Nov 28 2022

What is an Identity Verification Service and How Does it Work?

Category: Identity TheftDISC @ 10:57 am

In an increasingly technologically-based world, being certain of precisely who you are speaking to or doing business with can be tricky. Identity verification is an important step in most online transactions that concern money or sensitive information and services, but it can also be used during recruitment processes as a part of a background check. 

This article will explain what an identity verification service is, why they are useful, and how they work.

What is an Identity Verification Service?

An identity verification service is a process by which the information and identity provided by an individual is investigated and found to be true or false. These comprehensive online services are based on the traditional identity verification processes used in banks and other financial institutions when new accounts are opened. 

Technological services are more robust and comprehensive in their verification methods, however. The point of this process is to check and verify that the person applying for an account or service is being honest and upfront about who they are.

Why Use an Identity Verification Service?

While you can find arrest history with a universal background check (as well as other crucial information), the ability to complete a background check of any kind requires correct information about an individual.

Using an identity verification service enables you to confirm that you are performing a background check on, or providing a service to, a person who is identifying themselves correctly. This ensures that the information you receive from a check is correct and connected to the person you are dealing with.

There are other reasons to use such a service, however. For example, if you run a business with an online component identity verification at login, it’s important for data protection purposes. 

Identity verification is also an important part of risk management for most businesses and can help you to avoid fines and legal issues, reduce the risk of fraud, and help you to meet regulatory requirements while showing due diligence.

How Do Identity Verification Services Work?

Digital identity verification services collect and verify personal data and information, usually at the point of account access or onboarding to a new service, by checking it against reputable sources. There are different approaches to this process:

  • Data-oriented digital verification
  • Traditional, document-based digital identity verification

In most cases, data-based identity verification is sufficient, especially for platforms such as online shopping or online lottery ticket purchases. In these cases, the service provider or business may request information such as your date of birth, full name, or national ID/social security number. 

What is an Identity Verification Service and How Does it Work?

For financial services, such as banking or personal loan applications, however, digital document-based verification is usually required. In these cases, the institution or business you are dealing with may request copies or pictures of official documents, such as your driver’s license or birth certificate.

Whichever method of identity verification a company or institution undertakes, the process of verification is the same. The documents or data provided will be checked against trusted sources to ensure that all details match perfectly. When there are no issues, this is a very quick process that should take no more than a few minutes.

What Happens When An Identity Check Fails?

So, what happens when the identity verification process fails? What are the secondary processes, and what are the repercussions when information is found to be false? There are a number of potential issues that can cause queries or failures in the identity verification process. The most common are:

  • Typos or spelling errors.
  • Out-of-date documentation.
  • Obscured or damaged documentation.
  • Poor image quality regarding documentation.

In most cases, the first reaction of a company will be to query the details that do not match or request that documentation be re-sent. If all is in order, they may proceed to a positive verification, but it is also common for companies to ask for secondary or supporting information or documents in these cases.

If issues cannot be resolved and it is impossible to verify the identity of a person, there are two possibilities. Firstly, and in most cases, services will be denied to the applicant on the basis of failed identity verification.

In some cases, however, more robust action may be taken. For example, trying to open a bank account under a false name is a legal offense and financial institutions may see fit to hand information over to the authorities. 

What’s Amazon Rekognition Identity Verification | Amazon Web Services

Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution

Tags: Identity Attack Vectors, Identity Check

Feb 21 2022

BEC scammers impersonate CEOs on virtual meeting platforms

The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms

The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both entities and individuals who perform legitimate transfer-of-funds requests

Cybercriminals are targeting organizations of any size and individuals, in BEC attack scenarios attackers pose as someone that the targets trust in, such as business partners, CEO, executives, and service providers.

Scammers use to compromise legitimate business or personal email accounts through different means, such as social engineering or computer intrusion to conduct unauthorized transfers of funds.

Crooks started using virtual meeting platforms due to the popularity they have reached during the pandemic.

The Public Service Announcement published by FBI warns of a new technique adopted by scammers that are using virtual meeting platforms to provide instructions to the victims to send unauthorized transfers of funds to fraudulent accounts.

“Between 2019 through 2021, the FBI IC3 has received an increase of BEC complaints involving the use of virtual meeting platforms to instruct victims to send unauthorized transfers of funds to fraudulent accounts. A virtual meeting platform can be defined as a type of collaboration technique used by individuals around the world to share information via audio, video conferencing, screen sharing and webinars.” reads the FBI’s PSA.

Crooks are using the virtual meeting platforms for different purposes, including impersonating CEOs in virtual meetings and infiltrating meetings to steal sensitive and business information.

