Zeus Malware Program Designed to Steal Data

While those familiar with Greek mythology know of Zeus as the king of the gods, those familiar with identity theft know that the mighty Zeus has a much more sinister side. Zeus is the name of a malware program that has been around for a while and is designed to steal data. Recently this program was used to phish people’s information when they made online purchases. While you are probably familiar with phishing emails, you may not have heard of this newer and similar scheme.

With this Zeus attack, legitimate merchants are having their websites taken over. When a customer goes to make a purchase, a popup window appears stating that the person needs to create an account with either MasterCard SecureCard or Verified by Visa to continue. These legitimate services are, ironically, designed to give you greater Internet security. They require you to set up a password to use when shopping online so that people who have your credit card number and three digit security code still can’t use it to shop online without your permission.

However, when you “sign up” for these protections through a Zeus hacked site, this of course isn’t the case. To register for one of these services, you’ll need to – understandably: – provide your credit card information. If you enter your credit card information on a hacked site, well, the rest is history.

To prevent this from happening, pay attention to your online surroundings, so to speak. If you notice a suspicious popup window on a site that is not itself suspicious, get off the site and contact the webmaster. Sometimes webmasters don’t know that their sites have been victimized. Either they don’t visit often or the attack hasn’t been going on very long

– usually the latter. If the site itself is suspicious, it’s likely the webmaster knows and is probably embracing the practice.

Before entering personal information, even if you’re just signing in to an existing account with your username and password, look for the Web address to start with “https” instead of just “http.” Also look for the lock icon, which is just like what it sounds like. It appears to be a padlock and should show up in the bottom right corner of your screen. If the page is super secure, you might see a green address bar. This is not something to worry about…. its a good thing.

While this Zeus virus is, obviously, out in the open now, it doesn’t mean it’s not still out there – plus – you may have already been victimized and not realized it. That’s where identity theft protection can come into play as your fallback option. To paraphrase an old commercial, it works hard so you don’t have to. If you’ve seen a questionable popup or you do in the future, it’s smart to run a virus scan on your machine. Sometimes malware can take residence on your computer behind the scenes – logging keystrokes or recording your preferences so it can send you spam.

Lessons From A Colorado Scam

Colorado based business got a little more than what they bargained for thanks to a lax security policy on a website that was completely open to the public. This site was one that contained registration data for companies located in the state. While having registration data viewable to the public is normal, and it can actually help you determine that you’re dealing with a legitimate business, the problem arose when people were allowed to edit the business listings at will – no user name or password required.

Guess who discovered this and used it to their advantage? Identity thieves of course. They found that they could change business’ addresses and other contact information, which allowed them to apply for lines of credit in the business’ names. They were then able to make purchases for their “businesses” at retailers like Home Depot, Apple, Dell and Lowe’s. The charges to Home Depot alone topped $750,000.

So why were there no security measures in place? No one worried about identity thieves accessing the database. A spokesman for the Colorado Secretary of State told ComputerWorld that this was done on purpose so that the directory would be easy to use. The only safeguard they had, though, was if they requested to be emailed if their records were updated.

Would an identity theft protection service prevented these thieves from creating the lines of credit? Probably not. Why I bring this to your attention is because it brings up an interesting point. Just because you’re careful with your personal information doesn’t mean others that have access to it are as careful. Your information could show up on a website without your knowledge or someone could pretend to be you just by knowing one little detail, like your home address.

The difference is this. If you have identity theft protection, thieves will still be able to get your information if they try hard enough, but the service can prevent them from using it or shut them down as soon as they try to use it once. Instead of having $750,000 of debt on your hands to ruin your credit rating, the damage will likely be minimal, and you can probably get any expenses you incur refunded. If you have no protection you are taking chances, just like the millions of other Americans who will learn things the hard way this year.

Missing Hard Drive Contains Sensitive Student Information

Investigators at Western Michigan University are in the process of hunting down an external backup hard drive that went missing from an office desk back on January 25, 2011. Although they haven’t determined whether the hard drive was actually just lost or was actually stolen from the premises, they do know that there was personal information of students and staff saved on the drive–including names and Social Security numbers.

