identity theft

Latest Phishing Scam: Email Scamers are Taking Advantage of Twitter-style Alerts!

With an estimated 3.7 billion phishing emails sent in the past year it is no surprise that phishers have set their sights on Twitter. The latest phishing scam sweeping the ‘Net' is a spam campaign designed to look like legitimate Twitter notifications.

The emails take many forms: Some resemble messages from Twitter customer support claiming that the site has detected an attempt to steal the receiver's Twitter password. Others claim that the recipient has changed the e-mail address associated with their account and ask them to confirm. The links in these emails lead either to a downloadable "secure module" which the emails claim will protect the account but is actually malware or to a phishing site designed to steal the user's account information. Online pharmacy spammers have also taken to Twitter-formatted emails to advertise non-FDA approved pills.

Those these scams don't seem very threatening at first (I mean, how much damage can some do with 140 characters?) but the repercussions having your Twitter account hacked are HUGE! Many people use the same password they use for Twitter for many other online sites; from Facebook to online banking, people just aren't taking necessary precautions with their passwords. So, if you enter your account information into phishing site and you use the same password for Twitter as sites like Facebook or your email that may house more personal information, the scammer can potentially get into your other accounts.

These scams, discovered by Trend Micro, are easily avoidable if you are aware of them and know what a legitimate Twitter email does and does not contain.*

  • Twitter does not send links to "secure modules".
  • Twitter emails request confirmations include the new account information.
  • Twitter emails do no describe or promote new services or products.

* Twitter email specifications via Trend Micro

Before you get hacked, consider taking these precautions:

  • Always read emails completely and thoroughly before clinking though the links. It can take a while for news of the latest scam to reach your ears so keeping a vigilant eye on all your emails is a must!
  • Use different, high quality, passwords for Twitter, Facebook, your email, and your online banking account. Secure passwords contain a random series of lower and upper case letters, numbers, and approved symbols. Such passwords should be more than 8 characters in length
  • Consider and Identity Protection service. Investing in and identity protection service, such as Intelius IdentityProtect, can prevent a scammer that acquires your information from using it. This useful advantage could save you tons of time and money.

Personal Safety Procautions at World Cup 2010 in South Africa

As always, large multinational public events generate heightened concern for personal security. The 2010 World Cup being held in Rustenburg, South Africa is no exception. The FIFA approved comprehensive security plan is broken into seven phases. The first phase began in 2004 when South Africa was selected to host this year's World Cup Tournament. The plan includes 41,000 Police Officers and $74.5 Million USD in hi-tech equipment. All the planning in the world however, can't insure the month-long event will go off without a hitch.

The committees overwhelming focus has been on protecting the attendees against the potential for violent crime, however, even with all the preparations security does not appear to be very tight. Just yesterday, according to the Huffington Post, attendees witnessed several people setting off the metal detectors on their way into the stadium and then being waved in by smiling security guards without being asked to do so much as empty their pockets! For attendees with credentials, people with advanced tickets that have passed 'pre-screening' checks, bag checks are often cursory or are not done at all. Monday the stadium stewards walked out in protest of low pay or their work, leaving the stadium more-or-less unguarded during the Italy-Paraguay match.

This latent security should leave attendees of the World Cup concerned, however, by following certain guidelines you can increase your chances of both enjoying the World Cup and staying safe.

