Department of the Treasury’s online game teaches kids about credit

Posted by Caitlin on September 30th, 2008

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

The Ad Council recently launched a new website on behalf of the U.S. Department of the Treasury in order to educate young people about how to use credit responsibly. Players gather information about debt management, credit history and credit cards in order to progress through the game and unlock “Room 850″ in a virtual hotel. You can play The Bad Credit Hotel and get valuable tips on managing your credit at controlyourcredit.gov.

And see our FAQs, reviews and comparisons to learn about credit monitoring services or credit cards.

• Data Breach Alert: Poor website security puts untold number of Oklahomans at identity theft risk
• Data Breach Alert: Registration website exposes presidential primary voters to identity theft
• Data Breach Alert: Nevada government agency loses personal data of job seekers
• Top rated online backup service continues international expansion
• Data Breach Alert: Boston museum patron’s credit card numbers exposed on public website

We’re not the only ones who like Carbonite!

Posted by Caitlin on September 26th, 2008

It looks like we aren’t the only ones who prefer Carbonite for our online data backup. Lifehacker named Carbonite “Best Windows Backup Tool” and PC Pro named Carbonite as its Labs Winner for online backup, calling the service, “the most hassle-free and effective online backup system for the home user.”

If you are interested in learning more about Carbonite or other online backup services, see our reviews and comparison. And if you sign up with Carbonite through NextAdvisor.com, you’ll get a 15% discount, which reduces the price of one year of service from $49.95 to $42.45, two years of service from $89.95 to $76.45, or three years of service from $134.95 to $114.70. When you follow our link to the Carbonite offer page the standard prices will be listed, but once you click through to sign up for the service you will see the discounted prices.

• Carbonite agrees- online backup services are good for the environment
• Mozy and Carbonite receive high marks in security
• Top rated online backup service continues international expansion
• Wake up and backup!
• Mozy Mac support moves out of Beta

Firefox stores your passwords without encryption

Posted by Caitlin on September 22nd, 2008

If you are currently using Firefox, your passwords and usernames may be easily visible to anyone with access to your computer. In Firefox, select Tools > Options > Security > Saved Passwords > Show Passwords to see all your passwords alongside usernames and web addresses. Firefox stores your passwords under the default setting. To protect your passwords from prying eyes, click Remove All in the Show Passwords window, then go back to the Security tab and de-select “Remember passwords for sites.”

If you do want to store your passwords, you can create a master password from within the Security tab. You will need to enter your master password once per session, and it will protect your saved passwords. If you’re interested in other options for protecting stored passwords, Lifehacker readers recently voted on their favorite password managers.

If you are concerned about protecting your privacy on the Internet, take a look at our reviews and comparisons of identity theft protection services and Internet security software.

• Data Breach Alert: Hundreds of financial records exposed in Michigan
• Shop safely this holiday season
• How to recover from a lost or stolen iPhone
• Data Breach Alert: Utah hospital loses thousands of patient records
• Reports say passport snooping is part of training program

Trusted ID offers exclusive 15% discount promotion to NextAdvisor.com readers

Posted by Joe on September 19th, 2008

Trusted ID, one of our top rated identity theft protection services, is now offering an exclusive 15% discount to NextAdvisor.com visitors. This exclusive discount doesn’t require any Trusted ID promotional or discount code. Just click on any Trusted ID link on our website and you will receive this special discount (remember, you can only receive this exclusive 15% discount promotion through NextAdvisor.com).

While the service offers a great value for most consumers, we believe that Trusted ID is a particularly good choice for families that are looking for a comprehensive identity theft protection service. New subscribers receive a 30 day no risk trial and then pay just $8.50 per month for the individual plan or $16.99 per month for the family plan. Trusted ID subscribers can save even more by signing up for an annual individual or family plan which cost $84 per year and $161.49 per year respectively.

You can read our full review of the Trusted ID service to learn more about its proactive identity theft protection service. To see how Trusted ID stacks up against other identity theft protection services, visit our identity theft protection service reviews and comparison.

