Bait Phone
You may be familiar with the truTV program Bait Car, where the police place a vehicle equipped with hidden cameras and radio trackers in various areas to catch a would be car thief in the act. It’s kinda fun to watch people ‘check out’ the car, check out the surroundings and decide to jump in and drive off. You get to see their excitement as they think that they’ve just won the jackpot along with the utter despair as officers remotely kill the car and the thief is surrounded. Even the excuses as to why they are driving it are hilarious. ‘I was just moving it for my friend, so they wouldn’t get a ticket, whose name I forgot and I also can’t remember where they live.’ In the UK, they got something similar except with mobile phones called ‘Operation Mobli.’ Plain clothes police purposely left "bait" phones embedded with tracking devices in nine pubs and bars across the towns of Hastings and St Leonards in Sussex. I’m not sure what makes and models of phones were left for the taking but none of the baited devices were stolen. In every case, an honest patron noticed the ‘forgotten’ phone and turned in to the bar staff. Some might describe this sting as a failure but according to the Sussex Police’s press release Sgt Ché Donald said, ‘This was an excellent result and my faith has been restored as the phones were honestly handed in.’ I often write about the potential perils of losing a smartphone crammed with private data and all the unfortunate circumstances that follow. If it gets into the wrong hands then that is the case yet we must also remember that there are plenty of good, honest folks out there who will do the right thing when they find something that doesn’t belong to them. Maybe they’ve seen police sting shows, maybe they’ve lost something themselves, maybe their parents raised them right or maybe it’s simply kindness and honesty that’s built into every one of us. Human’s are capable of the greatest good and the nastiest of evil, it’s all how we decide to play it. ps References: Operation Mobli deters mobile phone thieves in Hastings Police mobile phone sting fails when.. err.. no handsets stolen Mobile-phone 'sting' reveals honesty of Sussex pubgoers Police Sting Operation Yields No Mobile Phone Thefts It's legal: cops seize cell phone, impersonate owner What’s in Your Smartphone? Freedom vs. Control BYOD–The Hottest Trend or Just the Hottest Term Will BYOL Cripple BYOD?Moving Target
I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you are settled in for the holidays. And while you are worrying about packing, movers, mail and all the other check lists, your identity is ripe for the picking. The increased risk of identity theft during a move is because personally identifiable information is being shuffled around from one home to the next. At the same time, buyers and renters are preoccupied with the move and can forget to protect their sensitive documents. You may lock up or personally carry your jewelry, checkbook and other 'valuables' but your personal information might be unprotected and targeted during a move. If you are moving this summer like I just did, there are a few things you can do to minimize the risk. While most moving sites have 'Change of Address' as their top protection mechanisms (which we'll get to), I feel that shredding old bills, receipts and financial info is critical. First, you might not want to drag all that old paperwork with you, especially if you are paying by the pound but more importantly, shredding important documents can prevent thieves from finding any information in your trash. Old-skool dumpster diving is still a viable method to steal personal information. You also might not want the movers themselves to have access to those documents, particularly if you are having them help pack. I was fortunate to find reputable movers but mover fraud is becoming more commonplace in the U.S. Mail call! What? Oh yea, Change of Address. Seems like a no brainer, filling out a postal change of address but it is also important. Make the change with all the companies, financial institutions, magazines, and other organizations that regularly send you mail. Identity theft is often carried out by stealing mail. The folks who move into your old house might not steal your identity, but they will most likely throw away mail that isn’t theirs, and they won’t necessarily take the care to shred it as you would. If your mail continues to be delivered to your old address, it might be left on the doorstep or in an unlocked mailbox, making it very easy for anyone to walk away with it. Lock down your electronics. Many households have multiple computers now including tablets, mobile phones and other 'things' storing sensitive information. These are a treasure trove. You can carry/pack yourselves and make sure they are always in your possession or password protect and place in a slightly unmarked box. Maybe label it as 'dog food' and the crook, movers or otherwise, just might pass it over. If you plan on donating or recycling your old computer(s), make sure you totally erase the hard drive since criminals can easily retrieve those files and sue them for no good. Slightly related to this, I recently bought a refurbished Blu-ray player with various streaming services. I wanted to replace the one we broke with the exact same one but they stopped making that model. When it arrived, I went in to configure our Netflix account. So I clicked the Netflix icon and it loaded