|
 |
Tuesday, March 18, 2008 |
Ten Myths About Identity Fraud
FEBRUARY 12, 2008 | 5:38 PM
By Tim Wilson
According to new studies of the ID fraud space, some reports offer data that debunks many of the current myths about identity theft.
1. There is a higher incidence of ID fraud today than in past years - The trend is downward, not upward.
2. There are more victims of identity theft and fraud today than there have ever been before - Some estimates are that the number is down, not up, from the year before.
3. Identity fraudsters are stealing record amounts of money from their victims - the cost of identity fraud and theft underwent its most precipitous drop last year.
4. Most identity theft and fraud occurs online - criminals are moving to places where the pickings are easier: telephone and mail fraud due in part to better web defenses.
5. Online attackers are the greatest perpetrators of identity fraud and theft.
identity theft is often committed by someone you know, rather than a stranger - a surprising 17 percent.
6. Large security breaches are the most dangerous to users – Apparently criminals can only exploit so many identities regardless of the size of the “haul”.
7. Identity thieves distribute their booty widely, selling or publishing it wherever they can - no evidence found that fraudsters who misuse breach data were selling the data broadly or distributing it over the Internet.
8. Valid credit cards are an identity thief's primary target - There are many other ways to use personal data that can be just as dangerous to the consumer, researchers say.
9. Fraudsters steal as much personal data as they can, storing it up until they are ready to use it - in most cases, online fraudsters don't store up stolen ID information, but cycle through it quickly.
10. The incidence of identity fraud is pretty much the same from state to state - Consumers in California, Delaware, Idaho, Illinois, and West Virginia have experienced a higher rate of identity fraud and theft.
7:30:05 PM 
|
|
|
Monday, January 30, 2006 |
Micorsoft Security At Home: "Browser hijacking" is a common type of online attack in which hackers take control of your computer's Internet browser and change how and what it displays when you're surfing the Web. [Included are: info for determining whether your browser has been hijacked; more importantly, preventing hijacks; and what you can do to restore a browser that's been hijacked. Once again the same basic steps apply: use your common sense about downloading executable code from "strangers"; keep your operating system up to date especially with security fixes, your MANDATORY protective / detective tools (anti mal/spy/ad ware) as well - same thing for your browser of course.]
2:44:23 PM
|
|
|
Sunday, January 22, 2006 |
Some of the biggest names on the Internet, including Amazon.com, Microsoft and Google are providing evolving local search and mapping services, where the photographic images are typically rendered as search results. Some of the images are so detailed you can tell whether a neighbor's hedge was recently trimmed or whether the car parked in front of a favorite local eatery might belong to a friend. Now that searchable databases of detailed pictures covering wide swaths of urban areas are readily available to the public, some privacy advocates are worried about the risks of such picture perfect exposure to vulnerable citizens such as women in domestic violence shelters. [This is another "log on the technology/anti-privacy fire." While Privacy - the formal/legal entitlement - is receiving increasing attention, privacy - the informal/social expectation - has been eroding for decades. However, as noted in the article, no more information is available - perhaps less - than can be gotten by walking in your neighborhood. What's different as with camera phones, digitized photos, etc. is the minimal cost to record, store, preserve and distribute this "private" information.]
10:21:34 PM
|
|
|
Monday, August 15, 2005 |
By default, Microsoft Office Word 2003 documents contain hidden data. One measure you can take when sharing documents with others is to remove the information you don't want others to see. This article presents various ways that information is stored in a document and how to remove that information.
10:06:01 AM
|
|
|
Sunday, May 15, 2005 |
Anyone can eventually find your blog if your real identity is tied to it in some way. And there may be consequences. [Here are] a few simple precautions to help you maintain control of your personal privacy so that you can express yourself without facing unjust retaliation. [A combination of social and technological techniques, and legal considerations.]
2:17:42 PM
|
|
|
Friday, May 13, 2005 |
MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June (2004). The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.
10:59:18 PM
|
|
PGP Corporation has launched a radical overhaul of its PGP desktop security suite aimed at making its products more comprehensive and easier to use. PGP Desktop 9.0, released Monday 9 May, features "automatic operation so email, instant messaging (IM), whole disk, and file encryption are secure without user interaction or training", the blurb boasts.
PGP Whole Disk encryption means an entire laptop, including USB drives and backups, can be secured at one fell swoop against previous approaches where users have used the software to set up a virtual, encrypted disk on their PC. Existing product features - such as PGP Virtual Disk encryption, PGP Zip (file compression), and PGP Shred (permanent file deletion) - have been retained.
10:56:54 PM
|
|
Microsoft is launching a PC "health service" that promises to deliver automated protection, maintenance and machine tune-ups in a single package. Windows OneCare initially is being distributed to company employees as part of a testing and development process before public beta availability later this year. The subscription service will be continually updated in an effort to address safety issues such as worms, viruses and spyware.
