KBA

May 3, 2016

Fraudsters Steal Tax, Salary Data From ADP

This post was originally published on this siteIdentity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters. Patterson, N.J.-based ADP provides payroll, tax and benefits administration for more than 640,000 companies. Last week, U.S. Bancorp (U.S. Bank) — the nation’s fifth-largest commercial bank — warned some of its employees that their W-2 data had been stolen […]
October 2, 2017

USPS ‘Informed Delivery’ Is Stalker’s Dream

This post was originally published on this siteA free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. The service, dubbed “Informed Delivery,” has been available to select addresses in several states since 2014 under a targeted USPS pilot program, but it has since […]
November 6, 2017

Simple Banking Security Tip: Verbal Passwords

This post was originally published on this siteThere was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone. Most financial institutions will let customers add verbal passwords […]
February 26, 2018

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

This post was originally published on this siteIn October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images. Image: USPS The […]