All posts by rocco

Threat Intelligence and Protections Update Log4Shell CVE-2021-44228

Read Time:9 Minute, 36 Second

Threat Summary

Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability of the POC exploit and ease of exploitation triggered the widespread exploitation attempts that we are now witnessing.

CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation.

Should the vulnerability be present, an attacker might run arbitrary code by forcing the application or server to log a specific string. This string can force the vulnerable system to download and run a malicious script from the attacker-controlled system, which would allow them to effectively take over the vulnerable application or server.

A full technical analysis can be found here:

McAfee Advanced Threat Research: Log4Shell Vulnerability is the Coal in our Stocking for 2021

In this blog, we present an overview of how you can mitigate the risk of this vulnerability exploitation with McAfee Enterprise solutions. Due to the severity of this vulnerability and the observed exploitation attempts already taking place, the KB article linked below will be continually updated to communicate detailed actions to mitigate risk with McAfee Enterprise products. Subscribe to this KB article to receive updates pertaining to related coverage and countermeasures.

KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution

Attack Chain and Defensive Architecture

Organisations preparing to defend against this threat needs to think beyond the initial access vector. What the vulnerability allows a threat actor to do is initially only connect to a remote endpoint and establish a beachhead. The attacker only gets a return on investment when they can exploit that initial foothold either to move laterally, execute additional payloads on the endpoint or attack other organisations as part of a botnet. Instead of just focusing on the initial access vector, let’s look at the entire defensive kill chain.

The impact on organisations varies between resource takeover, denial of service or data theft. Therefore, making visibility in attack patterns and trend via threat intelligence extremely critical. In addition, other attack vectors have been discovered which allows for local exploitation of the log4j library over WebSocket.

Let’s walk through the defense lifecycle in more details

Getting the Latest Threat Intelligence

Threat Intelligence is critical to adapt security controls and gain an understanding of attacker techniques and active campaigns exploiting the vulnerability

 

The MVISION Insights platform reports threat intelligence related to the Log4j attacks under the campaign name Log4Shell – A Log4j Vulnerability – CVE-2021-44228.

The Global Prevalence map snapshots captured on the 10th and 16th December 2021 demonstrates how impactful has being the vulnerability so far and how fast activity, both defender and attack, is increasing and spreading worldwide.

MITRE Techniques Observed:

Exploit Public-Facing Application – T1190 (Initial Access)
Exploitation of Remote Services – T1210 (Lateral Movement)
External Remote Services – T1133 (Initial Access, Persistence)
Resource Hijacking – T1496 (impact)
Web Shell – T1505.003 (Persistence)

As we are writing this blog, on MVISION Insights there are 1,813 IOCs including MD5, SHA256, URL, IP, DOMAIN, HOSTNAME. In terms of Determinism, 1,632 are unique and 30 are commodity.

The top MD5 detected so far has been related to Kinsing (MD5: 648effa354b3cbaad87b45f48d59c616), a crypto miner with backdooring features. The file runs on Linux machines and has been uploaded on Virus Total for the first time in December 2020.  Its detection increased by 161% between the 11th and the 15th of December 2021 and it is currently observed in 19 different countries. The log4j vulnerability is helping threat actors to push Kinsing malware via encoded payloads to vulnerable services exposed to the internet. And this is just the tip of the iceberg. We are actively monitoring for and analyzing new payloads.

The same unique indicator is also reported as part of other two threat campaign on MVISION Insights:

Kinsing Malware Adds Windows to Its Target List
Misconfigured Apache Hadoop YARN Exploited

Since April 2020, when the Kinsing crypto miner was discovered, further developments of the malware have occurred including a rootkit component and other features that make detection harder. Kinsing comes with multiple shell scripts that download and install the backdoor, miner, and rootkit alter the system itself.

The IP address 45.155.205[.]233 included within the MVISION Insights IOCs and used by threat actor as a log4j callback attack server has been detected 6,884 times by December 4th topping 15,106 detections by December 7th. Most detected countries included the United States, Turkey, Thailand, UK, Taiwan, and Italy.

MVISION Insights also includes indicators related to unique variants of MIRAI botnet that McAfee observed being leveraged by threat actors to exploit the log4j vulnerability.

Shell scripts are using wget and curl tools for external communication as part of the attack chains analyzed.

Latest updates highlighted Conti ransomware group actively leveraging the Log4Shell exploit to gain access to internal corporate resources and lunch their malicious payloads. But also, Khonsari group and state sponsored APT35 have been reported by researchers.

Determining your Asset Exposure

In this case, you should detect and prioritise internet facing applications running java-based web servers such as Apache Tomcat, either isolate or patch these resources. Run vulnerability scans for both monolithic and containerized workloads to build an inventory of assets that might be impacted.

MVISION Cloud

Continuously discovers your cloud resources and can run vulnerability scans for Virtual Machines and Containerized workloads in the cloud. MVISION Cloud has the ability to build an inventory of running processes within workloads as part of it application control capabilities. If log4j is used as a separate package we will detect the vulnerability in both runtime and container registry. If the log4j is included in the java binary we will not be able to scan it.

Ensure you run configuration audits for cloud assets that allow unrestricted outbound access and does not use firewalls or NAT GW’s for outbound connections. Run configuration audits for secondary misconfigurations that might allow the attacker to exploit IAM to elevate privileges, gain persistence or takeover other resources. 

MVISION Insights

Compares the available defensive capabilities on the endpoint to the attacker techniques, tools and IOC’s and highlights exposed endpoints.

MVISION EDR

You can perform real time searches in MVISION EDR to identify endpoints with Log4j binaries.

Blocking Exploitation Attempts

The attacker only succeeds if they can get to this stage so blocking outbound suspicious connections, preventing execution of additional payloads, and protecting credentials/auth tokens theft are things that could prove to be critical in defeating the attack. As part of the available threat intelligence attackers are using several post exploit methodologies to pivot from the original log4j injection vulnerability. This varies from misuse of resources with crypto miners, deploying malware, or exfiltrating sensitive information.

