Why Cyber Attacks are the Most Worrisome Crime in the US, Plus Trends to Watch for in 2016

Email Compromised?

Email Trap

Find out if your email has been compromised and read our breaking news about GovRAT, a previously unknown advanced persistent threat.


By Drew Smith, CEO of InfoArmor

Attacked, breached, exposed: These three words are on the minds of everyone from the President to corporate executives and everyday citizens.

Cyberattacks are more prevalent than ever in the United States, with more people worried about them than any other type of crime.

The fear is understandable. Since March, InfoArmor has discovered 5.1 million breached IP addresses. On top of that, last year Javelin Strategy & Research reported 12.7 million identity fraud victims nationwide. And perhaps most frightening are findings from the 2014 Breach Level Index, in which our nation accounted for 72 percent of all breaches – No. 1 in the world, followed by the United Kingdom (8 percent), Canada (4 percent), Australia (2 percent), and Israel and China (1 percent each).Digital World

If that’s not enough, then consider that a single breach carries a hefty fee: On average, such breaches cost companies more than $500,000, and individual victims spend up to 165 hours of work time remediating their situation, plus time off work and fees to restore their identity.

Aside from the increasing number of cyberattacks is the level of sophistication among cyberthieves, who no longer only steal personal information from the unsuspecting, but also are targeting corporate intellectual property and sensitive government information using increasingly advanced and persistent threats. Recent news of China’s suspected cyber assault on nearly 700 public and private victims, including the U.S. government, Google and Lockheed Martin, proves how widespread the problem has become.

What’s especially troubling isn’t just the crimes we know about, but the fact that upwards of 70 percent of breaches and compromised credentials go undetected. It seems that nowhere is safe – not personal computers, complex IT networks or even utility grids.

If there’s a bright spot amid these alarming statistics, it’s that people are becoming more vigilant. Companies that once turned a blind eye to data leaks or thought that such breaches couldn’t happen to them also are beginning to invest in their IT infrastructure. And public officials are dedicating more resources and devising policies to tackle these heinous crimes.

New technologies are helping, too. Banks are fighting back against credit card fraud with EMV – Europay, MasterCard and Visa – chip cards that authenticate transactions. Apple is providing a new layer of protection as well, arming millions of customers with six-digit password codes and sometimes a fingerprint on its newer model iPhones, iPads and other digital devices. And companies like InfoArmor are providing employers with targeted cyber intelligence about previously unknown threats and new bad actors.

Despite these efforts, there is no foolproof way to prevent cybercriminals from wreaking havoc. Data breaches are the new normal and the chance of getting hacked grows every day.

Perhaps the best measures of protection are staying abreast of the latest cybercrimes and putting in place personal and companywide cyber-defense programs to mitigate the risks in case of an attack.

The number and type of hacker schemes increases exponentially every day, and they’re on the minds of both consumers and business leaders from coast to coast. That certainly will be the case in 2016. Among the trends:

  • We will begin to see cybercriminals use extremely creative ways to get their hands on sensitive data. The Office of Personnel Management had a taste of these methods in the recent revelation that 5.5 million fingerprint records were stolen.
  • Cyberwarfare will become a household term as a significant increase in state-sponsored cyberactivity is anticipated, resulting in larger data disclosures of highly sensitive material.
  • A spike in the volume and complexity of social engineering methods, or the art of tricking people into letting down their defenses, is expected – from an increase in impostor email notifications and fake technical support calls to growing threats from friends whose identities have been hijacked.
  • Cloud services, which have been relatively unscathed to date, could be prime targets for an attack. Prepare yourself by backing up your photos and data onto hard drives.
  • Hackers will continue to break into one computer and create a “beach head” that will allow them to move laterally, infiltrating other systems, including personal computers, tablets, smart phones via Air Drop and other WiFi compromised programs.
  • The Internet of Things (IOT), an exploding network of physical objects that feature IP addresses and/or communicate with other Internet-enabled devices, likely will be a treasure trove for criminals. You never know who could be watching the baby monitor, wrist-worn fitness tracker, home cameras or your security systems.

