Identity Theft Update!
A look at ID theft in California in 2006

Take A Pass On
Work - at - Home Scams

"Make big Money - Work at Home!"

The truth is, many of these are simply scams, foisted on folks eager to make a bit of extra money in tough times. We all get them in our in-box, or see them in the local classifieds, and according to 'McAfee's Virtual Criminology Report', such ads are up by a third over last year.

One of the toughest things for a crook is to launder his ill-gotten money; the more you have the harder it is to cover the trail. Hence, the need for an unwitting 'middleman', in this case, the 'Work at Home' individual.

Known in the business a a 'mule', the middleman uses his or her bank account to unwittingly launder the bad guy's funds. The ad often advertises the work at home position as an 'International Sales Representative' or 'Shipping Manager' or other similar variants. The intent is to use the mule's bank account to funnel those ill gotten monies through.

Most folks looking over such a proposal see a warning light when observing that the ads are very light on specifics; those under the crush of mounting bills and debt might overlook those warning signs, and proceed; they become initially unwittingly, part of a criminal enterprise.

The money is real enough, but the risk is highest for the middleman in terms of being nabbed by the police. There are legitimate work at home jobs, but as always, if it sounds too good to be true... well, you know it probably is!

An Update on You and Internet Fraud

'Phishing', and malware, which only a very short time ago was the domain of small time independent 'hackers' has become the organized crime venture of the 21st century. Cybercrime is estimated by the FBI to account for 67 billion in losses. Additionally, outright theft of personal data (such as social security numbers, credit card account numbers, etc) from large institutions is on the rise. These thefts of data are large hauls indeed, often affecting tens of thousands of individuals!

What is 'phishing'? Simply, it's duping everyday folks into divulging account numbers, passwords, PINs, you name it - anything that is a key to bank accounts and credit cards accounts. Aside from the often hilarious email attempts from Nigeria seeking help in moving large amounts of money from deceased relatives, the main pitch seems to be directing users to fake sites of auction houses, banks, PayPal and other online places of business. Using stolen logos and corporate branding, visitors are encouraged to 'update' or 'confirm' their indignities by using their legitimate identifies and passwords or PINs.

Perhaps more insidious is the use of 'malware', which is often delivered and installed on your computer (nearly always Linux or Windows based PCs) by innocuously named attachments or by a 'drive-by' download. The attachment idea is old as email and the advice is just as simply - don't open unexpected or unknown attachments to your email. The 'drive-by' download is a lot more stealthy; delivered by pixel sized frames unseen by the user, the download delivers software that records your keystrokes, thus recording (and later transmitting) everything you type on the keyboard, including account names, user names and passwords back to the hacker.

Malware is delivered from websites that you visit, sometimes even from large well known 'storefronts'. Within the past year, Circuit City's customer service web site was 'cracked' by thieves; the site served up malicious code to all PC users who visited. A Google research team conducted an online review of sites using a conservative process, and identified more than 450,000 pages that clearly included malicious code. Almost twice that number were thought to be 'dangerous'. Alarmingly, the number is growing, fueled in part by the development and sale of - you guessed it - 'do-it-yourself' turnkey malware attack and distribution software kits.

That the problem is growing is evidenced by the observation that the number of 'phishing' sites has grown 784 percent (as report by McAfee) from the previous year; Symantec estimates that the amount of malware has tripled in the past 6 months! The rate of growth strongly suggests that both phishing and malware is returning results for thieves. In fact, SohosLabs, a research component of a British security company "has simply stopped counting" the number of reported events.

So given that it is a growing - exploding? - problem for consumers, what's the dollar cost? According to the FBI's Internet Crime Complaint Center, $200 million in theft was reported; the average loss worked out to $724. That doesn't seem like an overwhelming amount, but the smallness is thought to act to discourage reporting the theft, and keep phishing out of the limelight. The FTC estimates that in 2006, some 62% of identity theft victims didn't report the crime to police.

Estimates of losses do vary. In contrast with the FBI's estimate above, Gartner Research put the individual loss at $1,244 last year, or a total of $2.8 billion. Javelin Strategy feels it's research numbers accurate at a rate some 5 times Gartners! Lest you think that it's entirely a consumer problem, consider that according to Attrition.org, fully half of the disclosed data breeches or thefts this year are from university and government agencies. It's not a total surprise, if you consider that according to trade surveys, almost half of the corporate security IT staffs consider themselves 'moderately' understaffed, and an additional 21% described as 'severely' understaffed. Corporate America seems not to be aware of the scope of the problem.

So what to do?

A Top Ten List of 'Protect Thy Data'

10. Change out your passwords on a regular basis - data stolen from an outside source might well be out of date - and useless - if the passwords aren't correct, the stolen data will be useless.
9. Use caution before opening unknown links or attachments - think before you click!
8. Use a lot of caution when looking at a request to 'Update your account information' from a bank, auction house or other place of on-line business - no business will ask you via an email for such a task. If in doubt, log in to the business from a url that you enter in the browser window - NOT a link supplied in the email!
7. Run and install the latest system and security updates for your operating system, Mac or PC.
6. Use different passwords for every account.
5. From home, access the Internet through a router - it provides another layer of firewall protection that a hacker has to get through.
4. Speaking of routers, and wireless modems, ensure that you set your wireless modem / router to use a password-protected encryption.
3. If you're sending sensitive data such as passwords and usernames, look in the browser address bar, looking for a 'https', rather than 'http' - the 's' indicates a secure server, usually not used in scamming attempts.
2. Buy a security software package that looks for and removes malware and viruses.
1. USE (and update) THE SECURITY SOFTWARE - especially on PCs; Macs are much much less prone to malware than Macs, but the hackers are always looking for security loopholes!