December 2007

CU InfoSECURITY News Providing a brief summary of news and information related to security issues for credit unions - Plus some interesting and fun web sites.
(Click on photos to enlarge)

How to fully degunk a PC to get rid of crapware

Crapware slows your PC to a crawl, often causes instability and crashes, eats up valuable screen real estate, and may even border on malware. Yet it inevitably finds its way onto your computer -- and may even come WITH your computer when you buy it. Here's an explanation how to use a couple of free tools to deliver a one-two punch that eliminates crapware and improves the performance of your PC.
For more informatio: http://downloads.techrepublic.com.com/download.aspx?docid=301317&tag=nl.e036
or http://tinyurl.com/2xp8qw

Access Your Computer Remotely . . . and It's FREE

LogMeIn allows users to perform functions easily - as if they were sitting in front of that machine . . . and it's free.

If you need to access a remote Windows computer, you could manage it with Windows built-in remote access services, but a much easier - and free - solution is to use a website like LogMeIn.
Visit the site, download its remote-access client software and install it on as many machines that you need to access. Once the software is installed, you can access those machines via your browser with an account that you create on the LogMeIn website. You'll be able to launch programs on the remote computer, open files, check your email and perform all sorts of functions as if you were sitting in front of that machine.

I (Bill Rogers) have used this for more than 5 years from locations all over the country. All you need is access to the Internet. I have at least 5-6 friends and business associates using it and they all rave about it. Yes, there is a paid version, but the free service does a great job.
More info at: http://www.logmein.com

More CU phish tales surface

More phish tales from credit unions in three states surfaced this week, just as reports from a nationwide survey announced that 3.6 million U.S. consumers lost $3.2 billion in online phishing attacks this year. According to Stamford, Conn.-based research firm Gartner Inc., this year's loss figures are an increase from 2.3 million people who lost money last year. Gartner surveyed 4,500 online adults.
More info here:
http://www.cuna.org/newsnow/07/system122007-10.html?ref=hed
or http://tinyurl.com/2mjpyo

FTC’s ID-Theft Report: No Measuring Stick

The Federal Trade Commission’s first launched its identity-theft surveys in 2003, and they have become landmarks in defining the magnitude of the challenge. The FTC’s latest survey is remarkable for being in stark contrast to the results of other recent, well-received ID theft studies by Javelin Research and Utica College.

The 2006 Identity Theft Survey (using data from 2005 polling) notes drastically lower reported losses than in 2003—only $15.6 billion, compared to $46.7 billion. The average amount obtained by thieves also differs markedly: $1,882 in 2005 versus $4,789 in 2003. But the FTC notes that these are non-comparable numbers, obtained by different methodologies. In the latest survey, the FTC tallied actual losses reported, whereas in the first survey the commission used the mid-point figures of a specific range of losses ($300 within a “$100 to $499” choice), which were filled out by surveyed victims.

Read more at: http://www.americanbanker.com/btn_article.html?id=2007113068AR9QR9&email=y
or at: http://tinyurl.com/2rpl55

Attacks Against Credit Union Decrease

The most evident change in the types of U.S. institutions under attack during September 2007 is a significant decrease in attacks towards credit unions. After three steady months near 40%, credit unions comprised only 29% of attacked U.S. banks in September. The percentage of nationwide banks in the U.S. targeted for attacks grew slightly to 39%, when compared to both July 2007 and August 2007. Regional banks comprised just 23% of the attacked institutions in August 2007, but increased somewhat significantly to 32% of the attacked institutions in September 2007.

CU Target of Brazen E-mail Scam

Florida Attorney General Bill McCollum recently informed the public that many Florida consumers, including state employees, have received fake e-mails from scammers who are fraudulently posing as representatives of First Florida CU.

The scam is especially brazen because it appears to be an authentic warning about identity theft and phishing attempts, often including a signature from a credit union security manager (US Fed News Dec. 6).

Read more at: http://www.cuna.org/newsnow/07/system120707-7.html?ref=hed
or http://tinyurl.com/33yucs

Online Fraud Is Evolving

Phishing and pharming represent one of the most sophisticated, organized and innovative technological crime waves faced by online businesses. Fraudsters have new tools at their disposal and are able to adapt more rapidly than ever.