For more information about cybercrimes and how to protect yourself, attend our free CyberSmarts webinar on Oct. 22.

Individuals, please attend our CyberSmarts webinar for consumers at 8 a.m. PST.

Employers, please attend our CyberSmarts webinar for businesses at 11 a.m. PST.

CyberSmarts-LogoDrew Smith is founder and CEO of InfoArmor, which works with companies throughout the world to provide identity protection and privacy management solutions to their employees, members and customers, and also provides security-conscious businesses fraud-fighting solutions that combine big data analysis with actionable intelligence.

Are You a Statistic?


We have 472,044,034 compromised account credentials in our database.

We have 1,659,139,669 compromised passwords in our database.

We have 950,403,792 compromised email addresses in our database.

Since March 2015, InfoArmor has discovered 5,132,583 breached IP addresses.

And the numbers are increasing daily……

Personal information exposed?

Hearing that your personal information could have been exposed in a data breach can be unnerving. Whether it is a big box retailer, bank, media conglomerate, medical insurance carrier or any other provider, data incidents have changed our perspective on information protection.

With more than 500 data breaches, impacting nearly 140 million individual records, already reported this year, protecting yourself online could mean the difference between peace of mind and chaos.October1

The first step in safeguarding your identity is knowing how a scammer can take it away from you.

Consider the many times you reveal your digital fingerprint – making an online purchase, using free Wi-Fi, swiping your credit card at a gas pump, using the same password for multiple accounts, revealing intimate life details on social media – the list is endless. The online actions may be simple, but they result in days, weeks, months and even years of hassle after a compromise.

While it’s unrealistic to live an analog life in today’s digital world, take steps to protect yourself.

  • Protect personal information – don’t give your information out unless it is absolutely necessary and the organization is trustworthy.
  • Live online like it is your biography, not your diary – do not give out personal information, share geolocations, or provide information that could be used for security questions such as mother’s maiden name or dog’s name.
  • Pay attention to red flags – check bank statements for misuse at least monthly. If you receive any mail notices or collection notices that seem odd, investigate them for fraud – either someone using your personal information or someone trying to get you to fall for their tricks.
  • Hover, then verify – hover over links online before you click them. Make sure that they are going to a reputable company URL. If you are unsure, call the organization and ask them about the link before clicking it.
  • Beware of Wi-Fi hotspots – airports, coffee shops, retailers and even doctors’ offices now offer free Wi-Fi, but beware! These unsecured networks are a hacker’s paradise. You never know who’s worked their way into your computer and is digitally spying on you!

In addition to following these safety guidelines, learn all you can about protecting your identity during Cybersecurity Awareness Month by attending CyberSmarts, InfoArmor’s free webinar that shines a light on emerging fraud issues on October 22, 2015.

Individuals, please attend our CyberSmarts webinar for consumers at 8 a.m. PST.

Employers, please attend our CyberSmarts webinar for businesses at 11 a.m. PST.


So What is This “Dark Web” I keep Hearing About?

To help understand the Internet, think of it like an iceberg. At the top is the Surface Web. This includes the Internet you use every day to make online purchases, get the news or update Facebook. Just as the tip of an iceberg sits above the water, the surface web is visible and easily accessible.


Beneath the surface resides the Deep Web, consisting of abandoned websites, government databases and other private sites, both legitimate and illicit, that are not meant for public use. These sites are almost always password-protected and on encrypted networks. Similar to an iceberg, this underwater portion is not visible above the waterline, but it is in fact estimated to be 6-25 times larger.

One part of the Deep Web is the Dark Web. This is the most hidden layer of the Internet, like the bottom of an iceberg. The Dark Web is where cyber criminals like to play. Illegal activity is more commonplace, including buying and selling of personal information and credit cards, distributing illicit pictures and videos, discussing future hacks, etc. It is only accessible with the help of anonymizing software.