Below are some of the examples provided by the FBI regarding the use of virtual meeting platforms by crooks:

  • Compromising an employer or financial director’s email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or “deep fake1” audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
  • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations.
  • Compromising an employer’s email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.
BEC virtual meeting platforms

Below are recommendations provided by the FBI:

  • Confirm the use of outside virtual meeting platforms not normally utilized in your internal office setting.
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

Tags: CEO, scammers impersonate

Feb 20 2022

Protecting Your Data Online – How to Prevent Identity Theft

Category: Identity TheftDISC @ 12:55 pm

As technology progresses, our daily activities are moving online. This includes tasks that we may not think of as being particularly sensitive, such as shopping and banking. While this makes our lives easier in many ways, it also leaves us vulnerable to identity theft. Here are seven tips to protect your data and reduce your risk of it showing up on the dark web.

1) Shred sensitive documents

Shredding sensitive documents is an easy way to protect yourself against identity theft or data breaches. For example, when you receive junk mail that contains your personal information (such as pre-approved credit card offers), it’s best to cut up the document into pieces rather than just throw it in the garbage bin. This also goes for unsolicited checks in the mail and other unwanted or unsolicited offers. By cutting up or shredding these types of documents, you prevent someone else from stealing your personal information and more easily disposing of them. The same principle can be applied with old papers containing important information such as bank statements and tax returns – before throwing something away, ask yourself if anyone could get access to it if they took the paper out of your garbage can. If so, shred it!

2) Be cautious about what you post online

Before posting anything on Facebook or Twitter, ask yourself if you would be comfortable if everyone in the world read the information. The Internet is an amazing resource that can provide us with huge amounts of information right at our fingertips. However, it’s important to be aware that just because something is “just for friends” doesn’t mean that someone else won’t see your posts. Remember that this includes any selfies you may take – anyone could grab a picture off of your page, re-post it elsewhere, or even print it out and keep a copy long after you have deleted the original from your computer.

3) Ensure your passwords are strong

When choosing a password, it is very important to use diverse information that is difficult for others to guess. Avoid using real words or meaningful personal information in your passwords, even when combined with numbers or symbols. For example, “ilovemycat” might seem like an unlikely password choice at first glance, yet there are websites out there designed to reveal simple passwords such as these within seconds. A stronger approach would be to create a random string of characters and numbers, such as the phrase “I l@ve mY cAt.” You could then add on some additional characters or numbers if you preferred that people not know which type of animal you love so much! The more complex and unique your password is, the better chance you have of keeping it safe.

4) Use two-factor authentication

An easy way to add another level of security when signing into websites such as Facebook or Gmail is to enable “two-factor authentication.” For example, after entering in your password, a unique code will be sent by text message to the phone number you provided when setting up two-factor authentication. The code must then be entered before you can access your account. This adds a layer of protection since a hacker would need more than just your password in order to get into your accounts – they would also need access to your cell phone! Note that certain banks may also offer this feature for accessing protected accounts via their online banking portal. If you are unsure, contact your bank to find out more about two-factor authentication.

5) Password protect your devices

Another way to prevent unauthorized access is by password-protecting your cell phone or tablet. You may think that this is unnecessary or unimportant, but it can actually be a very important step in securing your data and preventing others from accessing it without consent. For example, if you lose your phone somewhere where someone could pick it up off the ground (such as on public transit), they wouldn’t be able to access your device without knowing the PIN code for unlocking it first. This is an easy step that many people neglect yet protects against any potential personal information leaks through lost or stolen electronic devices.

6) Be mindful of when your software is updated

Another easy way to protect yourself from the latest security risks is by updating your software and programs promptly. Both Mac and PC users can agree that it’s not always fun to spend time shutting down what you’re doing to update your computer or phone, but it is important! You may even receive updates through your system itself, such as Apple OS X – make sure you accept all updates when they are available so that you can keep up with the latest versions of all programs installed on your devices.

7) Take precautions offline as well

While online precautions are important for protecting yourself against identity theft, physical protection of personal information at home should also be taken. If confidential documents are kept anywhere around the house, consider using security safes that can be locked. This makes it difficult for someone to come along and take your information or documents without checking first.

Protecting Your Data Online - How to Prevent Identity theft

How to Prevent Identity Theft: How Anyone Can Protect Themselves from Being a Victim of Identity Theft

DISC InfoSec Tools and training

DISC InfoSec Books

DISC InfoSec Services

Tags: Prevent Identity Theft

Dec 23 2021

Combating identity fraud: The key is to avoid stagnation

Category: Identity TheftDISC @ 9:57 am
As cybercrime sophistication reaches new heights, what can organizations do to tackle these new threats?

Phishing, identity theft, and ransomware are not new types of cyberattacks. What is new is bad actors increasingly using automation and other advanced technologies to more quickly identify and exploit vulnerabilities in organizations’ defenses to access or steal sensitive data without being detected.

One commonality among most attackers is their desire to achieve the most lucrative outcome. They view themselves as a business, and like any business, they want to increase their ROI. Using automated bots is an easy and inexpensive way to identify vulnerable targets and launch their attacks.

