Tag Archives: identity theft

Security News for the Week Ending February 12, 2021

Law Firm Goodwin Procter Hacked

Goodwin Procter managing parnter Mark Bettencourt confirmed that some of their clients’ data was compromised. But not to worry; it only affected a small percentage of their clients. One more time, we have a “supply chain attack”. While the vendor was unnamed, I suspect it was Accellion. They suffered a breach that is all over the news due to the high profile targets that suffered a loss. So now a very high profile law firm has to explain to its clients why its security was not good enough to protect their most sensitive data. If you are a client of a law firm, how confident are you that they can protect your data? Credit: ABA Journal

What Does This Mean for Cities?

Salesforce is joining other big tech companies in changing the work-life equation. This week they announced that most staff, after Covid, will only be in the office 1-3 days a week, many workers will never return to the office and a few workers will be in the office 4-5 days a week. This means that work from home security is now permanent, but it also questions the implications for downtown big cities. Salesforce has 9,000 workers in San Francisco. If half of them never come to the office and another 30% come to the office 1-2 days a week, what does this mean for downtown retail and office space? Credit: MSN

State Department Declassifies Report on Cuba’s Sonic Weapon

You may remember reports of Cuba having a secret sonic weapon back in 2017-2018. A newly declassified report by the State Department’s own Accountability Review Board lambasted the department’s response to the attack as lacking leadership, having ineffective communication and being systemically disorganized. There are 104 pages of detail, but none of them paint the previous administration favorably. As a result of the botched investigation we will probably never understand what the weapon was that Cuba attacked us with. Credit: Vice

Ex-Students Plead Guilty to Stealing and Trading Nude Pics and Vids

Two former SUNY Plattsburgh (NY) students pleaded guilty to hacking coeds’ MyPlattsurgh portal accounts and stealing nude pictures and videos. The portal contains full access to the students’ email, cloud storage, college billing, financial aid, coursework, grades and other personal information. They either guessed passwords or guessed security question answers. When the found nude photos and videos, they traded them with others, in some cases identifying the students by name. They even posted some photos online. Credit: The Register

IRS Warns Tax Pros of Identity Thieves Targeting Them

The IRS is warning tax professionals hackers are trying to steal their electronic tax filing credentials so that they can file fake returns and those returns will be tied to those same tax pros. If you are a tax pro and need help, please contact us. Credit: Bleeping Computer

Security News for the Week Ending February 5, 2021

Are You the Victim of Covid Fraud?

As if Covid wasn’t bad enough, there are widespread stories of people getting tax forms for their Covid unemployment benefits -benefits they never applied for and never received, but which are considered taxable income. In California alone, crooks stole at least $11 billion in unemployment benefits by stealing people’s identities and getting the benefits deposited in accounts they control. But the victims will get the tax forms and have to deal with convincing their state and the IRS that they did not get those thousands in income. Credit: Brian Krebs

Paper – Now That’s Secure

Now that the Department of Justice has admitted that (likely) Russia hacked their confidential court filings, exposing search warrants, terrorism investigations and other stuff that should have remained sealed, they have a simple solution. Last week the federal court system issued an order that says that highly sensitive documents (likely those that the court would seal) must be filed on paper and any order or rule of any federal court or judge to the contrary is null and void. Problem solved. Credit: The Register

Billions of Emails/Passwords for Free

Someone has posted a file with 3.2 unique emails and passwords in clear text on a popular hacking forum. This data is a combination of many breaches but is a great input for password stuffing attacks since people love to reuse passwords. For users, this is one more reason to use two factor authentication. Credit: Cybernews

Voting Machine Vendor Smartmatic Sues Fox for $2.7 Bil

Voting machine vendor Smartmatic is suing the Fox network, its hosts individually and Trump lawyers Sidney Powell and Rudy Giuliani for $2.4 billion after these folks made unsubstantiated claims that Smartmatic’s software changed millions of votes from Trump to Biden. Smartmatic says that this is not about the money; they want vindication, so this could get more than a bit nasty. Credit: The Register

T-Mobile is Being Very Aggressive in Deploying 5G

T-Mobile plans to spend $40 billion in the next 3-4 years upgrading its network to 5G and faster 4G. Some of that will be recovered by decommissioning Sprint’s old network. But speed is the issue. Their “low band” 5G is slightly faster than 4G. Their “mid band” might give a couple hundred megabits per second which is quite respectable for cell phones and its “high band” will give you gigabit. But their president of technology says this will take decades to blanket the entire country. For the moment, they appear to be ahead of AT&T and Verizon. Credit: SDX Central

Covid-19 Double Whammy: Losing Your Job and Hit by Identity Theft

Here in Colorado we are hearing stories that are likely being played out elsewhere.

