Tuesday, November 26, 2013

Consumers Rank Identity Theft the Second Highest Risk Factor

By Mark Pribish
Vice President & Identity Theft Practice Leader

According to InfoSecurity Magazine (please see here) ID thieves are getting more successful at leveraging stolen data for ill-gotten gains. Of the 16 million victims notified in 2012 that their payment card information was compromised in a data breach, more than 25% of them also suffered identity theft.

The above InfoSecurity article referenced a September 2013 Javelin Strategy & Research report titled Data at Rest is Data at Risk (please see here) which revealed that payment card and Social Security number data breach victims suffer the highest rates of related fraud, especially in the retail, financial and healthcare sectors.

ID Theft

Of the 16 million consumers receiving data breach notification letters, Javelin Strategy & Research highlighted the following:

  • 4.4 million consumers were notified that their payment card information was compromised resulting in ID Theft specific to their existing credit or debit cards.
  • 1.26 million consumers were notified that their Social Security numbers were compromised and became victims of identity theft.
  • 270,000 consumers were notified that their online banking credentials were compromised and experienced ID Theft related to their checking and savings accounts.
  • 324,000 consumers had their bank account numbers compromised and became ID Theft victims related to their checking, savings or other financial accounts.

Based on the above, it is easy to understand how consumers rank identity theft the second highest risk factor (just under financial concerns but more interestingly above health concerns and personal safety) as a significant consumer risk factor (please see here).

The Travelers Consumer Risk Index is a new, annual survey of the risks Americans believe are most prevalent in their lives.

For example, just a half of a generation ago, identity theft and distracted driving did not exist. On the other hand, some risks stand the test of time such as financial concerns.

While you can read the Travelers Consumer Risk Index report here (click to read) I have listed below the Top 5 Risks including:

  1. Financial Concerns and Risks - 68%
  2. Risk of Personal Privacy Loss/Identity Theft - 64%
  3. Risk of Serious Health Problem - 60%
  4. Personal Safety Concerns and Risks - 44%
  5. Extreme Weather/natural disasters - 43%

Whether you are an individual consumer or a small business owner, you need to think about new and old risks and how to be proactive in protecting yourself, your family and/or your small business.

Monday, November 25, 2013

Name Game Shame, Who's to Blame? Don’t be a victim to piracy by Merchants - SCAM CENTRAL

It takes a lot of effort to build a brand name and get your company the recognition it deserves. A name is everything. If customers are unable to remember the name of your company, you lose business to whomever they are able to remember. Creating a name for your company can take a great deal of thought. For example, a name like "Joe's Plumbing" is direct and helps to identify who owns the company and the type of business. However, potential customers may not find that name as appealing as "Tri-City Plumbing Services", which sound more official and professional. Both companies may very well offer the same level of quality service, but the names imply a different level of professionalism. Sometimes a name really does say it all.

Now imagine that after years of hard work building your brand image and becoming a household name that someone comes along and uses your company's name for their gain, without your consent. Commonly known as "hijacking", some unfortunate companies have already fallen victim to this piracy.

How It Works:

According to a recent Scam Alert from the Better Business Bureau (read article here), scammers are creating fake websites using real company names and logos to steal information, plant malware, capture credit card information, and even redirect traffic to another fake site to sell knockoff products. Perhaps even worse than that, these same scammers are even using real company names to order large and expensive items which are then sent to an address that is different from the real company's address. To add icing to the proverbial cake, the real business is stuck with the bill.

Your Defense:

The key to recovering from this type of scam is to first identify that your company name and brand is being used without your consent. The article from the Better Business Bureau lists some warning signs to help identify if your company has been the victim of a "hijacking":

  • You receive a request to verify orders you didn't place
  • You receive calls from someone trying to verify an address for your business that is not associated with your company
  • You receive invoices for storage or shipping services that you didn't place

If any of the above have already happened to you, it may already be too late. If they have not, you should consider regularly searching for your company on the internet. Using your favorite search engine, you might be able to identify sites masquerading as your company. You can also set up Google Alerts for your company name here http://www.google.com/alerts. Google Alerts will send you an email alert any time a keyword you provide (in this case your company name) is used on a webpage on any website that is crawled and/or cached by Google's search bots. Some alerts may be about your own company's website, but at least you will know it is yours, and not some scammer's site.

If your company has become a "hijacking" victim, gather as much information as you can and notify your local law enforcement agencies and file a complaint with the FTC (https://www.ftccomplaintassistant.gov/).

Wednesday, October 9, 2013

PC Performance - Paying the Price for "Free" Security Scans

Personal computers have certainly blessed our lives over the last few decades. Now personal computing devices, such as tablets and smart phones, are starting to change our lives again right before our eyes. Being able to complete papers for school or doing research, paying bills online, keeping in touch with family or friends all from the comfort of wherever you may be is a convenience that did not exist not too long ago. In the past, you could have easily used a typewriter for your papers and letters, but then you had to check your own spelling, and corrections were a bit tedious. You could also actually write checks and send them in the mail to pay your bills, but then you had to wait for the bill to be processed and the funds removed from your account. That process could sometimes take a few weeks. You may even get the next bill in the mail before they take out the funds for the last month's bill! Being able to see results instantaneously is what we have come to expect. We want results now.

