It looks like phishers are trying every angle they can! This is a new one that I haven't seen before. This morning I got an email that appeared at first to be from Careerbuilder.com's Billing Department asking me to complete an online Confirmation Form.

It looked like this:

So, these are not especially GOOD phishers, as you can see. First off, sending it from the Billing Department was probably supposed to help create some kind of urgency, or panic, or who knows what, but for me it, raised the red flag immedately because I am not paying Careerbuilder anything, nor do I ever plan to.  :)

Then as you can see, as I hover over the LINK they want me to click, you can see that the address does not match the text of the link, and that it will actually take me to "myhaae.net" instead of careerbuilder.com. Outlook was also nice enough to take note of this discrepancy, and BLOCK the URL so again...this was a failed attempt.

But I am posting about this not because it's a specific threat, but again, to help you be aware that you need to keep an eye on your inbox. Take the extra couple of seconds to scrutinize any emails that appear to be asking you for information....especially when they aren't calling you BY NAME in the email.

Not all threats can be stopped by even the best software out there. Some have to be stopped by you thinking clearly and being a little suspicious about any attempts to collect your information or passwords.

Thanks for being a part of The Project!  Be safe online!

 

I find stuff like this all the time...and I am not even looking for it most of the time. Identity Theft is becoming pandemic, and you will probably read this article, and think to yourself...well, I don't shop at TJ Maxx, so see how safe I am?

Where do you shop? And are you SURE that they are keeping your private information safe?

Where do you surf? And are you sure that you are safe wherever you go online?

Hack Attack Means Headaches For TJ Maxx

Parent company TJX may have violated Visa security rules by storing credit-card data

By Larry Greenemeier

Feb 3, 2007 12:05 AM (From the February 5, 2007 issue)

Fallout from a hacker attack on the IT systems of TJX, whose properties include T.J. Maxx, Marshalls, and HomeGoods retail stores, intensified last week, as credit card fraud related to the incident was reported in several states and outside the United States, and as lawsuits were launched against the company, including a consumer class-action suit.

The attack, which was reported two weeks ago, is taking a financial toll on TJX. The company said last week it will record a fourth-quarter charge of 1 cent per share, or about $4.5 million, related to the hack, including the costs to investigate and contain the intrusion, enhance computer security, and communicate with customers. Things are likely to get worse, as a number of documents sent by Visa to financial institutions that issue cards and manage Visa transactions indicate TJX was storing credit and debit card data in violation of the Payment Card Industry Data Security Standard created by Visa and MasterCard.

Merchants like TJX aren't supposed to store cardholder data because a thief can use that information to create a counterfeit credit or debit card. "I can see storing data for a few hours or a day until transactions clear, but some of the stolen data goes back to 2003," says an executive at a California credit union that issues Visa cards and has been stung by the TJX hack. "That's a long time to be out of compliance."

TJX was storing customer information that's recorded on Track 2 of a Visa card's magnetic stripe, which generally includes the account number, the expiration date, and the card verification value, a three- or four-digit code that's used to verify the card's authenticity. That data is enough for crooks to make fake cards and run up charges. Track 1 is where alphanumeric data, including the cardholder's name and address, is recorded; apparently TJX wasn't storing that data.

Hence, chairman and founder Ben Cammarata's assertion, in a video on the company's Web site, that customer names and personal identification numbers weren't compromised. "It would be unlikely for cyberthieves to commit identity fraud using the information taken," Cammarata said. As a result, TJX has no plans to offer credit monitoring services for its customers. "Credit monitoring does not detect fraudulent charges on your credit and debit accounts," he said.

READ THE REST OF THE ARTICLE HERE

---

Wow. I guess we are all at risk sometimes, regardless of what we do to protect ourselves in ways that we can control. Are you doing at least that? Are you protecting yourself as much as you truly can in ways within your control? Do you have an Identity Theft Insurance Policy just in case?

Did you know that INVISUS Direct INCLUDES a $25,000 ID Theft Policy for every subscriber and his/her spouse? That's just PART of the $15.00 a month you pay for this unparalleled service.

Phishers and hackers are always out to get you. Having good software to help protect you is a good idea, but even then, most phishing attempts are designed to "fool" you into giving up information voluntarily...so you need to keep your head on at all times.

