I hate the term “identity theft.”

As far as I know, no one can steal my identity. Even if my bank account number, my credit card number and all my passwords are stolen, I am fairly confident that I will still be me and the thief will be a different person.

Yes, the criminal will be masquerading as me. But anyone who knows me–my husband, my children, my colleagues, my doorman, my employer–will not be fooled. If “I” was actually stolen, I believe that would be called a kidnapping.

The entities that would be fooled by a masquerader are ones that don’t really know me: my bank, my credit card company, places where I do online or offline shopping. Maybe they should have done a better job figuring out who I was before parting with my money or their goods.

Read the rest of this post on the original site

Earlier this week, my colleague Elizabeth Bernstein wrote a Bonds column about people getting in touch with old flames online, especially via the magic of Facebook. In the piece, she describes how some couples have devised new rules governing their online activities, like promising to inform their spouses when they contact an ex online or limiting their online “friends” to people of the same sex.

Other couples, meanwhile, share their passwords or even their accounts and email addresses. “If your bank accounts are common, why not your Twitter and Facebook accounts?” said one man in the article.

Read the rest of this post on the original site

Phishing attacks that affected customers of Microsoft’s (MSFT) Hotmail Monday have compromised more than 30,000 email accounts, including those of Gmail, Yahoo (YHOO) Mail and other services.

Microsoft blamed phishing, in which cybercriminals try to trick consumers into revealing personal information through fraudulent emails, for a list of Hotmail account passwords that appeared online. The company recommended Hotmail customers change their passwords and said it’s helping phishing victims fix compromised accounts.

But security firms and the BBC said Tuesday that the attack extended to other services, including those run by Google (GOOG) and Yahoo as well as AOL, EarthLink (ELNK) and Comcast (CMCSA).

Read the rest of this post on the original site

Microsoft says a phishing scheme is behind the exposure of passwords to thousands of Hotmail accounts late last week and adds that it’s helping affected customers regain control of their accounts.

On Monday, the Neowin technology blog posted a story saying that an anonymous user on Oct. 1 had uploaded a list with password details of more than 10,000 Hotmail accounts to a Web site called pastebin.com, where developers typically share programming code with each other. Neowin said it had seen part of the list, which has since been removed, and notified Microsoft of the issue.

After an internal investigation into the leaked Hotmail credentials, Microsoft (MSFT) said in a statement that it determined the passwords were obtained through a phishing scam. In a phishing scam, hackers send out legitimate-looking emails under the letterhead of banks, eBay (EBAY) and other institutions, usually telling consumers they need to reset online passwords to their Web sites for security purposes.

Read the rest of this post on the original site

For the second year in a row, Twitter has a major presence on Defcon’s Wall of Sheep. The wall, a perennial presence at the hacking conference, was designed to showcase the consequences of sending passwords over unsecure networks.

But J.A. Simmons says Twitter is more secure than you think.

Read the rest of this post on the original site

They might be helpful for solving your computer woes, but watch out for those shifty information technology employees at your office–a recent survey says they may be stealing your passwords and copying your research and development plans.

In a survey of more than 400 senior IT professionals in the U.S. and the United Kingdom, Cyber-Ark Software, a Newton, Mass.-based security software company, found that 35 percent of IT administrators admitted to accessing corporate information like human resources records, customer databases and M&A plans, up from 33 percent a year ago.

Moreover, if fired, 47 percent of the staffers surveyed said that they would take company financial reports and M&A plans with them, a sixfold increase from the previous year’s survey. About 46 percent said that they would snag CEO passwords and R&D plans, a fourfold increase.

Read the rest of this post on the original site

You are the victim of identity theft and the fraudster calls your bank to transfer money into their own account. But instead of asking them for your personal details, the bank assistant simply presses a button that causes the phone to produce a brief series of clicks in the fraudster’s ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.

Read the rest of this post

Ever wonder what happens to your Facebook account after you die? Someone does.

That someone is Legacy Locker, a new online service announced Tuesday that allows people to securely store usernames, passwords and other access information for all their digital assets–from Facebook and MySpace accounts to Gmail and PayPal–and pass that information along to beneficiaries in the event of their death.

Jeremy Toeman, co-founder of Legacy Locker, a San Francisco start-up, says this kind of system is a lot easier than trying to wrestle the information out of social-networking sites and Web companies as a family member of the deceased. “It’s the online equivalent of a safety deposit box,” Toeman says.

Read the rest of this post

Days after a wave of phishing attacks fooled thousands of Twitter users, it appears that another security hole has been found by…someone. Obama’s account, unused since election day, sent out an affiliate link to a survey with a gas card prize, Fox News said that “Bill O’Reily is gay” (not that there’s anything wrong with that) and Britney Spears made a lewd post about her anatomy. Rick Sanchez, the Twitter-loving CNN anchor, says he’s “high on crack and might not be coming into work today.”

The Fox tweet was deleted an hour after it was posted, so the password may not have been changed. The Facebook account on Twitter just posted a link to porn, so it appears that the situation remains unresolved. Update: Twitter says it’s been resolved but that users should change their passwords! The Twitter blog has just posted an explanation of the breach.

Read the rest of this post

For all the talk about privacy and security, it seems that a lot of people are downright sloppy when it comes to who they provide personal information.

A couple of prime examples this week occurred where large numbers of unsuspecting or naive [people] happily handed over their usernames and passwords to a third party simply because the service looked cool.

First up was SocialMinder, which is offering a service that lets you get control of your Gmail and LinkedIn contacts. To use it, you have to hand over usernames and passwords to an unknown company offering a beta service. Even worse, SocialMinder is using the information to spam your contacts, unless you realize what they are trying to do, and opt out.

Read the rest of this post