Intersections’ Consumer Security Adviser Neal O’Farrell writes today about a dangerous new banking Trojan that has recently been making the rounds. It’s called “SpyEye” and it is causing all sorts of trouble. In today’s article, Neal provides some important tips on how to protect yourself, and your bank account from this nasty threat.

A few years ago I started warning about a dangerous new type of malware known as a banker or banking Trojan, with names like Clampi and Zeus. Banking Trojans were such a threat because they were very good at what they were designed to do – sneak on to your computer, bypass security, steal your passwords, log in to your bank accounts and empty them. Within a matter of months the FBI estimated that these Trojans had stolen hundreds of millions of dollars from victims across America.

Security researchers recently discovered a very dangerous new form of this Trojan that has financial institutions very worried. The Trojan is called SpyEye and has also been around for a few years – most researchers believe SpyEye is just a reincarnation of the dreaded Zeus Trojan.

In the new version, the Trojan is able to manipulate your transactions history so that if you were to check in on your bank account and look at things like transactions and balances, everything would look OK. That’s because the Trojan is able to erase its tracks and hide any changes it makes in your account – like transferring all your money to another account. This is a very worrying development because in many cases, checking your statements is the only defense you may have against such scams.

Because the attack presents the doctored statements to your browser, it would not be able to hide the attack if you were to access your bank account from another computer or an ATM. And of course the scam would be obvious in a paper statement. But, as experts point, finding out about the attack when your statement arrives thirty days later may be way to late to stop thieves from emptying your account.

In an interview with MSNBC, Amit Klein, one of the security experts who discovered the new threat cautioned “My take is that if your computer is infected with financial malware, it’s game over anyway. My takeaway is you need to prevent getting infected with financial malware in the first place.”

Because SpyEye variants are constantly changing to evade virus detection, it can sometimes take virus companies weeks to push out a virus signature to your computer. If SpyEye manages to infect your computer during that window, you may be out of luck.

In 2005, almost half of new malicious codes were Trojans, according to Panda Security. By the end of 2010, Trojans made up more than 70% of new malware.

There are believed to be thousands of varieties of banking Trojans in circulation, and some can be purchased as complete ready-to-go kits for as little as a few hundred dollars.

Most Trojans will infect computers by using spam with infected email attachments, or by infecting web sites which in turn will infect unprotected computers visiting those sites – known as “drive by” infections.

Here are some things you can do to protect yourself:

• Scan all your personal and business computers, either using your existing anti-virus software or using any of the free scanning services listed on our web site.

• Be very careful in the web sites you visit and consider using one of the many free web site verification tools, like Trusteer, that can help identify infected web sites before you click on them.

• Layer every computer with the best virus and spyware protection available and update it constantly. But be aware that having the latest anti-malware protection in place is no guarantee that you’ll be able to prevent or detect an infection.

• Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches and updates as soon as they become available.

• Avoid opening email attachments or clicking on links in emails unless you’re able to verify the email is legitimate, and be careful about visiting web sites you’re not familiar with.

• Teach all family members or employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar.

• Set up account alerts to notify you of any transactions or changes in account balances, and work with your bank to see if there are additional layers of authentication they can use to prevent or alert you to unauthorized transfers.

• Spread your funds between a number of accounts and limit the number of users on each account.

• Change your passwords regularly, make them tough to guess, and protect them well.

• Use keylogger protection to help hide your passwords and protect them from snoops.

• Consider using just one computer for online banking, and make sure that computer is highly secure and ideally not used for email or any other Internet connected activity.

• Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.

• Check your paper statements as soon as you get them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

It’s that time of the year when we get to polish our crystal ball and take a look at what might happen in 2012. Intersections’ Consumer Security Adviser and master predictor of all things security Neal O’Farrell, dusts off his magic wand, adjusts his turban and takes a peek into the future with his 2012 security predictions.

Christmas is a time for tradition, and in the security world one of those traditions is predicting what’s in store for us next year from hackers, scammers and all the other things that go bump on the net.

Perhaps the best way to summarize next year’s threats is more of the same, and here are just a few of my predictions:

• More friends and family fraud, as continued economic hard times force otherwise honest individuals to exploit family credit to pay bills.

• An increase in existing account fraud as financial institutions get better at preventing new account fraud and force thieves to focus on low hanging fruit.

• An increase in child identity theft as thieves become more aware of how hard it is to stop it, and a similar increase in elder financial exploitation as social services for the elderly are cut back.

• An increase in skimming, especially in supermarkets, as thieves rush to take advantage of this vulnerability before chip-and-pin is more widely adopted and makes skimming more difficult.