Therefore, organizations must build and enforce barriers that the criminal determines are too complex and expensive to overcome. One way to do so is by conducting extensive vetting during the new customer onboarding process that challenges customers to verify their identities. A rigorous approach to onboarding not only ensures the person creating a new user account is who they say they are and builds trust, but it will also compel a bad actor to give up and move on to their next target.

What are the technologies they can use not only to protect themselves but their customers too?

Identity Theft: Satan’s Greatest Crime Against Humanity

Tags: identity fraud, Identity Theft

Jun 17 2021

Identity Theft: Learn How to Stay Safe and Not Become a Victim

Category: Identity TheftDISC @ 10:48 am

Did you know the odds of being struck by lightning in a given year are only around 1 in 100,000,000? That’s not a scary thought, mainly since 9 out of 10 people survive.

But when it comes to identity theft, the odds are 1 in 15. Worldwide, there’s a new victim every 2 seconds. Now, that is spine-chilling!

Identity theft is the most common consequence of a data breach. Defrauding and stealing someone’s identity is easier today than it has ever been in history.

Let’s go behind the scenes of an identity theft maneuver and learn how you can protect yourself from it.

What is identity theft

Identity theft occurs when someone uses your personal identifying information (like your name, social security number, or credit card number) without your knowledge or permission. The purpose of identity theft is to commit fraud or other crimes.

Identity thieves gain financial advantages or other benefits, while victims suffer financial loss and possibly other severe consequences, including being accused of a crime they didn’t commit.

Source: How identity thieves grab your information

Tags: identity fraud, Identity Theft, Identity Theft Countermeasures

Mar 16 2021

Using IAM Solutions to Beat Deepfakes and Fraud

Category: 2FA,Access Control,App Security,Identity TheftDISC @ 8:18 am
IAM fraud JumpCloud

AI and ML technologies have made great strides in helping organizations with cybersecurity, as well as with other tasks like chatbots that help with customer service.

Cybercriminals have also made great strides in using AI and ML for fraud.

“Today, fraud can happen without stealing someone else’s identity because fraudsters can create ‘synthetic identities’ with fake, personally identifiable information (PII),” explained Rick Song, co-founder and CEO of Persona, in an email interview. And fraudsters are leveraging new tricks, using the latest technologies, that allow them to slip past security systems and do things like open accounts where they rack up untraceable debt, steal Bitcoin holdings without detection, or simply redirect authentic purchases to a new address.

Some increasingly popular fraud tricks using AI and ML include:

  • Deepfakes that mimic live selfies in an attempt to circumvent security systems
  • Replicating a template across a dozen or more accounts to create fake IDs (these often use celebrity photos and their public data)
  • Mimicking the voice of high-level officials and corporate executives to extort personal information and money
  • Chatbots as phishing tools to gather personal information

“With this pace of evolution, companies are left at risk of holding the bag — they are not only losing money directly through things like loans and fees they can’t recoup and any restitution to impacted customers, but they’re also losing trust and credibility. Fraud costs the global economy over $5 trillion every year, but the reputational costs are hard to quantify,” said Song.

How IAM Tools Can Spot and Prevent High Tech Fraud

Tags: Deepfakes and Fraud, IAM Solutions

Nov 05 2020

Spotting a Common Scam

Spotting a Common Scam 

These scams seek to collect personal information about you, often appearing to come from a real business or agency. Someone may pose as an official disaster aid worker, or send you a fraudulent COVID contact tracing email. If you receive a message with a link, you should not click it as it may download malware to your device to steal passwords and personal information. Government agencies like FEMA or the IRS will never contact you asking for a FEMA registration number, a Social Security number, or a bank account or credit card number to give you a COVID or FEMA payment—or ask you to pay anything up front to fill out an application or to access state or federal resources.




Before sharing, check that what you are reading is from a trustworthy source. Disinformation can be life threatening in a global pandemic.



No cures or vaccines have been approved for COVID-19 yet. Online offers claiming to provide a medicine or device to treat or prevent COVID should be ignored. When there is a new breakthrough in the treatment and prevention of COVID, it will be widely reported on by reputable news sources.





Fake charities often emerge following a crisis, soliciting donations, but not using them for the described purpose. Before donating, check out  to research the organization and make sure it’s legitimate.



If you receive a robocall, you should hang up instead of pushing any buttons or giving away any personal information. If a call claims to be from the IRS or FEMA, but demands immediate payment through debit card or wire transfer, it is fraudulent. Federal agencies will never demand immediate payment over the phone, threaten immediate arrest, or ask you to make a payment to anyone other than the U.S. Treasury.

Warning Signs that a Loved One may be the Victim of a Scam 
Victims to a scam may be embarrassed or uncomfortable asking for help. It’s not always obvious when someone has been scammed, so check in with your loved ones frequently, especially if they are older, live alone, or are otherwise high risk.

Warning signs include large ATM withdrawals, charges, or checks; secretiveness and increased anxiety about finances; large quantities of goods being delivered that they do not need; an unusual number of phone calls or visits from strangers; and a sudden lack of money, unpaid bills, or a change in daily habits.