fine. Wait a minute, that's not my Instant Que. Whoever had the unit prior to me, still had their Netflix saved and I could see all their viewing habits. Old episodes of Leave it to Beaver and Attack of the 50 Foot Cheerleader. And keep an eye out for yourself before, during and after. Check credit monitoring if you have it; your credit report a few months later for anything suspicious; that all your mail is arriving intact; that all your household items are accounted for; and we often leave cars, garages, and other entrances wide open when moving so keep an eye there, if the location warrants. Physical items can be used to create digital identities and while we may read about ID theft topics when computer breaches are reported, the physical realm is still ripe with fraudsters. Everything is game nowadays but you can take physical and digital action to stay safe when you are finally home sweet home. ps Resources: Prevent ID Theft while moving Identity Theft Risk Factor: Moving to a New Home Moving and Identity Theft - How to Protect Yourself Ten Tips to Avoid Identity Theft When You Move Minimizing the Risk of Identity Theft When You’re Moving Technorati Tags: identity theft,id theft,moving,home,household,iot,mail,security,pii,silva,f5 Connect with Peter: Connect with F5:5 Stages of a Data Breach
One thing I’ve noticed over the last couple years is that there are 5 Stages of a Data Breach: Denial: We do not believe these attacks breached our critical servers. Anger: We want to make it clear that we take security seriously! Bargaining: We’d like to offer our affected customers a credit monitoring service. Depression: We wish we could have done things differently. Acceptance: Well, it just shows that no one is safe from hackers. ps Technorati Tags: F5, cyber-crime, trojan, Pete Silva, security, business, education, 5 stages, cyber war, hackers, breach, verisign, internet, security, privacy,Identity Theft Roundup
I’m on a ID fraud kick lately and there are quite a few stories of late about identity theft. Here are just a few: House Approves Red Flags Exemptions – In January 2008, the Red Flag Rule went into existence which said that organizations (mainly banks and financial institutions) that extend credit to have a written Identity Theft Prevention Program designed to detect identity fraud on a day to day basis. This new bill would except certain businesses like physicians and hospitals from having to abide by the rule. Sen. Dodd (D-Conn) said that the bill, ‘makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as 'creditors' for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don't offer or maintain accounts that pose a reasonably foreseeable risk of identity theft.’ So if you don’t have a foreseeable risk of ID theft, I guess you don’t have to pay attention. Minn. man pleads guilty in ND identity-theft case – 20 felonies, 19 counts of ID theft, 1 theft charge and a 28 year old only gets a year in jail and 5 years probation. He stole the SSN and names of 49 people. Military at high risk for identity theft – Did you know that military personnel are required to use their SSN for silly things like checking out a basketball at a gym or to identify their laundry bag? I didn’t and it is becoming a problem since most locations do not take ‘care’ of that personal info. Fla woman stole identity, paid for breast implants – You might remember this one where a woman in Miami stole someone’s identity and used fake credit cards to get her fake, well, you know. She also racked up $20,000 in new furniture. She got 30 months in a federal pen for that one. If you were wondering, she said she needed them since her old ones were giving her breathing problems. Kent couple arrested for identity theft, prescription forgeries – While investigating a prescription forgery ring, Kent Police uncovered a nice little counterfeiting operation run out of an apartment building. Since the suspect was a convicted felon with a firearm, SWAT arrived and took the couple without incident. Wait, fake prescriptions here and a new law that says medical facilities can pass on Red Flag? Hum. Man arrested in financial identity theft – It’s not just strangers getting hit – here a 20 year old opened a credit card account in his grandparent’s names and just added himself as an authorized user. $4000 worth of cigs, alcohol and electronic equipment later, he was in jail. Queens D.A. Warns: Beware New ID Theft – At least in New York, thieves are using what’s called a ‘spoof card’ to get personal information. Spoof cards are like calling cards but allows the caller to enter whatever number they want on the receiver’s caller ID. Oh, a call from the bank. They act/sound all authoritative on the phone and people spill the info. This is a great opportunity to turn the tables – ask the caller to validate a piece of information. To validate the caller, ask a couple questions that the bank usually asks you like, last transaction or first dog’s name. Or, just say, ‘I’ll call you back at the number on your web site.’ ID theft alleged at Libertyville driver's license facility – A 22 year employee at an Illinois driver’s license facility gets caught giving other’s personal information to thieves. Those thieves then opened credit card accounts with the info. He’s facing 3 years in prison but shows just how slippery your personal info is in the hands of others. More to come… ps twitter: @psilvasThe New Wallet: Is it Dumb to Carry a Smartphone?
