Target is the Latest Victim of Malware-Armed Hackers  

Even as you were rushing around preparing for your holiday celebrations, it would have been hard to miss all the news reports about the attack on Target customers' credit and debit card information. 

Although more information continues to be disseminated about the attack, we know that some 40 million accounts were exposed. Fraudsters stole cardholder names, card numbers, expiration dates and CVVs. The criminals then use this information for profit by either selling it to other crooks or producing counterfeit credit cards, which they can then use for fraudulent transactions. Those cardholders who had their information stolen and did not act quickly to get their cards cancelled may become victims of a wide range of crimes. 

If you aren't familiar with how such hacks can occur, watch this short video for a high-level description of the vulnerability faced by many retailers and other organizations today.

What should cardholders who shopped at Target during the exposure window do? Most importantly, check your credit and debit card accounts often. (You can usually do this online at any time instead of waiting for your monthly statement.) You may also choose to call your bank to see if it recommends reissuing your card. Often following a breach of this magnitude, banks will receive notice from Mastercard, Visa and others as to which card accounts have been compromised. 

New Phishing Scammers Impersonate Costco

Just yesterday, phishing fraudsters popped their heads into my email inbox hoping to fool me into clicking their links. Had I not known the warning signs of a fraudulent email, I may have done exactly that. Here is a screenshot of the email, and below the image, I've included a list of the red flags that were present in this particular email.  

Red-flag warning signs that helped me spot this as a fake:

• The sender's address is from a domain that is not Costco's.
• Although the domain (davidallbrittonbuildingcontractor.com) actually exists, the business does not have any type of product or service I would have purchased. 
• The Costco representative I called said they would never send a message like this, and that they don't do business with this particular vendor. (NOTE: I tried contacting the business to let him know it appears his email server has been compromised, but so far I've not heard back from him.) 
• The Costco logo is a little different than the one on the official Costco website.  
• There are no details about the alleged order (no order date; no list of the items ordered).   
• There are misspellings.   
• The 21-percent refund reduction is ludicrous (If something sounds fishy, that's because it usually is.)

If you receive an email with these warning signs and/or others, do not click any links. If you receive it in your work email, consider forwarding it to the person responsible for information security within your organization. That individual can then check it out and determine how to appropriately warn others in your organization to be on the lookout for similar phishing attempts. 

Who's Tweeting Your Every Move?

Around Thanksgiving, Storify turned one man's Twitter rant about a fellow airline passenger into a post for even more of the world to see. You can check it out here. For those of you unable to click outside links, let me share a few of the more outrageous Tweets that were rebroadcast in Storify's online "article:"

"Our flight is delayed. A woman on here is very upset because she has Thanksgiving plans. She is the only one obviously. Praying for her."

"I sent the lady a glass of wine and a note" [Publishes a Twitter pic of the wine and the note for all to read. It's addressed to "Lady in 7A" and signs off with "Hopefully if you drink it, you won't be able to use your mouth to talk."]

After the woman sends the Tweeter a note in reply, he posts a picture of it and then Tweets: "Diane is in her late 40s or early 50s. She is wearing mom jeans and a studded belt and she is wearing a medical mask over her idiot face."

Throughout this public string, the Tweeter seemingly shares a fellow passenger's physical description, first name, her seat number and the airline she's flying with. As it turns out, however, the incident was a fake; the Tweeter was making it all up basically for publicity.

Fabrication or not, the incident is a good reminder that any time you are in public - traveling or not - you are being surveilled. And it's not just by rarely accessed surveillance cameras anymore. Be careful when you speak and act, as you never know who could be taking offense or looking to embarrass you. 

Speaking of Surveillance, There Are Benefits...

Here's a good reason to install surveillance cameras on your home for security purposes: Woman stealing package from porch caught on camera.

This is not the first time surveillance cameras have caught thieves in their illegal acts. If you get packages delivered to your home, or have other reasons to increase security, you may want to consider installing a surveillance camera. There are many possibilities available. I will cover this in more detail in the February Tips.

Privacy Professor in the Classroom

I really enjoy educating audiences of all different backgrounds on the how-to's of privacy protection. If you're interested in attending one of my talks, here is an upcoming opportunity:

January 9, Webinar: Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things. Register here. (Attendees eligible for 1 hour CPE)

You Have My Permission to Share

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.