  • Be mindful of your surroundings. As everyone knows, beer is a big part of soccer, but that doesn't mean that your entire group should go 'wild' and every game. Sure you don't have to drive, but South Africa can be dangerous and with so many tourists in town for the World Cup, you can bet that prospective criminals will be on the look out for anyone who seems to be enjoying themselves too muchSo drink moderately at the games or, if that doesn't work, elect a rotating DN (designated navigator) to keep you on track to your hotel. Regardless of whether you've been drinking, always keep an eye on where you are, where you're going, and who's around you.
  • Try to 'blend in' with the crowd. When you're walking around, either before or after a match, try to blend in with those around you. Be mindful of your personal space, keep any valuables in inside pockets, but try not to call too much attention to yourself by being overly loud, pointing, or by straying out of tourist areas.
  • Stay in groups and on the beaten path. Don't go anywhere alone. At the very least bring a buddy, but a group of about 4 or 5 people is probably the safest bet. If your guide book or hotel tells you to stay out of certain areas, stay out of them. If security guards or police are ushering you away from a particular place, obey their instructions. Exercise common sense and good judgement while walking around the city.
  • Don't flaunt your wealth. American's are a prime target to a potential criminal because of their suspected wealth. While you can't change being American, you can change how you are precieved as a victim. So keep you money out of sight, and don't spend wildly while you're out in the city. Research tipping culture before you go to a pub or restaurant so you know how much is normal. Leaving too large of a tip can mark you as both inexperienced and wealthy. Also, as hard as it might be to resist, don't give too much money to people on the street - it can attract un-wanted attention.
  • If your wallet is stolen, report it immediately to your bank. If you notice that your credit cards or passport are missing report them immediately to the local consulate or your home bank. The sooner you report them the less likely you are to have your identity stolen or to be a victim of monetary theft. Before you go (if you are going for the later part of the month) consider investing in an Identity Protection Service, that way, even if your credit and personal information is stolen you will not be at risk for identity theft or fraud.
  • Maintain regular email contact with those back home. This is both for your safety and for the peace of mind of your family and friends back home. Arange to send an email to them on a regular basis - perhaps every 2-3 days. Agree that if you don't check in with in 24 hours of the agreed day, your freind or family member will report you missing to the authorities.

It's more than likely that you'll be safe for the duration of your stay in South Africa, however, the above precautions will give you and those at home some peace-of-mind while you're away. Just remember to respect the cultural and civil environment in which you are now a visitor!

The latest scam YOU need to be aware of: 'tabnabbing'

Think ‘tabnabbing’ sounds like the latest prank involving filing supplies and the office clown? Think again.  Tabnabbing (also referred to as tabnapping) is a new type of phishing attack that is sweeping the internet.  Most phishing scams rely on you clicking on an imbedded link or downloading a file you find in a suspect email, sketchy website or a pop up window.  Tabnabbing occurs in the background after your focus shifts away from a malicious or compromised site.   

“What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise,” Said Aza Raskin, Firefox's creative lead who identified the attack.  “Most people keep multiple tabs open, often for long periods.”

This attack uses JavaScript to discretely change the contents of an open but not active tab in your browser to look like the log-in screen of a bank, credit card company, popular retail site, social networking site or email provider.  This page transformation only occurs after the page becomes “inactive” while a victim moves to another tab or open program. The scammers are relying on users thinking they left a login page tab open.   

"When they click back to the fake tab, they'll see the standard Gmail log-in page, assume they've been logged out, and provide their credentials to log in," says Raskin.

Raskin was able to recreate “tabnabbing” on his own blog to show users what to look for.  You can try it here. After clicking the link, open a new tab, or simply click away from the page for a few seconds and then go back to the original tab.  While the URL hasn’t changed, the original blog content you saw only moments ago has been replaced with what appears to be a Gmail login page.  In this case the Gmail login page is just an image; however, in the case of an actual tabnabbing attack the page will be a functional login form.

In an actual attack after the user enters their login information, it’s sent it back to the attacker, and then the victim redirected back to the site they think they are logging into. This often goes completely
undetected because often the victim was never logged out in the first place, and it will simply appear as if the login was successful, never realizing that they just handed over the all credentials the attacker needed to access their account.   

It is even possible for attackers to detect which sites are in your history as well as what sites you are currently logged into and then customize the fake page to resemble a site you often use or are currently logged into, making this form of attack extremely effective and difficult to detect.  All major browsers are susceptible to this attack.  

Here’s what to watch for and how to avoid a potential tabnabbing attack and keep your identity, information, and login credentials safe:

Don't log-in on a tab that you haven't opened yourself. Since the tabnabbing tactic banks on you trusting that you opened the tab -- and that the site simply timed out -- the best defense is this offensive move. In other words, if you see a tab that contains a seemingly-legit log-in form, close it, then head to the site yourself in a new tab.