There is good news. InfoArmor, through its Enterprise Threat Intelligence Team, already has and continues to build technology allowing us to monitor parts of the Dark and Deep Web for your personal information.

So what should you do?

  • Frequently change passwords and make them complex
  • Check your financial accounts regularly for unauthorized activity
  • Be on the lookout for phishing scams designed to get you to give up your personal information
  • Review your InfoArmor identity alerts as soon as you get them
  • And rest assured, we remain on the lookout for your information

Get Ready for CyberSmarts


October is National Cyber Security Awareness month! We are under attack, billions of records are being breached, and anonymity doesn’t exist, thus we want to arm you to fight back. From massive corporate data breaches to the theft of personal identities, cyber criminals are armed with an arsenal of destructive weapons, pressing forward and gaining ground each day.

It’s time to get CyberSmart.

Read our posts to protect yourself! Check out the different categories under our CyberSmarts tab. A new topic will be discussed each week starting October 1st.

InfoArmor_LOCKBeginning October 1st,  find information and tips about Identity threats by visiting our Identity Threats page.

InfoArmor_LOCKBeginning October 12th, read tips and statistics about passwords by visiting our Password Protection page.

InfoArmor_LOCKBeginning October 26th, review information and statistics about social media risks by visiting our Social Media Risks page.

Attend our webinar on October 22nd to learn more about emerging fraud issues and how to become CyberSmart.

Individuals, please attend our CyberSmarts webinar for consumers at 8 a.m. PST.

Employers, please attend our CyberSmarts webinar for businesses at 11 a.m. PST.

Back to School: College Students at Risk

Just as college students begin to hit the books, scammers and hackers are ready to steal their information and money. If you know a student, learn about the following scams so you can help:

Tuition Scam: Fraudsters call or email college students tricking them into believing that their tuition was not fully paid. They then threaten them with being dropped from classes if they don’t pay the owed amount.

Common ways scammers trick students into believing their tuition was not paid are a bounced check, scholarship cancellation, or the fact that loan payments never made it to the school. They will then persuade students to wire money to an account.

If a college student is being contacted about a suspicious bill they should go directly to the college office that deals with tuition payments to see if there is any truth behind the call or email.

College Student

Housing Scams: Scammers know that college students have just gained a new form of independence. They will target students looking for housing by posting online advertisements. Scammers are hoping that a student will wire a deposit to claim the housing before visiting the place. The student is then shocked when they arrive to the “claimed” or paid housing, to find out that it does not exist, or was never on the market in the first place.

College students need to visit any housing they are considering before giving away sensitive information or money. If they are out of state, they should have a trusted friend visit in their place to ensure the legitimacy of the advertisement or work with a reputable real-estate agency.

Scholarships: Thieves know that college students are looking to make college inexpensive. Targeting students that are actively searching for scholarships, scammers trick students into paying for information about a “scholarship” or for an application fee. In reality, they are getting the college student to supply their banking information for a quick payout.

Students seeking scholarships should research the legitimacy of the scholarship before giving away personal information and should not have to pay to apply. Keep in mind scholarships have selection parameters (i.e. high GPA, school year, etc.), so if a scholarship seems to be approved for everyone, be on alert.

Fake Job Offers: Scammers target excited and eager students looking for employment. They post fake job offers online waiting for young adults to provide sensitive information in hopes of landing their dream job.

Legitimate job offers will not ask for banking information or utility bills without an interview first. Scammers may ask college students to pay for specific software requirements, credit reports, or training sessions via wire transfers. Legitimate companies will not ask you to do this.

Remind college students that if a job offer seems too good to be true, it probably is. Always research the company to ensure its legitimacy.

Social Media Risk: College students are at risk of sharing too much information over social media. Thieves and hackers can access social media profiles and collect personal information. By collecting information about a college student, they can try to hack their way into sites by answering common security questions.

