care fraud scheme. The FBI raided the company's offices in September 2015 and in a search warrant accused Harris of telling nurses to deliberately overdose some patients with morphine or other drugs in order to maximize profits. "You need to make this patient go bye-bye," Novus told one of the nurses, according to the search warrant.
Imposter Scams Bypass Identity Theft for First Time Monday, March 06, 2017 pymnts.com Last year imposter scams bypassed identity theft for the first time as the second largest category of consumer complaints, according to the Federal Trade Commission’s Consumer Sentinel Network in 2016.
New York’s Cybersecurity Rules: What Insurance Professionals Should Know Monday, March 06, 2017 insurancejournal.com The cyber rules require insurance and insurance-related companies as well as brokers, agents and adjusters licensed in New York to assess their specific cyber risk profiles and design cybersecurity programs that address such risk in a “robust fashion.”
Former Social Security Worker Indicted on Identity Theft Charges Monday, March 06, 2017 nydailynews.com An ex-Social Security Administration worker was indicted by a Brooklyn federal grand jury for swiping social security numbers and birthdates, authorities said Friday. Sharon Coffee-Dean, of Queens, is charged with stealing the information of 41 people and selling them to individuals who filed fraudulent tax returns.
Lawmakers Fear Us Has Fallen Behind in Cyber Warfare Monday, March 06, 2017 thehill.com Lawmakers in both chambers of Congress are confronting hard truths about the U.S. military’s cyber vulnerabilities and lack of a comprehensive strategy to deter and respond to cyberattacks. Members of Congress worry that adversaries could potentially breach the defense industry supply chain or exploit the military’s dependence on computers and high-tech systems for operations, fears that were confirmed by testimony from experts and former officials this week.
In Defense of Assuming Another’s Identity Monday, March 06, 2017 networkworld.com My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health. As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner. Lie to them.
Glastonbury Schools Phishing Scandals Impacts 1,600 Workers Saturday, March 04, 2017 nbcconnecticut.com A phishing scandal has hit another Connecticut school district. Glastonbury school's superintendent said the district became victim of the W-2 phishing scam that has impacted other districts in the country and Groton. Superintendent Alan B. Bookman said that 2016 employee W-2 tax form information was compromised for 1,600 workers. "With the exception of Food Service personnel, any Glastonbury Public Schools employee who was issued a W-2 for the 2016 tax year could be affected," a letter sent out to Glastonbury Public School employees said. Groton Public Schools reported a similar incident on Thursday.
Cancer-Stricken 5-Year-Old's Photo Used in Charity Scam, Family Claims Saturday, March 04, 2017 cnn.com It's hard enough to have a 5-year-old son battling brain cancer. But when Kelly Incandela learned that a woman apparently was going around Brooklyn in New York City fraudulently asking for donations for a funeral for her son, sadness quickly morphed into something else.
The Golden Age of Email Hacks Is Only Getting Started Saturday, March 04, 2017 wired.com As Governor of Indiana, Mike Pence conducted state business using his personal email account. An AOL account. So of course someone hacked it. With a phishing scam...Let’s start with the obvious: Personal email has no place in government business. Legally speaking, all state and federal employees must maintain a record of their communications. Transparency demands it. A government email account provides a digital paper trail, and something the public, or journalists, can demand access to. Personal accounts do not, because you may not even know they exist. Equally important, they don’t offer the security of a .gov account. From a basic security perspective, no one earning a government paycheck should use Yahoo, or Gmail, or AOL, or anything else because, honestly. Despite this, public officials continue using personal email. So do you. So do I, switching back and forth between work Outlook and personal Gmail. We all do it, for the same fundamental inalienable reason: We find it so much easier. That’s doubly true for people toiling away in tightly controlled environments, where draconian restrictions on access and attachments can make logging onto work emails literally more trouble than it’s worth.
FAFSA and Student Loan Identity Theft Saturday, March 04, 2017 idtheftcenter.org Too many young people discover their identities have been stolen when they apply for student loans or financial aid.
U.S. Marshals Warn Against Dual Phone Scams Saturday, March 04, 2017 networkworld.com The U.S Marshals are warning the public not to respond to two recent scams involving people fraudulently posing as Marshals making calls across the country.
German Researchers Find Flaws in Nine Major Password Managers Saturday, March 04, 2017 scmagazine.com A group of security researchers called TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities.
FTC Releases Annual Summary of Consumer Complaints Friday, March 03, 2017 ftc.gov Imposter scam complaints surpassed identity theft for the first time as the second most common category of consumer complaints received by the Federal Trade Commission’s Consumer Sentinel Network in 2016, according to the agency’s new Data Book...The rise in impostor scam reports is due to an increase in complaints about government imposters. Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician to convince a consumer to send money. Imposter scams also topped the list of complaints from military consumers followed by identity theft complaints.
Nickelback Drummer is Victim of Identity Theft Friday, March 03, 2017 radio.com Someone tried to impersonate the drummer from Nickelback, Daniel Adair, to the tune of $25,000. A Florida man, Howard Koenig, tried to purchase musical equipment using Daniel Adair’s name and credit card, reports the TCPalm.
19 Indicted in International Fraud and Money Laundering Schemes Friday, March 03, 2017 fbi.gov Federal indictments unsealed today in Washington, D.C., charged 19 people in the U.S. and abroad with participating in various international fraud and money laundering conspiracies that resulted in the theft of more than $13 million from more than 170 victims, primarily in the U.S...The investigation began in 2011, when the Bureau’s Washington Field Office received information about abandoned property in a hotel room in Washington, D.C. From that, the FBI was able to link the recovered evidence to a transnational organized crime operation involving an online vehicle fraud scheme...The investigation into the online vehicle fraud scheme led to the realization that some of the criminals involved in that scheme had branched out to much more lucrative activity—a BEC scheme that resulted in losses of more than $10 million from victim companies.
America Has a 'Cybersecurity Crisis': Symantec CEO Friday, March 03, 2017 cnbc.com Do you feel safe browsing online? Have you ever been a victim of credit card fraud? Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec Chief Executive Greg Clack told CNBC on Thursday. "I think that's a very big crisis."
