Monthly Archives: September 2017

Breach Brief – Sonic Drive-In

Sonic fast food chain is the latest victim of a major data breach. Sonic, which has 3,600 locations across the country, confirmed they are investigating unusual payment card activity after being informed by their credit card processor last week. The breach could affect as many as five million card holders.

The breach was first reported by Brian Krebs of KrebsOnSecurity.com.  Krebs stated the breach was revealed by a pattern of of fraudulent transactions on cards used at one of the chain’s restaurants. 

Krebs claims he was tipped off by sources from multiple financial institutions. From his post Krebs related that, “Those cards were then found to be part of a cache of five million credit and debit card accounts that were first put up for sale in mid-September on a dark web site called Joker’s Stash, all indexed by city, state and Zip code. “They’re going at a premium, too: between $25 and $50 per card.” Krebs reported that the cards first showed up for sale on September 18th.

Sonic’s Vice President of public relations Christi Woodworth told Krebs that the investigation hasn’t yet uncovered how many cards or which of its stores may be impacted. Woodworth went on to say that the company “…immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Recent patrons of the fast food chain should monitor their credit and debit accounts suspicious activity.

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month (NCSAM). In recognition the African-American Cyber Report will be participating with the Department of Homeland Security to promote awareness of cyber security issues and personal safety online.

Each week the AACR will publish articles that promote cyber security at home, at work and for your children. The AACR is dedicated to bringing the message of cyber security to African-Americans who use the Internet in their daily life. We are focused on protecting you, your home and your children from cyber fraud, hacking, viruses, malware, personal data theft and other cyber threats. 

African-Americans are full participants in the technology revolution from smartphones, to mobile banking to e-commerce to social media. As such we must become more aware of what is happening in cyberspace. We need to understand the dangers and the opportunities that the Internet presents. 

As part of NCSAM the Dept. of Homeland Security is offering all Americans the Stop.Think.Connect. Toolkit. The Toolkit is a series of information pamphlets designed to educate various audiences on cyber security awareness and online safety. The targeted audiences include;

  • Students K-8, 9-12, and Undergraduate
  • Parents and Educators
  • Young Professionals
  • Older Americans
  • Government
  • Industry
  • Small Business
  • Law Enforcement

The educational material covers 22 topic areas that include social media awareness, mobile banking, and educating children about going online. 

We invite you to join us as we focus on the safety and security of all people but especially our brothers and sisters who use the greatest communication technology ever invented, the Internet.

Celebrity Cyber Report – Kevin Hart, Marshawn Lynch, Russell Wilson, Danny Glover

Kevin Hart

Kevin Hart has launched a new mobile video game that stars him and his family. Named “Gold Ambush,” Hart has teamed up with new start up “StandUp Digital.” The company describes itself as a “celebrity mobile entertainment powerhouse priding themselves on creating high quality games with high quality people. The company specializes in celebrities and mobile entertainment.

Hart’s presence in the online and technology environment has expanded in the past year with a dozens of different projects including an online streaming comedy show and a streaming television studio.

“Gold Ambush” features Kevin Hart, his wife Eniko, and children Heaven and Hendrix as playable characters.

Hart told Endgadget, “I’m making the game fun but I’m also making it family-friendly without forcing that down people’s faces. It’s a game for everybody.”

Marshawn Lynch

NFL star and running back monster Marshawn Lynch has teamed up with Facebook to launch a reality television series. The show is scheduled for launch late in September, with eight short episodes of 10 to 15 minutes each. According to Reuters’ Jessica Toonkel, Facebook is paying Bleacher Report millions of dollars to make a reality show on Lynch. The show will be entitled “No Script” and the first show reportedly has “Beast Mode” learning to drive a race car until he ruins the tires.

Facebook is pushing its newWatchplatform replacing the video button. Watch is Facebook’s alternative to YouTube  for video producers.  Facebook is attempting to give creators a way to lay out their posts in a more logical format compared to YouTube’s profile feed and earn money from their videos using television style commercials. Facebook claims it will expose these video producers to its billions of daily active users.

Russell Wilson

Seattle Seahawks’ Pro Bowl quarterback Russell Wilson is taking on a new team of competitors, Instagram and Twitter.

