CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Telling the teller your personal info may be a bad idea

Telling the teller your personal info may be a bad idea
March 18, 2016

sh_bank teller_750

Manhattan’s top district attorney says bank tellers are increasingly involved in identity theft, with his office prosecuting about one case a month involving tellers. The suspects often are part of larger identity theft rings, District Attorney Cyrus Vance said. “Bank tellers have access to very confidential data … they’re selling that to individuals on the outside, who will then take that information and turn it into credit cards or checks,” Vance said. One victim who did not want to be named because she said she continues to be an identity theft target said she had thousands of dollars stolen weeks before her wedding. A bank teller had stolen her identity—along with the identities of 28 fellow customers—she was told in a letter from Chase Bank informing her of the alleged theft. The letter said, in part: “A former employee may have accessed your account information without authorization and gave it to someone outside of Chase.” Chase notified authorities, fired the employee and reimbursed the affected customers, the bank said. Source: ABC News

Preying on the most vulnerable

sh_elderly_280A Riverside, Calif., woman was sentenced to five years in federal prison for stealing dozens of elderly patients’ private information at a convalescent facility. In January, a federal jury convicted Bridgette Jackson, 45, of possessing and conspiring to possess more than 15 identities, as well as aggravated identity theft. According to testimony, an employee at the now-closed Hillcrest Care Center provided Jackson with patient files. Jackson then used that information to help others file false tax returns in the names of the patients and keep the refunds for themselves. Officers recovered more than 50 Hillcrest medical records, along with almost 70 other identity profiles from Jackson’s home. They also seized more than 50 prepaid debit cards that did not belong to her. Source: KCBS, Los Angeles

That IRS tool to protect your data? Yeah, not so effective

In its effort to combat fraudulently filed tax returns, last year the IRS launched a new tool it claimed would better protect victims of identity theft. This week, the IRS announced that because of a possible security breach, it has suspended the tool, known as the Identity Protection PIN tool, or IP PIN, on the site. The IP PIN, a six-digit number assigned by the IRS to taxpayers who’ve been victims of fraudulently filed returns, was supposed to be the IRS’ strongest defense against ID theft. However, when a number of taxpayers who were victims of fraudulently filed tax returns in 2014 tried to use their IP PIN to file their tax returns this year, they learned that identity thieves had struck again—using their identity and their special IP PIN to file a fraudulent return. Through the end of February the IRS has confirmed it had detected and stopped 800 fraudulent returns using a stolen IP PIN. It hasn’t confirmed how many IP PINS were stolen or used to file returns fraudulently. Source: CBS News

Discarded domain names drive new hacker strategies

sh_domain name_280Cyber criminals are using expired domain names to find their way into computers. A group launched a malicious advertising campaign targeting visitors of popular news and entertainment websites after gaining ownership of an expired Web domain of an advertising company. Users visiting the websites of The New York Times, Newsweek, BBC and AOL, among others, may have installed malware on their computers if they clicked on the malicious ads., the website used by hackers to serve up malware, expired Jan. 1 and was registered again on March 6 by a different buyer, security researchers at Trustwave SpiderLabs wrote in a blog. Buying the domain of a small, but legitimate ad company provided the criminals with high-quality traffic from popular websites that publish their ads directly, or as affiliates of other ad networks, the researchers said. New York Times spokesman Jordan Cohen said the company was investigating whether the attack had any impact. Newsweek, BBC and AOL could not be immediately reached for comment. Source: Reuters via NBC News

Constant cyber attacks leave U.K. schools dazed

More than a third of United Kingdom universities are hit by a successful cyber attack every hour, according to a study that raises questions about institutions’ ability to cope with the rising tide of hacking. The survey of IT leaders at 50 universities found that almost all—87 percent—had experienced at least one successful cyber attack, such as the distributed denial of service attack. But what was striking was the reported frequency of the violations, with 36 percent of respondents saying that they had to contend with a successful cyber attack every hour. Such attacks can leave staff, students and institutions’ economic interests highly vulnerable. Forty-three percent of respondents said that hackers had targeted student data, including dissertation material and exam results, while a quarter had experienced intellectual property theft and had had research data infiltrated. Source: Times Higher Education

Anonymous trumpets attacks against Trump

sh_anonymous_280Hacking group Anonymous is urging followers to launch a barrage of cyber attacks on April 1 to take down Donald Trump’s websites and expose the “appalling” GOP presidential candidate. “We need you to shut down his websites, research and expose what he doesn’t want the public to know,” a person wearing the group’s trademark Guy Fawkes mask says in a video posted to an Anonymous YouTube channel. “We need you to dismantle his campaign and sabotage his brand.” In a separate written statement, Anonymous encouraged hackers to target the business mogul’s websites, including, and Anonymous also released Trump’s alleged personal details, such as his cell phone number and Social Security number, to help hackers harass the Republican presidential front-runner. Source: The Hill