• Mozy online backup discount promo codes for March 2008
• Mozy discount promo code for April 2008
• Mozy offers 25% discount in response to Upline’s downtime
• Mozy promotional discount code for April 2008
• Get 10% off a year of Mozy online backup service with special discount codes

Tomorrow is “Secure Your ID” Day

Posted by Caitlin on September 19th, 2008

On Saturday, September 20, the Better Business Bureau will host identity theft prevention and education events at local BBB locations across the country. Bring your sensitive personal documents and they will be shredded for you on the spot. If you are interested in attending, click here for a list of participating BBBs.

And if you would like to learn more about preventing identity theft, see our reviews and comparison of identity theft protection services.

• None Found

Sarah Palin’s email was easy to hack. Is yours?

Posted by Caitlin on September 18th, 2008

Earlier this week, a hacker infiltrated Republican vice-presidential nominee Sarah Palin’s Yahoo email account and posted screenshots online. According to Wired, gaining access to Palin’s email was a relatively simple process. All the hacker needed was some basic, easily obtainable personal information to reset Palin’s password. Since Palin is a public figure, the hacker was able to find her personal information using Wikipedia. You might not have your own Wikipedia page, but if you have a Facebook or MySpace profile, your email might be just as easy to hack. Today, Lifehacker posted some tips on how to protect your email from hackers by creating more secure passwords and password questions.

If you are concerned about protecting your online privacy, see our reviews and comparison of Internet security software.

• None Found

Inside the Internet’s Financial Black Markets – How Identity Thieves Buy and Sell Your Personal Information Online

Posted by Caitlin on September 16th, 2008

Not so many years ago, “identity theft” occurred when someone stole your purse or wallet and made purchases with your credit cards or checkbook, or impersonated you by using your driver’s license or passport. A more sophisticated identity thief might obtain your Social Security number or other personal information, perhaps by peering over your shoulder as you filled out a form or riffling through your trash, and open new accounts in your name. During this more innocent time, you could avoid becoming a victim of identity theft by taking relatively simple precautions, such as canceling a credit card as soon as it was lost and tearing up potentially sensitive documents before discarding them.

Identity theft is quite a bit different now. It has evolved into a sophisticated and profitable underground economy, characterized by specialization of the production of goods and services, outsourcing of production, multivariate pricing and adaptable business models. On hidden online message boards, anonymous users advertise and trade stolen information and illegal services.

Many of these black market forums are run from computer servers in Russia, China, Romania or other regions in which Internet security practices or legislation are not yet well developed. These data trafficking websites last for around six months before being rerouted through a new server in order to evade law enforcement. The most popular sites are in Russian, although there are also Vietnamese, Spanish, Chinese, Arabic and English websites. The variety of languages and geographical limitations also make it virtually impossible for authorities to prevent this online trafficking.

Registered board members buy and sell stolen credit card information, including card numbers, CCV numbers, expiration dates and cardholder names. Stolen credit cards have a relatively brief shelf life before the theft is discovered and the account is closed, so this type of data is usually bought in bulk and must be replenished constantly. According to Symantec’s most recent Internet Security Threat Report, 50 credit card numbers sell for around $40.00 and 500 credit card numbers cost $200.00, making each card worth $0.40 to $0.80, when bought in bulk. An individual card number may cost as much as $20.00. The price of credit card numbers has been steadily decreasing over the past few years, which indicates that availability is increasing. Cards from the European Union cost more than those from the United States, presumably because there are approximately eight times as many credit cards circulating in the United States than the European Union. Rarer cards, such as those from smaller countries or smaller credit card companies, are typically twice as expensive as their more popular counterparts.

Banks accounts are the most commonly advertised item for sale, according to Symantec. In some cases, there are online forms that allow criminals to indicate the various types of data they have to sell or would like to purchase: address, date of birth, Social Security number, driver’s license number, mother’s maiden name, PIN numbers, passwords, etc. Account information that includes additional personal details and accounts with higher balances are advertised for considerably higher prices.

Thriftier shoppers can purchase raw data by the megabyte, then sort through the data themselves and sell it for more money. High-rollers can buy complete identities, which include all the information one would need to open new accounts in someone else’s name. In bulk, 50 identities cost roughly $100.00. Full identities are very popular on the black market, probably due to their versatility and ease of use.