Wilson is a founder and executive chairman of  “TraceMe,” a new social media startup that recently kicked off its beta version.  A beta version is test platform used to test how an idea or technology will work.

“TraceMe” is a mobile app aimed at what the company calls “super-fans.” These are people who are obsessed by their favorite celebrities and track their every move and social media posting on various platforms. In the beta version of the app Wilson will be the only celebrity featured. Wilson claims to have more than 4.2 million followers on Twitter alone. Using his new app Wilson promises to offer his biggest fans a bigger glimpse into his personal and professional life using exclusive photos, videos, and other daily content.

Backing Wilson’s venture is some real heavyweights in the tech sector including Amazon.com chief Jeff Bezos who jumped in to the tune of $9 million in venture-capital funding earlier this year.  YouTube co-founder Chad Hurley is on board as is Joe Tsai, co-founder of Chinese e-commerce giant Alibaba.

TraceMe is free and available for Apple only.

Danny Glover

In a continuing effort to fight racism on its platform AirBnB has enlisted the help of actor Danny Glover. According to AirBnB Glover is joining the short-term rental company to promote its service in communities of color. Glover will be joining the NAACP as part of Airbnb’s effort to educate, train and “take advantage of the economic opportunity of hosting” on the service.

Glover’s work as a philanthropist and activist makes him a qualified advisor to Airbnb. The company is trying hard to rebuild its reputation after news that some hosts were openly rejecting people of color came to light. To get its message out Airbnb placed an ad during the last Super Bowl denouncing  discrimination and racism.

Glover wrote in his blog, “I know Airbnb has had its own share of challenges in this arena. But working with them, I’ve seen first-hand how committed they are to getting it right.”

AirBnB is making money for white hosts. Even those who live in black neighborhoods. AirBnB’s own study of 72 black neighborhoods in New York city showed that 74 percent of the hosts were white but made up only 13 percent of the residents.  Those hosts earned an estimated $159.7 million as compared to black hosts who earned only  $48.3 million.

According to Pew Research, 5% of blacks have used home-rental services compared with 13% of whites.

Racism Online: Social Media Companies Target Ads to Racists

The web’s biggest social media companies have been targeting ads to racists. Facebook, Google and Twitter have allowed advertisers to target groups expressing interests in topics such as “Jew hater,” How to burn jews” and “why jews ruin the world.” Facebook’s advertising algorithm went even further by suggesting other racist and hate interests to advertisers including search terms like “Hitler did nothing wrong.”  After being notified by ProPublica Facebook removed the antisemitic categories.

But that did not solve the problem entirely. Online magazine Slate used Facebook’s ad targeting to create ads targeting those interested in “Ku-Klux-Klan,” and other white nationalist interests.

ProPublica first attempted to purchase three ads, or “promoted posts,” using Facebook’s targeting tool. At first they were rejected. But not for the reason you might think. The ad placement was rejected because the number of Facebook users searching the racist terms was beneath a pre-programmed number of users. ProPublica then added a larger category to “Jew hater” and the others. Facebook’s ad tool then said the selected audience was “great!” Fifteen minutes later the company’s ad system had approved all three ads.

Facebook is not alone. BuzzFeed discovered Google, the world’s largest advertising platform,  also had problems in its ad targeting. Google’s ad targeting allowed advertisers to target people searching phrases such as “black people ruin everything” and “jews control the media.”

Like Facebook, Google’s algorithm auto-suggested similar phrases, such as “the evil jew.” To confirm their findings BuzzFeed ran the ads and verified the ads did indeed appear on the web.

After BuzzFeed’s report Google disabled the keyword searches used in the ad buy. However, according to BuzzFeed,  the search term “blacks destroy everything,” remained.

Sridhar Ramaswamy, Google’s senior vice president of advertising, in an email.”We’ve already turned off these suggestions and any ads that made it through, and will work harder to stop this from happening again.” 

Twitter too was found to have algorithms that played into racism. According to the Daily Beast  Twitter allowed the targeting of ads to racist. Twitter’s algorithm allowed advertisers to target millions of customers searching terms like “wetback” and “nigger.” The Daily Beast was also able to successfully placed the ads online.  And, like Facebook and Google, Twitter generated suggestions in response to racist terms.

