Identity doesn’t have to be stolen when it can be conjured up out of thin air.

Understanding Synthetic Identity Theft

By Cathy Ross for


Synthetic identity theft (or more accurately, synthetic identity fraud, which is also in sharp contrast to stolen identity fraud) has no specific consumer victim. That’s an important advantage for the fraudsters. After all, if Mary Doe steals Jane Smith’s identity, then Ms Smith has every incentive to report the theft to the authorities and credit bureaus. She serves as a key tool in the detection and mitigation of such fraud. But if Mary Doe invents a Ms Smith, then this key tool is missing from the toolbox.

A related problem, from the point of view of lenders and merchant creditors: it is very difficult to get a fix on how big a problem this is. Often the invested Ms Smith’s account will simply be written off as bad credit, and unrecoverable debt. It won’t be accounted for as a cost of fraud.

On a macro level, Gartner Inc. has estimated that synthetic fraud accounts for 20% of credit charge-offs.

Short Description:

Broadly speaking, synthetic identity fraud takes one of two forms. Our Mary Doe can try to create a new cyberspatial identity by slightly altering her own self, or she can start from scratch. The results are sometimes called “manipulated synthetics” and “manufactured synthetics,” respectively.

Sometimes the synthetic identity creator does not intend to defraud those with whom she deals. This (relatively) innocent form of false identity creation is likely to fall under the first of those two headings, manipulated rather than manufactured. Mary Doe might start calling herself Maria Dough, and invert two digits of the social security number she provides, in order to try to get out from under the effects of a bad credit history.  She might make legitimate purchasers and intend to repay them.

But if “Maria” is in fact cobbled together from a variety of sources, the personally identifiable information (PII) of a number of people, the date of birth of one the address of another, the SS number of a third, etc., the perpetrators are more cold-bloodedly fraudulent.  Increasingly, synthetic identities are being created from a single identity element, like a social security number, which a fraudster uses to seed an otherwise fabricated identity.  While the first new credit application filed with lenders may get rejected as having too little history, the second or third has a much better chance of being approved as the credit agencies being queried may now recognize the identity as legitimate.  An example is as follows >>> READ MORE


Click here for solutions on how to prevent synthetic identity fraud.

Ecommerce Security Best Practices for Online Businesses

When it comes to online shopping, businesses are responsible for more than just product quality, timely shipping, and excellent customer service. As more and more consumers are transitioning to ecommerce, businesses must incorporate fraud prevention technology platforms and understand data security best practices.

Here are 15 steps you can take to secure your ecommerce site:

Encrypt all communications with the web browser by updating your site to HTTPS.
Secure transactions through the use of two-factor authentication.
Prevent denial-of-service (DoS) attacks with firewalls and application gateways.
Choose a hosting service plan with Secure Socket Layer (SSL) protection.
Ensure the hosting plan works with the newest ecommerce and CMS software.
Use services with security software to prevent malware attacks.
Keep your plugins, CMS, and software updated.
Create new administrative passwords every six months.
Schedule data backups to occur automatically.
Audit your site for vulnerabilities regularly.
Advise employees to avoid suspicious activity on social media.
Teach everyone in the company how to recognize phishing scams.
Use secure online payment methods.
Generate a user-friendly privacy policy.
Delete all unnecessary customer data as soon as possible.

It’s true that online shopping is increasing (though still far behind shopping in physical stores), however, consumers are growing weary of how businesses handle their sensitive information. One study shows that 67% of online respondents fear their private data will be released in a data breach in the near future.

In order for ecommerce businesses — from entrepreneurs to corporate giants — to be successful, they absolutely must know how to manage data privacy. You might have heard of some companies that learned the hard way: Target, Equifax, and Under Armour, to name a few.

See how these businesses recovered and learn how to protect yourself and your customers from data breaches and malware attacks. This infographic from Wikibuy explains the best ways to address online shopping concerns in today’s online marketplace, including tips on what to do should you fall victim to a breach.

How Business Owners Can Address Online Shopping Concerns

Why Your Device Password Should Never Be 1234 Qwerty?

In the world of modern technology where security is frail, it is imperative for people to protect their online data from theft, breaches, and leakages. Even security professionals fail to practice good habits when it comes to password protection.

In fact, 50% of them refrain from changing social network passwords for more than a year and 65% of companies have over 500 employees that have never changed their password. This is a bit alarming, especially if we remember how common hacking and accidental information leakage is with many social platforms experiencing breaches and other risks.

If you think that is problematic, then knowing that people are also astonishingly bad at picking their passwords will send you confounded. Running their fingers at the top row of their keyboards is easy and convenient. Using your name or birthdays is another handy trick too. But are they safe?

Today, we look at several reasons why you should never choose 1234 or Qwerty for a password.

1234 and Qwerty are Two of the Commonly Used Passwords

The first levels of your keyboard are often used as passwords, and they have been topping the list for years. These passwords are unimaginative and laughably predictable. Yet they persist, year in and year out.

Using such passwords opens you up to attacks, risking your financial and personal details.