Hackers, phishers, spammers and other cybercriminals also advertise their services on these message boards. Programmers sell malicious code that gathers confidential information in various ways. Phishers create fake websites that imitate real websites or emails that appear to come from a bank or other trustworthy entity in the hopes that victims will be fooled into revealing passwords and other sensitive information. Spammers help the phishers reach their intended victims by gathering email addresses and sending phishing emails. Some criminals sell encoding devices and others sell blank credit cards and algorithms that can be used to encode the magnetic strip with a stolen account number, producing a usable card. Cashiers take the encoded plastic to ATMs and make daily withdrawals until the account id depleted. Droppers receive merchandise purchased with stolen credit cards at secure drop points.

Sometimes, sellers must pay a fee in order to advertise on black market forums. Site administrators or reviewers verify the integrity of the goods or services offered before they can be posted for sale. Registered users build a reputation rating based on peer reviews, similar to eBay. This prevents users from attempting to cheat one another by refusing to pay for goods or services rendered, or failing to provide promised goods or services once payment is received. The untrustworthy criminals who engage in this sort of scam are called rippers, and black market forums work hard to expose them as such.

The actual trading occurs off the message board, either via private messages sent through the forum or over anonymous online chat programs like ICQ. Payments are made using online payment systems like PayPal or money wiring services. Transactions may also be made in WMZ’s, which are electronic monetary units equivalent to American dollars, issued by a company Moscow called WebMoney Transfer. Large transactions are sometimes split up, and sometimes cybercriminals are paid in merchandise or large numbers of compromised accounts.

E-gold, another electronic currency that claims to be backed by gold bullion, has been one of the most popular payment systems among cybercriminals. In July, E-gold Ltd. and its corporate affiliate, Gold & Silver Reserve Inc., pled guilty to conspiracy to engage in money laundering and conspiracy to operate an unlicensed money transmitting business. How this will impact financial transactions within this underground economy remains to be seen.

In addition to facilitating illegal transactions, these black market forums also provide a venue for aspiring identity thieves to learn tricks of the trade. Veteran criminals offer their shared wisdom, advising newcomers on how to make payments and the best time of the month to make purchases with a stolen account.

In 2004, the United States Secret Service arrested 28 key members and ringleaders of a group called Shadowcrew for their involvement in facilitating the cybercriminal black market. “Operation Firewall,” as it was called, revealed some of the first details of this underground economy. Since then, the cybercrime economy has expanded and matured, becoming more profitable and more difficult for the authorities to infiltrate. The Symantec Internet Security Threat Report states that “organizations and individuals currently operating within this underground economy appear willing and able to change their business models or adopt new ones in response to changes in the threat landscape.”

The extent of this black market economy for personal information is certainly shocking. Luckily, there are many steps that consumers can take to help limit the risk that they will be victimized by identity thieves.

Guarding your own personal information is the first and foremost way to avoid becoming an identity theft victim. There are many precautions you can take to protect yourself.

Although cybercriminals now rely on an arsenal of increasingly sophisticated technology to steal data, some identity thieves are still doing things the old fashioned way. Dumpster diving is still a very real threat, so you should continue shredding sensitive documents and consider opting out of preapproved credit card offers.

Many attempts to gain access to your personal data through the Internet can be thwarted by security software. Firewalls and updated virus and spyware protection will prevent malicious software from forcibly installing itself on your computer. All of the Internet security software providers included in our reviews and comparison chart also offer anti-phishing protection that will alert you when you are visiting a suspected phishing site. Regardless of what type of Internet security software you have, you should always be vigilant and skeptical when downloading files and clicking on unknown links. Phishing sites imitate well-known financial or social networking sites and attempt to lure potential victims into downloading malicious software or revealing their log-in information.

You should also avoid revealing sensitive personal information online, particularly on social networking sites like Facebook and MySpace. According to Symantec’s Internet Security Threat Report, an unnamed two social networking sites, believed by industry executives to be the two biggest, MySpace and Facebook, were together the target of 91% of U.S.-based phishing attacks. For more about how to safeguard your identity while using social networking sites, see our Facebook and MySpace Identity Theft Protection Guides. A lost or stolen laptop or iPhone can also put you at risk for identity theft. Symantec reports that theft or loss of computer or other data-storage medium is the cause of the most data breaches that could lead to identity theft, accounting for 57% of the total during the second half of 2007. For more information, see our guides on how to safeguard your personal information in the event of a missing laptop or iPhone.

