identity theft en-US The World's 4 Biggest Credit Card Scams <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/the-worlds-4-biggest-credit-card-scams" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="credit card scanner" title="credit card scanner" class="imagecache imagecache-250w" width="250" height="140" /></a> </div> </div> </div> <p>You know that you need to keep your credit cards close and keep an even closer eye on your statements, lest you fall victim to <a href="">credit card fraud</a>. But how do credit card scams really happen? Here's a look at some of the biggest card heists, and how they went down. (See also: <a href="">Don't Be Fooled by 2014's Most Common New Scams</a>)</p> <h2>1. Fake Payment Terminals</h2> <p>In England in 2008, computer science student <a href="">Anup Patel</a> and an accomplice could have caused more than $27 million in losses to banks when they stole some 19,000 credit card numbers through gas station credit card terminals, and set up a home credit card factory to put those numbers on new, working cards.</p> <p>Devices known as skimmers, attached to a credit card scanner or ATM machine and painted to blend in, are a common way for thieves to collect card information. The pair also set up hidden cameras, in order to capture information consumers typed in, such as PINs or other identifying data.</p> <p>In this case, the scammers pocketed about $3.5 million &mdash; before they landed in prison.</p> <h2>2. Employee-Operated Skimmers</h2> <p>Sort of like the above example, but with more sleight of hand, is the technique of double scanning a credit card in a restaurant or retail establishment. A waiter or waitress can slide your card through the restaurant terminal to apply legitimate charges, then slide it through another scanner in an apron pocket to collect data for future fraud. The irony here is that you will probably tip the person who just robbed you. (See also: <a href="">Best Credit Cards for Dining Out</a>)</p> <p>In 2011, the <a href="">Secret Service busted a 28-person ring</a> who worked at steakhouses, targeting high-limit cards, and ran up $1 million in charges at luxury stores before getting caught.</p> <h2>3. Hackers</h2> <p>The largest thefts of credit card information hit the stores directly, not individual customers. Hackers sneak software onto the store's credit card processing computers, or break into databases where customer information is stored, accessing millions of card numbers at a time. Fortunately, the merchants and credit card companies involved typically cover any losses to consumers in these incidents.</p> <h3>TJX Companies: More Than 45 Million Card Numbers Stolen</h3> <p>With a <a href="">security hole that gaped open from 2005 through 2007</a>, the owner of T.J. Maxx, Marshalls, and other stores admitted that it would probably never know the full extent of customer information stolen from it. Because the breach had been going on so long before the company warned cardholders, lots of fraud was perpetrated using the stolen information, including $8 million in merchandise theft by one gift card fraud ring in Florida alone.</p> <h3>Target: 40 Million Card Numbers Stolen</h3> <p>Target advertised hard in the run-up to 2013's Black Friday, and was rewarded by millions of shoppers pouring through store doors. Unfortunately, many of those shoppers later found out their credit card information had been stolen when they swiped their cards at Target's registers. The culprit was a simple piece of malware installed on a company computer that managed to spread itself to every register of every store, and siphon up customer data as they swiped their cards. Target promised that customers would lose no money due to the breach, but Target lost big time, with a <a href="">46% decline in sales and a $61 million recovery bill</a>.</p> <p>It also cost CEO Gregg Steinhafel his job.</p> <h3>CardSystems Solutions: 40 Million Card Numbers Stolen</h3> <p>A <a href="">virus installed on computers of this third-party Mastercard and Visa transaction processor</a> in 2005 resulted in the compromise of 40 million customers' card numbers, in an incident that first awakened many consumers and credit card industry insiders to the very real danger of cybercrime. (See also: <a href="">Keep Your Credit Card Safe While Shopping Online</a>)</p> <h2>4. Credit Cards Created for Fake or Stolen Identities</h2> <p>If a thief steals your credit card number and starts running up charges, chances are you'll notice the illicit charges on your card statement and put a stop to it. But crooks who manage to take out new credit accounts in real or fictitious names can get away with running up more bills for longer.</p> <p>In 2013, <a href="">four conspirators were charged</a> in Trenton, NJ with setting up an elaborate network of fake identities to borrow more than $200 million. The victims here were mainly credit card companies and businesses, since many of the 7,000 false identities under which they set up credit accounts were fictional. They managed to create good credit profiles for their fictional identities by setting up shell businesses and reporting paid-off loans in the straw borrowers' names.</p> <p><em>Have you ever been a victim of credit card fraud? How did you find out?</em></p> <a href="" class="sharethis-link" title="The World&#039;s 4 Biggest Credit Card Scams" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Carrie Kirby</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Credit Cards credit cards credit theft crime identity theft scams Fri, 05 Sep 2014 15:00:04 +0000 Carrie Kirby 1203754 at 11 Terrifying Things That Can Happen When Someone Steals Your Phone (And How You Can Protect It) <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/11-terrifying-things-that-can-happen-when-someone-steals-your-phone-and-how-you-can-protect-it" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="smartphone" title="smartphone" class="imagecache imagecache-250w" width="250" height="140" /></a> </div> </div> </div> <p>A phone used to be a phone. Now, many of us live our entire lives through our phones. It's how we check our bank balances, organize our schedules, send emails and texts, and pay our bills. Most of us have hundreds, if not thousands, of photos and videos on our phones. They also house sensitive personal information that an identity thief would just love to get his or her hands on. In short, it's no longer a phone&hellip; it's our life.</p> <p>So when a phone is lost, or worse, stolen, we have every reason to panic. Here are 10 horrible things that can happen if your phone is stolen.</p> <h2>1. Your Bank Accounts Could Be Wiped Out</h2> <p>In an experiment conducted by Symantec, 50 smartphones were intentionally &quot;lost.&quot; On <a href="" style="text-decoration:none;">43% of those phones</a>, attempts were made to open the online banking apps. If you have the &quot;save user name&quot; option engaged, the thief only needs to guess your password. For some that will be easy enough to do &mdash; your phone gives out a lot of clues and if you have a guessable password you're in real trouble. That money can be transferred to another account, and you're left with nothing. The bank covers misuse of credit and debit cards, but hacked accounts are another story entirely.</p> <h2>2. Your Personal Photos Could Be Leaked</h2> <p>There is no shame in having &quot;sensitive&quot; photos of yourself or other people you are intimate with, on your phone. But those photos are for your eyes only. If someone were to access those photos on your phone, they could be uploaded to the web in seconds. It happens to celebrities all the time, but you don't hear about it happening to the public because the press doesn't have a story in it. However, it's all too common for thieves to steal those photos and spread them far and wide, which could make for a very embarrassing situation, or worse, as the next point will dive into. They could also<a href="" style="text-decoration:none;"> blackmail you for a lot of money.</a></p> <h2>3. You Could Lose Your Job</h2> <p>If inappropriate photos of you or your friends are leaked, it could quickly lead to a firing. It was obviously not your intention to let those photos get out, but that's nothing your employer will care about. If you have in any way sullied your reputation, you have also put a black mark against the company you work for. In some instances, the company won't care. But if you work in a business that requires its employees to be clean cut and professional at all times, you could see the dreaded pink slip. Even password-protected folders can be hacked.</p> <h2>4. You Could Lose Your Friends</h2> <p>Thieves are not exactly upstanding moral crusaders. They will have no problem messing with your life just for the sake of it, and that includes texting and calling people in your contacts list. There have been cases of thieves sending profane and rude texts to contacts, just for the fun of it. It's a laugh for them, but it could take more than a quick &quot;it wasn't me&quot; to mend those relationships.</p> <h2>5. Your Social Accounts Could Be Hacked</h2> <p>Your Facebook, Twitter, and Instagram channels are usually logged in automatically. If a thief has access to them, he or she could easily make your life very difficult by posting on your behalf. Suddenly, you've gone from being a nice person with nice posts, to a lurid or vicious individual hell bent on offending as many people as possible. Soon, your friends and family are unfriending you quicker than they can hit send. Employers also have access to your social channels, and it could reflect very badly upon you. You may have no choice but to shut down your accounts and start from scratch. But you'll have a lot of explaining to do first.</p> <h2>6. Your Identity Can Be Stolen</h2> <p>You have a lot of personal information on your phone. Some people I have talked to even keep pictures of their driver's license and SS card in their phone, just in case they need the numbers. Well, that's not a great idea. Using just the information you have in emails, photos, and other files, a skilled identity thief could have bank accounts set up in your name before you know what's hit you.</p> <h2>7. Expensive Calls Could Be Made</h2> <p>How much does it cost you to dial international numbers on your phone? You probably don't have that information close at hand because you don't do it too often. Well, it can cost from just 1 cent per minute, and over $3 per minute, depending on the country you call. A 60-minute call to Afghanistan on AT&amp;T will set you back $183. You can see how that can soon add up to thousands if you don't take the time to act.</p> <h2>8. Thousands of Dollars of Purchases Can Be Racked Up</h2> <p>You likely have apps like eBay and Amazon on your phone, as well as other shopping sites. Usually, you are automatically logged in to those sites, and if you do a lot of purchasing, you may very well have one click purchases set up. Once the thief realizes this, they can start shopping to their heart's content. They can set up a new shipping address, probably to an address that can't be traced back to them, and can also do a lot of instant downloads. They could even be spiteful, and just start making massive purchases just to mess with you and your life.</p> <h2>9. You Could Be Charged for Overages</h2> <p>Not everyone is on an unlimited plan. If you have a set number of minutes, texts and data every month, the thief could quickly eat those up and start costing you money every time they make a call, send a text or surf the web. Those small charges can soon add up to <a href=";topic_id=310136&amp;reply_id=206383" style="text-decoration:none;">hundreds</a> of dollars.</p> <h2>10. You Could Go To Jail</h2> <p>Now, this is unlikely. But if you work for an employer that gives you access to some very confidential information, and that information is on your phone, you could get in big trouble. Despite the fact that you had no intention of leaking this information, if it gets out because of your stolen phone the consequences could be severe, especially if you work for the government. Even if you work for a private employer, you may have signed a Nondisclosure Agreement, and this could violate it. So if you have photographs of highly sensitive data or product designs on your phone, you might want to delete them, or transfer them to a very secure location.