Previous month:
December 2010
Next month:
February 2011

18 posts from January 2011

BBB: Beware Of These 7 Scams Targeting Small Businesses

Do you own or operate a small business? Do you work in a small business? Either way, you should know of the threats by scammers and identity thieves. The Better Business Bureau listed the seven scams it received the most complaints about:

  1. Directory Scams – Fraudsters submit invoices for ads or services never placed in the Yellow page directories.
  2. Office Supply Scams – Scammers submit invoices for office supplies never ordered nor deliveerd, hoping you will pay.
  3. Overpayment Scams – A variation of the check scam aimed at consumers, where the scammer overpays for an item via check and asks you to wire to them the extra money back. The check is always fraudulent.
  4. Data Breaches – Theft of valuable information (e.g., customer information, employee information, bank and financial information, proprietary company information) by hackers, current employees, former employees, or vendors/partners.
  5. Vanity Awards – Bogus business awards where you are asked to pay money upfront in order to receive the award.
  6. Stolen Identity – Scammers pretend to be legitimate representatives of your company, to trick your customers into revealing their personal or bank account information.
  7. Phishing E-mails – A variation of phishing emails sent to consumers, with the goal of hacking into your business computers or network. The thieves often pretend to be representatives from the IRS or BBB, hoping you will open attachments that plant computer viruses and malware on your company's computers and network.

The BBB advises small businesses to visit its Data Center Security Solutions website for tips and suggestions to improve the data security at your small business.


WatchGuard: The Most Risky Online Apps

On Tuesday, WatchGuard Technologies announced its list of the most risky online applications. The list is based on risk, and the provider of security solutions for businesses defined risk based on three factors:

  1. Productivity loss: when employees spend time during work hours on social networking websites,
  2. Data loss: data breaches via social networking websites when employees disclose proprietary company information, and
  3. Malware source: when employees introduce computer viruses to the company's network by following links in social networking status messages to destination websites that are infected with viruses or malware

The list of risky online applications included in order: Facebook, Twitter, YouTube, LinkedIn, 4chan, and Chatroulette. Personally, I considered visiting 4chan, an image board where members post images and comment on them, but didn't when McAfee SiteAdvisor software served up this adware/spyware warning:

Google.com search results with McAfee Site Advisor for 4chan

In fact, I'd love it if McAfee Site Advisor produced an app that intergrated it with the Bing search on my smartphone.

Next, I'd love to see WatchGuard produce a list of the most risky apps available within a social networking website, as some Facebook apps are more risky than others. And, I'd like to see the company produce a list of risky smartphone apps, since employees can visit social media sites with a variety of mobile devices. Consumers and corporate executives need to know both.

If you want to learn more, read the results from the Norton "Connected But Careless" study.


Facebook Finally Offers Https Option; Plans To Allow Advertisers To Publish Members' Posts

Two steps forward, and one step backward.

The two forward steps: if you use Facebook via an unsecure, public WiFi connection to the Internet, then https support by Facebook is for you. It encrypts your connection to Facebook so identity thieves and spammers can't sidejack or hijack you Facebook account information. The new feature is (or soon will be) available in the "Account Security" section of your Facebook Account Settings page:

Facebook Account Setting page with https option

When I checked my Facebook account this morning, Facebook had not yet turned on the new https support option.

Previously, Facebook only supported https when members transmitted their login credentials. That limited support wasn't enough because identity thieves and spammer could still use wireless sniffing tools, like Firesheep, to steal web browser cookie and sensitive personal information. Full support of https is an admission that web sniffing tools are a credible threat to consumers' privacy and security. Several experts believe Facebook should have supported https fully years ago.

There are limits. Not all Facebook apps support an https connection. And, https support only applies to your connection from a desktop or laptop computer. It doesn't protect your wireless connection to Facebook via a smartphone app. App developers need to get going and provide similar protections there, too -- soon.

The step backward: on Wednesday, Yahoo Finance published an Associated Press story about Facebook's plans to allow advertisers to re-publish Facebook members' posts:

"Facebook users who check in to a store or "like" a brand may soon find those actions re-transmitted on their friends' pages as a "Sponsored Story" paid for by advertisers."