MVISION Cloud – Cloud Native Application Protection Platform (CNAPP)

Use Application Control (VM and Containers) to kill unverified server processes and payloads from executing.

OS Hardening (VM) – ensure that SE Linux state is enforcing

MVISION UCE

Use UCE URL filtering and Remote Browser Isolation to prevent browser-based exploit attempts over WebSocket and C2 attempts.

McAfee Endpoint Protection Platform

Use signature-based protection in ENS 10.7 to block known hashes of second stage malicious payloads. On December 12, 2021, McAfee Enterprise released V3 AMCore content 4648 (ENS) and V2 DAT 10196 (VSE). Generic detections are provided under the title Exploit-CVE-2021-44228.C.

In ENS (Endpoint Security) 10.7 update 4 and above, there is a powerful security feature available to every defender, which is the ability to trigger a memory scan from an Expert Rule. For more details on this capability, please see this blog post from our AC3 team

https://www.mcafee.com/blogs/enterprise/log4j-and-the-memory-that-knew-too-much

Additionally, it is recommended to enable the ENS ATP rules that prevent or detect post exploitation techniques such of second stage payload execution, credential dumping or encryption activity from ransomware, use of malicious tools or lateral movement.

Network Security Platform

An Emergency User Defined Signature has been written and tested by McAfee Enterprise to provide immediate protection against the Apache Log4j2 Remote Code Execution Vulnerability.

User-Defined Signature: KB95088 – REGISTERED – NSP Emergent UDS Release Notes – UDS-HTTP: Apache Log4j2 Remote Code Execution Vulnerability
Attack ID: 0x4529f700
Attack Protocol: HTTP
Attack Direction: Client to Server
To be included in the next regular sigset? Yes
Released date: December 10, 2021

For details on latest signatures, please follow the KB…KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution

Detecting and Hunting for Exploitation Activities

Assuming breach is critical especially if you know that you had exposed assets and therefore, build forensics and post exploitation detection techniques this includes exploitation of living of the land binaries (LOLBINS), credential dumping as well as using information such as known file hashes / hunting queries to query web server / reverse proxy/ Network IPS logs.

MVISION Insights

In addition to an Intelligence Summary, Insights provides exportable YARA rules to find additional Indicators of Compromise.

MVISION EDR

As mentioned above, you can leverage Real Time and Historical Search functionality to proactively identify vulnerable systems or post exploit activity such as…

historical process execution spawning from Java as this could be a clear indicator that the parent java process was used to spawn additional malicious processes.
monitoring for detection of threats emanating from assets running Java
identify outbound communication attempts to known C2 domains through DNS or Web traffic

Identify Indicators of Compromise associated with exploit payloads

Data Exfiltration Visibility and Control with Cloud Security

Along with control on the endpoint, visibility into attacks and where data is being uploaded is also critical to stopping Data Exfiltration. Mapping threats to the MITRE ATT&CK Framework will provide visibility into ongoing attacks happening in the cloud and where security controls can be improved to stop future attacks.

Another critical method to stopping the exfiltration of data is putting restrictions against data uploads to non-sanctioned cloud storage. Limiting data uploads to only sanctioned Cloud Service Providers can stop external and insider threats from transferring data to Cloud Services that are questionable or not sanctioned. The Cloud Registry within MVISION Cloud/Unified Cloud Edge will provide ratings for well over 25,000 Cloud Service Providers so restrictions can be placed on CSPs with high risks or attributes that put company data at risk.

Summary

The current situation is dynamic and our resources to help you understand the attack and mitigations available are also evolving. For the latest updates on McAfee Enterprise threat intelligence and defender resources please continue to follow these sites

MCFE Log4Shell Vulnerability KB: https://kc.mcafee.com/corporate/index?page=content&id=KB95091

MCFE Log4Shell Security Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10377

MCFE Log4Shell Vulnerability Blog: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/

MCFE Log4Shell Exploit Demonstration by McAfee ATR: https://www.linkedin.com/posts/mcafeeenterprise_cve-2021-44228-log4shell-exploitation-activity-6876241150219485184-URLE

MCFE LinkedIn Live Customer Briefing: https://www.linkedin.com/posts/mcafeeenterprise_mcafee-enterprise-atr-explore-the-internet-breaking-activity-6876614287197122560-wNuD

FEYE Log4Shell Vulnerability KB: https://community.fireeye.com/s/article/000003827

The post Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 appeared first on McAfee Blogs.

Read More

Helping Older Adults Build Strong Digital Literacy Skills

Read Time:4 Minute, 21 Second

Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults.  

Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and even social media can be overwhelming. And, since the pandemic, the digital divide between older adults and digital skills has become even more evident.   

Digital Divide  

One Pew study revealed that older adults continue to lag behind younger adults when it comes to technology adoption in that 41% do not use the internet at all, 23% do not use cell phones, and over 75% say they require help when learning how to use new technology.   

Bridging the Gap 

The Pew study also highlighted good news: Attitudes shift for the better when older adults increase their digital skills and access the Internet more frequently. Fully 79% of older adults who use the internet regularly agree with the statement that “people without internet access are at a real disadvantage because of all the information they might be missing.” In comparison, 94% agree with the statement that “the internet makes it much easier to find information today than in the past.” 

So how can we help the older adults in our lives grow both their digital skills and their confidence? Building practical digital skills begin with a commitment to one another, to consistency, and to learning. Here are some tips to get you started.  

7 Ways to Boost Digital Literacy 

1. Schedule dedicated time.

If you are helping an older adult build their digital skills, it’s crucial to schedule dedicated training time. Commitment and consistency will be key to achieving real results. If you’re the older adult learning on your own, set aside dedicated learning time with clear goals. For instance, “Each day this week from 7 a.m. to 9 a.m. I will learn how to set up my email and how to maximize security on all my devices.”  

