Archive for October, 2013

Online identity theft can impact anyone. However, according to the U.S. Federal Trade Commission, consumers who are 65 or older are particularly susceptible, .

IT security firm McAfee recently released a study that investigated the online activity of the 50-plus generation, revealing that the five hours a day on average they spend online exposes them to security and social media risks that may compromise their data. For instance, 88 percent of older Americans are more likely to share personal information online than their kids or grandkids, despite claiming that they are just as tech-savvy as younger generations. An estimated 26 percent of older respondents, according to McAfee, have shared their home address, while 27 percent have disclosed a cellphone number. In a what can make them vulnerable to phishing attacks, more than 50 percent of senior citizens have shared their email address online.

"The use of social networks among people 50-plus is trending now that it's become more commonplace across all age groups," said Michelle Dennedy, vice president and chief privacy officer at McAfee. "It seems counterintuitive that sharing personal information with strangers would not concern them, however. This further highlights their need to better understand the difference between the real and perceived dangers online and how to best protect themselves."

The figures begin to get more worrisome when looking at password protection metrics. About one-third of the 50-plus generation claim to have password protection for their tablets and smartphone devices, while just shy of 60 percent of seniors claim their devices are equipped to block malware, viruses and other programs favored by identity thieves.

"Many seniors spend lifetimes building credit and saving money for their golden years, but the identity thieves steal their hard-earned savings or ruin their reputations," said FTC Chairwoman Edith Ramirez at a recent forum on senior identity theft, The Street reported.

Fighting Cybercrime for Seniors
The AARP is teaming up with Washington State Attorney General Bob Ferguson, among other consumer fraud experts, to help fight online fraud and identity theft,  .

"Whether it's over the phone, through the mail, online or even at your doorstep, con-artists are coming up with new and deceptive ways to scam you and your loved ones," Ferguson said at the Museum of Flight in Seattle for the anti-fraud seminar SCAM JAM. "But we're fighting back, and today's event is the first in a series of efforts to make Washington the hardest state in the nation to defraud consumers."

As a significant part of fighting identity theft, the Fraud Watch Network – a system to raise awareness about possible malicious activity – will help residents avoid scams and potentially threatening online activity when they sign up. They'll receive alerts about new scams and can report suspicious activity with the AARP Foundation Fraud Fighter Call Center in Seattle.

social media after death

It’s a tangled Web we leave when it comes to managing digital assets after death.

Email, blogs, financial accounts, Internet properties, files and social networks live on after we’re no longer physically here—and without the passwords, family and loved ones can be shut out from important information at a difficult time.

Identity thieves cause additional heartache by stealing personal information of the deceased and spamming friends and relatives. Nowhere is that more prevalent that on social networks. Friend requests and recommendations may be made to and from the deceased through automated programs, mutual friends or hackers. And while social networks have policies on deactivating accounts of the deceased, they usually require additional proof in the form of death certificates and published obituaries.


Since the majority of data breaches that occur are "crimes of opportunity" – hackers seeing an opening and using it – it's important for everyone involved in your business, whether it is employees, clients, freelancers, contractors or consultants, to understand the importance of data security and corresponding best practices. 

"Most of our clients are pretty sophisticated in terms of technology, but they may not think about advising their clients on security basics," said Ted Devine, CEO of TechInsurance. "Often, that's because they don't realize that, even if their own security measures are top-notch, their clients' security lapses can expose them to costly cyber liability claims."

Verizon Enterprises recently released its 2013 Data Breach Investigations Report that revealed 48 percent of all data breaches are enabled by in-house mistakes made by employees or contractors who have no training or familiarity with data management protocol. As a result, providing training to involved parties will help mitigate the possibility of a breach.

In tandem with training, it is critical to review the basics of a systems security: passwords. While this is a basic safety measure, 76 percent of data breaches occur because a password is successfully – and easily – guessed. This, in combination with the encryption of sensitive data and limiting access to sensitive information, establishing a data management protocol for the use of business assets, such as laptops and mobile devices outside of the office, should help protect the integrity of your system.

