It’s that time of the year when we get to polish our crystal ball and take a look at what might happen in 2012. Intersections’ Consumer Security Adviser and master predictor of all things security Neal O’Farrell, dusts off his magic wand, adjusts his turban and takes a peek into the future with his 2012 security predictions.

Christmas is a time for tradition, and in the security world one of those traditions is predicting what’s in store for us next year from hackers, scammers and all the other things that go bump on the net.

Perhaps the best way to summarize next year’s threats is more of the same, and here are just a few of my predictions:

• More friends and family fraud, as continued economic hard times force otherwise honest individuals to exploit family credit to pay bills.

• An increase in existing account fraud as financial institutions get better at preventing new account fraud and force thieves to focus on low hanging fruit.

• An increase in child identity theft as thieves become more aware of how hard it is to stop it, and a similar increase in elder financial exploitation as social services for the elderly are cut back.

• An increase in skimming, especially in supermarkets, as thieves rush to take advantage of this vulnerability before chip-and-pin is more widely adopted and makes skimming more difficult.

• A shift from street-level drug dealing to identity theft. This is a worrying trend because it could fuel the growth in identity theft for another decade. The recent Operation Rainmaker in Florida, where local drug dealers joined forces to learn about identity theft and defraud the IRS out of more than $130 million using stolen identities, is a perfect example of this trend.

• A growth in super thieves – low level thieves, like those involved in mail theft or check washing – who are never arrested or investigated, stay off law enforcement’s radar, and only become better, more sophisticated, and able to steal larger amounts without being caught. They take advantage of the fact that law enforcement has largely given up on identity theft.

• An increase in attacks against small businesses because of the wealth of identity information they possess with little protection.

• An increase in tax-related identity theft, as crooks realize how lax IRS security controls are and how easy it is to get a refund using a stolen or “deceased” identity.

• An increase in identity theft malware especially banking Trojans, keyloggers, and Android malware.

• An increase in legislation to protect consumers, and especially data breach legislation.

• Lots of opportunities for hackers to poison search results and take advantage of some big events next year, especially the 2012 Olympic Games starting in July in London, and of course the Presidential election. Both events will provide hackers and scammers with endless opportunities to trick unwary users into falling for some scam or another.

• More hactivisim, but much of it by copycat hackers rather than by the original Anonymous or Lulz crew.

• More infrastructure attacks, targeted at everything from power stations to water treatment plants. Most of the attacks will be probes to test the resilience of these systems to attack.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Fox 5 News DC recently interviewed Intersections’ Vice President Joe Mason. The topic? How to avoid credit card skimming. Check out the video below for his expert advice.

Experts Provide Tips on Avoiding Credit Card Skimmers: MyFoxDC.com

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Unfortunately, there is a lot of consumer apathy about the topic of identity theft and credit fraud. So, Neal O’Farrell, Intersections’ Consumer Security Adviser is back today with his ten tips that are guaranteed to make you an easy mark for identity theft.

Continue to believe that it can’t happen to you

Apathy is the biggest enemy, whether it’s towards your health, wealth, or security. If you don’t take security seriously, refuse to accept that you could fall victim to identity theft, and fail to take responsibility for your own security, you stand a much greater chance of being victimized.

Assume zero liability means you have nothing to lose

Zero liability has given many consumers a very false sense of security, and the belief that if identity theft costs them nothing, they have nothing to worry about. But zero liability does not mean zero risk, zero responsibility, or zero loss. Zero liability won’t cover your costs, the emotional harm, time off work, or damage to your credit.

And just because your bank or credit card company says you won’t be on the hook for credit fraud losses, that doesn’t mean you won’t fall victim and face losses. Zero liability can be discretionary, and in many cases financial institutions can take weeks and often months before they return any lost funds or wipe away any debts. And when it comes to compromised bank accounts, small business owners don’t enjoy zero liability at all.

Don’t monitor your credit, or watch it constantly

If you’re not watching you credit reports like a hawk, you’re unlikely to spot the tell-tale signs that someone is trying to steal your identity. It could start with a number of applications for new credit, which can be accepted or declined. A determined thief will keep trying, and if you are not watchful, a simple fraud attempt could easily turn into a more serious identity theft.