Unfortunately, common sense safety measures like creating strong passwords and canceling a lost credit card can only protect you to a certain extent. Symantec’s report shows that educational institutions account for the most data breaches that could lead to identity theft and that government is the top sector for total identities exposed. If your credit card or bank account information or your Social Security number is included in a government database, a business’s database or the records of an educational institution, you are at risk of having your personal information compromised by a data breach. You cannot prevent this from occurring, but there are services that can help keep you as secure as possible.

TrustedID, Identity Guard, LifeLock and Identity Truth are all identity theft protection services that specifically address the risks of the Internet’s black market for stolen personal data. Each of these services utilizes advanced technologies to scour thousands of websites where criminals buy and sell stolen credit card numbers, Social Security numbers and other information. Additionally, each of these services offers proactive protection against various forms of financial identity theft and varying levels of recovery assistance in the case that a subscriber is victimized by identity thieves. While it would be great if these services could prevent all identity theft, the truth is that none of them is totally fool proof. That being said, we believe that these services represent some of the best identity theft protection available. You can learn more by visiting the NextAdvisor.com identity theft protection service reviews and comparison.

• New LifeLock features battle new and old identity theft techniques
• 25 million identities left unprotected in the UK
• Identity Theft Restitution Act adds harsher federal penalties for identity thieves and hackers
• Data Breach Alert: Millions at risk for identity theft due to supermarket chain data breach
• LifeLock CEO addresses lawsuits and critics head on

Data Breach Alert: Nearly 100,000 credit and debit card numbers stolen from Forever 21

Posted by Caitlin on September 15th, 2008

Forever 21 recently announced that 98,930 credit and debit card numbers have been stolen from their computers. This data breach was just one part of a larger theft of more than 40 million credit and debit card numbers, at least some of which were then sold online. Forever 21 customers could be at risk if they made purchases at the store on 3/25/04, 3/26/04, 6/23/04, 7/2/04, 7/3/04, 8/4/07, 8/5/07, 8/13/07 or 8/14/07, or if they shopped at the Fresno, CA location between 11/26/03 and 10/24/05. If you did make a purchase at Forever 21 on any of these dates, you should review your credit card statements for unexpected purchases, and you should also examine a copy of your credit report.

If you are concerned that you may be or may have been a victim of identity theft, you should consider an identity theft protection service. To learn more about identity theft protection services, view our reviews and comparison.

• None Found

Computer recycling company now shreds hard drives to prevent identity theft

Posted by Caitlin on September 12th, 2008

James and Phil Saraiva used to run a computer recycling operation in Somerville, Massachusetts. Over the past year and half, though, they’ve shifted their focus to the destruction of hard drives. Their company, now called Corporate Destruction Solutions Inc, along with others in the “metal-shredding business” have benefited from overwhelming concern about data theft. The Saraiva brothers began shredding hard drives instead of merely recycling computers when one customer was reluctant to part with his old hard drives, citing concerns about data theft. As more data thefts are reported, demand for these types of services has grown considerably. Now, James Saravia drives a small white truck that contains a metal shredding machine. Corporate Destruction Solutions charges $10 per hard drive and gives customers a certificate as proof that the hard drive has been destroyed.

Destroying old hard drives is certainly the logical next step after shredding sensitive documents. To learn more about how to avoid becoming a victim of identity theft, see our reviews and comparison of identity theft protection services.

• None Found

USB flash drives present new data theft risk

Posted by Caitlin on September 12th, 2008

A USB flash drive containing detailed information about British military troop movements was recently found in a nightclub in Cornwall. BBC News reports that more than 120 flash drives have been lost or stolen from the Ministry of Defense since 2004, many of which contained secret or restricted information. Symantec’s latest Internet Security Threat Report warns of the security threat posed by USB drives and other forms of portable data storage. USB drives are small, easy to lose or steal, are rarely encrypted or protected by any type of security software, and are often used to store sensitive data. Symantec also speculates that in the near future, flash drives and other small storage devices may be used by hackers and identity thieves as a distribution system for malicious code. Symantec cites on instance in which digital picture frames were used to distribute a Trojan program.

Like laptop computers and iPhones, small portable media storage devices can put you at risk for identity theft if lost or stolen. If you are concerned about identity theft, we recommend an identity theft protection service. To learn more about identity theft protection services, see our reviews and comparison.

• None Found