Yahoo’s Top Lawyer Resigns and C.E.O. Marissa Mayer Loses Bonus in Wake of Hack Friday, March 03, 2017 nytimes.com Yahoo’s top lawyer, Ronald S. Bell, resigned Wednesday, and its chief executive, Marissa Mayer, lost her 2016 bonus after a board investigation of the 2014 theft of information on more than 500 million user accounts. Senior executives, company lawyers and information security staff were aware of the hack in 2014 and also knew about subsequent attempts to break into the affected accounts in 2015 and 2016, but failed to “properly comprehend or investigate” the situation, the company’s board of directors said in a securities filing on Wednesday.
iPhone Robbers Try to iPhish Victims Friday, March 03, 2017 krebsonsecurity.com In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone — offering to buy back the locked device — he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple’s site.
One Million Coachella User Accounts Found for Sale on the Dark Web Friday, March 03, 2017 tripwire.com Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace. According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords. The data trader, who identifies as ‘Berkut,’ wrote on the Tochka marketplace listing: “Coachella complete database dump from this month.”
Yahoo Punishes CEO in Latest Fallout From Security Breakdown Thursday, March 02, 2017 washingtonpost.com Yahoo is punishing CEO Marissa Mayer and jettisoning its top lawyer for the mishandling of two security breaches that exposed the personal information of more than 1 billion users and already have cost the company $350 million. Mayer won’t be paid her annual bonus nor receive a potentially lucrative stock award because a Yahoo investigation concluded her management team reacted too slowly to one breach discovered in 2014. Yahoo’s general counsel, Ronald Bell, resigned without severance pay for his department’s lackadaisical response to the security lapses.
Ransomware for Dummies: Anyone Can Do It Thursday, March 02, 2017 krebsonsecurity.com Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.
Another 32 Million Yahoo Accounts Breached Thursday, March 02, 2017 pcmag.com Last month, Yahoo started notifying people that it had discovered yet another account breach had occurred. Apparently a forged cookie attack had been used to access a new set of accounts over the past two years. At the time, it wasn't known how many accounts had been accessed, but now we know and it's in the millions again.
That Cool Robot May Be a Security Risk Thursday, March 02, 2017 nytimes.com Significant security flaws were found in an examination of six home and industrial robots, according to a report to be released Wednesday by IOActive, a computer security consulting firm with headquarters in Seattle. The report notes that only four of the six companies responded to the firm’s alert, and only two said they planned to make patches after being informed of the problems. The researchers, who described the categories of vulnerabilities they had discovered in the report but not the specific flaws, said their research was simply an early reconnaissance of the field. “It’s important to note that our testing was not even a deep, extensive security audit, as that would have taken a much larger investment of time and resources,” the authors wrote. “The goal for this work was to gain a high-level sense of how insecure today’s robots are, which we accomplished.”
Who Should Be on an Insider Risk Team? Thursday, March 02, 2017 csoonline.com Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in — group of employees from various departments who have created policies that create a system to notice if those confidential items have left the building.
As EMV Chips Make In-Store Fraud Harder, Fraudsters Move Online Thursday, March 02, 2017 forbes.com The EMV chips on American credit and debit cards aren’t just annoying consumers who find themselves waiting for 20 to 30 seconds at checkout. They are also inconveniencing fraudsters who are taking more business to online merchants.
Business E-Mail Compromise Thursday, March 02, 2017 fbi.gov At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.
Best Practices for Lowering Ransomware Risk Thursday, March 02, 2017 darkreading.com The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
Report: 85% of Ransomware Victims Get Taken Offline for a Week or More Wednesday, March 01, 2017 tripwire.com New research reveals that the majority of ransomware victims (85 percent) had their systems taken offline for at least a week, costing businesses thousands in financial damage each day. Despite the risk of data loss and financial damages, the report produced by Timico and Datto found that organizations still lack awareness and readiness when it comes to responding to ransomware attacks...Well over half of respondents said their data systems went from fully functional to essentially useless within seconds and minutes, the report noted.
New York’s Cyber Security Regulations Aren’t Perfect, but Other States Should Pay Attention to Them Wednesday, March 01, 2017 recode.net These planned regulations are pretty groundbreaking; they’re first of their kind in the nation. Going into place on March 1, they’re coming at a time when organizations are finally starting to wake up to the realities of cyber vulnerability. Breaches, both high-profile and under the radar, are an almost daily occurrence, and public and private organizations alike have started to take concrete steps toward safeguarding their systems. New York is the first state to take this bold step, but it’s only a matter of time before other states follow suit. And yet, while we’re seeing the financial sector as the first to be regulated in this way, it’s important for us not to forget that cyberattacks are a huge threat to all industries that needs to be addressed — quickly.
Legislators Grapple With Cyberwar Rules Wednesday, March 01, 2017 thehill.com Members of Congress are grappling with the new era of cyber warfare as the government works to define what acts in cyberspace should warrant a military response. The Trump administration is required by law to spell out, within a year, what behaviors in cyberspace may constitute acts of war against the United States.
FBI Warns of Identity Theft After Independence Missouri School District Employees Fall Victim Wednesday, March 01, 2017 fox4kc.com Police are taking reports from educators and other school district employees who say their personal information has been stolen as part of a phishing scam. Police said the data breach happened last month, but wasn't recognized until recently...Independence police said at least 15 school district employees have filed criminal complaints, claiming that their personal information has been used to file fraudulent tax returns.
Redmond Oregon Data Breach Affects 1,000 School District Employees Wednesday, March 01, 2017 opb.org A recent data breach in the Redmond School District has affected more than 1,000 current and former district employees. The breach occurred when an employee sent W-2 tax forms for all district workers to an email hacker impersonating the superintendent. W-2s contain names, addresses, Social Security numbers and other sensitive information.
Don’t Click That Link! A Sneaky New Postal Scam Is Making the Rounds Wednesday, March 01, 2017 idtheftcenter.org The sender claimed to be the US Postal Service, and the email address even looked legitimate. You would have had to know that it isn’t a real in-house email address to spot that one. But the very first clue was in the subject line, which included a “parcel number.” The USPS uses tracking numbers, not parcel numbers, and a search for the term “parcel number” on the USPS website turned up zero results.
'Massive’ Arby’s Data Breach Put Customers at Risk, Lawsuits Allege Wednesday, March 01, 2017 ajc.com Arby’s Restaurant Group is facing several class-action lawsuits in U.S. District Court in Atlanta over a reported data breach that allegedly put customers’ financial security at risk. The fast food chain has acknowledged a breach perpetrated by hackers using “malware” at its corporate locations across the country from Oct. 25 to Jan. 19, according to the suits.
