MyEquifax.com Bypasses Credit Freeze PIN

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at… Continue reading MyEquifax.com Bypasses Credit Freeze PIN

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images.

The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front and back of each envelope or package destined for a specific address. Continue reading USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

Stolen Credentials on the Dark Web: A Wake Up Call for Organizations Using KBA

Recent news accounts of security researchers discovering a database containing 1.4 billion breached credentials — reportedly, the largest such find on the Dark Web — is yet more evidence that online identity proofing that relies only on KB… Continue reading Stolen Credentials on the Dark Web: A Wake Up Call for Organizations Using KBA

Simple Banking Security Tip: Verbal Passwords

There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone. Continue reading Simple Banking Security Tip: Verbal Passwords

Security Sense: How Do You Do Knowledge Based Authentication When All Knowledge is Public?

How do you authenticate people based on data attributes they know when that very information is continually popping up in data breaches? It’s a hard problem with no easy answers.
read more
The post Security Sense: How Do You Do Knowledge Based Authenti… Continue reading Security Sense: How Do You Do Knowledge Based Authentication When All Knowledge is Public?

USPS ‘Informed Delivery’ Is Stalker’s Dream

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. Continue reading USPS ‘Informed Delivery’ Is Stalker’s Dream

Fraudsters Steal Tax, Salary Data From ADP

Identity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters. Continue reading Fraudsters Steal Tax, Salary Data From ADP

IRS: 390K More Victims of IRS.Gov Weakness

The U.S. Internal Revenue Service (IRS) today sharply revised previous estimates on the number of citizens that were hit by tax refund fraud since 2014 thanks to a security weakness in the IRS’s own Web site. According to the IRS, at least 724,000 citizens were victims of refund fraud after crooks figured out how to abuse a (now defunct) IRS Web site feature called “Get Transcript” to steal victim’s prior tax da Continue reading IRS: 390K More Victims of IRS.Gov Weakness