Latest "Identity Theft Prevention" Posts
The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.
Overview of GameOver Zeus
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011,  uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Systems Affected by GameOver Zeus Virus
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
- Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Impact of GameOver Zeus
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.
Is Apple Pay going to be secure?
Apple has us ooing and ahhing about the iPhone 6, it’s big brother the 6+ and finally the Apple Watch. But the biggest announcement of all didn’t even have to do with gadgets. The most significant announcement was about a new service that will be built into those devices…
It is Apple Pay, Apple’s own version of a “mobile wallet” that will allow Apple users to pay for items with just a tap or wave of their device. That is if those items happen to be in stores that have agreed to install the technology necessary to allow near-field communication (NFC – no not the football conference, the radio-wave technology) to work. Of course, Apple has done the background work to ensure a lot of big names (MC, Visa, AMEX and retailers such as Target, Macy’s and McDonald’s to name a few) are already on board, which is a significant mark in their favor. And with the upcoming mandatory implementation of EMV technology, Apple may have just timed this perfectly.
One of the quickest identity theft prevention tips is to protect your purse or wallet from being stolen. Here are three tips from ID theft expert John Sileo on protecting wallet identity.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
The so-called “Inheritance Scam” is resurfacing in Colorado, but it has a new look.
No longer do you simply receive an email claiming to be from the representative of a long-lost relative. The new format involves what security experts call the “Accomplice Ploy” in which the thieves attempt to engage you through a long series of queries (one method) reaching out to you as if they know who you might be.
We have developed five questions you should ask about any email or phone call you suspect might be a scam. They are called the 5 indicators of the inheritance scam:
Sileo’s Scam-Detection Questions
1. Were you expecting a windfall?
2. Is it too good to be true?
3. Are you being rushed/threatened?
4. Do they ask for secrecy?
5. Do they request more information?
Product Review on Password Manager Software
I’m often asked during my keynote addresses for specific, actionable items that will help keep personal and company data secure. I could reel off ideas for literally hours, but one of the easiest things anyone can do is utilize a password manager program. There are a lot to choose from but the one I personally recommend is the award-winning 1Password, which remembers and securely encrypts all of your passwords so you don’t have to. You merely come up with one secure master password and then train 1Password to log in to sites for you.
It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:
- Ignorance: “I didn’t know there was a helmet law in this state.”
Quite a while ago, not long after the Target data breach, I wrote a detailed blog about the importance of the United States catching up to more than 80 other countries who already employ EMV security measures for their credit and debit cards. (EMV refers to “Europay, Mastercard, and Visa” or “Chip and PIN” technology.) Why so important? This one statistic should answer that question: Almost half of the world’s credit card fraud now happens in the United States —even though only a quarter of all credit card transactions happen here.
As a consumer, you should be glad of the change because you will be much better protected than with traditional magnetic stripe technology we’ve clung to for so long. EMV authentication includes a cryptographic message that makes each transaction unique. Having a card that is difficult to hack or duplicate and requires something YOU know (a PIN) will provide extra layers of protection.
How to Protect Your Lost Wallet or Purse against Identity Theft
In a panic that your lost wallet or stolen purse might lead to identity theft? Take a deep breath and then take the First 5 Steps to Stop ID theft. First, you need to understand that a lost wallet or purse is one of the most concentrated sources of identifying documents. For now, assume that your lost or stolen wallet or purse will be used to exploit your identity. Sometimes, even when your missing item shows up unexpectedly, the damage has already been done by a clever thief who is simply returning your valuables so that you don’t suspect further theft and shut down your accounts. Don’t take any changes. Instead, take these first five steps (adapted from my Identity Theft Recovery Guide):
1. Inventory Your Lost Wallet or Stolen Purse from Memory
Want us to walk you through the entire recovery process with quick videos, easy forms and expert advice as you go? Click on the Recovery Guide and get started before your wealth evaporates.
Until Microsoft issues a security fix, I recommend discontinuing your use of Internet Explorer, regardless of version.
A Security Advisory released by Microsoft on April 26, states that the company is “aware of limited, targeted attacks that attempt to exploit a vulnerability” in Internet Explorer versions 6 through 11.
According to the release, the vulnerability would allow an attacker to host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.
Do you know that panicked feeling, sweaty-hot pins and needles…
when you realize that you’ve lost your wallet or mobile phone? Gone are your credit and debit cards, driver’s license and maybe even checks or a Social Security card. Your phone might house addresses and phone numbers for your loved ones, passwords and logins for your financial accounts, and even access to your email program (allowing someone else to email as you, let alone make calls as you). While the wallet might contain cash and the mobile phone is expensive, they are worth virtually nothing compared to the value of the sensitive (and sellable) data they contain.