According to the recently released 2012 Javelin Strategy & Research Identity Fraud Report, the number of identity fraud incidents increased by 13 percent in 2011, totaling 11.6 million adult victims. The report also found that certain social media behaviors and increasing number of data breach incidents contributed to the overall amount of identity fraud instances in the United States over the past year.

Intersections’ is pleased to provide the following recommendations and insight into this year’s report:

The findings in this year’s study indicate that fraudsters are taking advantage of consumers’ increased use of social networks, and hacking into large businesses where many identities are housed in one place. As these criminals continue to evolve in finding new ways to retrieve personal information, it is imperative that consumers remain consistent and committed to protecting their identity.

Protect Your Information. Exposing common information like birthdates and addresses puts consumers at a greater risk as these elements are commonly used by financial institutions for security questions and validation of identity to access accounts. Even such seemingly harmless information could be valuable to experienced identity thieves.

Be Social, But Be Smart. Knowing that social networks are a hotbed for identity fraud activity, consumers should take extra care when deciding who to connect with and what applications to accept. Users that approve friend requests from strangers and use GPS/location based applications are far more susceptible to fraud.

Take Caution with Mobile Computing. The convenience of online and mobile banking is here to stay, but consumers need to take the extra step of ensuring their network connection is secure and their devices have updated security.

Be an Active Party in Detection. Consumers must take the responsibility of protecting their identities into their own hands. By enrolling in a comprehensive identity protection service like IDENTITY GUARD® TOTAL PROTECTION(SM), consumers have the extra security they need to help keep them protected.

Act Quickly. The sooner a victim learns of the fraud, the sooner their road to recovery can begin, so consumers must remain alert and act quickly in the event that they notice suspicious activity, reporting it to their financial institutions and law enforcement.

Read more about the 2012 Javelin Strategy & Research Identity Fraud Report.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Although it’s barely a month into 2012, there is a lot going on with security and privacy on the world’s most popular social networking site – Facebook. Intersections’ Consumer Security Adviser, Neal O’Farrell is here today to give us an update on several new Facebook security issues.

2012 has already been an interesting year for Facebook security, with the emergence of some dangerous new scams and the unmasking of one of Facebook’s most notorious cyber gangs.

In case you never heard of Koobface, it’s a piece of malware that first emerged in 2008 and quickly infected millions of users. Users were tricked into downloading the malware by clicking on infected links on Facebook pages with messages like “Lol, is this you in this video?” These users were then enlisted into a giant international bot network of hijacked computers, at one point numbering close to one million computers, which in turn were used to engage in a variety of criminal activities that including pedaling fake anti-virus software.

The Koobface gang, as they became known, were able to generate millions of dollars in criminal gains, and all the while working out in the open, in plain sight, in the Russian city of St Petersburg. Until January 16th, when the New York Times and other outlets identified the five members of the gang and posted their photos across the world.

Apparently that did the trick, because Facebook just reported that they had finally wiped all traces of Koobface from Facebook, and that the command and control servers used to manage this massive criminal network appear to have gone silent.

But if everyone knows who these criminal are, and have known for some time, why were they not arrested? In a statement from Russian authorities, the answer is simple – no-one ever bothered to ask them to investigate or arrest them. While that’s probably not the case, and Russian authorities have probably known about and tolerated the gang for years, it reminds us once again why so many of the world’s most notorious hacking gangs work unimpeded from behind the Russian border.

But that might have been the only good news on the security front for Facebook. Just last week we talked about a dangerous new worm called Ramnit, which had apparently been merged with the highly dangerous Zeus banking Trojan and stealing Facebook passwords in the expectation (probably correct) that many Facebook users use the same password on other sites. Like their online banking.

And that was followed by a Facebook ransomware attack, where Facebook users received messages claiming that as a result of some unusual activity their Faceook account had been suspended and they would have to pay a fee of around $30 in order to unlock it.

There are some important lessons to be learned here:

• Probably the only way to defeat all these Facebook threats that keep emerging is for everyone to stop using Facebook. Criminals are only targeting Facebook because it’s easy to pick the pockets of such large crowds.

• It’s like playing whack-a-mole with criminals. As soon as one gang or piece of malware has been neutralized, another takes its place. And often the replacement has learned from its predecessors, adapted itself, and become even more potent.

