Fight Identity Theft Blog

It's a new year and — what do you know — there's a new tactic in the endless quest for new and improved phishing schemes from scammers.

Here's How It Works

Researchers at Trusteer recently released a security advisory detailing this new phishing technique. Rather than using email to lure unsuspecting victims into clicking over to a fake web site, this technique uses what Trusteer is calling "in-session" attacks. Here's a typical scenario:

• A user opens a browser and logs into their banking web site
• Leaving that browser session open, they open another browser window to check on their Webkinz or some other web pursuit.
• After a time, a pop-up window opens — supposedly from their bank web site — asking for them to re-enter their username and password.
• Since the user has recently logged in to the targeted web site, they are more likely to enter their info.

That's it! Their login credentials are now in the hands of the scammers.

What Makes It Possible?

A few things have to be in place for this to work. First, the scammers need a compromised web server in order to install the malware. Fortunately, there are lots of those around. Second, the malware has to be able to determine which other sites the user has visited. This is possible based on a vulnerability in the JavaScript engine used by Internet Explorer, Firefox, Safari, and Chrome.

From Trusteer:

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

How Can You Protect Yourself?

Well, the planets have to align a bit to pull this scam off and it's likely the JavaScript vulnerability will be patched in the near (hopefully) future.

Until then, Trusteer recommends the following preventative measures:

• Have an up-to-date anti-virus installed
• Be suspicious of any pop-ups asking you to login

and most of all...

• Log out of banking or other sensitive sites before heading over to Pogo.com for your bingo fix.

Learn more about this attack by downloading Trusteer's security advisory.

We're stepping a bit outside our normal comfort zone of covering scams, fraud, identity theft, and whatnot to present an offer that we think will be valuable to our readers.

For a limited time Suze Orman is making her latest book "Suze Orman's 2009 Action Plan | Keeping Your Money Safe and Sound" available for free via the Oprah Winfrey web site.

NOTE: Offer expires at 11:59 p.m. CT on Thursday, January 15

Why Should You Read This Book?

I have to admit that I haven't read the whole book yet. I wanted to get this posted so you would have time to download it before the offer expires.

What I have read, however, speaks directly to these ugly economic times. I see my friends in the U.S. and elsewhere struggle with layoffs, home foreclosures, business failures and every other kind of stressful situation. Unfortunately things don't look like they'll be improving anytime soon and we're all wondering how we're going to survive this downturn.

I think Suze says it best in her Introduction:

I bet you are scared. Angry, too. And confused. These are absolutely rational and appropriate responses to the global credit crisis that erupted in 2008 and continues to send tremors through every household in America. And I do mean every household. No matt er how conscientious you have been with managing your money, the events of 2008 have battered us all.

The one in 10 homeowners who are at risk of facing foreclosure on their homes are obviously scared, but so too are the 9 out of 10 homeowners who can afford their mortgage but are watching plummeting home values jeopardize their financial security.

It’s not just the overreaching Wall Street firms who are paying the price for those risky investments. Every U.S. taxpayer is now on the hook for a massive bailout — bailout engineered by the same players in the federal government that had turned their back on regulating the very practices at the root of today’s financial crisis. Angry? You should be.

In any case, the book is free until January 15th, so it won't cost you more than a minute or two of your time and a few bytes flowing over your internet connection.

I think it will be worth your while. Take care out there...

Go the the download page on the Oprah Winfrey website. Once the offer expires you can buy the book for less than $10 on Amazon

In case you want to learn more about the book, I've provided some Amazon reviewer comments and the table of contents:

Amazon Reviews

Suze hit it big with this book for many people. She wrote a precise book on how to handle 2009 proactively with specific "what to do" situations and how to assess financial challenges into correct decisions. Picking this book on Borders out of curiosity, I learn a lot from security precautions you should take from local banks. That alone pays the trip and the well deserved $10 I paid over a Dolce Latte over the quick read.

This is hands down Suze Orman's best book. Upon reading every word and turning every page I felt confident that I am on the right track. Following Suze's advise over the years has provided me with the education required to be prepared for what lies ahead. The Expenses breakdown chart is a very helpful tool to see where you can cut back. I also loved the format in which this book was written, it can be used as a reference tool and you can read based on your area of concern be it credit, 401k, retirement etc. I think everyone should not only read this, but live by it!

