Master hacker pleads guilty
June 30th, 2009 - Posted by Kent
Infamous hacker Max Ray Vision, a.k.a. "Iceman", a.k.a Max Butler pleaded guilty yesterday to wire fraud charges. Wired Magazine reports that he "stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges." Butler started out as a good guy, doing contract security work, but quickly picked up a nefarious sideline. Butler did more than just steal credit card numbers directly from credit card users. He actually stole credit card numbers from other hackers and identity thieves, proving once-and-for-all that there's no honor among thieves—or hackers.
How did he steal from them? He hacked the online forums that identity thieves use to buy and sell personal information.
You can help safeguard your own personal info by signing up for identity theft protection. Check out the best options with our identity theft protection service reviews.
The dog ate my checkbook
June 30th, 2009 - Posted by Kent
We should never laugh at identity theft, but a recent case from Arlington, Washington does put a humorous spin on an old excuse. A woman allegedly started using her ex-husband's checks to pay for some of her expenses. When police went to question the woman, she initially told them that, "her dog got into her purse and ate all her personal checks." Without a checkbook, she needed some way to pay the bills, and it seems her ex-husband's checkbook was the next best thing to her own.
To protect your identity against much smarter criminals, check out our Identity theft protection reviews and comparison chart.
Data Breach Alert: Stolen laptop puts Cornell students at risk
June 29th, 2009 - Posted by Caitlin
Earlier this month, a laptop was stolen from Cornell University. The stolen laptop contained names and Social Security numbers for 22,546 current and former students and 22,731 faculty and staff members. In violation of Cornell's policy, the laptop was left in a physically insecure environment, and the names and Social Security numbers were not encrypted. New York State Police have launched an investigation to find the thief and recover the laptop. Cornell is offering free credit monitoring and identity theft restoration services to those whose identities have been compromised.
Lost or stolen laptops are a major cause of data breaches. Even if the missing computer does not contain a database of sensitive personal data, in the wrong hands, it can be scoured for useful information that puts the owner at risk. For tips on how to mitigate this risk, see our "How to deal with a lost or stolen laptop" guide. And see our reviews and comparison chart for more information about credit monitoring or identity theft protection services.
Protecting credit cards from fraudulent charges
June 29th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when the identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps you simply hand it over when paying at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft. I've always viewed it as simple credit card fraud, rather than "identity theft" in its truest sense.
New account fraud, as it relates to credit cards, occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account and have the card sent to a different address. This is true identity theft. Once the identity thief receives the new card, he or she maxes it out and doesn't pay the bill. Over time, the creditors track down the victim, blame him or her for the unpaid bills, and demand the owed funds. New account fraud destroys the victim's credit and is a mess to clean up.
Victims of account takeover are likely to discover the fraud in numerous ways. They may notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim's established spending habits. Credit card companies have anomaly detection software that monitors credit card transactions for red flags. For example, if you hand your credit card to a gas station attendant in Boston at noon, and then a card present purchase is made from a tiny village in Romania one hour later, a red flag is raised. Common sense says you can't possibly get from Boston to Romania in one hour. The software knows this.
Victims of account takeover only wind up paying the fraudulent charges if they don't detect and report the crime within 60 days. A 6o day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a "zero liability policy," which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00. After 60 days, though, you are out of luck. So pay attention to your statements. As long as you do, account takeover should not hurt you financially.
But new account fraud is another story entirely – one that can and will hurt you if you don't protect yourself. You may not be held financially responsible for the charges themselves, but you will pay in time, and time is money. In some cases you may pay lawyers or private investigators, or you may need to take time off from work, depending on how dire your credit situation becomes. Identity theft victims have been denied credit due to the unpaid debts in their names, and have missed opportunities to purchase homes as a result.
Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I'm traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won't shut down my card while I'm on the road.
Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each. You should definitely choose one of these options.
And of course, invest in identity theft protection.
Robert Siciliano, identity theft speaker, discusses identity thieves.
[youtube]http://www.youtube.com/watch?v=y88SEANRTr8[/youtube]
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
Scammers use online dating services to target potential victims
June 29th, 2009 - Posted by Caitlin
Last week, guest expert Robert Siciliano discussed scammers who use Craigslist classified ads to target potential victims. Apparently, the same types of scammers also use online dating services to seek out gullible marks. A few days ago, Consumerist received a story from a reader who was contacted by a scammer on Match.com. The message is written in the grammatically incoherent style that tends to characterize foreign scammers. The scammer does not propose any financial transactions in this first message, he simply attempts to initiate contact and establish a relationship. However, he also assumes the name Sgt. Mark Edwards, which is commonly used in Nigerian 411 scams.
If you use Match.com or another online dating service, Robert Siciliano's advice about Craigslist scammers also applies. And if you get any messages from Sgt. Mark Edwards, consider yourself warned.
Of course, identity theft protection and Internet security software are excellent lines of defense against the cybercriminals who prey on users of Match.com, Craigslist, or any other online community.
$350,000 for acai berry drink customers
June 26th, 2009 - Posted by Caitlin
A couple of weeks ago, Joe blogged about the acai berry and the outlandish claims made about its supposed health benefits. Yesterday, Arizona's Attorney General announced a settlement with Central Coast Nutraceuticals, an Arizona based company that markets an acai drink. The company has agreed to pay a record $1,375,000 to settle a lawsuit over their deceptive practices. $350,000 will be distributed among consumers who were scammed or misled by Central Coast Nutraceuticals. The Better Business Bureau received over 2200 complaints about the company in one year. Many of these complaints came from customers who attempted to take advantage of a "risk-free trial offer" and were charged for other products and services that they did not request. Their calls and emails were ignored when they attempted to contact Central Coast Nutraceuticals regarding these charges.