Enable browser settings and filters that will alert you to potential attacks. For Internet Explorer (IE) use SmartScreen. In Firefox and Chrome it's called "Phishing and Malware Protection;" Safari doesn't give it a name, but offers a setting that reads, "Warn when visiting a fraudulent website" in the Security section of its Preferences settings.

Look at the URL in your browser's address bar before filing in any form or giving out any personal information and verify the URL matches the login page. If there’s a discrepancy, close the tab
immediately.

Use a password manager. Third-party browser password managers like RoboForm for Windows or 1Password for Mac link saved log-in usernames and passwords to a specific URL. When you save the username and password on the log-in page of the legitimate site, the password manager won't auto enter the username and password into a non-matching URL which should alert you to a possible tabnabbing attempt.

For more info on avoiding Tabnapping read ComputerWorld’s How to Foil Web Browser Tabnapping.

How to Hack-Proof Your Smartphone

Mobile phone usage is growing rapidly and, according to Security Expert Robert Siciliano, cyber criminals are expected to pay more attention to the mobile sector as this trend continues to grow. From bulky bricks, to today's mini-computers, the cell phone has certainly evolved.

As Smartphones features continue to replace activities once reserved for our work or personal our computers, the data contained on our Smartphones becomes more valuable. The consequences of a cyber criminal accessing this information can be devastating. Though it was just last November that the first malicious malware hit the iPhone such viruses have now become mainstream as evidenced by anti-virus vendors like McAfee introducing an anti-malware solution for Smartphones. If you've ever accessed an online profile via a phone's internet connection then you have risked giving third parties access to your personal information. Imagine: Your identity could be stolen, you could be locked out of all of your accounts, account or financial data accessed, confidential business emails could be leaked, or your phone could even be used to spy on you.

In a recent study compilation by cellphones.org, sources indicated that 55% of Smartphone users believe that the individual is responsible for the security of their own phone. The fact is, no matter whose responsibility Smartphone security is, it is up to the individual to protect themselves. Bellow you will find tips on how to prevent cyber criminals from accessing your BlackBerry or iPhone.

BlackBerry:

The Blackberry is easily the most popular Smartphone on the market and, according to cellphones.org, the most ‘natively' secure. Just by having a Blackberry, you are one step ahead but that doesn't mean you don't still have to enable your security settings.

  • Enable your password. Under General Settings set your password to ‘on' and select a secure password. You may also want to limit the number of password attempts. Test to make sure that your password works by locking your phone to confirm.
  • Encrypt your data. Under Content Protection settings, enable encryption. Then, under ‘Strength' select either ‘stronger' or ‘strongest'. Though ‘strongest' is the most secure, ‘stronger' has faster encryption/decryption. Under the Content Protection settings you will also have the option to encrypt your address book.
  • When visiting password protected internet sites do not save your passwords to the browser. Anyone who finds your phone and manages to unlock it will then have access to all of your account data and your identity will be stolen. It may be annoying to have to enter your password every time but the extra 30 seconds is certainly worth avoiding identity theft.

iPhone:

The iPhone, which has captured over 25% of the Smartphone market, the second highest share in the industry, has notoriously poor encryption capabilities. As such, enabling the included security features and adding apps that allow you to secure your information is key to being a ‘safe' iPhone owner.

  • Enable the Pass code Lock and Auto-Lock. Go into your phones General Settings and set the 4-digit phone pass code to something that you will remember but is not ‘significant' to you. That means no birth dates, no anniversary dates, no children's ages. Then, go back into General Settings and set the Auto-Lock. Although you can choose from 1 min to 5min, the quicker your phone locks the safer it is from those who might be tempted to tamper with it while you aren't looking.
  • Turn your Bluetooth off unless you are using it. Bluetooth allows you to easily connect to a hands-free head set or to send files from your phone to a computer. However, this also works the other way. A tech savvy hacker with a laptop can easily hack your phone from the Bluetooth connection if it's on.
  • Download Simple Vault 1.2. Simple vault adds a second layer of protection to your iPhone by allowing you to password protect each of your apps. It also allows you to store your sensitive information right on your phone, unlike other security apps which send it to you over the internet when you access it

General:

  • Whenever possible, wait till you get to your computer on a secured network before accessing sensitive information. When responding to important work emails or checking your bank account balance it really is best to wait until you can access this information from a secure network. Anti-virus and anti-malware software as well encryption capabilities for computers are miles ahead than what is currently available for phones. So ask yourself before you enter your credit card number to that online store: Is it worth identity theft for me to do this now or can it wait till I get back to the office/home?
  • Consider investing in an Identity Protection service. This way, even if your Smartphone is compromised you won't be risking your identity.