See the rest of the reviews on Amazon

Table of Contents

2009: The New Reality

A Brief History of How We Got Here

Action Plan: Credit

• Falling credit lines
• Rising interest rates
• FICO scores under pressure
• Repayment plan
• Debt consolidation
• Borrowing from 401(k)
• Borrowing from home equity line of credit
• Bankruptcy
• Collection agencies

Action Plan: Retirement Investing

• The case for stocks
• Allocation strategies
• 401(k) loan/early withdrawal
• IRA rollover
• Retiree income strategy
• Roth IRA conversion

Action Plan: Saving

• FDIC insurance
• Money market deposits
• Eight-month emergency fund
• Credit squeeze

Action Plan: Spending

• Expense/income worksheet
• Finding ways to save
• Needs vs. wants
• Insurance saving tips
• Car loans
• Dif?cult choices
• A challenge from Suze for 2009

Action Plan: Real Estate

• Mortgage-modi?cation options
• Short sales
• Foreclosure
• Home equity line of credit
• Home values
• First-time-buying tips
• Pre-retirement strategy
• Vacation homes

Action Plan: Paying for College

• 529 allocation strategy
• What you can afford
• Federal loan strategy
• Stafford student loans
• PLUS parent loans
• HELOC loans/401(k) loans
• Private student loans
• Repayment
• Consolidation

Action Plan: Protecting Your Family and Yourself

• Job-loss strategies
• Hope for the best, prepare for the worst
• Health insurance
• Life insurance

The Road Ahead

Medical identity theft is a growing problem. Experts estimate that between 200,000 - 500,000 people are already a victim of this crime - and most don't even know it.

The World Privacy Forum has been a pioneer in identifying and researching medical identity theft issues. Here's how they describe the problem:

Medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity -- such as insurance information -- without the person's knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.

Medical Identity Theft Basics

So how does medical identity theft occur and how can it affect you? Here's a video from CBS' The Early Show that explains the basics:

How Can You Protect Yourself?

The World Privacy Forum has great information on detecting and preventing medical identity theft. Here are the things to watch:

• Closely monitor any "Explanation of Benefits" sent by an public or private health insurer

  Health insurance companies often send out notices in the mail that describe recent medical events. Pay attention to these and contact your health care provider if they don't look familiar.

• Pro-actively request a listing of benefits from your health insurers
• Request a copy of current medical files from each health care provider

  Look over these files to make sure that all the information is familiar. Report any errors or strange information to your health care provider.

• Correct erroneous and false information in your file
• Keep an eye on your credit report

  Medical expenses should eventually show up on your credit report - especially unpaid accounts that were created by an identity thief.

• Request an accounting of disclosures

  This is a benefit of HIPAA (the Health Insurance Portability and Accountability Act). This relates to all of the documents you now sign when going to your doctor relating to privacy and information sharing. You can request a list of all the times your medical information has been shared along with the reason for sharing.

More information from World Privacy Forum.

WEBex INCORPORATION LOTTERY(AUSTRALIA).
678 NIN NAMARAL STRAATWEG 5009GL.MELBOURNE AUSTRALIA.

WINNER NO: 5

ELECTRONIC MAIL AWARD WINNING NOTIFICATION AWARD PRESENTATION CENTER

DATE:5/12/2008.
Ref:4758961725
Batch No:70564943902/188
Winning no:FGNGB2701/LPRC

CONGRATULATIONS

Hello Lucky Winner,

We are delighted to inform you of your prize release on the 5th of DECEMBER, 2008 from the WEBex INCORPORATION LOTTERY program.

Which is fully based on an electronic selection of winners using their e-mail addresses, your name was attached to ticket number 47061725 serial number 07056490902 batch number 7741137002.

This batch draws the lucky numbers as follows 5-13-33-37-42 bonus number 17, which consequently won the lottery in the second category. You here by have been approved a lump sum of $500,000.00(US DOLLARS) in cash credit fileref ILP/HW 47509/02 from the total cash prize of $2,000,000.00(US DOLLARS) shared among lucky winners in this category.

All participant were selected through a computer balloting system drawn from Nine hundred thousand E-mail addresses from Canada,Australia,United state,Asia,Europe,Middle East, Africa and Oceaniaas part of our international promotions program which is conducted annually.This Lottery was promoted and sponsored by conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base.We hope with part of your prize, you will participate in our end of year high stakes for $1.3Billion(US DOLLARS) international draw.

HOW TO CLAIM YOUR PRIZE: Simply contact our fiducial agent,

Name:Dr Lati Umar
Email:dr.latiumar@webportal.com.my

Please quote your reference,batch and winning number which can be found on the top left corner of
this notification as well as your full name,address and telephone number as to help us locate your fileeasily.

For security reasons, we advice all winners to keep this information confidential from the public until your claim is processed and your prize released to you.This is part of our security protocol to avoid double claiming and unwarranted taking advantage of this program by non-participants or unofficial personnel.

Note: All winnings MUST be claimed on or before the One month. Other wise all funds will be returned as unclaimed and eventually donated to charity .

Congratulations, once more from the entire Management and Staff of Webex LOTTERY Co-operation to all our lucky winners this year.

Thank you for being a part of this promotional lottery program.

Yours Faithfully,
co-ordinator.