2. Choose your resources and go!

Fortunately, more and more resources are emerging to help older adults bridge their technology gaps, and most are free. A few places to begin include AARP’s Senior PlanetCandoo Tech, and GetSetUp. To find a program in your area, go to at3center.net. 

3. Prioritize cybersecurity. 

Online security is one of the most critical conversations you can have with the older adults in your life. Following best practices such as installing security software, using strong passwords with Two-Factor Authentication (2FA), understanding data privacy, and knowing how to identify phishing and malware scams are fundamental components of digital literacy. For a deeper dive into cybersecurity best practices, read more 

4. Explore media literacy.

Older adults can easily fall prey to scams, conspiracies, hoaxes, and false news stories online. A recent study out of Princeton and NYU found that, prior to the 2016 election, adults over 65 were seven times more likely than those under 29 to post articles from fake news domains.Understanding how to spot misinformation online is a critical skill for anyone online. One resource to build media literacy is MediaWise for Seniors, a series of free online courses by Poynter designed to help older adults detect and combat fake news and misinformation. In addition, consider dialogue on how to challenge each piece of digital content by asking: 

Do I understand all the points of view of this story? 
What do I think about this topic or idea? 
Am I overly emotional and eager to share this publicly? 
Am I being manipulated by this content? 
What if I’m wrong? 

5. Avoid technical jargon. 

Jargon excludes and when you use insider language with a non-technical person, it can get overwhelming. Slow down. Use ordinary terms. For instance, instead of the hyperlink, consider “link.” Instead of URL, opt for “website address.” Rather than DM/PM, use “Private Message.” Note: Avoiding jargon doesn’t mean you dumb down to a person; it means using plain language to explain the same concept.   

6. Be patient. 

It’s a myth (and an unfortunate stereotype) that older adults don’t have the ability or don’t want to learn about technology. Frankly, they can, and they do. However, physical and mental changes are part of the aging process, which means repetition and patience are part of the process. Consider creating easy-to-read cheat sheets to summarize the day’s lesson.  

Technology is impacting our lives in myriad ways, and no one feels this reality pressing in more than older adults. If you find yourself in the privileged position of coaching an older adult toward digital confidence, remind them of the gains ahead and that the gap from “here” to “there” isn’t nearly as large as they’ve imagined. Whenever possible, point their sights to the proven benefits of stepping off the sidelines and into a connected world.  

The post Helping Older Adults Build Strong Digital Literacy Skills appeared first on McAfee Blogs.

Read More

9 Ways to Determine If Your Identity Has Been Stolen

Read Time:8 Minute, 1 Second

Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may dip their credit score.

Fortunately, you can help minimize what happens by knowing the signs of identity theft and taking fast action when you recognize them. Find out how below.

How does identity theft happen?

Being online comes with many benefits, but it can also come with some risks. Identity theft usually begins with the criminal accessing sensitive personal data, such as Social Security numbers, birthdates, home addresses, bank account information, and driver’s license details. The fraudster can then take this information to fake your identity, using it to take out credit cards, apply for loans, and more.

Here’s a quick look at some ways identity thieves can get their hands on your valuable data:

Phishing scams: Phishing scams can come in the form of mail, email, or websites. They may involve an identity thief pretending to be an entity you trust, like your own bank or insurance provider, to extract personal data.
Data breaches: Many companies store your data, from your health care provider to your internet service provider. For example, you may save payment details for your favorite shopping site. If hackers target those companies in a data breach, they can leak or access your sensitive information.
Social media snooping: Criminals may look to your social media to get information, like your birthdate and home address. Even seemingly innocent details, like the names of your children or pets, can be of interest to an identity thief. Why? People often use these details in their passwords.
Hacking devices: Hackers may try to infiltrate your computer, tablet, or mobile device through viruses or malware. That’s where antivirus software can help. McAfee’s Total Protection service works for you by protecting your devices and personal information from criminals.
Simple theft: Not all identity thieves use advanced methods to get your information. In fact, a person can steal your phone and access any personal data you have on it if they can unlock it. Since many people save passwords to sensitive accounts on their devices, they are easy to hack.
Dumpster diving: This is another example of a less tech-savvy approach to identity theft. If you throw away documents with sensitive data, thieves may get the information they want from your garbage. For example, bank account statements contain your account numbers, while pay stubs may include Social Security numbers. You should always shred paperwork before tossing it.

There are many ways thieves can get their hands on your data. Luckily, there are ways you can protect yourself against these methods. For example, you can protect your computer, tablet, or mobile device against hackers by equipping it with a strong password and safeguarding against phishing by adding a firewall and utilizing a virtual private network (VPN) like those offered by McAfee.

9 warning signs your identity has been stolen

With some best practices, you can protect your data and help safeguard you and your family against identity theft. One way to continue living your best life online is to watch for potential warning signs of identity theft. This ensures you can take fast action and minimize the effects if you’re targeted. Here are some essential signs to look out for.

You’re alerted to a credit card charge you didn’t make

Financial identity theft is one of the most common types of identity theft, and credit cards are a popular target. The rise in online shopping has made credit card fraud even more common.

Your online banking portal or app should allow you to set up alerts to email, call, or text you about suspected fraudulent credit card charges. If you get an alert, someone may have taken your identity.

Your loan or credit card application was denied

If you apply for a loan or line of credit and your application is denied, dig deeper. A rejection could indicate that your credit score is lower than you thought, possibly due to fraudulent activity. For example, someone may use your information to get new credit cards and not pay them off, leaving you responsible.

There’s a change to your credit score

Changes in your credit score can indicate identity theft. For example, if someone takes out utility bills in your name and doesn’t pay them, your credit score may dip. Checking your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) can help pinpoint the problem.