To help prevent thieves from obtaining a blueprint of their identity, college students should make their social media accounts private and limit the amount and type of information they are sharing with the world.

If you believe you or someone you know might have fallen victim to one of these scams, please contact us.

Source: http://www.nj.com/business/index.ssf/2015/08/bamboozled_9_scams_that_target_college_students.html

New EMV Cards: What You Need to Know

EMV_CardHave you wondered about those gold chips on the new credit cards? Seen people using them yet?

These new smart cards, chip cards, EMV cards, and/or chip-enabled cards use a small, embedded computer chip known as EMV (Europay, MasterCard, and Visa) technology to authenticate transactions.

European countries have used this anti-fraud technology for years, but it is finally coming to America to combat heightened security concerns due to large data breaches. The EMV technology makes it harder for thieves to counterfeit credit cards. Current American cards use a static magnetic strip, making it relatively easy for fraudsters to obtain the information needed to repeatedly misuse a card. With the EMV chip, a unique transaction code is created for each and every transaction, making it much more difficult to misuse use a credit card account.

Credit cards with EMV technology are not swiped like traditional cards. Instead, they need to be “dipped” into a credit card register or scanned using near field communication. A consumer then waits for the card to communicate with the store’s payment system and their bank to verify the card and create a unique transaction code. Chip cards will also have magnetic strips so they can be swiped at retailers not yet equipped with the new chip card payment devices.

Retailers across America are rapidly undergoing in-store enhancements to read these new chip cards. By the end of 2015, 59% of retail stores are expected to have deployed EMV technology.

According to Smart Card Alliance, approximately 120 million Americans have already received a credit card with an EMV chip. By the end of 2015, it is estimated that 575 million smart cards (debit and credit) will have been issued.

Find out more information about EMV technology.

Source: http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php

In the News: Job Seekers Susceptible to Scams

Job SearchJob seekers can be stressed, desperate, eager, and excited all at the same time. Having a mix of emotions can be distracting, which makes job seekers susceptible to thieves who are waiting to take advantage of them. If you or someone you know is looking for a job, they need to be on alert for scams.

Current job seekers make themselves targets for scams and identity thieves by posting personal information on public job sites. Job seekers should make sure their information is only posted to sites with privacy policies and legitimacy, as well as limit the amount of personal information that is public.

Thieves will also tempt job seekers into giving away personal information through fake job listings on public sites or through direct email. Sophisticated scammers will pretend to be a contact from a legitimate company by changing their address to slightly mimic the company. For example, a legitimate business could be called xyz and have an email domain of @xyz.com. The scammer could send an email from account that has @xy-z.com or @xzy.com to fool the job seeker.

Most scammers will ask for bank account information, a copy of a utility bill, or a background check application (all of which include personal and sensitive information). Some scammers ask job seekers to pay for software requirements, credit reports, training sessions, and so on by wire transfers or asking for your credit information.

To help you stay alert and avoid falling victim to identity theft or scams, review these tips:

  • Never include your bank account number, driver’s license number, date of birth, Social Security number, or credit card numbers on your resume
  • Only post your information to legitimate and secure job sites and track the companies you have applied for jobs at so you know who you should expect communications from
  • Watch out for vague job requirements and job description posted or discussed during interview that anyone could qualify for
  • Always verify the legitimacy of a company
  • Look for unprofessional emails that include misspelling, grammar mistakes, punctuation errors, etc. or emails that come from a personal email account and/or do not include contact information
  • Be wary of online interviews via Yahoo Instant Messenger, many scammers use this method
  • Remember, if the job seems too good to be true, it’s probably fake
Source: http://jobsearch.about.com/od/jobsearchscams/a/top-10-internet-job-scams.htm


Do You Know Who Your Friends Are? Risky Social Media Habits Leave Millions Vulnerable to Identity Theft

NetworkBy: Christian Lees

Amid high-profile data breaches and identity fraud claiming a new victim every two seconds, a staggering number of Americans are engaging in risky social media behaviors that are increasing their vulnerability to identity theft, according to a national survey conducted by InfoArmor, which helps companies and individuals detect and manage emerging fraud.