When I was a teenager, I used to have one of those cool nylon surfer wallets with the Velcro close, you remember those don’t ya? While pumping diesel (had a VW Rabbit) one day at an old Gulf station, I left the wallet on top of the car and drove off. Realizing that my wallet was not snug in the sun visor when I got home, I retraced my path and found it - parts of it - scattered all over Route 1. Luckily, I got most of my belongings back but had that sickened feeling of almost losing my most precious possession at the time, my fake I……um, my driver’s license. I then got a leather wallet and shoved so many things in there I could have been mistaken for George Costanza, not to mention the hole that evolved right at the bottom point of my back pocket. Not liking the bump on my butt, I eventually moved to ‘money-clip’ type holders, you know those money holder things you carry in your front pocket. I felt ‘safer’ knowing it was in my front pocket and I only carried the essentials that I needed, rather than the reams of receipts I’d have in my wallet. When I was younger, I’d use tie clips, metal binder clips, and other things until I got a nice Harley-Davidson one which holds credit cards and clips currency. I’d still feel sick if I lost it however. Not having a wallet, purse, money clip or other currency container at all, may eventually be our new reality. You see, our smartphones are starting to carry all that digital information for us and according to a recent CNNMoney article, our smartphones are becoming one of our most dangerous possessions. We can do banking, make payments, transfer money, use the phone for loyalty card swipes along with credit card transactions. At the same time, mobile users more vulnerable to phishing attacks, some banking apps for Android, iPhone expose sensitive info, Android Trojan Emerges In U.S. Download Sites and how IPv6: Smartphones compromise users' privacy. We knew it would eventually happen but the crooks are now adapting to the explosive mobile growth, the rise of mobile banking and our never ending connection to the internet. Don’t get me wrong, like many of you, I love having email, contacts, calendar and entertainment at my fingertips along with the convenience of having all my stuff with me; but the chances of losing much more greatly increase since you have the equivalent, or even more, of all your credit cards, personal and private information and other sensitive stuff right on your smartphone. Sure there are backup programs but how many of you actually backup your computer on a weekly basis? How many have wipe or lock software installed to destroy everything on the smartphone if it is stolen? How many have tracking software if it is lost? How many have your actual home address in the GPS navigator so the offender can find where you live and visit while you are away? How many have sensitive corporate information stored on the smartphone since you use it for both personal and business use? Now I’m starting to spook myself. Many people will willingly trade some personal info for personal convenience. You might never give a total stranger your home address and phone number but if they add, ‘in exchange, we’ll give you this branded card and you’ll get 10% off every purchase,’ more than likely, we’ll turn that personal info over. If you understand that every purchase will be scanned, sent to a database and used for marketing or as the merchant describes, to ‘provide you with the best service and offerings,’ then you might accept that. If you accept and understand the risks of doing mobile banking, transferring money, making payments and carrying around your entire life on your mobile device….and take actions to mitigate those risks, like using encryption, backups, wipe/locate software, antivirus, OS updates and other mobile security precautions along with practicing the same discretion as you would with your home computer (like not clicking links from strangers) then you should stay relatively