I've posted before on social networking sites and how people can become victims of identity theft by revealing too much online. It seems now the site hit most with identity theft is the most popular site, MySpace. MySpace users are now being hit by a band of identity thieves who are stealing user names, passwords and personal information and using them dishonestly. Many users are being spammed with junk emails and links to certain sites or being impersonated online.
While being impersonated online can be a serious pain to remedy, this isn't the most damaging problem. Personal information is being stolen, and identity thieves are accessing data on users' personal computers. According to this article, thieves are using different methods of to commit their crimes. One popular one is providing a link to download a media player or another kind of file, and when the user does this, a worm is installed on his/her computer.
NewsCorp, parent company of MySpace, is reportedly taking steps to slow down the identity theft, but MySpace users continue to be attacked. I can't emphasize this enough. Take extra precautions when using MySpace. It can be fun and safe if you are careful. Have a look at my former post and take the suggested precautions. Not everyone on the web is willing to play nice. Be safe.
Wednesday, December 27, 2006
Thursday, December 21, 2006
Dumpster Diver Charged With Identity Theft of Almost 90 MLB players
Some identity thieves go for the average consumer, preferably someone with good enough credit to make it worth their while. Others may go for those with deeper pockets. This one seems to have set the bar a bit higher. Police in Lake County outside Chicago found the personal information of almost 90 current and retired Major League Baseball players in the home of David Dright.
The information is believed to have come from trash bins of SFX Baseball Inc., a sports agency that represents major and minor league baseball players headed by Pat Rooney and Fern Cuza. The information he recovered includes dates of birth, Social Security numbers, canceled paychecks, and infant death records. The evidence was found in Dright's apartment after someone reported that Dright stole his identity. Whether any of the players have been affected is being investigated, but potential victims are being contacted.
Remember: Anyone can be a victim of identity theft. I hope this will be a lesson to SFX to be more careful when handling client data. These players trust this company, so their information should be treated with more care. I suppose I shouldn't be surprised by the careless practices of such companies. Reminder number two: Shred those documents before throwing them away.
The information is believed to have come from trash bins of SFX Baseball Inc., a sports agency that represents major and minor league baseball players headed by Pat Rooney and Fern Cuza. The information he recovered includes dates of birth, Social Security numbers, canceled paychecks, and infant death records. The evidence was found in Dright's apartment after someone reported that Dright stole his identity. Whether any of the players have been affected is being investigated, but potential victims are being contacted.
Remember: Anyone can be a victim of identity theft. I hope this will be a lesson to SFX to be more careful when handling client data. These players trust this company, so their information should be treated with more care. I suppose I shouldn't be surprised by the careless practices of such companies. Reminder number two: Shred those documents before throwing them away.
Sunday, December 17, 2006
Secret Chat Rooms for Identity Thieves
Have you ever wondered how so many identity thieves obtain the information necessary to take over someone's finances. Sure, many will do the foot work using the methods I've discussed earlier such as mail theft, phishing scams, card skimmers, dumpster diving, etc. However, it isn't always necessary to go to that kind of trouble when you can use the information someone else has obtained and sold. There are online communities that do just that. Sell identities.
There are online message boards and chat rooms where social security numbers, birth dates, credit card numbers, and bank account details are exchanged. These websites are nearly impossible for the even the most savvy of web users to find, but they exist with hackers selling identifying information amongst one another. A skilled identity thief can cost a victim thousands of dollars while only being charged a few dollars for a credit card number.
While this is obviously disturbing, it doesn't surprise me. Identity theft becomes easier with our current technology. So those collecting more information than they can use will gladly pass it along for a few extra dollars, and entire underground communities are doing this. It makes me hope my information is being sold on these sites.
There are online message boards and chat rooms where social security numbers, birth dates, credit card numbers, and bank account details are exchanged. These websites are nearly impossible for the even the most savvy of web users to find, but they exist with hackers selling identifying information amongst one another. A skilled identity thief can cost a victim thousands of dollars while only being charged a few dollars for a credit card number.
