Archive for July, 2010

Identity Theft Must likely at Hotel Check-in

Thursday, July 29th, 2010

According to the USA Today Hotel Check-in blog and Nicholas Percoco, who runs SpiderLabs at Trustwave, you are more likely to have your identity stolen from a Hotel breach than any other industry. According to Nicholas Percoco the problem isn’t getting any better either.

Apparently thieves are installing sophisticated malicious software into the hotels computers that can access the registration system. It can go undetected in the computer system for months until an export goes in to look for it. The software is designed to extract information from the hotel’s computer system, information like credit card numbers names and addresses.

Hotels are the most investigated industry for data breaches and restaurants are second. Hotels are starting to realize the threat and have begun spending money to prevent and detect these kinds of breaches. According to ABC news, who covered this story last month, more than 700 Destination Hotel guests have had their credit card information stolen.

What can someone do to prevent this from happening to them? Not a whole lot, because the breach is with the hotel you can’t control it. The only thing a customer can do is monitor their credit and avoid paying for a hotel with a debit card. Debit cards come straight from your checking account and the time period to file charge complaints is shorter. If you use a credit card you will have a long period of time to catch the fraud and file a complaint before the money is actually transferred.

Soldiers and Dating Site Scams

Wednesday, July 28th, 2010

A new scam has emerged effecting people using online dating sites. Online scammers have been using photos of U.S. Soldiers and creating online dating profiles in order to scam woman out of money. The scammers have even use photos of soldiers who have died over seas.

Scam starts on dating sites when a relationships forms between the thieves and their victims. After a relationship and trust has been built with the victim, the scammer will ask for money to purchase laptops, phones and transportation fees. They will try and explain to the women that their units don’t have phones, or that they need money to help keep the unit’s Internet going. The thieves also ask the victims for money to purchase leave papers, or to help pay for their flight home.

There have been several reports of this scam and it seems it’s only getting bigger. Hundreds of people have already reported being victims to this scam. Unfortunately there is little or nothing the FBI, the State Department, the Federal Trade Commission or the National White Collar Crime Center can do about the scam. The thieves are mobile and are operating outside of the country, most likely using internet cafes in different locations.

The army has no jurisdiction in the matter either, because the thieves are not actual soldiers. It is believed that the perpetrators are most likely from Ghana, Angola and Nigeria. To date no service member has incurred any financial damages do to this scam, but civilians have lost thousands.

Online dating websites are more popular than ever, and can be a great way to meet people. I’m sure many of you know at least one person who has married someone after meeting them using an online dating website, but keep in mind that scammers are always out there and you should never send money to people you have met online.

Identity Theft Scam Targets People with Diabetes

Tuesday, July 27th, 2010

If you have diabetes you might want to take notice of an identity theft scam that has been developing. The scam first showed its ugly head in Mississippi when diabetics began receiving calls from people who claimed they were representatives of Diabetes Foundation of Mississippi and the American Diabetes Association.

The scammer would convince the person that they were a legitimate representatives for the organization and then ask for personal information like social security numbers, dates of birth and credit card information. This particular scam is more effective than other like it because somehow the scammer knows the victim is a diabetic.

The Diabetes Foundation of Mississippi and the American Diabetes Foundation have reported these complaint to the Consumer Protection Division of the Mississippi Attorney Generals Office. So far Mississippi is the only state that has reported this particular scam, but there is always a possibility that it could spread to other states.

Organizations like Diabetes Foundation of Mississippi and the American Diabetes Foundation will never initiate a phone call or any email correspondence to update, confirm, or ask for personal information. If you receive a phone call or email to this effect you should disregard it and report it to the appropriate authorities. If there is ever any doubt of the legitimacy of the person on the phone simply find the organizations contact information and call them to confirm you are actually talking with the organization.

Tabjacking – Phishing with a New Spin

Friday, July 23rd, 2010

PhotobucketI think everyone knows what a phishing site is. For those of you how don’t it’s when a deviant character creates a website that looks a exactly like a website you may have a login for. When you try to login using your information what you are really doing is giving the bad guys your login information.

Many people out there can spot a phishing site primarily due to the URL, which will not be correct. A new phishing strategy has popped up and I thought you all should know about it. It’s called Tabjacking, and works something like this. You click a link and a page loads perhaps showing you what you expected to see. Then when you switch into a different tab the page loads a phishing site for example gmail. You may return to the tab, forgetting what was there, and think to yourself “why gmail is logged out” and log back in.

I have so many tabs open all the time that I would for sure forget what I had loaded and might even fall for this trick. You don’t think to check the URL when you have already loaded the tab and that’s the problem. This trick only works in Firefox as far as I know, but I’m sure there are ways to get it working in other browsers as well.

What to look for!

Always check the URL, when logging into anything, to ensure it’s the right website. If you need some instruction on how to spot a phishing site visit my other post on the issue.

Use password tools to protect yourself from phishing sites. I use LastPass to store all my passwords. It automatically fills in my passwords. So if I was to visit a phishing site it wouldn’t fill in the passwords because it knows what the real websites URL is supposed to be.