</p> <h2>11. You Could Help Commit a Crime</h2> <p>It's quite possible that the phone was stolen from you for a specific reason, and not just a random theft. The thief may know that you work at a certain place, a bank or jewelers, and would text the boss or owner from your phone asking for information. Even worse, it may be someone looking to abduct a friend or colleague of yours, using texts or social media apps. Most of us communicate by those methods these days, imagine receiving a text from a friend asking to meet them somewhere. What would happen if you turned up and it was not your friend waiting for you, but someone wanting to do you harm? Get the picture? Yes, it's not only possible, it's easy to do.</p> <h2>So, What Can You Do to Protect Yourself?</h2> <p>Quite simply, you should prepare for the worst right now by taking steps that can protect you if your phone is stolen, or at least minimize the damage.</p> <h3>Password Protect Your Phone</h3> <p>Yes, it's a hassle. The latest data says we check our phones over 100 times a day. Having to enter a PIN every time we want to check email or send a text may be annoying, but it takes only a second or two and makes it tough for an average thief to get past the unlock screen. By entering a PIN, you will probably make the thief do a hard reset on your phone to make it usable. In that case, you have simply lost a device, not the sensitive information it holds. And if you can, use a PIN or lock code that is not easily guessable. 0000 and 1234 are all too common.</p> <h3>Install &quot;Seek and Destroy&quot; Apps</h3> <p>In conjunction with a PIN, you should definitely invest in an app that will help you find your phone, or wipe the data remotely. There are way too many to list here, so check the ratings and the number of downloads (you want a high number for both). Once installed, it will not only help you find your phone if you misplace it, but it can also wipe the data on it with a few simple steps.</p> <h3>Set Up Two-Step Authorization</h3> <p>As so much is tied to Google, and your phone, it's a good idea to add an additional layer of security. Google's <a href="" style="text-decoration:none;">two-step authorization process</a> means that if one of your accounts is compromised, you need access to another to verify it.</p> <h3>Register With an Identity Theft Protection Service</h3> <p>There a several out there, including LifeLock and Protect My ID, but your own bank may very well offer a service just like those for less money. They aren't very expensive, usually around $6-$12 per month, and will alert you if anyone opens accounts in your name.</p> <h3>Call Your Cell Phone Provider Immediately</h3> <p>You should have their customer service number stored in a place other than your phone. As soon as you notice the phone is gone, call them and let them know. They can take steps to ensure that you are not charged for anything, and can also deactivate the account. Make sure you have the IMEI and device serial numbers stored in the same place as the customer service number.</p> <p><em>Have you lost a smartphone or had one stolen? Did any of these terrifying things happen to you?</em></p> <a href="" class="sharethis-link" title="11 Terrifying Things That Can Happen When Someone Steals Your Phone (And How You Can Protect It)" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Paul Michael</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Technology identity theft lost phone smartphone smartphone theft Tue, 29 Jul 2014 17:00:04 +0000 Paul Michael 1169308 at Keep Your Credit Card Safe While Shopping Online <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/keep-your-credit-card-safe-while-shopping-online" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="online shopping" title="online shopping" class="imagecache imagecache-250w" width="250" height="166" /></a> </div> </div> </div> <p>I was at Home Depot at 6:07 a.m. on Black Friday. I needed new Christmas décor, and Home Depot had exactly what I wanted at low prices.</p> <p>So I got up early, thinking that if I didn&rsquo;t get there by 6:15 a.m., the stuff I wanted would be long gone. You can imagine how surprised I was when I got there and the store was fairly empty. The employees practically greeted me at the door and offered me coffee and donuts.</p> <p>Well, of course I said yes to the coffee and donuts. I had the sales flyer with me, so I pointed to what I wanted and the employees collected it all for me in a cart. I was back at my car at precisely 6:17 a.m., happy and on an exquisite sugar high.</p> <p>I went from Home Depot to Target and had a similar experience, but without the donuts (get with the program, Target!). It was clear to me that folks had decided to shop online. My suspicions were confirmed when I saw the recent numbers from comScore, a company that analyzes the digital world.</p> <p>Their research showed that consumers have already spent $10.1 billion online, which is a 16% increase over last year. They predict, for the entire season, that consumers will spend $43.4 billion online, which is up 17% from last year.</p> <p>But enough with boring stats. The fact is, if you shop online, you need to protect yourself. It might be the season of holiday cheer, but it&rsquo;s also the season of credit card scams.</p> <p>Here are some things you should keep in mind while clicking your way through the holidays. (See also: <a href="">The 50 Best Deals and Coupon Sites</a>)</p> <h2>Check the URL</h2> <p>Make sure you see &quot;https&quot; instead of just &quot;http&quot; in the web address. The &quot;s&quot; means it&rsquo;s a secure site.</p> <p>Now, according to the FTC, having the &ldquo;s&rdquo; isn&rsquo;t a fool-proof method for identifying a fake website because some scammers try to create a fake &ldquo;s&quot;. Good grief! But at least checking for an &ldquo;s&rdquo; is a step you can take to make sure you don&rsquo;t enter delicate information onto a site without the &ldquo;s&rdquo; in the address.</p> <h2>Use a Credit Card</h2> <p>Don&rsquo;t use a <a href="">debit card</a> for online shopping. A debit card is linked to your bank account, and if the website gets hacked, the thief will have access to your cash.</p> <p>Sure, you can probably get most of the cash back over time, but you don&rsquo;t need such trauma during the holidays. With a credit card, you have much better consumer protections, plus your cash accounts aren&rsquo;t in jeopardy.</p> <h2>Don&rsquo;t Fall for Phishing</h2> <p>If you get an email asking you to send your credit card account number and password, don&rsquo;t take the bait (sorry, I had to get in at least one lousy pun related to fishing).</p> <p>The email might say you need to update or validate your account due to a variety of issues, including suspected fraud. The email might even look like it came from your bank. No legitimate company will ever ask for this type of sensitive financial information via email.</p> <p>You have to be alert because scammers get more sophisticated all the time. I got an email that appeared to come from my daughter, who is at college. There was a link in the email, and I caught myself just in time. The scammer was clever to know that I might open the link quickly since it came from my kid. That was a close one!</p> <h2>Check Your Accounts Online for Fraud</h2> <p>This an oldie, but a goodie. I know you&rsquo;re tired of hearing it, but think about how often you use your credit card at a restaurant and your card leaves your sight. Even if you&rsquo;re shopping mostly online on a secure, well-known site, you&rsquo;re still exposed in other areas of your life. And what if the reputable, well-known site gets hacked? It happens.</p> <h2>Avoid Public Wi-Fi</h2> <p>It might be tempting to kick back with a latte in your favorite coffee shop while making purchases online, but it&rsquo;s not a good idea. Hackers are capable of breaking into Wi-Fi connections at <a href="">hot spots</a>. Better to get the latte to go and shop at home than take the risk.</p> <h2>Use Virtual Credit Card Numbers</h2> <p>These are also sometimes referred to as &ldquo;disposable&rdquo; or &ldquo;one-time use&rdquo; numbers. Some issuers offer this service and it allows you to use a temporary number that's tied to your actual credit card account. When you buy an item, you use the temporary number assigned to your account.</p> <p>So if the site you shopped on gets hacked, the thief can't access your real number. They get a bogus one. This keeps your real account number safe. Now, the details for this service vary by issuer. Visa offers this service, and they call it &ldquo;Verified by Visa.&rdquo;</p> <p>It might sound a little tricky to use virtual numbers, but trust me &mdash; the steps are usually pretty simple, and best of all, it&rsquo;s free.</p> <a href="" class="sharethis-link" title="Keep Your Credit Card Safe While Shopping Online" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Beverly Harzog</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Credit Cards identity theft online shopping Mon, 03 Dec 2012 11:36:32 +0000 Beverly Harzog 959572 at 5 Things to Never Keep in Your Wallet <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/5-things-to-never-keep-in-your-wallet" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="wallet" title="wallet" class="imagecache imagecache-250w" width="250" height="167" /></a> </div> </div> </div> <p>I lost my wallet at the mall the other day. I was paying my bill at the Hallmark card store, and at my next stop in Bath and Body Works, I had to borrow $24 and some change from my 10 year old daughter. My wallet was gone, and I had no recollection of what happened in the two minutes it took me to walk from one store into the next. (See also: <a href="">10 Things You Should Do Immediately After Losing Your Wallet</a>)</p> <p>I am a personal finance writer, creating hundreds of articles a year on the topic, including tips for preventing financial meltdowns. Yet here I was in the mall, poking through trash cans convinced some jerk took the cash and maybe the credit cards, and ditched the evidence. As all the hassles of what it would take to get back my identity flowed through my head, the only thing I really could not push out of my mind was how stupid I was. If anyone should know better about financial protection, it should be me. I was such a failure.</p> <p>I didn&rsquo;t have an updated list of credit card or contact information. My Social Security card was inside the wallet. Every <a href="">credit card/debit card</a> I own was in the wallet along with receipts for the purchases I had been making. I haven&rsquo;t felt so inadequate in a long time &mdash; I mean, I warn people for a living, yet what I practice is not what it is I preach.</p> <p>Despite my despair at being so careless, the story has a happy ending. A nice woman <a href="">returned my wallet</a> to the nearest department store and reported her find to mall security. Thankfully everything was intact, and I was even able to call my hero of the day to personally say thank you.</p> <p>However, my good karma that day does not negate my reckless financial behavior. So I am here to confess publicly my disregard for my own advice about wallet safety and add some additional tips about what to remove from your wallet to help avoid financial ruin.</p> <h3>Social Security Card and Birth Certificate</h3> <p>You may have needed this information for some specific purpose and just never took them back out of your wallet, purse, or briefcase, even though you see the documents every time you are looking for something else. Take out such personal information immediately, and file it in a safe at home. Someone with access to this information can essentially do anything you can do in your name, such as open a credit card.</p> <h3>Receipts</h3> <p>While store receipts may not have all of the data one would need to use your credit, debit card, or <a href="">personal identity</a>, they could provide just enough details for an experienced crook to figure out the rest. If you keep receipts for other reasons, clean them out of your wallet and your vehicle on a regular basis. Dispose of them by shredding them into pieces before they hit the garbage can.</p> <h3>Every Credit Card You Own</h3> <p>You never want to be without access to some kind of money in the event your wallet is stolen. Unlike me, you should only carry one credit card with you for emergency purposes and leave the rest at home. Write down the contact information and card number for each card you do carry, and file it in a safe place so you can easily report the card missing if your wallet is taken. If the thief has access to all of your credit and bank cards, you are basically a sitting duck and will have a mountain of hassle in front of you to get things back to normal.