Vanderbilt UMC Notifies 3,000+ Patients of Data Breach Wednesday, March 01, 2017 beckershospitalreview.com Nashville, Tenn.-based Vanderbilt University Medical Center is notifying 3,247 patients that their medical information was accessed by unauthorized individuals...Between May 2015 and December 2016, two VUMC patient transporters accessed information from VUMC patients' electronic medical records, including names, birthdates, medical record identification numbers and some Social Security numbers.
Identity Theft Scam Hits Berkeley Medical Center Tuesday, February 28, 2017 healthdatamanagement.com WVU Medicine University Healthcare in West Virginia has confirmed 113 patients to date as victims of identity theft and is offering one year of identity monitoring services to a total of 7,445 patients after an employee at Berkeley Medical Center was found to be removing patient information from the premises. While investigating other instances of identity theft, the FBI and local law enforcement linked the hospital to the scam and notified officials of a potential breach on January 17, 2017, according to a WVU spokesperson.
Jewelry Store Owner Sentenced in Identity Theft Case That Targeted Marines Tuesday, February 28, 2017 sandiegouniontribune.com According to the prosecutor, Abalkhad and his employees — Carlos Omar Torres and Nellie Cha Noland — targeted young Marines from Camp Pendleton and “tricked” them into signing paperwork, which was then used to apply for credit on their behalf. To make the credit sales go though, they found a Marine who worked in the disbursement office of the MyPay military payroll system at Camp Pendleton and paid him to reset the victims’ PINs. The money could then be automatically withdrawn from the Marines’ accounts.
Research Shows Spike in Online Fraud Tuesday, February 28, 2017 thehill.com Cyber criminals are using more complex methods to commit fraud by targeting online financial services and e-commerce websites, according to new research. ThreatMetrix, a California-based company that analyzes and blocks cybercrime attacks in real-time, said it detected 122 million fraud attempts worldwide in the final three months of 2016, representing a 35 percent spike over the previous year. Attackers are using increasingly sophisticated device-spoofing tools, malware and bots to make fraudulent transactions — in some cases employing a combination of “multiple vectors” that makes them harder to detect.
A Major Security Flaw Means You Have to Change Your Passwords Again Tuesday, February 28, 2017 washingtonpost.com The security firm Cloudflare disclosed late Thursday that a long-running bug in its security systems may have leaked information, including potentially personal information, from thousands of sites including Uber, Fitbit and OKCupid. The problem was first uncovered by Google security expert Tavis Ormandy, who let Cloudflare know about the issue on Feb. 18. But the service had been leaking information for months in a way that allowed search engines to pick it up, according to Cloudflare. The issue is only known to have affected a small portion of the 5.5 million sites that Cloudflare services. Cloudfare did not release a comprehensive list of affected sites, though researchers have been trying to compile them. However, there may be some companies listed as leaking information that were not. For example, password manager 1Password told its users that none of their data were put at risk. Because there's so little information about the sites and Cloudflare services are widely used, it's a good idea to change your passwords on any site, in a “better safe than sorry” sort of way.
The Next Wave for Cybersecurity Awareness Tuesday, February 28, 2017 tripwire.com This year, I think we have reached an inflection point around the way we as a profession treat the “human element,” as RSA calls its track of sessions dealing specifically with human interaction with cybersecurity. For the “human element” crowd, of which I am a part, this is the year one battle was won: everyone accepted the importance of equipping employees to protect information. But I think when we look back, it will also be the year when we see the emergence of a new era of awareness programs, as the first wave of efforts to address the human element becomes old school and the more progressive organizations (who are growing weary of the old ways of educating employees) start to develop and deploy holistic ways to ensure their employees are following security best practices.
American Senior Communities Says 17,000 Employees Impacted by W-2 Scam Tuesday, February 28, 2017 hipaajournal.com American Senior Communities, a nursing home chain based in central Indiana, has announced that one of its employees responded to a W-2 phishing email and sent the tax information of more than 17,000 employees to tax fraudsters. There have now been more than 70 organizations that have responded to W-2 Form phishing emails so far this year according to Databreaches.net, although the latest addition to the list is the largest confirmed breach of employee information to have occurred this year.
New York Intros New Cyber Security Rules for Financial Companies Tuesday, February 28, 2017 http://www.esecurityplanet.com/network-security/new-york-intros-new-cyber-security-rules-for-financial-companies.html The regulation requires companies to examine security at third party vendors, and to maintain a cyber security program that's adequately funded and staffed, overseen by qualified management, and reported on periodically to the organization's most senior governing body.
The Devastating Impact of Healthcare Data Breaches Tuesday, February 28, 2017 helpnetsecurity.com One in four U.S. consumers have had their personal medical information stolen from technology systems, according to Accenture. The findings show that half of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.
Carders Capitalize on Cloudflare Problems, Claim 150 Million Logins for Sale Monday, February 27, 2017 Steve Ragan / csoonline.com A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix and Uber. The source of this data collection are the accounts exposed due to a recent problem on Cloudflare's infrastructure. CloudBleed is the name given to a flaw created by a faulty HTML parser chain that's responsible for dumping sensitive information from a number of Cloudflare customers across the web. The flaw was accidentally discovered last week by Google researcher Tavis Ormandy. The incident impacted several large brands, including Uber, OKCupid, and Fitbit.
Governors Put Spotlight on Cybersecurity Monday, February 27, 2017 Morgan Chalfant / thehill.com Governors from states across the country put the spotlight on cybersecurity at an annual gathering in Washington on Saturday. Virginia Gov. Terry McAuliffe (D) hosted a session at the National Governors Association winter meeting to discuss the “serious cybersecurity issues” facing the nation and how states need to improve their defenses against cyber threats. “Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year. “We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”
Scam Artist Sentenced to Prison for Telemarketing Fraud and Obstruction of Justice Monday, February 27, 2017 secretservice.gov Waddell incorporated, operated and controlled a variety of companies that purported to engage in the sale of precious metals. With the help of others who he met at a Tampa-area strip club, Waddell posted advertisements on the Internet that offered to sell gold and silver at deeply discounted prices. After potential customers contacted Waddell by phone or text message, Waddell then lied about the availability of the metals and falsely promised quick delivery. Relying on Waddell’s misrepresentations, his victims wired money into bank accounts Waddell controlled. Waddell used those funds to gamble at casinos and never made many of the shipments he had promised.