What is going on? What users asked for this feature? I checked the Facebook blog for details and didn't see anything Wednesday afternoon. According to the news story, Facebook members cannot opt out of this feature. WTF?

The article is short on details. So it is not clear if only the raw "like" and "check-in" are re-published by advertisers, or if Facebook will allow advertisers to grab more posts from members' time line; similar to the way Gmail scans its members email message contents to serve up supposedly personalized advertisements.

This newest Facebook feature smells a lot like the Beacon debacle regurgitated. While it may help make Facebook and its executives richer, I see this as a backwards step for consumers. If I walked into a physical brick-and-mortar retail store, the store couldn't use my likeness or what I said without first getting my permission. If a brand is going to make money by including something I said -- or posted online -- in an advertisement, I demand to be paid for my contributions.

If this new feature proceeds as planned, I guess I will remove all of my "likes" and return to reading news updates from companies' websites directly via traditional RSS feeds. At least I have control and more privacy that way.


How To Protect Your New Mobile Device And Your Sensitive Data On It

You just bought a new smartphone, tablet computer, video game, or flat-screen television that connects to the Internet. How do you protect yourself and your sensitive personal information on it? Infosec Island published a good list which I recommend. Some of the tips:

"... threats aimed at mobile phones are growing. Use software that backs up smart devices and use strong discretion when storing, saving or editing personal information on your smartphone or device. Don’t keep all of your personal passwords on your device, and avoid using it to store financial information like credit card and bank account numbers."

And:

"Many people don’t realize that their new gaming console may represent another port of entry for cybercrooks into their household. Some Internet TV applications can expose personal information, so be sure to install anti-virus software, two-way firewalls, anti-spyware, anti-phishing, and safe search capabilities, just as you would on a PC..."

Read the full list of security tips for consumers.


CNN Money: The End Of Credit Cards Is Coming

According to CNN Money, during the coming years contactless payments with your smartphone will replace credit cards. The video shows how you would pay with your smartphone:

Really? I will believe this when both smartphone penetration is greater than 85% and when the security issues are solved for smartphones. RIght now, about 28% of consumers have smartphones. And, the security of smartphone apps do not equal the protections you have on your laptop or desktop computer.

What do you think?


When Anonymous Is Synonymous With You

[Editor's Note: Today's blog post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Today, Michelle tackles online profiles and privacy.]

By R. Michelle Green

I recently wrote a blog post about information available from your smartphone. It described how different their data transmission is from that of computers. Whereas some tools exist on computers to manage various types of cookies (thus allowing the user management of information flow), those tools are absent for smartphones.

But it’s all anonymized, right, so who cares?

Not so fast! There’s anonymous and then there’s anonymous. For example, would you rather:

a)   have a detailed file about you with your name on it;
b)   have a detailed file without your name attached;
c)   have a detailed file without your name, but with the data tied to your face;
d)   have a file so detailed that it’s even called a fingerprint, but without your name.

Please note there is no choice of ‘e) none of the above.’

Option A is basically your credit report, but at least that should not be easy to obtain. Option B is what I expect when I go online. I try to minimize the information flow, to thwart the marketeers, but ultimately they are much more determined and well funded –and they want to know what we’re doing online. PS – just because your name’s not attached doesn’t mean it’s anonymous. Our smartphones are transmitting the phone’s unique identifier along with other data.  And location analysis will probably show that your smartphone sits at a particular address most every evening.

But surely I made up Options C and D. Wrong! Thanks for playing. Attendees at the 2011 Consumer Electronics Show saw Option C in Viewdle, a Qualcomm partner. Viewdle envisions real-time, cross-platform, facial recognition at the point of capture. Identify someone in a picture you take with your phone, and it will recognize and identify that person in other pictures. Take a picture and their latest tweet or status update can appear beneath the image. And Option D? Read this article (go Wall Street Journal!!) about fingerprinted computers and see if your knees get weak.