The Federal Trade Commission (FTC) allows U.S. consumers to get a free credit report every 12 months. Just visit AnnualCreditReport.com to get a copy of yours from the credit reporting agencies. You can also pay for credit monitoring services to track your score.

There’s a new account you didn’t open under your name

Once identity thieves obtain enough data, including your name and address, they might be able to open new accounts and credit cards. When you check your credit report, keep an eye out for new accounts that you didn’t open. Another red flag is if you start getting bank statements or bills addressed to you for accounts you don’t recognize.

Your information was part of a data breach

Companies are required to notify customers of data breaches that could impact them. For example, if you save your payment information and home address on a music streaming provider’s website and their database is hacked, identity thieves may get your data. Keep an eye out for notifications and read the news. The McAfee blog is another great resource for information on data breaches.

Debt collectors call about accounts you never opened

If debt collectors start calling, be cautious, especially if they’re referring to accounts you aren’t familiar with. Don’t provide personal information to any collection agencies that call, as this can be a potential phishing scam. However, it’s a good idea to follow up on these cases by checking your credit report for new accounts. You could be liable if someone opened accounts under your name and didn’t pay them.

You receive bills for medical services you never used

Medical theft occurs when a fraudster imitates another person to get health care or supplies. For example, a person might use your identity to get prescription medication at a pharmacy. If you get unfamiliar medical bills, follow up. Incorrect medical records could impact your insurance premiums or interfere with your ability to get the care you need in the future.

Mail is addressed to your home but with another person’s name

This could be an indicator of synthetic identity theft. This occurs when a fraudster creates a fake identity using various people’s real information. For example, they may use your address and Social Security number and another person’s photo to create a fake persona that’s creditworthy. They can then take out credit cards in that fake person’s name.

A tax return is filed under your name without your knowledge

If you receive a confirmation of an annual tax filing before you’ve filed, take note. Criminals may try to file a tax return for another person to access their tax refund. Alternatively, you may find that you’re unable to e-file your taxes, which can occur if someone else has already filed under your name.

What to do if you think your identity has been stolen

No one wants their identity stolen, but it’s still good to be prepared if it does happen. If you notice the above red flags, here are some steps you may need to take:

Change passwords and login details for any affected accounts. If you use the same password for other accounts, change those too. The good news is that McAfee’s identity protection services come with a password manager, so you don’t have to worry about remembering your credentials across devices.
Freeze accounts with banks or credit card companies that show any suspicious activity, including debit and credit card Most financial institutions have a dedicated fraud department to help.
Review your credit reports if you haven’t already and report any suspected fraud to the respective credit bureau.
Contact local law enforcement to file a police report for lost or stolen credit cards, driver’s licenses, and more. Also, report your lost license to the DMV.
Alert the IRS fraud alert department in case of tax-related fraud.
Report Social Security-related fraudulent activity to the relevant government agency, the Social Security Administration’s Office of the Inspector General.
Place a freeze on your credit report. This blocks access to it to extend credit, ensuring no one can take out new lines of credit in your name.

You may also want to visit IdentityTheft.gov to report identity theft and find resources to help guide your recovery plan.

Get personalized online protection

Worries about identity fraud shouldn’t prevent your household from enjoying the benefits of a connected world. McAfee’s identity theft protection services can help you enjoy everyday conveniences while keeping you safe. Packages can be tailored to your needs, including 24/7 monitoring, ID theft coverage, VPN services, and more. It’s guided online protection made easy.

The post 9 Ways to Determine If Your Identity Has Been Stolen appeared first on McAfee Blogs.

Read More

How to protect yourself from identity theft after a data breach

Read Time:6 Minute, 15 Second

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history. 

In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about. 

Data breaches are a (sad) fact of life 

Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include: 

Usernames and passwords 
Email addresses 
Phone numbers and home addresses 
Contact information for friends and family members 
Birthdays and Driver’s license numbers 
Credit and debit card numbers or bank account details 
Purchase history and account activity 
Social security numbers 

What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.  

Examples of data breaches over the recent years 

In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including: 

Facebook – 2019: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs. 

Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed. 

Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well. 

As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants. 

Staying secure in light of data breaches 

When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, there are multiple steps you can take to help protect yourself from the potential side effects.  

1. Keep an eye on your bank and credit card accounts 

One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals. 

2. If you’re a victim, report it to local authorities and to the FTC for assistance.  

File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site offers a step-by-step recovery plan that you can follow and track your progress as you go. 

3. Place a fraud alert 

If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well. 

4. Look into freezing your credit if needed 

Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency. 

5. Update your passwords 

Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as one you’ll find in comprehensive online protection software. 

6. Consider using identity theft protection 

A solution such as this will help you to monitor your accounts and alert you of any suspicious activity. Specifically, our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat. Also, it can help you steer clear of some types of theft with preventative guidance that can help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately. 

7. Use online protection software, and expand your security toolbox 

To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. Again, you’ll find a VPN as part of comprehensive online protection software. 

The post How to protect yourself from identity theft after a data breach appeared first on McAfee Blogs.

Read More

10 Ways to Protect Your Identity

Read Time:9 Minute, 56 Second

We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft.

Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals may take information like a person’s name, birthday, Social Security number, driver’s license number, home address, and bank account information and use it for their benefit. A name and matching financial information, for instance, can be used to apply for credit cards or open new accounts.

The good news is that you can safeguard yourself and your family with some best practices — allowing you to enjoy your best life online and worry less about cybercriminals. Share these 10 tips with your family to help keep your entire household safe.

Password-protect your devices with strong passwords

A good habit to get into is to password-protect your computer, tablet, and mobile devices through unique, strong passwords. These devices are home to some of your most sensitive information, including everything from emails to apps that connect to your bank accounts. So, if these devices fall into the wrong hands, a password makes it harder to access your personal data.