According to Twitter  it fixed its algorithm that permitted marketers to target racist.
The Daily Beast reported that Twitter Ads returned 26.3 million users who may respond to the term “wetback,” 18.6 million to “Nazi,” and 14.5 million to “nigger.”

Facebook appears to be dealing with a recurring problem. That is racist ad targeting. In 2016  AACR reported that advertisers were using the social media platform ad targeting to exclude people of color from seeing ads for housing and other services. Facebook uses the term “affinity marketing” but it is also known as “red lining.” This is the practice of denying certain groups access to homes, jobs and other service based on race.

Are these companies undercover racists or is something else happening here? Technology is supposed to be color blind but these issues keep popping up, especially for Facebook.

According to Facebook, algorithms select categories based on what users list as employment or education. People have used terms such as “Jew Hater,” as their jobs and listed employers as  “Jew Killing Weekly Magazine.”  Or as education they list “Threesome Rape.”  As a result Facebook’s algorithm, which is not designed to understand the meaning of these terms, create target market categories.

Some experts believe that many algorithms that are programmed to make decisions are programmed on data sets that do not include a diverse range of people.

Graphic designer Johanna Burai created the World White Web project after she searched for an image of human hands. Her search on Google resulted in images of millions of hands almost exclusively white.

Google responded by saying its image search results are “a reflection of content from across the web, including the frequency with which types of images appear and the way they’re described online” and are not connected to its “values”.

Joy Buolamwini, a postgraduate student at the Massachusetts Institute of Technology launched The Algorithmic Justice League (AJL) in November 2016.
Buolamwini, a dark skin African-American, was attempting to use facial recognition software for a project but the program could not process her face.

“I found that wearing a white mask, because I have very dark skin, made it easier for the system to work. It was the reduction of a face to a model that a computer could more easily read.”
It was not the first time Buolamwini experienced the problem. Once before she had to ask a lighter-skinned room-mate to help her.

“I had mixed feelings. I was frustrated because this was a problem I’d seen five years earlier was still persisting,” she said. “And I was amused that the white mask worked so well.”

But is technology and these algorithms really racist? Maybe not so much as some would have us to believe. Algorithms are programs and programs are created by people who program computers. So it is not unthinkable that racism and biases creep into programs.

 

 

 

 

McDonald’s Names Tim Youngblood to CISO Job

Tim Youngblood, CISO McDonald’s Corporation

McDonald’s, the worlds largest fast food chain, has named Tim Youngblood as the new Chief Information Security Officer.

Youngblood will report to the Executive Vice President of Operations, Digital and Technology and work closely with the McDonald’s Senior Leadership team and the Board to drive information security strategy and operations for the global hamburger chain. Youngblood’s primary responsibility will be to oversee risk management and brand protection on a global scale for the company. 

Youngblood comes to McDonald’s with over 30 years of experience in the technology field. Previously  he held the position at Kimberly Clark and Dell Computers. He also serves on the Board of Experts of Gilot Capital Partners.

In an interview with the Information Security Media Group Youngblood relates what he believes his primary responsibility to the board of a major company like McDonald’s.

According to Youngblood the board’s job is not to approve your budget or listen to the latest news on malware or computer viruses.

Youngblood believes that CISO’s job is to clearly explain what the security team is doing. A CISO must translate  what those threats mean into business terms and business impact. “What does the risk mean to the business goals? As CISOs we are good at collecting metrics, and that’s all great. But if you can’t translate what that means to the outcome to the business, it doesn’t mean much to the board.”

Youngblood is a HBCU product holding a degree in Computer Information Systems from Florida A&M University and a Masters Degree in Technology Commercialization from the McCombs School of Business at the University of Texas.

Equifax Data Breach – The Aftermath

Equifax recently suffered a massive data breach compromising the sensitive information of over 140 million Americans. The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. 

As the week progressed details of the breach are raising some serious questions. How do consumers protect themselves? What happened? What is the company doing?  is Congress doing about it? Did executives know of the breach and dump stock? 

These questions demand answers. African-American consumers need to understand the incredible impact of this data breach and how to respond. First and foremost we need to focus on how we can protect ourselves from fraud and identity theft.

