It’s that time of the year when we get to polish our crystal ball and take a look at what might happen in 2012. Intersections’ Consumer Security Adviser and master predictor of all things security Neal O’Farrell, dusts off his magic wand, adjusts his turban and takes a peek into the future with his 2012 security predictions.

Christmas is a time for tradition, and in the security world one of those traditions is predicting what’s in store for us next year from hackers, scammers and all the other things that go bump on the net.

Perhaps the best way to summarize next year’s threats is more of the same, and here are just a few of my predictions:

• More friends and family fraud, as continued economic hard times force otherwise honest individuals to exploit family credit to pay bills.

• An increase in existing account fraud as financial institutions get better at preventing new account fraud and force thieves to focus on low hanging fruit.

• An increase in child identity theft as thieves become more aware of how hard it is to stop it, and a similar increase in elder financial exploitation as social services for the elderly are cut back.

• An increase in skimming, especially in supermarkets, as thieves rush to take advantage of this vulnerability before chip-and-pin is more widely adopted and makes skimming more difficult.

• A shift from street-level drug dealing to identity theft. This is a worrying trend because it could fuel the growth in identity theft for another decade. The recent Operation Rainmaker in Florida, where local drug dealers joined forces to learn about identity theft and defraud the IRS out of more than $130 million using stolen identities, is a perfect example of this trend.

• A growth in super thieves – low level thieves, like those involved in mail theft or check washing – who are never arrested or investigated, stay off law enforcement’s radar, and only become better, more sophisticated, and able to steal larger amounts without being caught. They take advantage of the fact that law enforcement has largely given up on identity theft.

• An increase in attacks against small businesses because of the wealth of identity information they possess with little protection.

• An increase in tax-related identity theft, as crooks realize how lax IRS security controls are and how easy it is to get a refund using a stolen or “deceased” identity.

• An increase in identity theft malware especially banking Trojans, keyloggers, and Android malware.

• An increase in legislation to protect consumers, and especially data breach legislation.

• Lots of opportunities for hackers to poison search results and take advantage of some big events next year, especially the 2012 Olympic Games starting in July in London, and of course the Presidential election. Both events will provide hackers and scammers with endless opportunities to trick unwary users into falling for some scam or another.

• More hactivisim, but much of it by copycat hackers rather than by the original Anonymous or Lulz crew.

• More infrastructure attacks, targeted at everything from power stations to water treatment plants. Most of the attacks will be probes to test the resilience of these systems to attack.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

There are news reports almost daily about how hackers are able to gain access to the bank accounts of innocent victims and rip off thousands and thousands of dollars. In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell explains what you need to do to keep your hard-earned money out of the hands of hackers and criminals. A must read!.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consume Security Adviser Neal O’Farrell reports on an inventive identity theft scam that was recently uncovered in Florida.

It was addictive. Just like the dope they once sold on the streets, if not more, according to the story in the Seminole Heights newspaper. “The scheme is extremely simple but extremely lucrative,” said the U.S. Secret Service Special Agent in Charge.

They were talking about Operation Rainmaker, an identity theft scheme that was so easy and so lucrative it persuaded drug dealers to abandon their age-old trade and turn instead to identity theft instead. The operation got its name from law enforcement simply because of the vast amounts of money thieves were able to rain down on themselves – about $130 million in fact.

Authorities were only tipped off to the scheme when tax payers began to file complaints that when they went to file their own taxes, they found someone else had filed using their name. And that was the core of the scam.

Here’s what they discovered. The thieves were using public sites like Ancestry.com to assemble the identities of the living and the dead, and were also buying complete identities on the black market – something that’s surprisingly easy for anyone to do.

Once the thieves had assembled enough information about an individual, they used off-the-shelf tax return software like Turbo Tax to file fraudulent tax returns. And that was probably the easiest part of the entire scam. The IRS is unable to thoroughly review or cross-reference every single tax return they receive, or spot any red flags like a sudden change of a taxpayer’s address. And if the amount of the return is under $10,000, it rarely gets scrutinized.

So naturally the thieves kept their returns under the $10,000 threshold and then sat back and watched the IRS rain money down on them. That money came in credit cards or checks issued by the Treasury and sent to a variety of homes, some of them vacant, or deposited electronically into bogus accounts.

Once they had their hands on the funds, the thieves would go on spending sprees. The scheme was so lucrative and widespread, authorities in the area said they noticed a significant reduction in street-level drug dealing. According to the story, informants told police that local drug dealers quickly realized that identity theft was a much more lucrative and safe line of business.

As soon as authorities got wind of the scheme, they assembled a task force that included police and Sheriff’s departments, the United States Secret Service, the United States Postal Inspection Service, State Attorney’s Office, and the United States Attorney’s Office.

But in spite of all the evidence they had gathered, authorities had trouble in filing charges of tax fraud because the IRS refused to share the records they had – apparently the IRS protects the personal information of thieves who are caught committing tax fraud.

Nearly fifty people have been arrested so far, and here’s exactly how law enforcement laid out the multiple steps in this bizarre criminal enterprise:

• Create Fake Identity

• Suspects search the web to find identities of deceased or living victims.