Take some time to come up with your passwords, though. It’s important to create strong passwords that hackers can’t guess. A strong password will include a mix of symbols, numbers, and letters. Steer clear of simple passwords like “123456” (it might seem obvious, but this is one of the most common passwords people use). Also, avoid including information that other people can guess, like your birthdate, home address, or name.

Don’t forget to use different passwords for different accounts. If you use the same password across multiple accounts, and a fraudster gains access to one account, they may access the others. Fortunately, McAfee’s identity protection services include a password manager, which can help secure your account credentials across multiple devices. This tool encrypts passwords, storing them safely and making it easy to keep track of them.

Learn how to identify and avoid phishing scams

Identity thieves are skilled at leveraging new technologies. Phishing is one great example of this. Phishing involves criminals masquerading as trustworthy entities, such as government agencies or banks, and using this trusted position to get sensitive information. Phishing scams started with traditional mail. They’re now also done via phone, text, and email.

As a general rule of thumb, never give out any personal information when contacted by a business, bank, or another entity. Also, make sure your email spam filters detect phishing attempts. Never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Some phishing emails include malware, which can infiltrate your device and access personal data. A McAfee Total Protection plan is an all-in-one protection solution that can help you detect and avoid malware.

Fraudulent websites may also use phishing techniques. A website may look similar to the legitimate website of a mortgage lender, bank, or credit card company but might be a fraudulent platform seeking to get information from consumers. Always verify that any website you visit is the legitimate website of the institution, and consider McAfee antivirus software, which offers a safe browsing solution.

Set up alerts through your bank

When financial identity theft occurs, this can also impact financial institutions like banks and lenders. So, they’re eager to prevent fraud, as well. One way they do this is through fraud alerts. You can set up your online banking to issue fraud alerts — for example, via an email, text message, or phone call — if your bank suspects suspicious activity on your account.

In some cases, a bank will also freeze your account until you verify whether the activity is legitimate. This is a common tactic used to protect against credit card fraud. Geo-control is one example: If you live in the U.S., but a German IP address uses your credit card, your credit card provider will likely issue an alert. You can also set up alerts for certain transaction amounts or types.

Review your credit report regularly

Your credit report is one of the most powerful tools you have at your disposal for catching identity thieves and stopping them in their tracks. You’re entitled to a free credit report every 12 months via AnnualCreditReport.com, an initiative of the Federal Trade Commission (FTC). You can get a free copy of your report from each major credit bureau: Experian, Equifax, and TransUnion.

Review your report thoroughly, checking for inaccuracies. When credit monitoring, check your:

Personal information: Verify that your name, address, phone number, birthdate, Social Security number, and employment details are correct.
Accounts: Confirm that all accounts listed are yours and current. Keep an eye out for unrecognized credit cards, utility accounts, phone accounts, or streaming accounts.
Public records: Check for foreclosures, civil suits, liens, or bankruptcies. If these issues are on your credit report and you don’t recognize them, you might be affected by identity fraud.

 

If you find any discrepancies, contact the appropriate credit reporting company. You should also contact the relevant financial institution and visit IdentityTheft.gov. You can report the suspected identity theft and find resources to help you recover.

Be mindful of what you share on social media

Social media is great for connecting with others online, but it does open the door to some vulnerabilities. Be careful about what you post, and steer clear of sharing personal details like your home address, children’s names, pet’s names, or birthdays, which some people use as passwords. If a social media platform offers two-factor authentication, opt in.

Images are another touchy subject. Never post photos that include private data, like a picture of your passport or vaccine card. Consider what’s in the background of any photos — from your home (with a house number) to mail with your address. Finally, you may want to set your visibility to private on all social media accounts, limiting who can view them. And even if your account is private, you should still follow the above tips.

Shred sensitive documents

Some identity thieves get people’s personal information by dumpster diving. One solution? Invest in a paper shredder. You’ll be able to shred documents into tiny bits that are hard to piece together, making it that much harder for someone else to piece together any personal information they contain.

Here are some documents worth shredding:

Debit card statements, credit card statements, and bank statements that contain personal financial information
Invoices or receipts containing details like financial account numbers
Documents containing your Social Security number, like pay stubs and work contracts
Junk mail with contact information, like your name and address
Old photos and IDs, which people can use to create fake IDs
Shipping labels, like those you might get from online retailers to make returns
Medical records or receipts, which may contain insurance information
Canceled checks

If you’re not sure whether something needs to be shredded, go ahead and destroy it. It only takes seconds, and you’re better off safe than sorry.

Protect all of your devices with antivirus software

Whether you use a computer, tablet, or mobile device for many of your online activities, like paying bills, these devices contain a lot of personal data. So, it’s good to protect them from hackers. ​​Install antivirus software like McAfee’s to protect against viruses and spyware. It would be best if you also had a firewall, which is a network security system that controls the incoming and outgoing network traffic based on set security parameters.

To take your device security a step further, you may also want to invest in a virtual private network (VPN). This helps hide your online activity. It can safeguard against hackers on public networks but is also worth using at home. It hides details like browsing activity, personal data, and IP address from potential snoops. McAfee also offers VPN services.

Keep personal documents in a safe space

While your computer, tablet, or mobile device may hold a great deal of personal data, you likely also have hard copies of sensitive documents worth protecting. Documents like your birth certificate, Social Security card, and passport contain valuable information that identity thieves can use for personal gain, so you want to make sure they’re kept in a safe space.

Don’t simply shove these documents into your desk drawer. It’s best to keep them in a locked, fireproof home safe with a secure code. To keep things organized, put each document in a protective plastic sleeve and put the sleeves in a binder. This can be useful if you have a large family and need to keep track of everyone’s data.