A growth industry, if you have the right strategy

IDC Financial Insights says the cyber insurance segment is likely to see double-digit growth year-on-year, from $2 billion in premiums worldwide today to potentially more than $20 billion in the next 10 years. “Considering the scale and magnitude of the problem, it is obvious that there is huge potential for the cyber insurance market today,” wrote report author Sabitha Majukumar. Approximately 81 percent of large businesses and 60 percent of small businesses suffered a cybersecurity breach in 2014, according a March 2015 report by the U.K. government. On the whole, cyber crimes have cost the global economy an estimated $445 billion—”more than most countries’ GDP,” wrote Majukumar, citing the World Economic Forum’s “Global Risks Report 2016.” Source: InformationWeek

If you can crack Chrome OS, Google will pay you $100,000

sh_Chrome_280Although Google pays people for reporting security flaws in its software through a Reward Program, it looks like researchers are having some trouble hacking the current version of Chrome OS. The company is doubling the reward money from $50,000 to $100,000 after receiving zero successful submissions. The goal is to crack guest mode on Chromebooks. However, Google also is expanding the challenge to include methods for bypassing the operating system’s download protection feature in Safe Browsing. It’s unclear if this means Chrome OS is particularly safe from hackers, or if Google simply isn’t receiving that many submissions. The new reward money should encourage more researchers to root out any remaining security flaws in the operating system, and that’s a good thing for anyone who uses a Chromebook on a regular basis. Source: Techno Buffalo

Apple suggests FBI call NSA to crack an iPhone

In the showdown between Apple and the Justice Department over an iPhone used by one of the San Bernardino, Calif., shooting suspects, some observers are asking why hasn’t the FBI sought assistance from the National Security Agency—which employs some of the nation’s top hackers—to crack into the iPhone. Apple has touched on that question in briefs filed in the case. “The government does not deny that there may be other agencies in the government that could assist it in unlocking the phone and accessing its data; rather, it claims, without support, that it has no obligation to consult other agencies,” Apple wrote, noting that FBI Director James Comey danced around the question of NSA assistance when asked about it during a recent congressional hearing. If the FBI can’t on its own break into iPhones without NSA help, it should invest in developing that capability, Apple says, instead of seeking unconstitutional ways to force tech companies to assist it. Source: Wired

AmEx tells customers to monitor their accounts after breach

sh_American Express_280American Express has warned cardholders that their account information might’ve been exposed after a third-party service provider suffered a data breach. “Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident,” the company says in a letter to customers. The third-party provider, which isn’t named, is engaged by several merchants the letter explains. Cardholders should expect that their account number, name and other card details were compromised. American Express is monitoring accounts for fraud, and that cardholders should do the same and report any suspicious transactions. Source: CSO Online

What poor sports these bad guys are

Outdoor equipment retailer Bailey’s notified its customers that an attacker may have stolen payment card information from the company website and that the length of the breach was longer than once thought. Up to 250,000 consumers might have been affected. Credit card numbers, cardholder names, CCV numbers, credit card expiration dates, addresses and phone numbers, email addresses, login credentials to, and other information typed into the website related to customer orders might have been exposed. Customers are strongly encouraged to monitor to their accounts for suspicious activity and to change their login passwords for Source: SC magazine

Phone passcodes protected, but not fingerprints

sh_passcode_280Prosecutors in Oregon’s Washington County know they can’t force a suspect with an encrypted phone to provide the phone’s passcode. But sometimes they don’t have to. Apple iPhones have two security options: a passcode known only to the phone’s owner, and a biometric system that opens to the owner’s fingerprint. In Washington County, police can—and do—get warrants to force defendants to put their fingers on their phones’ biometric sensors. “We basically say that we want to seize that person’s fingerprint,” says Paul Maloney, Washington County deputy district attorney. So why will judges force people to provide their fingerprints to unlock phones, but not require them to give up their passcodes? It has to do with the Fifth Amendment, which protects citizens from incriminating themselves. For instance, police can force you to be part of a witness lineup. But they can’t force you to say anything while you are in the lineup. So if a police officer asks for your password, that’s making you testify. And you can’t be forced to testify because that could be self-incriminating. Source: Portland Tribune

Make your voice heard on Internet privacy 

The Federal Communications Commission is proposing, for the first time, privacy regulations for Internet service providers. The goal is to let consumers weigh in on what information about them gets collected and how it’s used. As they connect us to the Internet, ISPs have insight into our lives—websites we frequent, apps we download or locations we visit—and may use that data for their own promotions or sell it to data brokers to be used for marketing or other purposes. FCC Chairman Tom Wheeler says ISPs do have to collect a lot of this information simply to run their businesses. “All we’re saying in our proposal is that you, the consumer, ought to have a say in whether they can repackage and use information, which is basically your information, not their information,” Wheeler says. Wheeler’s plan, expected to be formally proposed on March 31, would let consumers opt out of programs allowing ISPs to use the data to offer you other services themselves, but would require explicit opt-in consent for data to be shared with third parties. Source: National Public Radio



The post Telling the teller your personal info may be a bad idea appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started