Avoid Census Scams: Here’s what you can do to keep your household safe as the door-to-door follow-up begins May 1st

Phase One of the 2010 Census wrapped up on April 1st with the final receipt of mail-in forms. Phase Two is set to begin on May 1st, with nearly 700,000 temporary census workers across the United States going door-to-door in an attempt to collect Data on the 28% of American households whose mail-in forms were not received by the deadline. The second phase of the census could open the door for potential scammers to pose as census data collectors and go door-to-door "phishing" for your private information.

How to recognize a REAL census worker:

  • Census workers will show up by themselves, wearing a clearly marked identification badge (containing their name and photo, a Department of Commerce watermark, and an expiration date). Each Census worker will be issued a briefcase clearly marked with the 2010 Census Logo.
  • Census workers are trained to ask only the 10 questions of the official census form. An official Census worker will never ask you for your full social security, a cash donation, passwords, pin codes, or bank account information.
  • The Census worker will fill out the official Census form with you in person.
  • Census workers are trained to respond to households where English is a second language by asking you to identify the primary language of the household. They will then leave, and someone fluent in the primary language will return to complete the census information in the primary language.
  • A Census worker will never ask to enter your home.
  • The Census Bureau does not conduct any of its research via email. If you receive an email regarding the Census, do not open any attachments.
  • If you completed and sent the mail-in form prior to the April 16th deadline then you should not receive a visit in Phase Two.
  • You should receive a mailing notifying you that in the next couple of days you will be visited by a Census worker. If you receive a visit from a Census worker but did not receive a mailing from the Census Bureau verify the visitor's identity before providing any information.
  • If you are unsure if the visitor at your door is legitimate, call the Census Bureau at 1-800-562-5721 to verify. You can also ask the visitor for the local office's phone number and supervisor's name for extra security.
  • If the ‘Census Worker' at your door does not adhere to the above code, don't talk to them and contact your local Census Bureau office.

You think you've verified that the Census Worker at your door is real. Now what?

  • Never invite the Census worker inside your home. Step outside to talk to them, closing the door behind you.
  • If you must go inside, for any reason during your Census visit, close and lock the door behind you, leaving the Census worker outside. It isn't rude, it's safe.
  • Do not offer the Census worker any information not explicitly asked for on the Census form.
  • Do not suggest to the Census worker that you are home alone. Always suggest that there is someone else in the house. If you live alone, pretend you have a friend over.



TMI: Does Your Social Networking Activity Make You Vulnerable to Online Criminals?

MySpace, Facebook, Twitter, LinkedIn - with all the options and advantages, who doesn't have at least one social networking profile these days? The growth of online social networking in recent years has provided people with a new way to keep up with friends and family and connect with people all over the world.

What we sometimes don't realize, is that a lot of the information we post on these sites intended for our friends, family or trusted colleagues can also be seen by complete strangers.  Criminals have found a new source for information that can be used for crimes like identity theft, fraud and other scams that are sweeping the internet.   These criminals aren't looking for simple public record data, rather; it is the content of posts, updates and tweets that is putting social networking site users at increasing risk.

Social networking sites allow us to be constantly connected, to post whatever we want whenever we want, and we often don't think twice about what we post. Even in Twitter's 140 characters you have the opportunity to divulge enough personal information for an experienced online criminal to do harm. You may inadvertently give away your location by posting about your job, or you may post about a struggle you've been having with your bank and thus alert the social networking universe as to where you bank, what kind of banking you do, and what kind of account you have. Posting you mother's maiden name, mentioning an upcoming high school or college reunion, or talking about your favorite pets can provide criminals with just enough information about you to guess your password.