</p> <h3>Spare House Keys</h3> <p>If someone has access to your wallet, there is a strong likelihood your personal identification will lead a thief right to your home. A spare house key is an invitation to steal more. A thief can assume you are still at the mall searching for your lost wallet and may be inclined to go see what good stuff they can get from your house. Not only will you have safety concerns, you&rsquo;ll have to act fast to change locks and increase security at your home while at the same time trying to resolve your other lost wallet issues.</p> <h3>Your PIN Codes</h3> <p>Every card provider tells you to select a password that is easy to remember. Still, some people find they have to write down the information and keep it in their wallets next to their bank cards for easy access. This may be helpful to you when you need to use the ATM, but you can say goodbye to your bank account if you give the same details to the con artist that stole your wallet. Store your password as a phone number in your locked mobile phone or work hard at memorizing the PIN for the card you use most.</p> <a href="" class="sharethis-link" title="5 Things to Never Keep in Your Wallet" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Tisha Tolar</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Consumer Affairs financial mistakes fraud identity theft lost credit cards lost wallet Wed, 08 Aug 2012 10:36:41 +0000 Tisha Tolar 947945 at How to Choose a Better Password <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/how-to-choose-a-better-password" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="woman using laptop" title="woman using laptop" class="imagecache imagecache-250w" width="250" height="141" /></a> </div> </div> </div> <p>If you&rsquo;re addicted to the Internet like I am, chances are your life is full of passwords.</p> <p>Passwords for social networking accounts, bank accounts, frequent-flyer accounts, daily deal accounts &mdash; the list goes on and on.</p> <p>With so many accounts, of course, comes the increased possibility of being hacked, and a successful hack can make you feel violated and even <a href="">leave you broke</a>.</p> <p>So to help you avoid the embarrassment and hassle of a hack, here are a few tips on how to choose a better password. (See also: <a href="">Wise Bread's Guide to Identity Theft Prevention</a>)</p> <h3>What Not to Do When Choosing a Password</h3> <p>I&rsquo;ll get to the best ways to fortify your accounts with a solid password in a minute, but first we need to cover those things that you should never do.</p> <p>When creating a password, NEVER:</p> <ul> <li>Use only a word. Any real word is off limits. If it&rsquo;s in the dictionary, don&rsquo;t use it.<br /> &nbsp;</li> <li>Use your user name or real name. That&rsquo;s just common sense. Also avoid using the name of another person or pet in your life. If the hacker is someone you know, these are the first words he or she will use to try to gain access to your information.<br /> &nbsp;</li> <li>Only put a digit in front or behind a password comprised of a real word thinking that you&rsquo;ve changed the game. That won&rsquo;t help you; hackers are on to that trick, too.<br /> &nbsp;</li> <li>Spell any of the off-limits words in reverse to beat the system. You won&rsquo;t.&nbsp;</li> </ul> <h3>What to Do When Choosing a Password</h3> <p>You don&rsquo;t have to be a rocket scientist to establish a password that&rsquo;s nearly impenetrable. Here are some ways to create one that most hacking programs can&rsquo;t crack.</p> <p>Use a <em>combination</em> of the following techniques to create a strong password:</p> <ul> <li>Use at least eight characters &mdash; a combination of numbers, upper- and lower-case letters, and punctuation marks. More characters is always better.<br /> &nbsp;</li> <li>Shorten a favorite (but not famous) movie quote or song title to only the first letter of each word in the quote or title. For example, change the &quot;Casablanca&quot; quote &ldquo;Here's lookin' at you, kid&rdquo; into HLAYK. (Although, again, using something less famous is better.) To further protect it, add a series of number to the end of it, perhaps the year &ldquo;Casablanca&rdquo; was released &mdash; 1942. You also can choose to lowercase some of the letters, such as the <em>A</em>. The final password would be HLaYK1942. To make it ever stronger, replace the <em>A</em> with the @ symbol to create the password HL@YK1942.<br /> &nbsp;</li> <li>Throw a punctuation mark into the middle of a word. Example: Wise$Bread.<br /> &nbsp;</li> <li>Use a word you like and can remember, then remove the vowels and replace them with numbers or punctuation marks.<br /> &nbsp;</li> <li>Misspell a word in your password on purpose.<br /> &nbsp;</li> <li>Use your imagination to come up with a password that has no significance in the real world. Just make sure you can remember it.</li> </ul> <h3>Additional Tips for Keeping Your Password Safe</h3> <p>Once you have that password created, keep it safe by following these suggestions:</p> <ul> <li>Never save a file on your computer containing your passwords. That&rsquo;s just asking for trouble. If you must, write the password on a piece of paper and lock it in a safe. It&rsquo;s best, however, to never write it down &mdash; which is why it&rsquo;s important to choose a password you&rsquo;ll remember.<br /> &nbsp;</li> <li>Never give your password to anyone for any reason. No one needs to know your password. If someone wants it, it&rsquo;s for nefarious purposes. You can count on that.<br /> &nbsp;</li> <li>Never respond to an <a href="">email requesting your password</a>, even if the email claims to be from someone of authority. Your respective networks will NEVER contact you via e-mail asking for your password information.<br /> &nbsp;</li> <li>Try using a password management tool such as <a href="">LastPass</a> or <a href="">KeepPass</a>. Not only do they increase your level of security, they also simply your life by requiring that you only remember one password.</li> </ul> <p><em>How did you create your password? Does it adhere to these tips? Let me know in the comments below.</em></p> <p><em>EDITOR'S&nbsp;NOTE: Some advice in this article has been updated.</em></p> <a href="" class="sharethis-link" title="How to Choose a Better Password" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Mikey Rox</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Technology avoiding scams identity theft online safety Mon, 06 Aug 2012 09:48:42 +0000 Mikey Rox 947010 at Google Yourself Challenge: How Much Can People Learn About You Online? <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/google-yourself-challenge-how-much-can-people-learn-about-you-online" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="" title="" class="imagecache imagecache-250w" width="250" height="140" /></a> </div> </div> </div> <p><em>This article is made possible by our underwriter </em><a href=";k4=3395&amp;k5={banner_id}"><em>Equifax</em></a><em>.</em></p> <p>By now, we&rsquo;re all familiar with the concept of Googling someone. If you&rsquo;re not (seriously, where have you been?), it&rsquo;s the act of typing a person&rsquo;s name into the search engine to learn more about them. You can find lots of information about an individual through Google, such as where they live, where they work, their level of education, and if they have a criminal past.</p> <p>While others may Google you, however, it&rsquo;s just as important for you to Google yourself. Why? Because the pictures, videos, and other personal information about you online will affect you at some point in your life &ndash; whether you know it or not.</p> <h3>Who Is Searching for Your Information?<b><br /> </b></h3> <p>Several types of people might try to find out about you online. Here are a few types to be especially aware of.</p> <p><b>1. Employers</b><b><br /> </b></p> <p>It used to be that the only background information an employer had on you was the resume and references you provided. Then came the Internet. While your resume and references are still helpful to employers, they&rsquo;re secondary to the online research that potential employers conduct about you. Employers aren't stupid. They know that anyone can fake a resume and coach their references on what to say. But Google doesn't lie. Not only will employers check your name on Google to verify facts, but they&rsquo;ll dig deep to make sure you don&rsquo;t have anything in your past that will reflect unfavorably upon the company.</p> <p><b>2.</b> <b>Creditors/Financial Services</b><b><br /> </b></p> <p>In the past, to get a loan you had to sit down with a loan broker and hand over your financial standing on paper. The problem with that was there was a lot of room for fudgery &ndash; paper can be copied, modified, and even forged. Nowadays your credit score is stored in an online database, which is accessible to anyone in a position of power to give you money.</p> <p><b>3. Stalkers</b><b><br /> </b></p> <p>Stalkers can learn about you on Google, but they can also follow your every move through your social networks. Have you heard those horror stories about people getting robbed blind while they&rsquo;re not home because they posted about how they&rsquo;re enjoying their glorious vacation all over Facebook? It happens &ndash; but that is the least of your worries. What if a stalker showed up at your job or followed you around based on the information you&rsquo;ve posted and shared? It&rsquo;s tragic and frightening.</p> <p><b>4. ID Thieves</b><b><br /> </b></p> <p>Shopping online is easy and fun &ndash; until your identity is stolen. You&rsquo;re setting yourself up for potential disaster by storing your credit card info on the sites from which you purchase frequently, but you&rsquo;re still not completely safe even if you avoid this practice. In fact, keeping a credit card at all sets you up for identity theft because credit card companies store all of their users&rsquo; information digitally. When a security breach occurs, like <a href="">the one at Global Payments recently</a>, your card is compromised along with your peace of mind.</p> <h3>What Tools Will They Use?<b><br /> </b></h3> <p>There&rsquo;s more to this than Googling &ndash; here are the tools people are most likely to use to get information on you.</p> <p><b>1. Google</b></p> <p>Google is the number one way for any of us to find information on someone we search. Literally. It&rsquo;s the most visited website in the world. Most of us search for information about other people for benign reasons, but there are bad apples everywhere.</p> <p><b>2. Facebook</b><b><br /> </b></p> <p>Know what the number two most-visited site in the world is? Yep, it&rsquo;s Facebook. While we don&rsquo;t have a lot of control regarding what lands on Google about us, we have absolute control about what people can discover about us on Facebook. If someone wants to know what you&rsquo;re up to, you can bet they&rsquo;re browsing your profile.</p> <p><b>3. Online Police/Sex Offender Registries</b><b><br /> </b></p> <p>If you think your past won&rsquo;t come back to haunt you, you&rsquo;re wrong. Employers especially use these sites to make sure you&rsquo;re telling the truth when you check that box saying that you&rsquo;ve never been convicted of a felony. It&rsquo;s better to be up front about your indiscretions than fib about it and get caught. At that point, you look like a criminal <i>and</i> a liar.</p> <p><b>4.</b><b><br /> </b></p> <p> is intriguing and interesting because it&rsquo;s an incredible way to learn about your family history. But like any other tidbits of information about you that appear on the web, the information on Ancestry can inadvertently cause you more stress than you signed up for.</p> <h3>How to Protect Yourself<b><br /> </b></h3> <p>You could stop using the internet entirely&hellip;just kidding. Follow these steps.<b><br /> </b></p> <p><b>1. Research Privacy Settings and Set Privacy at Maximum</b></p> <p>Every social network you join has privacy settings. If you don&rsquo;t manually change them, you&rsquo;ll receive the default settings. Those default settings are rather loose, because it <i>is</i> a social network after all, and the whole point is for you to share with the community. Sharing doesn&rsquo;t have to mean putting yourself at risk, however. Check your privacy settings and configure them accordingly. On Facebook, for example, you can choose to have your profile public or private. Keeping your profile private will only grant those who you personally allow to have access to it, greatly reducing your chances of someone from accessing your information for nefarious purposes.