The Holidays are a time to be watchful

Identity theft is a huge threat to each of us.  Our privacy and financial security are at risk.  Identity thieves are opportunity seekers!  They spend their time looking for every opportunity and a way to take advantage of every one of them.  It is important to make sure you are proactively protecting every identity in your family.  This includes children as well as parents. 

The holidays are a time where the risk level rises.  Cyber criminals are constantly creating too good to be true offers, threatening impending doom and in any other way tricking people to give their personal information. 

The best advice is to be aware and on guard for anything that doesn’t look or feel right.  Never give out personal information to anyone you suspect under any circumstance.   Anytime you are in doubt, stop what you are doing and verify you are dealing with a trusted source even if that means nothing happens for a day or two.

Watch out for e-mails offering too good to be true prices for popular gifts.  Be aware of scams that claim you credit card number has been stolen and you need to verify personal information on the phone or in an e-mail.  Don’t allow a fraudster to ruin the holidays for you.

I have put together a pamphlet in PDF form called, “21 Ways to Protect Your Identity During the Holidays.”  You are welcome to request a copy by e-mailing me at moreinfo@completeinternetprotection.com.

We wish you and your family a happy and safe Thanksgiving.

Are You a Victim of a Virtual Heist?

A recent article by Brian Krebs of the Washington Post, “Virtual Heist Nets 500,000+ Credit Accounts”states that researchers at the RSA’s FraudAction Research lab have discovered one of the largest stolen data caches ever recovered.  A cyber crime group stole over a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in the world. 

The RSA detected more than 270,000 online banking account credentials, and about 240,000 credit and deb it account numbers and associated personal information on Web servers the cyber crime group was using were using for their attacks. 

The attacks have been going on for nearly three years.  That’s a very long time according to Seau Brady, manager of identity protection for RSA, the security division for EMC.  He said that only rarely do they come across crime ware that has been continually stealing and collecting personal information and payment card data, compromising bank accounts as far back as 2006.

The crooks are using Sinowal, also called “Torpig” and “Mebroot” by other anti-virus companies.  The Sinowal constantly morphs its appearance to slip past security software.  Researches have discovered that new variants are occuring at a rate jof 60 to 80 per month.

Sinowal is unique in another way, too.  It hides id the deepest recesses of the host computer, the “Master Boot Record.”  This location that loads even before the operating system boots up.  Experts say many anti-virus programs will not detect such a fundamental compromise.  Once discovered, removing the Trojan from the computer is almost impossible often requiring a reformatting of the system and wiping any data stored on it.

Here’s how the Sinowal Trojan works:  It lies in wait until the victim visits one of more than 2700 bank and e-commerce sites hard-coded into the malware, at which point it injects new Web pages or information fields into the victim’s web browser.

When an unsuspecting Windows user visits one of the sites, the code left on the site tries to install the Trojan using one of several know Web browser security holes.

According to the RSA more that 100,000 bank account credentials were stolen by the Trojan in the six months alone.