tagged w/ online fraud
-
We have seen a huge increase in job scams over the last few days targeting people making use of classified advertisement sites to look for employment. How do you separate the legitimate job offer from the scam? Here are some quick and easy checks you can do:We have seen a huge increase in job scams over the last few days targeting people... more
-
-
While the word “encrypt” does not occur even once within the ARRA, the guidance that the Department of Health and Human Services (HHS) provides for complying with the HITECH Act portion of the ARRA is full of encryption direction.While the word “encrypt” does not occur even once within the ARRA, the... more
-
-
Evaluating Security Information Event Management (SIEM) solutions is important, as they come in a lot of different flavours. So, in order to sift through the multitude of solutions, the buyer needs to ask the hard questions. Here are some of the key questions that need to be taken into consideration:Evaluating Security Information Event Management (SIEM) solutions is important, as... more
-
-
As part of the shake-up at General Motors, GMAC is now called Ally Bank. Naturally, scam emails are going out asking people to update their old GMAC account record through Ally Bank. DO NOT FOLLOW THE LINK or OPEN THE ATTACHMENT. You will be infected.As part of the shake-up at General Motors, GMAC is now called Ally Bank. Naturally,... more
-
-
Every year, Sybase holds a technical conference devoted to bringing great minds together, both from Sybase and from its customers, known as Techwave. Techwave gives customers the unique opportunity to interface directly with Sybase engineering, product and executive management.Every year, Sybase holds a technical conference devoted to bringing great minds... more
-
-
IT is widely seen as a strategic, not a tactical, function of the business. The job of the IT team is to set and implement an IT strategy to meet a business need, rather than developing the tactical technology to support the business need – which, more and more, is left to specialist experts. Nowhere have we seen this more than in security.IT is widely seen as a strategic, not a tactical, function of the business. The job of... more
-
-
People get so upset, understandably, when an organization loses a laptop with SSNs, or has one stolen. But now, upon hearing that crooks don’t even need to steal SSNs, but can just generate them from commonly known information and use them until the victims discover the crimes, it is puzzling why so many people don’t see this as something to be concerned with, and to demand changes for.People get so upset, understandably, when an organization loses a laptop with SSNs, or... more
-
-
Small and medium sized businesses (SMBs) are an attractive target for identity thieves. According to the Institute of Consumer Financial Education (ICFE), SMBs usually qualify for larger lines of credit, “enjoy extended payment terms and less transactional scrutiny for large purchases or high value ticket items than individual customers.”Small and medium sized businesses (SMBs) are an attractive target for identity... more
-
-
On July 29th, as I was following up on a story that flashed across my Twitter stream about 30 certified employees of a school district finding themselves victims of ID theft, I found something that should not have been there...On July 29th, as I was following up on a story that flashed across my Twitter stream... more
-
-
RSA, the Security Division of EMC recently released several research reports that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA, the Security Division of EMC recently released several research reports that... more
-
-
Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate.Thieves prey on our deepest and strongest emotions, and two people madly in love and... more
-
-
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises” -Tom Gillis, VP and general manager of Cisco.
According to Cisco Systems’ Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy.“We see many signs that criminals are mimicking the practices embraced by... more
-
-
The majority of Twitter users don’t mind sharing their tweets (i.e. their Twitter updates) with the rest of the world. After all, sharing ones thoughts/actions is at the core of social networks like Twitter, Facebook, MySpace. However, what users often don’t realize is that in aggregate, their tweets paint a picture about who they really are.The majority of Twitter users don’t mind sharing their tweets (i.e. their... more
-
-
Simple social engineering tactics can often be used to get to sensitive information simply by supplying a valid SSN. I know many of the business companies I’ve called, when just doing unscientific tests, started out the call with, “May I have your account number please?” To which I say, “Oh, darn; I don’t have that with me! Could I give you my SSN instead?” And usually they say, “Sure; give me the SSN.” Bingo. Social engineering is powerful and used by many crooks.Simple social engineering tactics can often be used to get to sensitive information... more
-
-
Computerworld reports that one in five companies search social networking sites during the hiring process, although many experts believe that number is much higher. You may think that you’re immune to ID theft or misinformation because you don’t have any MySpace, Twitter or Facebook accounts- but read on and you will find that is far from the truth.Computerworld reports that one in five companies search social networking sites during... more
-
-
The idea of having confidential records shopped to competitors and then offered up for sale to the highest bidder would be enough to keep any CIO up at night. Yet, as scary as this scenario is, cyber extortion remains rare. The bigger threat - one that should legitimately keep IT professionals up at night - is on the inside.The idea of having confidential records shopped to competitors and then offered up for... more
-
-
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
-
-
Lexis-Nexis Breach Linked to Crime Family: One of the “old school” tactics that the organized crime figures use is going to the local watering holes and seducing young girls and finding out where they work. The mob’s tactic of dating new employees who work at companies that have access to customer data leads to Litan’s warning, “He’s not after your heart; he’s after your data.”Lexis-Nexis Breach Linked to Crime Family: One of the “old school” tactics... more
-
-
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
-