safe. Unless, of course, you leave that digital wallet on the top of your vehicle and drive off. ps Resources Android Trojan Emerges In U.S. Download Sites Sophisticated New Android Trojan "Geinimi" Spreading in China Chinese crack down on 'money-sucker' Androids Your most dangerous possession? Your smartphone IPv6: Smartphones compromise users' privacy Mobile users more vulnerable to phishing attacks Report: Banking Apps for Android, iPhone Expose Sensitive Info Make Sure Your Smartphone Payments Are Secure F5 BIG-IP Edge Client App F5 BIG-IP Edge Portal App Securing iPhone and iPad Access to Corporate Web Applications – F5 Technical Brief Audio Tech Brief - Secure iPhone Access to Corporate Web ApplicationsFear and Loathing ID Theft
Do you avoid stores that have had a credit card breach? You are not alone. About 52% of people avoid merchants who have had a data breach according to a recent Lowcards survey. They surveyed over 400 random consumers to better understand the impact of identity theft on consumer behavior. 17% said they or a family member was a victim of identity theft over the last year with half the cases being credit card theft. 94% said they are more concerned or equally concerned about ID theft. They estimate that there were 13.5 million cases of credit card identity theft in the United States over the last 12 months. These concerns are also changing the way some people shop. Over half (56%) are taking extra measures to protect themselves from identity theft. Some of these behaviors include using a debit card less (28%), using cash more (25%), ordering online less (26%) and checking their credit report more (38%). These are all reasonable responses to the ever challenging game of protecting your identity and is important since 89% of security breaches and data loss incidents could have been prevented last year, according to the Online Trust Alliance's 2014 Data and Breach Protection Readiness Guide. The game is changing however, and mobile is the new stadium. Let's check that scoreboard. Most of the security reports released thus far in 2014, like the Cisco 2014 Annual Security Report and the Kaspersky Security Bulletin 2013 show that threats to mobile devices are increasing. We are using them more and using them for sensitive activities like shopping, banking and storing personally identifiable information. It is no wonder that the thieves are targeting mobile and getting very good at it. Kaspersky's report talks about the rise of mobile botnets and the effectiveness since we never shut off our phones. They are always ready to accept new tasks either from us or, a foreign remotely controlled server with SMS trojans leading the pack. Mobile trojans can even check on the victim's bank balance to ensure the heist is profitable and some will even infect your PC when you USB the phone to it. Distribution of exploits in cyber-attacks by type of attacked application I guess the good news is that people are becoming much more aware of the overall risks surrounding identity theft and breaches but will the convenience and availability of mobile put us right back in that dark alley? Mobile threats are starting to reach PC proportions with online banking being a major target and many of the potential infections are delivered via SMS messages. Sound familiar? Maybe we can simply cut and replace 'PC' with 'Mobile' on all those decade old warnings of: Watch what you click! ps Related Some consumers changing habits because of data breach, ID theft worries, report finds LowCards Exclusive Study: Identity Theft Concerns Shifting Shopping Habits of Americans Kaspersky Security Bulletin 2013. Overall Statistics for 2013 Mobile Payments and Devices Under Attack An SMS Trojan with Global Ambitions Mobile Malware Milestone Mobile Threats Rise 261% in Perspective Nine Security Best Practices You Should Enforce Technorati Tags: mobile,shopping,breach,malware,idtheft,behavior,silva,trojan Connect with Peter: Connect with F5:Unplug Everything!
