From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises. Read the full story [reuters.com]
Browsing Category: Social Engineering
From Reuters (Tarmo Virki)
From SC Magazine (Chuck Miller)
Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week. Read the full story [scmagazine.com]
By Don Leatham
One recent Friday afternoon I took time off to visit two new health providers: a new dentist (nearer my home) and an orthopedic (to look at my lateral epicondylitis). In both cases, as a new patient, I filled in page after page of medical history and personal information, including my Social Security Number. I did pause, but I have to admit I wrote it down both times (I’ve grown weary of the discussions/arguments that ensue if I don’t – I’ve even been denied service from a healthcare provider who felt my SSN was their only tool, should I decide not to pay).
In research to be presented at the IEEE Symposium on Security and Privacy [virginia.edu] this week, researchers from Microsoft and Carnegie Mellon University plan to show that the secret questions used to secure the password-reset functions of a variety of websites are woefully insecure.
In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study’s participants could guess the correct answers to the participant’s secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question. Read the full story [technologyreview.com]
From CNet (Elinor Mills)
Women are more affected by identity fraud then men are, according to a new survey that also found that it takes women longer to restore their identities but they also tend to change their behavior afterward.
In a survey of 808 U.S. households, half of which reported fraud, 28 percent of women said they had been victims of identity fraud compared with 21 percent for men. Read the full story [cnet.com]
Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a ten-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars.
CBS News is reporting word about another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access. Read the fully story [cbsnews.com]
Enterprises are struggling to control the use of consumer applications within the workplace, despite the panoply of security tools being used within corporates.
According to new research [paloaltonetworks.com], nearly half of all bandwidth within corporate environments is being consumed by personal applications such as YouTube, peer-to-peer filesharing and various other consumer applications. Peer-to-peer is a particularly frequent problem, and according to the research, an average of six P2P applications were found in 92 percent of the organisations surveyed. Read the full story [cio.com]
By George V. Hulme
As some consumers play a growing role in the fight against online fraud and phishing, others need more education on the problem. That’s the bottom line from a panel discussion that included risk managers from Bank of America, JP Morgan Chase, and PayPal.
From Orlando Sentinel (Richard Burnett)
With unemployment soaring, identity thieves are increasingly preying on unsuspecting job seekers by stealing personal information and trying to cash in on it.
The scams run the gamut from fake help-wanted ads and job-search services to bogus resume-posting Web sites, part of a new arsenal of weapons targeting millions of recently unemployed people. Read the full story [sunsentinel.com]