At one point I worked in a company with 93,000 employees. They would annually ask for anonymous feedback on management styles and company performance. I had moved up quickly and was young for the responsibilities I had. A demographic page asked for job level, age, gender, ethnicity. I took to writing in the margin of my completed demographic information, “and now you know exactly who I am.”

Blue Cava plans to know exactly who you are, merging its fraud protection data with its advertising data. Hell, [x+1] may already know – they’re just being modest about it. "We never don't know anything about someone," says John Nardone, [x+1]'s chief executive, who did not have my English teacher in high school. This JPG image shows information the Wall Street Journal captured as one woman visited a bank’s credit card site. Separately, these and other companies are working on Option E – all of the above.

So does this mean we should just give up and face the inevitable? What, In America? Where we have lawyers? Apple is already facing a suit for transmitting information via iPhones and iPads. Meanwhile, the Mobile Marketing Association is trying to get ahead of the issue by setting standards for behavior. And as history shows, if the wrong member of Congress discovers this, who knows what legislation could result.

My advice? At least stay informed. And stay tuned.


Would You Buy Pay-As-You-Drive Auto Insurance?

A few nights ago, the CBS affiliate here in Boston broadcast a news story about "pay-as-you-drive auto insurance." The idea is that if you pay auto insurance premiums based on the number of miles you drive. If you drive a lot, you pay more. If you drive less, you pay less. Good drives might pay 2 cents a mile; bad drivers 10 cents a mile.

Why am I writing about this? Be patient and read to the end. The reason will quickly become obvious.

The idea of pay-as-you-drive or pay-per-mile auto insurance appeals to me, mostly because I don't drive much. I am happy to walk and/or take mass transit. Boston has a pretty good mass transit system with buses and subway trains.

My wife and I own one car which we share. When we need a second car, I use Zipcar.com, which is effectively paying for the use of a car (and its auto insurance) only when I need it -- on an hourly basis. If I use a Zipcar more, I pay more. I pay for only for what I use.

It seems a little unfair for me to pay the same amount as a person who drives 1,500 miles each month, while I drive only about 350 miles monthly. So, my auto insurance premiums would decrease substantially with pay-as-you-drive pricing. Another benefit of mileage-based auto insurance:

"A new study commissioned by the Conservation Law Foundation found that basing premiums on mileage would encourage drivers to drive less, cut down on pollution from tailpipe emissions, even reduce accidents which could be attractive for insurers."

The idea of pay-per-mile auto insurance also appeals because this form of pricing is not new. Rental car rates are often mileage based. Airplane and bus travel are often mileage based. you pay more the further you travel.

The news story was rolling along nicely until the reporter mentioned how insurance companies might measure drivers' mileage:

"... drivers would probably have to agree to a tracking device in their car to monitor their mileage and  check their driving habits."

Whoa!! More tracking of consumers?

There is tracking and then there is tracking. Simple tracking might upload once a month the car's odometer mileage reading. That is simple enough, since most new cars have digital odometers. Or, the folks at On-Star might include this with their existing service. It's what I had in mind during this news broadcast.

More invasive tracking might use a GPS device to measure your mileage and speed; in theory to determine whether or not drivers comply with posted speed limits. That is problematic and unnecessary.

Why? First, insurance companies already obtain speeding ticket information from state motor vehicle registries. Second, inspection stations already record mileage during the auto inspection. Just add the upload feature to the RMV.

Third, slow drivers could get penalized needlessly if the tracking doesn't include traffic information. Fourth, extensive tracking collects more information a company could lose or have stolen during a data breach.

Fifth and perhaps most importantly, GPS tracking captures a lot more information than insurance companies need: your location, time of day, travel patterns, and how long you stay at certain places. That is far more extensive data collection than any insurance company deserves, or should have.

Are insurance companies prepared to invest more in data security to protect this information? So far, they don't seem prepared to do so. They would have to because where you are during the day, and your travel patterns over weeks or months, is very valuable information. Burgulars, for one, would love to have it. They'd know when you aren't home and when you are expected to return.