• It’s still down to users. Facebook is doing all it can (I assume) to counter all these threats. But if you really do love Facebook, you can help – by being more cautious, vigilant, and cynical when it comes to any unusual messages you receive. And of course, a strong and well-protected password would be greatly appreciated too.

You can read details of the compelling Koobface expose here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares his thoughts on keeping yourself safe at work.

While most of the advice we offer on the Daily Shield focuses on protecting your personal space and finances, it’s easy to forget that some of the greatest security vulnerabilities can be found in a place you may spend much of your life – the workplace.

And with an endless stream of data and security breaches being traced back to bad decisions in the workplace, it could help you and your job if you pay a little more attention to workplace security and privacy.

With that in mind, here are a few simple ideas that can protect you and your co-workers in the year to come:

• Know the rules and follow the policies. Security policies sound like a pain, and in some workplaces they’re so long and complex they read like a text book for a law degree. But policies are there for a reason, and even if they’re poorly written or overly complex, you still need to pay attention to them. If properly implemented, they protect data, protect your workplace, and even protect your job.

• Be careful what you bring to work. One of the biggest threats in 2012 is BYOD – Bring Your Own Device. In spite of policies against them, many employees still bring their own smartphones, laptops, and tablets to work. Thumb drives are a particular source of security problems. If you use those devices to store work information or access corporate networks or systems, you risk exposing your workplace to all kinds of threats. If your employer doesn’t know what kinds of devices you’re using, and what kind of security precautions you’re taking, they’re almost defenseless against the risks your devices might pose.

• Keep your personal information hidden or out of the office. A study as far back as 2005 by the University of Michigan found that close to 70% of all identity thefts in the United States might originate in the workplace. Even if the report is only half right, that’s reason enough for you to guard any personal information you bring to the workplace. So hide any personal financial documentation, wallet, purse, personal devices and anything else a co-worker might grab an opportunity to snoop on.

• Be careful with social media. Many workplaces still don’t have clear rules about the use of social media in the workplace, but that doesn’t mean you should ignore the risks. And apart from getting into trouble for checking your Facebook page too often at work, some of the biggest risks when using social networks at work include saying things that could get you or your employer into trouble, giving away corporate secrets or insider knowledge, or clicking on a malicious link that introduces malware into your workplace.

To avoid these dangers (1) stay off Facebook at work as much as possible, (2) if you do use Facebook or Twitter, mind what you say – about yourself, your workplace, your colleagues, and your job, (3) be very careful what you click on.

• Protect your passwords. If your workplace has guidelines or policies on the proper use of passwords, follow them. The rules are there because they work. If your workplace doesn’t have any clear rules, then use common sense. Use long and complex passwords, change passwords often, don’t share them with others, and be wary of calls or emails claiming to be from a colleague and requesting your password.

• Challenge strangers. One of the most common attacks on the workplace is the walk-in, where a complete stranger will simply walk into the business, perhaps posing as a customer, repair technician, or even a janitor, and steal information. If you come across a stranger in your office, don’t simply ignore them. Offer to help them, ask them who are and what they’re looking for, and if they seem suspicious, notify security or your colleagues.

• Think privacy. The root of good security is a respect for privacy. As a consumer you value your privacy and expect it to be respected and protected. So why not expect that for others. If you come across the personal information of others, give it the respect it deserves. Good security flows from a respect and passion for privacy, and if it’s second nature, security breaches are less likely to happen.

• Be an advocate. If you truly believe in security and privacy, and believe that it makes a difference, then speak up. Become a privacy advocate in your workplace. Encourage co-workers to take security and privacy seriously, and if there are no security guidelines or policies in place already, offer to work with your employer to create share, and apply them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell provides his comments and analysis of the recent privacy settlement between Facebook and the Federal Trade Commission (FTC). A must read!

As a result of numerous complaints from a number of privacy advocates and organizations, the FTC finally launched its own investigation into Facebook’s privacy claims and failings. According to the FTC’s own statement, which announced the settlement on November 29th 2011, Facebook allegedly made many promises that it did not keep:

• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

• Facebook promised users that it would not share their personal information with advertisers. It did.

• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Speaking about the issue on his Facebook page the very same day, Facebook founder Mark Zuckerberg insisted that “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”

At the same time he announced the appointment of two privacy officers – reminds me of Sony’s announcement that after more than half a century in business it finally decided it would be a good idea to hire a head of security, only after hackers stole nearly 100 million user accounts. Better late than never, I suppose.