How do you protect yourself?

First things first. Go to EquifaxSecurity2017.com.  Click the “potential impact” tab that directs consumers to a form where you can check by entering your last name and the last six digits of their social security number. Equifax has also set up a telephone hotline at 866-447-7559.

That is the standard corporate reaction to a data breach. But here is the problem with that. People are asking why should they give the company more information when they failed to protect the data they already have? You’re stuck. This is all  Equifax can do. But you can take other steps.

First, check you credit reports. You can get a free copy of all three credit reports at AnnualCreditReport.com.  Make sure you get reports from all three agencies. Be on the look out for suspicious accounts or charges you don’t immediately recognize. Report any suspicious activity to the police, the credit reporting agencies and all your creditors. Immediately!

Second, check all your charge accounts and bank statements. Again, look for suspicious activity. Change the passwords on all your online accounts. You need to do this immediately and often. At least once a month or more. Its a good idea to check your balances daily and be on the look out for small charges like $2.00. This may indicate that someone has your data and is preparing to use it. Make this a regular practice for the rest of your life. The stolen information is out in the wild of the Internet and could be used years from now. So be vigilant. Experian offers a service that scans the dark web for your information. Make use of it. Most stolen information is sold on the dark web from one criminal to another.

You may want to consider placing a freeze your credit reports. This stops thieves from opening new credit cards or loans in your name. But, keep in mind that it also prevents you from opening new accounts. So if you want to use credit for a purchase you will need to  lift the freeze a few days beforehand.

Also, protect your children. Check their credit report if they have one. Make sure you freeze their credit file if you can. For older children make sure they understand what has happened and what to do. Identity theft is rampant on college campuses.

How did this happen?

That’s the big question. Equifax Chairman and CEO Richard Smith said hackers  “exploited a U.S. website application vulnerability to gain access.” 

But analysts are asking what application vulnerability the attackers might have exploited. The danger in the potential answer is; If Equifax, one of the nation’s biggest credit-check companies was hacked, then many other organizations are also at risk.

According to a Baird Equity Research report on Equifax  hackers exploited a flaw in the Apache Struts computing platform. This is highly technical so let me explain as best I can. The software code that operated Equifax’s network and data storage contained a flaw that hackers understood and used to gain access. This flaw may or may not have been patched or updated.  Equifax is blaming the technology company, Apache.  Apache is denying it.  No one knows and no one is talking…yet. Cue the lawyers! That’s about the best explanation we can get right now.

What is Equifax doing?

So far Equifax has been offering free credit monitoring. Again, this has become a standard, and often weak, response to a data breach.  But other actions are being criticized by consumers. First of all Equifax came under fire for asking consumers to give up their right to sue for damages as a result of the hack.

Equifax backed down and changed its conditions after being sharply criticized for trying to force consumers to sign over their rights to legal action in order to enroll. Equifax removed the language from their Terms of Use agreement on a third-party website victims use to sign up for the credit monitoring service. It also changed the FAQ in its own website to confirm that enrolling in the credit monitoring offer does not nullify any rights to take legal action.

The company has also been criticized for what some consumers are a calling a bait and switch scam. According to consumers the company offers the free credit monitoring for a short period and requires the consumer to enter credit card information so Equifax can charge them for the service after a pre-determined period of time.

Again, Equifax caved to the demand saying it will no longer require a consumer’s credit card information when they enroll in the supposedly free service. Many thought the offer was basically sleazy because Equifax could end up making money off the breach.

What is Congress doing?

Of course Congress is going to ask questions and hold hearings. There is bi-partisan outrage at the data breach and if you to want to know the truth that’s about all you’re going to get. In the past, and it continues to this day, the elected leaders of this nation have refused to pass any, ANY, substantial laws that protect consumer information or punishes companies for these repeated data breaches.  That includes the Protect Children from Identity Theft  Bill. So what is Congress doing or going to do? NOT A DAMN THING!

Did Equifax executives dump stock?

Of course they say they did not and they knew nothing of the data breach before selling the stock. But we need to look at the evidence and it is telling a different story.