Laptop Stolen; Hanks Students at Risk of ID Theft Monday, February 27, 2017 Lindsey Anderson / elpasotimes.com Confidential information belonging to Hanks High School students might have been compromised after a laptop containing transcripts of every student at the school was stolen. A Hanks counselor downloaded and saved transcripts of all 1,700 students onto a personal laptop as part of her job, but the laptop and other items were stolen from her home on Feb. 18. Transcripts contain students' birth dates, Social Security numbers, home addresses and parents' or guardians' names.
Washington State to Begin Issuing New Driver Licenses Aimed at Deterring ID Theft Monday, February 27, 2017 myedmondsnews.com “This new card system has incredible security features in it that will really decrease the amount of counterfeit cards that exist in the world,” said Pat Kohler, director of the state’s Department of Licensing. Those security features include fine-line printing and ultraviolet ink.
Ongoing Fraud, Identity Theft Investigation Nets New Arrest Monday, February 27, 2017 Adam Curtis / svherald.com As part of the same investigation, detectives arrested 24-year-old Shannon Huston and 18-year-old Deanna Russell in December. They are currently facing charges tied to forging and cashing stolen bank checks taken from residential mailboxes in Sierra Vista.
Victorville Deputies Arrest Three in Connection With Identity Theft Ring Monday, February 27, 2017 John M. Blodgett / sbsun.com “The ring was using a Phelan business, Jr’s Tire Shop, to obtain credit card information from customers,” the news release states. “The criminals were able to obtain bank account information and create credit cards which they used to purchase goods and other pay-as-you-go type cards.”
Rapper Brisco Pleads Guilty to Fake Cash, Identity Theft and Fraud Charges Monday, February 27, 2017 Paula McMahon / sun-sentinel.com Mitchell and three friends were accused of being part of an identity theft and credit card fraud ring that used deception to buy items at local home-improvement stores, investigators said...The purchased items, including stoves and refrigerators, were then sold to contractors at reduced prices...he called some of the credit card companies to complain when fraudulent transactions were rejected and also called to check the balances on some cards.
5 Ways to Spot a Phishing Email Thursday, February 23, 2017 csoonline.com Think you're clever enough to recognize a phishing attempt? Think again. Cybercriminals are getting smarter and their phishing skills are getting better, but we've put together this list of clues to help you avoid a costly error.
Florida Man Accused of Clinton Foundation Hack to Plead Guilty Thursday, February 23, 2017 reuters.com A Florida man accused of trying to hack the Clinton Foundation in 2015 is expected to plead guilty on Thursday, months after he was sentenced in a related case to 42 years in prison over child pornography discovered on his computers during the probe.
Three Years in Prison for Selling Forged Driver’s Licenses, Posing as DMV Employee Thursday, February 23, 2017 denverpost.com The Colorado Bureau of Investigation says Hopkins would provide fraudulent driver’s licenses to people who had lost theirs because of a legal matter or who otherwise didn’t qualify for a license. Hopkins would allegedly impersonate a Colorado Division of Motor Vehicles employee while meeting with people and provide them with counterfeit temporary licenses in exchange for money, according to CBI.
Healthcare Data Breaches ‘Mostly Caused by Insiders’ Thursday, February 23, 2017 nakedsecurity.sophos.com Targeting healthcare organizations remains about as easy as shooting fish in a barrel. The industry has one of the lowest rates of data encryption and the security culture is severely lacking. Employee education remains poor, leading to a lot of costly mistakes in how patient data is handled. Naked Security has written about the problem at length, and Sophos has done polling that makes the issues described above all too clear. The latest evidence comes in the form of two reports: one from Big Data analytics firm Protenus, the other from IBM Managed Security Services.
Scammers Are Posing as ICE Agents to Rip off People Afraid of Deportation Thursday, February 23, 2017 businessinsider.com Con artists and scammers have apparently seized on the recent, high-profile deportations of immigrants in the US in order to rip off people afraid of being detained and removed from the country. New York Attorney General Eric Schneiderman issued an urgent fraud alert warning immigrant communities in the state about reports of fraudsters impersonating Immigration and Customs Enforcement agents to intimidate immigrants and demand money.
Email Scam Tricking Drivers! Malware Hiding Behind Traffic Violation Threats Thursday, February 23, 2017 komando.com There is no limit to the depths cybercriminals will sink to rip us off. They use skimmers to steal credit and debit card data and ransomware to lock up our gadgets or encrypt sensitive files so they can charge us a fee to access our own information. Just ruthless! Now, some shady criminals behind a phishing scam are pretending to be the police in hopes of reeling in more victims.
Stolen Health Record Databases Sell for $500,000 in the Deep Web Wednesday, February 22, 2017 darkreading.com Medical insurance identification, medical profiles, and even complete electronic health record (EHR) databases have attracted the eyes of enterprising black hats, who increasingly see EHR-related documents as some of the hottest commodities peddled in the criminal underground. A new report today shows that complete EHR databases can fetch as much as $500,000 on the Deep Web, and attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.
More Than 4 Billion Data Records Were Stolen Globally in 2016 Wednesday, February 22, 2017 nbcnews.com Cybercriminals are stealing data at an alarming rate. Both the number of breaches and the number of files stolen globally in these hacks rose dramatically to set a new record in 2016, according to a new report from Risk Based Security. The 4,149 confirmed breaches exposed more than 4.2 billion records. That's approximately 3.2 billion more records than were exposed in 2013, the previous all-time high.
Here’s Where Scammers Are Grabbing Your Tax Data Wednesday, February 22, 2017 cnbc.com To some extent, taxpayers make it easy for hackers to snatch up their private information. More than half of the participants in CyberScout's survey were unsure whether their tax preparer used two-factor authentication to access relevant documents. Thirteen percent said the service they use to file doesn't require this extra security measure at all.
We Talked to Windows Tech Support Scammers - You Shouldn't Wednesday, February 22, 2017 zdnet.com We wanted to see how these scammers operate and the tactics they used, so we can offer some advice to potential victims. There's a saying in journalism. "Don't feed the trolls." In other words, don't engage with someone you know to be malicious. But we thought this would be a reasonable exception. And so we went back to call the number on the website to see exactly what they wanted.
