On a scale of 0 to 5 (0 being nearly invisible, 5 being at risk), how much of your identity is exposed on the Internet? If you’re wondering, there are some tests you can try that will give you a good idea of you Identity Exposure index (iEi). Here are the tests I performed and some calculations you can use. I chose these tests because they could give an identity thief enough information to impersonate you under the right circumstances. For example, knowing your mother’s maiden name and a former address might be enough to get past a security question or two. Heaven forbid your Social Security number shows up anywhere on line!
Keep in mind that this isn’t absolute by any means; it’s more of a quick-and-dirty estimate. But what you find might surprise you.
Use any top search engine. I used Google. My test results are shown in parentheses.
1. Search your name in the form you commonly use; e.g., Ken Harthun, not Kenny, Ken G. or other variants. Count the number of accurate hits on the first page. (9)
2. Search your full legal name as it appears on your birth certificate. Count the number of accurate hits on the first page. (3)
3. Search your mother’s married name, with and without her middle name and middle initial. If her maiden name shows up anywhere on the first page, count 10; if not, count 1. (10)
4. Search the last six digits of your Social Security number, including the dash. If your name shows up anywhere on the first page, count 10; if not, count 1. (1)
5. Search your home phone number with area code. If your current address is shown, count 10; any former address, count 5; else, count 1. (5)
Now, add all the scores. Maximum score is 50. Divide by 10 to get your iEi. It’s your choice whether or not to round off.
As you can see, my score was 28, so my iEi is 2.8, which is above the median. For comparison purposes, I also did the tests using my wife’s information and her iEi is 0.7. That makes sense because she does almost nothing on the web, save for checking her one Yahoo! mail account.]]>
On Oct. 7, the District Attorney of Queens County, N.Y., and City of New York Police announced the results of a two-year investigation that resulted in the biggest identity theft takedown in U.S. history.
The elaborate scheme, which involved five organized crime rings with ties to Europe, Asia, Africa and the Middle East, resulted in financial losses exceeding $13 million over a 16-month period.
So far, 111 individuals have been indicted, and authorities say 86 are now in custody.
The operation was dubbed “Operation Swiper.”
The criminals focused on credit card fraud, using stolen credit card numbers which they then used to create counterfeit credit and identification cards. Skimming devices were used in restaurants and on bogus websites to obtain the credit card numbers.
“The counterfeit cards were supplied to hired shoppers who were instructed to purchase high-end electronics and other merchandise, items that could easily be fenced and re-sold, usually over the Internet. Some of the shoppers also have been accused of using counterfeit cards to stay in five-star hotels and rent luxury cars during their so-called shops. In one case, a shopper allegedly commissioned a private jet to travel from New York to Florida,” BIS reports.
This is why it pays to keep careful tabs on your credit cards.]]>
Ever heard of the “Anti-Cyber Crime Unit?” Neither have I, but when I got an email the other day with the subject line “Email from: The Anti-Cyber Crime Unit,” it piqued my curiosity. I found it clever and amusing, but read for yourself and see what you think:
The UNITED NATIONS, FBI, LOTTERY OFFICES, COMPENSATION OFFICES AND BANKS recently discussed at a congressional hearing conducted this week just how its special anti-cyber crime taskforce worked when it came to combating cyber crime and the nefarious digital machinations of web rapscallions, hacker hooligans, cyber criminals, and virtual villains. They outlined its latest accomplishments in the IT security front, which included the capture of million-dollar scammers via a synchronized raid on a thousand ATM machines a few months back.
However, truth be told, no one thinks that the U.k. Government and other goverment is fully equipped and ready to stop a really bad hacker attack against its physical or financial networks.
The Decision has been taken, and they have decided to instruct the Anti-Cyber Crime Unit to see and investigate your funds Transfer and why you are yet to get your funds.
You are now to provide Us with the following information below;
YOUR NAME; ………………..
MOBILE NUMBER; ………………….
AMOUNT OF FUNDS TO BE CLAIMED; …………….
AGENT IN CHARGE OF TRANSFER; …………..
BANK WITH YOUR UNCLAIMED FUNDS; …………….
TYPE OF FUNDS; ………………
STATUS OF TRANSFER; ……………….
Immidiately you provide us with the information above, we will investigate your transaction and get back to you with the full details of your funds WITHIN 24HRS.