</p> <p><b>2. Use Google Alerts</b><b><br /> </b></p> <p>It&rsquo;s not just celebrities whose names and likenesses are all over the web &ndash; you are, too. To keep track about what&rsquo;s posted about online as soon as it appears, set up a <a href="">Google Alerts account</a>. The service will send you a message whenever it comes across any web-based material featuring your name or selected keywords.</p> <p><b>3. Don't Share Your Password</b><b><br /> </b></p> <p>Never, ever give your password to anyone &ndash; even the employer who thinks it&rsquo;s OK to ask for it. Outside of the office, keep your password guarded even more closely. Pick strong passwords that are easy to remember with this great tip from Mozilla (via <a href="">Lifehacker</a>):</p> <p><iframe width="560" height="315" src="" frameborder="0" allowfullscreen></iframe></p> <p><b>4. Stay Completely Anonymous</b><b><br /> </b></p> <p>Unless it is absolutely necessary, don&rsquo;t use any personal information when creating online accounts or leaving comment on websites. Also avoid using the same account name on all the websites you visit. Doing so will allow stalkers to look through all your comments and figure out your real identity.<b><br /> </b></p> <p><b>5. Just Be SMART!</b><b><br /> </b></p> <p>You can&rsquo;t stay offline forever&mdash;and even if you do, other parties will still store your information online without your permission. Your only real option is to be as informed as possible about your online privacy so you can make the best decisions regarding your safety. If you don&rsquo;t want something online, don&rsquo;t put it there.</p> <p><i>It&rsquo;s time to open up this discussion. Have you Googled yourself? What are your thoughts about online privacy? Have you been a victim of hacking or stalking? Has your employer asked for your password? We want to hear about your experience with this subject in the comments below.</i></p><a href="" class="sharethis-link" title="Google Yourself Challenge: How Much Can People Learn About You Online?" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Mikey Rox</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Consumer Affairs Technology Equifax Google identity theft Mon, 16 Apr 2012 10:36:10 +0000 Mikey Rox 918806 at Warning: The Internet May Be Dangerous to Your Wealth <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/warning-the-internet-may-be-dangerous-to-your-wealth" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="" title="" class="imagecache imagecache-250w" width="250" height="166" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="Warning: The Internet May Be Dangerous to Your Wealth" rel="nofollow">ShareThis</a><p>Scott&rsquo;s phone wouldn&rsquo;t stop ringing. Sometimes, no one was there. Other times, it was one of those annoying recorded messages you have to listen to because it&rsquo;s from your bank or someone else you know. Meanwhile, his brokerage account was being emptied and the fraud unit couldn&rsquo;t get through.</p> <p>Sounds like a Grisham novel &ndash; but it isn&rsquo;t. It&rsquo;s just one of the scams the FBI&rsquo;s Internet Crime Complaint Center (<a target="_blank" href=""></a>) alerted consumers to last year. Established in 2000, IC3 now logs over 25,000 complaints a month.</p> <p>If you&rsquo;re thinking Internet fraud is something that happens to someone else, think again. According to <a target="_blank" href="">IC3&rsquo;s 2010 annual report</a>, 30 to 39 year old men have historically been the biggest, um, losers, but that&rsquo;s changing. As internet use has increase among women and people of all ages, so has their share of the fraud.</p> <p>Crimes involving either sellers being stiffed by buyers, or a buyers being stiffed by sellers headed the FBI&rsquo;s 2010 hit list.</p> <p>Other top Internet scams on the FBI list involved:</p> <ol> <li>Criminals impersonating FBI agents to defraud victims;</li> <li>Identity theft;</li> <li>Crimes that targeted or were facilitated by computer networks and devices;</li> <li>Work-at-home &lsquo;opportunities&rsquo;, fraudulent sweepstakes and contests, and similar schemes.</li> </ol> <p>Scammers know that desperate people do desperate things. So it&rsquo;s not surprising that complaints during 2009 and 2010 were up 30% over the prior two year period.</p> <p>While the perps are rarely found, among those who were, nearly 75% were male and more than half were based in California, Florida, New York, Texas, District of Columbia, and Washington. Outside the U.S., the UK, Nigeria and Canada accounted for the largest number of Internet scoundrels.</p> <p>Sad to say, you can&rsquo;t even trust your loved ones. No, <i>they&rsquo;re</i> probably not trying to involve you in a crime, but email from <i>them</i> may be. IC3 reports that by hijacking email and social networking accounts, cyber criminals can turn your network into a money machine. In the typical ruse, your friends receive an urgent email from <i>you</i> &ndash; actually, it only appears to be you. You&rsquo;ve been robbed while on vacation and you&rsquo;re in desperate need of cash. Believing it really is you, they rush to your aid and send money.</p> <p>When IC3 and other watchdog agencies spot a recurring scam, they issue a special alert. Here&rsquo;s the 2010 lineup:</p> <ul> <li>Mystery/secret shopper schemes;</li> <li>Counterfeit check schemes targeting U.S. law firms;</li> <li>Haitian and Chilean relief fraud;</li> <li>Rental and real estate scams;</li> <li>Telephone attacks used to cover financial fraud;</li> <li>Requests for help from someone who&rsquo;s &lsquo;stranded&rsquo;;</li> <li>Fraudulent sweepstake / lottery winner notifications;</li> <li>Payday loan collection calls.</li> </ul> <p>So what can you do to protect yourself from cyber crime?</p> <ol> <li>Use strong passwords (i.e. the longer the better; use a combination of letters, numbers, symbols, and small and large capitals). Change them frequently, particularly on your financial accounts. Avoid using a standard pattern that can be easily broken if someone learns a few of your passwords. Consider using a random password generator. Be vigilant about protecting them.</li> <li>Check your credit card statement carefully and dispute anything you don&rsquo;t recognize. Some criminals start with a small charge to see if you&rsquo;re paying attention.</li> <li>Never enter financial information &ndash; including your social security number, drivers license, or credit card or bank account number on a web address that doesn&rsquo;t begin with &lsquo;https&rsquo;. Never email that information to anyone. And never give it to someone you don&rsquo;t know.</li> <li>Set your web browser and email preferences to alert you to addresses that may not be what they appear to be. Look carefully at email addresses: &lsquo;kate.lister@...&rsquo; may be someone pretending to be &lsquo;katelister@...&rsquo;.</li> <li>Check your credit report at least once a year to make sure no one is fraudulently using your name. You&rsquo;re entitled to a free one annually from each of the top three credit reporting agencies at <a target="_blank" href=""></a>. (Just watch out for the upsells.)</li> <li>Make sure the junior and senior web users in your family know how to protect themselves.</li> <li>Check out ICT&rsquo;s <a target="_blank" href="">Internet Prevention Tips</a> for advice about avoiding specific types of fraud, and the <a target="_blank" href="">FBI&rsquo;s &ldquo;Be Crime Smart&rdquo;</a> web page.</li> </ol> <p>If you <i>are</i> the victim of an internet crime, or even if you spot one without falling for it, <a target="_blank" href="">report it to ICT</a>. They read and log every report. While your single incident may not seem significant, it may help ICT spot patterns of fraud. With a little luck, the combination of many anonymous tips like yours may just bring a cyber criminal to some real world justice.</p> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Kate Lister</a> and published on <a href="">Wise Bread</a>. Read more <a href=""> articles from Wise Bread</a>.</div></div> Small Business Resource Center identity theft internet crime internet fraud internet scams small business stranded scam Sat, 12 Mar 2011 20:17:31 +0000 Kate Lister 499267 at 10 Scams to Avoid in 2011 <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/10-scams-to-avoid-in-2011" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="Man trying to avoid an online scam" title="Man trying to avoid an online scam" class="imagecache imagecache-250w" width="250" height="165" /></a> </div> </div> </div> <p>You work hard for your money: an honest day&rsquo;s work for an honest paycheck. Unfortunately, not everyone has the same work ethic or honest streak that you do. There are people out there working hard to illegally part you with the money you earned.</p> <p>Fortunately for us there are organizations like the National Consumer League and the Federal Trade Commission who are working to help protect you from those slimy scammers.</p> <h2>Top Scams of the Year</h2> <p>Every year the National Consumer League releases a report on the <a href="">top scams of the year</a> where they feature the most-reported scams. You&rsquo;ll see many of the same scams showing up on the report year after year, so here are the top 10 scams from last year that you should continue to watch out for in 2011:</p> <blockquote><ol> <li>Internet: General Merchandise</li> <li>Fake Checks</li> <li>Prizes/Sweepstakes/Free Gifts</li> <li>Phishing/Spoofing</li> <li>Advance Fee Loans, Credit Arrangers</li> <li>Timeshare Resales</li> <li>Nigerian Money Offers (not prizes)</li> <li>Internet: Auctions</li> <li>Friendship &amp; Sweetheart Swindles</li> <li>Employment Agency / Job Counsel / Overseas Work</li> </ol> </blockquote> <p>Most of them are pretty self-explanatory, but you can find more explanation of each in the <a href="">scam report</a> (PDF).</p> <h2>Top Consumer Complaints</h2> <p>The Federal Trade Commission also has an annual report that you should check out, which lists the top consumer complaints of the year. Below are the top five complaints from the&nbsp;<a href="&quot;">last report</a>:</p> <blockquote><ol> <li>Identity Theft</li> <li>Third Party and Creditor Debt Collection</li> <li>Internet Services</li> <li>Shop-at-Home and Catalog Sales</li> <li>Foreign Money Offers and Counterfeit Check Scams</li> </ol> </blockquote> <p>Many of them look similar to the National Consumer League items, but the top complaint, <a href="">identity theft</a>, is a little different than the others. Most of the scams involve you interacting with the person or company that&rsquo;s trying to cheat you, so you can avoid the scam by avoiding the scammer.&nbsp;<a href="">Identity theft protection</a> is a little different because many times you don&rsquo;t even know right away that someone has your personal information and is using it illegally. You can find lots of tips for guarding your&nbsp;identity on the <a href="">Protect Your Identity</a> site from the National Foundation for Credit Counseling (NFCC) and the Council of Better Business Bureaus.</p> <h2>How to Avoid Scams</h2> <p>The FTC has a website called Onguard Online that offers tips on how to be safe online. One of the articles lists <a href="">ten things you can do to avoid scams</a>. Here are the top five tips, and you can check out the site for the other five and more details behind each tip:</p> <blockquote><ol> <li>Don&rsquo;t send money to someone you don&rsquo;t know.</li> <li>Don&rsquo;t respond to messages that ask for your personal or financial information.</li> <li>Don&rsquo;t play a foreign lottery.</li> <li>Keep in mind that wiring money is like sending cash: once it&rsquo;s gone, you can&rsquo;t get it back.</li> <li>Don&rsquo;t agree to deposit a check from someone you don&rsquo;t know and then wire money back.</li> </ol> </blockquote> <p>To keep up-to-date on new scams you can subscribe to the FTC&rsquo;s newsletter called <a href="">Penn Corner</a>, which&nbsp;sends out fraud alerts and updates. If you&rsquo;ve been scammed, the FTC put together a video on how you can <a href="">file a complaint</a> about your incident.