It’s that time of the year when we get to polish our crystal ball and take a look at what might happen in 2012. Intersections’ Consumer Security Adviser and master predictor of all things security Neal O’Farrell, dusts off his magic wand, adjusts his turban and takes a peek into the future with his 2012 security predictions.

Christmas is a time for tradition, and in the security world one of those traditions is predicting what’s in store for us next year from hackers, scammers and all the other things that go bump on the net.

Perhaps the best way to summarize next year’s threats is more of the same, and here are just a few of my predictions:

• More friends and family fraud, as continued economic hard times force otherwise honest individuals to exploit family credit to pay bills.

• An increase in existing account fraud as financial institutions get better at preventing new account fraud and force thieves to focus on low hanging fruit.

• An increase in child identity theft as thieves become more aware of how hard it is to stop it, and a similar increase in elder financial exploitation as social services for the elderly are cut back.

• An increase in skimming, especially in supermarkets, as thieves rush to take advantage of this vulnerability before chip-and-pin is more widely adopted and makes skimming more difficult.

• A shift from street-level drug dealing to identity theft. This is a worrying trend because it could fuel the growth in identity theft for another decade. The recent Operation Rainmaker in Florida, where local drug dealers joined forces to learn about identity theft and defraud the IRS out of more than $130 million using stolen identities, is a perfect example of this trend.

• A growth in super thieves – low level thieves, like those involved in mail theft or check washing – who are never arrested or investigated, stay off law enforcement’s radar, and only become better, more sophisticated, and able to steal larger amounts without being caught. They take advantage of the fact that law enforcement has largely given up on identity theft.

• An increase in attacks against small businesses because of the wealth of identity information they possess with little protection.

• An increase in tax-related identity theft, as crooks realize how lax IRS security controls are and how easy it is to get a refund using a stolen or “deceased” identity.

• An increase in identity theft malware especially banking Trojans, keyloggers, and Android malware.

• An increase in legislation to protect consumers, and especially data breach legislation.

• Lots of opportunities for hackers to poison search results and take advantage of some big events next year, especially the 2012 Olympic Games starting in July in London, and of course the Presidential election. Both events will provide hackers and scammers with endless opportunities to trick unwary users into falling for some scam or another.

• More hactivisim, but much of it by copycat hackers rather than by the original Anonymous or Lulz crew.

• More infrastructure attacks, targeted at everything from power stations to water treatment plants. Most of the attacks will be probes to test the resilience of these systems to attack.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Neal O’Farrell, Intersections’ Consumer Security Adviser provides the first in a series of security updates for you. Be careful out there!

SC Magazine recently issued a warning about a new approach to phishing that could result in more people falling for a scam that is now more than a decade old. Instead of trying to lure people into clicking on an infected link by pretending to be a bank looking to verify a password, the email pretends to be from a system administrator or other insider and warns the user that their mailbox is full.

Here’s the text of the message:

“Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – > Click Here: [] Note: Do not send email or Password to any one via email. System Administrator.”

It’s a simple but clever tactic. Clever in that uses a phishing lure that is not often used, so users won’t necessarily have their guard up. And who hasn’t received some kind of email from their IT department warning about an email or other technical issue? The “Click here” part could be anything from the download of some malware, to redirection to a fake page where the thief grabs your email and password.

This is a clear sign that scammers recognize how much better users are at recognizing the traditional, badly-written bank password phishing emails that have now been circulating for years. Time may not be far off when those phishing emails are a rarity, and instead we all have to be much more vigilant for phishing emails that are much harder to spot.

And people are still falling for these scams. A very active phisher who was caught last year just received a 12-year sentence. The resident of Long Beach in California had created a network of fake financial web sites that he lured users to using phishing emails.

He then sold the stolen information, including logins and passwords, to criminals in Romania. These individuals used the stolen identities to set up instant lines of credit, and in less than eight weeks stole an estimated $193,000. More troubling was the fact that nearly 38,000 victims fell for the scam.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield welcomes Intersections’ Consumer Security Adviser Neal O’Farrell. In today’s article, Neal shares a victim’s story and brings home the point once again that damages caused by identity theft don’t always involve money.

I often hear from law enforcement that if identity theft victims are reimbursed by their banks or credit cards providers, and don’t lose any money, then they’re not really victims and shouldn’t expect much sympathy. And I also hear from victims that they wish they had lost some money, because if that was their only loss it could put an end to the nightmare that seems to go on forever.