The settlement requires that Facebook can no longer conduct business as usual when it comes to privacy, cannot make any further deceptive privacy claims, and must get users’ approval before it changes the way it shares their data.

Specifically, under the proposed settlement, Facebook is:

• barred from making misrepresentations about the privacy or security of consumers’ personal information;

• required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

• required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

• required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

• required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t look like Facebook has to pay any fines or suffered any other punishments. It’s simply on privacy probation for at least the next 20 years.

Read the full statement from the FTC.

To keep up to date on Facebook privacy issues, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Neal O’Farrell talks about the importance of keeping on top of your own personal security. And there is no better time to do that than in October, which is National Cyber Security Awareness Month.

It’s October again and you know what that means. No, not just Halloween, although some of the stuff out there is beginning to get scary. It’s also National Cyber Security Awareness Month and a great time for you to review your security, take a close look at your personal habits, and make some of those changes you might have been putting off.

October should be “take another look” month because it’s a great reminder for you to take another look at some of the stuff you might be taking for granted.

Take another look at Facebook

• Have you changed your password recently? If not, do it now.

• Have you removed any personal information that might help a thief learn more about your background, like where you grew up, went to school, date of birth etc.?

• Have you hidden your mobile phone number on your Facebook page? Your bank may use that number to send you alerts and you don’t want thieves intercepting those alerts.

• Have you revisited your privacy settings lately? Because Facebook changes so much, you should check your settings regularly to make sure they’re still doing what you expect them to. Network World has a great slideshow entitled “Facebook Privacy: 11 settings to revisit now.”

Take another look at your computer and device security

• When was the last time you updated your anti-virus software, and is it set to automatically update?

• Have you checked that your anti-virus program is actually in place and turned on? Make sure that it wasn’t disabled accidently by another user or family member, or even by malware.

• Are you protecting valuable information on your computer or laptop with encryption? It’s a great defense against theft and hackers.

• Have you removed any apps from your phone and tablet that you don’t really need?

• Have you installed security software in your smartphone or tablet? Don’t forget that these devices can be just as vulnerable as your computers.

Take another look at your credit reports

• When was the last time you checked your credit reports? If it’s been more than three months, it might be time to check them again. Check your reports free at www.annualcreditreport.com.

• Are you using IDENTITY GUARD®? IDENTITY GUARD® provides one of the most comprehensive collections of security tools to protect your identity from all kinds of attacks and it works best if you take advantage of all its great features.

Take another look at your browser

• Have you updated it lately or set it to automatically update?

• Have you looked at the security of add-ons and extensions to your browser, and uninstalled extensions you don’t need?

• Have you thought about switching or upgrading to Internet Explorer 9 or IE 9? It has a host of new security features that can provide almost as much protection as desktop security software.

Take another look at your kids

• Are they on Facebook? If they are, have you talked to them about dangers and precautions?

• Have you created your own Facebook page so you can friend your kids and keep an eye on them?

• Have you set rules for what they can’t say and send on their phones and computers?

• Have you moved family computers to a family area – meaning no computers where you can’t see them?

Take another look at your passwords

• Have you changed the most important ones lately, like bank accounts, email, and Facebook?

• Have you moved from passwords to passphrases, to make it easier to create and remember complex passwords?

• Have you started using a password manager to keep all those passwords in a safe place?

• Have you talked to your kids or employees about changing and protecting their passwords?

Take another look at your bank accounts:

• Do you have a password management system, like ID Vault® or an anti-keylogger such as PRIVACYPROTECT®, on your computer to protect your bank logins and passwords from thieves?

• Have you opted for e-statements instead of paper statements, to protect your statements from being intercepted in the mail?

• Have you set up account alerts so that your bank or credit union can immediately notify you of any payments, transfers, or withdrawals?

• Have you changed your bank account password recently?

• Have you checked your statements for any unusual transactions?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In a recent report by the firm ID Analytics, more than 140,000 children across the United States were found to have been victims of child identity theft. The report supported other studies that have found the same troubling trend, as well as a growing awareness in the cybercrime community of the value of child identities and the ease with which they can be compromised.Today, the Daily Shield welcomes Steve Schwartz, Intersections’ Executive Vice President, Consumer Services. In today’s video presentation, Steve shares some thoughts on the growing problem of child identity theft.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell continues his security update series. Today,he writes about a recent string of Twitter attacks. The moral of the story? Beef up your Twitter and Facebook passwords!

