Criminal Hackers Clean Out Bank Accounts Using Spear Phishing

/1 Comment/in , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let him keep the inheritance his wife had inherited from her deceased uncle Bamboo.

Phishing continues to become more sophisticated, more effective, and more prevalent. According to a recent study, a 52% increase in phishing scams occurred in July alone. Computerworld reports that basic phishing emails successfully led to corporate bank accounts being completely drained. Criminal hackers waited until Pennsylvania schools administrators were on vacation, then used simple  money transfers to liquidate over $440,000 between December 29 and January 2.

Much of the phishing that occurs today is “spear phishing,” in which the spammers concentrate on a localized target, generally an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including user names and passwords, credit card and bank account details, and Social Security numbers. The malicious software can attach itself to the victim’s web browser, where it waits for the victim to log into a bank site before launching. When the victim does log into his or her bank account, the software sets up new payees and transfers money to the criminal hacker.

In the school hack, the software added 42 people to its payroll during Christmas break and quickly began paying them. The issuing bank received 74 transfer requests during the four day period.

When consumers’ bank accounts are emptied, federal regulations limit their liability to $50, as long as the victim reports the theft within a set time frame. But things are a lot more complicated for corporations and other entities. Whether or not the victim is responsible for the missing cash varies from bank to bank.

Protect your yourself.

This is an easy fix, rule #1 – don’t click on links in an email if you aren’t 100 percent sure of its legitimacy. Whenever I receive an electronic statement from a bank or credit card company I always go to my “favorites” menu or type in the address manually to get to the entities website to check my statement. I’m only 99.9% sure its legit, so I just take the extra step to go to my favorites.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

3. Make sure your McAfee anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discusses phishing

Tweets Link to Identity Theft

/0 Comments/in , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

“Misty Buttons” just started following me on Twitter. She’s curvaceous, bodacious and isn’t getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I’m going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne’er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That’s more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn’t just obvious Twitter porn that you need to watch out for. It’s also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor’s Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

  1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  2. Install anti-virus protection and keep it updated.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.


ATM Fraud Increases Identity Theft Risk

/3 Comments/in , , , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

A recent survey points towards ATM fraud rising 5-9 percent. Seventy percent of those poled experienced a jump between 2007 and 2008. Many of the large data breaches that have occurred over the past few years may have contributed to the fraud.

It’s simple enough to hack into a database and compromise cards and pins. It’s even easier to affix hardware to the face of an ATM machine and do the same. Once the data is compromised the identity thieves clone cards and turn the data into cash as quickly.

Bankinfosecurity.com recently published “7 Growing Threats to Financial Institutions”. This post is a play on that; “7 Growing Threats to You”

#1 Skimming; Hardware readily available online that is attached to the face of an ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, peoples names, pets names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

How to protect yourself;

First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.

1. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place. If your card sticks, odd looking configurations on the ATM, wires, two sided tape.
2. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
3. Don’t reply to phishing or phexting emails. Just hit delete.
4. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere.
5. Make sure your McAfee anti-virus is up to date.
6. Invest in Intelius identity theft protection and prevention. Because when all else fails its good to have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing ATM skimming

Identity Theft Scammers Targeting Online Classifieds

/0 Comments/in , , , , , , , , , , , , , , , /by

Robert Siciliano identity theft expert

Throughout the past week or so, scammers from Nigeria, Belgium and the UK have been coming after me in full force, via Craigslist. Unfortunately, the popular online classifieds website has become a launchpad for criminal activity. Everything from online affinity or advance fee scams to baby killers and the Craigslist killer have hampered the website’s reputation.

I use Craigslist to find renters for an apartment that I own. Last year, scammers copied my advertisement verbatim, except for the contact information, which they replaced with their own, and the price, which they reduced by half. The scammer, who claimed to be the property owner, informed potential renters that he was in Austria, and instructed them to drive by the apartment, and to send him a deposit check if they liked the look of the place. Fortunately, I happened to be present when a couple came by, per the scammer’s instructions. We discovered the ruse and contacted Craigslist. The fake ads continued popping up, but after numerous emails to Craigslist, they were all removed.

Last week I posted a new ad, and within minutes, I received the following email:

Subject: RENTAL INQUIRY!!hope to hear from you soon

Hello Robert,

Let me know if the room/apt you advertise on craigslist.com is still available and let me know if you can accept certified cashier check as mode of payment..And the last price for the space.