For more information, and to get help with a potential FEMA fraud, you can call the National Center for Disaster Fraud Hotline at 866-720-5721 or FEMA’s Public Inquiry Unit at 916-210-6276. For questions about pandemic scams, go to or www.cdc.goc/coronavirus/2019-ncov .

Tags: common scam, scam

Jun 19 2020

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Category: Identity TheftDISC @ 8:31 am

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

Source: FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

May 31 2019

Watch Cyber Security Is It Your Time For Identity theft, Yet?

Category: Identity TheftDISC @ 6:05 am

This course is about helping you to survive an identity theft, attempt to educate you on how to prevent a direct identity theft attempt, know what to look for and how not be the one who helped the thief take your personal information. With your new found knowledge take it to your family so they can avoid years of headaches.

Source: Watch Cyber Security Is It Your Time For Identity theft, Yet? | Prime Video

 Subscribe in a reader

Tags: identity fraud, Identity Theft, identity theft and data security breaches, Identity Theft Countermeasures, Stopping Identity Theft

Apr 08 2019

How to protect your business from tax fraud

Category: Identity TheftDISC @ 10:45 am

With the April 15th filing deadline around the corner, cybercriminals are counting on a rushed response to questions to infect potential victims.

Source: How to protect your business from tax fraud

Enter your email address:

Delivered by FeedBurner

Tags: tax fraud, tax scam

Mar 25 2017

Discover the prank caller with reverse phone search

Category: Background check,eDiscovery,Identity TheftDISC @ 3:08 pm

The availability of free reverse mobile phone lookup services on the web may prove to be useful in future. The service comes with a number of benefits especially when a comparison with paid directories is made. Many people are getting to know that the cell phone lookup services are getting not only more common but also more available.

The method is a fantastic as it can be used to find friends or other people who have been out of the life of other people for a while. Any person who is being sought will definitely be found given that he or she has a cell phone.

You can easily track someone down with the help of the free reverse phone number service. Within a fraction of a minute, you will be at a position to know the age, address and also the location of the person whom you are trying to find.

All of those involved in this process should look for a service which offers the necessary protection for private information, information about criminal records and many more. This is a necessary deterrent against scam and fraud. There are people who may use your sensitive information to commit fraud therefore it is necessary in today’s digital economy that you perform the necessary check and take advantage of this protection. The key is to perform necessary safeguard to protect your digital identity before it is too late.

Many companies offering this service claim that they can help you find any phone number. Since the system is a bit new, it is imperative that you look for a reliable provider. Locating the perfect company for this service enables you find the information that you need quickly.

The company buys cell phone numbers from large databases hence making it the best way to track down callers who have become unnecessary nuisance. With an internet connection, you can start finding the identity of the prank callers now.

Reverse Phone LookUp

Reverse Phone Checkup & Trace Any Phone Number – Include Phone Numbers, Addresses and Background check

Reverse Phone Ferret – Include Phone Numbers, Addresses & Background check including sex offender


Sep 23 2011

Copy Machines, a Security Risk

Category: Identity TheftDISC @ 8:22 pm

Think you know how to keep your information safe? Think again.

Jul 03 2011

Identity Theft Prevention | Credit Reports & Fraud Alerts

Category: Identity Theft,Security AwarenessDISC @ 10:45 pm

“Identity theft is the information age’s new crime. A criminal collects enough personal data on the victim to impersonate him to banks, credit card companies and other financial institutions. Then he racks up debt in the victim’s name, collects the cash and disappears. The victim is left holding the bag.
While some of the losses are absorbed by financial institutions–credit card companies in particular–the credit-rating damage is borne by the victim. It can take years for the victim to completely clear his name.” Bruce Schneier

More Info on Identity Theft Countermeasures and Safeguards

Aug 23 2010

13 Things an Identity Thief Won’t Tell You

Category: Identity TheftDISC @ 11:10 am
Identity Thief, Incognito
Image by CarbonNYC via Flickr

Stopping Identity Theft: 10 Easy Steps to Security

by Reader’s Digest Magazine, on Thu Aug 12, 2010 Interviews by Michelle Crouch

Former identity thieves confess the tactics they use to scam you.

1. Watch your back. In line at the grocery store, I’ll hold my phone
like I’m looking at the screen and snap your card as you’re using it.
Next thing you know, I’m ordering things online-on your dime.

2. That red flag tells the mail carrier-and me-that you have outgoing
mail. And that can mean credit card numbers and checks I can reproduce.

3. Check your bank and credit card balances at least once a week. I can
do a lot of damage in the 30 days between statements.

4. In Europe, credit cards have an embedded chip and require a PIN,
which makes them a lot harder to hack. Here, I can duplicate the
magnetic stripe technology with a $50 machine.

5. If a bill doesn’t show up when it’s supposed to, don’t breathe a sigh
of relief. Start to wonder if your mail has been stolen.