While this is obviously disturbing, it doesn't surprise me. Identity theft becomes easier with our current technology. So those collecting more information than they can use will gladly pass it along for a few extra dollars, and entire underground communities are doing this. It makes me hope my information is being sold on these sites.
Thursday, December 14, 2006
Boeing Laptop Theft Puts Thousands at Risk
Company laptop thefts are usually the result of carelessness on the part of the employee. This was the case with the latest Boeing laptop theft. The laptop was stolen earlier this month when an employee left it unattended. The stolen laptop contained the names, addresses, and Social Security numbers of 382,000 current and former Boeing employees, leaving these people at risk of identity theft.
A Boeing spokesman insisted that the laptop was turned off at the time of the theft, and required a password to access files so the information could not be accessed easily. How comforting is that for current and former Boeing employees? It wouldn't be enough for me, and the company is taking the necessary steps for those who feel the same way. Boeing has not only contacted those whose information may be compromised but also offered them credit monitoring for the next three years. Boeing has not said whether or not disciplinary action has been taken against the employee in question (I'd hope they are).
However, the most disturbing thing about it is that this is not the first such occurrence from Boeing in recent years, but the third. This is obvious carelessness. Employees handling sensitive information need to be trained in proper security procedures and punished when these procedures are not followed.
A Boeing spokesman insisted that the laptop was turned off at the time of the theft, and required a password to access files so the information could not be accessed easily. How comforting is that for current and former Boeing employees? It wouldn't be enough for me, and the company is taking the necessary steps for those who feel the same way. Boeing has not only contacted those whose information may be compromised but also offered them credit monitoring for the next three years. Boeing has not said whether or not disciplinary action has been taken against the employee in question (I'd hope they are).
However, the most disturbing thing about it is that this is not the first such occurrence from Boeing in recent years, but the third. This is obvious carelessness. Employees handling sensitive information need to be trained in proper security procedures and punished when these procedures are not followed.
Tuesday, December 12, 2006
Security Breach at UCLA
Your information is only as safe as the databases it's kept in. You can take every precaution to secure your private information, but if there is a security breach at your job, bank, school, etc., you are still at risk. As I've said in the past, everyone is a potential identity theft victim. The best we can do is secure things at our end and try to minimize the damage if we are hit by identity thieves.
Most companies and institutions are aware of the sensitivity of customer and employee data and take precautions to keep this information out of the wrong hands. Unfortunately, they are not always successful (as we know from my insider identity theft post). The most recent breach was detected at UCLA. A hacker has gained access to a restricted UCLA database containing names and personal information of current and former students, faculty and staff, applicants for financial aid, and more. UCLA is notifying those who have information in that database and are investigating how much information the hacker gained and whether or not it has been fraudulently used. They have set up a website for those who were in the database as well as anyone else who feels they have been affected by this breach, and they recommend certain precautions be taken to protect one's credit.
While this is definitely not a positive thing, UCLA seems to be handling it properly. Notifying potential victims and recommending security precautions, such as placing a fraud alert on one's credit report to prevent or at least minimize fraudulent accounts being opened, is a good way to keep consumers' trust despite security issues. Now, let's see if they can take the precautions to prevent this from happening again.
If you are a current or former student of UCLA or think your name may have been in this database, check out this site.
Most companies and institutions are aware of the sensitivity of customer and employee data and take precautions to keep this information out of the wrong hands. Unfortunately, they are not always successful (as we know from my insider identity theft post). The most recent breach was detected at UCLA. A hacker has gained access to a restricted UCLA database containing names and personal information of current and former students, faculty and staff, applicants for financial aid, and more. UCLA is notifying those who have information in that database and are investigating how much information the hacker gained and whether or not it has been fraudulently used. They have set up a website for those who were in the database as well as anyone else who feels they have been affected by this breach, and they recommend certain precautions be taken to protect one's credit.
