Friday, December 5, 2014

'A Wonderful Time for the Year' - for Cyber Criminals - 12/3/14, Saline Patch , Beth Dalbey, Reporter


12/3/14 Saline Patch, author Beth Dalbey

Data breaches “could get ugly” during the holidays, and retailers are woefully underprepared to defend their customers against cyber attacks, security experts warn.
Last year, cyber criminals stole credit card and personal information for up to 110 million customers of Minneapolis-based Target in a massive security breach that began on Black Friday and continued through Dec. 15.

Problem solved? Not exactly, the San Jose Mercury News reports.
“Compared to two years ago, I would say that not much has changed except the urgency by the criminals,” said Martin Ferenczi, president of North American operations for Oberthur Technologies, a digital security company.

The newspaper cited a study by BitSight Technologies, a Cambridge, MA-based security firm that analyzed the risk of breach at 300 large retail companies and found that 58 percent are less secure than they were a year ago.

The reasons? There’s little cyber-security expertise in board rooms; retailers can’t find the cash to invest in protection systems; and they’re playing catch-up trying to stay ahead of tech-savvy criminals.

Since the sweeping Target breach, there have been at least 20 public data breaches, the newspaper said. Though retailers have beefed up their networks to protect their customers data, thieves have become stealthier, smarter and more efficient hackers, the newspaper said.

“It’s definitely going up,” John Kipp, chief operating officer for the cyber risk security company Sera-Brynn said. “We’ve already eclipsed last year in terms of data breaches, and the holidays haven’t arrived yet. I think it’s going to get ugly.”

At the same time, some retailers have lowered their safeguards to avoid processing delays during the busy holiday shopping season.

“It’s the perfect time to get boatloads of credit cards in one shot,” Kipp said. “The holiday season is a wonderful time for criminals.”

To protect themselves from retail hacks, experts advise consumers to use cash or prepaid cards instead of credit and debit cards. Also, make financial transactions only on encrypted websites beginning with “https,” and avoid making online transactions on public wi-fi.
Forbes offers additional advice:
  • Set one day a week to monitor your credit card statements;
  • Sign up for real-time alerts for purchases deemed “unusual;”
  • Keep your private information private and avoid disclosing too much to unsolicited callers;
  • Routinely change passwords and make them strong;
  • Subscribe to an identity protection service that will keep tabs on your Social Security number, credit card transactions and other data.

Friday, November 14, 2014

Coalitions in Action: Michigan Coalition Sounds the Siren on New Synthetics

CPAM Members / MI Communities -  An increase in Synthetic drug use in our state has been recognized in the most recent CADCA publication. I would recommend signing up for this important resource alerts and notices for your communities. I've attached the alert for review and the link to their website.  Rich Coleman, CPAM

Nov 13, 2014
Drug type: Synthetic Drugs
Forget about Spice and K2. There’s new synthetic cannabinoids in town that a coalition in southeastern Michigan wants you to know about: “Cloud 9” and “Hookah Relax”.

Margaret Farenger, a current member and volunteer at the Bay Haven Prevention Coalition and former director of the Alliance for Coalitions of Healthy Communities, explained that this drug is a “hard one for parents to detect,” since it is sold in gas stations and party supply stores and looks like eye drops. It is commonly marketed as either e-liquid or incense, but could be nothing more opposite.

“The DEA doesn’t even know what’s in it until they test it,” Farenger said, adding that a few youth have been hospitalized this year after using it. “We are trying to notify schools and families and address this through other kinds of drug education. But what can we do to bring in more people in the community to see what types of solutions we can implement?”

Farenger recalled when synthetic cannabinoids first appeared in Michigan back in 2008 with a few isolated occurrences. By 2012, K2 and Spice were an epidemic.

“They were marked ‘not for human consumption,’ and were being retailed as products that were labeled as potpourri or air freshener,” she said. “There were high profile serious illnesses and several crimes associated with a young person being under the influence, here in Oakland County. It prompted community organization.”

Farenger explained that the way the synthetics are produced and sold don’t respond as well to the type of law enforcement that is used for other drugs, such as cocaine or heroin. It almost creates a loophole so people are able to sell the dangerous substances legally.

In 2012, her coalition — which is an umbrella group of 14 other coalitions — went door to door to local retailers, asking that they stop selling the substances.

“The advantage of coalition work is existing relationships,” Farenger said. “We jumped into action when tragedies started happening.”

Many local businesses signed a pledge agreeing not to sell synthetics. However, there were retailers who pushed back, saying that the substances are legal and expressed the desire to keep selling.