Personal Details and Information are Collected and Shared

When you sign up to a website or network, you need to provide personal information like your name, address, email, and phone number. Most platforms and apps collect these data and share them outside the network.

Facebook, Twitter, and LinkedIn, for example, gather your important data and use them for tailored advertisements and information. Third-party entities outside the network can get hold of them too.

Social network sites and apps are vulnerable to attacks. One thing you should remember when it comes to the internet is that no data is safe forever. Most apps and sites have weaknesses. Data breaches and leakages are possible by design or by accident.

In 2012, more than 6 million LinkedIn passwords were stolen. NH Cyber Forensics Research and Education Group found in 2014 that Viber stored user data in an unencrypted cloud environment. This put the privacy of nearly 150 million users in danger. Google experienced a security flaw in 2015, rendering millions of users vulnerable to hackers.

Wrapping Up

Although passwords cannot be guaranteed to keep our data safe 100%, it is still highly advisable to be careful when choosing one. It should never be 1234 Qwerty.

Aside from making sure your password is strong, you should also begin the good practice of changing it regularly and making use of two-factor verification.

Take a look at the infographic that follows to learn more about the importance of online data security.

How Safe Is Our Online Data?

How to Spot Malicious Emails

The ability to distinguish legitimate emails from malicious ones is a new skill set that business owners need to acquire. Ignoring hundreds of spam emails every month is one thing, dealing with malware and ransomware attacks that could cost your company millions in damages is entirely different.

Symantec’s latest Internet Security Threat Report shows that 55% of emails employees received in 2018 were categorized as spam. With 1 in 412 emails being potentially harmful and considered malicious.

Based on Symantec’s findings the following chart shows which subjects, keywords, and attachments are most often used in malicious emails and considered significant red flags to employees.
Infographic: 'Urgent Invoice' - How to Spot Malicious Emails | Statista

Where Malicious Spam Comes From

Approximately 52 percent of all e-mails sent worldwide last year were ads or spam emails. China accounts for 12% of global spam as the largest contributor. The United States follows in 2nd place with 9%, and Germany taking 3rd with 7%. In good news though, the total spam traffic in 2018 was 4 percent lower than it was in 2017.

Infographic: Where Spam Comes From | Statista You will find more infographics at Statista

Time to get your 'Shield Up' against hackers

Trump Administration Warns of Economic Espionage Risk From China, Russia, Iran

The Trump administration has launched a public awareness campaign for the U.S. private sector, urging businesses to better defend themselves against online attackers who may be trying to steal their sensitive data or wage supply chain attacks.

Written by Mathew J. Schwartz (euroinfosec) for

DataBreadToday Twitter  |  LinkedIN Group  |  Facebook

The effort, being run by the National Counterintelligence and Security Center, aims to improve the minimum level of information security practices in place at businesses. At a minimum, NCSC is urging all organizations to review supply chain security, safeguard against spear-phishing emails, beware of social media deception and expect that, when traveling abroad, their equipment will be subject to surveillance or interference.

The NCSC has branded the effort as "Know the Risk, Raise Your Shield," and released a range of videos, posters, brochures and flyers via its website that promulgates strategies to help protect data, assets, technology and networks. The materials were previously distributed to the federal workforce.

"To enhance private sector awareness, we're arming U.S. companies with the information they need to better understand and defend against these threats," says NCSC Director William Evanina.

Advice from the NCSC

The U.S. NCSC is a center within the Office of the Director of National Intelligence, not to be confused with the U.K.'s National Cyber Security Centre, which is the public-facing arm of British intelligence agency GCHQ.

The U.S. NCSC's 2018 Foreign Economic Espionage in Cyberspace report, released last July, singles out China, Russia and Iran as posing the biggest nation-state hacking risk to the U.S. private sector. Laws in China and Russia, in particular, allow government agencies to compel firms to assist in their efforts.

But officials warn that the threat is much broader.

"Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data and compromising supply chains," Evanina says. "The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars."

Last year, Director of National Intelligence Dan Coats told Congress that in the online realm, Russia poses the top online attack threat to the United States, while China, North Korea, and Iran are also top threats, "although many countries and some non-state actors are exploring ways to use influence operations, both domestically and abroad."

Robert Hannigan, speaking at the June 2018 Infosecurity Europe conference in London, said cybercrime groups and nation-state attackers are increasingly blurring together. (Photo: Mathew Schwartz)

Indeed, the former head of the U.K.'s signals intelligence agency, GCHQ, last year warned that it was becoming increasingly difficult to tell cybercriminals and nation-state actors apart (see: Cybercrime Groups and Nation-State Attackers Blur Together).

"In some cases, you can see these groups sitting in the same room, and in some cases, you can see where people have been conducting state activity during the day, and then doing crime activity at night," said Robert Hannigan, who headed GCHQ until 2017, speaking at last year's Infosecurity Europe conference in London. "It's an interesting mixture of profit and political intent."

Charges Filed

As part of its effort to warn private businesses to take information security more seriously ..... (CLICK TO READ MORE)