While this is definitely not a positive thing, UCLA seems to be handling it properly. Notifying potential victims and recommending security precautions, such as placing a fraud alert on one's credit report to prevent or at least minimize fraudulent accounts being opened, is a good way to keep consumers' trust despite security issues. Now, let's see if they can take the precautions to prevent this from happening again.
If you are a current or former student of UCLA or think your name may have been in this database, check out this site.
Tuesday, December 05, 2006
Password Habits and Identity Theft
For many products and services we buy or use on the web, registration is required, and we create a user name and password for each account. This is done for security purposes, so others can't purchase goods and services with your account or access your email. How secure are your passwords? Is it a word that could easily be guessed or associated with you? We tend create passwords that will be easy for to remember, which makes perfect sense, but it shouldn't be easy for someone else to guess or figure out. For instance, don't use your login name as your password, or easy to guess number sequences like "12345." Also avoid using any part of your name or your birthday. The digits of your passwords should include both letters and numbers, and they should be changed regularly. If your password can be easily guessed, you are at greater risk of becoming an identity theft victim.
Another common password habit we often develop is using the same password for multiple purposes. Once again, it seems convenient since it would be a royal pain to have to remember dozens of different passwords for all of the purposes we need them for. But how does this help your online security? Once your password is cracked, an identity thief can log into any or all of your accounts. According to a report published by the International Telecommunications Union, more and more people continue to use the same passwords for different accounts, and in doing so, putting themselves at greater risk of identity theft.
Sure, varying our passwords might seem inconvenient, but it is definitely worth the extra effort. Also, it might be a good idea for companies to do their part to prevent identity theft by coming up with another way to verify a user's identification.
Another common password habit we often develop is using the same password for multiple purposes. Once again, it seems convenient since it would be a royal pain to have to remember dozens of different passwords for all of the purposes we need them for. But how does this help your online security? Once your password is cracked, an identity thief can log into any or all of your accounts. According to a report published by the International Telecommunications Union, more and more people continue to use the same passwords for different accounts, and in doing so, putting themselves at greater risk of identity theft.
Sure, varying our passwords might seem inconvenient, but it is definitely worth the extra effort. Also, it might be a good idea for companies to do their part to prevent identity theft by coming up with another way to verify a user's identification.
Monday, December 04, 2006
LimeWire and Identity Theft
There's been a great deal of talk lately about peer-to-peer file sharing and identity theft. The reason, as you may have heard, is popular file sharing network LimeWire having recently been used to access files on users computers and open fraudulent accounts with this information. On Friday, eight people were indicted fo using LimeWire to help with their identity theft ring. The three key players, Michael Sarrasin, Shawn Adams and Tamara Stesneyr, were indicted on November 30 on 115 charges. They allegedly accessed personal account information of LimeWire users and used the information to open fraudulent accounts at Denver banks. The victims' losses are estimated at about $70,000.
Now, I'm not going into my thoughts on peer-to-peer file sharing (that's not what this blog is for), but we all know our computers and the data on them become more vulnerable when we go online, which is why we have all our anti-virus software and firewall. However, when you participate in peer-to-peer networks such as LimeWire, you give other users access to certain data on your computer (supposedly the folders designated for it), and you may want to take extra precautions to protect sensitive data. Encryption programs like PGP and TrueCrypt are recommended.
I'm not going to tell people what to do online, but I will tell you to protect your private information.
Now, I'm not going into my thoughts on peer-to-peer file sharing (that's not what this blog is for), but we all know our computers and the data on them become more vulnerable when we go online, which is why we have all our anti-virus software and firewall. However, when you participate in peer-to-peer networks such as LimeWire, you give other users access to certain data on your computer (supposedly the folders designated for it), and you may want to take extra precautions to protect sensitive data. Encryption programs like PGP and TrueCrypt are recommended.
I'm not going to tell people what to do online, but I will tell you to protect your private information.
Subscribe to:
Posts (Atom)