“Eventually they all signed, except for a few outliers,” Farenger said, adding that about 90 percent of the retailers willingly complied. “The state of Michigan passed a ban at the state level, which put more pressure on them.”

As with many drugs, you can’t rely solely on law enforcement to fix the problem and that’s especially true with synthetic drugs. “It has to be community/retailer relationships to keep it out of circulation,” Farenger noted.

Farenger believes the same strategies will help pull this new generation of synthetics off shelves.
The key is working with retailers and fostering those relationships. “That’s an area where coalitions can excel. The more coalitions in the area, the more you can do,” she said. “That works as a complementary component to the parent/youth education. Instead of just leaving it at parent and youth, you go on a larger scale and let the community know what it needs to do.”

CADCA Building drug-free communities
CADCA

Tuesday, October 28, 2014

Better Business Bureau Alert -Cyber Security tip: Holiday shopping online EBay Scam alert


Next time you shop on eBay, watch out for this scam. Con artists are exploiting vulnerability in eBay's editing feature to redirect online shoppers to lookalike websites that can steal passwords.

How the Scam Works:  You are shopping on eBay for a laptop, cell phone or other popular item, and you see a listing with a great price. You click on it, but instead of taking you to the item's page, it reroutes you through a series of websites. You end up at a page requesting your eBay username and password.

 Don't enter it! The site might look like eBay's log in page, but it's really a different website.  If you input your username and password, it will end up in the hands of scammers.

This gives hackers the ability to access your account, and, if you use the same password for other websites, free pass into other accounts.

 How does this happen? EBay permits sellers to use JavaScript and Flash to add design elements to their listings. But this flexibility allows scammers to add malicious code instead, a practice called cross-site scripting.

How to Protect Yourself from this Scam:

·         Check the URL of the website. Before entering your password or any other information, make sure you are on the correct website. Check the URL in the browser bar.

·         Look for a secure connection. Make sure your personal information is being transmitted securely by ensuring the web address starts with "HTTPS" and has a lock icon.

·         Be wary of listings that look too good to be true. Be suspicious of listings that have prices significantly lower than those listed elsewhere. It could just be a ploy to get clicks.

 
 For more information from EBay click on link below for more details

 
 

Thursday, October 23, 2014

Federal Trade Commission - Disposing of Consumer Report Information? Rule Tells How


In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, a federal rule requires businesses to take appropriate measures to dispose of sensitive information derived from consumer reports.
 
Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Federal Trade Commission, the nation’s consumer protection agency, enforces the Disposal Rule.

 

For more information on the list of lenders and who must comply click the link below.
 
 
 
FTC- Disposal Rule

Friday, October 17, 2014

2014 Cyber Security Awareness month Tip – SMART Phone Apps and Privacy- Android’s “Flash Light Mobile” Apps could be stealing your personal information


CPAM members and community, today  one of our CPAM members brought a serious concern to my attention about SMART phone “Flash light “ mobile apps.   In 2013, the FTC fined one Android  SMART phone mobile app developer for misleading consumers for their free app which provided a flash light but also planted “malware” on their phones to read email, capture personal financial information, delete information, obtain geo tracking information, and sell information collected to third parties. 
 
We are all at risk with the use of “free” apps for our SMART phones and our personal information being stolen and used.  I’ve attached a link to the FTC report with details on their findings below.

I am also attaching a report by the company “Snoopwall” that has published a report “Flashlight Apps Threat Assessment” . This report summarizes the privacy and risk of the top ten Android Flashlight Apps. 
 
This is not an endorsement of  Snoopwall which has develop a mobile flashlight app but what I see as a crime prevention practitioner a comprehensive report of  how / what developers are doing to gain access to your personal information. This report also provides tips on how to delete and reset your SMART phone if you’ve downloaded one of the products. 
 
Snoopwall’s  website (www.snoopwall.com )states that they are  the world’s first counterveillance software companies focused on helping consumers and enterprises protect their privacy on all of their computing devices, let’s hope they are true to their mission, data breaches, and privacy concerns should be at the top of every consumers concerns !   Check their website and the report at the links below.

 
Rich Coleman, CPAM

 
 
 

Crime Prevention tip: Preparing for Holiday Shopping? Prepare for data Breach Notices as well!


Consumers have received notices of “Data Breaches” from multiple top retailers throughout the year. As we prepare for the holidays the Better Business Bureau has provided tips on what to do if you receive a notice that your credit card has been comprised.
 
Click on the link below for details from the B.B.B.
 