Here's an email I got just today. I'm going to use it as an example to show you some tips on how to identify a spoofed email.



I welcome your emails and comments. eBay spoof emails are not the only ones that you will see. I have seen spoof emails of Bank of America, US Bank, PayPal, and the list goes on. Use these ideas in the video to make sure you don't get caught with your defenses down.

I was looking at EzineArticles.com where I occasionally publish articles, and I found this interesting article on Identity Theft. Richard seems to come from the familiar school of "Been There, Done That." It's a good article: Read on:

Identity Theft - The Time Bomb On Your Desktop

By Richard Odell

Way back at the very birth of PC software, programmers faced a major dilemma and that was, just how could they prevent the accidental loss of sensitive or valuable information?

As you could imagine the implications of this could be very serious, not only for the user, but also to the company who published the software; lost information results in a lot of very irate customers, which equals culpability and legal action. So, a fail-safe was introduced, a simple one, but one that made sense at the time, and that was just to change the first few digits of the code which pointed to the file. With this change the rest of the program was altered to recognise this new pointer code as just empty space that was available to overwritten - problem solved!

Fast forward a few years and the world is now a different place, computers are now in virtually every home. Like it or not they are here to stay, they now touch so many aspects of our personal lives, that it is not impossible to believe, that without them the world as we know it would grind to a halt. Information has never been such a valuable commodity; today we use computers more than ever to store and carry out transactions, using our most sensitive and personal details; we trust this electrical box of tricks, with what amounts to all that we own and all that we have worked so hard to acquire; yet through no fault of its own it is fatally flawed!

What the programmers failed to foresee was two things, firstly that the equipment like all household appliances has a shelf life and would eventually be sold on or disposed of. Secondly that utility software development would develop far beyond their original programming. To understand this better, is to realise that a whole industry has now established itself around these original PC programs and that it is now easy to find a cure for any problem that your computer may encounter; this also includes data recovery.

Today we do not have to call in the services of a data recovery lab to retrieve lost information, as these utility programs are freely available on the Internet for very little money. Computer disposal is now not just a matter of deleting off the information (or as they would have you believe format the hard drive) and dumping the unit; it involves a far more extensive responsibility to safe guarding your personal information.

There is a time bomb on your desktop that has the potential to blow up in your face, it has a flaw in its very make-up that was designed to protect, but it was developed in a time that identity theft did not exist.

Richard Odell is an 'Internet Based Author/School Caretaker', his interest in publishing work on the web came about by pure chance? Faced with the safe disposal of the old I.T. suite at the school where he worked, Richard set about researching the subject, so that he could carry it out without falling foul of the Data Protection Act. What he unearthed was a shocking security failure within the very structure of the software that we use each day, to entrust our most valuable information. What shocked him even more was the lack of awareness, not just with the general public, but also with the Police and local Authorities.

Article Source: http://EzineArticles.com/?expert=Richard_Odell

To Investigate Identity Theft Prevention and Protection, Project Netsafe recommends INVISUS DIRECT for your PC and all your online security needs. Their service is backed with a full 100% Money Back Guarantee as well as a $25,000 Identity Theft Insurance policy.

By Henry Tom

Identity theft is the use of other's personal information or identification without permission.

Under the Fair Credit Reporting Act, identity theft is defined as “the use or attempted use of an account or identifying information without the owner's permission.”

The 1998 Identity Theft and Assumption Deterrence Act also describes “identity theft” as “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law."

Information Privacy & Protection

Identity theft isn’t about “stealing identities.”

Identity theft comes down to information – the lack of protection, privacy and checking of that information.

Physical identification is just an added layer of convenience and security around information. A blank plastic card, device, object, or sheet of paper has no identification value by itself. Meaningful information about the issuer and holder give value to the identification.

Personal information eventually must be secured to prevent identity theft.

In the perfect world, this security would also mean ensuring privacy, and proving rightful use. If companies made 100% sure the people they're doing business with are who they claim to be, identity theft wouldn't exist.

Identity Theft’s Major Cause - Poor Information Protection

Given personal information should be locked up and kept safe, why is identity theft running rampant?