</p> <a href="" class="sharethis-link" title="10 Scams to Avoid in 2011" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Ben Edwards</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Consumer Affairs articles from Wise Bread</a>.</div></div> Consumer Affairs fake check scam identity theft online scams scams Tue, 04 Jan 2011 14:00:14 +0000 Ben Edwards 429249 at Credit Card Fraud and How to Avoid It <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/credit-card-fraud-and-how-to-avoid-it" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="credit card theft" title="credit card theft" class="imagecache imagecache-250w" width="250" height="197" /></a> </div> </div> </div> <p>Credit card fraud affects thousands of people every year. During 2009, in the UK alone, &pound;440.3 million was lost due to fraudulent actions on stolen or cloned credit cards. In addition to this, &pound;59 million was lost after tech-savvy criminals developed sophisticated malware programs designed to hack into online banking accounts.</p> <p>But despite these frighteningly high figures, the cost of UK fraud has actually fallen by 28% from the previous year. And 2010 is seeing a further decrease, although official figures will not be known until early 2011. The decrease comes at a time when more people than ever are using credit cards and online banking, so it would suggest that consumers are becoming familiar with the types of fraud and how to spot (and avoid) them. (See also: <a href="" title="How to Avoid Phishing Scams">How to Avoid Phishing Scams</a>)</p> <h2>Types of Credit Card Fraud</h2> <p>The most widespread form of credit card fraud in the UK is <strong>Card-not-Present fraud</strong>. This has grown alongside the rising popularity of <a href="" title="How to Shop Online Safely">internet shopping</a>, as an online retailer does not see the card being used and therefore cannot always determine the authenticity. A fraudster of this type can obtain a card through mail fraud, skimming/cloning, or theft &mdash; then use it to buy goods online. They may even buy from the same sites as their victim, to reduce the risk of banks flagging unusual activity.</p> <p><strong>Mail fraud</strong> involves the criminal intercepting mail from their intended victim's bank or building. The fraudster can then register the card themselves and use it. People who live in buildings with a communal mailbox are particularly susceptible to this type of fraud.</p> <p><strong>Skimming</strong> is the term given to the practice of scanning a credit card using a device designed to harvest card details. These details can then be used to create a cloned card which may be sold to other fraudsters or used for CNP fraud.</p> <p>The most common place for skimming to occur is in a bar or restaurant, where customers have to hand their card over to the waiting staff in order to pay the bill. The card is taken by the staff and processed &mdash; but a corrupt employee may carry a skimming device which they pass the card through before doing the actual transaction.</p> <p>Often, the victim isn't aware that anything untoward had taken place until they receive a statement showing unfamiliar transactions. At this stage, the criminals may have been obtaining credit in the victim's name &mdash; another form of fraud known as identity theft or <strong>application fraud</strong>. Someone with a good credit score may not know this is happening until they apply for credit themselves and get refused.</p> <p>Due to the sophisticated nature of some of the devices used by criminals, it can be difficult to detect fraud. But there are steps everyone can take to lessen the chances of falling foul of the fraudsters.</p> <h2>Detecting and Avoiding Fraud</h2> <ul> <li>Only use trusted online sites, which display either <em>https</em>&nbsp;in the URL or have a locked padlock symbol in the status bar on the lower right. Sites that have these use an advanced form of encryption which prevents thieves from harvesting data as it's being sent from server to server.<br /> &nbsp;</li> <li>Using a PO box instead of a communal mailbox can lessen the chances of mail fraud. If this isn't possible, some banks may allow customers to collect cards from their local branch.<br /> &nbsp;</li> <li>Verified by Visa is a payment system set up to prevent card fraudsters committing CNP fraud. It's a way for online retailers to confirm a buyer's identity at time of checkout, by way of a special security password known only to the card holder. The password is chosen by the consumer when they register with VbV. When purchasing from a site which uses VbV, 3 digits or characters from the 6+ character password will be asked for, and the entire password is never entered. This is currently one of the most secure ways to buy online, as more and more e-merchants are signing up to the scheme.</li> </ul> <p>Banks are becoming more intelligent when it comes to fraud detection, and are able to recognize certain behavioral patterns on a customer's account which raises security issues. These can include a series of small transactions (usually under &pound;2) or usually large amounts being withdrawn. The former is one way in which fraudsters can tell if it's worth using a card, so banks are being trained to recognize this as a warning sign.</p> <p>It's recommended that if a consumer genuinely intends to withdraw a large amount from their account they contact their bank beforehand to inform them of the fact. This can then prevent any anti-fraud measures, such as a block being put in place for that instance.</p> <h2>Legal Rights and Responsibilities</h2> <p>In the UK, if money has been lost as a result of fraud, the card holder is only liable for repaying the first &pound;50, provided the fraud is genuine and not as a result of negligence (i.e., leaving the card on a bus or in an unattended bag). Reporting the fraud as soon as it's discovered increases the chance of money being recovered and the perpetrators being caught.</p> <p>The fraud department of each card provider should be contacted along with the police. Any online banking passwords should be changed and the credit reference agencies notified; they will place a fraud alert on the affected file in case the thief tries to commit application fraud.</p> <h2>The Consequences of Fraud</h2> <p>A victim of fraud may be left feeling vulnerable and afraid to trust anyone outside their close circle of family and friends. If you or someone you know has suffered at the hands of a fraudster, don't feel like you are alone. Seek advice and counseling and follow the preventative steps above to restore your peace of mind.</p> <a href="" class="sharethis-link" title="Credit Card Fraud and How to Avoid It" rel="nofollow">ShareThis</a><div class="field field-type-text field-field-guestpost-blurb"> <div class="field-label">Guest Post Blurb:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <p>This is a guest post by Louise Tillotson. Louise is a financial writer in the UK and her work has appeared on several websites, including as a <a href="">credit card applications</a> guide for Moneysupermarket. She has also written several pieces on <a href="">Voices in Finance</a> and related sites and runs a local community blog and site network called <a href="">Flintshire Families</a>.</p> </div> </div> </div> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Louise Tillotson</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Credit Cards articles from Wise Bread</a>.</div></div> Consumer Affairs Credit Cards credit card fraud identity theft Fri, 22 Oct 2010 13:00:28 +0000 Louise Tillotson 267834 at Cyber Crime: You're the Mark <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/cyber-crime-you-re-the-mark" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="cyber crime" title="cyber crime" class="imagecache imagecache-250w" width="250" height="165" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="Cyber Crime: You&#039;re the Mark" rel="nofollow">ShareThis</a><p>Pictures, PowerPoint slides, PDFs, even innocuous ads on legitimate sites can carry malware that will install itself on your PC by exploiting flaws in the browser you use. Undetected by anti-virus software, robot software can piggy-back on bank transactions, avoid anti-fraud detections systems, and send money to &quot;mule&quot; accounts operated by criminals in Eastern Europe. That's exactly what happened to 3000 bank customers in July, when online thieves stole $1 million dollars before they were <a href="">caught by M86</a>.</p> <p>Unsuspecting customers visited legitimate-looking websites to download, say, a screen saver. Others received an email with pictures of cute animals or a PowerPoint presentation with a patriotic theme and, responding to heartfelt exhortations to forward it or risk a lifetime of bad luck, they obediently sent it to friends.</p> <p>An isolated event?</p> <p>No. A new industry is springing to life using clever business development practices for product diversification and market expansion. Financial specialists have been hired to deal with tricky financial issues, and technical expertise has been hired to help them effectively and efficiently operate in a trans-national marketplace.</p> <p>The industry is cyber crime, and you're the mark.</p> <p>According to a <a href="">recent study</a> by Ponemon Institute, the 45 financial and technology companies that were studied experienced 50 successful cyber attacks a week, and more than one per company per week.</p> <p>&quot;We found that the median annualized cost of cyber crime of the 45 organizations in our study is $3.8 million per year, but can range from $1 million to $52 million per year per company,&quot; the study reports.</p> <p>Still not worried this could happen to you? Jeff Spivey told me in an interview recently, &quot;I'm certain there will be a cyber catastrophe in the next 18 months that will cause government to become involved.&quot;</p> <p>Who's Jeff Spivey? He's the former President and CEO of 35,000-member <a href="">ASIS International</a>, the preeminent organization for security professionals, and a trustee on the board of <a href="">ISACA</a>'s IT Governance Institute &mdash; &quot;a pace-setting global organization for information governance, control, security and audit professionals&quot; with 95,000 members. He's CEO of <a href="">RiskIQ</a> now, and he knows what he's talking about.</p> <p>His bigger concern is that companies don't understand how dependent they are on the Internet, and they don't understand that even if they 'get it', and have taken steps to secure their systems, their partners and vendors may not.</p> <p>The problem is, the rules have changed. &quot;A reset button has been pressed,&quot; Spivey says, &quot;but large companies have an inability to adapt to change.&quot;</p> <p>As a business owner, you have to decide how to manage change and determine what level of risk is acceptable. If you run a financial institution, or a health care facility, or if you just have a file of customer credit card number you've collected over the years, how do you know your systems are secure?</p> <p>&quot;You're going to have risk. Period, &quot;says Spivey. &quot;The issue is, is the level of risk acceptable to the enterprise?&quot;</p> <p>If you're a CIO, a CSIO, a CEO, or a board member, how do you know your enterprise is protected?</p> <p>&quot;Boards of Directors have no training in determining cost/benefit ratios for IT Security, and no stomach for asking tough IT Security questions of the CEO,&quot; said Brian Boake, a senior account executive with a Canadian firm <a href="">Avient Solutions Group, Inc.</a> &quot;CEOs are willing to fund lines of business, profit centers, but they're reluctant to fund systems that will stop information leaks. But as BP found out, leaks can be very expensive.&quot;</p> <p>Former FEMA Director John Copenhaver, now President and CEO of the <a href="">Disaster Recovery Institute</a> says, &quot;Executives and middle managers need to understand that genuine risk assessment is a must. Companies will be taken to task. The nature of being a senior exec isn't just to chart direction, it being responsible for protecting assets too.&quot;</p> <p>Part of corporate due diligence, as a matter of fiduciary responsibility, is to ensure cyber-security along with physical preparedness, business continuity, and emergency management procedures, he says.