Thursday, December 19, 2013

Dec. 19th 2013 - Target Stores -Important Notice 40 Million Credit Cards data stolen


Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.
The chain said that accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27th and Dec. 15th 2013, may have been exposed.
The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. The data breach did not affect online purchases.
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter and prevent future breaches. It said it is putting all “appropriate resources” toward the issue.
Target Corp. advised customers to check their statements carefully. Those who suspect there has been unauthorized activity on their cards should report it to their credit card companies and call Target at 866-852-8680. Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission.
* The Washington Post 12/19/13
Please access the Target Stores Corporation link below for specific details on states that have laws requiring businesses to notify consumers when a "data breach" has occurred.

Michigan Law: IDENTITY THEFT PROTECTION ACT (EXCERPT)
Act 452 of 2004  445.72 Notice of security breach; requirements.
MI's Law - Identity Theft Protection Act, Notice of security breach
 

Thursday, December 5, 2013

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week 12/4/13, CNN Money

12/4  CNN Money report on the 2 million accounts comprised by the hackers. See the main point of the story. Click the link for the details.  Consumers are encouraged to change your pass words and use numbers, letters, and symbols.
The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firmTrustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites, including:
  • 318,000 Facebook (FB, Fortune 500) accounts
  • 70,000 Gmail, Google+ and YouTube accounts
  • 60,000 Yahoo (YHOO, Fortune 500) accounts
  • 22,000 Twitter (TWTR) accounts
  • 9,000 Odnoklassniki accounts (a Russian social network)
  • 8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
  • 8,000 LinkedIn (LNKD)accounts
Trustwave notified these companies of the breach. They posted their findings publicly on Tuesday.
"We don't have evidence they logged into these accounts, but they probably did," said John Miller, a security research manager at Trustwave.

Wednesday, December 4, 2013

IRS- Report Phishing Scams


Report Phishing

The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

What is phishing?
Phishing is a scam typically carried out by unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information.

All unsolicited email claiming to be from either the IRS or any other IRS-related components such as the Office of Professional Responsibility or EFTPS, should be reported to phishing@irs.gov.
If you are a victim file a police report with your local agency.


IRS - Report Phishing scams

Business Watch Alert: FBI Warns of "Man-in-the-E-Mail" fraud impacting businesses E Commerce

‘Man-in-the-E-Mail’ Fraud Could Victimize Area Businesses
Three Seattle-Area Businesses Targeted in 2013
FBI Seattle December 02, 2013
  • Public Affairs Specialist Ayn S. Dietrich (206) 622-0460
The FBI Seattle Division is aware of a fraud victimizing Washington state-based businesses, nicknamed “man-in-the-e-mail” scheme for being an e-mail variation of a known “man-in-the-middle” scam. The FBI wants the public to learn about this scam in order to avoid being victimized.
In 2013, at least three area companies—in Bellevue, Tukwila, and Seattle—were led to believe they were sending money to an established supply partner in China. In reality, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.
Total loss experienced by the three area companies is roughly $1.65 million. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria or South Africa.
Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).
Here are some of the ways businesses can reduce their chance of being scammed by this man-in-the- e-mail fraud:
  • Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
  • Utilize digital signatures in e-mail accounts. Be aware that this will not work with web-based e-mail accounts, and some countries ban or limit the use of encryption.
  • Avoid free, web-based e-mail. Establish a company website domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
  • Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the real e-mail address is used.
  • Delete spam: Immediately delete unsolicited e-mail (spam) from unknown parties. Do not open spam e-mail, click on links in the e-mail, or open attachments.
  • Beware of sudden changes in business practices. For example, if suddenly asked to contact a representative at their personal e-mail address when all previous official correspondencehas been on a company e-mail, verify via other channels that you are still communicating with your legitimate business partner.
If you or your business has been targeted by the man-in-the-e-mail fraud, report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov. The following information is helpful to report:
  • Header information from e-mail messages
  • Identifiers for the perpetrator (e.g., name, website, bank account, e-mail addresses)
  • Details on how, why, and when you believe you were defrauded
  • Actual and attempted loss amounts
  • Other relevant information you believe is necessary to support your complaint
  • Reference to the man-in-the-e-mail fraud
Filing a complaint through IC3’s website allows analysts from the FBI to identify leads and patterns from the hundreds of complaints that are received daily. The sheer volume of complaints allows that information to come into view among disparate pieces, which can lead to stronger cases and help zero-in on the major sources of criminal activity. The IC3 then refers the complaints, along with their analyses, to the relevant law enforcement agency for follow-up.
The public can learn about other common scams by visiting http://www.fbi.gov/scams-safety/frauds-from-a-to-z and learn about ways to reduce their risk of being scammed: http://www.fbi.gov/scams-safety/fraud/Internet_fraud.