The news reporter, Beth Germano, didn't discuss any of the privacy issues related to tracking. Hopefully she will in a future news telecast, because a rental car company, using GPS tracking, issued a consumer a speeding ticket and included the speeding fine with his auto rental bill. Insurance companies should not perform law enforcement tasks. The insurance company was forced to stop billing speeders.

What's your opinion about pay-as-you-go auto insurance? Would you buy it? What track would you be comfortable with? If you missed the news telecast, here it is:


A Top Advertiser on Facebook Operates a Bing Affiliate Scam

This news story proves two things. First, scammers and identity thieves have targeted social netowrking websites. Second, consumers must be very careful about the links you click on at social networking websites. MediaPost reported:

"... Facebook’s third largest advertiser is a Bing affiliate scam site named Make-my-baby.com. Facilitated by affiliate company Zugo, the site gets unwitting Web users to switch their browser’s default search and homepage to Microsoft’s search engine..."

Wow. That's significant. You might think that executives at Facebook would closely watch the activities of its major advertisers, but:

"Are Facebook and Microsoft – which happens to own a small share of Facebook – knowingly in on the scam? According to Google’s Cutts: “It’s entirely possible, even likely, that Facebook and Microsoft didn’t realize this was going on.” Still, asks ReadWriteWeb: “Is no one minding the store?"

I suggest you definitely read the ReadWriteWeb blog entry. Denials are flying around fast and furiously. I guess that executives at Facebook are focused on growing quickly, rather than mind their digital store. Balance is important.

This story is not over, either.


Facebook Lets Apps Grab More Members' Personal Data, Then Reverses Decision

Facebook apps request for address and mobile phone number information

Last Friday, the Facebook Developer blog announced that applications can now use Facebook members' home address and mobile phone numbers:

"... We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions..."

This is important because consumers could receive phishing messages via text messages. This is why the Sophos Naked Security blog described this change as a risk to Facebook members. Of course, the change is great news for app developers who wish to compile a more comprehensive database of their app's users. This change puts more members' personal information in the hands of app developers, some will keep this information secure, and some probably won't. Others may resell it to other companies. As far as I know, Facebook does not monitor apps in an ongoing manner for compliance.

Plus, with this change Facebook apps will collect only the specific member's address and mobile phone number. Realize that Facebook could change it again in the future and allow apps to collect the home address and mobile phone information of all of your friends.

This is another example of how Facebook's nasty habit of redefining "private" personal information as "public." It's a major reason why I do not trust Facebook and include a minimal amount of personal information in my Facebook profile. Personal information that is private today, Facebook wiill redefine as public in the future when it suits its needs; not your or my needs. That doesn't work for me. And I imagine it doesn't work for you either.

What should consumers do? If you insist on using Facebook, don't include personal information in your profile that you don't want made public -- ever. It may be treated as private by Facebook today, but that is no guarantee about the future. Second, check the permissions on the apps you currently use and make sure they don't disclose more data than you want.

Third, read the privacy policies of any apps before adding them. If the policy isn't clear, don't add that app. You do have a choice. You don't have to accept everything Facebook offers. (Yes, Facebook ultimately forced its new Profile page format on all of its members, but that is a topic for another blog post.)

Fourth, lock down your Facebook profile if you haven't done so already. My guess is that many new Facebook members still haven't done this and keep their profile page completely open to the public, because they don't know or haven't lived through last May's Facebook privacy setting changes. If you are new to Facebook, read this, and follow these 7 things you should stop doing on Facebook.

After receiving much feedback, on Monday Facebook reversed its decision to release the above members' personal information. You can read about it at The Register and at the Facebook Developers blog:

"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready."

Yes, a change like this should not be rushed and it should have the best, clearest user experience possible for users. After reading a FrameThink blog post about how Facebook is so engineering-driven, perhaps this engineering zeal needs to be balanced with customer-driven feature requests.


Identity Thieves Have A Hidden App For That

The other day, I learned what "money-sucking mobile phones" are. Apparently, manufacturers in China are making mobiles phone pre-installed with computer viruses. The problem is so big that China's Ministry of Industry and Information Technology is cracking down on the criminals.