You'd figure business and government organizations would give top priority to protecting and checking personal information.

That's not always the case. Monthly - and increasingly frequent news reports of massive security breaches prove this point.

According to Privacy Rights Clearinghouse, 299 business and government security breaches exposed over 93 million personal records between February 15, 2005 and September 7, 2006. That’s one security breach reported every two days!

Many of these records are enough for successful identity theft.

So why so many security breaches today?

More organizations than before have reported security breaches due to a few new state laws. And it’s getting worse.

The recent wave of security breaches was only the tip the iceberg. Not all organizations and companies need to report security breaches. Besides, many don’t even know it’s happened.

The reality is the situation’s far worse than the exposed 93 million personal records. It’s hard to tell how bad it was before, and how deep it goes today.

No one’s talking unless they’re forced.

The Secret of Behind Information Privacy & Protection Today

Here lies the secret seasoned privacy and security professionals know, but remain powerless over.

Personal information security and privacy are not top priorities for government or business.

Why?

Security And Privacy Take Backseat To Business Profit

Businesses exist to make a profit. Yes, businesses exist to satisfy customers too, but only as a means to turn a profit.

Security and privacy safeguards are costs to a business. They cut away profits. The thinking is don’t spend on security unless you have to. Often, it’s based on “best judgment” – not by law.

Even if security were a high priority for businesses, security spending could go on forever.

In such situations, accepting risk overrides spending. Business managers decide between protecting personal information and producing profits. Banks fit in this category, but even banks have reported security breaches.

Security And Privacy Take Backseat To Government Optics

Governments work different.

Balancing budgets, spending and good appearances for voter approval drive priorities.

Security and privacy are not high priorities unless the public sees symptoms. The thinking in government often is -- it’s not a problem if we don’t know about it, and the public doesn’t know either. What matters is doing what looks good.

Anyway, there's nothing wrong with making a profit or balancing budgets.

The problem comes when businesses sacrifice security and privacy for profit; and governments neglect security and privacy for vote buying initiatives.

Recent security breach reports confirm this is the case for many business and government organizations.

Consumer Choose Lower Cost And Convenience Over Security

The issues also get more complex with consumer and public choice. In other words, consumers and the public choose less security.

Consumers won't pay extra for security - unless they're buying security as the product or service i.e. an alarm system, a bodyguard, a burglar safe, etc.

Consumers also prefer convenience over security. They want it now, and they want it to be as easy as possible.

Businesses won't put in security measures to inconvenience customers - unless its competitors do too, or everyone's forced to do so.

Consumers expect businesses to have strong security anyway. Unless consumers decide with where they spend their money, businesses will put in just enough security to manage losses – at best.

With the number of security breaches reports so far, businesses appear they don’t know they have inadequate security; or they’re aware, yet they’ve chosen to gamble with personal information instead.

The public also won't stomach paying large sums of tax dollars for government security - especially when it's hard to prove positive results. The public also doesn't think highly of heavy-handed government security.

No One To Pay The Price To Protect Personal Information

The issues get even more complex, but the main point is no one wants to pay the price to protect personal information.

Everyone wants the benefits of security and privacy to stop problems like identity theft; but, no one wants the pay the costs, or bear the inconvenience that go with increased security for privacy.

The reality is the security problems won't go away overnight.

In fact, new laws forcing more businesses and governments to report security breaches will reveal a worse landscape. Even then, the full extent of the problem will remain hidden.

So who’s to stand up for change? Government, businesses, consumers, the voting public, or all of the above?

As it stands, it’s none of the above. Perhaps the unveiling of more security breaches might propel change. There must be a tipping point when everyone says “enough!”

What To Do Now

Given the current state, it’s only time before you’ll become an identity theft victim.

You should take all measures to protect yourself from the threats.

You can lower your risk by keeping your personal information private as much as possible. In addition, constantly monitor for signs of identity theft, and educate yourself on this subject so you can respond as needed. Last, you can insure against identity theft.

You unfortunately don’t live in a perfect world. You live in a complex world, where the masses make imperfect decisions.

All you can do is protect yourself the best you can as an individual – and promote the message for change.

This article may be reproduced in printed or web format, provided the resource box below is included.

