Information Armor » id theft

Anti-Phishing Procedure for Email

root — Tue, 16 Feb 2010 16:16:55 +0000

I saw something like this on the Internet and I do want to give credit to where credit is due, but I cannot remember where I found this. We have recreated it for businesses.

Please see the following flowchart for procedures on anti-phishing for email.

Why Strong Passwords Are Important

root — Wed, 10 Feb 2010 15:52:03 +0000

Most systems out in the world are secure. Very secure. Thousands of administrators and technical personnel apply patches and configurations to millions of systems throughout the world on a daily basis. In August 2009, someone hacked into Google, but not through a technical vulnerability within the Google infrastructure.

A hacker found a personal email account. Similar to the Sarah Palin Yahoo! account hack, the hacker researched social networking sites to find the answers to the “secret question” required to reset the account’s password. In going through the emails in the account, the hacker apparently found the password used for Twitter which was linked to Google.

Therefore, when you are asked secret questions while setting up an account, do not use your mother’s maiden name when asked for your mother’s maiden name. Use nicknames for your mother’s maiden name or question if you really need to have that account created.

The safety of our information at work requires us all to have separate passwords from those in our personal lives. If you have separate passwords for your MySpace and your Online Banking, then great! If your logon to Yahoo! email and your work account are different, then congratulations! You are practicing safe computing!

Identity Theft – Protect Yourselves
Here is a list of ways you can stop identity theft from happening to you:

Destroy private records and statements. Tear up — or, if you prefer, shred — credit card statements, solicitations and other documents that contain private financial information.
Secure your mail. Empty your mailbox quickly, lock it or get a P.O. box so criminals do not have a chance to snatch credit card pitches. Never mail outgoing bill payments and checks from home. They can be stolen from your mailbox and the payee’s name erased with solvents. Mail them from the post office or another secure location.
Safeguard your social security number. Never carry your card with you, or any other card that may have your number, like a health insurance card. And do not put your number on your checks. It’s the primary target for identity thieves because it gives them access to your credit report and bank accounts.
Don’t leave a paper trail. Never leave ATM, credit card or gas station receipts behind.
Never let your credit card out of your sight. Worried about credit card skimming? Always keep an eye on your card or, when that’s not possible, pay with cash.
Know who you’re dealing with. Whenever anyone contacts you asking for private identity or financial information, make no response other than to find out who they are, what company they represent and the reason for the call. If you think the request is legitimate, contact the company yourself and confirm what you were told before revealing any of your personal data.
Take your name off the marketers’ hit lists. In addition to the national Do-Not-Call registry (1-888-382-1222), you can also cut down on junk mail and opt out of credit card solicitations.
Be more defensive with personal information. Ask salespeople and others if information such as a Social Security or driver license number is absolutely necessary. Ask anyone who does require your Social Security number — for instance, your insurance company — what their privacy policy is and whether you can arrange for the organization not to share your information with anyone else.
Monitor your credit report. Obtain and thoroughly review your credit report, now available for free at Annualcreditreport.com or by calling (877) 322-8228, at least once a year to look for suspicious activity. If you spot something, alert your card company or the creditor immediately. You may also want to subscribe to a credit protection service, like Experian’s CreditCheck, which alerts you any time a change takes place with your credit report.
Review your credit card statements carefully. Make sure you recognize the merchants, locations and purchases listed before paying the bill. If you don’t need or use department-store or bank-issued credit cards, consider closing the accounts.

Some News

root — Mon, 11 Jan 2010 15:47:24 +0000

Security Risks at Fake ATM Machines
Fake ATM machines are not new, but awareness of them is. Have you ever gone into a locally owned gas station that has a small ATM sitting in the corner near the chocolate bars? Not all of them are real. They read card information, allow the person to enter their PIN, display a dummy message saying that the transaction cannot be completed at this time. All the while, it’s harvesting all the cards information to be used at a later time. Some fake ATM machines even have a camera to capture a photo to associate with the card information. We need to pass this information along among ourselves, our families, our friends and our customers. Captured information can be used to recreate a complete identity along with a bank account with funds in it.

Some good news … Albert Gonzalez, the Miami man who stole and resold 170 million cards and ATM numbers, has pleaded guilty and is awaiting sentencing in March.

Increases in Phishing Attacks
Identity theft is expected to increase again this year. With the bad economy in 2009 came a huge reduction in the workforce. Many of those who were unemployed invested in starting online businesses to make ends meet. These unskilled “webmasters” may have great ideas, but many are uneducated in privacy and security leaving identifiable information out there for criminal minds with access to the Internet. Names, addresses, phone numbers, notes on prospective clients all are jumping off points for spear phishing attacks.

There were many phishing attacks against financial institutions in 2009, about a 600-percent increase over phishing attacks in 2008. Spear phishing is becoming more popular as hackers target businesses where an attacker can access business accounts and initiate money transfers via wires or ACH to steal large sums of money at once or over time.