The reality of identity theft is that the cases that involve things other than money are often the toughest on the victim. And that’s especially true when it comes to a stolen or forged driver’s license.

One case I’m currently working on involves an elderly victim in San Diego California who has been fighting to get her driver’s license back for three years. It turns out that a thief had been using the victim’s identity for more than a decade, and in addition to numerous new credit accounts opened, the thief had also racked up DUIs and other traffic offenses using the victim’s license.

According to the victim, the DMV was completely unsympathetic to her plight and her claims that she was the victim. The DMV repeatedly advised the victim that her record could not be cleared or her license re-issued until the identity theft case went through a police investigation and the courts.

Problem is, few police departments or courts are pursuing identity theft cases, and especially the smaller ones. And the victim’s local Sherriff’s department in California had already said they would not take on the case.

So that has left the victim in limbo, unable to drive a car or even cash checks. To add to the victim’s frustration, the thief has been caught and is in jail in Nebraska for numerous identity theft and fraud charges. Law enforcement and the DMV in Nebraska have been very helpful and sympathetic, and have provided letters confirming they have the thief and the victim does not appear to be responsible for the record on her driver’s license.

The California DMV still didn’t budge. And that’s when I got involved. My first step was to go to the California DMV web site to see if there was any information or service that could help in this kind of victim situation. Although this is a very common crime, and compromised driver’s licenses come up in nearly half of all id theft cases I investigate, I could find nothing on the DMV site that would help.

I finally found a number for DMV investigations, and that gave me some hope that at least I might be able to talk to the right people. The first investigator I spoke to was gruff and rude, and didn’t seem to want to help or even talk to me. Instead she gave me a couple of hotline numbers to call. As soon as a hung up the phone I called the numbers she gave me, and they were all out of service. Another dead end.

Undeterred, I decided to call another investigator office, this one closer to the victim’s home. To my surprise, this investigator was even ruder. She refused to answer my questions, constantly cut me off, tried to hang up, and told me she wouldn’t speak to me because I wasn’t a victim.

She asked if the victim has ever contacted the DMV before and I said she had, a year ago, but couldn’t remember who she spoke to or what number she called. Too bad, said the investigator. The victim would need to go back to the first DMV office she contacted and start the process all over again.

Not getting anywhere, I tried another tactic. What if I was just looking for “general” advice on what any victim should do in a case like this? The investigator curtly responded that it wasn’t her job to give out advice. Probably an understatement to say I was a bit steamed by now, so when the investigator tried to give me the same dud numbers her colleague had given me earlier, I demanded she find me a real number to call.

She put me on hold and eventually came back with a number for yet another investigator. I called right away and guess who picked up? Yet another incredibly gruff, rude, irritable and irritated investigator who was no more sympathetic and had no interest in speaking to me.

But he did give me the same advice. He suggested that the victim ask law enforcement in California to investigate the case and let the courts deal with it. Where have I heard that before? So when I mentioned causally that we all know that because of budget challenges law enforcement rarely investigates identity theft, just as in this case, the investigator assured me that I was completely wrong in that assertion and that law enforcement “always investigates identity theft.”

That’s where the discussion ended, but it was the clearest reminder of just how much out of touch the California DMV is with the crime of identity theft and the plight of victims. We’re now going to look at ways we can change this, and maybe encourage the DMV to look into its own investigator training. Even if they don’t learn anything more about identity theft, they might learn about the concepts of courtesy and customer service.

But there was some good news. We were finally able to get the victim in touch with a DMV office that would accept the documentation proving she was a victim, and promised to issue a new license in the coming weeks. Time will tell. But there’s little doubt that the DMV victimized this victim all over again, and for no other reason than indifference.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell joins us today with a fascinating look at hackers, hacktivism, and hacker collectives. Read on and enjoy!

As notorious hacker collective Lulz Security claims to be sailing off into the sunset, pursued and taunted by other hacker groups like the A-Team and Web Ninjas, many are wondering who will fire the next salvo in the hacker wars and who will be the next casualty.

And while many were surprised at how quickly Lulz appeared and disappeared, hacker collectives and hacktivists have been living, working, and hacking amongst us for nearly two decades. It’s now nearly ten years since I gave a hacker from notorious hacker collective Cult of the Dead Cow a plane ticket to attend the DEFCON hacker conference in Las Vegas and report back on his thoughts about the differences in thinking and culture between hackers and security professionals – at least those hired to protect.