Today’s Ransomware Could Become Tomorrow’s Security Nightmare Wednesday, February 22, 2017 gcn.com The unfortunate reality is that any weak link breached by ransom-seeking hackers can also be exploited by bad actors with more malicious goals. Today’s ransomware scam could become tomorrow’s full-blown security nightmare.
OCR Settlement Emphasizes Importance of Audit Controls Wednesday, February 22, 2017 huntonprivacyblog.com Memorial Healthcare System submitted a breach report to OCR indicating that it had suffered a breach involving impermissible access to PHI by employees. Memorial supplemented that report three months later, indicating that it had discovered additional impermissible access that resulted in a total of 115,000 affected patients. The PHI involved consisted of patients’ names, dates of birth and Social Security numbers. OCR investigated Memorial and found that the entity had committed several HIPAA violations by (1) impermissibly disclosing PHI in violation of the Privacy Rule, (2) failing to implement procedures to regularly review records of information system activity such as audit logs and (3) failing to implement policies and procedures to review and modify users’ access to PHI.
Woman Files Federal Lawsuit Over Wrong-Number Robo-Calls Wednesday, February 22, 2017 denverpost.com Trudy Newell wasn’t messing around when she gave fair warning to stop calling. So when the Arvada woman called the law office of Maury Cobb, of Birmingham, Ala., and told his representatives she would sue if the barrage of robo-calls intended for someone else didn’t stop, she meant it. She kept that promise, hired a New Jersey lawyer and filed a lawsuit Monday in U.S. District Court in Denver.
Wells Fargo Fires Four Executives Amid Probe Into Account Scandal Wednesday, February 22, 2017 reuters.com Wells Fargo & Co has fired four mid-level executives and stripped them of bonuses and stock awards as a result of an investigation into improper sales practices in its retail bank, the company announced on Tuesday. The board of directors voted unanimously to fire them for cause as part of its investigation into employees opening as many as 2 million deposit and credit card accounts without customers' permission. Since the scandal and paying a $185 million fine to the U.S. government, the third-largest U.S. bank by deposits has been trying to show it is holding management accountable. The scandal led to the departure of former Chairman and Chief Executive Officer John Stumpf last October, who along with another executive forfeited tens of millions of dollars in compensation.
Wells Fargo’s New Account Openings Down 30% After Fake Account Fiasco Wednesday, February 22, 2017 consumerist.com Despite overhauling its teller pay system and ditching a high-pressure sales goal incentive program, Wells Fargo continues to face the consequences of its fake account fiasco perpetrated by employees who opened more than two million unauthorized accounts, as customers continue to avoid opening new accounts and credit cards with the banking biggie. The number of customers opening new checking accounts was down 31% in the last month compared to the same time last year, the company said in its January retail banking customer activity report released today.
Defense Chief Asks for Plan on Cyber Reform Wednesday, February 22, 2017 thehill.com “Develop an initial plan … for more optimized organizational structure and processes to support information management and cyber operations, considering the impact of the provisions in the NDAA for 2017 concerning the establishment of U.S. Cyber Command, and other relevant laws,” Mattis wrote in the memo, which was highlighted by the Pentagon on Tuesday. Congress aimed to strengthen cybersecurity with the defense legislation by elevating the U.S. Cyber Command — previously under the authority of the U.S. Strategic Command — to a unified command. It also put a hold on separating the dual-hat authority over the Cyber Command and National Security Agency, pending an assessment by the Pentagon.
Cyberattacks a Top Concern of Businesses Worldwide, Survey Finds Wednesday, February 22, 2017 thehill.com Nearly nine in 10 businesses worldwide are worried about the threat of cyberattacks, according to a new survey. Cyberattacks, followed by data breaches and unplanned IT and telecom outages are the leading causes of concern regarding operations among businesses globally, according to a study from the Business Continuity Institute and British Standards Institute.
Reworked N.Y. Cybersecurity Regulation Takes Effect in March Wednesday, February 22, 2017 databreachtoday.com New York's controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.
FTC Obtains Court Order Against Fake Prize Scheme Defendant Wednesday, February 22, 2017 ftc.gov One of the defendants in a fake prize scheme has agreed to settle Federal Trade Commission charges that he provided services for a direct mail scheme that tricked people into thinking they had won $1 million or more if they paid $25 to collect the fake prize. But those who paid received nothing. The operation targeted hundreds of thousands of mostly elderly consumers.
HIPAA Compliance Audits: The Very Latest Details Wednesday, February 22, 2017 healthcareinfosecurity.com Plans to launch some onsite HIPAA compliance audits are now on hold while the agency that enforces HIPAA completes more than 200 desk audit reports, says Deven McGraw, deputy director of the Department of Health and Human Services' Office for Civil Rights.
Medical Identity Theft: Problems and Prevention Tuesday, February 21, 2017 healthcareitnews.com Protected health information (PHI) is highly valuable on the black market because it can be used to obtain pharmaceuticals, commit insurance fraud or obtain medical care through channels such as Medicaid and Medicare. In fact, according to the FBI, stolen health information currently fetches $60-$70 on the black market, while a Social Security number goes for less than $1.
Identity Theft Through Social Media: 8 Ways to Protect Yourself Tuesday, February 21, 2017 huffingtonpost.com Social media sites like Facebook, Instagram, and Twitter are perfect for staying in touch with old friends, discussing contemporary issues with colleagues, sharing photos of your family, and more. However, not every aspect of social media is a positive one. With all of our sharing of information online comes real dangers to our personal and financial security one of which is identity theft.
Identity Theft Remains on ‘Dirty Dozen’ List of Tax Scams Tuesday, February 21, 2017 walkermn.com The Internal Revenue Service has issued a filing season alert warning taxpayers and tax professionals to watch out for identity theft at tax time and highlighted the crime as a top scam in the agency’s “Dirty Dozen” series.
Former Nursing Home Administrator Charged With Identity Theft Tuesday, February 21, 2017 stamfordadvocate.com A former employee of a senior living facility has been accused of using the identities of patients — including one who died — to make thousands of dollars worth of credit card charges, police said.
How Fraud Victims 'Punish' Their Banks Tuesday, February 21, 2017 bankinfosecurity.com A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty. The stock price of a financial institution often takes a hit after a data breach. But it wasn't known to what extent customers may take action after an information security lapse, writes Rahul Telang, a professor of information systems and management, and Sriram Somachi, a Ph.D. candidate in information systems and public policy.
