Tuesday, August 2, 2011

Study warns of facebook ID privacy risks

A new study raises privacy concerns about the ability to correctly identify people and parts of their Social Security numbers by matching pictures taken in public with images and information they post on social networks such as Facebook , Twitter or Google +.
The study by researchers at Carnegie Mellon in Pittsburgh found that they were able to correctly ID student volunteers about a third of the time using pictures shot with a webcam and information they posted to Facebook.
The first five digits of their Social Security numbers were correctly determined about 27 percent of the time.
The study was funded principally by a grant from the National Science Foundation, with support of Carnegie Mellon and the U.S. Army.
Prof. Alessandro Acquisti, the study's author, told the Wall Street Journal that Facebook is becoming a de facto ID service because of the amount of information and pictures it has from its 750 million users worldwide.
"We call it the democratization of surveillance," he said.

Monday, July 25, 2011

Is Your Agency Vulnerable to Identity Theft?

Identity Theft is the fastest-growing crime in America and it is destined to get worse before it gets better. How do we know? Just look at the facts here in Alabama.

The Federal Trade Commission complies statistics every year regarding identity theft complaints per 100,000 residents.  In 2007, Alabama ranked#37 nationally. We rose to #35 in 2008 and in 2009, we were #27. According to the March 11, 2011 issue ofThe Birmingham Business Journal, Alabama had risen to #15 nationally in identity theft complaints. To move from #37 to #15 may be great for college football teams, but with identity theft complaints it means we are going the wrong way!  

How does this impact Big "I" insurance agency members? It has a monumental effect on the way we do business in the present day as well as moving forward.

In 2003, Congress passed the Fair & Accurate Credit Transactions Act (FACTA). There are two key components to this legislation. First, it required that every American have the opportunity to receive a free copy of his/her credit report once a year from each of the three credit reporting agencies. Second, any businesses that accepted debit or credit cards were required to "truncate the numbers," that is "xxxx" out all but the last four digits on the cards/ receipts along with the expiration date.

The section of the legislation affecting agencies is this... effective July 1, 2005, every business owner-whether public or private, for profit or non-profit, or employing any number of employees - must be taking "reasonable measures" to insure that non-public information is not compromised. If a customer, client, vendor, contractor, employee or prospective employee can trace the theft of their identity to your agency, you could incur serious liability.

Furthermore, in the last few years, the FTC added the "Red Flags Rule."  This stipulates that any business running credit on another individual or business is required to supply training for all employees regarding the handling of sensitive and non-public information. The deadline for implementation of this training was December 31, 2010.

This by no means states that all agencies need to undergo Identity Theft Risk Management Training with specific emphasis on the Red Flags Rule. First, if your agency runs credit on individuals and/or businesses as part of your daily functions, you might want to check into whether or not this training applies to you and your employees. Second, even if it not required by law, doesn't it just make good business sense to train all your employees on the handling of personal identifying information that could compromise someone's identity and discuss your course of action if the unthinkable did occur?

Here are some items to think about to protect your clients' personal data:
How are your files stored? Do the files that need to be secured have locks on them? Are you logging off of computers before leaving the office for lunch, going to the restroom, leaving at the end of the day? Is your website secure and or encrypted? Are your emails encrypted? Who empties trash cans every evening? Are those individuals trustworthy? Are sensitive items discarded appropriately?

These are just common sense tactics that can go a long way to insure the safety of information in your agency. When was the last time you trained your employees in this area of identity theft risk management? Make a point to do so before the end of the year.

This article is written by Jimmy Parrish of TBG Fraud Solutions in Birmingham. Jimmy is a Certified Identity Theft Risk Management Specialist. A 12-year veteran of the identity theft industry, he is an Associate Member of AIIA and offers identity theft risk management train to business accounts of all sizes in 27 states. Contact Jimmy at 205.585.8595.

Tuesday, April 12, 2011

Employee Error Causes Data Breach of 3.5 Million TX Employees

Communicating data between entities always opens the door to opportunities for mistakes, and that is what has happened for the State of Texas Comptroller. Today we are learning that 3.5 million state employees, teachers, and retirees personal information has been available on a publicly accessible server for up to a year.

It is an example of having good policy, but not having it followed and it has resulted in those involved being fired. The difference between what your policy says and what your employees do is one of the greatest data breach vulnerabilities for your organization. This is a prime example.

The policy said that when data is transfered between the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas that the data must be encrypted, and kept on a protected server. Smart policy, poor execution, and now names, addresses, social security numbers, and for some drivers license numbers and dates of birth were made available for anyone to find.