The survey, designed to uncover the biggest myths and risks of social media use, revealed that nearly four out of five social media users indicated that half of their connections are not true friends.

A friend used to be a close, trusted source, but in social media, this moniker extends to casual acquaintances and to friends of friends who we may know very little, but with whom so much is shared. This is one reason why social media users are twice as likely to fall victim to identity theft.

While 59 percent of respondents say they would classify fewer than half of their contacts as true friends; 41 percent will “friend” a user based on a mutual connection.

The sheer volume of intimate information – names, pictures, emails, birthdates, work histories, family details – we share with people we don’t know is contradictory, considering that our single most common fear of social media is falling victim to identity theft. The study revealed that nearly 40 percent of respondents post three times per week and 20 percent post daily. Those under the age of 30 typically divulge the most information — including tagging “friends” in posts without their consent, sharing their work history and other highly personal information, posting photos while on a vacation, and even giving out their email, home address and more.

Privacy settings are providing a false sense of security. Respondents indicated a high degree of familiarity with privacy settings, but more than 40 percent of users rarely or never check their privacy settings. This increases to half among males. And, nearly half of users never clean out their followers or friends lists.

Social sites are constantly evolving their security policies and settings, so the onus is on the user to stay vigilant about security settings and who is in their social circles. With the copious amount of data social users sharing about their personal lives living online in perpetuity, the true impact of not utilizing privacy settings is unknown.

Although obtaining identity protection services is the strongest form of defense, here are some of the most important activities a user can independently undertake to protect their identity online:

  1. Live online like a biography, not a diary. Post only benign information.
  2. Check privacy settings frequently, especially after updates are released by social networks. The onus is on the consumer to utilize available tools to protect themselves
  3. Understand the short- and long-term risks of posting personal information. What ends up online can never truly be erased.
  4. Lead through example and teach children and teens not to overshare and take ownership of their personal information online.

With nearly 20 years in the information security industry, Christian Lees is chief technology officer and chief information security officer at InfoArmor. Click here to connect with Christian on LinkedIn.

In the News: How the IRS became a Victim

Data Hacker

The IRS recently announced cyber criminals were able to steal information from over 100,000 Americans’ tax returns. The thieves created phony returns and stole refunds by completing a multiple-factor authentication process including private data and non-identity information (e.g. social websites). As information-based crimes are on the rise, it is important to understand where criminals are retrieving this information. Below are five probable ways criminals obtained sensitive information:

  1. Purchasing personally identifiable information on the Dark Web
  2. Phishing attacks where criminals obtain information by tricking you into providing your information to a site that looks like a trusted company, but the URL is slightly different
  3. Obtaining information through your social networking sites and cookies to easily answer security questions on other websites
  4. Hacking and data breaches
  5. Inside sources (e.g. employees)

For details on how to fight back read more of ABC News article or call us at 800.789.2720

Source: ABC News

Protecting Your Privacy: Card Skimming

Recent inciCard Skimmingdents have highlighted the dangers of card skimming crimes. Card skimming occurs when a device is installed on card readers such as ATMs or gas pumps. Once installed it copies your card information while hidden cameras or viewers take note of the pin you enter.

To avoid becoming a victim of card skimming:

  • Look for signs that the ATM or gas pump has been tampered with —hanging wires, nuts or bolts that are out of place, etc.
  • Look for similarities of the card reader compared to the entire ATM or gas pump—color, plastic, etc.
  • If your card is not going into the machine smoothly, alert the bank right away
  • Check your bank and credit accounts regularly and report any suspicious activity
  • Check your InfoArmor Portal regularly for alerts, credit information, and tips
Source: NBC News