Global Connect Technical Support Scam, Part 2 Tuesday, February 21, 2017 consumer.ftc.gov Last fall, the FTC shut down an operation called Global Connect, which sent deceptive pop-up messages to people’s computers. The pop-ups claimed the computers had problems when they really didn’t, and the operators scared thousands of people into paying hundreds of dollars each for tech support services they didn’t need. We recently learned that some of these same people are getting called again. The callers claim to be working with the company the FTC shut down, sometimes using the name “Global Connect.” People report that the caller asks for remote access to their computer, either to reestablish service or to process a refund into the person’s bank account.
Massive' Identity Theft Ring Could Affect 1 in 20 Utahns, Police Say Monday, February 20, 2017 deseretnews.com The group is accused of obtaining personal information — including the Social Security numbers and dates of birth of more than 143,000 people. That means approximately 1 in every 20 Utahns has the potential of becoming victims of identity theft by members of this group, said Diana Hagen, the first assistant U.S. attorney for Utah.
5 Data Breach Threats Your Small Business Should Prepare For Monday, February 20, 2017 businessnewsdaily.com Securing sensitive information has never been more difficult with new malware threats that seem to pop up every single year. Data breaches affect even the most renowned companies like Yahoo, LinkedIn and Dropbox, to name a few. For small businesses, in particular, being ready for a data breach is essential to survival if — or more likely, when — one occurs.
IRS Warns of Video Relay Scam Targeting Deaf and Hard of Hearing Monday, February 20, 2017 irs.gov Every day scammers come up with new ways to steal taxpayers’ identities and personal information. Some scammers pretend to be from the IRS with one goal in mind: to steal money. Be aware that con artists will use video relay services (VRS) to try to scam deaf and hard of hearing individuals. Don’t become a victim. Deaf and hard of hearing taxpayers should avoid giving out personal and financial information to anyone they do not know. Always confirm that the person requesting personal information is who they say they are. Do not automatically trust calls just because they are made through VRS. VRS interpreters do not screen calls for validity.
Tax Scams via Video Relay Service [video] Monday, February 20, 2017 irs.gov The IRS warns the Deaf and hard of hearing community about an increasing number of tax scammers that use the Video Relay Services (VRS).
RSA Conference: Lessons From a Billion Breached Data Records Monday, February 20, 2017 esecurityplanet.com Troy Hunt sees more breached records than most of us, running the popular ethical data breach search service "Have I been pwned." In a session at the RSA Conference this week, Hunt entertained the capacity crowd with tales both humorous and frightening about breaches that he has been involved with.
Phishing Campaign Uses Yahoo Breach to Hook Email Monday, February 20, 2017 csoonline.com The Yahoo breach news is another opportunity for industrious criminals to prey on user concern about account security. Here's what to look for in the latest phishing hook.
Senator Seeks Answers on Border Cell Phone Searches Monday, February 20, 2017 cnn.com Can the government demand you unlock your phone at the airport? A senior Senate Democrat is demanding the Department of Homeland Security explain reports that it's doing just that. Oregon Sen. Ron Wyden, a senior member of the Senate Intelligence Committee and privacy hawk, is set to send a letter to DHS Secretary John Kelly calling reports that Americans were required to unlock their smartphones "deeply troubling," asking what legal authority allows for it.
Law Firm Cybersecurity: An Industry at Serious Risk Monday, February 20, 2017 teachprivacy.com Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
Florida Man Gets 48 Months for $1.3M Spam Email Scheme Saturday, February 18, 2017 darkreading.com Florida resident Timothy Livingston has been sentenced by a US district court to 48 months in prison for computer hacking, identify theft, and email fraud. A US Department of Justice release said Livingston made more than $1.3 million in illegal profits through his hacking scheme.
The 2017 Phishing Trends & Intelligence Report Is Now Available Saturday, February 18, 2017 info.phishlabs.com As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening.
The Bright-Eyed Talking Doll That Just Might Be a Spy Saturday, February 18, 2017 nytimes.com Cayla is a blond, bright-eyed doll that chatters about horses and hobbies. She plays games and accurately answers questions about the world at large. She could also be eavesdropping on your child.
IRS Dirty Dozen: Phishing, Phone Cons and Identity Theft Lead Scam List for 2017 Saturday, February 18, 2017 networkworld.com The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.
Tribal Members Warned of Data Breach After Hard Drive Theft Saturday, February 18, 2017 nbcmontana.com A Bureau of Indian Affairs spokeswoman says more than 20,000 members of two Montana American Indian tribes were notified of a potential data breach involving their personal information...The unencrypted device contained names, addresses, birthdates and tribal enrollment information for members of the Crow and Northern Cheyenne Tribes.
Brooklyn Gang Members Busted for Financial Fraud, Stealing From Banks Saturday, February 18, 2017 nydailynews.com A group of Brooklyn gang members were busted for stealing from various banks...Nine members of Folk Nation, Flatbush G-Stone Crips and a subset of the 8-Tray Crips gang called “Bosses in Business” allegedly deposited 241 counterfeit checks — then withdrew over $94,000 from 71 unsuspected financial institutions.
Ransomware Growth Fueled by Russian-Speaking Cybercriminals Friday, February 17, 2017 darkreading.com A study by security vendor Kaspersky Lab shows that Russian-speaking individuals and cybercrime groups are responsible for a major proportion of ransomware development and distribution activities globally.
Yahoo May Pay a Steep Price for Data Breaches Friday, February 17, 2017 nytimes.com So how much does it cost when hackers have breached your corporate defenses and stolen information from at least a billion user accounts? For Yahoo, the answer is close to $300 million. That’s how much may soon be knocked off the price that Verizon, the telecom giant, will pay to acquire the fading internet pioneer, write Michael de la Merced and Vindu Goel.
Lone Hacker Rasputin Breaches 60 Universities, Federal Agencies Friday, February 17, 2017 zdnet.com Universities are a top target, with Cornell University, New York University (NYU), Purdue University, Michigan State University, the Rochester Institute of Technology, and the University of Washington among those affected in the US. Over in the UK, Rasputin has also targeted academic institutions including the University of Cambridge, University of Oxford, the University of Edinburgh, and the Architectural Association School of Architecture.
Security Breach Steals Tax Info for All Bloomington Public School Employees Thursday, February 16, 2017 startribune.com Personal information for 2,800 current and former Bloomington public school employees was stolen in an e-mail phishing scam, school district officials said. The school district is investigating the security breach, in which the 2016 federal W-2 tax forms of all employees were released...The information was released when an employee in the district's finance department responded to an e-mail Friday morning appearing to be from someone in the school district requesting the information.
