July 24, 2005
I read your Blog and then I stole your identity. It was easy!
Criminals and slime bags are beginning to discover and exploit a rich source of data on you. Does your Blog contain enough data for them to steal your identity, follow you home, break into your house, kidnap your family, and other nasty actions?
Anyone can read a Blog.
Some Bloggers need a dose of reality! Maybe you live in a dream world so let me tell you that the Internet is a VERY dangerous place with criminals and slime bags lurking around every corner. When you create a Blog, the entire world can read it. Use your favorite Search Engine and hunt down a target. Remove your sensitive data and it may in fact still be available via the Internet Archive. Don't expect the major free Blogging services to warn you about this problem. I've yet to see them even hint at the perils involved in publishing personal data on your Blog. The other factor which contributes to this rich source of data for a fraudster is the "fad" nature of Blogs with so many of them dealing with life experiences where everyone thinks it's cool to use real data in great detail.
You have been warned!
For over a month I've been researching this issue and my findings are alarming. Just yesterday I found a Blog which included complete real names, a real home address, pictures and full names of the entire family, work history, and current employer. Here are the major issues/data which you should never Publish:
Don't use your full real name
Don't publish your home address
Pictures can be dangerous. If I have your picture and that of your children plus your name and address, it's a trivial task to lurk outside your house and wait for you to leave or follow you down the street.
Don't publish a detailed Biography of your life
Don't publish the name and location of your employer
Don't publish your Date of Birth and or the date (July 6) of your Birthday
Have I scared you?
I certainly hope so. I single sliver of real data on your Blog may in fact be fine, but a Blog which contains numerous personal details about you is an open invitation for the criminals. For example, If you choose to use your real name like Sally Smith and do not provide any other details then you are safe. On the other hand, providing your real home address is never advised since their are numerous ways to find out who lives at a given address, the phone number, or just wait outside your house until you leave.
Posted by Steve_S
February 14, 2005
Microsoft, eBay (PayPal) and Visa form The Phish Report Network (PRN)
In what amounts to a feeble and self serving PR move, these giants have banded together in an effort to rehabilitate their tarnished image, caused by the dramatic increase in Phishing.
What is the The Phish Report Network (PRN)?
"The Phish Report Network enables companies to reduce online identity theft by safeguarding consumers from phishing attacks. As the first worldwide anti-phishing aggregation service, the Phish Report Network provides subscribers with a mechanism for staging a united defense against phishing."
How does PRN work?
"The Phish Report Network is comprised of Senders and Receivers. Any company being victimized by phishing attacks, such as a financial services or e-commerce company, can subscribe to the Phish Report Network as a Sender and begin immediately and securely reporting confirmed phishing sites to a central database operated by WholeSecurity.
Other companies, such as Internet Service Providers (ISPs), spam blockers, security companies, and hosting companies, can join the Phish Report Network as Receivers. Subscribing as a Receiver provides access to the database of known phishing sites submitted by the Senders. Using this information, Receivers can effectively protect consumers by blocking known phishing sites in various software, email, and browser services. Additionally, real-time notifications of new phishing sites are available to Receivers to ensure up-to-the-minute protection against the latest attacks" Source
Nice try but NOT!
While I certainly support the education of surfers about the dangers of Phishing and even if we assume that the member sites will regularly update their sites with current data on Phishing attacks, PRN is not an effective device to significantly reduce Phishing. I'm also amused by the use of "defense" in the first paragraph of their mission statement.
First of all, surfers rarely go to the "real site" to see if the email they received is legitimate. They normally just click the link inside the email, submit their data, and the result is ID theft.
The first solution. SUE!
Next, haven't we learned anything from the battle against Spam? Thinking in terms of defensive actions is an exercise in futility. What should have happened first, is a series of legal procedures across multiple countries, accompanied by restraining orders to shut down the Phishing sites. These procedures are the only way to significantly reduce ID theft.
For an example of exactly what I'm talking about please take note of the numerous law suits filed in a short period of time by Microsoft and Pfizer. Microsoft sues for violations of the Federal CAN-SPAM law and at the same time Pfizer sues for violations of it's trademark on Viagra. These parallel lawsuits are an effective way to reduce abuse. You force the fraudsters to defend themselves across numerous courts, incur large legal bills, and let due process run it's course. Use this exact same principal against Phishing and you will reduce this ID theft.
My advice for you has not changed
Trash all emails which contain requests to click a link and visit a site to submit your confidential data. I don't care who the email appears to be from. Don't do business with firms who use email in this manner. Don't waste your time visiting sites for alerts and or installing ToolBars in your browser which attempt to notify you of a fraudsters Phishing site. If you wish to visit a site like PayPal then first launch a blank browser session and carefully type the URL into your browser. Look for the Padlock and double check the URL once you arrive.