First of all the data breach became known to Equifax more than a month before they informed the public. According to CNBC three executives of Equifax sold the shares days after the data breach was discovered. 

The executives were named as Chief Financial Officer, the Workforce Solutions president and the U.S. Information Solutions president. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

Question; how can a data breach this big be withheld from top company officials? Especially the chief financial officer and the the president of information solutions? These are two key people who should have been notified immediately of the breach.  So Equifax is asking us to believe that they knew nothing. 

And why would they sell their stock? Here’s why. Since Equifax announced the breach, the company’s shares plummeted by over 20 percent erasing billions of dollars in market value. In roughly 90 minutes Equifax shares went from $142.70 to around $111.30. Some financial experts believe prices will drop to around $100 by mid-October. ‘Nuff said.

Now you know.

 

 

 

ALERT! Equifax Hit by Major Data Breach ALERT!

Equifax, one of the major credit reporting agencies, is the victim of a major data breach affecting over 140 million Americans.  The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. In addition, credit card numbers of over 200,000 American consumers, and certain dispute documents with personally identifying information for another 182,000 U.S. consumers were also accessed. Equifax reports it has found no evidence of unauthorized activity on its consumer or commercial credit reporting databases.

The breach is considered so serious that Equifax is not only offering credit monitoring for those affected but potentially every American.

Equifax Chairman and CEO Richard Smith said in a statement that the breach was first discovered in July and had been ongoing since May.  According to Smith hackers “exploited a U.S. website application vulnerability to gain access.”

EquifaxSecurity2017.com website has been provided for information about the breach. A statement on the site said, “Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.”

Equifax has also set up a dedicated call center for consumers with additional questions at 866-447-7559. The call center is open seven days a week from 7:00 a.m.-1:00 a.m. EST.

TrustedID Premier is a service offering from Equifax which includes monitoring of not only it’s own records but that of Experian and Transunion as well. Equifax, Experian and TransUnion make up the big three credit reporting agencies. The service monitors for identity theft and performs Internet scanning for Social Security numbers. The service is free for one year. Using TrustedID Premier consumers also have the ability to lock and unlock Equifax credit reports and obtain identity theft insurance.  Recently Experian began offering a service that scans the dark web for personal information .

Equifax has stated that in addition to notifying law enforcement, it has teamed with a  “leading, independent cybersecurity firm” to investigate the breach but that company has not been named.  The company said their investigation is “substantially complete,” but will continue for a few more weeks.

In a closely related story it has been reported that Equifax executives sold shares in the company worth $2 million.

According to CNBC three executives of Equifax sold the shares days after the data breach was discovered.  The information was revealed in Securities and Exchange Commission filling.

The executives were named as Chief Financial Officer John Gamble Jr., Workforce Solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

The SEC declined to comment on the share sales.

Experian Scans the Dark Web for Your Information

ExperianIn case you haven’t heard there is such a thing as the dark web, This is the side of the Internet that is not where you want to go. Here is where the child molesters, pedophiles, drug dealers, terrorist, human traffickers and other nasty people go to do business. The dark web is where you buy stolen information among other things. The dark web is aptly named, it is dark, hidden, dangerous and mostly illegal.

The AACR did a report on the dark web and we found that much of the Internet is indeed dark. According to DeepWeb.com only about 4 percent of the information on the web is available to search engines like Google or Yahoo! This is known as the “Visible Web” or “Surface Web.” So if you did the math you can see that 96 percent of information online is hidden from sight.

But now the question must be asked; how much of that information is yours? Your home address, phone number, email address, your social security number, your medical records, you passport number, and who knows what else. Most information you read about as being hacked or stolen ends up on the dark web.

There are ways and methods to scan the dark web for your information. Some legitimate companies and websites are eager to help you find and secure your information. Experian for example is offering to scan the dark web for your email address. The credit reporting company offers this website that will scan the dark web for your email address. The scan takes just a few seconds and the results are emailed to the email address you entered and it is completely free. At least the the email scan is. Experian will scan for your medical records, Social Security number, bank accounts, phone numbers, credit and debit cards, driver’s license and passport for a fee of $9.99 a month. You can try it for 30 days free. Its not a bad deal, and let’s be real, with all the data breaches happening you need to know. 

