We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills.

While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or personal data for their personal gain — otherwise known as identity theft. This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case.

The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior. This article provides essential information about identity theft, giving you the tools you need to become an empowered internet user and live your best life online.

5 steps to take if your identity has been stolen

The internet is a great place to be, but identity thieves hope to catch you off-guard and seek access to your personal information for their benefit. This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more.

You don’t have to be kept in the dark, though. There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. If you suspect that you’ve been affected by identity fraud, you can act fast to minimize what happens. Here’s what to do.

File a police report

Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam.

Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know.

Notify the company where the fraud occurred

You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. For example, if someone used your credit card to make purchases on Amazon, alert the retailer.

Medical identity theft is another good example. In this case, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices like wheelchairs. If someone uses your health insurance to get prescription drugs from a pharmacy, for instance, make sure to alert the pharmacy and your insurer.

File a report with the Federal Trade Commission

The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.

Ask credit reporting agencies to issue a fraud alert

A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases.

There are three main agencies: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency.

A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus.

A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze.

Change passwords to all of your accounts

Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong passwords with a mix of numbers, letters, and symbols. Further, if there’s a chance to activate two-factor authentication on your accounts, this can provide added protection going forward.

Is it possible to prevent identity theft?

Ideally, you’ll never become the victim of identity theft, but things can happen. Cybercriminals work hard, but you can stay one step ahead by taking a few preventative measures. These include:

Learn how to recognize common scams. ID theft comes in many forms, from email phishing scams to social media snooping, device hacking, and data breaches. Learn the signs of a scam. For example, phishing emails are often poorly written and frequently follow certain formats, like claiming that an account of yours has been suspended.
Activate fraud alerts. Most financial institutions provide alerts about suspected fraudulent transactions, sending you a notification via phone call, text, or email if they notice suspicious activity on your account. The bank may also freeze an account automatically until any potentially unauthorized charges are clarified and confirmed by the account owner.
Protect your devices with strong passwords. Your devices, including your phone, tablet, and laptop, should all be password-protected. In case one of your tech tools is stolen, it will be harder for fraudsters to gain access to your personal data. Set strong passwords with a mix of letters, numbers, and symbols. Make sure they don’t include information a person could figure out easily, like your home address or birthday.
Use different passwords for different accounts. Any online accounts you use, from your banking app to your email, should be password-protected. Follow the same rules for setting strong passwords, but don’t duplicate passwords. If a hacker cracks the code for one account, they can easily guess their way into your other accounts. A password manager can help you stay on top of your passwords by encrypting them and storing them safely for easy tracking. McAfee Identity Protection includes a password manager that can secure your account credentials across devices.
Protect your documents. Protect hard copies of sensitive documents, like your Social Security card and birth certificate, by keeping them locked away. Also, dispose of documents with personal data by shredding them. This ensures that dumpster divers can’t access your information. Documents to shred might include invoices, bank statements, medical records, canceled checks, and junk mail with your name, phone number, and address.
Don’t overshare on social media. Social media is a great way to connect with friends and family, but it can also be a goldmine for identity thieves. Avoid sharing details like your kids’ or pets’ names, which are often used in passwords. Sensitive information, like a home address or birthday, can also be used to build a fake identity. You may want to set your social media accounts to private in addition to limiting what you share.
Review your credit report. You have the right to one free copy of your credit report every 12 months, which you can request via AnnualCreditReport.com. This provides you with a report from each of the three major credit bureaus. Review the report, verifying personal information, account details, and public records (like bankruptcies or liens) to ensure there isn’t anything suspicious.
Follow the news. When major corporations are targeted by hackers, they’re required to alert affected consumers. These breaches are also often reported in the media. To take a more proactive approach, though, check out the McAfee blog, which reports on breaches. If a business you use has been affected, change your passwords.

You can further protect yourself with antivirus software like McAfee’s Total Protection plan. This can help protect your devices against spyware and viruses. You can also enhance your network security with a firewall and virtual private network (VPN). A firewall controls traffic on your internet network based on predefined security parameters, while a VPN hides your IP address and other personal data.