A Security Strategy
The most important concern among businesses is loss of brand reputation or customer trust, and how to avoid that loss, according to IBM's A New Standard for Security Leaders report[source is always at the end of a sentence for ID Theft]. Cybercrime, data theft and data breaches can all impact customer trust. However, the study revealed that 24 percent of the information security leaders polled by IBM said they actually tracked the security issues and their impacts on brand reputation. 

IT management is especially pertinent when it comes to mobile devices. For organizations and employees who use their own devices, less than 40 percent claim to have specific mobile data security and usage policies for such devices, according to the IBM study.

In the shadow of the massive data breach at Adobe just a few weeks ago, leaders should continue to focus on enterprise identity, access management, database security and network intrusion as priorities. However, ensuring that marketing concepts such as brand reputation and customer trust are tracked in the event that a data breach occurs should also become a priority in the development of a business's strategy and security planning.

Matt Cullina is chief executive officer of IDentity Theft 911.

Q&A w Ondrej SMB

Scammers are news-savvy individuals who know how to take advantage of consumers and business owners as trends and legislation change. The Affordable Care Act is no different. Here are some tips to keep you, your employees, and your customers safe from Obamacare scams.


With the implementation of the Affordable Care Act and its provision requiring the migration of medical records to electronic formats, California Attorney General Kamala Harris released new identity theft guidelines, .

"Medical identity theft has been called the privacy crime that can kill," said Attorney General Harris. "As the Affordable Care Act encourages the move to electronic medical records, the health care industry has an opportunity to improve public health and combat medical identity theft with forward-looking policies and the strategic use of technology."

The guidelines outline best practices for insurers, healthcare providers and consumers so that they can protect themselves from identity theft. The impact of medical identity theft, when an individual uses the personal information of another to obtain medical treatment, services or prescription medicine, and the inaccuracies it causes to patient records may pose a serious risk to a patient's well-being.

Medical Identity Theft Is Widespread
According to data from research firm Ponemom Institute, 1.84 million adult-aged Americans have experienced identity theft regarding medical information, . During the past year, an estimated 313,000 have fallen victim to medical identity theft – up 19 percent since 2012.

In a recent survey, the institute polled 788 identity theft victims and found that, above all, it is preventable. However, education and awareness is needed. An estimated 36 percent of medical identity theft victims incurred significant costs associated with legal counsel, medical services and other related incurred costs averaging $18,660, .

Signs of Identity Theft
Receiving a data breach notification from a hospital, doctor's office or any other healthcare provider should raise concern for consumers, as this puts them at increased risk of medical identity theft. Getting calls from a debt collector about an unfamiliar medical bill, an unknown item in an Explanation of Benefits letter from your insurance company or being asked strange questions by your doctor are other indicative signs identity theft has occurred.

In addition to giving advice and alerting readers to warning signs of potential medical identity theft, Attorney General Harris outlines guidelines and best practices for healthcare providers, including the implementation of a theft response program with policies and procedures when conducting an investigation. Harris also encourages healthcare providers to provide a free copy of relevant components of their medical records for them to closely examine their history and look for signs of fraudulent transactions or claims.

Matt Cullina is chief executive officer of IDentity Theft 911.

National Protect ID Week

It’s National Protect Your Identity Week, an annual campaign to raise awareness about identity theft, which hits more than 12 million Americans per year—at a per victim cost of nearly $5,000, according to some reports.

Protection doesn’t have to be costly, in money or time. Here are 10 quick, easy and free ways to reduce your risk—this week or any other:



It’s always a good idea to back up your computer files. But now, it’s a great idea.

An especially nasty form of ransomware—known as CryptoLocker—was recently discovered, and it puts computer users at risk of losing their files forever.