 
                                    Better Business Bureau, Consumer Alert

Crime Prevention Month Tip: “Just Hang UP! On Telephone Scams”


Crime Prevention Month Tip:  “Just Hang UP! On Telephone Scams”

Residents throughout the State of Michigan have been receiving “cold calls” from scam artists with the “IRS tax scam, Grandparent scam - “Help I need money”, Medical alert devices, Medicare services, and others, it is recommended not to engage in the pitch, just “Hang up!”
 
If you do decide to speak with them ask them to send you information in writing, get their name, ID number and their supervisor, if they refuse it’s obvious they are impostors. Avoid future calls by monitoring your caller ID for the same telephone numbers or numbers you don’t recognize.

For more information on avoiding being a victim of a scam click the image below to access the Better Business Bureau's website.


BBB

Friday, October 3, 2014

JPMorgan Chase: 10/3/14- Chase Breach Affects 76 Million Households, 7 Million Businesses

Hackers have once again accessed a banking institution and if you have an account with JPMorgan Chase you want to read their statement below and visit the security center for updates.  Please monitor your credit statements for any unusual activity in small / large amounts and report it immediately to the bank.

JPMorgan Chase Alert posted on their website 10/3/14:

Important Update on Cyber Security

We want to update you further on the cyber attack against our company.  After extensive review, here is what our forensic investigation has found to date.
Here’s what you should know now:
  • There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.
  • However, your contact information – name, address, phone number and email address – was compromised.        
Your money at JPMorgan Chase is safe:
  • Unlike recent attacks on retailers, we have seen no unusual fraud activity related to this incident.
  • Importantly, you are not liable for any unauthorized transaction on your account that you promptly alert us to.
We are very sorry that this happened and for any uncertainty this may cause you.  We don’t believe that you need to change your password or account information. Click here for answers to questions you might have.  As always, we recommend you use care with your accounts and information, as we describe in our Security Center (Link to Security Center).
We’re here to help
Attacks like these are frustrating. There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger. 
 
 
 

Thursday, October 2, 2014

FTC Halts Fake Medicare Scheme that Took Money from Seniors’ Bank Accounts

Scams targeting seniors and consumers continue to surface to steal money by getting your bank account numbers, social security numbers, and other personal information.

The FTC has once again provided insight into how these groups are working, here is a blog post on the most recent scam.


How low can scammers go? As low as stealing from older consumers to line their own pockets. The FTC says some scammers claimed to be calling on behalf of the government to verify information for a new Medicare card or Medicare-related package. In fact, it was a ruse to get people’s bank account information to make unauthorized withdrawals from their accounts.

The callers said they needed to verify people’s identities using information that included the consumers’ bank account numbers. According to the FTC, the scammers told people that the information would not be used to debit their bank accounts, and that there was no charge for their services. But the FTC alleges that was a lie. Within a month or two, victims learned their bank accounts had been debited, often for $400 or more.

At the FTC’s request, a federal court has temporarily halted this scheme that took millions of dollars from consumers without their consent. The FTC is seeking to permanently end the operation and return victims’ money.
No matter your age, you may know someone who has been scammed by telemarketing fraud. They may not talk about it, but the statistics do. The good news is, you can do something about it. Become an FTC ambassador.

Share what you know, by passing this blog post on to your friends, family or neighbors. Let them know never to give out their bank account information to someone who contacts them over the phone. It could lead to a scammer taking money right out of their account.

 
 

Friday, September 26, 2014

Home Depot Data Breach: Update - Monitor your credit!


9-26/14, The Home Depot data breach's impact is widespread, and it is being reported that the personal information obtained is being used much faster than in previous data breaches. Consumers who shopped at the Home Depot stores should follow up on the offer of "Credit Monitoring" if you shopped at one of the locations. The "hackers" involved with stealing data are selling this information online an it's being reported that the duplicate cards are being used for "everyday items" not big-ticket items, and they are close to or in the same zip code area as reported by one of the FICO alerts services.  
 
When I'm asked what do I do to protect my credit cards when I travel?, " I use a gift card or a pre-loaded card for all purchases." During a trip to Philadelphia recently, I shopped at Home Depot, and I used the gift card for all purchased there and other locations. I don't have to worry about my credit card information being stolen. 
 
Below is the Home Depot website post and link to access their reports. If you are a victim, please continue to monitor their web page for updates. 
 
