My guess is that you feel pretty comfortable banking online, at least from your computer, if not yet on your mobile device. I do too, despite all of the hackers out there trying to intercept our bank account numbers and passwords. Most of us are at ease because of the little lock symbol that appears before the URL when we visit our bank (or Gmail, Yahoo, and so forth). That lock symbol means that our communication is encrypted (digitally scrambled) by a standard called OpenSSL. Over time, SSL has proven to be relatively safe.
Just this week, however, it was discovered that OpenSSL was hacked using a vulnerability known as the Heartbleed Bug. Jeremy Bowers, as interviewed on NPR, put eloquently (emphasis mine):
Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:
Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk. So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?
The answer is so simple that you probably won’t believe it.
How do the world’s most powerful, wealthy and well connected people keep their lives more private than the average American?
Former President Jimmy Carter recently revealed one of two truely non-secret tactics that get completely overlooked because of their simplicity: snail mail. When asked about NSA surveillance by NBC’s Andrea Mitchell, Carter responded:
“As a matter of fact, you know, I have felt that my own communications were probably monitored, and when I want to communicate with a foreign leader privately, I type or write the letter myself, put it in the post office and mail it,” Carter said.
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
Do you ever delete the words you type on Facebook before you hit post?
Have you ever started to type a status update that you thought was hilarious…until you realized your boss might not appreciate your 8th-grade humor? So what’d you do? You quickly hit the delete key and watched your comment disappear forever, right? Not exactly.
What if you are ready to make a snarky comment to Greg, the upperclass jerk who stole your high school girlfriend (and is about to get a divorce, ha ha), but decide to take the high road just before hitting the “post” button and instead, wish him well on his pending journey of love (despite the fact that it’s bound to fail)?
No harm done, right? You never hit the post button, so no one ever saw it! Well, it turns out that’s not quite how it works in Facebook Land.
The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.
Here’s how it works:
You are on what looks like the real Netflix home page. You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”. You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.
If you call this number, a real live human being answers sounding much like a real typical tech support person. They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code. This then allows them to remotely access your computer.
What happens when a spy agency spies on the Congressional body that was created to keep spying in check in the first place? What are the implications of the CIA spying on the Senate?
That is exactly what Sen. Dianne Feinstein, D-Calif., head of the Senate Intelligence Committee, asserts has happened. In a scathing address to the Senate, Feinstein, who has been a strong advocate of the intelligence community in the past, accused the Central Intelligence Agency (CIA) of violating “the separation of powers principles embodied in the United States Constitution including the Speech and Debate clause”.
This accusation stems from an agreement between the committee and the agency to allow committee aides to review millions of confidential documents related to the post 9/11 Bush administration detention program for handling terror suspects. In the process of reviewing these documents, staffers came across an internal review of the agency’s practices. When the CIA became aware of this, Feinstein claims they searched the network — including the committee’s internal network — and removed the documents.
I’ll keep this one about the target breach really short and simple. It’s really just a follow up to the blog I wrote about whether Target and other retailers should invest the money to adopt new technology to preventatively fight fraud. In that blog I asked the question: “Is it worth $100 million to implement chip and PIN technology?” And my answer was a resounding, “YES!”
Just in case anyone needs any more evidence, take a look at Target’s earnings report that was released in February. Target reports that its net earnings were down $520 million in the fourth quarter, down 46 percent from the same period a year earlier. In a huge understatement, Gregg W. Steinhafel, Target’s chief executive, said, “Results softened meaningfully following our December announcement of a data breach.”
Today I served as the keynote identity theft speaker for the Fort Worth Speakers Foundation, here in balmy Texas (well, compared to Montana, where I spoke last week). After the main presentation, I fielded a range of questions on all topics. One woman asked me this: “At what point is fraud committed as a by product of the Target breach no longer Target’s fault?” The question was highly intelligent and the answer is very revealing.
When word got out about the massive security breach that occurred at Target in December of 2013, and which could wind up being the largest in U.S. history, many speculated that shoppers would dramatically change their habits. After all, nearly 1 out of 3 Americans were affected.
But a recent poll conducted by the Associated Press shows that our intentions don’t necessarily match our actions. The AP-GfK Poll, which was conducted in January and involved interviews with 1,060 adults, shows that the majority of Americans polled say they fear becoming victims of theft after the breach.
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!
Equifax Data Breach Protection Tips
Beware Disaster Scams in the Wake of Hurricane Harvey
Trump Russia Investigation Update: Did Campaign HELP Russians Plot Disinformation Strategy?
Is Russian Hacking of U.S. Nuclear Power Plants a Reality?
Cyber Security Experts: NotPetya isn’t Ransomware – It’s Cyber Warfare
Investigate Russian Hacking for Security, Not Politics (and get on with governing)
Identity Theft Services: Is ID Theft Monitoring Worth the $$$?
Internet Privacy Expert Reviews DuckDuckGo Private Search Engine
Stop Check Fraud with Security Checks
The answer is so simple that you probably won’t believe it.
It’s no surprise that identity theft once again tops the 
Self-censorship on Facebook
The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a 
I’ll keep this one about the target breach really short and simple. It’s really just a follow up to the 
Today I served as the keynote identity theft speaker for the Fort Worth Speakers Foundation, here in balmy Texas (well, compared to Montana, where I spoke last week). After the main presentation, I fielded a range of questions on all topics. One woman asked me this: “At what point is fraud committed as a by product of the Target breach no longer Target’s fault?” The question was highly intelligent and the answer is very revealing.