</p> <p>&quot;Some of us like to think we have [IT security] under control. But of all the hazards and risks we face &mdash; it's a long list and growing fast &mdash; security of information is one of the most critical because it's the most pervasive threat we face today.&quot;</p> <p>How do you do that? My experience (from a previous incarnation as a Naval Officer teaching <a href="">computer security and privacy</a> at the Department of Defense Computer Institute and for the FBI) is third-party assessment of people, processes, and technologies, but you have to know what's important. A tiger team may find a weak spot in your access and authentication system, but do you care about that as much as the fact that you have data leaking to China?</p> <p>Still, most cyber crime is committed not by organized crime but by what might be called 'disorganized crime.' Web attacks, denial of service threats, malicious code insertions, and disgruntled insiders and former employees account for more than 90 percent of the cyber crime costs.</p> <p>You don't stop such attacks &mdash; you manage them.</p> <p>Can you?</p> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Tom Harnish</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Small Business Resource Center articles from Wise Bread</a>.</div></div> Entrepreneurship Small Business Resource Center Technology cyber crime identity theft online security small business Thu, 09 Sep 2010 21:59:33 +0000 Tom Harnish 227177 at How to Do What Identity Theft Protection Companies Do...for FREE <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/how-to-do-what-identity-theft-protection-companies-dofor-free" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="burglar alarm" title="burglar alarm" class="imagecache imagecache-250w" width="250" height="140" /></a> </div> </div> </div> <p>Protecting and monitoring identity theft has become a big business. Simply Google &quot;identity theft protection&quot; and you'll find dozens of business outfits offering to protect your all too important identity for a measly $10, $12, or $20 per month. (See also: <a href="" title="How to Prevent Identity Theft">How to Prevent Identity Theft</a>)</p> <p>What will they protect? Sometimes, that is not clear. Dig a little deeper and you'll find that each of them tend to have similar claims as to how your identity will be blanketed with protection if you subscribe to their service.</p> <p>What you may not know (and they probably don't want you to know), is that you have the power to do what they can. &quot;And how much will it cost me?&quot; you may ask. Nada!</p> <p>Let's go through each of benefits that these identity theft protection companies typically offer you and highlight how you can do the same for free with little effort required.</p> <p><strong>Benefit #1: Free credit reports</strong></p> <p>Credit reports are an important way to see if any accounts have been opened in your name or credit inquiries have been made on your social security number. The identity protection companies will send you these as part of your service.</p> <p><em>Free Alternative:</em> You can get three free credit reports annually from the U.S. government-backed <a href=""></a>.</p> <p><strong>Benefit #2: Free credit fraud protection alerts to all 3 credit bureaus</strong></p> <p>You can add a fraud alert message to your credit report to help protect your credit information. Fraud alert messages notify potential credit grantors to verify your identification before extending credit in your name in case someone is using your information without your consent.</p> <p><em>Free Alternative:</em> You can do this for free every 90 days. You simply do it with one of the three credit bureaus, and they alert the other two. Here's the link to <a href="" target="_blank">Experian's fraud alert</a>.</p> <p><strong>Benefit #3: Removal from junk mail lists</strong></p> <p>With less <a href="" title="Eliminate Junk Mail With the Click of a Button">junk mail</a>, there is less opportunity for your identity to be stolen via mail fraud.</p> <p><em>Free Alternative:</em> You can do this for free at <a href="" target="_blank"></a>.</p> <p><strong>Benefit #4: Stolen wallet or purse protection services</strong></p> <p>The ID theft companies claim they will work with your card providers to ensure your cards aren't being used.</p> <p><em>Free Alternative:</em> Make a photocopy of the backs of all your cards and call the companies yourself if your wallet or purse is stolen. The odds are you will do this immediately anyway, versus waiting around for a third party to do it for you.</p> <p><strong>Benefit #5: Credit score monitoring</strong></p> <p>Some (not all) identity protection companies offer credit score monitoring. The ones that do are usually higher priced.</p> <p><em>Free Alternative:</em> There is no free solution to credit score monitoring. Some companies may offer you a free credit score, but you usually end up paying a monthly subscription shortly after if you don't cancel their service. The thing is, you don't really need monthly credit score monitoring. You really only need to know your credit score in anticipation of a big credit event, i.e., taking out a mortgage on a house or loan on a car. If you are paying for this every month, you are wasting money.</p> <p><strong>Benefit #6: $1 million insurance against identity theft losses</strong></p> <p><em>Free Alternative:</em> It has been debated whether or not ID theft companies really back up this promise. One thought is that they know if you do all of the above, it's rare that you will ever see identity theft losses. Another thought is that their disclaimers are so heavy that they would never pay for actual losses (and there are class action lawsuits out there that add substance to this claim).</p> <p>All you need to use all of the above methods is a calendar to keep track of when you should be doing them.</p> <a href="" class="sharethis-link" title="How to Do What Identity Theft Protection Companies Do...for FREE" rel="nofollow">ShareThis</a><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">G.E. Miller</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Consumer Affairs articles from Wise Bread</a>.</div></div> Personal Finance Consumer Affairs identity theft identity theft protection Tue, 24 Aug 2010 14:00:06 +0000 G.E. Miller 216452 at Cyber Security on the Road <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/cyber-security-on-the-road" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="" title="" class="imagecache imagecache-250w" width="250" height="166" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="Cyber Security on the Road" rel="nofollow">ShareThis</a><p>Whether you are on the road for a <a href="">business trip</a> or traveling full time with a location independent career, maintaining good cyber security is paramount. We have already discussed some of the <a href="">essential services for the road</a> required to keep your business going from anywhere. In this article, we'll look at how to protect your identity and electronic data while <a href=";218395891;41475468;y?;lpid=300&amp;openeep=17460&amp;ccsgeep=17460">traveling</a>, so you &mdash; and your business &mdash; return home safely every time.</p> <h2>Laptop Travel</h2> <p>When you travel with your laptop, you are protecting yourself against multiple risks, the primary ones being theft, damage, and loss. Here are a few techniques for how to manage these risks.</p> <h3>Keeping Sensitive Files Secure</h3> <p>If your laptop is stolen, your files could be accessed by a savvy robber. You can manage this risk by encrypting your files and folders. Programs like <a href="">TrueCrypt</a> (free) for Windows or FileVault (built-in) for Mac can be used to encrypt your hard drive so that if it falls into the wrong hands, nobody can access your sensitive information without your password.</p> <p>However, even if you encrypt your hard drive, if a customs authority wants access to your laptop, you are legally required to enter in your password to open all your files for inspection. As an additional (or alternate) method of protection, you can create <a href="">TrueCrypt hidden folders</a> to protect certain pieces sensitive information from an unwanted intrusion.</p> <h3>Backing Up Your Data</h3> <p>Protecting your laptop from damage and loss is mostly a matter of being prudent about how you carry your laptop and where you go. But accidents do happen, so regularly backing up your data is your fallback. The key is to back up your data regularly and religiously. Here are a few ways to do this:</p> <p><strong>1. Online Backups</strong></p> <p>There are a number of online backup services, many of which are free to use. Most employ encryption systems to keep your data secure. Some examples of online backup services are <a href="">Carbonite</a>, <a href="">Mozy</a>, <a href="">CrashPlan</a>, and <a href="">BackBlaze</a>. We'll discuss how to manage some of the risks of storing and transmitting your data online later.</p> <p><strong>2. External Hard Drives</strong></p> <p>Backing up data onto an external hard drive or USB drive is a preferred method for many travelers to keep their data safe. I like to use two versions of this strategy: I back up my entire laptop onto an external hard drive (which I am sure to keep in a separate place from my laptop), and I also store and encrypt some particularly important files on a USB drive which I keep in another secret spot.</p> <p><strong>3. Remote Backups</strong></p> <p><a href="">CrashPlan</a> has a free option that lets you back up your data to other (remote) computers. The data is encrypted while being transmitted, and is easily recoverable should you need to access it.</p> <h2>Password Storage</h2> <p>With increasing numbers of user names with complicated passwords, many of us are challenged to remember them all. Here are some online and offline password storage options:</p> <h3>Online Password Storage</h3> <p>There are many free services that allow you to create a database of user names and passwords (and often attach documents and pictures to them as well) to help you manage your online identities. They feature different levels of encryption, and I know many who swear by these programs.</p> <p>However, beware that storing and accessing your passwords online is only as secure as the computer you are using, the internet connection, and the cyberspace in between. In addition, having all your user names and passwords in one place makes it a hot commodity for hackers. If they can hack the one password you have to access the program, they can fairly easily <a href="">steal your identity</a>. Read on for some tips to increase the security of your passwords and decrease hacker-risk.</p> <h3>Offline Password Storage</h3> <p><a href="">KeePassX</a> and <a href="">Password Safe</a> are free programs that allow you to create an encrypted database on your laptop or USB drive. However, if your laptop/USB drive is stolen or damaged, you are once again in a position where you don't have access to the files you need, and/or may be at risk for having your password storage program hacked.</p> <p>I manage the risk of loss by having multiple copies of my encrypted database: one on my laptop and one on a USB drive, which I keep in a secret spot. This data is also backed up on to my external hard drive, so I have this risk managed as best I can.</p> <h3>Password Tips</h3> <p>In both the above cases of password storage, the weak link is the master password used to access the program. If somebody has this master password, then they have access to all your sensitive information.</p> <p>The best passwords are randomly generated and are at least eight characters. You can go to <a href="">GRC's Password Generator</a> and select any eight characters to get started. Now the challenge is to remember this password! If your memory isn't that good, you could write the password down on a piece of paper with no other information on it. Passwords not associated with any user name or program aren't particularly valuable. This method isn't infallible, but it's all about managing risk as best we can.</p> <h2>Accessing Websites Securely</h2> <p>Whether using your laptop or otherwise, securely accessing websites that have sensitive information (such as banking) poses additional risk. When you are traveling, you're at the mercy of the internet connection you are using, which is never as secure as what you have at the office or at home.