6. That’s me driving through your neighborhood at 3 a.m. on trash day. I
fill my trunk with bags of garbage from different houses, then sort

7. You throw away the darnedest things-preapproved credit card
applications, old bills, expired credit cards, checking account deposit
slips, and crumpled-up job or loan applications with all your personal

8. If you see something that looks like it doesn’t belong on the ATM or
sticks out from the card slot, walk away. That’s the skimmer I attached
to capture your card information and PIN.

9. Why don’t more of you call 888-5-OPTOUT to stop banks from sending
you preapproved credit offers? You’re making it way too easy for me.

10. I use your credit cards all the time, and I never get asked for ID.
A helpful hint: I’d never use a credit card with a picture on it.

11. I can call the electric company, pose as you, and say, “Hey, I
thought I paid this bill. I can’t remember-did I use my Visa or
MasterCard? Can you read me back that number?” I have to be in
character, but it’s unbelievable what they’ll tell me.

12. Thanks for using your debit card instead of your credit card.
Hackers are constantly breaking into retail databases, and debit cards
give me direct access to your banking account.

13. Love that new credit card that showed up in your mailbox. If I can’t
talk someone at your bank into activating it (and I usually can), I
write down the number and put it back. After you’ve activated the card,
I start using it.

Tags: Automated teller machine, Business, Credit card, debit card, Financial services, Identity Theft, MasterCard, Visa

Aug 09 2010

Identity theft: How to protect your kids

Category: Identity TheftDISC @ 10:34 am
identity theft
Image by TheTruthAbout… via Flickr

Stopping Identity Theft: 10 Easy Steps to Security

Identity theft that targets children is rising. Here are five steps to protect your family

By Alissa Figueroa

Identity theft has grown into a multibillion-dollar problem. And it’s not only adults who are targeted.

At least 7 percent of the reported cases of identity theft target children. The number could actually be much higher, since many families don’t discover theft until a child applies for credit.

And the problem is likely to get worse before it gets better, the Associated Press reports, as identity thieves steal children’s dormant Social Security numbers and use them to create phony lines of credit and rack up debt, sometimes for years.

The scam, which has popped up only in the last year, is difficult to guard against, says Linda Foley, cofounder of the Identity Theft Resource Center (ITRC), an organization that offers counseling and resources to identity theft victims. The ITRC has seen a notable jump in the number of children identity-theft cases in the last year, reaching about 9 percent of its caseload this month.

“There’s no way to protect your child completely,” says Ms. Foley. That’s partly because these thieves are likely using sophisticated programs that mine for dormant numbers through school or doctor’s offices databases, which often require that children’s Social Security numbers be provided. And partly because tactics for selling the numbers are constantly evolving, making this kind of theft difficult to track.

Since credit issuers do not keep track of the age of Social Security number holders, they cannot alert families when a child’s number is being used. That’s something Foley’s organization has been trying to change since 2005, and a protection she considers vital for preventing child identity theft on a large scale.

There is some advice that parents can follow, though, to reduce the risk of identity theft:

1. Be cautious with your child’s Social Security number. Always ask why an organization needs the number and when possible, do not give it out. Be careful about which individuals, even friends and family, have access to your child’s number. Many identity thieves know their victims. Destroy extra documents that list your child’s number.

2. Talk to your kids about identity theft. Teach children not to divulge their personal information on the telephone and online.

3. Do not check your child’s credit report unless you have reason to believe there’s a problem. A minor should not have a report unless someone has applied for credit using that child’s Social Security number. To order reports unnecessarily can establish a credit report, opening a door to thieves, according to the ITRC.

4. Watch for red flags. If you receive pre-approved credit card offers or calls from collection agencies, run a credit report on your child immediately to see if there has been fraud.

5. Contact an identity theft specialist if you suspect a problem. There are several resources for families concerned with issues of identity theft. Visit the ITRC’s website for facts and information, or call its hotline at (888) 400-5530. You can also find information on the Federal Trade Commission’s identity-theft-prevention website.

Tags: Credit card, crime, Federal Trade Commission, Identity Theft, ITRC, Linda Foley, Social Security number, Theft

Mar 18 2010

Mary’s Pizza hit by hackers

Category: Identity Theft,pci dssDISC @ 3:32 pm

Information Security Wordle: PCI DSS v1.2 (try #2)
Image by purpleslog via Flickr

There is a big misconception out there that PCI DSS compliance does not apply to us, we are relatively small company

The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It is the total cost of ownership which ensures that you keep earning big money. DISC


Patrons of Mary’s Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker.

Vince Albano, chief executive officer for the 18-store chain, expects to receive a report by Friday detailing the breadth and timing of the breach.

Once that is known, Albano plans to take out newspaper ads to warn diners who ate at the Spain Street outlet during that period that they might want to cancel their credit cards and get new ones.

Albano said his company doesn’t have the ability to notify potential victims directly because the credit card companies won’t release their names.

