Confessions of an ID Theft Kingpin, Part I

Credit to Author: BrianKrebs| Date: Wed, 26 Aug 2020 18:39:53 +0000

At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.

Read more

Why & Where You Should Plant Your Flag

Credit to Author: BrianKrebs| Date: Wed, 12 Aug 2020 14:18:09 +0000

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Read more

Why & Where You Should You Plant Your Flag

Credit to Author: BrianKrebs| Date: Wed, 12 Aug 2020 14:18:09 +0000

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Read more

MyEquifax.com Bypasses Credit Freeze PIN

Credit to Author: BrianKrebs| Date: Fri, 08 Mar 2019 16:12:38 +0000

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Read more

Scanning for Flaws, Scoring for Security

Credit to Author: BrianKrebs| Date: Wed, 12 Dec 2018 19:25:14 +0000

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

Read more

Credit Freezes are Free: Let the Ice Age Begin

Credit to Author: BrianKrebs| Date: Fri, 21 Sep 2018 16:31:43 +0000

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Read more

In a Few Days, Credit Freezes Will Be Fee-Free

Credit to Author: BrianKrebs| Date: Tue, 11 Sep 2018 02:26:06 +0000

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind.

Read more

Human Resources Firm ComplyRight Breached

Credit to Author: BrianKrebs| Date: Thu, 19 Jul 2018 21:08:43 +0000

Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees. Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s clients on behalf of employees. Pompano Beach, Fla-based ComplyRight began mailing breach notification letters to affected consumers late last week, but the form letters are extremely vague about the scope and cause of the breach. Indeed, many readers who received these letters wrote to KrebsOnSecurity asking for more information, as the company hadn’t yet published any details about the breach on its Web site. Also, most of those folks said they’d never heard of ComplyRight and could not remember ever doing business with a company by that name.

Read more