Here is the sucking part: the computer virus, or hidden app, in these buggy phones are designed to send texts, or perform other operations, that directly cost the consumer money. IT World reported:

"Each month, the phones will spend only about 2 yuan (US$0.30) in text messages or other mobile services. The small amount ensures that users will not take notice... The phones make money by accessing mobile services operated or linked to the handset maker..."

Multiply thirty cents by several hundred-thousand infected mobile phones and you have an efficient money-making enterprise. So far, the affected (infected?) knockoffs are Android phones.

What's a consumer to do? First, buy from a reputable retail store. Second, be a smart Internet user. The bigger threat is probably from websites that install malware or viruses when you visit them. So, don't click on links sent to you from strangers via text messages or via social networking sites. I follow Facecrooks to stay aware of scams and viruses on Facebook. At social networking sites, I don't accept friend requests from people I don't know, or can't verify via an alternate method (e.g., call them on the phone) first.

If you think that your smartphone is infected, AARP Scam Alert says it is difficult for consumers to tell for sure. Here are some clues:

"Your bill may show texts to unknown phone numbers, often occurring at the same time as legitimate calls... The battery is warm when the phone isn't in use, or it dies quickly... Your phone flickers when not in use."

Of course, lock down your smartphone with a passcode. A future blog post will discuss "lost and found" apps for your smartphone.


Statistics: Data Breaches With Patients' Personal Health Information

Data security in hospitals and health care organizations is far from what it should be. The HIPAA blog reported that as of January 5, 2011 there were 217 reportable data breaches affecting 6.3 million people. "Reportable" according to HIPAA rules is a single breach event affecting at least 500 people that must be reported to HHS. The HIPAA blog noted:

"... Over half [of breach events] are the loss or theft of some computer device or media, and half of those are lost/stolen laptops. All of those cases involved unencrypted information on those laptops and computer devices. If that information had been encrypted, there would have been no need to make a report."

If you don't know, HIPAA = Health Insurance Portability and Accountability Act of 1996.


Your Smartphone's Got a Big Mouth

[Editor's Note: Today's blog post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Today, Michelle tackles smartphones and privacy.]

By R. Michelle Green

I’m thinking about buying a smartphone. Yeah, I know. The 12 pound cell phone I got in the late 70s still works, so why should I get rid of it... Kidding! I kid, I’m a kidder... In my heart I’m an early adopter, but I behave more like late majority. Part of it is, I want to know the pros and the cons of a tool before I buy it.

So of course a blog post titled, "Is your smartphone spying on you?” caught my eye. Unlike computers, smartphone transmission of information is far less visible or manipulable than data transmission on our computers. Now you want it to transmit some information. If it didn’t transmit your unique id, your phone calls wouldn’t get routed correctly. If it didn’t transmit your location, you couldn’t benefit from location-based apps like Foursquare or where or SitOrSquat.

But you probably don’t expect your blabbermouth phone to share with others your gender or your ethnicity. In fact, there are something like 100 sources of data on a smartphone, including the phone’s camera, its memory, and your contacts. And your phone doesn’t know how to shut up, says this Wall Street Journal (WSJ) article.

Every app transmits some data. That’s how the app makes itself valuable to us, the transmission of data relevant to our specific circumstance. But let’s pose the question: shouldn’t you control that transmission, or at least understand what you’re signing up for?

Apple says its apps must obtain the user’s prior permission before transmitting data, informing how the data might be used. With 300K Apple apps available (not reviewed, not rejected, but available for download), how careful can they be? Google more realistically makes no promises beyond requiring their apps to notify users what data sources the app will access. (Perhaps unrealistically, Google expects its app makers to behave responsibly.) Whereas some tools exist on computers to manage various types of cookies, those tools are absent for smartphones.

But even if you can’t stop it, you can knowledgeably choose not to download the app, right? Or else you can choose to let certain info go and not others? Right now, the answer to both those questions is no.

In examining more than 100 apps, the Wall Street Journal found lots of data flowing to lots of entities, in contravention of Apple’s or Google’s expectations. Apps like Yahoo, TextPlus4 and dictionary-reference.com took lots of personal information for themselves and for third parties. Many apps didn’t even have privacy policies available at their web sites. WSJ’s lovely analysis differentiates the worst offenders they saw, identifies what info is shared, to whom and how.