Although the university feels the risk of identity theft is low, they are still offering anyone who is concerned about their personal data identity theft protection services and insurance for the next year to ensure their information will not be used inappropriately by identity thieves. The search for the hard drive, however, is still in place, and anyone with information is encouraged to contact the Western Michigan University office.

School Exposed Over 30,000 Student and Faculty’s Personal Information Online

An unsecured computer server left thousands of students and faculty member’s personal, sensitive information available online through search engines at the University of South Carolina Sumter. This information included social security numbers of about 31,000 students and faculty members.

As soon as the information was discovered, individuals whose personal data was posted were contacted by mail on March 1st and encouraged to monitor their credit reports for unusual activity. Those who attend or work at the University of South Carolina Sumter campus and any of the other local campuses, should be made aware of the incident and are strongly advised to watch for identity theft on their financial and personal accounts. This can also be done with identity theft protection services, available for sign-up and registration online.

College Inadvertently Posts List of 6,000 Students Personal Data Online

Due to an employee error, the Missouri State University is now spending over $40,000 repairing possible damage to their student’s personal and financial information.

During a compilation of students by semester for accreditation, a list of students- including their Social Security numbers, was inadvertently posted on an unsecured server and indexed by Google, making it accessible to the public.

There has been activity on the list, but they appear limited and sporadic. However, Missouri State University it working closely and has been able to remove the files from Google and their cache system. In addition, the university is contacting all students whose information was accessible, and is paying for identity theft protection services for all.

After notifying the Missouri Attorney General about the incident and serving disciplinary action on the employee who made the file accessible online, Missouri State University is taking the proper steps to ensure all of their computers and networks are secure and protected from having a similar incident ever occur in the future.

Identity Thieves and Tourists

The long winter days mean lazy days for identity thieves. With all the tourists traversing the country, many of whom are unfamiliar with their surroundings, it is prime season for yanking wallets, purses and passports. No matter what city you’re visiting, or what city you’re visiting from, you need to be extra careful to keep your personal information safe – not to mention other belongings – like your camera.

Here are some tips to prevent identity theft while travelling:
• Keep an eye on your luggage. While this may seem like a no brainer, it happens all too often. An unsuspecting tourist looks up to check the arrival times for the train and looks down only to see that his Samsonite slip into a departing car. Hold the handle while you look.

• Store valuable items on your person or in a hotel safe. In this case, valuable items mean your passport, your driver’s license, your extra cash. You’re asking for trouble if you bring along fancy jewelry or other pricey valuables. Insist on them tagging along? Buy insurance.

• Use an indoor voice. If you have to give sensitive information out orally. Perhaps you need to tell a reservation agent your credit card number over the phone; if you do, speak only loud enough for the person on the other end up the line to hear you, not for any passersby. Try to use a cell phone instead of a pay phone so you can speak in a more private place.

• Never make reservations by sending an email if they require credit card information. There are no guarantees the information transmitted this way is secure.

• Be careful what sites you visit if you’re going online from you hotel, the airport, an Internet café or any other public place. While it’s okay to check the performance
schedule for a play you want to see or to download a map to your next destination, don’t log in to your bank account, pay bills or do any online shopping. The networks are not secure like the one at your home (hopefully) is. There could be a hacker sitting at the table right next to you posed as another tourist. There is basically no way for you to know.

If you get travel insurance before you leave for your destination, it’s likely the insurance will reimburse you for the value of items in your suitcase, but very few plans will help you if identity theft occurs. Instead, it’s smart to have a separate identity theft protection plan to supplement this coverage.

Identity Theft Ring Racks Up Over $200,000 in Fraudulent Store Purchases With Black Market Credit Information

A number of suspects have been arrested after being linked to a crime ring in Central Florida which has stolen thousands of credit card number fraudulently through company credit card terminals.

In this particular case, all the victims of identity theft and fraudulent purchases were linked to a hotel in California–Se San Diego Hotel. Guests who had stayed at this hotel had their credit card information hacked through the card terminal, in which the gathered information was sold online and used by identity thieves to rack up thousands of dollars in store and online purchases.

