Saturday, March 9, 2013
If you're a user of the social-media website Twitter, you may want to check your account status...
Wired magazine reports that the service recently discovered a "live hack." Twitter shut down the hack "moments later." But the attacker had already made off with the private data of 250,000 users. This includes usernames, e-mail addresses, and passwords. Twitter believes other companies are victims of the same attack. It's a situation similar to the Subway restaurants' credit-card hacking we noted last month.
The Washington Post and New York Times have been hacked recently, too. Thieves stole the passwords of every single Times employee, then accessed 53 employees' personal computers. The Times believes China-based hackers used a sophisticated "spear-phishing" attack to breach their safeguards.
Spear-phishing attacks target individuals through their e-mail accounts. One click on an innocuous-looking e-mail downloads remote access tools (RATs) onto the victim's computer. The attacker uses the RATs to steal passwords, documents, screenshots... and even eavesdrop through the computer's microphone and webcam. It all goes on without the victim's knowledge.
The Times believes the hack went on for four months. It employed antivirus software company Symantec for online security... but the hackers still installed 45 pieces of malware (malicious software) on their computer systems. Of that number, the Symantec systems identified and quarantined only one.
If you believe hackers find your personal data less appealing than the New York Times', you are mistaken... and vulnerable.
The Wall Street Journal reports the number of "traditional" bank robberies – where a masked gunman demands cash and then bolts out the door – has fallen by more than 50% over the past 11 years. In 2001, there were more than 10,000 bank heists. In 2012, the number dropped to 3,870. The problem is, the bank robbers haven't gone away... they've just moved online.
According to the FBI, traditional bank robbers stole $29.5 million in 2012. In 2010, their online counterparts raked in $1.8 billion in checking and debit-card fraud. Online-banking crime is a hypergrowth industry. Since 2001, Internet crime has risen 500%. The crooks have learned that your online data is much more lucrative than a bag full of cash...
But identity theft isn't limited to your online data. Take Major Zane Purdy, whose life imploded in just three months...
Purdy, a defense contractor and Air National Guard officer, used to earn a six-figure salary. Then, according to the Montgomery Advertiser, thieves stole his identity. They decimated his credit rating. Bad credit or excessive debts flag someone as a national security risk. He had his top-secret security clearance revoked. His company was forced to fire him. Even the Air National Guard couldn't bring the 18-year veteran back onto active duty.
Now, the father of two is waiting tables for $7.25 an hour... he has tax liens levied against his property... and the IRS is claiming he owes more than $10,000 in back taxes.
His identity thief was a data-entry clerk at a nearby hospital. She stole more than 800 patients' personal information. She had access to names, Social Security numbers, birth dates, and addresses. She sold this data to a unique brand of scammers – experts in manufacturing "synthetic identities" – for $8,000 in 2010. By 2012, they had turned this personal-information stash into $1.6 million.
A typical fraudster racks up charges as soon as he gets access to the victim's account. This restricts the size of his take to the account's preset limit. The synthetic process takes longer than conventional credit fraud... but the returns are higher.
Over time, the crooks use these conjured persons to open bank accounts, start fake businesses, get personal and corporate credit cards, take out home and auto loans, and file tax returns. In the beginning, they pay bills and establish superior credit ratings. Once the credit nozzles open up, look out...
NBC News reports a handful of these synthetic identity thieves in New Jersey stole at least $200 million over the last six years. The group gathered small snippets of personal data – stolen utility bills here, pilfered Social Security cards there, hacked online logins elsewhere – and used them to stitch together fake credit identities.
The FBI determined the criminals manufactured at least 7,000 synthetic identities. Banks issued them 25,000 fake credit cards. They established at least 169 fake bank accounts... through which $60 million in cash flowed out.
Current law allows everyone a free peek at his or her credit reports once per year. Conventional wisdom says that's enough to protect you from identity theft. But with this new threat, it's not. Your information may already be part of a synthetic identity... and your credit score could still look amazing. What you need to know is whether new accounts are being opened in your name.
A few services charge by the month to monitor your credit report. The services start at around $10. They'll alert you to any newly opened accounts or other suspicious activity. One offers a $1 million guarantee if your identity gets stolen on its watch.
There are other ways to take even more control over your credit profile. For example, the law allows you to force credit-rating agencies to notify you of new activity. You can even make them freeze your credit outright. These actions may also be free, depending on your age and home state. Either way, you can reduce the chances of a synthetic identity thief turning you into the next Major Purdy.
Dr. David "Doc" Eifrig has written a special report for his Retirement Millionaire readers that shows exactly what to do to safeguard your identity. It includes a little-known company that can give you unfettered access to your credit report for free. The report is titled "The Easy Way to Maintain Your Privacy in America."
In his report, Doc shows where our digital lives are most vulnerable to snooping governments, greedy corporations, and cyber criminals. And he describes easy ways to plug these holes. One of his subscribers wrote back to say the content is "easily worth the cost of several years' subscriptions." To learn more about Doc's Retirement Millionaire – and how to get access to his strategies for protecting yourself – click here.
Date Range:2/28/2013 to 3/7/2013
Date Range:2/28/2013 to 3/7/2013