Learn How Scammers Get Your Social Security Number

Knowing their secrets can help you trip them up

I came across an excellent article that explains how easy it is for scammers to decode your social security number.  I’ve always wondered how they did this.

Carnegie Mellon University researchers found that only two pieces of information are needed to guess SSNs. A recent study published in the Proceedings of the National Academy of Sciences implies that knowledge of your hometown and your birth date allows scammers to discover most, if not all, of the nine digits of your social security number.

For $50, your SSN can be bought from dozens of websites used by private investigators, businesses conducting credit checks, and savvy scammers who know your name, birth date, and current address. And if the scammer doesn’t have your birth place and date information, it’s easy to find.   “There are many websites and database where one can access the birth dates of thousands of people easily and cheaply,” said Alessandor Acquisti, the study’s lead researcher.

Public databases and voter registration lists include the information scammers want.  Over the years, the first three digits of the SSN designate an area number.   The fourth and fifth are a group number and the last four digits, which are more difficult to guess, are issued sequentially depending on how long the social security application took to process.

Today’s highest risk group for decoding are those born since 1988 because that is the year the Social Security Administration began to order SSNs for newborns and older children who did not already have a SSN.  The SSA now has a more arbitrarily process of assigning SSNs.

For those who use social networking websites such as Facebook and Twitter or have online accounts, here are four easy ways to help prevent potential problems:

  • Do not use your birth date or any part of your SSN as a password.
  • Do not post any personal information such as your birth date, hometown and location of your high school.
  • When posting obituaries of loved ones, exclude hometowns and other personal information, as the deceased are frequent targets.
  • Stay away from online security questions that ask for your hometown.

Source:  Sid Kirchheimer   AARPBULLETINtoday

1.00 avg. rating (47% score) - 1 vote
Categories: Crime, Identity Theft, Technology

Hackers Cash-in on retailers’ peak season

Companies letting their guard down at just the right time for just the wrong reason

Many people like to take time off from the office around New Year’s, but the holidays are simply not the time for companies to let Cyber attacktheir guards down. A security breach can devastate a business and easily cost much more than a few dozen sales.

While people are out shopping the end-of-year sales, taking vacations and celebrating, hackers are taking advantage of corporate downtime. The susceptibility stems from companies being lax in changing website and mobile app codes.  That’s because companies may fear that their systems would break during peak traffic with many programmers on vacation, said John Kindervag of Forrester Research.

Hacker heydays

Hackers caught onto this yearly security gap long ago. By allowing themselves to go less protected, many companies have created the optimal climate for cyber criminals to enjoy a peak season of their own.

Some of the companies involved in the recent data-security breaches are Skype (Microsoft Corporation), Snapchat, Inc. and the discount retailer Target Corporation.

As 2013 drew to a close, criminals targeted a wide-range of companies across the U.S. The personal data and confidential information of their customers leaves millions of Americans vulnerable to identity theft and crimes. Such breaches cost these businesses many millions of dollars last year in legal settlements. Companies spent 5.1 percent of their information-technology budgets on security in 2013, up from 4.7 percent the previous year, according to research conducted by Gartner.

The highly publicized Target data-security breach last December affected more than 40million credit and debit card customers during the busiest time of year. The fallout of the incident includes the loss of many loyal customers and damaged consumer confidence.

The best defense is a good offense

Industry insiders recommend companies increase their defenses during the busiest season and be on high alert during the holidays. Businesses of all sizes can protect themselves and their customers from cyber crime by

  • staggering IT department vacation days for uninterrupted technical support coverage
  • stepping up data-security efforts during busy periods
  • ensuring security measures remain consistent
  • promoting cyber-risk awareness
  • educating staff on risks and ways to help prevent them.

Of course cyber hacking is a 365-day operation. To outmatch cyber-criminals 24/7, a stringent year-long approach to security should be in place.

Please visit Cyber Risk Insurance for more information on preventing hacking or Cyber Risk insurance.

Source: Sarah Frier and Peter Burrows, “Companies More Vulnerable,” insurancejournal.com, 03 Jan. 2014.