For many, this experience is often hampered by slower and older computers or computing devices. Devices can slow down for numerous reasons: not enough storage space, not enough processing memory, out of date software, malware, viruses, etc. Conveniently, as you surf the internet, many websites seem all too eager to fix your computer's woes. These websites are smart enough to tell you that something is wrong with your system, even when you do not think there is. For a price, and sometimes free of charge, these sites will conduct a quick scan of your system and offer to fix those errors. The price you pay, however, may be far more than you intend, as your computing device may be left in even worse shape, or completely unusable.

How It Works:

When you visit a malicious website, an alert message may pop up and tell you that your system is infected with a virus or other malware, or that your system's performance may be increased by deleting old registry keys or temporary files that have piled up and are hogging up space. It sounds simple enough. You click on a button, install some quick scanning software program, and away you go. They will tell you what is wrong, and offer to fix it for you. You are on your way to computer bliss. That old system of yours will be spinning like a top in no time.

Scammers have developed clever ways to provide fake alert messages to scare you into thinking something is wrong with your system. This tactic of preying on a user's fear to install software to remove security threats is often referred to as "scareware" because the scammer scare the user into thinking something is wrong with their system and that they need to fix it as quickly as possible. Choosing to install the offered software may result in the installation of viruses, spyware or keyloggers, and your system may be left in an unusable state and you will then have to seek help from a real computer professional.

In another similar type of scam, the installed software will hold your system for ransom until you pay to fix the issue (known as "ransomware"). Choose not to pay the price, or ransom, and your computer will remain completely unusable.

Your Defense:

Never click on random popup windows. According to an article from the FTC Consumer website (see the article here) the best defense against this type of scare tactic is to not click anything other than the "x" in the upper-right corner of your browser window to close the browser itself. By clicking on any part of the popup message, you may inadvertently start the installation process and leave your system vulnerable.

The best way to avoid these malicious websites is to install a good, trustworthy internet security anti-virus software utility. There are many available with varying benefits and costs, some even free. Some of these helpful utilities have features that can even prevent you from visiting a known malicious website in the first place. More importantly, they provide real-time monitoring of all of your systems files in an effort to remove adware, spyware, ransomware, and any other viruses it can find. Schedule a nightly scan when you will not be on for several hours (a six-hour window is suggested) and let the system scan itself. If you need help finding the right utility for you, visit this site suggested by the FTC article (see the article here) and select the type of features you desire.

A good anti-virus and internet security software package is worth its weight in gold! Surf safe!

Tuesday, October 8, 2013

Are You Ready for October - National Cyber Security Awareness Month?

Whether you are an individual consumer or a small business owner, everyone needs to keep track of their Personally Identifiable Information (PII) and/or the PII of their small business customers and employees.

A great way for consumers and businesses to be proactive in protecting their information is to participate in the 10th Annual National Cyber Security Awareness Month (NCSAM) this October (read about it here).

NCSAM was created as a collaborative effort between government and industry to help consumers and businesses have the resources to be more safe and secure online.
National Cyber Security Awareness Month
That said, NCSAM is providing a different cybersecurity theme for each week in October including:

Week 1, October 1-6 Theme: 10 Years & Beyond: General Online Safety & STOP. THINK. CONNECT.
Week one is to raise online safety awareness among all Americans and reinforce the simple measures everyone should take to be safer and more secure online and their understanding that cybersecurity is a shared responsibility.

Week 2 October 7-13, Theme: Being Mobile: Online Safety & Security Week two highlights the need to maintain a focus on safety and security wherever and whenever we use the Internet.

Week 3: October 14-20, 2013 Theme: Cyber Education and the Next Generation of Cyber Leaders Week three highlights the importance of cyber education and workforce development, including the advancement and opportunities in Science, Technology, Engineering, and Math (STEM) education.

Week 4: October 21-27, 2013Theme: Cybercrime Week four will highlight how people can protect themselves against cybercrime and how to get help.

Week 5: October 28-31, 2013 Theme: Cybersecurity and Critical Infrastructure Week five highlights the need to take every step necessary to protect our critical infrastructure.

Unfortunately, the reality is that consumers and small business owners are challenged everyday by a constant barrage of attacks such as hacking, phishing, pharming, spoofing, caller ID spoofing, spyware, and more on their personal and financial privacy.

At the same time, consumers and small business owners have to be equally aware of the insider threat including family members, friends, and current/former employees and vendors.

While keeping track of where your PII is located can help protect your personal and small business information, there is no one company that can prevent any one individual from becoming a victim of ID Theft or from preventing a data breach of your personal or small business information.

In summary, consumer and small business identity theft can happen at anytime so take advantage of National Cyber Security Month to increase your education and awareness on how your PII and privacy can be compromised.