So what’s regular folk like you and I to do? At least understand the problem. Go, go now, do not stop for soda or beer, and look at "What They Know" in the Wall Street Journal’s web site. If you are a frequent reader of this blog, you already know a lot about privacy and data management on your computer, so go straight to their data about mobile devices.

Those of you with families, be sure to check the link in the upper right that focuses on data transmission from apps for children. What I particularly like about the site are the introductory tools associated with the WSJ series, offering information literally as basic as “What is a cookie?”. And I think even Edward Tufte would delight in the beautiful presentation of this complex information. If this isn’t in the Webby nominations for 2010 or '11, I’ll eat someone’s hat. There’s so much information at this site, that – ok, gotta stop, drooling on the keyboard.

As for that old dumb cell phone of mine? Turns out, as ‘low-tech’, it’s not as vulnerable to some high-tech problems. But when I do get a smartphone, I’ll listen to some of the AARP's advice. (Don’t hate, they have a nice magazine...) I’m going to have a passcode limiting casual access to the phone. I’ll take advantage of the updates that my network provider or phone manufacturer offers, so as they repair vulnerabilities, I benefit. And just as I’m very hesitant to click a link in an email message, I’ll think twice before clicking links in messages on my smartphone.

The new smartphones are computers, and just like your laptop or desktop, your pad or tablet – someone’s selling code right now to hack it. Hell, they’re giving it away.


© 2011. R. Michelle Green. Reprinted with permission.


What Cloned Credit And Debit Cards Look Like

First, I'd like to thank Fort Myers law enforcement for catching and arresting these alleged identity-theft thieves. On January 5, the ABC affiliate channel 7 in Fort Myers, Florida reported three people were arrested and charged with possession of counterfeit credit cards, possession of fraudulent driver's licenses, and possession of identification cards without the consent of their owners included Maria Anzalone, 46; Michel Santana, 31; and Raydel Castaneda, 39.

Now, watch the video and see what cloned debit/credit cards look like:


Facebook Members Warn Their Friends About Spokeo

During the past few weeks, I have seen several friends on Facebook post this message about Spokeo:

"There's a site called www.spokeo.com that's a new online USA phone book with personal information: everything from pics you've posted on Facebook or the web: your credit score, home value, income, age. Remove yourself by searching your name, copy the URL of your page, then go to the bottom right corner of the page and click on the Privacy button to remove yourself. Copy & re-post so your friends are aware."

Regular readers of this blog already know about Spokeo since this blog covered it in April 2010. When I reviewed my personal Spokeo listing recently, it had plenty of errors: incomplete name, wrong address, and other details. The data looked as if Spokeo tried to match and merge (unsuccessfully) data from an old White Pages phone book directory with data they may have purchased from marketers and/or state motor vehicle registries.

This data inaccuracy reminded me of an experience I had with credit reporting agencies in 2004. That year, I applied for an American Express card anticipating an extended business trip in London. American Express denied my application because I was "deceased." Obviously, I am not dead. When I checked my credit reports, they had erroneously co-mingled data from my deceased father and from me. If you don't know it, credit reporting agencies rely on consumers to check the accuracy of their credit reports, and to submit correcting information. This approach rests on the assumption that most consumers want their credit reports to accurately reflect their creditworthiness.

My points:

  1. It is good to view your Spokeo listing and opt-out of their program. The problem: the burden is on consumers to continually opt out as every new Internet-based marketing company springs up. That is not the Internet I envisioned nor long for, and I'll bet you agree.
  2. I feel no obligation whatsoever to notify Spokeo about the inaccuracies in my listing, and hope that you don't feel obligated either. Better to let Spokeo wallow in ignorance.
  3. Like Facebook and other data mining or marketing companies, Spokeo makes money from our personal data, correct or incorrect. If I were sharing in that revenue stream, then I might feel motivated to inform Spokeo of the errors in my personal listing.
  4. Data mining companies like Spokeo will continue to publish plenty of mistakes in their databases. Why? Many consumers have multiple online identities. While data mining companies can analyze purchases from credit cards, patterns from location-based status meesages, or your "likes" on social networking sites, only YOU know how accurate the demographic and descriptive data is about YOU. Spokeo "swims" in the same consumer identity cesspool as other data mining companies and markets. At least credit reporting agencies have the benefit of updating their records with structured data from lenders and banks.
  5. Executives at data mining and marketing companies like Spokeo want to believe their data is accurate. In my view, it often isn't. People move, change street addresses, use multiple email addresses, use multiple phone numbers, regularly delete their web browser cookies, use add-ons like BetterPrivacy to delete Flash cookies, use software like MAXA Cookie Manager to delete a variety of LSO's stored on their computers, and opt-out of location-based messages. So, the value of that data is less than they think and has less utility for applications.

So, go ahead and check your Spokeo listing. How accurate was it? Did you opt-out? I've Been Mugged blog readers want to know.


New Fees Coming For Consumers' Bank Accounts; Reward Cards Drive up Debt

Changes and new fees are coming for consumers with checking and savings accounts at banks. Last week, the Wall Street Journal reported that Bank of America is testing new account structures:

"... it will divide customers into four categories structured by account activity and number of products, according to an internal memo. The four accounts are "Premium," "Enhanced," "eBanking" and "Essentials"... The new arrangement will allow customers to "choose how they pay us," according to the memo from Joseph Price, president of consumer and small business banking."

The tests, scheduled in Arizona, Georgia, and Massachusetts, will include new fees of $6 per month for basic accounts. Accounts with more features will have $8.95 to $25.00 monthly fees. I checked the bank's press releases section, which said nothing about the test nor higher fees. If anyone participates in the bank's test, please share your opinions and experiences below.

In February of 2009, this blog warned you about upcoming credit card interest rate increases. The higher rates happened later that year. It looks 2011 will include higher costs to consumers for banking services. You would think that Bank of America would find ways to cut costs before raising prices to consumers during a severe recession. I guess that greed and arrogance makes you do strange things.

More banking news: in a paper presented at the American Economic Association's meetings, researchers at the Federal Reserve Bank of Chicago have found the reward cards lead consumers to run more more debt on their credit cards:

"We find that with an average cash-back reward of $25, spending and debt increases by $79 and $191 a month... cardholders who do not use their card prior to the cash-back program increase their spending and debt more than cardholders with debt prior to the cash-back program."

The researchers studied 12,000 bank accounts overa two-year period. Some concluded that debt went up because consumers switched their spending from cards without rewards to cards with rewards. If that describes you, remember that the rewards cards are beneficial only if you pay off the balances every month. Otherwise, the finance charges negate the reward savings or cash back.


Thoughts On Today's Tragedy

Today's shooting tragedy is so awful, I feel compelled to share some thoughts. First, my condolences to the shooting victims in Arizona, and their families. One victim I heard is nine years old. Representative Gifford's staff had security concerns in 2009.

Second, I am old enough to have lived through shootings of JFK, Robert Kennedy, MLK, Wallace, and Reagan. One never gets used to this. Sadly, our country has a history of violence.

Third, when politicians, pundits, and talking heads carelessly (or intentionally) use irresponsible and violence-infused language like, "don't retreat, reload" it contributes to an environment where wingnuts feel emboldened to bring guns to political rallies and to shoot people. The violence-infused rhetoric is counterproductive. We have to find better ways to express our disagreements in a civil manner, and I hope that politicians take the lead rather than business-as-usual. There are better ways to make a point than with cross-hairs gun-target images:

Palin PAC Target map


Temptation and Over-Sharing In Online Status Messages

It's barely a week into the new year and I have already broken a resolution. To be precise, it was a resolution I promised myself in 2010 and not a new resolution for 2011.

In December, my wife gave me for Christmas a shiny, new HTC Surround smart phone. It was easy to learn how to use the phone and it truly is a hand-held computer with lots of functionality. For the technorati, it is a Windows 7 operating system phone with all the features you'd expect: touch-screen controls, voice-activated controls and Bing search, digital camera, robust contacts directory, and the ability to add plenty of apps.