The breach was first discovered by the restaurant’s in-house technology expert on Feb. 10 after friends and customers called to complain about errant charges on their credit cards, Albano said. He hired a Chicago-based high-tech forensics firm, Trustwave, to pinpoint the problem.

“Trustwave said they traced it to Russia but I also heard it may be Luxembourg,” Albano said of the suspected location of the hacker.

Albano said his company immediately notified banks and credit card companies of the breach to stop further illegal charges to his customers.

Mary’s may not be the only business hit by the hacker, Albano said. Customers at other businesses in the Sonoma Valley also reportedly have been hit, he said.

“We are addressing the issue but the issue is larger than Mary’s Pizza Shack,” he said.

The Sonoma County Sheriff’s Department is heading up the investigation.

Albano declined to speculate how many of his customers may have had their credit card numbers stolen. Pending Trustwave’s report, he declined to say over what period of time the thefts occurred or how many of the cards were fraudulently used.

But he said his company has invested $20,000 to make the computer systems at all 18 outlets “100 percent protected.”

“We want to do right by our customers. We have been locked down tight since Feb. 23,” he said.

Read more in the Press Democrat.

Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question

Tags: Chief executive officer, Credit card, Payment Card Industry Data Security Standard, Sonoma Valley, Total cost of ownership

Mar 10 2010

Anti-fraud service bamboozle consumers

Category: Identity TheftDISC @ 1:42 am

Seal of the United States Federal Trade Commis...
Image via Wikipedia

by Edward Wyatt
provided by –

Lifelock, the company that brazenly broadcast its chief executive’s Social Security number as part of its claim that it could protect anyone against identity theft, agreed on Tuesday to pay $12 million to settle charges that it misled consumers about the effectiveness of its service.

The settlement, announced by the Federal Trade Commission and a group of 35 state attorneys general, requires Lifelock to refrain from making further deceptive claims and take more stringent measures to safeguard the personal information that it collects from customers.

Jon Leibowitz, the chairman of the trade commission, said that “several hundred persons, at least,” who were Lifelock customers had become victims of identity fraud while using the company’s services. Customers typically paid $10 a month for the services, he said.

The commission also claimed that the “fraud alerts” Lifelock placed on individuals’ credit files protected only against certain types of identity theft, mainly the opening of new accounts, which is the cause of fewer than 1 in 5 cases of identity theft.

Lifelock’s customers were left vulnerable to having their current accounts misused, the most common form of the crime. About eight million Americans have their identity used illegally each year, the officials said.

“This was a fairly egregious case of deceptive advertising from our perspective,” Mr. Leibowitz said.

In an interview, Todd Davis, the Lifelock chief executive, said that the company had adopted a new advertising campaign that complied with the trade commission’s request. “We have differing views on what the intent of the message was” of the earlier ads, Mr. Davis said, adding that he believed the commission’s actions “set a standard for the entire industry to follow.”

Lisa Madigan, the Illinois attorney general, who joined Mr. Leibowitz in announcing the action at a news conference in Chicago, said that while Lifelock did provide some legitimate services, “most of what they did, you can do on your own and you can do it free.”

The biggest problem with the company’s claims, she said, was its guarantee to prevent identity theft from ever happening. “There is nothing you can do or you can purchase that is a 100 percent guarantee against identity theft,” Ms. Madigan said.

Mr. Davis knows the truth of that. After he began broadcasting his Social Security number, dozens of attempts were made to secure credit or identification using the information. At least one attempt succeeded, when a man in Texas secured a $500 payday loan using Mr. Davis’s Social Security number.

Tags: Attorney general, Federal Trade Commission, Identity Theft, Jon Leibowitz, LifeLock, Lisa Madigan, Social Security number, Todd Davis

Feb 23 2010

New phishing scams attack with precision

Category: Identity TheftDISC @ 1:10 pm

Phishing: Cutting the Identity Theft Line

When TippingPoint’s president and chief technology officer, Marc Willebeek-Lemair, received an e-mail from the Federal Trade Commission informing him that a client was filing a complaint against his network security company for overcharges, he was directed to download the complaint – a Microsoft Word file – from an FTC Web page and return the attached form with any questions about the process.

The message, sent in 2008, was an elaborate scam targeting top-level executives.

TippingPoint researchers discovered the sender’s address had been “spoofed” (faked) and the link didn’t lead to the FTC’s Web site. In fact, the document – which looked like an FTC complaint – was infected with a data-stealing Trojan horse. Because the message referred to Willebeek-Lemair by name and no one else in TippingPoint received the message, the company concluded that criminals studied its chain of command and selected their target.

“It specifically said something that a C-level executive would get immediately alarmed about,” said Rohit Dhamankar, director of security research at TippingPoint’s DVLabs.

The message is an example of an increasingly common hacker technique known as spear-phishing, a much more effective and carefully crafted variation of the phishing lures that seek to trick victims into surrendering their private data.