Sign up for a protection plan today

Don’t let concerns about identity fraud keep you from enjoying all the conveniences and perks the internet offers. McAfee’s identity theft protection services can help you stay connected while keeping you safe. Tailor your package to your household’s needs to get the safeguards you want, like ID theft coverage, VPN, and 24/7 monitoring. Our Total Protection plan also comes with $1 million in identity theft coverage to cover qualifying losses and hands-on support to help you reclaim your identity.

With McAfee by your side, you can stay online confidently.

The post What to Do If Your Identity Has Been Stolen appeared first on McAfee Blogs.

Read More

Some European cell phone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature.

This could be an interesting battle to watch.

Slashdot thread.

Read More

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock things up you need to be a cybercriminal.

Read More

Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation. Next-generation firewalls from Palo Alto Networks with AT&T Multi-Access Edge Computing (MEC) solutions are designed to help protect enterprises while optimizing security performance for these new use cases.

Prime time for innovation

AT&T MEC in combination with 5G/4G LTE create a private network solution that enables businesses to localize cellular data to improve their operations. The solution supports edge computing by routing application-specific traffic in a highly effective way. Built on a software-defined network, AT&T MEC enables direct access to cellular data for highly reliable local processing. This technology helps create new outcomes and capabilities by allowing applications to process data right where it’s needed. In addition, MEC enables customers to control their traffic flow, restrict devices and select application access for local business content, all while enabling macro cellular access when desired.

This means that businesses can locally process and transfer data-intensive files in near-real time, scale robotic operations, and offer highly immersive customer experiences. Some on-premises use cases for this include video AI, synchronous media collaboration and industrial manufacturing. These are just a few examples of how businesses are being transformed through edge computing technologies. And these use cases can span many industries – manufacturing, public sector, healthcare, education, stadiums, retail and more. AT&T MEC is leading the way in the rapidly evolving private cellular space driving the right innovation today and tomorrow. CRN has named AT&T to its 2021 Edge Computing 100 list – with recognition as one of those driving innovation in the IoT and 5G Edge Services Category.  The AT&T Multi-Access Edge Computing offering ties together cellular network architecture for real-time high bandwidth, low-latency access to latency-sensitive mobile applications. This is great news.  AT&T is helping businesses connect – harnessing LTE and 5G at the network edge.

Protection at every layer 

AT&T MEC not only helps to enable these business use cases but also provides additional privacy and control beyond the inherent security of AT&T’s 5G/4G LTE cellular network. With AT&T MEC your data is in your control so you can determine the location, cloud, local data center or somewhere else to route it. Data you consider sensitive or proprietary can be kept locally within your internal network, significantly mitigating the risk of it being illegally accessed or stolen. This helps give enterprise control and privacy of their data.

In addition to these privacy measures, security teams must also consider mobile devices that could inadvertently introduce threats. For example, a user accidentally downloads malicious software. Or, an IoT device becomes subject to a supply chain attack. In any environment, but especially in edge environments built for business-critical applications, businesses need to respond to these security events as fast as possible, identify malicious events, and act in real time. Therefore, defenses are needed to inspect the application flows to protect mobile devices and business-critical data in transit and at rest within your network. Adding this layer of security allows consistently enforced policies across all network environments, including private cellular networks like MEC network.

Proven, reliable technology and services

To protect against these advanced threats, AT&T now offers a managed next-generation premises-based firewall optimized to work with AT&T MEC. It starts with proven, reliable technology utilizing Palo Alto Networks ML-Powered Next-Generation Firewall platform based on a scalable, modular design that enables you to increase performance as your needs increase. This state-of-the-art firewall technology brings advanced capabilities to prevent known and unknown threats such as vulnerability exploits, ransomware, malware, phishing and data theft. It also includes unique technology from Palo Alto Networks called WildFire® which automatically detects and helps prevent unknown malware and taps into crowdsourced intelligence from more than 43,000 customers. Palo Alto Networks has been recognized by NSS Labs for having high security effectiveness and by Forrester Consulting for strong Return on Investment . Savings are possible  across many categories, but key areas are  in efficiency gains for IT and security and the reduced risk of a data breach.