Rich Coleman, CPAM, Pittsfield Twp. DPS Crime Prevention Unit 
 


Home Depot's Website:

Customer update on payment breach
On Sept. 8, we confirmed that our payment data systems were breached, which could potentially impact customers who used a payment card at our U.S. and Canadian stores in 2014, from April to September. Today, we are able to tell you that the malware used in the recent breach has been eliminated from our U.S. and Canadian networks.
 
We also want you to know that we have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers. The rollout of enhanced encryption to Canadian stores will be completed by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology.
 
We apologize for the frustration and inconvenience this breach may have caused. 
 
We also want to emphasize that you will not be liable for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.
 
You can learn more about the identity protection services and how to sign up for them at https://homedepot.allclearid.com/.
 
It is important to closely monitor your payment card accounts and report unusual activity to your issuing bank.
 

Thursday, September 25, 2014

Data Breach- Jimmy John's Bourment Sandwiches 9/24/14

9-25, Data Breach Report- Jimmy John's Gourmet Sandwich shop. Please see the press release below. There are 18 Michigan stores impacted by the breach. Click the "Affected Stores & Dates" below for details.  Please check your banking and credit card activity and report any charges you didn't make immediately to your bank or credit card company.  CPAM

DATA SECURITY INCIDENT
FOR IMMEDIATE RELEASE

Jimmy John’s Notifies Customers of Payment Card Security Incident

CHAMPAIGN, Ill. (September 24, 2014) – On July 30, 2014, Jimmy John’s learned of a possible security incident involving credit and debit card data at some of Jimmy John’s stores and franchised locations. Jimmy John’s immediately hired third party forensic experts to assist with its investigation. While the investigation is ongoing, it appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014. The security compromise has been contained, and customers can use their credit and debit cards securely at Jimmy John’s stores.

Approximately 216 stores appear to have been affected by this event. Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. The credit and debit card information at issue may include the card number and in some cases the cardholder’s name, verification code, and/or the card’s expiration date. Information entered online, such as customer address, e-mail, and password, remains secure. The locations and dates of exposure for each affected Jimmy John’s location are listed on AFFECTED STORES & DATES.

Jimmy John’s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

We apologize for any inconvenience this incident may have on our customers. Jimmy John’s values the privacy and security of its customers’ information, and is offering identity protection services to impacted customers, although Jimmy John’s does not collect its customers’ Social Security numbers. To take advantage of these services, please visit CONTACTS & INFORMATION. For more information, call (855) 398-6442. In addition, customers are encouraged to monitor their credit and debit card accounts, and notify their bank if they notice any suspicious activity. Additional recommendations for protecting your information can be found at RECOMMENDATIONS.

Jimmy John’s will post information related to its ongoing investigation on the Company’s website, www.jimmyjohns.com.
 
 

Wednesday, September 17, 2014

Federal Trade Commission: “Let’s talk about online safety for teens”


Federal Trade Commission: “Let’s talk about online safety for teens”

The new school year is in full swing and National Cyber Security Awareness Month is around the corner. What better time to talk to the kids in your life about online safety. Many of our readers are doing just that — and using Net Cetera: Chatting with Kids About Being Online as the basis for the conversation. Click on the image below to get access to the book online. Copies are also available at the Pittsfield Township Department of Public Safety.

 

Click on the link below to get access to the booklet and other materials "free".
 

Prescription Drug Take Back Event - Saturday Sept. 27, 2014 , find a location near you to participate!


Prescription Drug Take Back Event:  September 27, 2014, 10 a.m. - 2 p.m.

This event is being sponsored by the D.E.A., nationwide,  law enforcement agencies across the country are hosting events that residents can bring unused  or expired  “pills only” to be disposed of. 
 
Click on the link below to find a location in your area to drop off expired medications.
 


 

 

  

CPAM 2014 Conference "Crime Prevention, Enhanced Leadership / Effective Communications"



Crime Prevention personnel from around the state and beyond are invited to the 2014 CPAM conference, it's not too late to register to come to this year's effort. Attached is a link to the conference brochure. It is being held at the beautiful Grand Traverse Resort and Spa in Traverse City MI. Don't miss the networking and interactions that will be shared. 






CPAM Website- 2014 Conference Oct. 7-10, '14

Wednesday, August 13, 2014

Federal Trade Commission Report (FTC): Russian hackers might have your info — now what?


Federal Trade Commission Report (FTC):  Russian hackers might have your info — now what?


You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million email addresses, grabbed from thousands of websites. What should you do about it?  Click on the image below for details from the FTC.

FTC- Russian hackers and data harvesting

Tuesday, July 8, 2014

National Night Out, August 5, 2014, Plan now to participate!