Researchers believe that as spam-filtering technology has improved and people have become savvier at recognizing phishing ploys (such as the classic Nigerian e-mail scam), criminals are now dedicating more time and resources to going after specific groups of individuals. They often trick users into downloading malicious software from infected Web pages or e-mail attachments like Adobe Reader PDFs and Microsoft Office documents.

Carefully planned
In these attacks, the hackers identify specific individuals or groups of people with something in common. To make their attacks more effective, criminals take pains to impersonate credible sources, adorning messages with professional graphics and composing well-written stories to hook their targets.

To personalize the messages and make them more convincing, security researchers believe criminals run simple search queries to find biographical information, including a person’s position within an organization and their responsibilities. Hackers can also learn names of friends.

“This is very easy to do. Google, Facebook, LinkedIn and other sites can provide valuable information about anybody,” Dhamankar said.

The extra homework pays off. The Anti-Phishing Working Group estimates that less than 1 percent of people who receive one of the billions of generic phishing schemes sent every day take the bait. Meanwhile, estimates from several experts place the success rate of these tailored attacks between 25 and 60 percent.

In a 2006 experiment by the department of computer science at Indiana University, researchers sent e-mails with test links to almost 500 students purporting to come from friends with the intent of finding out how many would unwittingly have fallen for a real attack.

Even though researchers placed obvious clues to recognize the test – like prominently displaying the word “phishing” in the phony Web site – 72 percent of respondents gave their user names and passwords away.

“That is a dramatic yield. That’s the power of using the spear,” said Markus Jakobsson, principal scientist at the Palo Alto Research Center and one of the experiment’s authors.

Nilesh Bhandari, product manager at Cisco IronPort Systems’ security technology unit, estimated targeted attacks comprise less than 1 percent of all phishing schemes, but he said criminals intentionally keep the volume low. The fewer of these ploys there are, the more difficult it is for researchers to study and filter them out.

“The challenge is really finding the needle in the haystack,” Bhandari said.

Targeted attacks can go after anyone: from job seekers, gamers and gamblers to military contractors, pro-Tibet activists and people who just happen to live in a geographical area selected by the criminals. Last year, the FBI said that small and medium-size businesses have lost at least $40 million since 2004 to criminal exploits like spear-phishing.

“Most advanced users do not fall for regular phishing but (they) do fall for targeted attacks,” said Mikko Hypponen, chief research officer at Finnish security firm F-Secure. “You get an e-mail from someone you know, talking about real events and pointing to a normal-looking attachment. Would you open it? Of course you would.”

In spear-phishing samples collected by F-Secure, criminals hacked e-mail addresses from the domains of George Washington University, the Washington Post and even the State Department.

Attack on Google
The most notable instance of spear-phishing recently is the January attack on Google that attempted to hack into the Gmail accounts of Chinese human rights activists and steal valuable source data from the search giant and more than 30 other tech companies.

Researchers now know that criminals identified key Google staffers, found out who their friends were and fashioned attacks to lure them to infected Web pages.

“They were all attacked for a particular reason. (The hackers) knew the machines and networks they wanted to access. They knew who was sending e-mails to their targets and who they were receiving them from. It speaks to the reconnaissance they did beforehand,” said David Marcus, director of security research at McAfee Labs.

These types of attacks are particularly dangerous because, as the attack on Google demonstrated, anyone can fall for them.

“In terms of internal security, it’s the weakest link – people who might not be involved with security technology – who fall for these attacks,” Dhamankar said. “If someone was targeting an entire company and sends spear-phishing to all employees, even if one or two people click on that link, (the tactic) succeeds because the criminal has gotten a foothold in the enterprise.”

Dodging the spear
It is difficult to fend off an attack from a crook determined to steal your information, but security experts suggest a few simple precautions that can go a long way:

— Above all, keep your security software up to date.

— If a link is malicious, rolling the cursor over it without clicking sometimes reveals a URL leading to a different address than the one it promises.

— Never share personal information solicited through e-mail. When in doubt, go to the Web site of the organization purporting to send the message instead of clicking on any links.

— Be suspicious of links and attachments sent through e-mail or social networks.

Sources: Cisco Systems and TippingPoint

By Alejandro MartĂ­nez-Cabrera: Read more:

Tags: Anti-Phishing Working Group, Nigerian e-mail scam, spam-filtering, spear-phishing

Dec 04 2009

Five ways to lose your identity

Category: Identity TheftDISC @ 2:42 pm


By Jaikumar Vijayan
The rush by shoppers to the Web makes the season a great time for online retailers. It’s also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

Checkout huge savings on Today’s Hot Deals on Information Security Solutions for the holidays

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups, and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

Below are the identity theft awareness tips which can help maximize your exposure to online fraud.

Tip No. 1: Open all attachments from strangers and click on all embedded links in such e-mail messages. Such actions remain one of the most effective ways to provide thieves with personal information and financial data. All a hacker needs to do is find computer users who instinctively open e-mail messages from strangers, even those who write in a foreign language. The action can open the door to keystroke loggers, rootkits, or Trojan horse programs. Crooks can also easily install backdoors to easily steal data without attracting any attention. Once installed, hackers gain unfettered access to personal data and can even remotely control and administer systems from anywhere.