Micorosoft also is focused on broader PC health issues, including: the protection of digital photos, music, financial data and software, as well as system performance. Windows OneCare will provide updated antivirus, antispyware and two-way firewall protection. The package offers periodic disk cleanup, hard-drive defragmentation and file repair. Automated file backup also is offered, along with the option to back up all files on the system or only those that have changed since the last time the action was performed.
10:21:46 PM
|
|
According to Netcraft, some fraudsters are replacing text content on their phony sites with similar-looking images, "making it much more difficult for automated systems to detect the presence of keywords such as 'PayPal' and 'credit card.'"
In an online alert, Netcraft illustrated how a phisher could simply embed text within an image to hide it from filters. The text would still be readable by a possible victim, but not by a computer.
10:05:17 PM
|
|
|
Tuesday, April 19, 2005 |
Amazon.com knows things about you that you may not know yourself. Though plenty of companies have detailed systems for tracking customer habits, critics and boosters alike say Amazon is the trailblazer, having collected information longer and used it more proactively. It even received a patent recently on technology aimed at tracking information about the people for whom its customers buy gifts.
Some privacy advocates believe Amazon is getting dangerously close to becoming Big Brother with your credit card number. "They are constantly finding new ways to exploit personal information," said Chris Hoofnagle of the Electronic Privacy Information Center, an Amazon nemesis since 2000 after the company changed its privacy policy to allow sharing of personal information with companies it buys or partners with. More recently, the Seattle-based virtual retailer has launched a Web search engine, called A9, that can remember everything you've ever searched for — and the site reserves the right to share that information with its retailing arm. Amazon also funds a Web site called 43 Things. It seeks to link people with similar goals, such as getting out of debt.
11:15:35 AM
|
|
Some lawmakers say that as online dating becomes more popular, users need better protection from predators. Twenty-six million people visited dating sites in January, according to the Internet research firm Nielsen/NetRatings. The Senate is considering legislation that would require an Internet dating company serving Michigan residents to disclose on its Web site whether it has conducted criminal background checks on users, based solely on the names provided. A provider also would have to disclose the limitations of background checks and urge members to adhere to safe dating practices. The legislation is backed by True.com, the only online dating service that performs criminal screening. Similar legislation has been proposed in five other states: California, Ohio, Virginia, Florida and Texas.
Critics — including most online sites — say any feeling of security would be deceptive because there is no way to ensure people give their real names. [Further] ... the measure blatantly favors True.com and argue that the free market should drive demand for background checks, not the government. [Good grief! How did we date (safely) before the Internet came along?]
10:05:34 AM
|
|
Husbands and wives, moms and dads, even neighbors and friends increasingly are succumbing to the temptation to snoop, thanks to a growing array of inexpensive, easily accessible high-tech sleuthing tools once available only to professional investigators. And a growing amount of free personal information is so easy to find online that many Internet regulars don't think of it as spying. Plug a name into Google and you have an instant background check. Spying is so common that thousands of Web sites and dozens of retailers across the country now sell surveillance tools, and business has never been better, says Jason Woodside of the International Spy Shop in San Francisco.
BUT ... A Florida state appeals court judge, for example, ruled in February that spy software that a wife had installed on her husband's computer was illegal. Other cases in the headlines involve a Colorado Springs man who was arrested in February after he was accused of planting a GPS device in his wife's car to track her. And after a privacy outcry, an elementary school in Sutter, Calif., abandoned a plan that gave children mandatory radio-frequency ID badges so the school would know where they were at all times. [It seems inevitable that we eventually "turn the gun on ourselves".]
9:29:25 AM
|
|
|
Sunday, March 06, 2005 |
True.com has taken on the rest of the online dating industry in pushing state legislators to require matchmaking sites to conduct criminal background checks on members or post a warning that no such screening has been done.
8:51:31 PM
|
|
|
Wednesday, March 02, 2005 |
Five Tips for Using a Public PC With spying software, a criminal can grab your passwords and usernames. Ultimately, you could lose your money or have your identity stolen. That should tell you enough to be wary of public PC terminals.
9:09:50 PM
|
|
|
Saturday, December 11, 2004 |
In a semiannual study of 27 of the largest telecom companies, the Boston-based Customer Respect Group found 85 percent of the largest telecommunications companies share personal data provided by Web site visitors without first asking permission. The companies that did not share data with internal marketing departments, affiliates, subsidiaries, or business partners included AT&T, Nextel Communications Inc., Sprint Corp., and Verizon Wireless.
