Archive for March, 2014

Tax season is here, and identity thieves are targeting the millions of Americans filling out their tax forms. One thing consumers ought to be wary of is online tax fraud. Identify theft as a result of criminals obtaining tax information illegally is on the rise. In 2011, only 276 people were charged with tax identity theft. But in 2012, that number climbed to 898, and then grew to 1,492 in 2013, .

However, here are a few more tips to protect your identity online: 

Don't Reply to Emails from the IRS
If you think you've received an email from the IRS, take a closer look. It may be part of a scam.

"The IRS never sends unsolicited, tax-account related email and does not collect personal or financial information, PINs, or passwords via email," said Kelley C. Long, a member of the National CPA Financial Literacy Commission at the American Institute of Certified Public Accountants, to the Christian Science Monitor.

If you are really uncertain as to whether the email you have received is from the IRS or not, Google the title or call the IRS to ask if the email is real. More likely than not, it is part of a phishing scheme.

Be Careful with What You Put Through the Mail
, most fraud happens when information used to file tax returns – such as pay stubs - are intercepted through the mail. It is actually safer to e-file your taxes than to send them through the post office. You should be wary if there are any delays in receiving your tax refund.  If you must send your taxes through the mail, then pay to have the documents sent through Certified Mail just to be safe.

"A lot of tax checks, Social Security numbers, come through the mail, sometimes these get stolen… People just steal checks right out of the mailbox," said Hem Vaidia of Smart Tax, according to WFMZ.

Secure Your Internet Connection
CS Monitor recommends that you do not submit your taxes electronically in a coffee shop using a public wireless connection, as they are not secure enough. Instead, according to Long, you should use your password protected internet at home, or better yet, directly connect your computer to your modem.

Shred Your Documents
Make sure to shred all your tax documents (unless you need to keep them for record keeping purposes). Also, be sure to use a confetti shredder, as documents that only go through a straight shred can be pieced together again.

If you are going to keep documents, make sure to hold them securely. Don't leave your files on your desk where anyone could see them. If you scan your files to your hard drive, then keep your hard drive secure or put the data onto a disk that you can keep in a safe.

Walter Boyd is senior privacy advisor at IDT911 Consulting.

A new Trojan is making its way into the Facebook community, . This one operates by sending out Facebook instant messages that contain messages like "lol" in order to get the users to open the attached file. The file in question is actually malicious software that will infect the PC and cause it to begin sending out its own Facebook IMs to other users, perpetuating the cycle.

Facebook is aware of the virus, and is currently working to correct the problem.

"We're aware of these messages and are actively removing the malicious links from our systems," a Facebook spokesperson wrote.

The Trojan targets Windows users, and only works through Facebook. It works to steal online credentials. Unlike similar viruses, this one incorporates a Java Archive file, which then downloads malware from a third party site.

"Usually we only see this kind of method used on drive-by attacks, where the Java [file] is used to exploit the system and execute the malware," wrote Adam Kujawa, leader of Malwarebytes's malware intelligence team. "In this case, the Java file (not inherently malicious on its own) reaches out and downloads the actual malware from a remote Dropbox account. It then installs the malware as a service on the system, silently."

NSA Hacks Computers through Fake Facebook Servers
According to recent information , the ​U.S. National Security Agency has been hacking computers by tricking people into accessing fake Facebook servers.

Initially intended for between 100 and 150 people who would have been hard to target otherwise, the procedure has been automated through a process called TURBINE, according to documents revealed by NSA whistleblower Edward Snowden. TURBINE is designed to "allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually."

In particular, the hacking method that uses Facebook is called QUANTUMHAND. When the user tries to access the social media site, the agency will send "malicious data packets" that will appear to come from a genuine website. In fact, the user is being infected with a virus that will enable the NSA to access his or her files remotely, according to First Look.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, this news is troubling, particularly the way it seems to be built directly into TURBINE's system.

"As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that's terrifying," Blaze said.

Mark McCurley is information security advisor at IDT911 Consulting.

Podcast_Icon

Steer clear of pop-up fast-file tax preparers with these tips from Adam Levin, chairman and founder of IDentity Theft 911.

(more…)

Podcast_Icon

Listen to Adam Levin, chairman and founder of IDentity Theft 911, walk through the 3Ms of identity protection in this podcast.

(more…)

MasterCard and Visa are both pushing for increased security measures after Target's recent security breach, according to . 

They are advocating for EMV chips to be installed in the cards to replace magnetic strips, which are easier to hack. EMV chips have already become mainstream in Europe, Canada and Hong Kong, . Customers insert the cards into a terminal, which reads the computer chip, and then the customers enter a PIN number or sign their name. The terminals require the chip inside the card into order to operate - they will not work without the chip, which makes the cards harder to replicate and make fraudulent copies.

"EMV chip cards are an effective deterrent to counterfeit card fraud, which is the largest category of fraud," Randy Vanderhoof, the executive director of the Smart Card Alliance and director of the EMV Migration Forum, told SC Magazine.

Data breaches at stores like Neiman Marcus and Michaels are making the retail industry more concerned about updating technology before more hacks occur. Credit card companies believe EMV will be the next step that the U.S. takes to catch up with Europe and find greater credit card security.