In most forms of ransomware, infected computers “freeze” and essentially are held hostage until a ransom is paid. Perhaps the best-known and most widespread scheme: False messages claiming to be from the FBI, accusing computer users of watching child porn or some other illegal online activity. A “fine” is demanded to unfreeze the computer.


After experiencing a string of data breach incidents in California's Monterey County and San Mateo County that put the information of thousands of Californians at risk, some companies are taking a closer look at their own organizations and how they handle data security.

California Data Compromised
After a Monterey County Department of Social Services (MCDSS) computer was jeopardized by unauthorized users overseas in March 2013, the MCDSS launched an investigation to determine if sensitive, personal information was compromised, the .

"An investigation into the incident was conducted to determine if any sensitive information on the computer was exposed," MCDSS director Elliott Robinson wrote in . "That investigation concluded that the unauthorized users were able to break through the password protection on the computer between 3/17/2013 and 3/18/2013. While we have been unable to determine that the data on the computer was retrieved or transferred by the unauthorized users, there is a possibility that the … information was accessed."

Robinson reiterated that the hacked computer hadn't been used since 2009, but was still connected to the state network. He theorized that a power surge could have booted up the computer, the Monterey Herald reported. That allowed hackers to use the machine as a portal to the names, birth dates, addresses and Social Security numbers of up to 144,493 people who were in the MediCal, CalWorks, CalFresh and Foster Care payment system.

In an unrelated event, the Legal Aid Society of San Mateo County sustained a data breach of personal data stored on 10 of its laptops on Aug. 12, . Just as with Monterey County, the data on the lawyers' computers included the Social Security numbers, names, dates of birth of various patients who were working with the Legal Aid Society.

As a result, the Legal Aid Society of San Mateo County sent a letter to the California Attorney General's office, among others that had their data compromised, explaining the incident to users whose personal and medical information may have been compromised. However,  unlike Monterey County, the data was not compromised by an overseas entity, rather it was stolen along with the laptops that were burglarized from the society office. 

In both incidents, however, there is a very real human element involved in data breach, whether it is hackers, identity thieves or even company insiders. 

Solving the Insider Issue
While distant, high-profile data breach stories populate the headlines, new data suggests that, contrary to popular belief, the biggest threats to  security and data breach protection are internal. According to the , Understand the State of Data Security and Privacy, cited by , 36 percent of data breaches in the last month were caused by human error that typically did not exhibit malicious behavior. 

In the same report, less than 42 percent of employees in North America and European small- and mid-sized businesses surveyed said they had received training on how to handle data, so it isn't surprising that so much data is being mishandled. Little more than half of those employees were aware of their company's security policies.

"Companies have spent fortunes defeating network attacks, firewall breaches, viruses – but left their data center exposed to the biggest security problem that exists – people," Barry Shteiman, director of security strategy at Imperva, speaking at ITPro and cited by the source. "The insider data breaches problem is so big because it does not necessarily mean hackers. Any employee in an organization may be a malicious insider, and even worse, any employee can be a compromised insider – it doesn't matter if it's the receptionist or the CEO – as long as they have access to the company's data."

Answering the questions and rising to the challenges of data breach protection will undoubtedly become more complex for companies as technology opens up new ways to access information . As a result, some think data security needs to be approach holistically to be the most effective.

apartment scam
Rental scams have exploded in recent years, typically preying on vacationers looking for a week or two of R&R—only to get a “ruse” and “ripoff” in paying upfront for unavailable properties that don’t exist, are actually “for sale” (not rent), or are currently occupied.

But there’s a more sinister—and troublesome—result of this shelter skelter: identity theft when apartment hunting online.


2_Story 2_Cyberbullying resources

Kids and technology can be a dangerous combination—and cyberbullying provides proof.

According to the “McGruff’s” National Crime Prevention Council, roughly 43 percent of teens have been cyberbullied—victims of cruel or embarrassing messages and photos sent via the Internet, cell phones or other technology. Their bullies often hide their true identities.