Oct 20 2009

Identity Theft Tip off, Countermeasure and Consequence

Category: Identity TheftDISC @ 3:30 pm

Grand Theft Scratchy: Blood Island
Image by włodi via Flickr
Americans fear having their identities “stolen” by cybercriminals more than they do becoming victims of a terror attack, getting mugged or having their homes burglarized, according to a new survey released by Gallup, a polling firm.

Stopping Identity Theft: 10 Easy Steps to Security

Identity theft is a crime in which an attacker/hacker obtains your personal information, such as Social Security, credit cards numbers or driver’s license numbers etc. The attacker/thief can use your personal information to obtain credit, merchandise, and services in your name which will ruin your credit and may even create a criminal record.

An identity thief can be any stranger who steals your personnel information or may be someone posing as a bank representative (social engineering) to get your personal information over the internet.
The problem is you may not realize that you have been victimized by identity theft until you receive your statement. That’ why it is important to have some check in place which will tip off that you might have been victim of identity theft until it is too late. As the saying goes “trust but verify”.

10 million Americans fell victim to identity theft last year (08) alone. In a recent story from the Dayton Daily News, the Better Business Bureau’s John North noted that some criminals are using text messages when hunting for consumers’ credit information. The practice, which has been dubbed “smishing”, combines text messaging and the practice of “phishing

Identity Theft Tip Off:
Sacramento county detective Sean Smith told how to detect credit card fraud and potential identity theft by looking for a cheap transaction on your statement.
He said some thieves will charge $1 on a credit card to test whether the card is active. The detective told viewers that’s a red flag that’s something suspicious is going on with your account, and you need to call the credit card company immediately.

Identity Theft Victims:
If you are the victim of identity theft, file a police report and take the following steps:

Notify the Credit Bureaus
Contact the fraud departments of any of the three major credit bureaus to
place a fraud alert on your credit file.

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance
Division, P.O. Box 6790, Fullerton, CA 92834-6790

Equifax: 1-888-766-0008; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013

After cleaning your records from identity theft incident, check credit report periodically to make sure no new activity has occurred.

Identity Theft Consequences:
Consequences of identity theft can be serious. Your credit history can be ruined, a loan could be denied because of a negative credit report, you could even be arrested for crimes you didn’t commit because someone has been using your identity.

Identity Theft Countermeasures:

  • Check your credit card, medical and bank statements regularly, even weekly, to look for any unusual activity or any charges on your card that you didn’t make.

  • Before throwing any document out that contains your personal information, you need to shred the document. Cross-cuts shredder is recommended.

  • Do not carry your Social Security card in your wallet.

  • Only carry the credit card you may be using on the trip.

  • Do not give personnel information unless you can verify the person.

  • Avoid business online, unless the site is secure meaning your data is encrypted during the transaction.

  • Close the accounts that you know or believe have been tampered with or opened fraudulently.

  • Place a freeze on your credit report.

    • Reblog this post [with Zemanta]

    Tags: credit card fraud, identity fraud, identity theaft, Identity Theft, Identity Theft Consequences, Identity Theft Countermeasures, Identity Theft Tip Off, Identity Theft Victims, social security fraud, Stopping Identity Theft

    Oct 01 2009

    Sophisticated phishing attack and countermeasures

    Category: Cybercrime,Email Security,Identity TheftDISC @ 12:36 am

    phishing

    Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft

    Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily life people advise to retrace your steps when you lose something. The question is how you retrace your steps on cyberspace where some uber hackers know how to erase their footsteps to avoid detection. It is difficult to find phishers in cyberspace, and jurisdictional issues make it even harder to prosecute them. Then there is an issue of trust that phishers dupe people to believe that their web site is not fraudulent to collect personal/financial information.

    Below is an example of sophisticated phishing attack
    Link to phishing email

    It looks very legit, with all the correct data, logos, graphics and signatures.

    One giveaway: the TSA rule change has nothing to do with rental cars. It only affects your airline ticket vs your photo ID (drivers license, passport, whatever.)

    To verify that this is bad stuff, right click on the links. You get “http://click.avis.com/r/GDYHH9/16HY8/6V5I29/M93XX4/YCCJP/A5/h”, which looks OK on first glance, since it says “avis.com”. But myAvis should not send me to “click.avis.com”. I also noticed that all the other links send you to the same location.