Henry Tom is a widely known information security and privacy professional based out of Toronto, Ontario, Canada.

He's worked in government communication security, and banking information security for nearly a decade. During the time in banking, he worked on national and international security projects for banking crime prevention and investigations. Over the past six years, he's specialized in digital identity security, and secure identification for the government. He's also written three ebooks - two on identity theft for industry experts and trainers.

Find out  at his web sites how you can keep from becoming an identity theft victim: http://Protect-My-Info.com & http://Inside-Identity-Theft.com

Article Source: http://EzineArticles.com/?expert=Henry_Tom

As you know, with us Identity Theft is no laughing matter. It's a pretty big deal. It's not the end of the world, but it can be a huge, huge pothole on the road of life. Sometimes the pothole seems large enough to to swallow the whole car!

http://lots2learn.com/prevent-identity-theft-online/

This is a new website that just launched that has a tremendous amount of information on it about Identity Theft and how to protect yourself better.

I am an Ezinearticles.com writer, but one thing that bothers me is people writing (or putting their names on PLR (Private Label Rights) articles and posting like they know what they are talking about. This is a common technique used to get their websites promoted and linked to, by offering "expert content" on the web. I doubt Michael actually wrote this article, but I am sure he probably has the right to claim it as his own.

All that aside, there are some real holes in this article, so I thought I would point some of them out.


This is interesting, though not accurate. Statistics are on the rise for online theft. The FTC has a whole section devoted to safety with computers and the internet. So it isn't very accurate to say that the completely opposite is true. The intent of the statement is intended to open your eyes to the fact that online tools can help you identify if you have your identity already stolen.

It's just not proper to take the focus off the risk of online transactions leading to identity theft in order to hilight the value of using online resources as a way to see the results of ID theft in "near real time". If one is protected properly, the risk can be reduced significantly.


Looking at how the author presents his case below, I would hardly say that the Internet is used to "protect you against identity theft" but rather to help you identify when it has happened:


Time for a note about the "padlock." This is most certainly in important part of making sure your connection is secure. You see, the bank has spend millions of dollars making sure their computer systems are secure. The padlock is a small indicator of this. That would make the weakest link in the security chain your own PC, right? So what have you done on  your own computer to make it secure? What measures security do you have there to stop hackers on your end? Have you spent as much money and time securing your PC as the bank has? Of course not! But have you spent even a relatively equal amount? I'm guessing not. A free copy of Spybot S&D doesn't cut it.

This is one of the most common ways for hackers to access your private financial information. They piggyback onto your computer using what is called a "keylogger" or a "RAT." A keylogger is a program that secretly runs on your PC and records every keystroke you make. A RAT is a Remote Access Terminal that works like PC Anywhere or Citrix. It allows the hackers to not only track keystrokes but watch you and your PC in real time from a remote location.

More and more every day you need better and better technology running on your PC. You can research the industry regularly for new developments and technologies, or you can just rest your trust with a single software maker...OR, you can hire a team of security experts to keep track of it all for you.


Again, this is "post theft" advice. Yes, you should use the Internet to your advantage here. But you had best be protected on your own end. If you log into your bank account, credit reporting agencies, or another depot of private information, and if there is a keylogger on your system, you have just handed all that info over to a crook!


Sorry Michael. This article just doesn't pass muster. There is some good advice in here about the kinds of things you probably should do if you get your ID stolen. But you might want to hire an attorney to help with all that, since it's likely that by that time you will have to defend yourself against creditors, etc.

INIVSUS Direct offers the best managed security service on the Internet. Free Internet Security Software and a free $25,000 Identity Theft Insurance Policy. Get INVISUS for less than $15 a month.

That's the best advice anyone could give.

How to Identify a ‘SPOOF’ Email

 

Along with the convenience of the internet has come a new wave of predators looking to steal from innocent victims. This often occurs through ‘spoof’ emails.

 

A ‘spoof’ email is an email that appears to be from a legitimate organization or business – often banks or service providers – but is really a fake email sent from a con artist.

 

These thieves construct emails that use the logos and styles of the bank or business and attempt to convince the recipient to reply or click on a link to a website and submit personal and financial information that can be used to commit identity fraud.