• Defendants buy large volume of identities from suspects who are stealing names and social security numbers from businesses, medical facilities or prisons.

• File Fraudulent Tax Return Online

• Suspects use multiple electronic filing programs including, Turbo Tax, Tax Hawk and Tax Slayer. Turbo Tax is the most commonly used.

• Suspects refer to this tax scam as “doing drops.”

• Request Refund on Green Dot Card, Treasury Check or Direct Deposit

• Suspects have refunds sent to vacant homes, another suspect’s home or an innocent bystander’s home and then intercept the mail.

• Defendants open fraudulent bank accounts to receive direct deposits.

• Cashing in the Refund

• Suspects withdraw money from ATM’s.

• Buy large ticket items or money orders at legitimate businesses.

• Suspects launder the money through illegal businesses.

And apart from how easy it was to pull of the scam – if they’d stuck to victimizing dead people they might never have been caught – the most worrying part of the story is how drug dealers and other criminals are turning away from traditional crimes and to identity theft. And with so few investigations, arrests and prosecutions for identity theft, what have these crooks to worry about?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell shares some important tips to protect your laptop, smart phone and tablet.

One thing we know about hackers and identity thieves is that they always follow the crowds and the data, and as more people use laptops and tablets to run the personal and professional lives these devices are a major target.

And with so many Android tablets now on the market, Android-powered tablets could be exposed to the very same risks as Android-powered smart phones. A recent report by McAfee found a huge spike in Android malware, and Android devices were the top mobile target for scammers.

Laptop theft and loss are far more common than you might think. Research firm IDC reports that around 90% of U.S. firms have reported losing laptops. And the makers of the LoJack laptop recovery service claim that a laptop goes missing about every 50 seconds.

And the loss of a laptop or tablet can be devastating for your employer and your workplace. According to Data Loss DB, a research project aimed at documenting known and reported data loss incidents and data breaches world-wide, more than 30% of data breaches were the result of a lost or stolen laptop, mobile phone, or other portable media device.

So here are some simple reminders of the steps you can take to protect your device from theft and its consequences.

1. Encrypt it! This should be the fundamental rule for every laptop, and many experts argue that all laptops should be encrypted by default. Encryption locks either the entire hard drive or specific folders with an unbreakable code. So if the laptop is lost, the data is safe.

2. Use strong passwords. The next best layer of security after encryption is the password, and while a determined thief might be able to get past your password, it’s still a powerful defense. So make sure that your laptop is set to request a password every time you want start or use it, and make sure it’s a very strong password.

3. Don’t use a laptop case – it’s a bright red flag to thieves that you’re carrying a laptop. Most laptops and tablets are small enough to carry in a briefcase or backpack.

4. Be careful using Wi-Fi – because they’re supposed to be accessible to the public, Wi-Fi networks are also easily accessible to hackers and eavesdroppers. So if you have to use a Wi-Fi network in a public place like a coffee shop or hotel, don’t use it to access anything sensitive like your bank account.

5. Don’t use your laptop to store or move sensitive information. If you lose it, you only have to worry about the value of the device itself and not the harm the thief can do with it.

6. Treat it like a desktop computer. Make sure you always have layers of up-to-date security, including firewall, virus protection, browser security, keylogger protection, and all the other security software that you would expect on a desktop.

7. Don’t forget tablet security. I’m amazed to see how many people are not aware that there are anti-virus programs available for Android tablets. They’re still pretty rudimentary, in part because tablets don’t have the processing power for conventional anti-virus software. But there are a growing number of tablet security solutions available.

8. Use a tracking and recovery service – services like YouGetItBack.com and Computrace will help you track and recover your laptop, tablet, or smartphone, and often for just a couple of bucks a month.

9. Spare the apps – don’t download endless apps just because they’re cool or free. Only download apps you really need and make sure they’re from trusted sources.

10. Most important of all, be careful where you leave them. Laptops and tablets have become such a familiar accessory, often times they get left behind – at hotels and bars, in taxis, at airports. According to an article in PC World, LaGuardia Airport in New York reports that more than 70,000 laptops and PDAs have been left behind by passengers. Just because they’re portable doesn’t mean they’re forgettable.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very valuable social networking safety tips today. He comments on a recently published Facebook security guide.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell continues his security update series. Today,he writes about a recent string of Twitter attacks. The moral of the story? Beef up your Twitter and Facebook passwords!

Seems like hackers and scammers are not forgetting about Twitter when it comes to spreading malware, junk and scams. For a while there it seemed like Facebook had become the favorite child but a recent uptick in Twitter scams proves that as long as it’s a popular way to share and communicate, Twitter will always be a target.

In the most recent scam, Twitter scammers are circulating spam offering free iTunes gift cards. And they appear to have even gone to the trouble of actually creating accounts for non-existent users so they can make the scam look as real and convincing as possible. Clicking on the link in the message doesn’t get you to your free gift card, but instead of a variety of web sites, some of them dating sites, that request your personal financial information.

That scam came on the heels of another attack where the scammers used compromised Twitter accounts to spam thousands of users with messages about a get rich quick scam. Clicking on the link in that message took users to web sites designed to look like local newspaper, where fake participants gave glowing testimonials about how much money could be made from these work-at-home schemes.

