knowledge-based authentication – Computer Security Articles

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

February 26, 2018 admin A Little Sunshine, Equifax. Spokeo, Informed Delivery, KBA, knowledge-based authentication, LexisNexis, Security Tools, USPS, Zillow

Credit to Author: BrianKrebs| Date: Mon, 26 Feb 2018 19:28:41 +0000

In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images. The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front and back of each envelope or package destined for a specific address.

Independent Krebs

USPS ‘Informed Delivery’ Is Stalker’s Dream

October 2, 2017 admin Alston & Bird, Equifax, georgia tech, Informed Delivery, KBA, knowledge-based authentication, Other, Peter Swire, U.S. Postal Service, USPS

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2017 16:32:33 +0000

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns.

Independent Krebs

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

May 18, 2017 admin avivah litan, Equifax, Gartner Inc., ICSI, Identity Theft, International Computer Science Institute, knowledge-based authentication, Nicholas A. Oldham, Nicholas Weaver, Other, TALX, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.