A server went to file for unemployment benefits after being laid off and discovered that someone else was claiming benefits in their name.

This is a rotate on the old tax refund scam where someone claims a tax refund that is due to you.

In this case the crook obtains some personal information like name, birth date and social and filed for benefits IN A DIFFERENT STATE.

Historically, this has not been a problem for state unemployment departments but right now, with unemployment claims up by a factor of 10x and nationally by new claims are up by 20x, departments are probably doing a lot less due diligence than they need to be doing.

What is apparent is, like we saw a few years ago with tax refunds, the government was not and is not prepared to deal with fraud in unemployment claims. Hackers are always the leading edge.

Given that some of the systems that the states are using are 20, 30 and even 40 years old, it is highly unlikely that the states will create a systemic fix any time soon.

This person is apparently out of luck because they don’t know what state the claim was made in. I am guessing the states will need to be on the wrong end of a lawsuit in order for them to change this nationwide.

Even just trying to reach the state unemployment departments on the phone is more than a challenge.

For people who lost their job to be a victim of identity theft and have their safety net ripped out from under them – that is a huge problem with no quick fix.

Source: CNet

Guess How Long It Takes For Thieves to Use Stolen Data?

The FTC recently did an experiment to see how quickly thieves used stolen data after it was posted on the dark web.

They created 100 fictitious consumers and gave them credit cards or bitcoin wallets.  Each fictitious consumer had a name, email and passwords as well.

They posted the data twice – first on April 27th and then again on May 4th.

There are two kinds of thieves, the FTC says.  Ones who run test transactions to see if the card still works and others who just make big purchases right off the bat.

After the data was published on May 4th, it took thieves NINE MINUTES to start using the data.  On April 27th, it took a little longer – NINETY MINUTES.

In either case, it says that it doesn’t take very long.

In total there were over 1,200 attempts to use the bogus accounts.  In addition, there were close to 500 attempts to access the bogus emails.  The attempted transactions were for more than $12,000.

One note that the FTC did make – none of the accounts that had two factor authentication enabled were accessed.   Almost everyone offers two factor authentication these days.  We recommend that you use two factor authentication whenever it is available.

Information for this post came from CNN.

Merry Christmas – Is Your Child A Victim of Identity Fraud?

Now that Christmas has come and gone and your kids are actively playing with their new goodies, have you considered protecting their identities from fraud?

Two recent breaches bring the subject to the forefront.  VTech Holdings, the Hong Kong based toy maker offers an app store called Learning Lodge and messaging system called Kid Connect.  In November, after a journalist told them they had been hacked, they said that information on almost 5 million adults and 200,000 kids had been taken.  A few days later they revised that to 6.4 million kids.

This month, the toy maker Sanrio, who makes the Hello Kitty line of toys, among others, was hacked and exposed information on over 3 million customers.

In both cases the data was not encrypted, although since we don’t have details of the attacks, we do not know if encryption would have helped.  In the Sanrio case, the user’s passwords were not encrypted – that we know is a problem.

So why are kids especially vulnerable?  Because attackers know that parents do not look for identity fraud for their kids.  If someone assumes your kid’s identity, it is likely that you will not discover it.  In theory, an attacker cannot open a credit card in your kid’s name, if your kid is under 18.  In theory.  There are plenty of other kinds of fraud to consider.

In fact, according to the Tech Times article:

If an adult looking into getting a “free ride” for a few days, months or, worse, years, is able to obtain that clean slate and claim it as theirs, they can start using your child’s information to mask their own identities. They wouldn’t have much of a problem with getting caught too soon unless the parent decides to check up on their child’s record and discovers the anomalous activity.
The affected child could wake up many years later as an adult prepared to lead a responsible life only to find out they already have a bad credit score and incurred a huge debt.

For parents, this means monitoring what your kids are doing online, checking their credit reports and generally being observant. 

Just in case you think I am a member of the tin foil hat crowd, I am.  By the way, MIT did some research and discovered that for certain raido wave frequencies, tin foil hats actually increase the amount of radio waves absorbed, but I digress.  A quick Google search shows that even the Federal Trade Commission has a page on child identity theft (see here).

So while your kids play with their new toys, now is the time to start training them about identity theft.

Sorry!

 

Information for this post came from Techtimes and CNBC.