Scam of the day – July 3, 2015 – Turkish man arraigned in worldwide financial hacking scheme

Ercan Findikoglu who had been arrested in Germany in December of 2013 finally was extradited to the United States where last week he was arraigned on charges related to three major cyberattacks on the global financial system.  Findikoglu, a Turkish citizen is alleged to be the kingpin of an international gang that hacked into three credit and debit card processors and then manipulated the account data on prepaid debit cards to be dramatically increase the balances.  Findikoglu then is alleged to have distributed the stolen debit card information to cohorts around the world who would create cards and then use the phony cards to withdraw money from ATMs around the world.  One plot targeted cards issued by JP Morgan Chase, another by the National Bank of Ras Al-Khaimah in the United Arab Emirates  and a third plot targeted cards issued by Bank Muscat in Oman.  The debit cards of Bank Muscat were distributed to gang members in 24 countries who within a two day period did 36,000 ATM withdrawals totaling 40 million dollars.  The total amount stolen through all three bank hacks was 55 million dollars.

TIPS

The international cooperation involved in this case is good news in the battle against cybercrime which is a crime that knows no borders.  Often the type of international cooperation required to effectively combat such cybercrime is lacking in the international community.  Hopefully, this case provides an indication of a positive change in the war against cybercrime.   Another positive change that is necessary in the battle against cybercrime is greater cooperation between hacked companies and law enforcement and other governmental agencies.  To date, Congress has not enacted the legislation necessary to make this happen, but it is expected that in the not too distant future we will see such laws mandating greater disclosure and cooperation between government and business.

Scam of the day – October 20, 2014 – Cybersecurity legislation

The recent disclosure of the massive hacking of J.P. Morgan Chase and a number of other financial institutions has focused attention on the vulnerability of these companies at the core of the American economy.  Cybercrime is a reality of modern day life, but the manner in which the government and industry are presently battling this scourge is seriously lacking.  According to White House Cybersecurity Coordinator Michael Daniels, the administration has given up on its efforts to pass a large, comprehensive cybersecurity bill and instead is focusing its attentions on a more piecemeal approach that would increase the authority of the Department of Homeland Security and facilitate cooperative efforts between the Department of Homeland Security and private companies.  The present lack of communication and cooperation between business and government is troubling.

TIPS

The tremendous interconnectedness of computers, smartphones and other electronic devices has revolutionized every aspect of the way we live today, but it has also exposed tremendous vulnerabilities of individuals, companies and governments to attack by criminals and countries readily able to exploit those vulnerabilities.  It is incumbent upon us all to appeal to our business and government leaders to work together and come up with unified solutions that are sufficient to meet the dire threats we face while protecting the privacy of individuals as much as possible.  The talent is there.

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.

TIPS

Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – April 7, 2014 – Multi-million dollar bank hacking conspiracy broken

A few days ago, Robert Dubuc and Oleg Pidtergerya pleaded guilty to a number of criminal counts in charges brought against them in federal court.  The conspiracy of which they were a part is very telling of the danger that threatens the international banking system.  The scheme began before the two defendants ever got involved.  Ukrainian hackers gained illegal access to the bank accounts of more than a dozen large financial institutions and companies, including Automatic Data Processing, Inc (ADP), Citibank, E-Trade, JP Morgan Chase Bank, Pay Pal, TD Ameritrade and TIAA-CREF.  Once the hackers gained access to the accounts, they transferred funds stolen electronically from these accounts to bank accounts and pre-paid debit cards that they controlled.  At this point they then progressed to the cashing out phase of the scam by which people known as “cashers” would withdraw the funds from the new accounts through ATM withdrawals and bank withdrawals after which the funds were sent to the two Ukranian hackers behind the scam.  Dubuc and Pidtergerya were cashers.

TIPS

Banks and other financial institutions have not been particularly forthright when it comes to disclosing the successful hacking of their accounts.  Nor has their security been as good as it has to be.  Where this leaves us as customers is that we need to be particularly vigilant in monitoring our accounts at all times for signs of fraudulent purchases.  Sometimes we are our own worst enemy such as when we unwittingly download keystroke logging malware through clicking on tainted links or downloading dangerous malware that steals the information from our computers, smartphones, tablets and other portable electronic devices and then uses this information to make us victims of identity theft and access our accounts.  It is important to monitor all of your financial accounts more often than monthly.  It is also important to maintain the most up to date security software on all of our electronic devices and finally, it is up to us to use caution whenever we are online and not to click on links unless we are absolutely sure they are legitimate.