0.00 avg. rating (0% score) - 0 votes
Categories: Breach Of Security, Cyber Liability, Identity Theft

Why Cyber Criminals Intentionally Target Small Businesses

Risk management controls are essential

Cyber attacks on small businesses with less than 250 employees have tripled since 2011, according to Symantec’s 2013 Internet Small business hackerSecurity Threat Report. The reasons that small businesses are becoming more popular with cyber criminals are simple:

Compared to larger businesses, smaller businesses have limited or no cyber risk management controls and usually don’t have a dedicated risk manager.

New cyber thieves use small businesses as a training ground to prepare for later attacks on larger businesses. Furthermore, smaller businesses often grow through mergers and acquisitions and are frequently connected to larger businesses.

Taking on small businesses allows cyber criminals to avoid undue media attention.

Many smaller companies have valuable intellectual property, such as trade secrets.

The purchase of Cyber Risk policies is starting to pick up steam in the small business community. Many General Liability carriers are now offering Cyber Risk endorsements for as little as $500.

 

Source: Elisabeth Boone, “Cyber Liability: Small Business, Big Exposure,” Rough Notes Magazine, August, 2013.

4.00 avg. rating (77% score) - 1 vote
Categories: Breach Of Security, Cyber Liability, Identity Theft

Are Third-Party Apps a Threat to Your Business?

Not all apps are created equal

More and more businesses have been allowing employees to use their personal mobile devices as a primary means of communication in the workplace.  The increased usage of employee-owned smartphones, though convenient, can also pose a 3rd Party App risksserious risk to security; questions may also arise concerning the control and ownership of company data.   It is important for your business to establish strict guidelines for the use of personal mobile devices in the workplace. For example, there should be a clause in company policy allowing for the remote wiping of mobile devices upon termination of employment. Further, company data should be kept separate from personal data, and the use of third-party applications should be kept to a minimum.

 Third-Party Threat

With the recent phenomenon of mobile mass storage devices, keeping your company’s confidential information private has become increasingly difficult. Where there was once an established perimeter protecting businesses from outside threats, there is now increased exposure. This is the price we pay for on-demand data access.How can you limit your exposure? As stated above, by establishing guidelines.It has been estimated that in 2013 alone, over 70 billion apps will be downloaded, and with them, the potential for malware and tracking software. For this reason, it is important that your employees be aware the effect their personal data habits have on the company information stored on their phones.

The Blacklist

Not all apps are created equal, and some are potentially more dangerous than others. Fiberlink Communications is a mobile device management firm that manages over 2 million devices for businesses around the world. Using their vast wealth of experience, they have compiled the top 10 blacklisted apps for both iOS and Android devices.

iOS

  • Angry Birds
  • Facebook
  • Google Drive
  • Dropbox
  • SugarSync
  • Pandora
  • SkyDrive
  • HOCCER
  • BoxNet

Android

  • Facebook
  • Netflix
  • DropBox
  • Angry Birds
  • SugarSync
  • Google+
  • Google Play Movies & TV
  • Google Play Books
  • Google Play Music
  • Google+ Hangouts

Source – Judy Greenwald: Personal Mobile Devices Raise Security Concerns Among Employers

5.00 avg. rating (87% score) - 1 vote
Categories: Cyber Liability, Identity Theft, Risk Management

Is your Smart Phone a Financial Business Risk?

Managing the risks of using a mobile device for work makes you smart

We use our smart phones more than ever these days. We virtually run our companies from them, play games, watch movies, take security breachpictures, and even make phone calls with them. It’s no surprise that the versatility and conveniences of these handy devices have opened up new avenues for cyber criminals to exploit our personal information.

Financial risks

Having confidential information stolen from your smart phone is a serious risk.  It can lead to breaches in your social network, bank accounts, and client information. Not only is this bad for individuals, but for a business it can be expensive to repair the damage. It is costly to notify contacts of the breach then rebuild the company’s image to regain customer trust. Below are tips we offer to protect the information on your smart phone.