Seems like hackers and scammers are not forgetting about Twitter when it comes to spreading malware, junk and scams. For a while there it seemed like Facebook had become the favorite child but a recent uptick in Twitter scams proves that as long as it’s a popular way to share and communicate, Twitter will always be a target.

In the most recent scam, Twitter scammers are circulating spam offering free iTunes gift cards. And they appear to have even gone to the trouble of actually creating accounts for non-existent users so they can make the scam look as real and convincing as possible. Clicking on the link in the message doesn’t get you to your free gift card, but instead of a variety of web sites, some of them dating sites, that request your personal financial information.

That scam came on the heels of another attack where the scammers used compromised Twitter accounts to spam thousands of users with messages about a get rich quick scam. Clicking on the link in that message took users to web sites designed to look like local newspaper, where fake participants gave glowing testimonials about how much money could be made from these work-at-home schemes.

And only a week ago, thousands of Twitter users received tweets from friends promoting the miracle “beach body diet.” Turns out it was just another Acai berry promo but again it appeared as though many Twitter users had their account passwords compromised.

As usual, these attacks have common threads, and one of the most common in a compromised password. These scams work best when the messages appear to come from friends. And that’s usually achieved by hacking the “friend’s” Twitter account by taking advantage of a weak password.

Lessons learned?

• If you haven’t already done so, beef up your Twitter and Facebook passwords. Ideally they should be 8-12 characters, and a random mix of letters, numbers and even symbols.

• Protect your password at all times and don’t share it with others, even for fun.

• Don’t use the same password for multiple web sites. That’s a common practice and makes it much too easy to exploit mistakes.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Unfortunately, there is a lot of consumer apathy about the topic of identity theft and credit fraud. So, Neal O’Farrell, Intersections’ Consumer Security Adviser is back today with his ten tips that are guaranteed to make you an easy mark for identity theft.

Continue to believe that it can’t happen to you

Apathy is the biggest enemy, whether it’s towards your health, wealth, or security. If you don’t take security seriously, refuse to accept that you could fall victim to identity theft, and fail to take responsibility for your own security, you stand a much greater chance of being victimized.

Assume zero liability means you have nothing to lose

Zero liability has given many consumers a very false sense of security, and the belief that if identity theft costs them nothing, they have nothing to worry about. But zero liability does not mean zero risk, zero responsibility, or zero loss. Zero liability won’t cover your costs, the emotional harm, time off work, or damage to your credit.

And just because your bank or credit card company says you won’t be on the hook for credit fraud losses, that doesn’t mean you won’t fall victim and face losses. Zero liability can be discretionary, and in many cases financial institutions can take weeks and often months before they return any lost funds or wipe away any debts. And when it comes to compromised bank accounts, small business owners don’t enjoy zero liability at all.

Don’t monitor your credit, or watch it constantly

If you’re not watching you credit reports like a hawk, you’re unlikely to spot the tell-tale signs that someone is trying to steal your identity. It could start with a number of applications for new credit, which can be accepted or declined. A determined thief will keep trying, and if you are not watchful, a simple fraud attempt could easily turn into a more serious identity theft.

Surf where and how you like

So many identity thefts are now being triggered by malware that lies in wait on infected web sites. With so many legitimate web sites are now believed to be infected with malware, you need to be ultra cautious where you surf, what you click on, and what you download. If you don’t, you increase the chance that very nasty malware will work its way on to your computer, steal your information, and hijack your identity.

Talk too much, especially on Facebook

Another sure-fire way to lose your identity is blabbing too much. Facebook has become a haven for identity thieves looking for all that personal information that they need to steal your identity and that you might be giving away free. Things like family background and history (your mother’s maiden name), where you were born, where you went to school, where you work and worked, and your date of birth – all of immense value to thieves. Here’s a great article to help keep you safe – Ten Privacy Settings Every Facebook User Should Know.

Get careless with your password

A number of recent high profile attacks have exposed a number of things we’ve known all along – that most users still use very weak and easy to crack passwords, and they use the same passwords for multiple web sites. So if a hacker gets your password in an attack on one site, they could do a lot more damage.

