Blog

Latest News

October 14 2009

Small Businesses Most Vulnerable To Banker Trojans (SpamFighter News)

September 23 2009

Think Security First Warns That Banking Trojans Could Be Silent Killer For Small Businesses

Sophisticated Cyber Attack Can Be Financially Devastating For Unprotected Small Firms, Say Experts. More.

September 15 2009

Intersections Inc. Partners With Neal O'Farrell, Credit.com. and Identity Theft 911 To Help Consumers Manage Their Identity Exposure In The Digital Age. More.

July 31 2009

CUNA Webinar - Credit Union National Association. Educating Your Members on Identity Theft - It's Easy & We'll Show You How

Attend a FREE webcast brought to you by CUNA Strategic Services and Intersections. Thursday, August 13, 2009 3:00 p.m.CST. Learn more.

June 09 2009

BreachCenter.com, a new online community and comprehensive resource to help businesses better educate themselves about breach readiness, goes live. More.

June 03 2009

IDENTITY GUARD(R) Total Protection named "Best in Class" for Personal Information Monitoring Services in Javelin Strategy and Research's 2009 Consumer Identity Protection Services Scorecard. More.

April 27 2009

Intersections Inc., a leading global provider of consumer and corporate identity risk management services, today announced that security expert Neal O'Farrell will act as the company's Consumer Security Advocate. More.

April 02 2009

The InfraGard National Members Alliance (INMA) and the Center for Information Security Awareness are pleased to announce the launch of a FREE online information security awareness training program, created by Neal O'Farrell. More.

Blog

Cyber gangs targeting small businesses

Wednesday August 26th 2009

Interesting story in the Washington Post yesterday about a surge in cyber attacks on small businesses in Europe. The timing of the story connects well with a campaign I'm involved in to get U.S. small businesses to start taking security seriously or risk facing legislation that will force them.

The Post article highlighted a number of small U.S. firms that had tens of thousands of dollars siphoned from their bank accounts, and Gartner security analyst Avivah Litan pointed out a little known fact that could really impact businesses like these.

As a consumer you are generally protected by zero liability promises that will usually make good on any losses you suffer in bank account or credit card frauds, as long as you report it within 60 days from receiving you statement to dispute any transactions.

But small businesses don't have the same protection. If you're a small business and have a business account, you typically have only two days to dispute a transaction or illegal funds transfer, and even then you're probably out of luck.

I've talked before about the small business owner in Florida who had more than $70,000 siphoned from his bank account. His bank denied any liability and the victim had to spend more than 2 years in court to finally get his money back.

For a typical small business owner that depends on one primary business account, an attack like this, which is actually very easy, could wipe out the business. One of the companies victimized said they lost $100,000 in the attack but the total cost to clear up the mess cost them nearly three times that amount.

Here's a link to the article (you may have to register.)

Restaurant security and the nation's biggest data breach

August 20 09

Seems like every media outlet and security blog is telling the amazing tale of the former Secret Service informant behind a massive scheme to steal 130 million credit cards.

It also seems that the esteemed USSS had unwittingly gone into business with the mastermind behind some of the nation's biggest data breaches, including the TJX breach(TJ Maxx stores) in 2008 that exposed more than 50 million credit and ATM cards, and the Heartland breach in 2009 that exposed more than 100 million cards.

One of the things in the indictment that stood out for me was the almost exclusive focus of the mastermind and his gang on retailers, successfully hacking BJ's Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Forever 21 and DSW Shoes.

This is in spite of the fact that most of these retailers were probably compliant with the PCI regulations that are supposed to minimize these incidents through better security practices. I guess we still have some work to do on that front.

Security Guru Larry Walsh, now writing for Channel Insider but former editor for Information Security Magazine, was quick to point out that restaurants were also amongst the gang's targets, including Dave and Buster's and Boston Market.

