Some details on how the Target data breach occurred as well as insight into how and where this type of information is traded and sold in bulk and very quickly:
http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
Sunday, December 22, 2013
Smart phones
An article to get started on smart phones and what value they provide to an Identity Thief:
http://www.aarp.org/money/scams-fraud/info-12-2012/protecting-your-new-smartphone.html
This is a great reminder that there are multiple types of Identity Theft.
This article from the ACLU illustrates how "The type of data stored on a smartphone can paint a near-complete picture of even the most private details of someone’s personal life."
https://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light
"The astonishing amount of personal data police can extract from your smartphone" is based on the ACLU article above but has some good commentary of it's own:
http://www.thestar.com/news/world/2013/02/27/the_astonishing_amount_of_personal_data_police_can_extract_from_your_smartphone.html
http://www.aarp.org/money/scams-fraud/info-12-2012/protecting-your-new-smartphone.html
This is a great reminder that there are multiple types of Identity Theft.
This article from the ACLU illustrates how "The type of data stored on a smartphone can paint a near-complete picture of even the most private details of someone’s personal life."
https://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light
"The astonishing amount of personal data police can extract from your smartphone" is based on the ACLU article above but has some good commentary of it's own:
http://www.thestar.com/news/world/2013/02/27/the_astonishing_amount_of_personal_data_police_can_extract_from_your_smartphone.html
Gift Card Fraud
I have been involved with professional training from a major retailer that described how thieves will photograph gift card data from cards before they are sold and then use that information to cheat the buyer of the gift card once it is activated.
This article discusses a very similar procedure:
http://www.nw3c.org/news/article/Fulltext/2013/11/28/department-store-gift-card-scam
An excerpt:
"Criminals steal gift cards from store racks before any money has been added to them and then use an electronic card reader/writer to copy the information from one gift card to another, making an identical copy. Then they take the card back to the store for unsuspecting customers to purchase. Once money is added to the card, the criminal can then go on a shopping spree with someone else’s money."
If "78 percent of retailers have been victims of gift-card fraud" how does that translate to customers? This article explains some of the issues facing retailers:
This article discusses a very similar procedure:
http://www.nw3c.org/news/article/Fulltext/2013/11/28/department-store-gift-card-scam
An excerpt:
"Criminals steal gift cards from store racks before any money has been added to them and then use an electronic card reader/writer to copy the information from one gift card to another, making an identical copy. Then they take the card back to the store for unsuspecting customers to purchase. Once money is added to the card, the criminal can then go on a shopping spree with someone else’s money."
If "78 percent of retailers have been victims of gift-card fraud" how does that translate to customers? This article explains some of the issues facing retailers:
Krebs Skimming posts
Krebs On Security has an excellent variety of posts about Skimmers which are a method to obtain information for use in Bank Fraud, Credit Card Fraud and Financial Identity Theft:
http://krebsonsecurity.com/all-about-skimmers/
http://krebsonsecurity.com/all-about-skimmers/
Saturday, December 21, 2013
Wealth Managers Hacked
Fascinating example of how it doesn't matter how careful you are with your Identity or Finances, other people have been entrusted with it and if they are the weakest link in your Identity chain then that is where you can most easily be compromised.
A quote "EJ Hilbert, a former FBI counter-terrorist who was appointed head of Kroll’s cyber investigations this summer told the Financial Times: ‘It’s scary. Wealth managers are being used to get millions of dollars."
The article
http://citywire.co.uk/wealth-manager/cyber-criminals-hack-into-wealth-managers-to-steal-millions/a724488#!
A quote "EJ Hilbert, a former FBI counter-terrorist who was appointed head of Kroll’s cyber investigations this summer told the Financial Times: ‘It’s scary. Wealth managers are being used to get millions of dollars."
The article
http://citywire.co.uk/wealth-manager/cyber-criminals-hack-into-wealth-managers-to-steal-millions/a724488#!
Saturday, December 14, 2013
Holidays and Identity Theft
The Fall Holiday Season is also known as "Identity Theft Season." In some circles at least.