 

While these emails are extremely common they can be difficult to identify unless you know what to look for. Here are some signals that an email may be a fraud as well as some general warnings about dealing with ‘spoof’ emails.

 

Not Using Your Name

 

Spoof emails will likely not have your name in the message. They may be addressed ‘Dear Customer’, ‘Member’, ‘Friend’ or other ambiguous title. Real emails from institutions or business you have accounts with will use your name or a name you created for your account.

 

No Account Number

 

Companies that you have done business with will have account numbers and passwords on file. If you are ever contacted by a business that asks you to verify your account number or password do not respond. Only give information to businesses if you have initiated the contact.

 

Improper Grammar or Spelling Errors

 

A surprising amount of these ‘spoofs’ will have grammar or spelling errors. Whether this is because the con artist is not a native English speaker or it was done in a hurry is immaterial. A legitimate business email will not likely have these glaring errors.

 

 

 

 

Warnings to Close Your Account

 

Often the ‘spoof’ email takes the form of a warning that your account has been illegally accessed, that you have been a victim of fraud or that your account will be closed unless you respond to the email. They will ask you to click on a link in the email and verify your information. In reality you are giving the information to the thief who will use it to access your real accounts.

 

Always be suspicious of emails that ask for personal information. Contact the business through their official website and find out how to forward the fraudulent email to them. If you have opened any links or provided personal information you should immediately contact the business about the account and watch for unauthorized activity. Change all passwords or close the accounts and open new ones with different access codes.

 

‘Phishing’ Emails

 

‘Spoofs’ are also called ‘phishing’ emails. ‘Phishing’ refers to any email that attempts to get you to share personal or financial information that can be used to commit fraud.

 

While ‘spoofs’ pretend to be a known business or institution, ‘phishing’ emails also include offers to collect prizes, requests for help, charity donations or false notices that you have won a lottery or a trip. They tell you that to reserve your prize you must give them a credit card number for verification or as a deposit.

 

Some emails request your help by offering you a portion of a fund that will be deposited into your bank account. These are often sent as requests from rich foreign (particularly Nigerian) nobility or government officials. They are dangerous groups and should never be contacted or replied to.

 

Similar scams are also done over the telephone and are called ‘pretexting’. Always contact the organization or business directly if you are contacted for charitable donations or account information.

Don't get tricked into giving away your PayPal Login to CyberCrooks!!!

This email was received this week from what appears to be PayPal. The email looks remarkably like a receipt from PayPal for a purchase you did not make. A pretty expensive one, too! Here is the email:

---

Dear PayPal Member, This email confirms that you have paid LWPELECTRONICS (sales-@l-w-p-electronics.com) $474.99 USD using PayPal. This credit card transaction will appear on your bill as "PAYPAL LWPELECTRONICS*". PayPal Shopping Cart Contents Item Name: BRAND NEW NOKIA 8800 CELL PHONE Quantity: 1 Total: $474.99 USD Cart Subtotal: $454.99 USD Shipping Charge: $20.00 USD Cart Total: $474.99 USD Shipping Information Shipping Info: Bill Chang 202 N Magnolia Dr. Saco, ME 04072 United States Address Status: Unconfirmed If you haven't authorized this charge, click the link below to cancel the payment and get a full refund. Dispute Transaction

Thank you for using PayPal! The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

PayPal Email ID PP120

---

Of course, they want you to click DISPUTE TRANSACTION, since of course, you didn't make this purchase. That will take you to a page that looks like PayPal, while they wait to capture your login and password...

Did you fall for this? I hope not!

Here is your HINT for the day. When you receive suspicious email that has a link in it, double check the link to be sure it goes to where you think it should be going. If you hold your mouse over this link, you will see that it does not show PayPal.com...it will take you somewhere else...and that's where you will have your Identity stolen if you enter your login and password info.

PLEASE SEND THIS POST TO EVERYONE YOU CARE ABOUT. DO NOT LET THEM FALL FOR THIS SCAM -- OR ANY OTHER LIKE IT!
Click the "Send to a Friend!" Below (you might need to click "Pemanent Link" first, then scroll down to find the "Send to a Friend!" Link from there).