Protecting your business phone is easy

Always make sure you are downloading apps from a reputable source. Apps found online and in the Android marketplace have not been screened for malware and can open the door to cyber thieves.

Review the customer reviews before downloading any app onto your phone. It sounds basic but could save you time and money in the long run.

Be aware when an app asks for permissions during the uploading process. Now we know this one is getting harder to avoid with every app wanting to connect to social platforms or asking for access to your phone’s hard drive. If you follow the key points above you should be safe but there are no guarantees.

Safe phone browsing habits

These next points are  good to remember when browsing from your laptop or your phone. It might be a good idea to go over a few of these principles with employees to make sure the phones they are using for work don’t expose your company to hackers.

  • SMS or VM Phishing: If you get a questionable text message or voice mail, call the company back directly and verify with them before handing over important information.
  • Password Guard: If your smart phone is stolen or lost, it’s easy for someone to get access to your social media logins or even bank information. Keep your phone password protected.
  • VPN Entree: If you’re using your smart phone to access a corporate network, use SSL VPN to connectito secure the session. This keeps the corporate information safe from prying eyes.
  • Wi-Fi Hotspot Security:  Never connect to any password-protected sites such as social media, banks, or PayPals while using an unsecured or free Wi-Fi hotspot. Doing so is just asking for your personal information to be stolen.
  • Utilize Security Apps: Think of the software you download to protect your computer, there are similar options for your phone. Use them to keep your phone safer.
  • Update: It seems simple, but update your apps and keep your software current.

Now that you know how to better protect your personal information on your smart phone, pass it on. Share this with your employees and colleagues to make sure they are also protected against cellular cyber theft.

Source: “The Art of Securing Mobile Devices,” by Troy Gill, GPEN, Rough Notes, Pg. 44,46
5.00 avg. rating (87% score) - 1 vote
Categories: Breach Of Security, Cyber Liability, Identity Theft, Risk Management

SC Department of Revenue Hacking: A Second Look

Lessons in Internet security for businesses

Cyber liabiliity insuranceFollowing the criminal hacking of South Carolina taxpayers’ information, businesses are asking what they have to do to protect themselves from hackers.  While most organizations have network security that include firewalls, that may no longer be adequate; an experienced hacker can break through a firewall fairly easily. More security, knowing who is vulnerable to hacking and how the hackers operate can help.

Know your areas of vulnerability

What can you do to beef up your security to protect against these crimes?

First, be scrupulous about monitoring Internet security, remembering that compliance is NOT synonymous with security.  Just because you may be in compliance with requirements for security measures, doesn’t mean you have any real security in place.  Most organized crime hackers are ahead of of the game.  These criminals target business and government, both of which are vulnerable to being hacked, especially since hacking into business and government is a  priority of cyber criminals.

Second, all computer information needs to be closely monitored to keep the hackers from using employees to access private information through emails, social networks, passwords, etc.

Taking preventing steps to protect your business

While nothing in cyberspace is foolproof, taking certain measures to improve company security can make a difference in the constant battle to protect secure, sensitive information from hackers. Money spent to beef up security is a worthwhile expense.  Having someone onsite who is in charge is imperative for protection from hackers. We recommend businesses take the following steps:

  • Improve internal and physical security (cloud servers, vendors, and the company’s own sites)
  • Plan defense measures in the event of a hack
  • Rapid detection  (South Carolina’s delay in discovery and notification was detrimental)
  • Careful monitoring of employees and systems
  • Contract a security provider

Of course, Cyber Risk insurance is a critical part of the equation in protecting any governmental entity or private business against cyber crime.

If you are hacked, timing is critical.   The incident in South Carolina illustrates that point. The time between when the actual hacking took place to when notification was made was due in part to the state’s inability to discover the hacking themselves—the Secret Service made the discovery.

Source: “Protect Data from Lurkers and Hackers,” COLUMBIABUSINESSMONTHLY.COM, December 2012.

 

5.00 avg. rating (87% score) - 1 vote
Categories: Breach Of Security, Cyber Liability, Identity Theft