Posted by Steve_S
December 21, 2004
Identity Theft: Review your Credit Reports on a regular basis
Reviewing your Credit Reports on a regular basis is a critical step in catching criminals who have stolen your credit via Identity Theft and also insures that the data is accurate. A recently enacted US federal law provides you with a Free report every 12 months from the major reporting agencies (Equifax, Experian and TransUnion).
Visit www.AnnualCreditReport.com for your Free Credit Report. The United States is divided into 4 regions with effective launch dates for each. The Western States is already open for your Free Report. You will need to copy and paste this URL into your browser since this site prevents nearly every other web site on the face of the planet from linking to it. Are they trying to keep it a secret and reduce costs? At a minamum, this action is deplorable. If you try a link from your site to theirs you will see this:
"For security purposes, www.AnnualCreditReport.com can be accessed by typing the web address "www.annualcreditreport.com", or from links from the Federal Trade Commission (www.ftc.gov), Equifax (www.equifax.com), Experian (www.experian.com) and TransUnion (www.transunion.com) websites.
AnnualCreditReport.com is the only web source authorized by all three nationwide consumer credit reporting companies from which free annual credit file disclosures can be requested."
This site is the result of the US Federal Law so you can rest assured that it's not only safe/secure but legitimate. We suggest you mark you calendar for the date you wish to retrieve your reports and do this every 12 months.
Print and then carefully review your Credit Reports for accuracy. If you find data that is not accurate, you have the right to dispute these entries by contacting each of the major Credit Reporting agencies. You need to contact all 3, since some lenders may only use one of them. Fortunately, they all have Web sites:
Equifax - www.equifax.com
Experian - www.experian.com
TransUnion - www.transunion.com
Each agency has a slightly different procedure and form for disputing your Credit Report. We suggest that you save all your correspondence and send the dispute forms via Certified Mail. The Internet is full of companies that claim they can improve your credit report for a fee. HA! No thank you. Read this:
"The Federal Trade Commission (FTC) cautions consumers to be wary of companies that make claims regarding credit repair. These companies, commonly called credit clinics, don't do anything for consumers that consumers cannot do for themselves at little or no cost. Beware of any organization that offers to create a new identity and credit file for you. The FTC and state attorneys general have filed actions against those who pursue these fraudulent practices. Here are some warning signs that the FTC and others say consumers should look out for to determine if they might be dealing with a credit clinic:" Click here to read more.
Posted by Steve_S
December 12, 2004
Identity Theft: Phishers think your an easy target and some of you are!
The use of phony/forged emails and or web sites to gather your personal financial data such as your credit card numbers, account usernames and passwords, social security numbers, and other personal data is increasing at an alarming rate. And, it's going to get much worse before it gets better. Learn how to prevent this.
The emails typically contain a request for your personal financial data and a link to visit Ebay, numerous banks, PayPal, brokerage accounts, and other financial firms. They often look very legitimate and so does the web site. Click here to see a more detailed list of the various types of Phishing attacks. Unfortunately, many folks submit this data to the fraudulent web site and then the criminals steal their identity. They use this data to purchase goods and or services with your Credit Card, obtain birth certificates, obtain social security numbers, obtain drivers license, and other damaging techniques.
How do you avoid this trap?
It's very simple, NEVER respond to these emails. NEVER click on a link inside one of these emails. Ignore them and send them to the trash.
Additional precautions:
If you are visiting a site, we suggest you type the URL into your browser and then bookmark the site. We never release our personal financial information to any party who calls us on the phone. If we think the request is valid, we will use our phone number from our records to call the party back. We don't do business with any firm who request this kind of data via email and or the phone.
If you have the time, we suggest you report these Phishing attacks to the Anti-Phishing Working Group. What do you do if you have given out your personal financial information? Visit this page for outstanding advice. Unfortunately, our undercover research indicates that Phishing attacks will continue to increase and the criminals will use new techniques to fool you. Expect to see fraudulent ecommerce sites, fraudulent escrow companies, downloads that grab your data, criminals advertising in major Search Engines, and using the US mail to request your data.
Posted by Steve_S
November 25, 2004
Protect the contents of your wallet or purse
The world is full of folks who would love to steal your wallet or purse and then use your credit cards, drivers license, and social security card to steal your identity and purchase good or services using your credit card. You need to take precautions.
Make copies of everything in your wallet or purse is the first step. Copy both sides of every item and then store one copy at home and another copy in your safe deposit box. Do this once per year. If you use a copy store to do this, double check that you didn't leave any copies behind and shred those. If you wallet or purse is stolen you have all the data to notify your credit card companies, your local social security office, and the state agency which issues your drivers license.
If you are traveling, leave one set of the copies in your Hotel safe, one copy at home, and another copy with a trusted friend. Men should carry their wallet in their front pocket and not your rear pocket. Ladies should wrap their purse around your neck so it sits in front of your body and not dangling out to the side. Traveling to certain countries may also require you to ware a money belt. Think of this device as a mini pocket which is strapped to your body and sits underneath your clothing. After a few hours of use, you won't even notice it.
Posted by Steve_S