7-8-14, * Information from the NATW- If your community would like to or if you are participating and would like to know the history and how you can get involved. See the information below and also click the link to the NATW website.

R. Coleman, CPAM

NATW & National Night Out - August 5, 2014

National Association of Town Watch (NATW) is a non-profit organization dedicated to the development and promotion of various crime prevention programs including neighborhood watch groups, law enforcement agencies, state and regional crime prevention associations, businesses, civic groups, and individuals, devoted to safer communities. The nations premiere crime prevention network works with law enforcement officials and civilian leaders to keep crime watch volunteers informed, interested, involved and motivated. Since 1981, NATW continues to serve thousands of members across the nation.

The introduction of National Night Out, “America’s Night Out Against Crime”, in 1984 began an effort to promote involvement in crime prevention activities, police-community partnerships, neighborhood camaraderie and send a message to criminals letting them know that neighborhoods are organized and fighting back. NATW’s National Night Out program culminates annually, on the first Tuesday of August (In Texas, the first Tuesday of October).
NATW’s Executive Director, Matt Peskin introduced National Night Out in 1984.The first National Night Out took place on Tuesday, August 7th 1984. That first year, 2.5 million Americans took part across 400 communities in 23 states.

The seed had been planted.
National Night Out now involves over 37.8 million people and 16,124 communities from all fifty states, U.S. Territories, Canadian cities, and military bases worldwide.
The traditional “lights on” campaign and symbolic front porch vigils turned into a celebration across America with various events and activities including, but not limited to, block parties, cookouts, parades, visits from emergency personnel, rallies and marches, exhibits, youth events, safety demonstrations and seminars, in effort to heighten awareness and enhance community relations.
Peskin said, “It’s a wonderful opportunity for communities nationwide to promote police-community partnerships, crime prevention, and neighborhood camaraderie. While the one night is certainly not an answer to crime, drugs and violence, National Night Out represents the kind of spirit, energy and determination to help make neighborhoods a safer place year round. The night celebrates safety and crime prevention successes and works to expand and strengthen programs for the next 364 days.”

National Assoc. of Town Watch

Wednesday, June 25, 2014

MI Fireworks Safety Act of 2012 / Admendents for local communities / Consumer Product Safety tips- Fireworks

Michigan Fireworks Safety Act:
Effective January 1st, 2012, the Michigan Fireworks Safety Act allows the sale and use of fireworks to consumers.  Some examples are roman candles, bottle rockets and other fireworks that leave the ground. For more information a list of Frequently Asked Questions regarding the Michigan Fireworks Safety Act has been released from the State of Michigan, Department of Licensing and Regulatory Affairs.
 
Michigan Fireworks Safety Act of 2012 amended:
On June 12th 2013, the Michigan legislature amended the 2012 Fireworks Safety Act. The proposal would allow any city, township or village to enact an ordinance banning overnight "ignition, discharge or use" of consumer fireworks on the day before or after a national holiday. Local units of government already have the ability to limit usage on other days of the year. Smaller communities (townships and villages) will be able to prohibit use from 1 a.m. and 8 a.m. around all national holidays. A maximum civil fine of $500 could be imposed on violators.
Check with your local municipality on the amendments approved for your specific community.
 
Information from the Consumer product Safety on Fireworks Safety:
 
Remember, fireworks can be dangerous, causing serious burn and eye injuries. You can help us prevent fireworks-related injuries and deaths. How? By working with a national, state or local organization where you live to promote fireworks safety in your community.
 
Follow these safety tips when using fireworks: 
 
  • Never allow young children to play with or ignite fireworks.
  • Avoid buying fireworks that are packaged in brown paper because this is often a sign that the fireworks were made for professional displays and that they could pose a danger to consumers.
  • Always have an adult supervise fireworks activities. Parents don't realize that young children suffer injuries from sparklers. Sparklers burn at temperatures of about 2,000 degrees - hot enough to melt some metals.
  • Never place any part of your body directly over a fireworks device when lighting the fuse. Back up to a safe distance immediately after lighting fireworks.
  • Never try to re-light or pick up fireworks that have not ignited fully.
  • Never point or throw fireworks at another person.
  • Keep a bucket of water or a garden hose handy in case of fire or other mishap.
  • Light fireworks one at a time, then move back quickly.
  • Never carry fireworks in a pocket or shoot them off in metal or glass containers.
  • After fireworks complete their burning, douse the spent device with plenty of water from a bucket or hose before discarding it to prevent a trash fire.
  • Make sure fireworks are legal in your area before buying or using them.