This is to Fight the Cyber Crime and also inform you if you dealing with the right Person or not.
After the investigation we will instruct you on how to get your funds.
Anti-Cyber Crime Unit
Mr. Thomas Lifson
You’d think by now that the crooks would give up, so why don’t they? The answer is: people still fall for this ruse and as long as people keep falling for it, crooks will keep running the scam.]]>
Part of the notification sent to the victims from the Yankees’ office said this:
NO OTHER INFORMATION WAS INCLUDED IN THE DOCUMENT THAT WAS ACCIDENTALLY ATTATCHED (sic) TO THE APRIL 25TH E-MAIL. THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.
Apparently, the data contained information only on holders of season tickets for the “non-premium” seats that make up the vast majority of Yankee Stadium; those holding tickets for suites and the first few rows in the infield were not listed. So the high rollers and celebrities aren’t in there. That certainly lessens the value of the data somewhat (no big, juicy targets), but It’s a good bet that the victims are going to spammed and phished to death at some point.
This is yet another piece of evidence in support of my continual assertion that there is absolutely no such thing as private information. Once you have given anything to a third party, you might as well have advertised it on lighted freeway billboard.
Your information is not safe and probably never will be.]]>
Users of Sony’s PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of video game players.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
Sony says that hackers were able to access a variety of users’ personal information including:
Seems it’s time to implement the response I mentioned 2011 April 16 in “Data Breaches — Steps to Take if You Are Notified.” In particular, I would assume that identity theft is about to occur and take the following steps as recommend in the FTC guide: Take Charge: Fighting Back Against Identity Theft. Refer to that guide for complete information, but here’s what you should do if you are one of the affected users:
While the Epsilon breach reportedly only involved names and email addresses, not financial information, you should know how to deal with more serious data breaches where your personal financial information may be at risk. Here are five steps to take if you are notified of such a situation:
Please note that there is a big difference between simple fraud and identity theft. A data breach of any kind could lead to both. Someone using your stolen credit card is not the same thing as someone using your name, Social Security number (or other government-issued identity numbers), and other personal information to open credit accounts in your name, nor is it the same as someone posing as you to access your bank accounts.]]>
Don’t fall for it. Most of this will be social engineering in one form or another. They will get your money, they will get your personal information, and they may steal your identity.]]>
Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information.
Join in the dialogue among all of the stakeholders – businesses, individuals, government agencies, non-profit groups, academics, teachers and students – to look more thoroughly at how advanced technologies affect our daily lives. We encourage this dialogue and are providing this website as a service to those who care about our common future and our roles as digital citizens and consumers. And let us know what you think – and how you might be able to contribute to the discussion.
At The Privacy Projects, we are excited to promote Data Privacy Day and want as many individuals and organizations involved as possible. So join in! There are many ways you can become part of the dialog. You can sponsor an event or an activity, use the educational materials, engage in the discussions, or put together your own event.
You can also follow Data Privacy Day 2011 news and updates on our Data Privacy Day 2011 Group page. Please invite your friends and colleagues to join as well.
Not a bad idea.]]>
The Security Threat Report: A look at the latest malware and attack vectors
Malware like Zeus, Stuxnet, Fake AV and Koobface made headlines in 2010, and cybercriminals continue to focus on using the web to deliver malware. Although their tactics are constantly changing and evolving, their motivation to steal your data and money is not.
Join Graham Cluley, senior technology consultant at Sophos, for a live Webcast to learn about the latest security threats and trends in malware. Armed with the latest threat data, Graham will discuss the tactics the bad guys are using to infect your systems and steal your data.
Everyone who registers gets a cool T-shirt, too.
I’ll see you there!]]>
Dear Valued Customer,
We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.
We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems.
As a company, we absolutely believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident.
We encourage you to continue to be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens.
If you have any questions regarding this issue, please contact us at 1-888-980-0963. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Walgreens Customer Service Team
I am happy to report that I haven’t seen any spam that I can identify as being related to the breach.
If you are a Walgreens customer, be sure to use caution and don’t blindly assume that a message you receive from them, especially if it asks for personal information, is valid. Here are several tips from US-CERT you should put into practice for ALL of your emails:
Be careful out there!]]>