So what can you do to keep you identity from being stolen based on the information on your social networking profile? Check out the tips bellow to find out how you can keep safe:

  • Keep your information to yourself. Don't post your full name (at least leave out your middle initial), your address, your email address, birth date, or your phone number to any of your social networking profiles. Though most social networking sites prompt for them they aren't required, so don't post them.
  • Make all of your social networking profiles private, allowing only limited information to be viewed by people you have not approved as ‘friends' or ‘followers'.
  • Only ‘friend' people you actually know. It isn't uncommon for people to accept a friend request from someone because they have a mutual friend or even a complete stranger. Often online fraudsters will friend as many users as they can with the hope that someone will take the bait. If you aren't sure if you know someone, confirm their identity before you add them. If you can't confirm, don't add them. Remember, the casual social networker uses their profile to keep up with friends and family, so why would you allow someone into your network who wasn't a friend or family member?
  • Use secure passwords. Pick your passwords wisely, passwords that reflect your personal tastes or are ‘easy' to remember are often easy to guess. Consider a random set of capital and lower case letters and numbers, no less than eight characters. It's also a good idea to use different passwords for things like bank accounts than you do for social networking sites or email accounts.
  • Always think twice before you post. Remember that if you post something online it can't be taken back. Just because you delete something, there is a chance that the information is cached on the site or is available on archiving sites. So before you update your page on-the-fly from your cell phone be sure to THINK about what you are posting and how the information could be used and who has the ability to see it.
  • Talk to your kids about the risks. You aren't the only one online; if you have kids make sure they are practicing safe online habits. Talk to them about internet and social networking safety before anything has the chance to go wrong.

Know Before You File: Tax Fraud and How to Prevent it from Happening to You

With Tax Day looming, many Americans are scurrying to get their tax return filed on time. Still others, who've applied for and been granted an extension, have yet to even start the filing process. With identity theft crimes running rampant from individuals making false claims to elaborate scams involving rings of tax-preparers claiming millions in extra refunds, here's what you need to be aware of as you complete your tax returns and how you can avoid becoming a victim of a tax fraud scheme.

The 2010 tax season has already seen the biggest tax-preparer bust in US history. "Operation Brass Tax" landed 26 New York City tax preparers in Jail earlier this April for a variety of tax fraud schemes. A joint investigation by the U.S. Attorney's Office for the Southern District of New York and the IRS resulted in the arrests. The tax preparers submitted more than 35,000 suspedescribe the imagected fraudulent tax returns, claiming a total of $95 million in refunds.

The accused tax preparers have been charged with using the stolen identities of children and claiming them as dependents on their client's returns. They also created fictitious businesses to claim "business losses", used stolen identities from deceased individuals to submit fraudulent refunds, and used the stolen identities of residents of Puerto Rico, who do not have to file tax returns, to claim further refunds. It appears that the tax preparers were planning to keep the extra refunds for themselves as "profit".

In another case this year, a Colorado woman was indicted for filing fraudulent tax returns for her clients. Denise Smith posed as a CPA and filed fraudulent returns on behalf of unsuspecting clients. She claimed deductions they were not eligible for and lowered taxable income, also for her own profit. Many of her victims are now being audited and may face tax fraud charges themselves.

With increasingly busy schedules, more and more Americans are hiring tax preparers. Before you put your trust and financial information in the hands of a stranger, take a moment and review these tips to protect yourself from fraud:
- Ask to see your preparer's certificates. Make sure that your chosen tax preparer is appropriately certified to file taxes. Ask them for their CPA certificate and try to verify it with the awarding institution.
- Ask for recommendations. Ask your tax preparer for recommendations from clients whose return they've prepared in the past. If they can't produce any satisfied customers, don't use them.
- Run a background check. If you are using a self-employed tax preparer, run a background check on them to review their financial and criminal history. Have they ever been convicted of a financial or other relevant crime? Have they ever filed for bankruptcy? These are important things to know about a tax preparer before you give them access to your social security number, bank records and other financial information.
- Always double check. Before your tax preparer submits your return, ask to see the completed paperwork. Double check to make sure there are no obvious discrepancies between your claims and reality. If there are, make sure your preparer fixes it or take your business elsewhere.