Keep your eyes open for this kind of thing. You don’t want a phishing site to lead to an identity theft or access to you bank account. Some of the favorite site for thieves to duplicate include banking websites, social sites, and email. Don’t be a victim, know what to look for.

Visa Working Hard to Protect your Information

Thursday, July 22nd, 2010

Visa, one of the largest credit card companies, has been commended on a process called Tokenization. Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Visa has taken the steps to making their  Tokenization system very robust in conformance to best practices, and have been recognized for it.

Not every merchant uses such a robust system, which leaves their customers vulnerable to identity theft. When companies don’t follow best practices they leave it up to their customers to deal with the consequences for themselves. So I applaud Visa for taking the proactive steps to prevent a breach of their customers data in such a way.

Visa has had their fair share of theft attempts. Do you wonder why hackers don’t spend all their time trying to get access to main credit card companies servers? Because they have tried and have failed and companies like Visa keep their information encrypted using tokenization with the keys changing regularly. Visa has, in recent, fought off several attempts to gain access to their servers and were successful in doing so.

Unfortunately not all companies are so carful with your information. Every time you use your credit card it has to go through a credit card processing company who now also has your information. There are several companies that process credit cards, so your information is most likely stored in several of them. If those companies aren’t as secure it doesn’t matter how secure your information is on Visa’s servers. Your card information could still be stolen from those card processing companies, which has happened in recent.

The best way to discover and monitor your identity is to be proactive about it. The best company that allows you to do that is LifeLock. They by far offer the best tools and service that help you discover and remediate any identity theft. You could look after your own identity, but just looking at your credit report isn’t enough. You need the tools that LifeLock can provide to it’s members for a more complete analysis of your identity.

Receive 30 days free and get a 10 percent discount on enrollment with the LifeLock Promo Code “Defense.”

Woman Arrested for Identity Theft after Leaving the Country

Wednesday, July 21st, 2010

In Rehoboth Delaware a 21-year-old woman by the name of Ekaterina V. Krukovich has been arrested and charged with identity theft of a person 62 or older; 15 counts of theft; and 14 counts of unlawful use of a debit card.

The incident happened when a 71-year-old man was using an ATM. He finished his transaction and forget to retrieve is debit card from the machine. Ekaterina V. Krukovich was standing in line right behind him. According the the video surveillance she then used the card to withdraw money from the man’s account. She then used the card to make several additional purchases, which resulted in a total loss of $1,316 .

When the police discovered the identity of the woman they attempted to make contact with her only to discover she had gone back to you native country of Republic of Belarus. State Police created arrest warrants for Krukovich and she was returned to the US and was arrested.

I guess that just proves if you are going to commit a crime in the US, it’s best to run off to a country that isn’t going to return you to the US for conviction like Mexico. I think everyone can spot what the person victim did wrong in this story! Don’t leave your debit card in the ATM! I think Ekaterina V. Krukovich must of seen his pin as well, because how else would she be able to withdraw money from his account right there at the ATM. So what have we learned from this story? Don’t leave your card in the ATM and don’t let anyone see your pin.

Simple Things you can do to Prevent an Identity Theft

Wednesday, July 14th, 2010

No one is 100% safe from identity theft. Identity theft takes on so many forms that no one can avoid it, not even with a service like LifeLock or any other. There are however simple things you can do to help prevent an identity theft that everyone should follow. These things, by no stretch of the imagination, will prevent all kinds of identity theft, but it will make it harder for the common thief from getting your information and stealing your identity.

First of all, and this should go without saying, you should never carry your Social Security card with you in you wallet. This is a big “NO NO” and should be avoided if you can help it. Sometimes with new jobs and dealing with the government you might need the actual card. This can’t be avoided but make sure when you arrive home the card comes back out of your wallet and into its safe place. Also inquire if the actual card is needed or just a copy. If they only need a photocopy do it at home so you don’t risk transporting it around.

Be aware of card skimming, a very common way of gaining credit and debit card information. When you use an ATM inspect the opening where you put your card to make sure nothing has been placed over it and make sure it doesn’t wiggle or move. If you have any doubts about the machine simply don’t use it. When using your card at a store make sure to watch the person at the counter and what they do with your card. If they move it out of your site or look like they swiped it into a handheld device it might be time to cancel the card and perhaps even inform the authorities.

Keep your computer free of viruses and malware with anti-virus software. There are millions of malicious programs out there. Take precautions by using anti-virus software, and avoid using Peer-to-Peer networks like Limewire and Torrents. Virus and sharing networks are an easy way to get your identity stolen.

Many banks nowadays have SMS text alerts for your bank account. Go to your banks online website and turn them on.  Set up alerts that will inform you of large amounts of money leaving your checking account. If more than $200 leaves my account I get a notification of it right away. This will help you discover a breached debit card and help you recover and prevent further damage. Also check your credit card statements often. You have more time to recover lost money with a credit card, but you still want to catch it early.