Now you know.

 

 

 

Breach Brief – U.S. Government, TimeWarner Cable, Instagram,

U.S. Government

The personal information of thousands of U.S. citizens and employees holding security clearances up to Top Secret have been compromised.

The security breach was revealed by Chris Vickery Director of cyber risk research firm UpGuard.  Vickery found the information of over 9,000 job application files on an un-secure Amazon Web Services S3 storage server that required no password to access.

The data included details about the past duties and responsibilities of thousands of federal employees. It is unclear if these people continue to work for the government, the U.S. Department of Defense and other agencies in the U.S. intelligence community.

Even so the information is extremely sensitive including personal information such as social security numbers, driver’s license and passport numbers, home addresses and other contact details. A leak of this magnitude represents a significant security failure that comes after a major government Office of Personnel Management (OPM) data breach in 2015.

TigerSwan, a US-based private security firm has pointed the finger of blame at TalentPen, a third-party vendor contracted by the company to process new job applicants.

In a statement Tiger Swan said, “We learned that our former recruiting vendor TalentPen used a bucket site on Amazon Web Services for the transfer of resumes to our secure server but never deleted them after our login credentials expired. Since we did not control or have access to this site, we were not aware that these documents were still on the web, much less, were publicly facing.

Among the hundreds of exposed files UpGuard discovered were the resumes of people with Top Secret U.S. security clearances, other documents revealed details about Iraqi and Afghan nationals who cooperated with U.S. forces. Some of those exposed by this data breach were involved in highly classified military operations. To add insult to injury UpGuard stated that the highly sensitive information remained exposed even after it notified TigerSwan about the leak.

TimeWarner Cable

Spectrum Communications,  owner of TimeWarner Cable, announced a data breach affecting the records of 4 million former customers.  TimeWarner Cable (TWC) customer’s data were left unsecured on a cloud server last month. TWC and said there is no evidence of illegal activity on its former customer’s accounts. The company did however urge subscribers using the MyTWC app to change their user names and passwords as a precaution.

TimeWarner Cable provides cable television service to major metropolitan areas including New York, Boston, Chicago, St. Louis and major part of the Carolinas and throughout the country.

The breach was uncovered by a third party firm attempting to resolve a data breach at another company. According to reports, BroadSoft, a TWC partner and global communications provider may have accidentally configured an Amazon Web Services server to allow public access.

According to Bob Diachenko, chief communications officer at security vendor Kromtech, the error exposed over 600GB of sensitive data to the public internet.

“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an Internet connection to access extremely sensitive documents,” he said.

Instagram

A hack originally intended to target celebrities has instead impacted over six million Instagram user accounts.
Instagram sent out warnings of the hack after singer, Selena Gomez, appeared to be one of the first celebrity compromised. Hackers used a bug in the application programming interface (API), to access phone numbers and email addresses.

The news of the hack came after Instagram assured it users on August 30th that only celebrity accounts were targeted.

Instagram CTO, Mike Krieger released a statement acknowledging the scale of the breach; “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public.”

Originally Instagram stated that only a “low percentage” of accounts were affected but quickly back tracked when hackers refuted the information. Instagram, which is owned by Facebook, then advised users how to protect themselves from such an attack. “Additionally, we’re encouraging you to report any unusual activity through our reporting tools,” Instagram said.

Some reports indicate that one of the accounts compromised includes that of President Donald Trump. That account is operated by White House social media team.

Back to School – Student Identity Theft

Identity theft is rampant. It it the fastest growing Internet crime and black college students should be aware of the vulnerability of their personal information.

According to the Better Business Bureau college students are prime targets because their credit records are usually clean.  College students are also more willing to share information in person and online. Visit any college campus, especially during the first week, and you will find numerous credit card companies offering their services to new and returning students. There are also other companies and marketers working to gather student information for their sales efforts. Students would be wise to avoid these information collectors. Be extremely careful what forms or surveys you fill out and what information you release to someone you really don’t know.

Combine that with the powerful urge to be social and you will find students sharing far too much information on social media sites like Facebook and Instagram and other campus forums.

Teach your student that not everyone on campus, student or not, is a friend. Half of all identity theft cases reported are executed by someone the victim knows. This is why it so important that all students, African-American especially, jealously guard their personal information.