If you'd like to learn about reputable diet programs and meal plans that can actually help improve your health and facilitate weight loss, check out our diet service reviews and comparisons.
Posting vacation plans on Twitter is probably a bad idea
June 26th, 2009 - Posted by Caitlin
Israel Hyman is an avid Twitter user. He uses the microblogging service to promote his website, IzzyVideo.com, and to connect with his customers on a more personal level. So he thought nothing of sharing a few details about his recent trip to Kansas City. When he and his wife returned to their home in Arizona, they discovered it had been burgled while they were away. There's no evidence that Hyman's tweets led directly to the burglary. But I'm guessing that he regrets those tweets either way, and probably won't be posting the details of his next vacation.
Tech Digest points out that Hyman also displayed a link to his Flickr page, which contained photos of his computers, bicycle and flat screen television, all of which were geo-tagged with his home address. In the context of this story, Hyman's oversharing looks pretty foolish. But it's hardly uncommon to reveal such detail about ourselves on various social networking sites.
Tech Digest also offers five tips on how to enjoy Twitter and other social networking sites without making yourself quite so vulnerable:
- Protect your updates. Twitter provides an option that allows only approved followers to view your tweets. You can access this option on the "Account" page, under "Settings." Simply check the box at the bottom of this page. If you choose not to protect your updates, anyone can find your tweets using the search feature, even if they are not following you.
- Watch your words. Once you've revealed sensitive personal information on Twitter or Facebook, there's no taking it back. Even if you delete the post, that information will still be accessible to those who are willing to put in a certain amount of effort.
- Don't geo-tag everything. Most new cell phones and some cameras offer an option to automatically geo-tag your photos. Check and see whether your pictures include location data. If so, remove that information before uploading your images to Facebook, Twitpic or Flickr.
- Keep your personal away from your business. Tech Digest suggests that Hyman's biggest mistake was mixing his personal life and his business life in one account. On the one hand, he's sharing personal information, but on the other, he's promoting himself to strangers and acquiring as many followers as he can.
- Don't click on every single link that comes through. Clicking on every hyperlinked URL on Twitter is a great way to accidentally wind up with malware on your computer.
That last tip deserves particular emphasis. Twitter's 140 character limit requires most links to be shortened using TinyURL or another hyperlink shortener. This prevents users from verifying that a link is legitimate before clicking. It would be quite simple to lure readers with the promise of an interesting article or some salacious gossip, alongside a link to malware.
And the personal information carelessly strewn across Twitter and other social networking sites isn't only an invitation to burglars. It's also an invitation to cybercriminals. It's easier and less risky for a thief to steal your identity than your television. And a few tidbits of sensitive data may be all an identity thief needs to crack your email password, or find some other opportunity to take advantage of you. Once he's opened a fraudulent account in your name, he can buy his own television and send you the bill.
It is certainly possible to use Twitter and other social networking websites without putting yourself at risk. Just consider the potential consequences before exposing your own personal information, or clicking mystery links. And consider investing in extra protection against these potential consequences.
Last call for $2,000 sweepstakes entries
June 26th, 2009 - Posted by Joe
Our $2,000 cash sweepstakes, where two NextAdvisor.com readers will each win $1,000 cash, will be coming to a close next Wednesday July 2, 2009. Please take a moment to enter for your chance to win by completing our credit report and score IQ quiz.
There has never been a better time to get educated on your credit health given the current state of the credit markets in the United States and around the world. We encourage all of our readers to take our credit report and score IQ quiz and consider signing up for a free trial of a credit report monitoring service. You can read our reviews and comparison of credit report monitoring services to learn more.
Credit Card Accountability, Responsibility and Disclosure Act dissected
June 25th, 2009 - Posted by Kent
When President Obama signed the Credit Card Accountability, Responsibility and Disclosure Act into law, a number of credit card companies went on the defensive, predicting annual fees, diminished grace-periods, and other customer-focused expenses. Enter two doctoral candidates at Harvard, Ryan Bubb and Alex Kaufman, who tell us in their recent New York Times op-ed piece that it just isn't so. Or at least if credit unions are an example, then the future for credit card companies, and their customers, won't be bad at all. The two economists compared the proposals in the CCARDA to the way that credit unions deal with credit cards, and found that credit unions make a pretty good template for how credit card companies will need to act in the future. Their conclusion? If employee credit unions can make it work (and they do), then for-profit credit card companies can too.
You can compare current credit card offers with our Credit Card Comparison reviews.
Microsoft Outlook phishing email
June 25th, 2009 - Posted by Kent
Trend Micro, a provider of online security, has alerted the web to a false email purporting to come from Microsoft, alerting users to a "Critical Update" to Outlook (Microsoft's email client). Their Malware Blog reports that:
All the links in the email (the links to Contact Us, Privacy Statement, Trademarks, and Terms of Use) are legitimate–except one. The URL where the "critical update" may be downloaded looks legitimate, but hovering over the hyperlink (or checking the source code of the mail) reveals a totally different destination.
The actual source of the link reveals a bogus Microsoft domain (update.microsoft.com does appear in the url, but as a subdomain of an unknown website, which is a common phishing trick). So, if this email finds its way to your mailbox, send it to the trash. Legitimate patches and updates come from the Windows Update control panel (assuming you have it set up) or from Microsoft.com's update site.
To find out about Trend Micro's security software and how it compares to other offerings, check out our Internet security software reviews.
Categories
Blog Archives
Popular Services Reviewed:
Credit Monitoring Services |
Find Us On:
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.