Just kidding…partially. Have you seen the latest 2011 Verizon Data Breach Investigations Report? It is chock full of data about breaches, vulnerabilities, industry demographics, threats and all the other internet security terms that make the headlines. It is an interesting view into cybercrime and like last year, there is also information and analysis from the US Secret Service, who arrested more than 1200 cybercrime suspects in 2010. One very interesting note from the Executive Summary is that while the total number of records compromised has steadily gone down – ‘08: 361 million, ‘09: 144 million, ‘10: 4 million – the case loads for cybercrime is at an all time high – 141 breaches in 2009 to a whopping 760 in 2010. One reason may be is that the criminals themselves are doing the time-honored ‘risk vs. reward’ scenario when determining their bounty. Hey, just like the security pros! Oh yeah….the crooks are pros too. Rather than going after the huge financial institutions in one fell swoop or mega-breach, they are attempting many more low risk type intrusions against restaurants, hotels and smaller retailers. Hospitality is back on the top of the list this year, followed by retail. Financial services round out pole position, but as noted, the criminals will always have their eye on our money. Riff-raff also focused more on grabbing intellectual property rather than credit card numbers. The Highlights: The majority of breaches, 96%, were avoidable through simple or intermediate controls; if only someone decided to prevent them. 89% of companies breached are still not PCI compliant today, let alone when they were breached. External attacks exploded in 2010, and now account for the vast majority at 92% and over 99% of the lost records. 83% of victims were targets of opportunity. Most attacks are opportunistic, with criminal rings relying on automation to discover susceptible systems for them. Most breaches aren’t discovered for weeks to months, and most breaches, 86%, are discovered by third-parties, not internal security teams. Malware and ‘hacking’ are the top two threat actions by percentage of breaches, 50%/49% respectively, along with tops in percentage of records 89%/79%. Misuse, a strong contender last year, went down in 2010. Within malware, sending data to an external source, installing backdoors and key logger functions were the most common types and all increased in 2010. 92% of the attacks were not that difficult. You may ask, ‘what about mobile devices?’ since those are a often touted avenue of data loss. The Data Breach Report says that data loss from mobile devices are rarely part of their case load since they typically investigate deliberate breaches and compromises rather than accidental data loss. Plus, they focus on confirmed incidents of data compromise. Another question might have to do with Cloud Computing breaches. Here they answer, ‘No, not really,’ to question of whether the cloud factors into the breaches they investigate. They say that it is more about giving up control of the systems and the associated risk than any cloud technology. Now comes word that subscribers of Sony’s PlayStation Network have had their personal information stolen. I wonder how this, and the other high profile attacks this year will alter the Data Breach Report next year. I’ve written about this type of exposure and felt it was only a matter of time before something like this occurred. Gamers are frantic about this latest intrusion but if you are connected to the internet in any way shape or form, there are risks involved. We used to joke years ago that the only way to be safe from attacks was to unplug the computers from the net. With the way things are going, the punch line is not so funny anymore. ps Resources: 2011 Verizon Data Breach Investigations Report Verizon data breach report 2011: Hackers target more, smaller victims Data Attacks Increase 81.5% in 2010 Verizon study: data breaches quintupled in 2010 Sony comes clean: Playstation Network user data was stolen X marks the Games Microsoft issues phishing alert for Xbox Live Today's Target: Corporate Secrets The Big Attacks are Back…Not That They Ever Stopped Sony Playstation Network Security Breach: Credit Card Data At Risk Breach Complicates Sony's Network Ambitions Everything You Need to Know About Sony's PlayStation Network Fiasco e-card Malware
I’ve gotten some e-cards this holiday season from organizations that I know, and you might even receive one from F5. I just wanted to post a short reminder to be careful of these, especially if you get one from someone you don’t know. This is, and has been for several years, one of cybercriminals favorite ways of distributing malware, infecting your computer and stealing your info. Usually, the e-card arrives in your email with a link to view it online. Once you click that link and visit the purported e-card site, you can become infected. In fact, if you get one and don’t know the sender at all, I’d delete it right away. Often you don’t need to visit a site to get infected since the payload might in the email itself. The Better Business Bureau is also warning of another phishing scam with cybercriminals masquerading as a shipping company. You’ll get an email with a tracking number in the subject line. The note says that