10 Reasons related to why consumers are particularly vulnerable to identity theft during the holidays because many relax their guard and substantially increase the exposure of their financial information:
http://www.huffingtonpost.com/adrian-nazari/10-reasons-identity-theft_b_2289723.html
Tips on Protecting Your Identity During the Holidays include not letting your credit card out of sight and getting a credit monitoring service. It also mentions photocopying your credit cards but I suggest you copy the contents of your purse or wallet in case you loose it and need to know what to report as stolen, missing or in need of replacement:
http://www.rethinkingdebt.org/news/preventing-identity-theft-during-the-holidays
10 great tips from the LA Times include not buying gift cards except from a person who sells you one from behind a counter:
http://www.rethinkingdebt.org/news/preventing-identity-theft-during-the-holidays
10 Reasons related to why consumers are particularly vulnerable to identity theft during the holidays because many relax their guard and substantially increase the exposure of their financial information:
http://www.huffingtonpost.com/adrian-nazari/10-reasons-identity-theft_b_2289723.html
Tips on Protecting Your Identity During the Holidays include not letting your credit card out of sight and getting a credit monitoring service. It also mentions photocopying your credit cards but I suggest you copy the contents of your purse or wallet in case you loose it and need to know what to report as stolen, missing or in need of replacement:
http://www.rethinkingdebt.org/news/preventing-identity-theft-during-the-holidays
10 great tips from the LA Times include not buying gift cards except from a person who sells you one from behind a counter:
http://www.rethinkingdebt.org/news/preventing-identity-theft-during-the-holidays
IRS and Identity Theft
Tax refund ID Theft is growing epidemic:
"More Americans' identities were stolen in tax refund crimes in the first six months of 2013 than in all of 2012, said an Internal Revenue Service watchdog on Thursday who described the problem as "a growing epidemic."Tax refund fraud has exploded in recent years. Scammers typically use stolen names and Social Security numbers to file phony electronic tax forms for IRS refunds."
http://www.nbcnews.com/business/tax-refund-id-theft-growing-epidemic-irs-watchdog-8C11557603
The IRS provides advice and resources including an affidavit on the following sites:
http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft
http://www.irs.gov/uac/Protect-Yourself-from-Identity-Theft-1
$3.6 Billion paid to Identity Theives via fraudulent refunds, down from $5.2 Billion
http://money.cnn.com/2013/11/07/pf/taxes/irs-fraud/
"More Americans' identities were stolen in tax refund crimes in the first six months of 2013 than in all of 2012, said an Internal Revenue Service watchdog on Thursday who described the problem as "a growing epidemic."Tax refund fraud has exploded in recent years. Scammers typically use stolen names and Social Security numbers to file phony electronic tax forms for IRS refunds."
http://www.nbcnews.com/business/tax-refund-id-theft-growing-epidemic-irs-watchdog-8C11557603
The IRS provides advice and resources including an affidavit on the following sites:
http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft
http://www.irs.gov/uac/Protect-Yourself-from-Identity-Theft-1
$3.6 Billion paid to Identity Theives via fraudulent refunds, down from $5.2 Billion
http://money.cnn.com/2013/11/07/pf/taxes/irs-fraud/
Obamacare and Identity Theft
My general thought on Obamacare is that illegal workers needed a job to get healthcare in your name before, now with your credentials they can just go online and get it without needing a job. If they work for cash... they can now just go online and get healthcare without having to bother to report to work somewhere or apply for a job.
Along that line, if someone qualifies for a subsidy and gets healthcare using your identity, whom do you think the IRS will ask to pay that back when it turns out you don't qualify for the subsidy when you file your own, accurate tax return?
A few links from around the web with some relevant excerpts:
How Obamacare Makes Theft Of Your Identity More Likely
"Stealing a medical identity is more lucrative than other kinds of identity theft."
http://www.forbes.com/sites/realspin/2013/08/25/how-obamacare-makes-theft-of-your-identity-more-likely/
St. Louis woman has Identity Compromised at Healthcare.gov including her Account, Address, Social Security Number
https://www.youtube.com/watch?v=DmEddTNWc_8
This article relates most directly to what I've said and have been thinking
"The risks of potential identity theft are very real, and 13 attorneys general have expressed deep concerns about the security of the exchanges’ information."
http://www.nationalreview.com/article/361946/top-ten-obamacare-disasters-come-grace-marie-turner/page/0/1
Along that line, if someone qualifies for a subsidy and gets healthcare using your identity, whom do you think the IRS will ask to pay that back when it turns out you don't qualify for the subsidy when you file your own, accurate tax return?