Surf where and how you like

So many identity thefts are now being triggered by malware that lies in wait on infected web sites. With so many legitimate web sites are now believed to be infected with malware, you need to be ultra cautious where you surf, what you click on, and what you download. If you don’t, you increase the chance that very nasty malware will work its way on to your computer, steal your information, and hijack your identity.

Talk too much, especially on Facebook

Another sure-fire way to lose your identity is blabbing too much. Facebook has become a haven for identity thieves looking for all that personal information that they need to steal your identity and that you might be giving away free. Things like family background and history (your mother’s maiden name), where you were born, where you went to school, where you work and worked, and your date of birth – all of immense value to thieves. Here’s a great article to help keep you safe – Ten Privacy Settings Every Facebook User Should Know.

Get careless with your password

A number of recent high profile attacks have exposed a number of things we’ve known all along – that most users still use very weak and easy to crack passwords, and they use the same passwords for multiple web sites. So if a hacker gets your password in an attack on one site, they could do a lot more damage.

Trust too much, especially when it comes to email

Phishing continues to be a major threat, and getting more sophisticated every day. If you’re not aware of what phishing is, can’t recognize the tell-tale signs of a phishing attempt, and don’t know how to respond (or not respond), you stand a much greater chance of being hooked by “phishy” bait. If you aren’t sure, the Anti-Phishing Working Group has compiled a list of recommendations to help you avoid this type of scam.

Don’t properly protect your credit cards and accounts

Just like with your credit reports, if you’re not watching your bank account and credit card statements constantly and carefully, you won’t spot any signs that your account is being tapped or dripped, or those small test transactions thieves will often use to test your vigilance before launching a major assault.

Don’t manage your personal information properly

A very easy way to fall victim to identity theft is to not protect your paperwork and possessions. That includes hiding personal documentation in the home (especially financial statements, tax returns, and anything with your Social Security number on it), protecting personal documents at work or when travelling, and not protecting your mail.

Don’t Think Security First

The key to staying off the radar and out of the traps of thieves is to think security first. That means constant vigilance – don’t worry, it eventually becomes second nature – so that you think about security before you click on an attachment and not afterwards, think about security before you create or use a password, think about checking your credit reports before you find out there’s something wrong, and so on.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s edition of the Daily Shield, Intersections’ Consumer Security Advisor Neal O’Farrell outlines 10 things you need to know about gas pump skimming operations.

In case you hadn’t heard, gas pump skimming is on the rise and probably coming soon to a gas station near you. Skimming is where thieves replace the card reader on a gas pump or ATM with their own reader so that any time you use a card with a compromised reader, you’re handing everything on your card (and maybe even your pin too) to the thieves.
So in order to help you better understand the dangers, I’ve put together a list of things you might want to know about gas pump skimming. It’s not exhaustive, and it’s not scientific. The claims are not based on any particular studies or statistics, but rather on anecdotal evidence gathered by watching the crime blossom across the country over the last few years.

1. It’s almost impossible to detect because unlike ATM skimming, gas pump skimmers are hidden inside the pump.

2. It’s more likely to happen in warm states because the cold weather can affect the installation of the skimming devices.

3. It’s more likely to happen at busy gas stations, where employees don’t have time to watch every visitor or customer; and less likely to happen at 24-hour stations because it’s much easier for thieves to visit a closed gas station in the dead of night to install the skimmer.

4. It’s more likely to happen during the summer months because there are more people traveling on the roads, they’re too busy heading to their destination to pay enough attention, there are more potential victims on the move, and busy gas station employees have less time to check pumps or watch for thieves.

5. It’s more likely to happen where there’s high unemployment and transient workers, who may be more easily persuaded to take the big risks, like installing the skimmers.

6. It’s only going to get worse, because it’s enormously profitable, easy to commit, and the thieves are unlikely to be caught.

7. Organized crime gangs, local and international, are increasingly focusing on skimming because it’s so lucrative. That probably means the attacks will become even tougher to stop or to spot.

8. Insiders are a big threat because they often have access to the keys that open the pumps, can turn off surveillance cameras, and easily install and remove skimming devices when no-one’s looking.

9. Your safest bet is to pay with a credit card (not a debit card), pay inside and not at the pump, or pay with cash.

10. The first hint most victims have that they’re a victim of gas pump skimming is when they check their credit card or bank statement and spot charges that just don’t add up.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.