Quite a while ago, not long after the Target data breach, I wrote a detailed blog about the importance of the United States catching up to more than 80 other countries who already employ EMV security measures for their credit and debit cards. (EMV refers to “Europay, Mastercard, and Visa” or “Chip and PIN” technology.) Why so important? This one statistic should answer that question: Almost half of the world’s credit card fraud now happens in the United States —even though only a quarter of all credit card transactions happen here.
As a consumer, you should be glad of the change because you will be much better protected than with traditional magnetic stripe technology we’ve clung to for so long. EMV authentication includes a cryptographic message that makes each transaction unique. Having a card that is difficult to hack or duplicate and requires something YOU know (a PIN) will provide extra layers of protection.
How to Protect Your Lost Wallet or Purse against Identity Theft
In a panic that your lost wallet or stolen purse might lead to identity theft? Take a deep breath and then take the First 5 Steps to Stop ID theft. First, you need to understand that a lost wallet or purse is one of the most concentrated sources of identifying documents. For now, assume that your lost or stolen wallet or purse will be used to exploit your identity. Sometimes, even when your missing item shows up unexpectedly, the damage has already been done by a clever thief who is simply returning your valuables so that you don’t suspect further theft and shut down your accounts. Don’t take any changes. Instead, take these first five steps (adapted from my Identity Theft Recovery Guide):
Until Microsoft issues a security fix, I recommend discontinuing your use of Internet Explorer, regardless of version.
A Security Advisory released by Microsoft on April 26, states that the company is “aware of limited, targeted attacks that attempt to exploit a vulnerability” in Internet Explorer versions 6 through 11.
According to the release, the vulnerability would allow an attacker to host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.
Do you know that panicked feeling, sweaty-hot pins and needles…
when you realize that you’ve lost your wallet or mobile phone? Gone are your credit and debit cards, driver’s license and maybe even checks or a Social Security card. Your phone might house addresses and phone numbers for your loved ones, passwords and logins for your financial accounts, and even access to your email program (allowing someone else to email as you, let alone make calls as you). While the wallet might contain cash and the mobile phone is expensive, they are worth virtually nothing compared to the value of the sensitive (and sellable) data they contain.
You’ve probably heard that instead of signing the back of your credit card, you can protect yourself by putting the words “Photo ID required” or “See photo ID”. So we went out to test this method to see if it actually gets people to do that. I presented my card at various shops (sporting goods stores, frozen yogurt stands, fast food joints…) and filmed the transactions. In this small sampling, I found five who did not ask for my ID and six that did.
I wonder if you can guess what the difference is between the people who didn’t ask for my ID and the ones who did. The answer? I had written “Photo ID Req’d.” on the FRONT of my card (in several places, in fact) in the cases where it was requested and only on the back where it was not.
My guess is that you feel pretty comfortable banking online, at least from your computer, if not yet on your mobile device. I do too, despite all of the hackers out there trying to intercept our bank account numbers and passwords. Most of us are at ease because of the little lock symbol that appears before the URL when we visit our bank (or Gmail, Yahoo, and so forth). That lock symbol means that our communication is encrypted (digitally scrambled) by a standard called OpenSSL. Over time, SSL has proven to be relatively safe.
Just this week, however, it was discovered that OpenSSL was hacked using a vulnerability known as the Heartbleed Bug. Jeremy Bowers, as interviewed on NPR, put eloquently (emphasis mine):
Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:
Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk. So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.
Here’s how it works:
You are on what looks like the real Netflix home page. You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”. You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.
If you call this number, a real live human being answers sounding much like a real typical tech support person. They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code. This then allows them to remotely access your computer.
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!