Cult of the Dead Cow, also known as cDc, is credited with coining the word hacktivism. I was writing at the time for a publication called SearchSecurity.com and working on a story that compared the security skills of hackers to those of the security professional being paid to protect us.

cDc may have been the birthplace of the hacker collective, and that birthplace was a slaughterhouse in Texas in the mid-1980s. cDc eventually launched the careers of many of the world’s most famous and competent hackers, who interestingly enough eventually became some of the most respected and respectable security industry executives.

cDc had a simple goal and slogan at the time – Global Domination Through Media Saturation – and its activities ranged from hacking the Church of Scientology to distributing their own music. OK, they did a lot worse than that but we have only so much space.

Like many hacker collectives, cDc either spawned or embraced a number of other hacking groups, and some of its members went on to create other, equally notorious hacking groups.

For example, cDc hacker Mudge later launched L0pht, another high profile hacking collective active in the 1990s. Unlike many of today’s hackers, L0pht members were pretty much out in the open and even had their own Boston headquarters they hung out in. They famously testified before Congress that if they really wanted to they could take down the entire internet in less than 30 minutes.

And where are they now? Surprisingly legitimate and well respected. L0pht eventually merged with a security consultancy @stake which was later purchased by security firm Symantec. L0pht hacker “Weld Pond” is now Chief Technology Officer of respected security company. “Kingpin,” whose real name is Joe Grand, now lives in San Francisco and hosted the Prototype This program on the Discovery Channel.

And whatever happened to Mudge? His real name is Peiter Zatko, who later went on to serve as an adviser to President Bill Clinton on cyber security and now works for the U.S. Department of Defense Advanced Research Projects Agency (DARPA).

I’ve always maintained that most security professionals can easily be outsmarted by good or even average hackers. It’s not about competence, it’s more about culture. Hackers by their nature are usually more inquisitive and creative, less worried about failing, and of course don’t have corporate security rules or federal guidelines holding them back.

Will we ever see members of Lulz or Anonymous give up their rebellious ways and use their obvious security skills to protect the greater good? Will we ever see one of these hackers emerge as the head of security for a major corporation, the kind of security head these hacktivists say they despise?

Probably.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Here’s the scenario. You’re on top of things and you check your credit reports regularly. After reviewing your most recent credit report, you find accounts listed on the report that you have not opened. Although this is enough to make anyone panic, having a few resources will help you streamline cleaning up these issues.

Here’s a quick guide on what to do if you suspect fraud on your credit report.

• First, put a fraud alert on your account at all three credit bureaus to make it difficult for criminals to access your credit

• Next, file a claim with the Federal Trade Commission (FTC). They are charged with tracking identity fraud cases, and have many resources that can help you clean up the financial mess that criminals make.

• Then, file a police report with your local authorities. Most financial institutions won’t resolve unauthorized credit claims without this type of documentation.

• Finally, check out credit monitoring services, such as Identity Guard that can promptly alert you to certain changes in your credit file.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield is once again pleased to publish this article by Intersections’ Consumer Security Advisor, Neal O’Farrell.

I’ve always had an uneasy relationship with identity theft. I’ve spent decades fighting the crime and teaching others how to protect themselves. I’ve always assumed that would give me some degree of added protection, a free pass, if you like. But in the back of my mind I also knew that the beast could just as easily turn on me at any time.

Yesterday it finally did. During a routine check of my online bank account yesterday I found two unusual charges that didn’t make any sense. The charges were electronic transfers out of my account, were described as “Legal Order Fees” and totaled $740. But my bank provided no other explanation of what they were for, who authorized them, and where the money went.

Immediately my mind started to race. I didn’t authorize these charges and didn’t recognize them. What’s worse, I have alerts set up on my account to let me know instantly of any electronic transfers over $100. But I didn’t get an alert.

Could this be my worst nightmare – a banking Trojan like Zeus that has infiltrated my computer, accessed my account, and switched off my alerts so it could systematically drain by bank accounts without me knowing until it was too late?

And if it was Zeus, I knew I’d be in for a battle royale, because Zeus is such a clever and advanced piece of malware it would already have anticipated what my next moves would be. And what other accounts would be vulnerable?

I called my bank’s Customer Service number. They’re one of the country’s biggest banks and you’d think they’d have a Fraud Hotline, but I couldn’t find one. So after weaving my way through endless options to check recent transactions, get account balances and listen to new credit card offers, I finally spoke to a customer service representative who immediately knew what the problem was.

Without hesitation he transferred me to a supervisor who had some good news, and some not so good news. Turns out a Legal Order fee is essentially a legal garnishment of money in order to pay a judgment. And it looks like this was the State of California collecting on a tax judgment against me.