I’m presently in Belgium.I will be coming immediately the place is vacant for me to move in.But the issue is that because of the distance i wont be able to come to see the place.Meanwhile let me tell you a ill about myself..I don’t smoke and I don’t have boyfriend.Am Sarah Smith and my nick name is SERA and am 26years old i lost my dad some years back when i was young so my mom had to remarry so she married to Mr Scott Michael who is my step dad now..He has been the one who has been taking care of me all this while i believe he is a God sent to me cux i have never regretted moment with him..Things i like are as follows reading,swimming and chatting with people around me and also make them happy..I have always been thinking of how i will affect peoples life positively by making donations to the less privileges cus when i looked at my pass when i lost my dad from the story my mom told me..I noticed it is not easy for people that as no parent.Well i hope when we meet in person you will know more about me..Meanwhile my step dad will need the followings to make payment to you ASAP..

1.Your name and surname.
2.Address in full with the zip code..
3.I will need your phone number

I wait to have this information from you so that my step dad can make payment for the rental fee and security deposit in advance … I Await to hear from you….

Hope to hear from you pretty soon.

Thanks, SARAH

It’s easy to dissect this scam. The person who sent this email has two goals. First, the scammer wants to build a relationship with his or her mark. He or she provides a (horribly written) story in an attempt to establish trust. The victim is then more likely to fall for the scam, following the scammer’s instructions and conducting the necessary financial transactions. Many victims are foolish enough to provide account numbers or other personal identitifying information. Second, the scammer is setting up an affinity, or advance fee scam. In such a con, the scammer mails you a check. You deposit this check in your bank account, and it temporarily clears. In that limited window of time, the scammer will request that you return some or all of the money. He may claim to have changed his mind about renting or buying from you, or that he accidently made the original check out for more than the agreed upon sum. So you wire the money back. Within a day or two, the bank calls to let you know that the original check was counterfeit. So you’ve lost the money you wired to the scammer.

How can you protect yourself from scams like this, or other scams that take advantage of online classified ads? Use common sense, be smart, and pay attention. If you do that, you won’t fall for these types of cons.

When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them! There’s no benefit to paranoia, but being a little guarded can prevent you from stumbling into a vulnerable situation.  Since predators use online classifieds to lure unsuspecting victims, you should find out as much as possible about strangers who contact you. Use Google or iSearch.com to investigate names and email addresses.

Whenever possible, deal locally. People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash, that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

Be smart. Don’t disclose your financial information, including account or Social Security numbers, for any reason. Scammers will say anything in order to get this information.

Prevent check fraud. When sending checks in the mail, you want to prevent “check washing,” which occurs when they recipient alters the name of the payee and increases the dollar amount, draining your checking account. Something as simple and inexpensive as a select uni-ball pen can help. These pens contain specially formulated gel ink (trademarked Uni-Super Ink™) that is absorbed into the paper’s fibers and can never be washed out.

Secure your PC. Make sure your PC is protected with McAfee anti-virus software and all your critical security patches in your operating system are up to date.

Protect your identity. You can’t prevent all forms of identity theft. However you can significantly reduce your risk by making a small investment in your personal security by investing in Intelius Identity Protect or considering the options described in this blog post.

Robert Siciliano identity theft speaker discussing advanced fee scams

Typosquatting on Twitter and other social networks

/0 Comments/in , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter. This can lead to financial or social media identity theftPhishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.tvviter

Scammers recently created a website imitating Twitter.com, and have been sending phishing emails to millions of users, many of whom click on the link contained within the emails, which sends them to the phishing site, where they enter their user names and passwords in order to log in.

The site is Tvviter.com, spelled with two V’s instead of a W. This is a form of “TypoPhishing”. I doubt anyone is going to inadvertently typo two V’s, but it’s certainly a creative ruse by the criminal hackers. This website is currently live. Assuming that your browser is up to date, it should alert you to the fact that Tvviter.com is a suspected phishing site.  Tweet.ro is another phishing website, which my up to date browser did not warn me about. Notice that neither web address is hyperlinked here. I would not suggest playing around on these sites. At any time, the creators can easily introduce malware to these sites, and then onto your outdated operating system or browser in the form of a “drive by” hack, which ultimately leads us back to identity theft and fraud.

tvviter1If you decide to play in the devil’s den, you are bound to get burnt.

Forward this blog post to your contacts. Let people know, so that they won’t be fooled. This scam may stick if the site isn’t taken down by the time this warning is read. Don’t get hooked. And protect yourself with Internet security software and identity theft protection.

Robert Siciliano, identity theft speaker, discusses phishing.

Government Agencies Engaging in Criminal Hacking Techniques

/4 Comments/in , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

This article may be a little political. However bad guys are trying to win a cyberwar against us and it’s important to understand what’s being done to protect us.