</p> <p>To manage this risk, look for sites that have <strong>two-factor authentication</strong>. <a href="">Paypal offers this service</a>, for example. $5 will get you a device the size of a credit card that generates a rotating password. You need this randomly generated password in addition to your regular one to access your account.</p> <p>Many banks (and other secure website service providers) offer this type of service but don't advertise it, so it's worth asking.</p> <h3>Using Internet Cafés</h3> <p>If you aren't traveling with your laptop, you might need to use an internet café or public computer in your hotel. However, savvy hackers have a number of tricks up their sleeve to access your passwords and data, so here are a few precautions:</p> <ul> <li>If you have any concerns about the computer you are using, don't access websites with sensitive information.<br /> &nbsp;</li> <li>If you do have to log on to these websites, make sure you log out when you are finished.<br /> &nbsp;</li> <li>Delete the web history and close the browser before you leave.<br /> &nbsp;</li> <li>If you are on a VPN or other connection that involves clicking &quot;Yes&quot; from the browser to get online, be aware that the data is passing through another portal that could be insecure.</li> </ul> <p>If you are technically inclined, you can install a portable version of Firefox or Linux (such as <a href="">Xubuntu</a>, which is free) on a USB drive and load the browser directly from the USB drive to increase your secure browsing.</p> <p>Although you can't shield yourself completely from all cyber-security risks while you are traveling, you can help to protect your identity and electronic data by backing up and encrypting your data, managing your passwords, looking for two-factor authentication, and being careful about public connections. Happy traveling!</p> <script type="text/javascript"> federated_media_section = "platinum"; </script><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Nora Dunn</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Technology articles from Wise Bread</a>.</div></div> Small Business Resource Center Technology identity theft online security small business Fri, 16 Jul 2010 14:00:06 +0000 Nora Dunn 127682 at Investing in Web Security <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/investing-in-web-security" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="Saved files" title="Saved files" class="imagecache imagecache-250w" width="250" height="188" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="Investing in Web Security" rel="nofollow">ShareThis</a><p>Have you ever thought about what would happen to your business if you lost the data on your computer system? What would be the results to you if someone <a href="">hacked into your system</a> and obtained confidential information about your customers and employees? These are some of the security risks related to computer use. Small businesses need to recognize the cost of <em>not </em>properly addressing web security as well as the price tag for basic actions to prevent problems.</p> <h3>Cost of Computer Breaches and Failures</h3> <p>Your business life is on your computer &mdash; your customers, banking information, accounting and tax information, and more. If you experience a failure of your hard drive, you may be able to recover the data, but it will <a href=";218396076;41475586;v?;lpid=298&amp;openeep=17460&amp;ccsgeep=17460">cost</a> you. Most small businesses don&rsquo;t have IT departments on hand to address computer issues; they have to use outside experts for computer problems. Depending on your location and the extent of your problem, expect to pay an outside expert a few hundred or a few thousand dollars for data recovery. And don&rsquo;t ignore the cost of lost productivity; this could be thousands of dollars in down time. In extreme cases (your computer is destroyed by fire or your laptop is stolen), lost data can force you out of business. <a href=";nav_tree=179,103">One source</a> says 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster.</p> <p>If your computer has been hacked and confidential information compromised, you&rsquo;ll want to notify people in your database. About 45 states have data breach notification laws requiring companies to notify affected individuals that their &ldquo;personal identifiable information&rdquo; (PPI) has been obtained by outside hackers. According to <a href="">a recent survey</a>, the average cost of a data breach in 2009 was $204 per customer.</p> <p>What does this mean for your business? The costs of failures and breaches can be high, so it&rsquo;s better business practice to invest money preventing problems.</p> <h3>Backup Data</h3> <p>Technology developments have made it inexpensive and easy for any size business to protect data. For example, companies can use offsite backup services to automatic this daily chore. Set your system to backup nightly when it&rsquo;s not in use and you&rsquo;ll always have your data protected. Some companies charge a flat price (such as about $55 per year). Others use a sliding scale that depends on the amount of data you need to back up. Some leading companies for small-business backup include <a href="">Mozy</a> and <a href="">Carbonite</a>.</p> <h3>Use Cloud Computing</h3> <p>Instead of storing data on your computer, use online solutions that eliminate the need for you to keep software and data on your system. &ldquo;<a href="">Cloud computing</a>&rdquo; is a term usually used to mean what you do outside your computer&rsquo;s firewall. Cloud computing eliminates the need for backing up data. Yours is stored on servers elsewhere, depending on the vendor you use for a particular application.</p> <p>Take, for example, a simple business application like keeping your books. QuickBooks lets you buy software for your system and store your own data or you can use its online version. With the online version, you enter data through the Internet; your data is stored and protected by QuickBooks. The cost of the basic online version is $9.95 a month, compared with a one-time cost for software of $159.95.</p> <h3>Adopt Wise Computer Practices</h3> <p>While there is nothing you can do to be hacker-proof (Google was hacked in 2009 by some people in China), you can keep things safe to some extent.</p> <ul> <li>Limit access to your business computer so only authorized employees can view confidential information on your system.<br /> &nbsp;</li> <li>Encrypt data on laptops so if they are lost or stolen, your data isn&rsquo;t exposed.<br /> &nbsp;</li> <li>Use anti-virus software.</li> </ul> <h3>Work with IT People</h3> <p>If you depend heavily on your computer, any glitch can temporarily put you out of business and cost you money. You can, of course, call upon IT help, such as Geek Squad, when you run into a problem.</p> <p>It may be a better strategy to engage an IT company to monitor your system and provide immediate help when you experience a problem. The monthly cost for regular monitoring and on-call help may be modest, especially compared with the cost you could experience for lengthy down time while searching and waiting for someone to make repairs.</p> <script type="text/javascript"> federated_media_section = "gold"; </script><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Barbara Weltman</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Small Business Resource Center articles from Wise Bread</a>.</div></div> Entrepreneurship Small Business Resource Center Technology identity theft internet security small business Fri, 21 May 2010 01:01:54 +0000 Barbara Weltman 38844 at Cyber Crime: Can You Afford to Ignore It? <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/cyber-crime-can-you-afford-to-ignore-it" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="Hacked" title="Hacked" class="imagecache imagecache-250w" width="250" height="188" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="Cyber Crime: Can You Afford to Ignore It?" rel="nofollow">ShareThis</a><script type="text/javascript"> federated_media_section = "gold"; </script> <p>Are you worried that hackers in China might put you out of business? Do you have a business continuity plan? If not, you&rsquo;d better keep reading. Your company&rsquo;s financial well-being depends on it.</p> <p>Thanks to human nature, we all tend to ignore low-probability dangers, even if they pack a high penalty. That's why people live in Florida where hurricanes can clobber them, or in California where earthquakes can swallow them. That's why you probably don't have a good computer backup scheme.</p> <p>But what if you're wrong about how likely the threat is? Can your business survive if your computer, hard drives, or data are destroyed by hardware failure, hurricane, earthquake, or hackers?</p> <h3>New Ways to Ruin Your Day</h3> <p>Last week a supposedly helpful <a href="">antivirus program update shut down thousands of computers</a> every time users tried to restart. Computers in homes, companies, hospitals, libraries, government offices, and elsewhere suddenly became useless thanks to a routine process that quarantined an essential system file. There was no criminal intent, but the accident ruined a lot people's day.</p> <p>After we sold our flying business a few years ago, a contractor claimed the web shopping cart we'd paid him to build only belonged to us personally, and the new owner would have to pay a license fee. When we disputed his claim, showed him emails he&rsquo;d sent us stating the company could use it forever, and reminded him that we'd paid with company checks, he broke into the site through a &ldquo;back door&rdquo; and shut it down in the middle of the holiday gift buying season.</p> <p>Disgruntled employees, angry students, unruly mobs, and even enemy operatives have all destroyed computers and stolen information. But someone doesn't have to steal your computer or blow it up to threaten your livelihood&hellip;or your life.</p> <p>An informer's name showed up on a police department's payroll printout, an innocent administrative document. Only one problem &mdash; a drug dealer's girlfriend was the computer operator, and she recognized the informer&rsquo;s name. He soon became a former informer.</p> <p>The folks who designed and built the first ATMs were worried someone would hack into the machine&rsquo;s phone lines and tell it to spew bills. So they built in a sophisticated encryption algorithm. But unsophisticated crooks, oblivious to the sophistication, circumvented the fancy protection system. They backed a water truck up to the machine, filled it with water, and the money floated out.</p> <p>That was years ago, and both computers and computer criminals (and ATMs) have become much more sophisticated. Today, a single data breach can cost a company millions of dollars and remediation can be several times that.</p> <p>Russian cyber-criminals and organized crime hackers in the U.S. cost PayPal so much they were forced to develop expensive software to watch for patterns that would help them identify the culprits. It helped, and Homeland Security borrowed a page from their book and they&rsquo;re using the same approach to look for terrorists.</p> <p>Chinese hackers (apparently government sponsored) sent an instant message to a Google employee in China. They enticed her to click on a link that led to an apparently innocuous, but dangerous, website. The site allowed the intruders access to her PC, and through hers into the computers of a cadre of developers at Google headquarters in the U.S. Finally, they managed to break into a software library where they left a few lines of code that would allow them to return whenever they wanted to snoop for other vulnerabilities. Google (as far as they know) found it all within hours and plugged the holes.</p> <h3>Financial Consequences</h3> <p>Think about this for a minute: What if you batch out your credit card terminal at the end of the day and the funds go to somebody else's account? What if you received a letter, apparently from your bank, saying that your line of credit has been called, the funds are due within 15 days? What if you received an email saying, &quot;I know what you're doing, and you won't get away with it&quot;? (And what if your spouse received a copy too?)</p> <p>All bad enough, but trivial compared to what could happen if someone hacks into our national financial system, power grid, air traffic control network, or even our traffic light systems.