5:32:00 AM
|
|
|
Tuesday, November 23, 2004 |
Next time you make a printout from your
color laser printer, shine an LED flashlight beam on it and examine it
closely with a magnifying glass. You might be able to see the small,
scattered yellow dots printer there that could be used to trace the
document back to you. According to experts, several printer
companies quietly encode the serial number and the manufacturing code
of their color laser printers and color copiers on every document those
machines produce. Governments, including the United States, already use
the hidden markings to track counterfeiters. One way to determine if your color laser
is applying this tracking process is to shine a blue LED light--say,
from a keychain laser flashlight--on your page and use a magnifier.
10:06:55 PM
|
|
Court records are presenting a tricky challenge for open-government
types and privacy advocates. In most parts of the country, people can
drive to a courthouse to view all types of records. But should those
same records -- which include medical histories, divorce records,
arrests -- be online in the age of omniscient search engines and
identity thieves?
9:53:59 PM
|
|
|
Saturday, November 13, 2004 |
Offices in about a quarter of U.S. counties post Social Security numbers on their Web sites, according to a study conducted by the Government Accountability Office, the investigative arm of Congress. Relatively few federal and state offices post Social Security numbers online, according to the GAO. |
8:39:07 AM
|
|
Friday, October 29, 2004 |
One of the "Internet's foremost experts in Web usability" (according to Business Week) and the man who ranks number six on ZDNet's "The Web's Ten Most Influential People" calls for a change in policy to thwart Internet scams, saying, "User education is not the answer to security problems." Jakob Nielsen says a strategy relying on user education puts the burden on the wrong shoulders. The only real solution, according to Nielsen, is to make security a built-in feature of all computing elements.
2:56:23 PM
|
|
|
Wednesday, October 27, 2004 |
In findings, from a detailed survey of 329 consumers that included inspections of each of their home computers, released Monday by America Online and the National Cyber Security Alliance (NCSA), a picture emerges of consumers increasingly using their home PCs for sensitive, online transactions without adequately protecting themselves from cybercrime.
While 77% of the survey respondents believed they were safe from online threats, two-thirds lacked current anti-virus software and did not use any firewall protection. More than half said they did not understand the difference between the two. Yet 84% stored personal data on their home PCs, and 72% routinely used the Internet for sensitive transactions, such as banking and medical data exchanges.
7:45:34 PM
|
|
|
Saturday, October 23, 2004 |
Some 41 percent of all Internet users use IM to communicate in real time, according to comScore Media Metrix, a research group that measures Internet demographics. Among users ages 12 to 17, the proportion is even bigger: 55 percent. Conscientious parents are careful about whom their children associate with, but many of the tried and true methods of monitoring behavior are ineffective when it comes to the Internet. But there are tools that allow parents to monitor and restrict children's use of instant messaging services. Controls range from blocking access to limiting your child's contacts, or even controlling what can be typed in an instant message window. The best protection strategy depends on the type of IM system your children use.
9:45:33 AM
|
|
|
Friday, October 22, 2004 |
Officials of Florida's child-welfare agency acknowledged that confidential records for nearly 4,000 abused and neglected children were available on the Internet until this week. The files were accessible on the Web site of Kids Central, a privately run children's agency, and included names of children, as well as details such as birth dates, Social Security numbers, photographs, case histories and even directions to foster homes.
7:45:45 PM
|
|
|
Thursday, October 21, 2004 |
It began as one of the Bush administration's most ambitious homeland security efforts, a passenger screening program designed to use commercial records, terrorist watch lists and computer software to assess millions of travelers and target those who might pose a threat. The system has cost almost $100 million. But it has not been turned on because it sparked protests from lawmakers and civil liberties advocates, who said it intruded too deeply into the lives of ordinary Americans. The Bush administration put off testing until after the election.
Now the choreographer of that program, a former intelligence official named Ben H. Bell III, is taking his ideas to a private company offshore, where he and his colleagues plan to use some of the same concepts, technology and contractors to assess people for risk, outside the reach of U.S. regulators, according to documents and interviews.
6:33:58 PM
|
|
Security freeware is pretty popular. The price is right and everyone needs more security. What's the catch? But just because software is free doesn't exempt it from the requirements of paid software. Folks who write security tools should practice secure coding. Authors of security freeware should be accessible and accountable for the product they provide; in security-speak, the software should have readily identifiable, non-repudiable origins. Folks who make security software available should have competent, security-savvy staff to support and maintain it.
So if you are considering security freeware, remember the five Ws. Who wrote the software? Can you identify and trust the developer? What does the software do? When should you use security freeware? Why are you choosing freeware over commercial ware? Where do you intend to use security freeware?
6:21:07 PM
|
|
An August intrusion into a social researcher's computer may mean that more than a million Californians need to call the credit bureaus.