Trust too much, especially when it comes to email

Phishing continues to be a major threat, and getting more sophisticated every day. If you’re not aware of what phishing is, can’t recognize the tell-tale signs of a phishing attempt, and don’t know how to respond (or not respond), you stand a much greater chance of being hooked by “phishy” bait. If you aren’t sure, the Anti-Phishing Working Group has compiled a list of recommendations to help you avoid this type of scam.

Don’t properly protect your credit cards and accounts

Just like with your credit reports, if you’re not watching your bank account and credit card statements constantly and carefully, you won’t spot any signs that your account is being tapped or dripped, or those small test transactions thieves will often use to test your vigilance before launching a major assault.

Don’t manage your personal information properly

A very easy way to fall victim to identity theft is to not protect your paperwork and possessions. That includes hiding personal documentation in the home (especially financial statements, tax returns, and anything with your Social Security number on it), protecting personal documents at work or when travelling, and not protecting your mail.

Don’t Think Security First

The key to staying off the radar and out of the traps of thieves is to think security first. That means constant vigilance – don’t worry, it eventually becomes second nature – so that you think about security before you click on an attachment and not afterwards, think about security before you create or use a password, think about checking your credit reports before you find out there’s something wrong, and so on.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Advisor joins us today with a simple procedure to make sure that you’re not unwittingly sharing photos on Facebook.

Facebook is once again on the hot seat over privacy, and this time it’s all over something called facial recognition that the company announced last year but just very quietly introduced in the past few days. In fact, if you’re a regular Facebook user you probably won’t see anything about the new change on your Facebook page, any mention that it even exists, and worst of all, no mention that you’re now opted in to this troubling new feature without your permission.

Here’s how it works. As your friends add more photos to their albums, Facebook’s new technology will try to determine if any of the faces in the photos look anything like you. If they do, Facebook will urge your friends to tag the photo with your name. It’s not your decision, but the decision of the person uploading the photo.

You don’t get to approve any of the tags before they happen, but instead have to go to the trouble of un-tagging any photos you don’t want tagged. This is something that is not explained at all by Facebook.

Facebook probably thought that if they introduced this very controversial feature very quietly, they would avoid any serious media scrutiny and consumer complaints. But as Facebook should have learned by now, nothing goes unnoticed any more.

And now security experts and legislators around the world are once again criticizing Facebook’s sneaky insult to user privacy. According to Graham Cluley of security firm Sophos “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.”

PC World was even stronger in its criticism “Facebook is officially getting super-creepy,” adding that “the new facial recognition technology, which was announced in December but only introduced to a small test group, is basically Facebook’s way of creating a huge, photo-searchable database of its users. And yes, it’s terrifying.”

And according to PC World, Facebook’s members upload over 200 million photos every single day, adding to the estimated 90 billion photos that already reside on Facebook. Many of the privacy concerns revolve around how easy it could be for inappropriate photos of you to end up being viewed and judged by complete strangers around the world, without your knowledge or permission – photos that may not actually be of you.

“At the end of the day, Facebook’s facial recognition technology is downright creepy,” said Sarah Jacobsson Purewal of PCWorld. But what’s even creepier is how hard Facebook makes it for the average user to disable facial recognition. It even took me quite a while to figure it out, and it’s very obvious that Facebook is doing everything possible to make sure as many users as possible find it hard to opt out and just give up.

Here’s how to opt out of facial recognition – bear in mind, you’re wasting your time looking for any link or reference to facial recognition on Facebook because they absolutely refuse to even use the term.

• Click on the Account link at the top right of your Facebook page and go to Privacy Settings (I really hope this is a place you’re very familiar with!)

• Towards the bottom of the page you’ll see a lonely little link “Customize Settings.” Click on that link and scroll down to “Suggest photos of me to friends.”

• Next to “Suggest photos of me to friends,” click on “Edit Settings>”

• You’ll probably see that this feature has been “Enabled” by default, meaning that if you do nothing, facial recognition will always be turned on.

• Change Enabled to Disabled, and you’re done. At least until the next time Facebook tries another sneaky privacy end-run.

Editors Note: Since writing this article, the Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission, asking the FTC to bar Facebook from using the facial recognition technology.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.