Study warns of facebook ID privacy risks

A new study raises privacy concerns about the ability to correctly identify people and parts of their Social Security numbers by matching pictures taken in public with images and information they post on social networks such as Facebook , Twitter or Google +.
The study by researchers at Carnegie Mellon in Pittsburgh found that they were able to correctly ID student volunteers about a third of the time using pictures shot with a webcam and information they posted to Facebook.
The first five digits of their Social Security numbers were correctly determined about 27 percent of the time.
The study was funded principally by a grant from the National Science Foundation, with support of Carnegie Mellon and the U.S. Army.
Prof. Alessandro Acquisti, the study's author, told the Wall Street Journal that Facebook is becoming a de facto ID service because of the amount of information and pictures it has from its 750 million users worldwide.
"We call it the democratization of surveillance," he said.

Is Your Agency Vulnerable to Identity Theft?

Identity Theft is the fastest-growing crime in America and it is destined to get worse before it gets better. How do we know? Just look at the facts here in Alabama.

The Federal Trade Commission complies statistics every year regarding identity theft complaints per 100,000 residents.  In 2007, Alabama ranked#37 nationally. We rose to #35 in 2008 and in 2009, we were #27. According to the March 11, 2011 issue ofThe Birmingham Business Journal, Alabama had risen to #15 nationally in identity theft complaints. To move from #37 to #15 may be great for college football teams, but with identity theft complaints it means we are going the wrong way!  

How does this impact Big "I" insurance agency members? It has a monumental effect on the way we do business in the present day as well as moving forward.

In 2003, Congress passed the Fair & Accurate Credit Transactions Act (FACTA). There are two key components to this legislation. First, it required that every American have the opportunity to receive a free copy of his/her credit report once a year from each of the three credit reporting agencies. Second, any businesses that accepted debit or credit cards were required to "truncate the numbers," that is "xxxx" out all but the last four digits on the cards/ receipts along with the expiration date.

The section of the legislation affecting agencies is this... effective July 1, 2005, every business owner-whether public or private, for profit or non-profit, or employing any number of employees - must be taking "reasonable measures" to insure that non-public information is not compromised. If a customer, client, vendor, contractor, employee or prospective employee can trace the theft of their identity to your agency, you could incur serious liability.

Furthermore, in the last few years, the FTC added the "Red Flags Rule."  This stipulates that any business running credit on another individual or business is required to supply training for all employees regarding the handling of sensitive and non-public information. The deadline for implementation of this training was December 31, 2010.

This by no means states that all agencies need to undergo Identity Theft Risk Management Training with specific emphasis on the Red Flags Rule. First, if your agency runs credit on individuals and/or businesses as part of your daily functions, you might want to check into whether or not this training applies to you and your employees. Second, even if it not required by law, doesn't it just make good business sense to train all your employees on the handling of personal identifying information that could compromise someone's identity and discuss your course of action if the unthinkable did occur?

Here are some items to think about to protect your clients' personal data:

How are your files stored? Do the files that need to be secured have locks on them? Are you logging off of computers before leaving the office for lunch, going to the restroom, leaving at the end of the day? Is your website secure and or encrypted? Are your emails encrypted? Who empties trash cans every evening? Are those individuals trustworthy? Are sensitive items discarded appropriately?

These are just common sense tactics that can go a long way to insure the safety of information in your agency. When was the last time you trained your employees in this area of identity theft risk management? Make a point to do so before the end of the year.

This article is written by Jimmy Parrish of TBG Fraud Solutions in Birmingham. Jimmy is a Certified Identity Theft Risk Management Specialist. A 12-year veteran of the identity theft industry, he is an Associate Member of AIIA and offers identity theft risk management train to business accounts of all sizes in 27 states. Contact Jimmy at 205.585.8595.

Employee Error Causes Data Breach of 3.5 Million TX Employees

Communicating data between entities always opens the door to opportunities for mistakes, and that is what has happened for the State of Texas Comptroller. Today we are learning that 3.5 million state employees, teachers, and retirees personal information has been available on a publicly accessible server for up to a year.

