Learn How Scammers Get Your Social Security Number

Knowing their secrets can help you trip them up

I came across an excellent article that explains how easy it is for scammers to decode your social security number.  I’ve always wondered how they did this.

Carnegie Mellon University researchers found that only two pieces of information are needed to guess SSNs. A recent study published in the Proceedings of the National Academy of Sciences implies that knowledge of your hometown and your birth date allows scammers to discover most, if not all, of the nine digits of your social security number.

For $50, your SSN can be bought from dozens of websites used by private investigators, businesses conducting credit checks, and savvy scammers who know your name, birth date, and current address. And if the scammer doesn’t have your birth place and date information, it’s easy to find.   “There are many websites and database where one can access the birth dates of thousands of people easily and cheaply,” said Alessandor Acquisti, the study’s lead researcher.

Public databases and voter registration lists include the information scammers want.  Over the years, the first three digits of the SSN designate an area number.   The fourth and fifth are a group number and the last four digits, which are more difficult to guess, are issued sequentially depending on how long the social security application took to process.

Today’s highest risk group for decoding are those born since 1988 because that is the year the Social Security Administration began to order SSNs for newborns and older children who did not already have a SSN.  The SSA now has a more arbitrarily process of assigning SSNs.

For those who use social networking websites such as Facebook and Twitter or have online accounts, here are four easy ways to help prevent potential problems:

  • Do not use your birth date or any part of your SSN as a password.
  • Do not post any personal information such as your birth date, hometown and location of your high school.
  • When posting obituaries of loved ones, exclude hometowns and other personal information, as the deceased are frequent targets.
  • Stay away from online security questions that ask for your hometown.

Source:  Sid Kirchheimer   AARPBULLETINtoday

1.00 avg. rating (47% score) - 1 vote
Categories: Crime, Identity Theft, Technology

Fallout from Computer Fraud and Funds Transfer Fraud

Two huge reasons why crime insurance is needed

Computer FraudTravelers Insurance put out an excellent bulletin that describes the financial threats posed by funds transfer fraud and computer fraud, and the need for specialized Crime Insurance Coverage.  The Travelers coverage version, wrap +, includes coverage for both electronic funds transfer and computer fraud.

Eye-opening facts

  • According to a survey by Computer Security Institute, the average financial loss due to computer fraud was $289,000.  The average loss due to funds transfer fraud was $500,000.
  • Pfishing scams, Trojans, key loggers and other techniques allow hackers to gain control of online banking transactions and to circumvent normal online authentication controls.
  • Internal controls such as antivirus software, firewalls, and employee training are critical, but not enough for 100 percent protection.
  • Specialized Financial Insurance coverages should be purchased to protect against this risk.

Examples of Electronic Funds Transfer Fraud Claims

  • The bank of a victim company allegedly sent a letter explaining a new security program.  A company received an email that appeared to be from the bank explaining a new security program. An employee opened the email, allowing a Trojan virus access and read keystrokes from the company’s computer. The perpetrator then obtained banking and password information.  A fraudulent electronic wire transfer was initiated and the company lost $683,000.
  • The finance director of a company opened an attached zip file in an email that contained a virus.  The user ID and password to the company’s bank  account was obtained through code inserted by the virus.  A fraudulent electronic wire transfer totaling $147,000 was initiated by criminals from the company’s bank account to an unknown bank account in Arizona.   The immediate withdrawal was unrecoverable.
  • A payroll supervisor logged on to the payroll account for the company and noted that three payments totaling $704,632 had been wired from the account. The transactions were reported to the bank as unauthorized and the account was shut down.  Unfortunately, $238,781 of the loss was not recovered.

Examples of Computer Fraud Claims

  • An employee of a customer  hacked into a company’s website and changed the bank routing and account numbers to her own.  When the company paid her employer for services rendered, she fraudulently received the funds in her account.
  • A former employee used his supervisor’s password to enter the insured’s unlocked building and gained access to use the supervisor’s computer.  Using the bank routing number, he activated transactions to receive fake reimbursements allegedly made to the company’s customers.

Source: Travelers Bond & Financial Products, Bulletin, 11-09

2.00 avg. rating (51% score) - 2 votes
Categories: Breach Of Security, Crime, Risk Management, Technology
Crime Insurance

Increased Need for Crime Insurance for Small Businesses

Diligence is the key to preventing losses

Since the 2008 economic decline, there has been a sharp rise in crimes by employees and third parties. Fueled by the fear of unemployment, workers are fighting back against their employers. They’re more likely to take what they feel they deserve because of the work they’ve done for their company over the years. Not surprisingly, many companies are taking a closer look at risk controls to cut unnecessary costs and uncovering theft issues that may have been undetected in the past.

The majority of people who commit these crimes are not professional criminals. Rather, they’re in a financial  bind and tend to rationalize such behavior as borrowing the money until they can pay it back.

Small businesses must take all necessary precautions to prevent employee theft and fraud. To this, they must address the fraud risks or their policy limits to adjust for the related losses. Only one in four private companies buys crime insurance. Stand alone crime policies are better than crime coverage added to Business Owners Policies (BOPs).

One way to determine an appropriate crime limit is to assume 5 percent of the company’s revenue will be the cost of fraud, and include that amount in the limit. Another way is to use organizations like Advisen that can evaluate a client’s cash flow, number of employees and business locations, employee turnover rates, and effectiveness to its internal risk controls.