• A shift from street-level drug dealing to identity theft. This is a worrying trend because it could fuel the growth in identity theft for another decade. The recent Operation Rainmaker in Florida, where local drug dealers joined forces to learn about identity theft and defraud the IRS out of more than $130 million using stolen identities, is a perfect example of this trend.

• A growth in super thieves – low level thieves, like those involved in mail theft or check washing – who are never arrested or investigated, stay off law enforcement’s radar, and only become better, more sophisticated, and able to steal larger amounts without being caught. They take advantage of the fact that law enforcement has largely given up on identity theft.

• An increase in attacks against small businesses because of the wealth of identity information they possess with little protection.

• An increase in tax-related identity theft, as crooks realize how lax IRS security controls are and how easy it is to get a refund using a stolen or “deceased” identity.

• An increase in identity theft malware especially banking Trojans, keyloggers, and Android malware.

• An increase in legislation to protect consumers, and especially data breach legislation.

• Lots of opportunities for hackers to poison search results and take advantage of some big events next year, especially the 2012 Olympic Games starting in July in London, and of course the Presidential election. Both events will provide hackers and scammers with endless opportunities to trick unwary users into falling for some scam or another.

• More hactivisim, but much of it by copycat hackers rather than by the original Anonymous or Lulz crew.

• More infrastructure attacks, targeted at everything from power stations to water treatment plants. Most of the attacks will be probes to test the resilience of these systems to attack.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell examines the issue of bank security. Are you safer with a small credit union or community bank? That’s a question that’s increasingly being asked by consumers around the country who are considering moving their bank accounts from a large bank to a smaller credit union or community bank.

According to a recent article in CUInfosecurity.com, risk is the top concern as consumers consider moving their accounts from larger banks to credit unions or community banks. The article points out that at least 650,000 Americans have switched to credit unions since Sept. 29, 54 percent of credit unions have reported increases in share growth, and one of the largest credit unions said its new members and checking-account openings are up 70 percent for the months of September and October.

And credit unions aren’t alone. The same article pointed to a recent poll by the Independent Community Bankers of America which found that 60 percent of community banks had picked up new customers as a result of frustrations associated with larger banks.

If you are thinking of switching from a larger financial institution, or from a bank to a credit union, security should always be a concern. Once you’ve done a side-by-side comparison on key features like account fees and features, loan and credit card interest rates, ATMs locations and fees, and customer service, it’s time to think about security.

There is a concern that many smaller financial institutions are still struggling financially, and may not have enough of a security budget to match that of a larger institution. And if they’re lucky enough to be swamped by new customers, will their security budget and preparedness be able to keep pace?

Those are the most common security questions. Can a credit union really protect me – not just my money but all my personal information too? How good and quick are they at detecting a security breach and notifying me? How quickly can they resolve a security issue or fraud? And will my money be any safer there than at a large bank?

Credit unions have long argued that history shows they suffer from fewer attacks than larger banks. Experts on the other hand have argued that’s only because of their small size. It’s like the Windows vs. Apple argument – Apple users claim Apple products have suffered from fewer attacks because they have better security built in, whereas experts argue it’s just about economics. Hackers and malware writers simply ignored Apple for years because it had so few users compared to Microsoft. Writing code to target Apple products just wasn’t economically viable – just not worth the time.

But as the popularity of Apple products has surged, thanks to iPhone and iPad, we suddenly started to see “Mac Malware” emerge and the malware authors just followed the crowds.

That’s what I expect if there’s a major shift from larger banks to smaller and more local banks and credit unions. The hackers will follow the crowds and I’m just not sure that smaller financial institutions are prepared for the risk exposure. Many are still struggling financially and have not been able to make the enormous and endless security investments the bigger banks have been making.

My recommendation? Before you make the big jump, talk to the financial institution you’re thinking about jumping to. Create a list of the security features you may already enjoy, like two (or more) factor authentication, phishing and keylogging protection, account alerts etc. Then compare that to the security features being offered by your new home. At least with a smaller financial institution you’re more likely to be able to meet a real person and get some real answers.

And make the move slowly, by opening up an account with credit union or bank but keeping your original bank account open for a while. At least until you’ve had time to test your new surroundings.

I think credit unions and community banks should also raise the security discussion themselves. Larger banks are notorious about staying tight lipped when it comes to security, worried that the more they talk about things like identity theft, the more their customers will worry. Whereas the opposite is probably true – talk more and customers worry less, because they know the bank is taking it seriously. Talk less and customers have a right to worry more, if the only people who don’t seem to be worried about security are the ones who should be worried most.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell asks the question “is the economy helping cybercriminals?” Read on to find the answer!

A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.

Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.

That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.

And if you don’t believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.

The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.

Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.

On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it’s believed that more than half of all PCs are infected by malware.

And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.