Follow the news to learn about data breaches

Sophisticated hackers don’t just target individuals. They may also try to infiltrate businesses, government agencies, higher education institutions, health care facilities, and any other organization that gathers sensitive consumer information. If an entity is subject to a data breach, they’re legally required to notify any consumers who may have been impacted.

However, it’s still good to inform yourself about potential breaches that may affect you. Larger-scale data security risks are usually reported in the media. We also post about data breaches on the McAfee blog. If an entity you do business with has been affected, change your passwords and the passwords of any related accounts immediately.

Know the warning signs of identity theft

Knowing possible signs of identity theft can help you catch it early so that you can continue to enjoy your time online. Educate yourself and your family about these warning signs, ensuring everybody stays safe. Here are some possible indications identity thieves have targeted you:

You receive phone calls from debt collectors about accounts you aren’t familiar with. Don’t provide personal information over the phone immediately. Check your credit report to get the details about the debts in question.
Your credit score experiences unexplained changes. Get a copy of your credit report from the major credit reporting agencies to find out why.
Your bank accounts or credit cards have unknown charges you (and your family) can’t account for. Contact your financial institution to report the suspected fraud, providing relevant documentation to back up your claims. You can also report fraud to your local government.
You receive a fraud alert from your financial institution. Check any activity deemed potentially fraudulent as soon as possible.
You get mail addressed to another person’s name. This could include medical bills, W-2 forms related to unfamiliar employers, or credit card bills, for example. Follow up with the relevant institution.
You experience problems with your tax return For example, the Internal Revenue Service (IRS) may reject your filing if someone else has already filed in your name (to get your tax refund). Contact the IRS fraud department.

You’re only a step away from better protection

The internet keeps all of us connected, but that’s why identity theft protection is important. With people increasingly connected, doing more, and sharing more online, cybercriminals can pinpoint weaknesses and take advantage. Hackers are ready to leverage your information for personal gain, and identity theft is no exception.

McAfee is here to help. McAfee’s identity protection services provide 24/7 monitoring of your email addresses and bank accounts, providing up to $1 million worth of ID theft coverage. You deserve to enjoy the comfort offered by the internet without stressing about identity theft. Implement the best practices above in your household so that you and your loved ones can stay connected with confidence.

The post 10 Ways to Protect Your Identity appeared first on McAfee Blogs.

Read More

5 Common Types of Identity Theft

Read Time:10 Minute, 55 Second

The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to.

And they sure have been busy. In fact, the U.S. Federal Trade Commission (FTC) received 2.1 million fraud reports in 2020. What is identity theft? Well, it’s the fraudulent use of another individual’s name and details for personal gain.

Those affected by identity fraud may see a dip in their finances and credit scores. They may also deal with anxiety around financial security going forward. However, while it’s important to be aware of the threat of identity theft, this shouldn’t be cause for alarm. There are plenty of tools and techniques that can help protect you and your family so you can continue to enjoy everything modern technology has to offer.

The first step in protecting yourself? Educate yourself. Understanding the different types of identity theft can help you safeguard yourself and your loved ones so that you can continue all your favorite online activities. Here we’ll define and explore the different types of identity theft to watch out for.

What is identity theft?

We’ve all probably heard of identity theft, but what is it? Identity theft is when someone uses another person’s financial or personal data, usually for monetary gain. This means a fraudster may take sensitive information like names, birthdates, Social Security numbers, driver’s license details, addresses, and bank account numbers or credit card numbers. They might then use this information to make purchases, open credit cards, and even use health insurance to get medical care.

5 types of identity theft

A little knowledge can go a long way in stopping cybercriminals in their tracks — especially since they’re becoming more sophisticated and coming up with new schemes every day.

Here are five common types of identity theft to help you stay one step ahead of hackers.

Financial identity theft

Financial identity theft is when one person uses another’s personal data for financial benefit. This is the most common form of identity theft (including the credit card example described above). Financial identity theft can take multiple forms, including:

Fraudsters may use your credit card information to buy things. We all love to shop online — even criminals. Unfortunately, this issue has become especially prevalent thanks to online shopping during the COVID-19 pandemic.
Hackers may steal funds from your bank account. Sometimes, the amount might be so small that it seems inconsequential, totaling just a few dollars. However, criminals can rack up millions in damages if they target enough people in this way.
Criminals may open new accounts using your Social Security number and other data. For example, a person may use your data to open a new line of credit. They then run through the credit line, leaving you to foot the bill.

The good news is that it’s easy to protect yourself against financial identity theft by checking your bank accounts, credit card statements, and bills. If you see an unexplained charge, contact your credit card company or bank immediately to report it. Also, check your credit report for changes in your score. An unexplained decrease in your score could mean fraudulent activity. You can do this through AnnualCreditReport.com, where you can get a free credit report every 12 months from each of the three major credit bureaus.

Another idea is to place a one-year fraud alert on your credit reports to keep people from opening new accounts in your name. This encourages creditors and lenders to take extra precautions to verify your identity before granting any loans or credit increases. You can also place a security freeze on your credit report, which blocks others from accessing it to extend credit.

Medical identity theft

This might not seem like a real form of identity theft, but it happens. Medical identity theft is when a criminal poses as another person to obtain health care services. In fact, fraudsters may use your name and insurance information to:

Get prescriptions for drugs.
Access medical services, from checkups to costly surgeries.
Obtain medical devices and supplies, such as wheelchairs or hearing aids.

This can result in you having bills for prescriptions, services, or devices you didn’t need, ask for, or even receive. Your health care and insurance records may even have these things added to them. An inaccurate medical record can make it harder for you to get the care you need in the future and even impact insurance coverage.

Fortunately, you can help minimize the risk of medical identity theft by regularly reviewing your medical claims. Contact your insurer if you see unfamiliar procedures, prescriptions, or services. You’ll also want to let your health care provider know so that they can ensure your medical files are correct. Finally, consider filing a complaint with the U.S. Department of Health and Human Services (HHS).