Risk controls to minimize employee fraud:

  • Use prenumbered checks typed or numbers written in permanent ink
  • Be aware of employees who object strongly to new policies concerning financial, inventory, or supply matters
  • Employees with duties that  include check preparation or distribution should not reconcile the bank checking account
  • Improve background checks of job applicants
  • Separate receiving, store keeping, and shipping functions. Complete physical inventories annually and assign them to an individual who is not responsible for inventory records.
  • Be aware of employees who exhibit signs of compulsive gambling, persistent borrowing, or repeated requests for salary advances.
  • Separate mail opening and posting functions
  • Record checks and cash in appropriate registers and stamp checks for deposit only
  • Be aware of employees who suddenly want to work late

Source: Russ Banham, Independent Agent

5.00 avg. rating (87% score) - 1 vote
Categories: Crime, Risk Management, Small Business, Technology, Theft
Cyber Liability Insurance

Insider hacking poses huge cyber risk

Insiders account for most cyber theft losses

Outside hackers, whether domestic or part of criminal gangs in Eastern Europe and Asia, get most of the media attention. However, a bigger cyber risk is inside jobs by a company’s own employees. These crimes account for 70 percent of all security incidents that result in losses, according to some sources.

This is known as authorized access for unauthorized use.

Disgruntled or simply dishonest employees, independent contractors, or employees of independent contractors may steal confidential information such as credit card numbers, bank account information, or proprietary information such as trade secrets or intellectual property.

Most Cyber Liability policies only cover unauthorized access by outsiders. Make sure that your policy also covers authorized access for unauthorized reasons.

For a assistance determining your coverage needs, please call us at 800-622-7370

 

Source: Do You Need Coverage For Cyber Risks? The John Liner Letter, Vol. 43, No. 7, June 2006.

 

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability

Risks in Our Digital Information Economy

Defending digital assets against cyber crime

Anyone with access to a computer, tablet or smart phone can buy goods online, pay electronically and request information from corporate networks. Business websites that don’t have proper management and security systems in place provide entryways to the valuable information they have amassed.

 The data companies spend years gathering is a valuable business asset – and even a small gap in security can pose a huge risk. Cyber criminals waste no time figuring out new ways of exploiting weaknesses in the technologies that businesses spend billions of dollars on to stay ahead in the e-commerce world.

 E-criminals

 Tech-savvy criminals recognize the value of digital information and look for ways to steal it. They commit their crimes by exploiting security hiccups in corporate systems or by using malicious code to infiltrate computer networks. Smart phone and wireless technologies are being utilized by wider numbers of people, presenting increasingly tempting targets. What were once attacks on operating systems are now attacks on apps, database software, and even antivirus programs. Their motivation is simple: go where the money is. The confidential information these business amass provide a nearly infinite source of illicit profits for e-criminals.

Malware

One tactic e-criminals take is to leave behind bits of code called Trojan horses that track the keystrokes of the user to steal passwords, social security numbers, credit card numbers and other confidential information. Criminals are also able to control the systems of huge groups of personal computers by infecting them with malware. They cover their tracks by using thousands of personal computers to launch such attacks. Once discovered and shut down, they simply move on to another group of computers.

These threats are major concerns for both businesses and consumers. Companies that depend on the Internet for their livelihood can be devastated by attacks that shut down their web sites. Companies depending on seasonal sales can’t afford a malfunction or shutdown at the wrong time, as evidenced in the Target hack during the 2013 Christmas season. Such security breaches can result in huge financial losses in damage repair and lost business from gun-shy from consumers and clients.

 What businesses can do

A Technology Insurance policy costs almost nothing in comparison to the financial devastation from which it will protect your business.Seven out of 10 small businesses that experience a major data breach fail within one year. Don’t let that happen to you.

Call us at 800-622-7370 so we can help you assess your level of risk. In just minutes you’ll learn how our affordable Cyber Risk Insurance can protect your business from e-criminals and loss of property.

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability, Tech Insurance

Escalating threats from digital exposure

Vigilance required to combat ever-emerging risks

News broke of what is currently the biggest collection of stolen digital information to date. As more and more industries and businesses become more information-based, the information value and ease with which it is transmitted creates new risks. Criminals apparently never lack for creative ways to turn stolen data into profits, finding increasingly sophisticated ways to collect personal and proprietary information from corporate networks.

Fallout from stolen information

Failure to adequately protect sensitive information can result not only in lost sales and customers, but in claims and lawsuits for the losses sustained by customers and the general public. Fears about privacy and identity theft have resulted in state and federal legislation regarding the collection, management and protection of sensitive data. These new regulations have had a significant impact on businesses, which now face heavy fines and lawsuits in the event of security failures. Businesses also risk damage to their reputations because of laws requiring require them to publicize such breaches.

Realize the value of your information

Criminals look at corporate websites as gateways to massive information from which they can profit. While businesses spend billions of dollars to strengthen their security, criminals stay one step ahead, developing new methods of attack. Companies spend years, or even decades, gathering data. This data is an extremely valuable asset that must be protected. Businesses can no longer depend on traditional insurance policies to protect against technology risks. Most insurers exclude electronic theft from their standard policy forms. To deal with these risks, businesses need coverages specifically aimed at the inherent risks of our digital economy.

In upcoming articles I will discusses the vulnerable areas that require diligent attention by business owners, tips for improving security, and what the insurance industry is doing to help protect against these ever-evolving risks.

If you would like assistance in assessing coverage to protect your business or have questions regarding your current coverage, please call us at 800-622-7370

0.00 avg. rating (0% score) - 0 votes
Categories: Breach Of Security, Crime, Loss Control, Risk Management, Theft