Read more and view graphs on the growth of phising activities.
http://www.rsa.com/solutions/consumer_authentication/intelreport/FRARPT_DS_0907.pdf
or http://tinyurl.com/3cpvnn

Phishing Was Fine This Summer

The Anti-Phishing Working Group just released its authoritative Phishing Activity Trends Report for the month of August and says that the total number of unique reports submitted to the group was 25,624, an increase of 10% from July.

The industry coalition also says it detected 32,079 phishing Web sites in August, an increase of more than 2,000 from the month before, and that there were 294 unique variants of phishing-based Trojan keyloggers detected, continuing a four-month upward trend.

For more information, click on:
http://www.cutimes.com/section/technology/35346
or http://tinyurl.com/2tcbmy

10 ways to reduce insider security risks

Insiders pose the top corporate security threat today. Recent reports indicate that insider breaches have risen from 80% to 86% of all incidents, with more than half occurring after employee termination. Not surprisingly, internal employees who are authorized to access company systems are most likely to be linked to fraud or a security breach—and of all employees, IT staff members have the most resources to do so. Accordingly, IT audits focus on several areas to identify risks.

Read more at: http://i.i.com.com/cnwk.1d/i/tr/downloads/home/dl_10_ways_security_compliance.pdf
or http://tinyurl.com/2yvhjf

The 10 biggest technology belly flops of 2007

While 2007 gave us some fantastic technological innovations, it also brought the usual spate of bungles, miscues, and faux pas. Since I believe that you learn more from your mistakes than your successes, it’s important to look at some of the most glaring errors that were made manifest in the business technology sector during 2007. There were a lot of opportunities for learning this year. Here are a few of them.

• HD DVD and Blu-ray repeat the VHS-Betamax blunder
• eBay fumbles the ball with Skype
• The Wall Street Journal teaches users how to sabotage IT
• Attackers take down e-mail servers at the Pentagon
• Windows Vista strikes out with businesses

See more at: http://blogs.techrepublic.com.com/hiner/?p=571&tag=nl.e101
or http://tinyurl.com/2tcvvc

Detailed profile of your installed software and hardware

Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes and software serial numbers, and shows the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any Web server. Version 7.2t includes unspecified updates.
More info here: http://software.techrepublic.com.com/download.aspx?docid=229047&tag=nl.e101
or at: http://tinyurl.com/39lryg

CUs targeted in 33% of November phish attacks

Credit union brands were targeted in 33% of phishing attempts during November, according to RSA Monthly Online Fraud Report. That's down from 40% in October but still up from September's 29%. Credit union brands were targeted more than regional U.S. bank brands but less than nationwide U.S. bank brands, according to the survey.
More at: http://www.cuna.org/newsnow/07/system121807-10.html?ref=hed
or here: http://tinyurl.com/392ggv

A Chronology of Data Breaches

The data breaches noted at this website have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of records involved in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws. The breaches posted include only those reported in the United States.

See the entire list at: http://www.privacyrights.org/ar/ChronDataBreaches.htm#1

or http://tinyurl.com/yvngas

Banks voice approval of phone biometrics

Several banks are adopting voice biometric technology, while BT is preparing to offer an internal service commercially, according to exhibitors at the first European Voice Biometrics Conference, held in London on 28 and 29 November.

VoiceVault’s technology is also being trialled by the Allied Irish Bank (AIB), which is using the voice verification system as part of its automated password reset service for e-banking customers.
More information at:
http://www.infosecurity-magazine.com/news/071206_voicebiometrics.html
or at: http://tinyurl.com/2f2fay

CU members in Kansas City targeted in phone scam

Mazuma CU members are being targeted by scammers claiming to be from the credit union.
Scammers are calling the Kansas City-based Mazuma CU members, stating that their accounts have been suspended because of fraud. The caller tells the member to call a toll-free number to reactivate the account. When members call, they are asked for their credit card numbers (US Fed News Dec. 10).

More information at: http://www.cuna.org/newsnow/07/system121107-4.html?ref=hed
or http://tinyurl.com/2e83hy