Loyalty Rewards Programs: A New Cybercrime?

By | November 13th, 2014|Uncategorized|

Rewards PointsCyber criminals are getting creative. We constantly hear about hackers stealing credit card numbers and even Twitter handles. Now, they have also added your loyalty rewards points to their list.

Brian Krebs wrote an excellent article highlighting a few of interesting cases where victims had rewards points stolen.

One victim reported that he had about 250,000 Hilton Honors points stolen from his account. These points were used to reserve a number of Hilton hotel rooms, and then the criminals continued to purchase additional points with the corporate credit card associated with the account.

Experts are also starting to see rewards points being sold in the online black market for a fraction of their worth. For instance, a hacker might sell points worth $1,200 in hotel reservations for $12.

So what does this mean for you? It is unlikely that stolen rewards points are going to overtake trends like mobile malware or medical identity theft as the “next big thing” to worry about. That said, we always recommend keeping up-to-date with the latest security trends and being proactive about protecting your identity and online accounts.

Some proactive actions you can take now:

  • Keep an eye on your bank accounts and credit reports as usual. Stolen rewards points may actually be one small piece of a larger puzzle when it comes to identity theft.
  • Avoid saving credit card information on websites with rewards programs, such as your favorite hotel, airline or retail site.
  • Use a secure, unique password for loyalty program sites. Don’t reuse passwords.
  • As a retailer or company that offers reward points, institute a CAPTCHA system to protect against hacking bots and scripts.

What are your thoughts on stolen rewards points? Is this something that concerns you? As always, join the conversation on Twitter, Facebook or LinkedIn.

Four New Social Engineering Scams To Look Out For In 2014

By | April 25th, 2014|Uncategorized|

PhishingSymantec’s 2014 Internet Security Threat Report recently revealed that spear phishing campaigns increased 91 percent in 2013. In addition to the increased number of spear phishing* campaigns, cyber criminals are also using stronger phishing tactics, Stacy Collett at Network World reports.

Collett shared Chief Hacker at Social-Engineering.org Chris Hadnagy’s experience with spear-phishing. He has seen cyber criminals step up their social engineering game, especially among business employees:

“Groups are sending phishing emails with malicious attachments, which a cautious employee usually ignores. But then they’re following up with a phone call that says, ‘Hi, this is Bob in accounting. I just sent you an email with a spreadsheet. I just need you to open that up real quick and check it out.’ Those factors put together make you trust them and take that action. Social engineering tactics like these serve as the entryway to the latest internet scams,” Hadnagy said in Network World.

Collett outlined the top four social engineering scams to look out for in 2014:

  1. Phishing with ransomware
  2. Automated calls for credit card information
  3. Healthcare records for spear-phishing attacks
  4. Using funerals in phishing attempts

A few ways to help prevent phishing from occurring, according to Security Watch’s Abigail Wang, is by taking control of your personal information that is available on the web. Wang reports that “25 percent of Facebook users do not use privacy setting and 20 percent of social media users in general set their profile to public,” giving cyber criminals an increased chance of fooling you based on the information they know about you.

Have you fallen for a phishing attempt? How can individuals and businesses protect against phishing? Share your thoughts with us on Facebook and Twitter and take a look at our Tumblr for the latest security news stories.

*Spear phishing: an email that appears to be from an individual or business that you know, but in actuality comes from a cyber criminal.

Enterprise Threat Intelligence: Stopping Risk in its Tracks

By | December 19th, 2013|Uncategorized|

One of the most interesting security trends we’ve seen develop—and help develop—over the past year has been the practice of businesses monitoring employee and customer login credentials.

You’ve heard us talk about it quite a bit in 2013. For instance, our research earlier this year showed that 61 percent of consumers repeat passwords across multiple websites. Why is this significant? Say your customer or employee uses the same login information on your website as they do on another. If that other website is breached and user credentials are compromised, this opens up vulnerabilities on your website as well. Companies are starting to realize and act on this fact. A great example of this scenario was the Adobe breach, otherwise known as the “breach heard around the world.” After news of the Adobe breach was made public, many unrelated third party websites reached out to users that had emails compromised in the breach and encouraged them to update passwords.

To lessen these vulnerabilities, we launched a solution called Enterprise Threat Intelligence (ETI). ETI uses our CyberAgent technology to proactively watch for compromised data, including login credentials and IP addresses, among the depths of the Internet. ETI notifies you upon finding compromised employee and customer logins or compromised company devices. Then with this insight, your business can take action to mitigate the issue, like require that your compromised employees or customers reset their passwords immediately. This proactive approach helps stop the problem in its tracks, alleviating risk for further compromise.

We’re excited to release an animated video that walks you through this trend and our ETI solution. Take a look!

Do you reuse credentials across sites? Would you use ETI for your business? Let us know—join the conversation on Twitter and Facebook.

Load More Posts