</p> <p>What if Internet servers suddenly became confused and couldn't figure out the right destination for digital traffic? Think about that in the context of your website shopping cart, banking, and credit card services, and even your company&rsquo;s electric service. For that matter, spend some time thinking about how you'll get your medicine and groceries when stores can't communicate with warehouses or shippers, when gas pumps can't approve a credit card or pump gas without communications or electricity.</p> <p>In 2007, CNN ran a <a href="">dramatic video</a> that showed a huge generator being destroyed when vulnerability in its control software was exploited.</p> <p>In 2008, a war erupted between Russia and Georgia. The first salvo was a denial of service attacks aimed at Georgian websites including the Ministry of Foreign Affairs and national banks. The Georgians retaliated by attacking RIA Novosti, a Russian news agency and other sites. And then it became a shooting war.</p> <p>Today, new aircraft have radars than can inject destructive digital code into enemy radars, and the USAF is in the process of setting up a 6000-member 24th Air Force to support 1000 cyberwarriors.</p> <p>Should you be worried if Russia and Georgia duke it out in cyberspace? Maybe not. Should you plan for the possibility that someone will decide 9/11 didn't have enough impact and then carry out an attack on our power grid? Maybe you should.</p> <p>About 5000 attacks occur against just government and military websites every day, so this isn&rsquo;t hypothetical. Smart kids gone wrong, cyber criminals, and foreign agents are busy trying to find vulnerabilities they can exploit when the time comes. But this isn&rsquo;t just a military problem. Oil companies have been attacked, and financially sensitive information on the location, quantity, and value of oil discoveries has been stolen. And there&rsquo;s Google and PayPal, and Visa and Mastercard, and yes, even American Express. In a low-level way, they&rsquo;re all constantly under attack. And you are too. If you have a computer and connect it to the Internet, within 20 minutes it&rsquo;s infected even if your anti-virus programs don&rsquo;t know it.</p> <h3>Business Continuity Plan</h3> <p>How do you stop this kind of threat? You don't. You manage it, and you make sure you have a way to continue operating while under attack.</p> <p>In 1947 Albert Einstein famously said, &ldquo;I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.&rdquo; If a cyberwar breaks out or a hacker decides to strike, do you have paper and pencil procedures that will help you to stay in business, at some level, until sanity is restored?</p> <p>A business continuity plan can mean the difference between survival and failure. Depending on nature of your business such a plan could be the result of an afternoon&rsquo;s thought and a few pages filed away, just in case. But the time will be well spent.</p> <p>For bigger companies, the plan could be the culmination of an analysis of threats and their effect, a thorough asset management review that identifies available and relocatable resources (including manual work-arounds) and a cost effective disaster recovery solution. Such an extensive plan will also include a testing phase designed to convince your organization that it can work.</p> <p>Such a plan was developed by the Washington, D.C. Police Department, and I was asked by the Chief to help test a small part of it: their computer facility&rsquo;s security and emergency operating plan. It didn&rsquo;t go well.</p> <p>When I arrived, there was big sign pointing toward the computer center, a side door into a halfway protected with a cipher lock was propped open with a trash can, and I walk in unchallenged by waving an IBM badge. I put my briefcase next to their central processing unit, and called the Chief to tell him I was already in the computer room and had left my harmless but &ldquo;suspicious&rdquo; briefcase next to their multi-million-dollar computer. Things got exciting very quickly, but went according to plan. You&rsquo;ll have trouble finding the computer center today, and I guarantee you&rsquo;ll have trouble getting in, even if you&rsquo;re from IBM.</p> <h3>Do You Have a Plan?</h3> <p>Do you have a plan if hackers flood your website with bogus purchases or a hurricane floods your computer? Do you have a plan if The Big One happens? Do you have a way to conduct business entirely with <a href=";218396076;41475586;v?;lpid=298&amp;openeep=17460&amp;ccsgeep=17460">cash</a> if Chinese hackers decide to shut down our Internet?</p> <p>You&rsquo;re right, it&rsquo;s not very likely. But neither was 9/11, Hurricane Katrina, and the Northridge earthquake. And what about the Geological Survey estimate that a quake measuring 7 or greater has a better than 50% chance of occurring within 75 years, and will cost $390 billion. Is your company figured into those costs?</p> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Kate Lister</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Small Business Resource Center articles from Wise Bread</a>.</div></div> Entrepreneurship Small Business Resource Center Technology identity theft internet security small business Sun, 02 May 2010 20:03:50 +0000 Kate Lister 38899 at 5 Ways to Keep Customer Information Safe <div class="field field-type-link field-field-url"> <div class="field-label">Link:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="" target="_blank"></a> </div> </div> </div> <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/small-business/5-ways-to-keep-your-customers-information-safe" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="secure folder" title="secure folder" class="imagecache imagecache-250w" width="250" height="188" /></a> </div> </div> </div> <a href="" class="sharethis-link" title="5 Ways to Keep Customer Information Safe" rel="nofollow">ShareThis</a><p>Every time you do business with a customer or a client, you wind up with access to some very sensitive information, such as payment accounts. Due to the nature of that information, it's a must to protect it as if it was your own. After all, without appropriate protections in place, your clients may find themselves asking why they should trust you. It's becoming a bigger issue, as well: if you handle any part of your business online, the chances of someone gaining access to information immediately goes up. Despite that concern, there are steps you can take to keep your customers' information safe.</p> <h3>1. Create a written plan on what information you need to protect</h3> <p>Include where it is located and how you plan to protect it. In some states, you may even have a legal requirement to have a written plan. Paula deWitte is both a lawyer and an engineer. She spends a lot of time thinking about both the legal and technical requirements to protect information and has even prepared <a href="">courses for small business owners</a> needing more information on the topic. She says:</p> <blockquote>A business must have a written information security program in place. A business cannot defend that they are using reasonable procedures to safeguard SPI if they do not have the procedures written down. How else do employees know what to do? If I ask a business owner if they use reasonable procedures, they must have a written program and they must institute this program as a continuous process...Further, this is a good business practice. If a data breach occurs and a business is required to notify affected individuals, it's better to have a thought out plan that can be put into action instead of attempting to react to a crisis.</blockquote> <h3>2. Control access to paper documents</h3> <p>While it may be more convenient to leave filing cabinets unlocked and give access to everyone in the office, the truth of the matter is that there are always some records that don't need to be available to everyone. Whether it's the details of how your clients are paying to account details, controlling access to your records is important. Even something as simple as locking a filing cabinet can give you a measure of control. There can be reasons beyond your customers' comfort for securing this information, of course: just think of what a competitor might do with something as simple as a list of your clients.</p> <h3>3. Secure online records, especially if you use a website to process sales</h3> <p><a href="">Olive Juice</a>, a children's apparel company that sells its products online, has taken steps to protect their customers' credit card numbers, addresses, and other sensitive details at their website. Rather than just rely on an out-of-the-box ecommerce package, the company developed its own security package, relying on one-way hashes and secure encryption. The custom system allowed Olive Juice to balance customers' experiences using the site with offering rigorous security.</p> <h3>4. Back up your records securely</h3> <p>Simply backing up your computer to a hard drive is not necessarily a secure process, although you can improve on it if you take steps like keeping that hard drive offsite and limiting access to it. The number of backup solutions that incorporate some level of encryption and security has grown, allowing you to automate the process of backing up data. When choosing a backup solution, especially one that uses cloud storage online, your first step should be to check the level of security. Reliable companies tend to highlight their security measures on their websites. Those companies that don't even mention security are less likely to be able to keep your information safe.</p> <h3>5. Create a breach response template</h3> <p>Breaches do happen, no matter the size of your business. However, it's what you do after a breach that determines how your customers will respond. It's important to develop a template for how you will handle such situations, because, in the moment of a crisis, it's easy to miss an important step or two. A good plan will include how you plan to notify your clients (including a form email or call script if necessary), what you might do in response to certain situations (like a breach caused by an employee deliberately mishandling information) and perhaps some consideration for how you may create an incentive to keep your <a href=";218395891;41475468;y?;lpid=300&amp;openeep=17460&amp;ccsgeep=17460">customers</a> with you through the crisis (such as a coupon or a discount).</p> <p>One important consideration as you're thinking about how to adequately protect client information is just what should be considered sensitive. DeWitte says:</p> <blockquote>Over forty states have passed laws that make business owners liable for protecting sensitive personal information (SPI). SPI is the name and either the social security number, drivers license number, or financial account number of an individual. At a minimum, all businesses maintain the social security numbers of their employees so this law applies to them. The law has three duties for businesses: (1) to use reasonable procedures to protect SPI; (2) to property destroy or arrange for the destruction of SPI; and (3) to notify affected individuals if the business discovers or is notified that a data breach has occurred.</blockquote> <p>You may find it necessary to protect more than just what is required by law for your customers. If, for instance, you have a login system for clients to access their accounts on your website (not uncommon if you run an ecommerce site), you may need to also take steps to protect usernames and passwords for the site &mdash; especially if you save credit card information for your clients. It's also crucial to be aware of the legal requirements in your state, as well as any other states you routinely do business in. Certain federal laws may also affect your decisions, such as the CAN-SPAM law, which holds businesses responsible if their servers send out spam and mandates how businesses handle customers' email addresses. The FTC maintains <a href="">compliance guides</a> for such laws in order to help businesses protect their customers' information, including an in-depth guide and tutorial for businesses on how to handle sensitive information.</p> <script type="text/javascript"> federated_media_section = "platinum"; </script><br /><div id="custom_wisebread_footer"><div id="rss_tagline">Written by <a href="">Thursday Bram</a> and published on <a href="">Wise Bread</a>. Read more <a href="">Small Business Resource Center articles from Wise Bread</a>.</div></div> Consumer Affairs Entrepreneurship Small Business Resource Center identity theft internet fraud online security small business Sat, 17 Apr 2010 19:18:09 +0000 Thursday Bram 5755 at