Restaurants are a notorious hotbed for identity thieves, and in one of the most high profile scams a network of dishonest waiters were able to steal more than $1.5 million from restaurant goers in New York by "skimming" copies of credit cards and selling that data to other criminals.

Restaurants are especially attractive to thieves for a number of reasons. Many patrons willingly hand over their credit card to a complete stranger who then disappears for a while only to return and request the customer's signature too. There's also a very high staff turnover at restaurants with few background checks conducted.

And according to Walsh's article "there's other evidence to support the notion that restaurant security is lacking. The Motorola 2009 Enterprise Mobility Barometer study of hospitality technology adoption found security a low priority for restaurateurs. Only 12 percent of those surveyed said that staying up-to-date with technology is a challenge. On the list of technology initiatives for 2009, security ranked fifth behind disaster recovery and business continuity, mobility support to employees, server upgrades, and LAN/WAN upgrades."

Might be worth thinking about paying your next restaurant bill in cash.

This data breach was a real inside job!

Wednesday August 12th 2009

File this under "You've got to be kidding me!" A suspect was nabbed for stealing the personal information of more than a thousand employees of the New Hampshire Department of Corrections.

But what probably bothered the Department most was how close to home the crime occurred. No, not an employee but another type of insider.

In a story by the New Hampshire Union Leader, guards conducting a routine cell inspection found a 64-page list of the names and Social Security numbers of more than 1,000 Department of Corrections' employees hidden under the mattress of an inmate. Seems like the documents were destined for a shredding warehouse across the street from the prison - a warehouse that regularly employs low-risk prisoners. You join the dots.

I guess he just couldn't help himself.

10 reasons you should care about identity theft more than you do

Wednesday July 15 2009

1. Don't you ever just get mad that the bad guys keep winning? While so many are struggling to keep their heads above water, crooks are raking in millions every day from their scams.

2. If you're not already a victim, you probably will be. Some estimates suggest that one in every four Americans has already been a victim of identity theft or fraud, so it's only a matter of time.

3. Even if you're not a victim yet, you're still paying for it. The thousands of businesses and government agencies that lose billions of dollars to scams every year or spend billions of dollars (an estimated $50 billion annually) fighting them, have to recoup that money somewhere. And guess where?

4. Identity theft funds terrorism, a resurgence in organized crime, drug trafficking, and numerous petty crimes. Need any more reasons?

5. Don't rely on zero liability. I've heard too many stories of financial institutions fighting tooth and nail to avoid having to make good on this promise to cover consumer losses.

6. Your data is already out there. The personal records of more than 200 million Americans have already been exposed in data breaches over the last few years, so chances are your personal information is already out there. Did I mention it's only a matter of time?

7. Identity theft is a truly heartless and life changing crime, and thieves don't discriminate. I know of identity theft victims as young as 3 months and north of 90-years-old. And I know personally of an elderly man in the bay area who has lost his life savings of $1.5 million to Nigerian 419 scammers who now taunt him over his willingness to trust them.

8. Law enforcement can't help. Most police departments have given up on identity theft, and won't investigate any id theft crimes because they don't have the manpower, skills, or resources.

9. The businesses that keep exposing your data to thieves are actually cutting back on security, so expect your most sensitive data to keep on leaking.

10. Identity theft has utterly changed the way we trust, do business, communicate etc. When was the last time you felt safe leaving your mail at the curbside to be collected?

New security coming from Microsoft?

Thursday June 11 2009

Remember OneCare, the security suite that Microsoft launched in a fanfare and then quickly announced that it would be pulled off the market? Microsoft is coming back with a new version of the product, albeit in a slightly different format and the new name of Morro.

While security observers can’t wait to see how well the new security offering performs, I have to applaud Microsoft for their commitment to free security. Time will tell whether Morro compares well to conventional security products - Morro will be an online service as opposed to security on your desktop - and promises to filter out threats before they even reach your computer.

That’s a great idea and certainly the future of security. Let’s hope Morro is a winner. Read the full story on PC World.

More Articles...