Tip No. 2: Respond to Dr. (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country. Users are told they will undoubtedly be rewarded for helping to get their “well-packed trunk boxes” full of cash out of Nigeria. And to make sure to provide bank account information, login credentials, date of birth, and mother’s maiden name so that they can wire the reward directly into a checking account in time for the holidays.

Tip No. 3: Install a peer-to-peer file-sharing client on your PC and configure it so all files, including bank account, Social Security, and credit card numbers, along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network. Your personal data will stream over the Internet while you check out what songs you can download for free without getting sued by the RIAA.

Tip No. 4: Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as “123456” and “abcdef” and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers. For maximum exposure, keep passwords short, don’t mix alphabets and numerals, and use the same password for all accounts.

Tip No. 5: Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers. Users can help them out by making sure their anti-virus software and anti-spyware tools are at least 18 months out of date or by not using them at all. Either way, it’s very likely that your computer will be infected with a full spectrum of malware.

For additional tips on how to shop securely on Christmas and holidays season:
How to shop safely online this Christmas
Identity theft tip-off countermeasure and consequence | DISC

Please comment below regarding any other new and emerging threat which needs to be addressed during holiday’s season?

Reblog this post [with Zemanta]

Tags: antivirus, Christmas and holiday season, Computer security, Credit card, File sharing, hacker, Identity Theft, Malicious Software, Malware, Online shopping, Personal computer, Security, shop safely, shop securely, Spyware, threats, trojan, Trojan horse

Oct 20 2009

Identity Theft Tip off, Countermeasure and Consequence

Category: Identity TheftDISC @ 3:30 pm

Grand Theft Scratchy: Blood Island
Image by wƂodi via Flickr
Americans fear having their identities “stolen” by cybercriminals more than they do becoming victims of a terror attack, getting mugged or having their homes burglarized, according to a new survey released by Gallup, a polling firm.

Stopping Identity Theft: 10 Easy Steps to Security

Identity theft is a crime in which an attacker/hacker obtains your personal information, such as Social Security, credit cards numbers or driver’s license numbers etc. The attacker/thief can use your personal information to obtain credit, merchandise, and services in your name which will ruin your credit and may even create a criminal record.

An identity thief can be any stranger who steals your personnel information or may be someone posing as a bank representative (social engineering) to get your personal information over the internet.
The problem is you may not realize that you have been victimized by identity theft until you receive your statement. That’ why it is important to have some check in place which will tip off that you might have been victim of identity theft until it is too late. As the saying goes “trust but verify”.

10 million Americans fell victim to identity theft last year (08) alone. In a recent story from the Dayton Daily News, the Better Business Bureau’s John North noted that some criminals are using text messages when hunting for consumers’ credit information. The practice, which has been dubbed “smishing”, combines text messaging and the practice of “phishing

Identity Theft Tip Off:
Sacramento county detective Sean Smith told how to detect credit card fraud and potential identity theft by looking for a cheap transaction on your statement.
He said some thieves will charge $1 on a credit card to test whether the card is active. The detective told viewers that’s a red flag that’s something suspicious is going on with your account, and you need to call the credit card company immediately.

Identity Theft Victims:
If you are the victim of identity theft, file a police report and take the following steps:

Notify the Credit Bureaus
Contact the fraud departments of any of the three major credit bureaus to
place a fraud alert on your credit file.

TransUnion: 1-800-680-7289;; Fraud Victim Assistance
Division, P.O. Box 6790, Fullerton, CA 92834-6790

Equifax: 1-888-766-0008;; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9532, Allen, TX 75013

After cleaning your records from identity theft incident, check credit report periodically to make sure no new activity has occurred.

Identity Theft Consequences:
Consequences of identity theft can be serious. Your credit history can be ruined, a loan could be denied because of a negative credit report, you could even be arrested for crimes you didn’t commit because someone has been using your identity.

Identity Theft Countermeasures:

  • Check your credit card, medical and bank statements regularly, even weekly, to look for any unusual activity or any charges on your card that you didn’t make.

  • Before throwing any document out that contains your personal information, you need to shred the document. Cross-cuts shredder is recommended.

  • Do not carry your Social Security card in your wallet.

  • Only carry the credit card you may be using on the trip.

  • Do not give personnel information unless you can verify the person.

  • Avoid business online, unless the site is secure meaning your data is encrypted during the transaction.

  • Close the accounts that you know or believe have been tampered with or opened fraudulently.

  • Place a freeze on your credit report.
  • Reblog this post [with Zemanta]

    Tags: credit card fraud, identity fraud, identity theaft, Identity Theft, Identity Theft Consequences, Identity Theft Countermeasures, Identity Theft Tip Off, Identity Theft Victims, social security fraud, Stopping Identity Theft

    Next Page »