A few links from around the web with some relevant excerpts:
How Obamacare Makes Theft Of Your Identity More Likely
"Stealing a medical identity is more lucrative than other kinds of identity theft."
http://www.forbes.com/sites/realspin/2013/08/25/how-obamacare-makes-theft-of-your-identity-more-likely/
St. Louis woman has Identity Compromised at Healthcare.gov including her Account, Address, Social Security Number
https://www.youtube.com/watch?v=DmEddTNWc_8
This article relates most directly to what I've said and have been thinking
"The risks of potential identity theft are very real, and 13 attorneys general have expressed deep concerns about the security of the exchanges’ information."
http://www.nationalreview.com/article/361946/top-ten-obamacare-disasters-come-grace-marie-turner/page/0/1
The 5 types of Identity Theft
Here is an article on the 8 Types of Identity Theft which Jake enumerates as
http://idtheft.about.com/od/Basics/a/The-8-Types-Of-Identity-Theft.htm
I will write more on this later and maybe just update this post. There are really 5 Basic Types that lead to 10 or 11 common manifestations.
The 5 Basic Types of Identity Theft are:
http://www.shrm.org/LegalIssues/FederalResources/Pages/EmployersFaceLiabilityforFiveKindsofIdentityTheft.aspx
The 10 or 11 Common Types of Identity Theft therefore and what the Basic Type they are based on are:
“Identity Theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.”
I also read an article from Kroll that I can not share... that added "or to conceal the thief's true identity."
Perhaps more on this later.
- Financial
- Insurance
- Medical
- Criminal
- Driver's License
- Social Security
- Synthetic
- Child
http://idtheft.about.com/od/Basics/a/The-8-Types-Of-Identity-Theft.htm
I will write more on this later and maybe just update this post. There are really 5 Basic Types that lead to 10 or 11 common manifestations.
The 5 Basic Types of Identity Theft are:
- Driver's License
- Character/Criminal
- Medical
- Social Security
- Financial
http://www.shrm.org/LegalIssues/FederalResources/Pages/EmployersFaceLiabilityforFiveKindsofIdentityTheft.aspx
The 10 or 11 Common Types of Identity Theft therefore and what the Basic Type they are based on are:
- Financial (Financial)
- Insurance (Financial/Medical)
- Medical (Medical)
- Criminal (Character/Criminal)
- Driver's License (Driver's License)
- Social Security (Social Security)
- Synthetic (Combination from the 5)
- Child (Any of the Basic 5 from a Minor)
- Business (Usually Financial but based on a Federal Tax ID, not an SSN)
- Deceased (Any of the Basic 5 from a Deceased person)
- Cloning (Combination of Character/Criminal and another type thus impersonating the victim)
“Identity Theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.”
I also read an article from Kroll that I can not share... that added "or to conceal the thief's true identity."
Perhaps more on this later.
College Students at High Risk for Identity Theft
A story from Austin, TX new station KXAN on the BBB, college students, and identity theft.
Some good tips but it mentions that you should look for "https://" for a secure website when shopping online but then also tells the story of someone who put in credit card info for a purchase on a completely fake website.
http://www.kxan.com/news/local/austin/college-students-most-prone-to-id-theft
You need a plan to mitigate damages when they happen. There is no way to avoid a determined ID thief particularly when your info is captured as collateral damage or incidentally.
Some good tips but it mentions that you should look for "https://" for a secure website when shopping online but then also tells the story of someone who put in credit card info for a purchase on a completely fake website.
http://www.kxan.com/news/local/austin/college-students-most-prone-to-id-theft
You need a plan to mitigate damages when they happen. There is no way to avoid a determined ID thief particularly when your info is captured as collateral damage or incidentally.
Subscribe to:
Posts (Atom)
Welcome
Welcome to my blog. The primary purpose of this Blog is to provide links to source material that I may have quoted in a presentation or training or researched in answer to a question I have been asked.
I hope this site helps you share this information with others and/or conduct your own research. Please contact me with any questions. Thank you for visiting.