Criminal identity theft

Criminal identity theft occurs when a person arrested by law enforcement uses someone else’s name instead of providing theirs. They might be able to pass this off by creating a fake ID or using a stolen ID, like your driver’s license, to show to the police. This type of fraud can be difficult to detect until the consequences are evident, like:

You receive a court summons. For example, the courts may issue a summons if a criminal uses your ID for unpaid parking tickets.
A bench warrant is issued for your arrest. Unresolved problems like unpaid parking tickets can also result in a judge issuing a bench warrant. You may then be taken into custody at any time, even during a routine traffic stop.
A background check is issued. Sometimes, police will keep an identity theft victim in their database, noting it as an alias for the real criminal. This can result in a false criminal record showing up on your background check. This can cause problems with potential landlords and employers.

You can help protect yourself against criminal identity theft by safeguarding your ID. If your license or state-issued ID is lost or stolen, report it to the local Department of Motor Vehicles (DMV) and law enforcement. Also, limit the information you share online (and encourage family members to do the same). For example, if your teen got their first driver’s license and wants to share a pic of it on social media, explain why this isn’t a good idea.

Synthetic identity theft

As one of the fastest-growing types of financial crime in the U.S., synthetic identity theft involves creating fake identities using real people’s information. Fraudsters may use data like birthdates, addresses, and Social Security numbers from real people, blending them to create a fake profile. They can then use this persona to apply for loans or credit cards or commit other financial crimes. Kids and older adults tend to be vulnerable to this type of fraud since they rarely use their SSNs.

The most important thing about synthetic identity theft is knowing the signs and acting fast. Keep an eye out for any mail with your address on it but addressed to a different name and phone calls or mail about new credit accounts. You can further protect yourself by regularly checking your credit reports for unexplained changes and placing a security freeze on them.

There are also identity monitoring services available, which scan the internet, including the dark web, for breached Social Security numbers. If you suspect you or a loved one is the victim of synthetic identity theft, contact the relevant financial institutions to alert them.

Child identity theft

We all want to protect our children from bad actors, especially when it comes to identity theft. Child identity theft involves using a minor’s information to commit financial fraud, like opening a new account or line of credit under the child’s name. The thief may even use the child’s identity to get a driver’s license, apply for government benefits, or buy a house. This is often easier than targeting an adult because most kids don’t have credit reports or financial accounts, making them a clean slate.

Unfortunately, child identity theft is often perpetrated within the family by a relative who has access to the child’s data like their birthdate and address. And many children don’t realize they’ve been targeted until they’re older — for example, when they try to take out a student loan. By this point, the issue may have been escalating for years. So, it’s important as a parent to be aware of child identity theft.

The best way to do this is to check whether your child has a credit report with any of the three big credit bureaus (TransUnion, Equifax, and Experian). If so, review the report and report any fraudulent activity. You can also place a freeze on your child’s credit report to help minimize the risk of future fraud.

How do you know if you’re a victim of identity theft?

No one wants to be left in the dark when it comes to identity theft, so knowing the signs can help you spot it and take action quickly. This can help stop fraud in its tracks, minimizing both immediate damage and long-term repercussions. Some warning signs that may indicate identity theft include:

You get a fraud alert from a financial institution. To protect customers against identity thieves’ scams, most banks have security protocols to pinpoint potential data breaches. For example, if you live in the U.S., but a purchase is made using your credit card information in London, your bank may stop the transaction and send you a credit card fraud alert.
There are unexplained changes in your credit score. Your credit score going up can mean someone is trying to extend credit in your name (with the intent to run through it). A dip in your score could indicate anything from a loan application to a bill going to collection. You can get a free copy of your credit report from the three major credit bureaus every 12 months.
There are changes to your financial accounts. Check your bank statements at least once a month, keeping an eye out for unfamiliar transactions or withdrawals. Also, check for an increase in your line of credit or a new credit card account (which someone else may have requested in your name).
A loan or credit card application is denied. If you apply for a new credit card or a loan and are turned down, find out why. If you thought you had good credit, double-check your current credit history. Identity theft can result in your credit score
You get phone calls from debt collectors. If collection agencies start calling you about unfamiliar debts, someone else might be using your information to open financial accounts or take out lines of credit. Don’t divulge any personal information on the phone but do check your credit report to see what debts they’re referring to.
You get unfamiliar mail. If you get mail sent to your address that’s clearly for someone else, that person might be using your address for personal gain. Be wary if you receive medical bills in the mail that you don’t recognize or W-2 forms for companies you’ve never worked for.
You experience tax return If you get a tax transcript you didn’t ask for, or the Internal Revenue Service (IRS) rejects your e-filing, identity theft might be to blame. Some thieves will file fraudulent returns to get the victim’s refund. Contact the IRS fraud alert department.

You can also increase your odds of recognizing identity theft with tools like McAfee’s identity protection services. Our continual monitoring can keep tabs on over 60 types of personal information, which allows us to quickly identify security issues, alerting you to potential breaches so that you can fix them. We’ll also notify you up to 10 months sooner than similar services. By combining the best practices described above with a comprehensive identity protection service, you can worry less about identity theft and spend more time enjoying the internet.

Start protecting your information today

The internet makes daily life easier in many ways. You can now learn, work, play, and shop online. You shouldn’t have to forego these conveniences because of the threat of identity theft.

McAfee’s identity theft protection services can help keep you and your loved ones safe. McAfee uses extensive monitoring and an early detection system to notify you of potential risks or breaches. You’ll also have access to 24/7 online security experts and up to $1 million of identity theft coverage. Get the peace of mind you need to continue using the internet with confidence.

The post 5 Common Types of Identity Theft appeared first on McAfee Blogs.