Wendy's Should Face Data Breach Suit, Magistrate Says Thursday, February 16, 2017 law360.com A federal magistrate judge recommended on Monday that the district court reject Wendy's bid to dismiss a class action brought by 26 financial institutions against the fast-food giant for allegedly failing to thwart a data breach, saying the plaintiffs have adequately pled negligence and deceptive trade practices claims.
Who Ran Leakedsource.com? Thursday, February 16, 2017 krebsonsecurity.com Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn and Myspace. In a development that could turn out to be deeply ironic, it seems that the real-life identity of LeakedSource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.
Former Google CEO Says Everyone Forgot Criminals When Building the Internet Thursday, February 16, 2017 money.cnn.com When people built the internet, they forgot about the bad guys. At least, that's according to Eric Schmidt, executive chairman of Alphabet and former Google CEO. At the RSA security conference in San Francisco on Wednesday, Schmidt spoke about the early days of his career building a network and mail system in the late 1970s while in a Masters program at the University of California, Berkeley. He touched on why internet security is still an ongoing issue, and why it's not completely secure by default. "We now find ourselves back fixing it over and over again," Schmidt said. "You keep saying, 'Why didn't we think about this?' Well the answer is, it didn't occur to us that there were criminals."
You Can’t Depend on Antivirus Software Anymore Thursday, February 16, 2017 slate.com In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second. And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.
Retailers Push Back Against Plans to Boost Security of Online Shopping Thursday, February 16, 2017 nakedsecurity.com The European Union is set to insist on better security for online purchases, but a number of retailers are digging their heels in. The idea, which comes from the London-based European Banking Authority, consists of urging extra security for purchases over €10, such as a user-selected passcode number. Computer Business Review is among the publications suggesting that retailers believe any extra steps in a purchase process would reduce the amount of sales actually made. Visa Europe, for example, conducted a survey that suggested €11.2bn a year in online sales, some 2% of the whole market, would be put at risk. It also found that 61% of customers would abandon a purchase if there were an extra step involved.
What Real-Life Kidnappings Can Teach Us About Dealing With Digital Ones Thursday, February 16, 2017 nbcnews.com While the methods are literally as old as ancient history, cyber security experts are now looking to the kidnapping and ransom industry to better understand how to deal with the growing threat of ransomware, which is now a billion dollar a year industry.
Clinton Campaign Tested Staffers With Fake Phishing Emails Thursday, February 16, 2017 darkreading.com Email leaks notwithstanding, Hillary Clinton's campaign manager Robby Mook says the campaign conducted regular security training for staffers, which included sending fake phishing emails to campaign staffers to see how they'd be handled.
Valentine's Day Warning: Romance Scams Hit All-Time High Tuesday, February 14, 2017 bobsullivan.net Romance Scams — also known as Sweetheart Scams — continue to flourish. Yes, I know you’ve heard about them before, but you need to hear about them again. Loneliness drives people to do crazy things. There isn’t a soul on the planet who hasn’t suffered that fate. Keep a close eye on older, widowed family members who can’t get around much. And on yourself, too. Anyone can be fragile. And the scams are getting more and more clever.
Banks Look to Cellphones to Replace A.T.M. Cards Tuesday, February 14, 2017 nytimes.com Wallets can be lost, stolen or forgotten, but most people today wouldn’t be caught dead without their phones. Banks understand, and are grabbing on to that trend. Customers who don’t want to fumble around in their wallet for their A.T.M. card — or who have misplaced it for the umpteenth time — will soon be able to unlock cash dispensers’ coffers by using their phone.
Russell Simmons' RushCard Fined $13 Million for 2015 Outage Tuesday, February 14, 2017 apnews.com RushCard, the debit card company founded by hip-hop mogul Russell Simmons, is being fined and forced to pay millions in restitution to customers that were affected by a 2015 outage that cut users off from their money. The Consumer Financial Protection Bureau said Wednesday that it has ordered RushCard and its payment processor, MasterCard, to pay $10 million in restitution to customers as well as a $3 million fine.
ZeekRewards Founder Sentenced for Role in $850 Million Scam Tuesday, February 14, 2017 abcnews.go.com The founder of ZeekRewards has been sentenced to nearly 15 years behind bars for his lead role in an $850 million online Ponzi scheme that bilked nearly a million people in the U.S. and abroad.
New Phone Scam Poses as Department of Health Services Tuesday, February 14, 2017 ktar.com The Arizona Department of Health Services is warning citizens to beware of a new phone scam. According to a release from the department, the AZDHS received an usual number of phone calls on Monday morning from individuals complaining of a telephone scam. People from nearly 40 different states told the department that they received calls from people asking for personal information, and that the caller ID showed the agency’s phone number.
Woman Warns of IRS Tax Scam Tuesday, February 14, 2017 kdvr.com It is tax season and scammers are at it again, posing as the IRS in an effort to steal personal information. Nancy Moore of Greeley says scammers called her and threatened to take her to court if she didn’t pay them thousands of dollars.
'Shock And Awe' Ransomware Attacks Multiply Tuesday, February 14, 2017 darkreading.com The data-hostage crisis isn't going away anytime soon: In fact, it's starting to get a lot scarier and destructive, and with a more unpredictable outcome.
Verizon Data Breach Digest Triangulates Humanity Inside Security Tuesday, February 14, 2017 darkreading.com If the whole security management services thing doesn't work out, Verizon may want to consider getting into the techno-thriller mystery writing business. Its newly released Data Breach Digest is chockablock with stories of online shenanigans (with some identifying details altered) that would be right at home in an episode of Mr. Robot. The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
Alleged Russian Hacker With Ties to ‘Notorious Cybercriminals’ Arrested in LA Monday, February 13, 2017 darkreading.com Law enforcement authorities in Los Angeles have arrested a Russian-born individual on charges that he stole money from thousands of U.S. bank accounts in a cybercrime career dating back to at least 2008. In court papers filed in connection with the February 1 arrest, prosecuting attorneys described Alexander Tverdokhlebov as a well-connected member of several elite Russian-speaking cybercrime forums engaged in extensive money laundering services, selling stolen personal data, and malware tools. The four-count indictment against Tverdokhlebov charges him of using a botnet of around 10,000 infected computers to steal passwords and login credentials to online bank accounts which he and an accomplice, Vadim Polyakov, then used to make fraudulent purchases and illegal withdrawals.
