There’s no arguing that social networking websites like MySpace.com, myYearbook.com and Facebook.com are more popular than ever. Yet, many people don’t seem to realize that these Web 2.0 sites can pose some online identity theft and other Internet privacy issues — not only for young people, but also for parents and guardians alike.

A few weeks ago I watched as my 14-year-old niece spent most of her free time interacting with her posse of friends on Facebook. She would occasionally come up for air to make a quick phone call or check the score of a basketball game on TV, but it was very clear to me that online security wasn’t much of a concern for her – her username was her nickname and her password, the name of a local school.

Click to read more ...

Speaking of ridiculous e-mails, has anyone received one lately from the offspring off a dead Nigerian diplomat? You know the one — that same guy who has specifically chosen you, from all the world’s online users, to help him move millions of dollars of shady inheritance in return for a hefty seven-figure fee (for the record, these e-mail scams are actually called “Nigerian 419 scams”).

Or how about those e-mails congratulating you on winning a lottery in the Netherlands — or maybe in Spain? How you can win a lottery somewhere if you never bought a ticket?! In spite of it all, don’t those e-mails almost seem legitimate? I mean, they don’t actually ask you for any personal information or money.

If you still receive online messages like these, don’t sweat it. Almost everyone does. And you’ll be surprised how many people actually do fall for these email scams. If you’re one of them, though, here’s some sound advice:. Don’t quit your job! Needless to say, there’s no lottery payout, and the Nigerian millionaire’s nephew is most likely a down-and-out scammer, e-mailing you and millions of others from a shabby cyber café in downtown Lagos. So what’s all the hubbub about?

Click to read more ...

The sanctuary of safe surfing may seem like a distant dream. Every day brings either a new threat or a new and more creative version of an old scam. Thieves have good reason to be more creative – technology is getting better at stopping scams, law enforcement is better at identifying culprits, and consumers (at least some of them) are becoming more aware and less likely to be fooled by the same-ole-same-ole.

But another reason thieves are becoming more creative is because there’s a lot of money at stake. More consumers, more high speed internet connections, more credit cards and more online stores means lots more business opportunities.

Security experts that track hackers and identity thieves regularly reports online stashes containing credit card information worth millions – information that’s being offered for sale on the hacker black market.

Click to read more ...

The recent hack of Monster.com servers may have exposed far more job seekers than originally believed. While the original estimate suggested a few hundred thousand users might be affected, the estimates have quickly risen to 1.3 million users with a caution from Monster that not only could the final numbers be much higher, but this might not have been the only security breach of their web site.

Perhaps the only good thing about this and other data breaches is that there are lessons to learn. For example, the Identity Theft Resource Center, a great victim resource based in San Diego recently issued some advice to job seekers that could help minimize the risk of a resume or job application being turned into an identity theft.

For example, you should always leave the following information out of a resume or job application (at least until you have no choice):

- Your Social Security number: an employer doesn't need that until they're ready to hire you, and even then you need to make sure the company and job offer are legitimate.

- The dates you attended various schools, because many authentication security questions use this information (for accessing online bank accounts, for example).

- Your home address; a city and state should be more than enough on your resume.

- Your date of birth should also be unnecessary until you're offered the job. 

- Professional certifications and memberships: these can make it too easy for a thief to socially engineer you into opening an infected email from what you believe is a trusted source. 

- And keep your drivers license number to yourself as well.

But as the Monster data breach showed, the risk is not only that thieves will steal your personal information from an exploited database, but that they are now learning to use the stolen information to create phishing attacks on users.

In other words, using the stolen information to trick job seekers into providing even more personal information, participating in fraudulent schemes, or downloading information-stealing Trojans.

Last week I reported on rumors that users of Monster.com's job search web site might have had their personal information stolen by a gang of hackers that had managed to infect the Monster site with malicious code.

Now the media is reporting that not only are the rumors true, but instead of affecting a few thousand victims as many as 1.6 million records might have been compromised, affecting hundreds of thousands of users.

The scheme apparently used infected ads and banners on the Monster.com web sites to steal personal information that was then used to send phishing emails to Monster users. These emails in turn installed an information-stealing Trojan on the user's computer in an attempt to steal bank login and password information.

Not surprisingly, there's no mention of the issue on Monster's home page. Under a very obscure link called Security Center, there is a vague reference to a "fraudulent email" that may be in circulation, and simply advises that if you responded to such an email you should contact law enforcement. So that maybe they could clean up Monster's mess? Nice one!