    The clincher (here comes the geeky stuff:)

    To open a terminal window, press the “Windows key” and the letter “R”.

    You will see the “Run Dialog Box”. Type “cmd”, and press “OK

    Open a terminal window and run nslookup:

    C:\> nslookup
    > www.avis.com <<< check IP address of the real AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: www.avis.com canonical name = www.avis.com.edgekey.net. www.avis.com.edgekey.net canonical name = e2088.c.akamaiedge.net. Name: e2088.c.akamaiedge.net Address: 96.6.248.168 <<< get IP address of the real AVIS web site > click.avis.com <<< now check IP address of the bogus AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: click.avis.com canonical name = avis.ed10.net. Name: avis.ed10.net <<< not the same domain as the real AVIS domain Address: 208.94.20.19 <<< note IP address is in a totally different sub net > 208.94.20.19 <<< now do a reverse lookup of the fake AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 ** server can't find 19.20.94.208.in-addr.arpa.: NXDOMAIN <<< it should give you the web site name > avis.ed10.net <<< bogus AVIS web site name Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: Name: avis.ed10.net Address: 208.94.20.19 > 208.94.20.19

    Moral of the story: be very careful with links in emails and web pages. To check the authenticity of the link, right click on the link, copy that to a text file and take a good look.
    Don’t click on the phisher’s email. Type URL into web browser yourself

    ——————————————————————————————————————————–
    In the table below are the 12 threats to your online identity which can be manipulated in phishing scams, and possible countermeasures to protect your personal and financial information. Some threats are inadequate or no security controls in place. The last row of the table is a monitoring control to identify the warning signs of identity theft.
    ——————————————————————————————————————————–
    [TABLE=7]



    Download a free guide for the following cloud computing solutions

    Hosted email solution
    Hosted email archiving
    Hosted web monitoring
    Hosted online backup

    Tags: email archiving, Email Security, Identity Theft, online backup, phishing, phishing countermeasures, phishing threats, web security

    Oct 21 2008

    12 Phishing Threats and Identity Theft

    Category: Email Security,Identity TheftDISC @ 7:22 pm

    Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily life people advise to retrace your steps when you lose something. The question is how you retrace your steps on cyberspace where some uber hackers know how to erase their footsteps to avoid detection. It is difficult to find phishers in cyberspace, and jurisdictional issues make it even harder to prosecute them. Then there is an issue of trust that phishers dupe people to believe that their web site is not fraudulent to collect personal/financial information.

    Amongst the financial crisis, phishing might be on the rise because for many organizations information protection might be the last thing on their mind. The FDIC has created a webpage to inform and warn consumers about “phishing.” These days phishers have targeted social network organizations LinkedIn and Facebook where their members have been duped into revealing their sensitive data.

    Mainly phishing attacks are targeted to steal the identity. Now the question is, how easy it is to steal somebody’s identity? Let’s say a phisher has your name and address, and then he/she can get your Social Security number with the search on AccurInt or other personal database website. A Social Security number is not the only bounty a fraudster can find on these websites, other personal/private information is available as well at minimal cost.

    In the table below are the 12 threats to your online identity which can be manipulated in phishing scams, and possible countermeasures to protect your personal and financial information. Some threats are inadequate or no security controls in place. The last row of the table is a monitoring control to identify the warning signs of identity theft.

    [Table=7]

    Organizations should take necessary steps to protect against identity fraud and apply whatever state and federal legislation applies to your business. Organizations which are serious about their information security should consider implementing the ISO 27001 (ISMS) standard as a best practice, which provides reasonable due diligence to protect and safeguard your information.

    US Bank phishing attack exposed
    httpv://www.youtube.com/watch?v=n2QKQkuSB4Q


    (Free Two-Day Shipping from Amazon Prime). Great books

    Tags: accurint, countermeasure, cyberspace, due diligence, equifax, experian, facebook, fdic, financial crisis, fraudster, identity fraud, information protection, isms, iso 27001, jurisdictional, legislation, linkedin, phishing, prosecute, safeguard, social security, threats, transunion, uber hacker

    « Previous Page