It is an example of having good policy, but not having it followed and it has resulted in those involved being fired. The difference between what your policy says and what your employees do is one of the greatest data breach vulnerabilities for your organization. This is a prime example.

The policy said that when data is transfered between the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas that the data must be encrypted, and kept on a protected server. Smart policy, poor execution, and now names, addresses, social security numbers, and for some drivers license numbers and dates of birth were made available for anyone to find.

Are your employees doing what that policy, so neatly tucked up on a shelf, says they should do? Do they have a proper awareness of the issues a data breach causes the organization, and the impact for those that have their information lost or stolen? If not maybe they are also taking shortcuts, not taking the extra precaution they should be, and not worrying much about it.

After all the Texas Comptroller possibly like your organization has never had a breach before, is it really a big deal?

A great question for those that just got pink slips, and now have 3.5 Million folks prepared to ring their neck!

The 12 SCAMS OF CHRISTMAS

By Jimmy Parrish of TBG Fraud Solutions

December is the most prevalent time of year for one's identity to be stolen. Identity Theft continues to be the fastest-growing crime in America. Big "I" agencies can do their clients a favor by keeping them informed of developments in this area that could affect their possessions and personal information... especially during these tough economic times.Last month McAfee, Inc., released "The 12 Scams of Christmas." These are defined as the most dangerous online scams this holiday season. "Scams continue to be big business for cybercriminals who have their sights set on capitalizing on open hearts and open wallets this holiday season," said Dave Marcus, director of security for the California-based security software company. "As people jump online to look for deals on gifts and travel, it is important to recognize common scams to safeguard against theft during the busy season ahead."
1. iPads: With Apple products topping lots of shopping lists this holiday season, scammers are busy distributing bogus offers for free iPads. McAfee found that in the Spam version of the scam, consumers are asked to purchase other products and to provide their credit card number to get the free iPad. 2. HELP ME! This travel scam sends phony distress messages to family and friends requesting that money be wired or transferred so they can get home. 3. Fake Gift Cards: Cybercrooks use social media to promote fake gift card offers with the goal of stealing customers' information and money, which is then sold to marketers or used for identity theft. One recent Facebook scam offered a "free $1000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a look-a-like. To apply for the gift card they had to provide personal information and take a series of quizzes.
4. Job Offers: As people seek extra cash for gifts this holiday season, Twitter scams offer dangerous links to high-paying, work-at-home jobs that ask for your personal information, such as your email address, home address and Social Security number to apply for the fake job.
5. Smishing: Cybercrooks are now "smishing," or sending phishing SMS texts. These texts appear to be coming from your bank or online retailer saying there is something wrong with an account and you have to call a phone number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets.

6. Holiday Rentals: Cybercrooks post fake holiday rental sites that ask for down payments or properties by credit card or wire transfer.7. Recession Scams: Scammers target vulnerable consumers with recession-related scams such as pay-in-advance credit schemes. McAfee said it has seen a significant number of scam emails advertising pre-qualified, low-interest loans and credit cards if the recipient pays a processing fee. 8. Greetings: E-cards are a convenient and earth-friendly way to send greetings to friends and family, but cybercriminals load fake versions with links to viruses and malware. 9. Price Taps: Shoppers should be cautious of products offered at prices far below those of competitors. Cyberscammers use auction sites and fake websites to offer too-good-to-be true deals with the goal of stealing your money and information.10. Charity Scams: Common ploys include phone calls and spam emails asking you to donate to veterans' charities, children's causes and relief funds for the latest catastrophe.
11. Downloads: Holiday-theme screen savers, jingles and animations are an easy way for scammers to spread viruses and other computer threats, especially when links come from an email or IM that appears to be from a friend.12. Wi-Fi: During the holidays many people travel and use free Wi-Fi in places like hotels and airports. That is a tempting time for thieves to hack into networks hoping to find opportunities for theft. In summary, PLEASE BEWARE this holiday season and alert your clients to be safe and consider identity theft insurance to protect themselves and their possessions. It is a small investment to protect a lifetime of savings. Plus, it gives them peace of mind that someone is monitoring their sensitive information.