Can your business have its identity stolen?

Identity theft is usually thought of as an individual, personal crime. While businesses often end up picking up the costs, thieves rarely focus on businesses as the target of their cloning.

That’s changing. Identity theft is based on impersonation – stealing or otherwise acquiring information about a real person and then using that information to pretend to be that individual. That same principle is now being applied to businesses, where thieves are creating fictitious companies based on real and trustworthy companies, to scam real customers out of thousands of dollars.

Take America Auto Sales in Memphis Tennessee. The company was plagued with calls from hundreds of irate customers wanting to know when they could collect the car they bought online from the company. Apparently the customers had paid thousands of dollars in deposits for repossessed cars being sold online at bargain prices by America Auto Sales.

Problem was, the company never placed the ad or created the web site. Someone else had, using the company’s real name, address, and contact information.

Not only are these customers out the deposits they paid, the real America Auto Sales has to deal with hundreds of calls from angry customers, as well as trying to restore its reputation damaged by a crime it never committed.

Memphis Car Dealer Victim of ID Theft in National Car Selling Scam

http://www.myeyewitnessnews.com/news/local/story/Memphis-Car-Dealer-Victim-of-ID-Theft-in-National/7xTxrb7_Ske-nX9cPOni0A.cspx

Poll reveals 95% of users believe Facebook is not doing enough to protect against “likejacking.”

A recent poll by security firm Sophos found that 95% of Facebook users think Facebook is not doing enough to protect them against the new “likejacking” or clickjacking threat that scammers are using to spread computer worms by tricking users into clicking on infected “like” buttons now popular across Facebook.

What surprised me most about the poll was that 95% of the 600 people polled actually knew what likejacking was. It’s a pretty new phenomenon, and only widely publicized in the last few weeks.

Most FB users I’ve spoken to have never heard of it. So maybe my friends are not as smart as Sophos. Or maybe Sophos is polling readers of its blogs where Sophos has extensively highlighted the threat and so is asking a biased audience.

Or maybe the answer is simpler than that. Ask 600 Facebook users if they think Facebook is doing enough to counter any of the many threats and exploits users face daily, and I’m sure 95% will tell they don’t.

Lessons learned?

• Facebook is still a hotbed of hacker activity, the scams are getting more sophisticated, and unless you take your own security seriously, don’t depend on Facebook.
• Do as little as you need to on Facebook. If you don’t really need to share a piece of interesting information about yourself or your family, then keep it to yourself. And unless you “like” something so much you just can’t control yourself, avoid clicking on like buttons anywhere on Facebook.

95% say Facebook needs to do more to fight clickjacking worms, poll reveals

http://www.sophos.com/blogs/gc/g/2010/06/15/95-facebook-fight-clickjacking-worms-poll-reveals/

Your electric meter could be hacked

A few weeks ago I wrote a blog about the vulnerability of the national electricity grid to hack attacks, especially by cyber terrorists. A new report suggests that such an attack may be much closer to home than you think, in fact right outside your front door.

A couple of months ago I was the reluctant recipient of a new electric meter, and immediately noticed one major and unpleasant consequence – my electric bill nearly doubled. And while the electric company is now the target of a state inquiry because of thousands of similar complaints, these smart meters might present a more sinister threat.

According to a news story on CNET, nearly 60 million smart meters will be installed this year in the US alone, and apparently these meters have less security in them than the average smart phone.

According to experts, that leaves meters, and the homes they monitor, vulnerable to a host of threats from hackers including snooping on customer data, stealing electricity and even triggering widespread outages.

Not surprisingly, the power companies are being accused of putting profits before customers, privacy, and security in their rush to streamline their billing systems and processes. Sound familiar?

Money trumps security in smart-meter rollouts, experts say

http://news.cnet.com/8301-27080_3-20007672-245.html?tag=nl.e703

Brits hit hard with phishing scams

One thing we know about hackers and identity thieves is if they find a scam or trick that works, they’ll keep using it. So you can assume that if you keep receiving phishing emails from your bank, or emails from Nigerian princes congratulating you on your inheritance, it’s not because the criminals are desperate but because these emails continue to snare users.

And it seems like the British are being hit hard. According to a new report by security firm CPP, Brits received more than 3.7 billion phishing emails throughout 2009, amounting to a staggering 420,000 every 60 minutes.

So why do phishers seem to be hitting the Brits so hard? Read on. The report goes on to reveal an even more staggering statistic.  Twenty-five percent of recipients of these emails admitted to falling for the scams. That’s huge. We’ve always assumed that these mass email scams work because even if only .5% of recipients fall for the scam it’s still profitable.  But 25%?

If that trend continues, we know two things for sure: more phishing emails will come and they will become even more convincing; and we still have a lot of work to do when it comes to end user education and awareness.

The funny thing about phishing, like most scams, is that in order for them to work, the victims must be willing participants. A phishing email will only work if you do what the email asks you to do. If you don’t respond, don’t give them the information they ask for, don’t click on the link and don’t open the attachment, you’re safe and they lose.

But I guess 25% of the British population still hasn’t heard that message. I hope it’s not universal.

Lessons learned?

• Never drop your guard, because thieves are always on the prowl.
• Always be suspicious of email because it’s the cheapest and easiest way to trick you.

Millions snared in web fraud

http://www.cpp.co.uk/news/miilions_snared_in_web_fraud/

Related posts:

1. Weekly News Wrap-Up for 11 June 2010
2. Weekly News Wrap-Up for 4 June 2010
3. Weekly News Wrap-Up for May 10, 2010
4. Weekly News Wrap-Up for 28 May 2010
5. Weekly News Wrap-Up for 17 May 2010