On Tuesday, the California Department of Social Services warned the providers and recipients of the state's In Home Support Services (IHSS) that their names, addresses, telephone numbers, Social Security numbers and dates of birth may be circulating the Internet. IHSS allows individuals to get paid for providing in-home care to senior citizens. The warning comes after an unknown attacker slipped in through a security hole in a social researcher's unsecured computer at the University of California, Berkeley, on Aug. 1, perhaps making off with 1.4 million database records containing personal information. The researcher noticed the trespass on Aug. 30 and the university notified the state in mid-September.
3:58:21 PM
|
|
|
Tuesday, October 19, 2004 |
A new free SANS newsletter has gotten rave reviews from unsophisticated end users - they really appreciate the plain non-technical writing and the cool examples. It's called OUCH! More than 500 security awareness professionals from around the US and the world helped them get it right. If you want to redistribute it to your users, that' allowed. The newsletter includes a pointer to a great phishing quiz for anyone who thinks he or she can spot a phishing email. To subscribe go to the newsletter page at the SANS portal and choose it.
12:22:32 PM
|
|
|
Monday, October 18, 2004 |
Martha Reeves, former lead singer of Martha Reeves & the Vandellas, says eBay left her open to identity theft by posting a contract on its Web site that showed her Social Security number and signature.
9:56:06 PM
|
|
|
Friday, October 15, 2004 |
It appears that every geek’s favorite search engine has won the race as the Mountain View, California company unveiled Google Desktop Search (GDS) on Thursday morning. The main feature of GDS is the ability of the user to search all files and folders of their computers hard drive, in addition to the Internet when running search strings through Google. The application itself is very small - only about 400k - and according to Google, after installation, GDS will run in the background indexing your hard drive on a continuous basis.
Privacy advocates have expressed some serious concerns about GDS. The biggest questions concerning the security of computer administrator files and folders on a Windows XP machine, and the ability to search other users' personal e-mail in a search queue. To help alleviate fears, Google engineers made it clear that no information contained on indexed hard drives is ever sent back to Mountain View, although they did acknowledge that the program will "ping" Google's servers on a daily basis in an effort to monitor the health of the program and determine how users are utilizing the features in GDS. You can download GDS here.
Excerpt from Google Desktop Search Terms and Conditions: Consent to Collect Non-Personal Information
Google Desktop Search may collect certain non-personally identifiable information that resides on your computer, including, without limitation, the number of searches you do and the time it takes to see your results. Unless you choose to opt out, either during installation or at any time after installation, non-personal information collected will be sent to Google. This information will be used by Google only for purposes of operating and improving future versions of Google Desktop Search and will not be disclosed to any third party or used for any purpose other than as described in this agreement. To learn more, please read the Privacy Policy located at desktop.google.com/privacypolicy.html.
[The excerpt from the "T&C's" implies that you can opt out from the collection of "non-personal information". I'm going to install it myself and see if my firewall can do the same thing. UPDATE: more information - see Google's Desktop Search is valuable, yet creepy , excerpt below. Yet the author states that, according to a "consensus of internet security and privacy experts", GDS will not generate controversy. Note: This version is Beta status and Google has been known to run beta programs for months or years. ]
Desktop Search does three things in particular that could compromise your privacy when someone else uses your computer:
First, the software keeps a copy of all your AOL Instant Messenger conversations. AIM, for many users, is like talking over the water cooler at work -- you say things you don't want preserved for posterity. Until now, AIM conversations with your buddies disappeared from your computer the moment you closed the discussion window. Desktop Search, however, makes a copy of AIM conversations and keeps them forever.
Second, the software keeps its own copy of all your Outlook and Outlook Express e-mail messages -- even after you delete them from within Outlook or Outlook Express. A confidential company memo, in other words, will still pop up during Google searches after you've emptied the Deleted Items folder in Outlook.
Third, the software keeps a copy of every Web page you visit and lists those pages in search results with the date and time of your visit. This even includes Web pages that are supposed to be secure from prying eyes, such as those run by online banking sites.
That means if someone else uses your PC and enters the word "bank" or "brokerage" in Desktop Search, they could uncover your confidential financial information. There are controls within Desktop Search to block each of these three search features, but it's not immediately obvious how to find them and many users will never bother to learn.
7:57:39 PM
|
|
|
Wednesday, October 13, 2004 |
Tad Hirsch, a research assistant at MIT's Media Lab, has adapted a desktop version of the iSee Project for use in handheld devices using Java programming language. Walkers can roam Manhattan armed with information that will allow them to steer clear of cameras if they wish - though escaping the cameras' unblinking gaze may not be easy. Privacy advocates have added hundreds of cameras to the Manhattan map using a Web-based interface, www.appliedautonomy.com/isee, developed by the Institute of Applied Autonomy, an activist organization concerned about surveillance.
8:25:56 PM
|
|
© Copyright 2008 iWay-Safety.com.
|
|
|