According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign. According to Sophos, the email questionnaire asked for:

• Social Security Number
• Card number
• Card expiration
• CVV
• ATM PIN
• First, Middle and Last name
• Email (ironically they mailed you the form)
• Address
• Mother’s maiden name
• Place of birth
• Birthday

And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.

The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they’re cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.

Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they’re deliberately overloading businesses and consumers with so many attacks, something has to give.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

There are news reports almost daily about how hackers are able to gain access to the bank accounts of innocent victims and rip off thousands and thousands of dollars. In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell explains what you need to do to keep your hard-earned money out of the hands of hackers and criminals. A must read!.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell joins us today with a fascinating look at hackers, hacktivism, and hacker collectives. Read on and enjoy!

As notorious hacker collective Lulz Security claims to be sailing off into the sunset, pursued and taunted by other hacker groups like the A-Team and Web Ninjas, many are wondering who will fire the next salvo in the hacker wars and who will be the next casualty.

And while many were surprised at how quickly Lulz appeared and disappeared, hacker collectives and hacktivists have been living, working, and hacking amongst us for nearly two decades. It’s now nearly ten years since I gave a hacker from notorious hacker collective Cult of the Dead Cow a plane ticket to attend the DEFCON hacker conference in Las Vegas and report back on his thoughts about the differences in thinking and culture between hackers and security professionals – at least those hired to protect.

Cult of the Dead Cow, also known as cDc, is credited with coining the word hacktivism. I was writing at the time for a publication called SearchSecurity.com and working on a story that compared the security skills of hackers to those of the security professional being paid to protect us.

cDc may have been the birthplace of the hacker collective, and that birthplace was a slaughterhouse in Texas in the mid-1980s. cDc eventually launched the careers of many of the world’s most famous and competent hackers, who interestingly enough eventually became some of the most respected and respectable security industry executives.

cDc had a simple goal and slogan at the time – Global Domination Through Media Saturation – and its activities ranged from hacking the Church of Scientology to distributing their own music. OK, they did a lot worse than that but we have only so much space.

Like many hacker collectives, cDc either spawned or embraced a number of other hacking groups, and some of its members went on to create other, equally notorious hacking groups.

For example, cDc hacker Mudge later launched L0pht, another high profile hacking collective active in the 1990s. Unlike many of today’s hackers, L0pht members were pretty much out in the open and even had their own Boston headquarters they hung out in. They famously testified before Congress that if they really wanted to they could take down the entire internet in less than 30 minutes.

And where are they now? Surprisingly legitimate and well respected. L0pht eventually merged with a security consultancy @stake which was later purchased by security firm Symantec. L0pht hacker “Weld Pond” is now Chief Technology Officer of respected security company. “Kingpin,” whose real name is Joe Grand, now lives in San Francisco and hosted the Prototype This program on the Discovery Channel.

And whatever happened to Mudge? His real name is Peiter Zatko, who later went on to serve as an adviser to President Bill Clinton on cyber security and now works for the U.S. Department of Defense Advanced Research Projects Agency (DARPA).

I’ve always maintained that most security professionals can easily be outsmarted by good or even average hackers. It’s not about competence, it’s more about culture. Hackers by their nature are usually more inquisitive and creative, less worried about failing, and of course don’t have corporate security rules or federal guidelines holding them back.

Will we ever see members of Lulz or Anonymous give up their rebellious ways and use their obvious security skills to protect the greater good? Will we ever see one of these hackers emerge as the head of security for a major corporation, the kind of security head these hacktivists say they despise?

Probably.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Unfortunately, there is a lot of consumer apathy about the topic of identity theft and credit fraud. So, Neal O’Farrell, Intersections’ Consumer Security Adviser is back today with his ten tips that are guaranteed to make you an easy mark for identity theft.

Continue to believe that it can’t happen to you

Apathy is the biggest enemy, whether it’s towards your health, wealth, or security. If you don’t take security seriously, refuse to accept that you could fall victim to identity theft, and fail to take responsibility for your own security, you stand a much greater chance of being victimized.

Assume zero liability means you have nothing to lose

Zero liability has given many consumers a very false sense of security, and the belief that if identity theft costs them nothing, they have nothing to worry about. But zero liability does not mean zero risk, zero responsibility, or zero loss. Zero liability won’t cover your costs, the emotional harm, time off work, or damage to your credit.

And just because your bank or credit card company says you won’t be on the hook for credit fraud losses, that doesn’t mean you won’t fall victim and face losses. Zero liability can be discretionary, and in many cases financial institutions can take weeks and often months before they return any lost funds or wipe away any debts. And when it comes to compromised bank accounts, small business owners don’t enjoy zero liability at all.