the package could not be delivered and asks the user to print the attached document. At that point, if you do open the attachment, then a virus is installed on your computer. There have also been charitable giving scams, coupon code scams, too good to be true sale scams and other rip-offs to swindle you of your money and sensitive info. You might be thinking, ‘ahh, geeze – not another,’ but this is the time of year those cybercriminals like to prey on people’s holiday spirit and general preoccupation with with other things festive. Keep anti-virus updated, use a firewall, be suspicious, use common sense and enjoy the holidays. ps Resources: BBB Raising Warning Against Phishing E-mails Better Business: Scammers eager to spoil your holiday season The Safe Shopper's Cyber Shopping Guide Holiday Scams To Watch Out For Beware of bogus online offers bearing a free iPadSecurity’s Rough Ride
1 if by land, 2 of by sea, 0 if by IP I know I’ve said this before but it sure seems like almost daily there is a security breach somewhere. Over the years, the thought process has changed from prevent all attacks to, it is inevitable that we will be breached. The massive number of attacks occurring daily makes it a statistical reality. Now organizations are looking for the right solution (both technology and practice) to quickly detect a breach, stop it, identify what occurred and what data may have been compromised. Over the last couple of days various entities have had their security breached. As you are probably already aware either due to the headlines or a direct note in your email inbox, Zappos, a popular online shoe site, was compromised exposing information on 24 million customers. While a good bit of info was taken, like usernames, passwords, addresses, email and other identifiable information, Zappos claims that the stored credit card information was apparently spared due to being encrypted. There are still many details that are unknown like how it occurred and how long it had been exposed but all users are being required to change their passwords immediately. Users might also want to change similar passwords on other websites since I’m sure the criminals are already trying those stolen passwords around the web. These days it's entirely too easy to use information from one hack in many others. It doesn't even matter if passwords were compromised. Your can change your password, but the make and model of your first car, and your mother's maiden name can't be changed. Yet, online service providers continue to rely on these relatively weak forms of secondary authentication. The interesting thing is Zappos is/was apparently PCI-DSS compliant, proving once again, PCI compliance is a first step, not the goal. Being PCI compliance does not mean that one is secure and this also underscores importance of using WAF like BIG-IP ASM. And if it was not a web app that was owned on the server in Kentucky, then Section 6.6 is irrelevant. But again, all the details are still to be uncovered and as far as I know, no-one has claimed responsibility. Overseas, there is an ongoing cyber-war between a Saudi (reported) hacker and Israel. 0xOmar, as news articles have identified him, claims to have posted details of 400,000 Israeli-owned credit cards and Israel’s main credit card companies have admitted that 20,000 cards have been exposed. Along the way, he has also attacked the Tel Aviv Stock Exchange and Bank Massad. In an interesting and potentially scary turn of events, a group of Israeli hackers, IDF-Team, took down the Saudi Stock Exchange (Tadawul) and the Abu Dhabi Securities Exchange (ADX) as a counter-attack. Another Israeli hacker going by Hannibal claims to have 30 million Arab e-mail addresses, complete with passwords (including Facebook passwords), and says he’s received e-mails not only from potential victims but from officials in France and other countries asking him to stop. This cyber-conflict is escalating. In a very different type of breach, you’ve probably also seen the cruise ship laying on it’s side a mere 200 yards from the Italian shore. While not necessarily a data security story, it is still a human security story that, so far, has been attributed to human error – like many data security breaches. Like many data breach victims, people put their trust in another entity. Their internal risk-analysis tells them that it is relatively safe and the probability of disaster is low. But when people make bad decisions which seems the case in this situation, many others are put at greater risk. Put on your virtual life vests, 2012 is gonna be a ride. ps References: Zappos Hacked: What You Need to Know 10 Security Trends To Watch In 2012 Hackers swipe Zappos data; customers should change password Zappos Hack Exposes Passwords Zappos Hacked: Internal Systems Breached in Cyber Attack Delivering Unhappiness Alleged Saudi hacker discloses more Israeli credit card numbers Israeli hackers bring down Saudi, UAE stock exchange websites Cruise disaster: captain neared rocks in Facebook stunt for friend's family Technorati Tags: F5, cyber-crime, trojan, Pete Silva, security, business, education, technology, application delivery, cruise, cyber war, ddos, hackers, iPhone, web, internet, security, breach, privacy, PCI-DSS,So Where Do We Go From Here?