Phew, at least it’s not the dreaded Zeus. It’s just the tax man. But of course all my taxes are paid and up to date, I don’t have any judgments against me (that I know of), and I’ve never been contacted about taxes owed or ever been served. Did I make a mistake, fail to file some important tax document, make an incorrect filing?

My bank referred me to a hotline for the State of California tax people – at least they have a hotline number – and again, more good news, bad news.

Seems like someone else in California had a tax judgment against them and the paperwork had been submitted and filed using my Social Security number. Is it identity theft, I asked? No, said the tax man, probably just a human or computer error that got one digit of the real Social Security number wrong.

OK, so how alike are my number and the real number, I asked? Not even close, replied the tax man. So it probably wasn’t computer or human error, if the numbers aren’t even close. No said the tax man, probably someone used your number to avoid the courts.

So the good news is, there isn’t a judgment against me, I don’t owe any taxes, and this morning I got most of the money back. Except for $100. Which the bank says it’s keeping as a standard charge that applies even if I’m the victim.

And of course the bad news is that it looks like someone now has my Social Security number and has started to use it. Short of changing my number, could I be looking at a lifetime of worry about the next time the thief, or thieves, will try to use it? I’m glad I have Identity Guard helping out, but it could still be a major headache for years to come.

And of course it raises lots on unanswered questions that seem to suggest systemic failure all the way down:

• The tax people had my real name, address, and even driver’s license information. If it didn’t match the thief’s information, how come that red flag wasn’t noticed?

• Why didn’t the tax people try to serve me, if my SSN led them to my real home address?

• Will my name and SSN be forever red flagged by the State of California, and my name be a “known alias” for this thief?

• How did the State of California know where I bank and what my bank account number is?

And my bank isn’t off the hook either. The tax man said they contacted my bank twice to resolve the matter, once in July and then again in September. When I asked my bank why they didn’t bother to let me know what was about to happen, the call was again referred to a supervisor who explained that if I had been forewarned, I could have emptied my bank account before the money removed, and the bank might be accused of facilitating me.

Sounded reasonable, expect that the tax man said they contact the bank to try and resolve the issue with the alleged debtor (me), so they would probably want the bank to contact me and persuade me to pay my debt.

But that didn’t explain why I didn’t receive an alert after the payment had been made. My account had been set up for exactly such alerts, and there would be no legal risk to the bank to alert me after the money was gone, right? The bank had no answer for that. Or for the fact that despite having alerts set up for every transaction on my account over $100, I hadn’t received any alerts in the previous two weeks.

Apart from fighting with my incompetent bank over the last $100, the rest is all just a waiting game. I monitor my credit reports constantly so hopefully I’ll be alerted quickly if there’s any more unauthorized activity. But a thief can do so much damage with a stolen Social Security Number, my challenges go far beyond credit monitoring.

And I know exactly what victims have been talking about. It’s not about the money that was lost and reimbursed. It’s about the waiting and uncertainty, not knowing when the next shoe will drop and how long and complicated my new fight is going to be.

It’s also the worry that in some computer system – state, federal, or commercial, I have a judgment listed against me as a tax cheat. And it’s the realization that so many people failed me, from the tax man and his vast computing power, to my bank of ten years, that I’m not sure who to trust any more. Except the thief. I’m pretty sure I can trust him to be true to his nature.

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield is very pleased to republish the following article originally published on ID Guardian. ID Guardian is the trusted source of information concerning identity exposure, identity fraud, and online security.

Identity theft continues to be one of the fastest growing crimes in the country and according to the Federal Trade Commission, 5 percent of all identity theft complaints in 2008 were victims under the age of one. Younger aged children are often targeted by identity thieves because the crime can go undetected for longer periods of time.

The U.S. National Center for Education Statistics estimates that an anticipated 56 million children will embark on their first day of school this fall. For most parents, the start of the school year brings excitement and apprehension. It also means having to fill out or update a number of forms required by the school, some of which ask for your child’s date of birth, home address, phone number, and even your child’s Social Security number.

This summer, however, as reported by the Better Business Bureau and throughout the blogosphere, a shift from adults to children as targets has occurred, ultimately placing on parents the responsibility to question how their children’s personal identifiable information (PII) is being used, why it is necessary, and if it is being secured against identity thieves.