The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. We’d be living in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush. These are not the same bumbling government employees you see on C-SPAN.

The Obama administration is in the process of completing aninternal cyber-security review,  announcing plans for cyber-security initiatives and determining who’s going to lead the charge.

The New York Times reports that the NSA wants the job and of course, this is raising hackles amongst privacy advocates and civil libertarians who fear that the spy agency already has too much power. I’m all for checks and balances. However, in order to detect threats against our nation and other global computer infrastructures from criminal hackers and terrorists, those in charge of cyber-security must have full and unlimited access to networks. There is certainly a legitimate concern here that any government agency with too much power can overstep citizens’ rights. However, coming from a security perspective, there are some very bad guys out there who would like nothing more for you to be dead.

Here’s a glowing example of how this power is used for good. Wired.com’s Kevin Poulsen (who should be required reading) reports on an FBI-developed super spyware program called “computer and Internet protocol address verifier,” or CIPAV, which has been used to investigate extortion plots, terrorist threats and hacker attacks in cases stretching back to before the dotcom bust. This is James Bond, Hollywood blockbuster technology that makes for a gripping storyline. The CIPAV’s capabilities indicate that it gathers and reports a computer’s IP address, MAC address, open ports, a list of running program, the operating system type, version and serial number, preferred Internet browser and version, the computer’s registered owner and registered company name, the current logged-in user name and the last-visited URL. That’s the equivalent of a crime scene investigator having fresh samples of blood for the victim and perpetrator, and 360 degree crystal clear video of the crime committed.

The FBI sneaks the CIPAV onto a target’s machine like any criminal hacker would, using known web browser vulnerabilities. They use the same type of hacker psychology phishers use, tricking their target into clicking a link, downloading and installing the spyware. They function like any illegal hacker would, except legally. In one case, they hacked a mark’s MySpace page and posted a link in the subject’s private chat room, getting him to click it. In another case, the FBI was trying to track a sexual predator that had been threatening the life of a teenage girl who he’d met for sex. The man’s IP addresses were anonymous from all over the world, which made it impossible to track him down. Getting the target to install the CIPAV made it possible to find this animal. Numerous other cases are cited in the Wired.com article, including an undercover agent working a case described as a “weapon of mass destruction” (bomb & anthrax) threat, who communicated with a suspect via Hotmail, and sought approval from Washington to use a CIPAV to locate the subject’s computer.

So while Big Brother may yield some scary power, criminals and terrorists are a tad scarier. I’ve always viewed the term “Big Brother” as someone who watches over and protects you. Just my take.

As always, invest in identity theft protection and Internet security solutions to keep the bad guys and the spyware out.

Robert Siciliano, identity theft speaker, discusses spyware.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert; Organized Webmobs Focused on Cyber Crime

/1 Comment/in , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

New reports confirm what we have been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up financial institutions’ networks.

We’ve known for some time that the long-haired, lowly, pot-smoking, havoc-reeking hacker, sitting alone in his mom’s basement, hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial gain.

His contacts are global, many from Russia and Eastern Europe, and they include brilliant teens, 20-somethings, all the way up to clinical psychologists who are organized, international cyber criminals.

We are in the middle of a cold cyber crime war.

Their sole motivation is money and information and they either find their way inside networks due to flaws in the applications, or they work on their victims psychologically and trick them into entering usernames and passwords, or clicking links.

According to a new Verizon report, a staggering 285 million records were compromised in 2008, which exceeds total losses for 2004-2007 combined. As many as 93% of the breaches were targeted hacks occurring at financial institutions.

Hackers made $10 million by hacking RBS Worldpay’s system, then loading up blank dummy cards and gift cards, and sending mules to use them at ATMs. The entire scheme took less than one day to pull off.

Many of these hacks occur due to flaws in the design of web applications. The criminals send out “sniffers,” which seek out those flaws. Once they are found, the attack begins. Malware is generally implanted on the network to extract usernames and passwords. Once the criminals have full access, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

Meanwhile, criminal hackers have created approximately 1.6 million security threats, according to Symantec’s Internet Security Threat Report. 90% of these attacks were designed to steal personal information including names, addresses and credit card details. Almost every single American has had their data compromised in some way.

Unsuspecting computer users who do not update their PC’s basic security, including Windows updates, critical security patches or anti-virus definitions often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks.

The same study shows computer users were hit by 349 billion spam and phishing messages. Many were tricked into giving up personal information. It is common sense not to plug data into an email that appears to be from your bank, asking to update your account. Attacks directed towards mobile phones are also rising. “Phexting” is when a text message phishes for personal data. Just hit delete.

Much of the data stolen is out of your hands. So invest in identity theft protection, and keep your McAfee Internet security software updated.