American Express reported $187,000 alone was spent fraudulently, specifically at Target stores in Florida. Once they were traced, the ring of identity thieves were followed by the Secret Service and were found to have made over $20,000 in purchases in just two days. They used the credit card information that they purchased to make fake credit cards and gift cards, and charged thousands of dollars in debt to unsuspecting victims.

The damage this ring has done is extensive. There is still a continued investigation in place as the issue is being resolved with credit card companies and the victims. However, if you think you may have been a victim of this incident, it is imperative that you contact your credit card companies to place a credit freeze on your accounts, as well as invest in
identity theft protection services to ensure your financial accounts are protected and monitored for suspicious activities.

World’s Largest Stem Cell Bank Victim of Theft, Putting 300,000 at Risk for Identity Theft

An employee of the world’s largest stem cell bank company, Cord Blood Registry (or CBR, Inc.), had company property stolen from his vehicle back in December of 2010. Two months later, Cord Blood Registry is notifying their customers of a possible data breach.

Stolen from the vehicle were storage tapes and a laptop that included unencrypted information about registrants. This data, which includes credit card information, driver’s license numbers and Social Security numbers, has not been recovered.

Cord Blood Registry, Inc. is offering all those affected free credit monitoring services for a year to assist in monitoring credit reports and financial accounts for fraudulent and suspicious activities. While this doesn’t ease many customer’s concerns regarding their financial future, it is an attempt to apologize and make the situation right. However, clients are frustrated at the lack of concern for their information, knowing their data was unencrypted and sitting in an employee’s vehicle where it was easily accessible.

Fake Debt Collectors Poised to Commit Identity Theft

Residents of the state of Indiana are requested to be on alert due to a rash of identity thieves posting as debt collectors. According to the state’s attorney general, these collectors have a large amount of personal information about their potential victims, which is making them more susceptible to falling for this scheme – and losing a rather significant amount of money.

The identity thieves are posing as collectors for official sounding agencies, like the IRS Collection Service and aggressively trying to browbeat their targets into repaying alleged debts in order to prevent being sued, being arrested or being thrown in jail. They are asked to either wire money to the thief’s account or to provide information about their bank accounts.

If the consumer doesn’t fall for the scam the first time, thieves have been known to call them over and over again to the point of harassment, along with using increasingly abusive language when speaking to them. The point is to make the consumer so upset and worried that he or she will do anything to make the harassment stop.

So how do the thieves already have information, such as addresses, birth dates, Social Security numbers and possibly even closed bank account numbers? Simple. They’ve collected them from past data breaches. This makes consumers even more vulnerable because it can cause them to trust the thieves when they shouldn’t. The thieves may also ask them to verify the information they have and then provide additional information, which will only make things worse in the long run.

Whether you live in Indiana or not, be wary if you get a call from a “debt collector.” Ask that the person send you a collection notice in the mail, which, if the company is legit, it is legally required to. Legitimate agencies are not allowed to make harassing or threatening phone calls.

If the person already has information about you, such as your Social Security number, it would be wise to contact the three major credit bureaus and have fraud alerts put on your credit files. This is also the time when you should sign up for identity theft protection services before anything major happens with your credit.

You can also report the harassing calls to the Federal Trade Commission by calling 1-877-FTC-HELP.

University Contacted Regarding Publicly Available File, Leaves 13,000 Students at Risk

Chapman University and Brandman University are undergoing an investigation after a student reports a file with financial aid information and student identification number of approximately 13,000 students,past and present. The file included sensitive financial information, as well as Social Security numbers, of students in which could be used for identity theft. The breach was brought to the attention of school officials after a student came across the file in a “non-secured” folder.

The investigation shows that there was only one person that had accessed the file–the student that reported it–however, they are sending information to all affected students as to how to guard against identity theft. The universities are also offering free identity theft protection services to students to help protect their personal and financial data from unauthorized and illegal use.

Next Page »