But companies also want to work together now to find new ways at preventing credit card fraud.

"Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust," said Chris McWilton, president of North American Markets at MasterCard.

Better Credit Card Security Through Tokenization
It was 10 years ago in the early 2000s that Target worked with Visa to try to get credit card companies to switch to using EMV chips in their cards for payments, . However, the technology at that time was new, and both parties were concerned that people wouldn't know how to use the systems.

But times have changed. All of the major credit card companies are now working together to enforce the chip technology. The deadline is currently October 2015.

Some experts are saying that while adding the EMV chips may prevent some fraud, Target's cyberattack wouldn't have failed with EMV chips. In fact, what Target's payment systems needed was tokenization, according to Julie Conroy, senior analyst and fraud expert with Aite Group.

Tokenization works by switching credit card data with a token during payment transactions. These tokens are sent instead of credit card numbers. Because Target's data breach was made possible with a Trojan that had infected the retailer's payment system itself, merely using EMV cards wouldn't have solved the problem.

Mark McCurley is information security advisor at IDT911 Consulting.

Consumers are less and less confident about using their credit cards to pay for things ever since some major retailers like Target reported security breaches, . Even so, many consumers are still paying with their credit cards.

A survey conducted by Balance Innovations found 59 percent of respondents haven't made any changes to how they pay for goods. At the same time, 32 percent say they plan to use cash more often now than before.

Using Cards Online Can Be Dangerous
Recently, online shopping has taken a hit – shopping sites like Smucker's have been hacked, .

In the case of Smucker's, the hackers infected servers with a Trojan that controlled the website, which allowed the hijackers to steal information entered into all of the payment processing forms before they became encrypted. This means that even when consumers are shopping at a secure site, that website can be compromised on the server side, resulting in the data being stolen.

Other recent Internet hacks include companies that had been using outdated software, as well as a breach on Adobe's servers.

Companies Prefer Credit Cards
According to the research by Balance Innovations, the greater someone's age, the more likely he or she is to avoid using credit cards to pay for things. While 48 percent of millennials are confident about credit card security, baby boomers were only 30 percent confident. Perhaps this is a reflection of when credit card processing via digital software was first introduced and its safety hadn't yet been proven.

In general, 39 percent of respondents are "very confident" that credit cards are safe to use. Balance Innovations compared that number with food safety, of which 49 percent of consumers feel very confident.

Companies would rather their customers pay with credit cards than cash. Cash is more difficult to account for and to store. It is more time consuming for companies.

"Many consumers like to use cash because it's anonymous and carries little risk, but for retailers it can be very time consuming to manage and reconcile," Shelley Bosler for Balance Innovations said. "Increased usage of cash among consumers makes it all the more important for retailers to optimize cash processing policies at both the corporate and store levels."

Using cash may be an upward trend as consumers become even more aware of how unsafe shopping with credit cards can be.

Passport

 If you’ve had to go get a new passport lately, you have learned (like me) it’s no longer the easiest thing to prove that you’re you. If you’re a first-timer, you must show up in person with a birth certificate, at least one government-issued ID (two if it’s out of state), photocopies, forms and fees, and then wait your turn. If you lose your passport while traveling abroad, you’ve got to show up at an embassy or consulate with many of those forms in hand.

Worse yet, as highlighted by the recent news that two stolen passports were used by passengers aboard the missing Malaysia Airlines flight, your passport might well have as much, if not more, value to criminals here and abroad precisely because they are so difficult to obtain and increasingly hard to counterfeit.  that Interpol has 40 million lost or stolen passports in its database already (but that passengers boarded planes 1 billion times in 2013 without their passports being checked against that database).

So what can you do to keep your passport safe both before and after you travel?

(more…)

Sound off Google

Google’s Eric Schmidt didn’t exactly put our minds at ease when he spoke about the company’s improved encryption system in the aftermath of the NSA leaks.

Speaking at the South by Southwest festival in Austin, the tech giant’s executive chairman, said he’s improved its encryption system following the leak of classified data by former NSA contractor Edward Snowden.

(more…)

Retail point of sale

Businesses that are overly confident about the cybersecurity of their systems, believing they are adequately prepared for data breaches, may be putting their sensitive corporate and customer data at risk. Cyberattacks can impact businesses of all sizes around the globe, but the U.S. accounts for the majority data breach victims. Some of the most targeted industries include finance, retail and restaurants as well as manufacturing, transportation and utilities as criminals are looking for valuable information to exploit or sell.

When guarding their systems against attacks, companies should be aware of any security flaws and potential points of entry that may exist. These include, websites and e-commerce platforms in which cybercriminals may attempt to steal credentials, which is the leading method used to perpetuate breaches, accounting for 76 percent of data breaches.

(more…)

Univ Breach

When it comes to preparing for a data breach, higher learning institutions need to hit the books.

Case in point: at Indiana University, the University of Maryland and North Dakota University, which taken together exposed the personal information of 736,000 students, faculty and staff.

“The increasing frequency of data loss incidents at major learning institutions underscores the need for stronger data security standards,” Deena Coffman, chief executive officer at IDT911 Consulting.

(more…)