And only a week ago, thousands of Twitter users received tweets from friends promoting the miracle “beach body diet.” Turns out it was just another Acai berry promo but again it appeared as though many Twitter users had their account passwords compromised.

As usual, these attacks have common threads, and one of the most common in a compromised password. These scams work best when the messages appear to come from friends. And that’s usually achieved by hacking the “friend’s” Twitter account by taking advantage of a weak password.

Lessons learned?

• If you haven’t already done so, beef up your Twitter and Facebook passwords. Ideally they should be 8-12 characters, and a random mix of letters, numbers and even symbols.

• Protect your password at all times and don’t share it with others, even for fun.

• Don’t use the same password for multiple web sites. That’s a common practice and makes it much too easy to exploit mistakes.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Neil O’Farrell, Intersections’ Consumer Security Adviser shares his unique perspective on identity theft in today’s article. Too often, the perpetrator of identity theft may be someone you know.

At a recent identity theft training event with law enforcement, one officer commented that he had never seen a crime where so many otherwise honest and trusted people were turning to crime, and for all kinds of reasons. It was a reminder of some of the fundamental and maybe unchangeable reasons why identity theft is such a pervasive theft and such a challenge to law enforcement to combat.

• Identity theft is so easy, anybody can commit it. You don’t need any special skills, and anything you can’t figure out for yourself, you can easily find the answers to on the internet.

• The chances of getting caught and prosecuted are very, very slim. A fact that has probably emboldened many would-be thieves.

• Many thieves still don’t see identity theft as a “real” crime, that their victims don’t really suffer, and that the financial industry seems to be more than happy to absorb the costs without going after the thieves.

And in what could be a troubling trend, most of the cases I’ve come across recently have involved insiders and others close to the victim. And you never have to go far so see just how many different people are turning to identity theft to pay their bills, hide their credit history, or simply live beyond their means.

In one recent case, an employee at a liquor store in Egg Harbor New Jersey was indicted for stealing the identities of nearly a dozen customers at the liquor store where he worked. When customers paid for goods at the store, the employee allegedly made copies of their credit cards by quickly swiping them using a small hand-held skimmer that he kept under the counter.

Over a period of about a month, the employee would then copy the stolen information to another card, make multiple purchases, and then convert the goods to cash by selling them on eBay. And in a similar case in Greeley Colorado, a waiter admitted to copying the credit card of a patron and immediately using it to pay for his groceries, gas, and other expenses.

And in many of these cases the thief can be uncomfortably close to home. In a recent Florida case, a man was arrested for running up more than $5,000 in medical expenses at a number of clinics. The thief admitted to using his friend’s identity in order to get access to prescription drugs.

And even more troubling, a Milwaukee police officer was recently fired when it was alleged that he purchased a Mercedes-Benz S550 using the Social Security number of a seven-year-old. When investigators looked more deeply into the case, they found the police officer had discovered a business in California openly selling credit restoration packages that promised to help fix a customer’s credit for $2,500.

This sounds like the same scam we talked about in previous blogs where online companies sell personal credit profiles to consumers trying to rebuild their credit by hiding their past. In most cases they’re buying someone else’s identity, using it to gain access to credit, and dumping the awful results on the victim when the crime is discovered.

As soon as this particular officer had his new Social Security number, he immediately used it to purchase a Mercedes for a total cost of nearly $80,000.

You don’t have to travel far to become a victim of identity theft. And you don’t have to look far for the next potential thief. Your only recourse is constant vigilance. Shield’s Up!

If you found this article informative, you may also like this article on the topic of child identity theft.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Here’s the scenario. You’re on top of things and you check your credit reports regularly. After reviewing your most recent credit report, you find accounts listed on the report that you have not opened. Although this is enough to make anyone panic, having a few resources will help you streamline cleaning up these issues.

Here’s a quick guide on what to do if you suspect fraud on your credit report.

• First, put a fraud alert on your account at all three credit bureaus to make it difficult for criminals to access your credit

• Next, file a claim with the Federal Trade Commission (FTC). They are charged with tracking identity fraud cases, and have many resources that can help you clean up the financial mess that criminals make.

• Then, file a police report with your local authorities. Most financial institutions won’t resolve unauthorized credit claims without this type of documentation.

• Finally, check out credit monitoring services, such as Identity Guard that can promptly alert you to certain changes in your credit file.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Many people order their credit reports to ensure they haven’t been the victim of identity fraud. However, many phishing emails lure consumers to a “proxy credit report website” — an imposter site that mimics a legitimate business site. The proxy site captures personal information, and it’s then used by thieves who can make a mess of your credit.

You can help protect yourself from these scams by always visiting a website directly, such as manually keying the website address into your browser. And if you receive a suspicious email, make sure to forward it to the related business, and ask if they sent the message. Since legitimate businesses never ask for your Social Security number or other sensitive information over email, if you receive one that does, it’s likely a scam.

Also, consider using a credit monitoring service such as Identity Guard. Credit monitoring is a useful tool that can help you protect your credit, and review your credit reports and scores.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.