Furthermore, this next-generation firewall is managed by AT&T’s state-of-the-art Security Network Operations Center (S/NOC) 24/7. The S/NOC team of security professionals use this highly secure, fully redundant site and its advanced intrusion detection capabilities to further analyze and respond to threats. They also help reduce complexity by assisting the customer with ongoing configuration changes to their firewall policies. 

Visibility and control

This next-generation firewall offering provides fully managed, end-to-end firewall protection for your mobile network data traffic including traffic routed through AT&T MEC. The firewall provides visibility of applications and mobile services including those using AT&T MEC Local Content Offload connectivity. In addition, it provides application layer protection by enabling application centric policies that could be used to block as many or all malicious applications or only certain types of malicious activities.

This offering can further help prevent malicious activity that could be concealed in encrypted traffic. Already without decrypting, it provides visibility into TLS traffic, such as the amount of encrypted traffic, TLS/SSL versions, cipher suites, and more. If an instance warrants decryption, the business has the flexibility to gain that additional insight for forensics, historical purposes, or data loss prevention (DLP) needs.

Conclusion

AT&T helps make it safer for you to innovate with leading edge technologies and the security elements to help protect this dynamic environment. Gain fully managed, end-to-end firewall protection for your private cellular network including traffic routed through AT&T MEC with next-generation firewalls provided by Palo Alto Networks.  To learn more- visit us at AT&T Cybersecurity Advanced 5G security solutions | AT&T Cybersecurity (att.com).

Read More

If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. 

In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first three quarters of 2021, we can see that the number of identity theft cases reported to the U.S. Federal Trade Commission (FTC)are up. Moreover, fraud connected with government documents and benefits has jumped by nearly 100,000 reported cases. Likewise, bank fraud saw a jump as well with a solid 30% increase. 

Figure-1-2021-FTC-Fraud-Reports-Q1-Q3

Figure 2- 2020 Fraud Reports, Q1-Q3

Likewise, compare 2021 to the same period in 2019 and the contrast is yet more striking: well over double the number of reports of identity theft. Also note the massive bump in fraud across the board as well—notably in government documents and benefits, which went from nearly 18,000 reported cases to more than a quarter-million cases. 

Figure 3- 2019 Fraud Reports, Q1-Q3

And that’s just what’s been reported in the U.S. Far more crime goes unreported, and it is estimated that the cost of identity theft and fraud goes well into the billions of dollars.

Yet behind each stat is a person, a family, and a household that dealt with anything from a financial headache to a major life event no thanks to identity theft and fraud. Accordingly, we’re seeing to it that each and every person has the tools to prevent this from happening to them.

Here’s a little bit about our approach. We looked at some of the key areas where people’s private information can be vulnerable and designed a tool that offers easy-to-use, intelligent protection for Windows, Android, and iOS devices, with a consistent feel on whichever device you’re using it.

Connect safely a VPN

Unsecured networks can leave us vulnerable, like when we use public Wi-Fi. What’s at issue is that a cybercriminal can potentially capture your login credentials and other personal information as you use a public network in a hotel, airport, coffee shop, library, and so forth.

So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily by detecting when you’re on a public network and automatically turning on on your VPN. The VPN then scrambles or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.

Dark Web Monitoring

Given that data breaches large and small continue to occur with more regularity than any of us would like, always-on monitoring of your private information is key.

Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.

To detect these dangerous leaks, we included dark web monitoring, which alerts you if your log-in credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.

Identity theft insurance and recovery support

Should the unfortunate happen to you, we have your back. In several ways.

Recovering from identity fraud or theft can be expensive. We’ll help relieve the burden with $1M coverage for lawyer fees, travel expenses, lost wages, and more. If money was stolen directly from a bank account, we’ll also reimburse up to $10,000 stolen funds.

No question about it, recovery can be time-consuming, confusing, and even frustrating. With that, we offer licensed recovery experts who can work with you any time, around the clock, all year long. These pros can use a limited power of attorney to do the heavy lifting for identity recovery, taking all necessary steps to repair identity and credit.