Of course, to maintain this blog while on vacation, I installed apps for Twitter and Facebook. What got me into trouble was a shiny new mobile device with a convenient combination of a digital camera, Facebook app, high-resolution screen, and texting interface.

While visiting my daughter, son-in-law, and grandkids in another state, I took plenty of photos as you'd expect. No problem there. The problem arose about what to do with all of those photos. The temptation was great to upload the photos and share them with family and a few close friends. Early on, I shared photos via text messaging attachments. That worked well for a brief time.

Across the web, experts advise consumers against over-sharing on social netowrking sites. There are two ways to consumers over-share. One is to include location information in your status messages. The second is to turn on the location-based feature on your mobile device to auto-insert your location with your status messages.

Why the caution from security experts? Some of your "friends" haven't locked down their social media accounts and unknowingly disclose their and their friends' status messages to the public. While most of your friends are trustworthy, some criminals target social networking site users who post location-based status messages. The news media reported at least one incident where a person's Facebook friends allegedly burgularized their home while they were out. A recent Forbes article reported:

"... Chubb wants people to exercise more caution when broadcasting details about their lives, relationships, and daily routines. We're seeing more claims and case activity surrounding online exposure... according to Experian, 65% of people don't set high privacy settings on social networking sites, and over 90% don't review websites' privacy policies."

Ultimately, sloppy social media status messages could give way to higher personal insurance rates. Nobody wants that.

On a daily basis at home, I have turned off or opted out of the location-based feature on the social networking websites I use. During my vacation, I stuck to my resolution for four days, but temptation from a shiny new mobile device led to several Facebook status messages with location information.

I gave in and uploaded photos real-time to my Facebook mobile uploads photo album. The Facebook app worked pretty well, but the photo upload function worked sporadically -- probably due to varying phone reception.

The good news: the temptation has since passed.


Bank of America Prepares For Upcoming Wikileaks Disclosure

Happy new year! I don't report about every corporate data breach, but the ones that either have far-reaching impacts or involve huge corporations that potentially affect many consumers.

On Sunday, The New York Times reported that Bank of America was preparing to defend itself against a possible disclosure of internal documents by WikiLeaks. After a November 29, 2010 interview where the WikiLeaks director threatened to expose corruption at a large unnamed bank. After that interview, Bank of America took action:

"... a team of 15 to 20 top Bank of America officials, led by the chief risk officer, Bruce R. Thompson, has been overseeing a broad internal investigation — scouring thousands of documents in the event that they become public, reviewing every case where a computer has gone missing and hunting for any sign that its systems might have been compromised."

I checked the bank's press releases website for news about this event and didn't see any. Then, Finextra reported that BofA has been:

"... aggressively registering domain names including its board of Directors' and senior executives' names followed by "sucks" and "blows". For example, the company registered a number of domains for CEO Brian Moynihan: BrianMoynihanBlows.com, BrianMoynihanSucks.com, BrianTMoynihanBlows.com, and BrianTMoynihanSucks.com... While Assange has yet to reveal the true identity of the bank in question, it is widely accepted that the 5 gigabyte drive in WikiLeaks' possession relates to internal documents and e-mails from Bank of America..."

The domain name registrations seem more like "reputation management" and not proactive data security. Exactly how does this protect the bank and its accountholders? If the bank lost this information, what else has it lost about accountholders?

It seems to me that given the bank's defense preparations, its executives must know that a BofA 5-gigabyte drive was lost or stolen. The New York Times article mentioned that the bank's executives were responding to the threat of WikiLeaks possesing a BofA hard drive, and the news story didn't confirm whether or not a drive was lost/stolen. Where is the disclosure about the breach? Many states have breach notification laws.

I expect the bank's executives to act diligently after any data breach, not just the high-profile breaches. I would expect the bank's executives to act diligently to implement the best data security methods and to continually train its employees about good data security habits.

All of this goes to trust. As a Bank of America customer, trust is important to me.