ID Guardian has compiled the following list of tips to help parents protect their school-aged children from becoming victims of identity theft:

1.Remind your children not to share any personal information like their home address, phone number, or Social Security numbers with anyone. Typically the first day of school is filled with lots of questions from school staff and children need to know to ask their parents first before sharing any of that information.

2.If you are a new parent with a child entering kindergarten, most schools will require a copy of that child’s birth certificate. Do not leave a copy behind. If they are collecting information for later review, ask them where this information will be stored and who will have access to it.

3.Most schools still ask for the child’s Social Security number; however, it is more of a “like to have” rather than a “must have.” This information is not always handled properly and puts your child further at risk for having their identity compromised should the information be accidentally leaked or stolen from insiders. Ask to speak to the principal if you are uncomfortable with providing the information.

4.Children are always excited to show off their brand new backpacks and supplies on the first day of school. And most backpacks nowadays include identification tags that hang on the outside that include the owner’s name and home address. Instead of making your child’s personal information easily accessible, writing their name in permanent ink somewhere on the inside of the bag is a better idea.

5.With more and more schools providing students access to computers for everyday use, it is important to teach your children how to be safe online while at school and to familiarize yourself with the school’s Acceptable Use Policy for Internet Use.

6.Stay involved with your child’s online activities. Based on a study by Grunwald Associates, an estimated 27 percent of 9-17 year olds maintained weekly blogs, web pages or other online spaces in 2008. One in five U.S. children say they do things online their parents would not approve of, according to a recent Norton Online Living Report. Make sure you monitor what your children are doing online. Review and explain the privacy policies with your child so they understand how their information can be exposed if proper security preferences are not put in place.

7.Consider using parental control software or services to help monitor what your children are doing online. Some parental control software can cost around $40 while many websites like AOL, MSN and Yahoo, offer some form of free parental controls included with their services.

8.Keep an eye out for any mail, particularly credit applications addressed to your child, or telemarketing calls asking for your child by name—this could indicate that someone has used your child’s personal information to commit identity theft.

If you are interested in online safety for your children, we invite you to join our Facebook group, “Keeping My Kids Safe Online.”

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

Last Friday, we posted an article offering advice for travelers to avoid identity theft while traveling for business or pleasure.  To highlight our points, the New York Times recently did a story that highlighted a little known fact about credit card thefts – that hotels held the Number 1 spot for credit card hacking last year, more than twice the rate for financial institutions and retailers.

One well-known example of hotel hacking occured in June of this year. Destination Hotels and Resorts admitted that hackers had compromised their networks, and over a period of three months ran up hundreds of thousands of dollars worth of charges on more than 700 guest credit cards.

Lessons learned?

• Create alerts with your credit card so you’re immediately notified of any charges and make sure you check your statement carefully – do it online if you can, and before waiting for your statement to arrive in the mail.

We hope you will keep this in mind when traveling this summer. Always remember . . . be careful out there!

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

The Daily Shield has compiled a list of recently published phishing attacks and online scams. Phishing is a very pervasive crime. Last year, according to PC World, “cybercriminals sent 3.7 billion phishing emails last year in attempt to steal money from unsuspecting web users.”

We invite our readers to comment and add to this list.

To learn more about how phishing scams work, and to learn how to spot common phishing schemes, check out this About.com article: How Phishing Scams Work.

If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at spam@uce.gov.

Remember, the best defense against phishing and other online scams is your own good judgment. Government organizations, reputable businesses, banks and financial institutions will never send you an email asking you for sensitive personal information. In fact, most institutions are now informing their customers that “We will NEVER ask for your personal information by phone or email.”

Here is our phishing and scam alert for the week ending July 10, 2010.

South Dakota Cable TV targeted by an email phishing scam. The fraudulent phishing e-mail directs Midcontinent Communications (MIDCOM) consumers that they should make their account details up-to-date by sending their password and user identification to the company over e-mail.

Credit union warns members not to bite on ‘phishing’ lure. An automated message claims to be affiliated with EvergreenDIRECT of Olympia, WA and says their debit card has been deactivated for various reasons, including a billing error or questionable activity. It says the card will be activated if they punch in their card number and personal identification number. Most people are being contacted on their cell phones.

Another new phishing attack disguised as Adobe PDF reader update is identified. Symantec Hosted Services reports that malicious e-mail attacks that look like PDF reader updates have been increasing in volume since the middle of June.

And finally, we’re reminded that not all phishing occurs online. Sometimes criminals resort to simpler technologies such as the telephone as Federal officials warn users about a jury duty telephone phishing scam that has been targeting people all over the country.

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.