Child Internet Safety: Is Your Child Practicing Safe Habits Online?

Do you talk to your kids about cyber safety? This is an issue that many parents overlook as it was not a topic of conversation when they were growing up. Nonetheless it is a topic that we encourage you to discuss with your kids.

Cyberbullying

Schools, parents, and teachers are being faced with the issue of cyberbullying for the first time. Bullying has always been a problem, but the onslaught of virtual communications such as text messages, emails and instant messages has given way to a whole new form of bullying. There have been numerous stories in the news recently of children falling victim to cyberbullying. The state of New Hampshire is currently in the process of passing a bill which will give schools the authority to address cyberbullying if it has an impact on the educational environment. If the bill passes, many states will likely follow New Hampshire's lead.

• Monitor your children's online activity. Know which sites they are visiting and who they are talking to.

• In many cases parents are unaware that their child is being picked on online, talking to your kids about cyberbullying and encourage them to talk to you if they feel they are falling victim to a cyberbully.

• Be aware that children and adults may have more than one profile on social sites such as facebook.com or myspace.com. As a condition for allowing them online access, ask them to share their online profiles with you.

• If you suspect that your child is hiding something from you, ask them to show you the most recent pictures they posted from their phone to their Facebook profile after they attend special events like a school dance, concert or party. Most likely they will post to their most active profile.

• Establish limits for online use. If your child knows you're around or if they can only use the internet for a limited amount of time each day they will be less likely to put themselves in situations that make them vulnerable to cyberbullying.

• Review your child's browsing history or set up parental controls that only allow your children to visit approved sites.

While computers have become a main staple in the curriculum of schools in the United States, a study recently released by the National Cyber Security Alliance (NCSA) and supported by Microsoft Corp., revealed that less than 1/4 of teachers in the U.S. have spent more than six hours teaching cyber ethics, safety, or security in the last year.

As a parent you cannot depend upon your child's school to teach them about cyber safety. If internet safety and security is part of the curriculum, sit down with your kids and ask them to tell you what they have learned. If you feel that the school has missed some important points, this is your opportunity to bridge the gap.

As a parent you are raising a new technology driven generation of computer savvy Americans and it is up to us to make sure that they have the knowledge needed to remain safe while using these skills. In each of these cases the most effective defense is having an open dialog with your kids. This will make them more likely to come to you if a problem should arise.

What do you do to protect your kids online?

Comment below or send us a tweet @Inteliusgal


Robert Siciliano: Why Debit Cards can become a Nightmare

Robert Siciliano, a leading Identity Theft and Security expert, discusses in a recent post some of the major risks associated with the use of debit cards, liability regulations of debit versus credit, and how consumers can protect their finances.

“Not all plastic cards are created equal. The major differences in Intelius and Robert Sciliano on Debit Cards and ID Securitycredit vs. debit is in the protections (or lack of protections) that come along with the fine print.A debit card is connected directly to a person’s bank account and when compromised can devastate your bank balance.”

Debit card regulation sets consumer liability for fraudulent purchases at $50 if they notify their bank within two days, whereas credit card users’ are allowed a sixty day reporting window.

If fraudulent debit purchases are not reported in two days, federal regulation allows the maximum liability to increase to $500.

Banks tend to be more skeptical and less flexible towards debit card fraud victims. In order to commit debit fraud, thieves need your card number and your PIN. If your PIN is compromised many banks will not assume responsibility for your loss.

So what should you do?

  • Avoid using debit cards, use credit instead
  • Carefully review your statements each month and refute any unauthorized charges as soon as you discover them
  • If you plan on traveling, contact your credit card company ahead of time so they won’t put a hold on your card when out of state charges begin to appear
  • Learn about card skimming and how to protect yourself
  • If you need cash stick to bank ATM’s and avoid the privately owned machines you may commonly find in convenience stores, restaurants or bars. Not only are these generic machines more susceptible to tampering, but they also store your account information which may be accessed by others.

For more information read Robert Siciliano’s complete post Why Debit Cards can become a Nightmare on his blog

What steps do you take to protect your finances?

Tell us on Twitter @InteliusGal InteliusGal on Twitter or leave your comment below.


Syndicate content