If you are who you say you are. I've been travelling the last few weeks shooting some videos for VMware PEX and RSA. When that happens, my browser tabs get crowded with the various stories I'm interested in but will read later. This time they all seemed to hover around Identity Theft. When I got home, in my awaiting physical mail was a letter from Target. I also returned something to a national hardware store and the cashier tried to crumple my credit-card-info-having receipt into a trash can. Kismet. Let's take a look... The FTC recently announced that Identity Theft is the #1 complaint in 2013, for the 14th consecutive year. Is that a record? While down slightly from 2012, it still accounted for 14% of the 2 million overall complaints. This is down from 18% in 2012. Florida, followed by Georgia and California were the worst hit states for ID theft. The IRS has also named Identity Theft as their #1 Dirty Dozen Tax scam for 2014. Speaking of California, 7.5 million of the over 110 million breached Target accounts were Californians. California is one of the few states that require disclosure when more than 500 accounts are compromised. The first year California required reports, 2012, there were 131 breaches reported...in 2013 that rose to 170. The other interesting thing about California breaches is that many target smaller companies. In 2012, half of the reported breaches came from companies with fewer than 2500 employees and almost a third were businesses with less than 250 employees. Being small and relatively unknown is no shield. Also in Southern California, the Feds busted a couple guys running a Tijuana-based identity theft ring. These dudes broke into a U.S. based mortgage broker's servers and siphoned off mortgage applications which included most of the borrower's personal info: name, birthday, SSN, DL number, tax info, the works. They then used that info to open credit lines and, with the info they had, were able to change access to the people's brokerage accounts. From there, transferring money to other accounts was a snap. From Dec 2012 thru June 2013 they stole personal data on 4200 individuals. Javelin Strategy and Research released their annual 2014 Identity Fraud Study stating that in 2013, a new instance of identity fraud occurred every 2 seconds. 1 Mississippi, 2 Mississippi. Another. There was 13.1 million identity fraud victims on 2013. While the people number is going up, the actual money stolen, according to Javelin, in going down. They estimated that the total cost of identity fraud in 2013 to be around $18 billion, more than $3 billion less than 2012. 2004 holds the record at $48 billion. Attackers are now focusing on opening new accounts rather than piggy backing existing credit cards. Account take-over's, particularly for utilities and mobile phones are the new free-bees. Most of the stolen info appears to be from corporate breaches and about 1/3 of those who receive a breach letter actually becomes a theft victim. Your debit card also seems more valuable than your social security number. 46% of consumers with breached debit cards became victims verses only 16% of breached SSNs. And in an interesting twist, the top complaint against debt collectors is mistaken identity. Trying to collect a debt from the wrong person was by far, the most common complaint to the Consumer Financial Protection Bureau (CFPB). I know this all too well since over the last 3+ years, we've been getting debt collection calls looking for a certain person. We tell them that we've had our phone number for years and stop calling. Few months go by, the debt gets sold to another collector and we get calls again. It got so bad that this person's own mother called to tell her son that the dad was in the hospital and probably wouldn't make it. About 2 weeks later we got a call from another family member looking to talk about the father's death. This guy was running from debt so much so, that his own mother couldn't get a hold of him when dad was on his death bed. Now that's bad. So where do we go from here? Will we all need that personal chip installed on our left earlobe to verify identity? The payment terminal says, 'Please listen for verification.' Riff-raff will then be all like, 'Oh, listen to this cool song,' as they plug the bud into your ear only to suck the data off your PID chip. You didn't hear? That's our IPv6 Personal Identity Chip inserted into every newborn starting in 2025. Oh, it will happen. ps Related: FTC: Identity theft is the plague of the country Calif. attorney general focuses on retailers' data theft Tijuana-Based ID Theft Conspiracy Busted Javelin Study: A New Identity Fraud Victim Every Two Seconds The 2013 FireEye Advanced Threat Report! Mistaken identity top complaint against debt collectors RSA 2014: Anti-Fraud Solution (feat DiMinico) Technorati Tags: identity theft,id theft,security,privacy,banking,pii,breach,fraud,silva,f5 Connect with Peter: Connect with F5:
