Saturday, January 30, 2016

If you get a big check from Comcast, call the police

The scams just get better and better. Here is the story of a Georgia man who received a very convincing $3788.50 check from Comcast. The enclosed letter instructed him to buy $3000 in pre-paid gift cards, deposit the check, and keep the balance of the check for payment of services.

According to WSB-TV, this scam has been around for a long time, but its use of the Comcast name is new.

Two big red flags in the letter are to "act quickly" and tell no one about the job. But hey, it's also common knowledge that Comcast isn't in the retail service quality business. In addition, why would anyone pay for a job before it is performed, much less send a check by mail to someone before being hired?

Fortunately, this potential victim was smart enough to report it to the police, primarily because he was suspicious, but also because he is not a Comcast customer. Sadly, some folks do fall victim to a ruse like this. The check does look real.

For more information, see the WSB-TV story at

Saturday, January 23, 2016

Future Crimes author Marc Goodman speaks at Town Hall Seattle

Did you know that last year the world experienced its first billion-dollar bank heist? And that the bad guys didn't even have to walk into a bank?

We've all heard the term flash mob—a scary concept in itself. But what about a flash rob? How do we defend against that? (There are plenty of YouTube videos showing teen mobs casually ransacking stores.)

Perhaps you've heard of SaaS (software as a service). Well, now anyone can buy crimeware online to commit theft, fraud and other offenses—so now we have crime as a service (Caas). In his talk, Marc explores the implication of crime being automated across an ever-growing attack vector as our cars, refrigerators, watches, pacemakers, TVs and other daily use tools connect to the Internet and to each other.

By 2019, cyber crime is going to cost $2 trillion. By 2045 we will have a computer with the processing power of the human brain. Think of the criminal implications of that prospect.

A good friend of mine from my days at startup Aventail in Seattle emailed me yesterday to tell me she had an opportunity to see Marc Goodman, author of Future Crimes, speak at a Town Hall in Seattle this month. The talk was recorded (audio only, not video).

In the recording, Marc describes the future of crime as:
  • Exponential - technologies are advancing exponentially, allowing criminals to scale their business
  • Automated - algorithms are increasingly running our world and making decisions for us, but algorithms can lie
  • Three-dimensional - cyber crime is no longer occurring in 2-D, and the bad guys are outrunning the good guys—like when a $100 drone breaks the century-old security paradigm that keeps convicts inside prison walls
With the advent of the Internet of Things (IoT), the ways in which others can attack us are increasing exponentially. If you think it's not possible for a bad guy to break into your computer network through your facility's heating/cooling system, think again. That's how Target was hacked. 

If you haven't taken the time to read Marc's compelling book, (which I highly recommend!), you might want to take an hour to listen to the Seattle Town Hall audio recording. The play button is near the top of the page, just below Media Library. Scroll down for a link to his TED Talk.


Wednesday, January 20, 2016

More info about freezing your kids' credit

In a May 2015 blog posting we asked ourselves, "Should I freeze my kids' credit?" Conclusion: Yes, you should do this to prevent identity theft. In a 2012 study, some 10% of children's identities were stolen.

Today, leading security expert and journalist Brian Krebs posted information about which states have laws about credit freezing for minors at The Lowdown on Freezing Your Kid's Credit. Parents, you will want to spend five minutes reading the Krebs posting to determine what is allowed in your kids' state of residence.

Anyone with a social security number should consider freezing his or her credit with all three credit reporting bureaus. It is the single most effective defense against identity theft, and it is not a hassle to do a temporary lift of the freeze should you need it.

I've tested it, and the $9.00 or so that I spend to lift the freeze is the cheapest anti-identity theft insurance I can buy. It helps me sleep better at night too.

Who will protect your kids identities?

Monday, January 18, 2016

What you should be shredding

Happy New Year, everyone! An October post asks, Are you shredding your used boarding passes? If not, you should be because the bar code on that piece of paper contains lots of personal information about you and your trip.

For your own security, here is a list of other documents that you should be shredding, courtesy of the February 2016 edition of Readers Digest:

  • Prescription labels. I always obliterate these from prescription bottles before I recycling the containers. There is enough information on the label to allow a dumpster diver to refill the medication or use social engineering to steal your identity.
  • Purchase receipts. For the receipts that you don't save, these often carry the last four digits of your social security number (SSN), which is a frequently required authentication credential. They can also be used to fraudulently return store items. NOTE: In a similar vein, Brian Krebs posted an interesting blurb in December about The role of phony returns in gift card fraud
  • Pet medical papers. I hate to even mention this one, because you should never use your pet's name as part of any online password, but these should be shredded as well. 
  • Return shipping labels. These usually contain your full name and address. I not only shred these, but any piece of paper or envelope that comes in the mail pre-printed with my name and address goes into the shredder. 
  • Account statements. I added this one to the list myself. It goes without saying that any document with any account number on it should be shredded after use, including utility bills, phone bills, bank statements, insurance information, tax documents, pay stubs, etc. 

To simplify, remember to shred anything that displays your name, address or any other personally identifying information. Let's stay safe and secure in 2016!