In all, we protect your time and your money as part of protecting your identity too.

New: Identity Protection Score

Knowing your safe and staying that way just got far simpler. With a colorful view, you can see exactly what your Identity Protection Score is at a glance, which compiles your overall levels of security, privacy, and identity theft protection. Better yet, if it spots gaps in your protection, it guides you through straightforward fixes that can make you safer than before.

It’s an industry first, and something we all deserve—the ability to clearly see exactly how secure you are and to quickly shore up your protection whenever it’s needed.

Ease of Use

Also on our list, we wanted to make personal protection easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or at home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.

It’s about enjoying the internet

Ultimately, that’s what any of us want—to enjoy the internet with confidence, knowing that whatever it is we’re doing online is secure.

The way we use the internet continues to evolve. After all, it wasn’t long ago that the idea of using a phone to see who’s at the front door may have seemed a bit odd. Let alone having a little chat with the speaker on your kitchen counter. Yet that’s where we are today. And as the internet evolves, so will we. The protection we offer will cover your increasingly connected life in whatever shape that takes.

No question about it. We’re committed to protecting you, your privacy, identity, and certainly your devices too—and making all of it simple.

Here’s to a happy and secure year!

The post Protecting Your Privacy This Year appeared first on McAfee Blogs.

Read More

Graham Cluley Security News is sponsored this week by the folks at HYPR. Thanks to the great team there for their support! A new guide by the analysts at The Cyber Hut looks at how Zero Trust increases business agility and provides practical guidance for eliminating passwords to accelerate your Zero Trust strategy. Passwordless MFA … Continue reading “Free guide: “A Journey to Zero Trust With Zero Passwords””

Read More

This blog was written by an independent guest blogger.

I was logging into one of my favorite online shopping sites the other day, and, as with all my other sites, I was presented with the multi-factor authentication prompt to complete the login process.  Anyone who knows me, knows that I have been a long-time supporter of multi-factor, or 2-step verification of any kind. 

The only problem I had with the login on this occasion, was that my phone was dead.  Like most folks, my phone contains the authenticator applications that allow me to log into most of the sites that do not allow the use of a FIDO hardware token.   This created an unusual conundrum, whereas, not only does my phone contain the authenticator application, but the only backup method the site offers is to send a text message to a registered phone number if the authenticator application is unavailable.   The problem is that the registered phone number is attached to the same dead phone that contains the authenticator application.

Usually, this is not a problem, as most sites that have fully thought through their implementation of multi-factor authentication have also considered the problem of the lost, or otherwise non-functioning phone, and they issue one-time codes when the 2FA process is first enabled.  These codes can be stored in a safe place.

Recently, when Google announced to a select group of GMail users that their mail account will be forced to use multi-factor authentication, many people protested.  While I can understand the shock that many felt at the imposition of an unsolicited change to the login process, I commended the fact that steps were being taken to protect these vulnerable accounts.  Google also did everything right, that is, they gave people multiple options to verify the log in process, including one-time backup codes to be used if the authenticating device is unavailable.

Many people who dislike multi-factor will lament at the thought of also having to store what amounts to other passwords, as one-time codes can arguably be thought of as just another password.  This is where a password manager can serve double-duty to assist the password-weary.

Most password managers offer text fields that often go ignored and unused. However, that big open space can be used to store a ton of useful information.  For example, the one-time codes can be stored there, in addition to the random answers to the common security questions asked by many sites.

None of what I am positing here should be misinterpreted to think that I am against multi-factor authentication in any way.  Until passwordless technology replaces the current methods, I will remain committed to supporting 2FA as the best method we have right now.  In the meantime, the problem that needs to be addressed is how to get more sites to fully realize their multi-factor implementations, and offer one-time codes along with whatever other methods they use for their enhanced security options.  One has to wonder why this was overlooked in the first place?  Until these solutions are established, I suppose I need to be more diligent about keeping my phone charged.  Happy shopping!

Read More

For years, “The Spine Collector” has been haunting publishers around the world, attempting to steal manuscripts by famous authors.

Read more in my article on the Hot for Security blog.

Read More