Don’t monitor your credit, or watch it constantly

If you’re not watching you credit reports like a hawk, you’re unlikely to spot the tell-tale signs that someone is trying to steal your identity. It could start with a number of applications for new credit, which can be accepted or declined. A determined thief will keep trying, and if you are not watchful, a simple fraud attempt could easily turn into a more serious identity theft.

Surf where and how you like

So many identity thefts are now being triggered by malware that lies in wait on infected web sites. With so many legitimate web sites are now believed to be infected with malware, you need to be ultra cautious where you surf, what you click on, and what you download. If you don’t, you increase the chance that very nasty malware will work its way on to your computer, steal your information, and hijack your identity.

Talk too much, especially on Facebook

Another sure-fire way to lose your identity is blabbing too much. Facebook has become a haven for identity thieves looking for all that personal information that they need to steal your identity and that you might be giving away free. Things like family background and history (your mother’s maiden name), where you were born, where you went to school, where you work and worked, and your date of birth – all of immense value to thieves. Here’s a great article to help keep you safe – Ten Privacy Settings Every Facebook User Should Know.

Get careless with your password

A number of recent high profile attacks have exposed a number of things we’ve known all along – that most users still use very weak and easy to crack passwords, and they use the same passwords for multiple web sites. So if a hacker gets your password in an attack on one site, they could do a lot more damage.

Trust too much, especially when it comes to email

Phishing continues to be a major threat, and getting more sophisticated every day. If you’re not aware of what phishing is, can’t recognize the tell-tale signs of a phishing attempt, and don’t know how to respond (or not respond), you stand a much greater chance of being hooked by “phishy” bait. If you aren’t sure, the Anti-Phishing Working Group has compiled a list of recommendations to help you avoid this type of scam.

Don’t properly protect your credit cards and accounts

Just like with your credit reports, if you’re not watching your bank account and credit card statements constantly and carefully, you won’t spot any signs that your account is being tapped or dripped, or those small test transactions thieves will often use to test your vigilance before launching a major assault.

Don’t manage your personal information properly

A very easy way to fall victim to identity theft is to not protect your paperwork and possessions. That includes hiding personal documentation in the home (especially financial statements, tax returns, and anything with your Social Security number on it), protecting personal documents at work or when travelling, and not protecting your mail.

Don’t Think Security First

The key to staying off the radar and out of the traps of thieves is to think security first. That means constant vigilance – don’t worry, it eventually becomes second nature – so that you think about security before you click on an attachment and not afterwards, think about security before you create or use a password, think about checking your credit reports before you find out there’s something wrong, and so on.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield welcomes back Intersections’ Consumer Security Advisor Neal O’Farrell. Today, Neal writes about the disturbing uptick in cybercrime.

Every three months or so, security firm McAfee shares with the world all the trends uncovered and identified by its research labs.

The quarterly results rarely offer any good news, and unfortunately the first three months of 2011 are off to a very troubling start. Unless you’re a cybercriminal.

We went through McAfee’s most recent quarterly threat review and identified a dozen worrying trends you might want to be aware of:

1. There appeared to be a significant reduction in spam although research shows that many others are waiting in the wings to take its place. McAfee worries that the reduction is just as a result of a pause by global cyber gangs as they retool and upgrade their attacks.

2. Historically, Android has been ranked as the third most targeted mobile platform, but in the last three months it has jumped to the number 2 spot overall for mobile malware.

3. Mobile malware will continue to evolve in sophistication and functionality and at a much faster rate than the development of PC-based malware. Criminals are now using everything they’ve learned in developing PC-based malware and quickly adapting those lessons to anything mobile.

4. Hacktivism may be on the rise again, as exhibited by a number of high profile hacks like the Sony PlayStation Network, the Wikileaks saga, and the uprisings around the Arab world.

5. Malware just posted its busiest quarter in history. McAfee Labs identified more than six million unique types of malware in the last twelve weeks, the busiest quarter on record, and adding up to about 75 million different types of malware expected by the end of this year.

6. Fake anti-virus software seems to be on the rise again and password-stealing Trojans are demonstrating a consistent level of activity.

7. Search-term manipulation continues, with criminals talking advantage of vulnerabilities in search rankings to lead users to malicious sites. McAfee found that 49% of the daily search terms in the top 100 results lead to some kind of malicious web site.

8. McAfee identified a new password-stealing Trojan every day of the quarter.

9. Banking stealing Trojans are now commonly being delivered by phishing emails, from UPS and FedEx, the IRS and NACHA.

10. McAfee identified an average of 8,600 new infected web sites every single day during the first three months of the year.

11. Over the last three months, McAfee uncovered an average of 2,500 new phishing sites every day. The most common brands used in phishing emails included Wells Fargo and Paypal.

12. The malicious exploit of Adobe products (more than 36,000 this quarter) topped the number of malicious exploits of Microsoft Office products by a wide margin.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.