The college dorm room is a vulnerability for careless students. BBB CEO Kelvin Collins said, “Protect your information. Don’t leave bank statements, credit card statements or your wallet just laying out for other people to find.”

Campus mailboxes are another vulnerability. Students should send sensitive mail to their permanent addresses. Students should also  check their financial statements often to look for suspicious activity or purchases.

Make sure you or your student are aware of the campus privacy policies. Ask questions about who the campus shares information with. You might be surprised. Some universities sell student SAT and ACT scores, their financial information such a student loan data and even what books they check out and classes they take.

There are steps that a student can take to protect their identity.

  1. Be aware of dumpster diving – Students receive a lot of offers through the mail. Don’t just throw these things away. Identity thieves are checking campus trash cans and will often find student’s personal information. They may find enough to apply for a credit card in the students name. This is really very common.  Make sure you use a shredder on all your unwanted mail. A good paper shredder can be as cheap as $10.00.  Make use of email delivered credit card bills or bank statements.
  2. Check you mailbox frequently – Breaking into student mailboxes is not uncommon.  Be alert, has your mail suddenly stopped?  An identity thief  may have filled out a change of address form against your address. Check with postal officials if something does not seem right.
  3. Monitor your identity…closely Make use of credit monitoring services. Check all your accounts at least once a month . This includes bank accounts, credit cards, and utility bills. Look for suspicious charges you didn’t authorize, no matter  how small.  Identity thieves will often test a charge account with a small purchase to see if they can use your identity. If they succeed they go on a spending spree.  Are you getting notifications in the mail or your e-mail about accounts you know nothing about?  Don’t just delete the notice, investigate. Calls from creditors or collection agencies may indicate you have already been victimized. Report this immediately to the police, your bank, your legitimate credit accounts and all the credit reporting agencies.  Get a yearly copy of your credit report. You can visit www.annualcreditreport.com, or call toll-free 877-322-8228 to receive your report.
  4. Know whats in your wallet or purseMost people, actually 95 percent, carry a wallet or purse with them at all times. But very few can tell you exactly what’s in it. The contents of your wallet or purse probably include your driver’s license, or social security card, extremely valuable forms of identification. These documents are the target of identity thieves. Guard your wallet or purse at all times. Don’t relax around you dorm roommates. Make a list of all identity documents and credit cards you carry with you. Write down your driver’s license number and other important numbers. And be prepared to take action if your wallet or purse is stolen. In the event your wallet or purse is stolen notify every agency responsible for the items on your list immediately. Don’t wait to see if it re-appears or if someone turns in to lost and found.  Being proactive will save you the headache of trying to remember what you have in your wallet and the agony of having your identity stolen. And never, ever, keep your social security number on you. A favorite move of an experienced identity thief is to steal your purse or wallet, copy the information and then turn it in to lost and found or return it to you. This has the affect of causing you to relax and not alert the proper officials. Keep that in mind.  Memorize your social security number and lock it away in a safe location.
  5. Phishing attacks/Social engineeringA professional scammer is an expert at convincing you that they are someone else. On the phone its sometimes called social engineering. Using email its called a phishing attacks. They do this to manipulate you into revealing information. This activity is frequently associated with online scams, often using email messages that look official or seem to be from someone you know. But not always.  Students need to be especially alert to this. Be on the lookout for these types of scams, especially in your e-mail. You may get an email that looks like its from a school official. For example, it may look like its from the school financial aid office. Do not click on any link or attachment in the e-mail. Don’t reply if you have any suspicion at all. Make sure you know the school policy for contacting students via email or what they can discussed on the phone.  Identity thieves that use phishing attacks and social engineering are very skilled at making any e-mail look very legitimate or sound official on the phone. Don’t just assume because it has the school logo on it it is safe. Emails can be easily duplicated and email addresses can be spoofed. Be cautious, this is your personal information we are talking about.

Identity theft is the fastest growing crime online because it is profitable. Students can be careless and relaxed around their friends and classmates. But, again, most identity theft is done by people you know. Be aware and be alert to how identity thieves works and save yourself some headaches this school year.

Now you know.