Keep a list of contact number for all your credit cards and documents you keep in your wallet or purse. Numbers for your bank’s customer service line and numbers for each of your credit card companies and so on. In the event you have your wallet or purse stolen you will have a list of all the numbers to call so you can cancel your cards and also have them reissued. This will keep the time the thief has to use your card at a minimum and reduce the damage done by them. Remember that thieves know that you are going to try and cancel everything before they have a chance to cash in on it, so it’s a race you, literally, can’t afford to loose.

These simple things can help you catch and remediate an identity theft, but if you want to take your protection to a higher level you might want to think about getting a membership with LifeLock. They are the leader in Identity theft protection, giving their members unparalleled features and services. If you really want to protect your identity LifeLock is the way to go and for $10 a month you can’t beat it.

Oil Spill Scam – Don’t give your money to just anyone!

Monday, July 12th, 2010

PhotobucketIt has become apparent that scam artists will follow the headlines to take advantage of any situation. Like during the presidential election when a scammer put out a fake video of Obama, which had a virus attached. The situation in the gulf is not exception, which is apparent by the several warnings by the FTC.

The FTC is warning people that they have received reports of scammers posing as BP’s authorized claims administrator. Other scams include charity scams, contractors scams, and Insurance scams.    When it comes to insurance scams, scammers want you to pay a fee to expedite their claims service. These people obviously don’t work for BP and in fact BP doesn’t even charge a fee for placing claims. There are still other reports of scammers posing as government officials trying to collect a processing fee for government services. The government In fact, also, doesn’t require a processing fee.

Insurance scams have also been reported and people need to how to spot a fake and when to be suspicious. When dealing with people claiming to provide insurance make sure they are an authorized representatives of BP. You should report anyone who is making false or exaggerated insurance claims as well as anyone who is making insurance claims but lives outside the disaster zone.

You should also be aware of the charity scams. Some of these scams are using the internet to take in donations for legitimate environmental organizations. They often ask for donations via email and social networking sites. Check with the Better Business Bureau before you make an donations, to ensure your contribution makes it to the actual organization. Keep in mind that charities don’t make a habit of pressuring people to give money. If you experience this look for a different charity.

It’s a great thing to want to help with the disaster in the gulf, but don’t be taken advantage of. If you are looking to file a claim regarding the spill make sure you are speaking with a legitimate representative before signing anything. Remember that there are no fees associated with filing or processing a claim so don’t be fooled.

Caregiver Charged with Her Second Identity Theft

Thursday, July 8th, 2010

PhotobucketRoseville Detroit, a 30-year-old woman by the name of Julia Robinson was the caregiver of a 99 year-old woman of Roseville, that is until Julia Robinson stole her identity obtaining credit cards that she used to her benefit. Robinson pleaded guilt to the crimes and received a reduced sentence and probation.

It was only five months later that Julia Robinson tried to steal the same 99-year-old ladies identity again. Police received a complaint concerning the situation and began to investigate the matter once more. Robinson was arrested and charged with two felony counts: one count of false statement of identity to obtain a financial transaction device, a four-year felony, and a second count of possession of personal information with intent to commit identify theft, a five-year felony.

Wow I guess she didn’t learn her lesson the first time! If she received a lesser sentence before, you can be sure that the new judge isn’t going to be so forgiving. Why would you steal someone’s identity again? Most identity thefts end up with the victims finding out about it sooner or later. If you have already been convicted of steal that person’s identity before you will probably be the primary suspect in the new investigation. We can only hope that after she completes her second sentence she will have learned her lesson. When she gets out I wonder if she will go for the Hat Trick and try it again!

Citizens Alerts 213,000 in Possible Identity Theft

Wednesday, July 7th, 2010

Citizens is a property insurance company that covers Florida homeowners who are unable to get private property insurance. They have over 122,523 customers in Palm Beach, Martin, and St.Lucie counties alone. Citizens intercepted a very interesting data breach. Apparently someone changed their mailing address using the post office online tools to intercept all of their mail, which would include applications and payments from their current and prospective customers.

Citizens discovered the fraud when they received a confirmation of the change of address in the mail. The thieves tried to have that forwarded as well, but the second application for a change of address had not gone through yet so Citizens was able to receive the confirmation before any real damage had been done.

Citizens and the Post Office are confident that no mail had yet been forwarded to the fraudulent address. Citizens is not taking any chances however, they are sending out letters to 213,000 customers and applicants that might have sent a payment or an application during the time in question. The letter instructed customers to call a hotline to ensure their payment had been received, and so far Citizens has not discovered any breaches.

Citizens is most concerned about the insurance applications that might have been sent. The applications would include potential customers date of birth, Social Security number, and address. Everything an identity thief would need to steal someone’s identity.

This tactic is a new one on me! I have never heard of anyone trying and change the address of a business to obtain their customers information. Seems like it might have worked if their second change of address would have gone through before Citizens received the confirmation. Citizens would have figured it out in a couple days when they stopped receiving their mail. I give the identity thief an A for effort, but a F for execution.