Are your employees doing what that policy, so neatly tucked up on a shelf, says they should do? Do they have a proper awareness of the issues a data breach causes the organization, and the impact for those that have their information lost or stolen? If not maybe they are also taking shortcuts, not taking the extra precaution they should be, and not worrying much about it.

After all the Texas Comptroller possibly like your organization has never had a breach before, is it really a big deal?

A great question for those that just got pink slips, and now have 3.5 Million folks prepared to ring their neck!


Wednesday, January 12, 2011


The 12 SCAMS OF CHRISTMAS

By Jimmy Parrish of TBG Fraud Solutions

December is the most prevalent time of year for one's identity to be stolen. Identity Theft continues to be the fastest-growing crime in America. Big "I" agencies can do their clients a favor by keeping them informed of developments in this area that could affect their possessions and personal information... especially during these tough economic times.Last month McAfee, Inc., released "The 12 Scams of Christmas." These are defined as the most dangerous online scams this holiday season. "Scams continue to be big business for cybercriminals who have their sights set on capitalizing on open hearts and open wallets this holiday season," said Dave Marcus, director of security for the California-based security software company. "As people jump online to look for deals on gifts and travel, it is important to recognize common scams to safeguard against theft during the busy season ahead."
1. iPads: With Apple products topping lots of shopping lists this holiday season, scammers are busy distributing bogus offers for free iPads. McAfee found that in the Spam version of the scam, consumers are asked to purchase other products and to provide their credit card number to get the free iPad. 2. HELP ME! This travel scam sends phony distress messages to family and friends requesting that money be wired or transferred so they can get home. 3. Fake Gift Cards: Cybercrooks use social media to promote fake gift card offers with the goal of stealing customers' information and money, which is then sold to marketers or used for identity theft. One recent Facebook scam offered a "free $1000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a look-a-like. To apply for the gift card they had to provide personal information and take a series of quizzes.
4. Job Offers: As people seek extra cash for gifts this holiday season, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.
5. Smishing: Cybercrooks are now "smishing," or sending phishing SMS texts. These texts appear to be coming from your bank or online retailer saying there is something wrong with an account and you have to call a phone number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets.

6. Holiday Rentals: Cybercrooks post fake holiday rental sites that ask for down payments or properties by credit card or wire transfer.7. Recession Scams: Scammers target vulnerable consumers with recession-related scams such as pay-in-advance credit schemes. McAfee said it has seen a significant number of scam emails advertising pre-qualified, low-interest loans and credit cards if the recipient pays a processing fee. 8. Greetings: E-cards are a convenient and earth-friendly way to send greetings to friends and family, but cybercriminals load fake versions with links to viruses and malware. 9. Price Taps: Shoppers should be cautious of products offered at prices far below those of competitors. Cyberscammers use auction sites and fake websites to offer too-good-to-be true deals with the goal of stealing your money and information.10. Charity Scams: Common ploys include phone calls and spam emails asking you to donate to veterans' charities, children's causes and relief funds for the latest catastrophe.
11. Downloads: Holiday-theme screen savers, jingles and animations are an easy way for scammers to spread viruses and other computer threats, especially when links come from an email or IM that appears to be from a friend.12. Wi-Fi: During the holidays many people travel and use free Wi-Fi in places like hotels and airports. That is a tempting time for thieves to hack into networks hoping to find opportunities for theft. In summary, PLEASE BEWARE this holiday season and alert your clients to be safe and consider identity theft insurance to protect themselves and their possessions. It is a small investment to protect a lifetime of savings. Plus, it gives them peace of mind that someone is monitoring their sensitive information.

Friday, October 29, 2010

Facebook Safety Tips to Stop Social Networking Hangovers

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.
There is no denying that Facebook and other social networking sites have a very luring appeal.  You can sit in the comfort of your own home and suddenly have a thriving social life.  You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles.  It is easy to see why Facebook has acquired over 500 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.
Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace.  It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one.  The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves.  It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.
Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.
Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission.  It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.
Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:
1.        Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.
2.        Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others. 
3.       Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.
Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.
Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.
Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

Monday, October 25, 2010

Don’t be fooled by ‘friends’ – social network hackers are in for the kill

Social network hacking and security breaches are becoming more and more prominent these days. Hackers set up fake profiles and attempt to gather personal and confidential information as your ‘friend’, using malicious code and malware to infiltrate systems. Hackers rely on the trust and ignorance of other social network users to gain access to private information from their computers.
(full Story)

Monday, October 18, 2010

Facebook Inc. have been transmitting YOUR identifying information...

Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found. Continue reading at The Wall Street Jounal