Read More

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Read Time:6 Minute, 11 Second

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin, a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court. In May 2019, the jury awarded Terpin a $75.8 million judgment against Truglia. In January 2020, a New York grand jury criminally indicted Truglia (PDF) for his part in the crypto theft from Terpin.

A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Customers can legitimately request a SIM swap when their mobile device has been damaged or lost, or when they are switching to a different phone that requires a SIM card of another size.

Nicholas Truglia, holding bottle. Image: twitter.com/erupts

But fraudulent SIM swaps are frequently abused by scam artists who trick mobile providers into tying a target’s service to a new SIM card and mobile phone controlled by the scammers. Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many financial institutions and online services rely on text messages to send users a one-time code for multi-factor authentication.

Compounding the threat, many websites let customers reset their passwords merely by clicking a link sent via SMS to the mobile phone number tied to the account, meaning anyone who controls that phone number can reset the passwords for those accounts.

Reached for comment, Terpin said his assailant got off easy.

“I am outraged that after nearly four years and hundreds of pages of evidence that the best the prosecutors could recommend was a plea bargain for a single, relatively minor count of the unauthorized use of a Binance exchange account, when all the evidence points toward Truglia being one of two masterminds of a wide-ranging criminal conspiracy to steal crypto from me and others,” Terpin told KrebsOnSecurity.

Terpin said public court records already show Truglia bragging about stealing his funds and using it to finance a lavish lifestyle.

“He at the very least withdrew 100 bitcoin (worth $1.6 million at the time and nearly $5 million today) from my theft into his wallet at a separate, US-based exchange, and then moved or spent it,” Terpin said. “The fact is that the intentional theft of $24 million, whether taken at the point of a gun in a bank or through a SIM card swap, is a major felony. Truglia should be prosecuted to the fullest extent of the law.”

Nicholas Truglia, showing off a diamond-studded Piaget watch while aboard a private jet. Image: twitter.com/erupts.

Terpin also is waging an ongoing civil lawsuit against 18-year-old Ellis Pinsky, who’s accused of working with Truglia as part of a SIM swapping crew that has stolen more than $100 million in cryptocurrency. According to Terpin, Pinsky was 15 when he took part in the $24 million 2018 SIM swap, but he returned $2 million worth of cryptocurrency after being confronted by Terpin’s investigators.

“On the surface, Pinsky is an ‘All American Boy,’” Terpin’s civil suit charges. “The son of privilege, he is active in extracurricular activities and lives a suburban life with a doting mother who is a prominent doctor.”

“Despite their wholesome appearances, Pinsky and his other cohorts are in fact evil computer geniuses with sociopathic traits who heartlessly ruin their innocent victims’ lives and gleefully boast of their multi-million-dollar heists,” the lawsuit continues. “Pinsky is reputed to have used his ill-gotten gains to purchase multi-million-dollar watches and is known to go on nightclub sprees at high end clubs in New York City, and Truglia rented private jets and played the part of a dashing playboy with young women pampering him.”

Pinksy could not be immediately reached for comment. But a review of the latest filings in the lawsuit show that Pinsky’s attorneys stopped representing him because he no longer had the funds to pay for their services. The most recent entry in the New York Southern District’s docket asks the court to give Pinsky additional time to seek counsel, and hints that barring that he may end up representing himself.

Ellis Pinsky, in a photo uploaded to his social media profile.

Truglia is still being criminally prosecuted in Santa Clara, Calif., the home of the REACT task force, which pursues SIM-swapping cases nationwide. In November 2018, REACT investigators and New York authorities arrested Truglia on suspicion of using SIM swaps to steal approximately $1 million worth of cryptocurrencies from Robert Ross, a San Francisco father of two who later went on to found the victim advocacy website stopsimcrime.org.

According to published reports, Truglia and his accomplices also perpetrated SIM swaps against the CEO of the blockchain storage service 0Chain; hedge-funder Myles Danielson, vice president of Hall Capital Partners; and Gabrielle Katsnelson, the co-founder of the startup SMBX.

Truglia is currently slated to be sentenced in April 2022 for his guilty plea in New York. He faces a maximum sentence of up to 20 years in prison.

Erin West, deputy district attorney for Santa Clara County, told KrebsOnSecurity that SIM swapping remains a major problem. But she said many of the victims they’re now assisting are relatively new cryptocurrency investors for whom a SIM swapping attack can be financially devastating.

“Originally, the SIM swap targets were the early adopters of crypto,” West said. “Now we’re seeing a lot more of what I would call normal people trying their hand at crypto, and that makes a lot more people a target. It makes people who are unfamiliar with their personal security online vulnerable to hackers whose entire job is to figure out how to part people from their money.”

West said REACT continues to train state and local law enforcement officials across the country on how to successfully investigate and prosecute SIM swapping cases.

“The good news is our partners across the nation are learning how to conduct these cases,” she said. “Where this was a relatively new phenomenon three years ago, other smaller jurisdictions around the country are now learning how to prosecute this crime.”

All of the major wireless carriers let customers add security against SIM swaps and related schemes by setting a PIN that needs to be provided over the phone or in person at a store before account changes should be made. But these security features can be bypassed by incompetent or corrupt mobile store employees.

For some tips on how to minimize your chances of becoming the next SIM swapping victim, check out the “What Can You Do?” section at the conclusion of this story.

Read More

Free eBook! Ransomware – how to stop it, and how to survive an attack

Read Time:21 Second

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Ransomware attacks dominate the cybersecurity news headlines, with businesses all over the world wondering if they will be the next victim. It’s a legitimate, and growing fear, as the attackers get more … Continue reading “Free eBook! Ransomware – how to stop it, and how to survive an attack”

Read More

Smashing Security podcast #256: Virgin Media just won’t take no for an answer, NFT apes, and bad optics

Read Time:22 Second

After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend’s facial recognition.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Read More