Robert Siciliano, identity theft speaker, discusses criminal hackers who got caught.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert; Scareware Scares You Into Paying

/3 Comments/in , , , , , , /by

Robert Siciliano Identity Theft Expert

If one could have a favorite scam, for me it would be “scareware.” My reasoning for this is thats it’s one of the few scams that actually gets through to me. My defenses are pretty good, but I still see scareware. They’ve even taken my blog posts and used my name to launch scareware in Google News Alerts. I got some criminal hacker’s attention and he created scareware in honor of lil’ ole me!

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links. After landing on a page, pop-ups bombard you and warn that your PC is infected with an Ebola- like virus and your PC will die a horrible death with fluids running from all ports if you don’t fix it immediately for $49.95.

Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of. BRILLIANT!

Criminals are even using Google Ads, and have posted ads on well known sites such as E-Harmony and Major League Baseball.

I’m online all day, every day and do a ton of research, which means I click lots of links, and see scareware often. If I wasn’t aware of IT security and what this ruse was about, I’d have been bilked of $49.95 long ago. Many people take the bait, more than you can imagine.

Studies show that organized criminals are earning $10,000.00 a day from scareware! That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

A report by the Anti-Phishing Working Group, released in March 2009, found 9,287 bogus anti-malware programs in circulation in December 2008 – a rise of 225% since January 2008. That’s simply because the scam works so well.

Teams of criminal hackers each have their own tasks and responsibilities. Team 1 creates pages loaded with scareware and works those pages into the search engines, while others infect legitimate websites. Team 2 creates the junky or spyware-ridden software you are scared into buying. Team 3 creates the infrastructure to process your credit card.

Protect yourself. Invest in anti-virus software, such asMcAfee. Make sure your browser has a pop-up blocker turned on, to avoid having to be “scared.” If you get a pop-up, you can close it by clicking the red X in the upper right corner, just don’t click on anything in the body of the pop-up. I suggest shutting down your entire browser, however, to be safe.

Make sure your PC is updated with critical security patches and most of all, be smart.

See Robert Siciliano, identity theft speaker, discuss Ransomeware, a form of scareware here.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Phishing Attacks Rise Dramatically in 2008

/0 Comments/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert – Speaker

Stupid people get hooked by phishers. You have to be a complete idiot to get sucked into a scam email that has typos making requests that are geared toward naïve simple minded pea brain fools. Right? Yes? No? So why have phishing attacks risen dramatically in 2008? That’s 66% higher than in 2007.

Have we gotten dumber or are the attackers getting smarter?

RSA concluded that phishing attacks rose to an unprecedented 15,002 in April of 2008. Millions of people in mainly english speaking nations receiving ruse after ruse. 68% of US bank brands attacked. Less than 7% UK brands experiencing less than attacks.

However the UK takes the title for the most exploits as the most phished country in the world equating to 40% of the 135,426 cases detected by RSA.

This seems to be due to the UKs system allowing fraudulent transfers fast enough “real-time” to avoid detection. Criminals like real time fast cash.

Much of the success of phishers is that they are in fact getting smarter using “flax flux” attacks. *Fast flux is a technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. *Thank you Wikipedia.

Tonight I spent 2 hours on the phone in a webinar with a startup reviewing a fully functional toolbar that makes 54 checks to determine the validity of a website checking for phishing, pharming etc. All any bank needs to do is adopt the technology and require their clients to adopt it in the sign-in process. In most cases problems solved.

And do you know what we labored over in this call? How to get all the banks clients to install a simple toolbar that would protect them and the bank.

Why is this so difficult?

Robert Siciliano Identity Theft Expert discussing Scambaiter in video Here

CEO “Identity Theft Expert”?? ID compromised 90 times

/in , , , , , , , , , , , , , , , , /by

The press has recently taken issue with CEO of an identity theft prevention company who has given his SSN out for all the world to see. His identity theft protection service is designed to protect the consumer from identity theft.

Because he used the marketing gimmick to drive sales, it has resulted in a never ending battle where identity thieves and others are using his ID to prove a point, that giving out your SSN is never a good idea.

His identity was compromised financially early on and since has been compromised REPORTED 87-90 TIMES.

It is impossible not to give your SSN in a society that needs it for most accounts, insurances etc. Plastering it on a billboard is a great idea when you dont care if your identity is stolen in order to sell a product.

However for the rest of us I’d not recommend it.

The idea is to make the SSN useless by investing in a service that keeps you in-tune, on top of, what is happening regarding your identity by wrapping a security system around your identity.

Stay tuned. Updates on this issue to come.