Expert: Line Between Cyber Crooks and Cyber Spies Getting More Blurry Monday, February 13, 2017 networkworld.com Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice’s national security division.
Data Breach at PIP Printing Company Leaks Thousands of Sensitive Documents Monday, February 13, 2017 nbcnews.com An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands.
DHS to Demo Cyber Defenses at RSA Monday, February 13, 2017 gcn.com The Department of Homeland Security will be showcasing a number of new cybersecurity technologies at the RSA Conference from Feb. 14 to 16 in San Francisco. This year, the DHS Science and Technology Directorate will demonstrate 12 government-funded solutions that are ready for pilot deployment and commercialization.
Seniors Targeted in Massive Fake Lottery Operation Monday, February 13, 2017 mynewsla.com Bullock promised mostly elderly victims that they had won large lottery or sweepstakes prizes and, in order to obtain their “winnings,” would need to send money to pay for taxes, fees and other expenses, according to the U.S. Attorney’s Office. Hoping to collect the winnings, victims sent money via wire transfer, money orders and cash, prosecutors said.
Why the CSO Needs to Be Involved in Active Shooter Prep Monday, February 13, 2017 csoonline.com The sad reality of today’s modern world is that companies and employees need to start planning for potential emergency situations. It’s no longer just getting them out of the building in case of a fire or earthquake - today’s emergency planning also needs to account for active shooter and terrorism scenarios. While most of today’s CSOs concentrate on protecting a company’s data, there are still some who need to worry about physical security at their companies.
Credit Card Skimmers Lead to Identity Theft at the Gas Pump Monday, February 13, 2017 minnesota.cbslocal.com One of the fastest growing areas for identity theft is happening at the gas pump. Credit card skimmers that are installed into the gas pump allow thieves to steal your information when you fill up your vehicle.
FBI Official: No Immediate Changes to Encryption Policy Under Trump Thursday, February 09, 2017 thehill.com Encryption is a hot-button issue in the ongoing debate about privacy and the federal government’s access to secured communications. While the use of encryption is broadly recognized as important to privacy and cybersecurity, it has created problems for federal investigators as they pursue criminal and counterterrorism cases. The issue took center stage last year in the legal fight between Apple and the FBI as the bureau fought to access an iPhone used by one of the attackers in the San Bernardino, Calif., shooting in December 2015.
Programmer Releases Bot Army to Crush Windows Support Scammers Thursday, February 09, 2017 zdnet.com One developer has declared war on these types of scammers and wants to wipe them out entirely with the help of a bot army. Programmer Roger Anderson from the Jolly Roger Telephone Company recently revealed that he created a slew of bots programmed to waste as much of the operator's time as possible. Anderson, known for the Jolly Roger bot which intercepts scam robocalls and creates never-ending loops to keep the calls away from legitimate people, has stocked the bot army with a variety of pre-recorded conversations and responses.
Google Let Scammers Post a Perfectly Spoofed Amazon Ad in Its Search Results Thursday, February 09, 2017 zdnet.com Anyone who used Google search to look for Amazon, the internet retail giant, on Wednesday was likely served a malicious ad -- and didn't even realize it. The good news is that unlike other rogue ads, your machine wasn't infected or served malware in any way. But anyone who clicked on it would not have been sent to Amazon.com as they would have hoped, but instead, they were pointed to a fake Windows support scam posing as Microsoft. From there, scammers would have tried to trick the user into calling a number for fear that their computer was in fact infected with malware.
Beware: Most Mobile VPNs Aren’t as Safe as They Seem Friday, February 10, 2017 wired.com Before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.
‘Top 10 Spammer’ Indicted for Wire Fraud Friday, February 10, 2017 krebsonsecurity.com The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad. Prosecutors charge that Persaud often used false names to register the domains, and he created fraudulent “From:” address fields to conceal that he was the true sender of the emails. The government also accuses Persaud of “illegally transferring and selling millions of email addresses for the purpose of transmitting spam.”
Woman With History of Identity Theft Arrested Again Friday, February 10, 2017 thedenverchannel.com In the past, Morris has used other people’s identity to apply for and create accounts at Walmart, Lowe’s, Kohl’s, Amazon.com, among others...Morris used the fake accounts she created to buy jewelry, cooking pots, makeup, children’s clothes and items from Victoria’s Secret.
House Passes Long-Sought Email Privacy Bill Wednesday, February 08, 2017 krebsonsecurity.com The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
Criminals Release Fewer New Types of Malware, Double Down on Ransomware Wednesday, February 08, 2017 cio.com Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks. The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall.
Study: 1 in 3 Website Visitors Is an Attack Bot Wednesday, February 08, 2017 csoonline.com For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October’s attack against DNS provider Dyn.
Michigan's Unemployment Agency Confiscates Money From Innocent ID Theft Victim Wednesday, February 08, 2017 wzzm13.com A months-long WZZM 13 Watchdog investigation found a local woman among many people in the state of Michigan victimized by identity theft and unable to gain the trust of Michigan's Unemployment Insurance Agency, or UIA. The identity theft caused Michigan's UIA to incorrectly confiscate income tax return money from innocent people who had never filed for unemployment.
Identity Theft Hit an All-Time High in 2016 Wednesday, February 08, 2017 usatoday.com Despite years of battling by the financial industry and a massive change in the way Americans use debit and credit cards, the rate of identity theft soared during 2016, a new report has found. In fact, it hit an all-time high.
Hackers Are Seeking out Company Insiders on the Black Market Tuesday, February 07, 2017 csoonline.com If you’re the CEO of a company, here’s another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes. Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers.
Head of NSA to Brief Senators on Cyber Threats Tuesday, February 07, 2017 thehill.com Senators on the Armed Services Committee will be briefed by a top intelligence official on cyber threats Tuesday morning. The hearing, which will be closed to the public, will feature testimony from Adm. Michael Rogers, who holds the dual-leadership role at U.S. Cyber Command and the National Security Agency (NSA). The closed-door briefing will give lawmakers an opportunity to press Rogers on the intelligence community’s recent findings about Russia’s cyber attacks aimed at the U.S. presidential election.
Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world?
Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder?
Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud?
If so, we invite you to learn more about identity theft and scam expert Rob Douglas.