Group items matching

in title, tags, annotations or url

It is hard work looking for a job, Matt Sawyer said. "Well with the economy being down right now, it's pretty hard," said Sawyer. Like most job hunters, Matt is posting his resume on various online job sites. But you have to be careful when sending out your personal information over the Internet, privacy expert Pam Dixon said. "The problem is, if you don't use it correctly, it can come back to haunt you," she said. Dixon runs the World Privacy Forum and warns job hunters to be cautious with their personal information when posting their resume. "In fact any competent job site will give you the option of hiding your personal information," said Dixon. Scam artists have been known to steal personal information from resumes and use it to apply for credit. That is why Dixon said you should only include your first initial and last name, no full names, when writing your resume. She also said not to include your phone number or address. Dixon said you should create an email address that is temporary and just use it for your job search. Dixon said scam artist will even call people from their resume and ask for detailed information like a copy of their driver's license or social security number or even their credit card information. The scammers will claim it's for a background check but it's only to steal from the job seeker. Matt admits if he was approached for a job he might give away too much information. "I think when people first get that call and they're real excited about it, they might just jump into it and go ahead and do it," he said.

Be careful what information you give to recruiters!

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach. The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor. The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information. The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained. Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves. "We wanted to err on the side of caution," Michener said. Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said. Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.

Never mind landing the job. Now people on the lookout for employment have another cause for worry: identity theft. As the joblessness rate soars, scammers are ginning up fake Web sites or posing as recruiters to trick job seekers into giving up sensitive personal information. Corneilus Allison became a potential target after he applied for a position at Aetna (AET) in January, court documents show. In hopes of securing a position at the insurer, he entered required personal information into Aetna's job Web site. In May he received a response-but it wasn't an offer of employment. Aetna instead told him that his personal information, including his Social Security number, might have been compromised. Hackers had found their way into Aetna's job application site, managed by an outside vendor, nabbed e-mail addresses of job seekers, and sent correspondence as if from Aetna asking for additional personal information.

Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket. DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. In late 2006, Mularski, who had risen through the ranks using the name Master Splynter, had just been made administrator of the site. Mularski not only had control over the technical data available there, but he had the power to make or break up-and-coming identity thieves by granting them access to the site. And not everybody was happy with the arrangement. A hacker named Iceman -- authorities say he was actually San Francisco resident Max Butler -- who ran a competing Web site, was saying that Mularski wasn't the Polish spammer he claimed to be. According to Iceman, Master Splynter was really an agent for the U.S. Federal Bureau of Investigation. Iceman had some evidence to back up his claim but couldn't prove anything conclusively. At the time, every other administrator on the site was being accused of being a federal agent, and Iceman had credibility problems of his own. He had just hacked DarkMarket and three other carder forums in an aggressive play at seizing control of the entire black market for stolen credit card information. ....In the end they would regret that decision. Iceman was right

Behavioral targeting is not bad as a concept but advertisers would have the public opt-in by default without knowing what is being collected and what it is being used for. On the other hand not many in the public seem very concerned about this subject.

The Internet contributes about US$300 billion a year to the U.S. economy, and U.S. lawmakers should be careful about tinkering with the advertising-supported Internet content model in the name of privacy, the Interactive Advertising Bureau (IAB) said. An IAB-commissioned study by two Harvard University professors, released Wednesday, found that 1.2 million U.S. residents are directly employed in Internet-related jobs, and another 1.9 million U.S. jobs support those Internet workers. IAB released the study Wednesday, as 30 publishers of small Web sites converged on Washington, D.C., to urge U.S. lawmakers to avoid passing legislation that would harm their ad-supported business models. Chief among those publishers' concern was talk in the U.S. Congress about requiring Web sites to gain opt-in permission from users before tracking their Web habits as a way to deliver personalized advertising to them. Many users wouldn't give the permission, and without offering targeted advertising, many small Web sites could fold, some small publishers said. Small Web publishers and sellers "are the face of small business" in the U.S. in recent years, said Susan Martin, publisher of Ikeafans.com, a home improvement site.

Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work. The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence. The information does not include Social Security numbers, which Monster.com said it doesn't collect, or resumes. Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday. USAJobs.com, the U.S. government Web site for federal jobs, is hosted by Monster.com and was also subject to the data theft. USAJobs.com also posted a warning about the breach. Monster.com has been checking for misuse of the stolen information but hasn't yet found any, it said. It has made changes since discovering the break-in but won't discuss them because it doesn't discuss security procedures publicly and because it is still investigating the incident, Richardson said. She also would not disclose the volume of data stolen, but said the company decided it would be prudent to alert all of its users via its Web site.

Now that behavioral targeting has become more pervasive (and more effective), it is being talked about not only by publishers and advertisers, but also by privacy advocates -- organizations like the NAI and IAB and, in Washington, the FTC. At issue is if BT players are doing enough to disclosure to consumers how BT works and offering them the opportunity to opt out of being tracked by BT vendors and publishers. There has been much discussion about how to regulate behavioral marketers; but no solution that satisfies everyone. The BT industry so far has contended that website privacy policies are sufficient disclosure since many of them contain links to opts out opportunities like the NAI site. Google and Bluekai have announced 'preference pages' or registries that allow Web users to say what type of BT they are interested in receiving. But, the other, more common option is to put that information in the Privacy Policy of the site. But the problem with that is that no matter where disclosures are placed on the service provider's site, most people won't ever see them. How will a customer visiting Retail SiteX know that Company Y is going to use their browsing behavior to later display relevant ads to them as they surf the Web on Network Z? The average customer won't. The only way a customer will know what forms of BT advertisers are using is if the advertisers themselves tell them. I think that it's time for advertisers to step up in this privacy debate. Thus far the pressure for disclosure has been placed on networks, behavioral marketing providers and publishers. The key players in those industries have done a good job of becoming more transparent (though there is still work ahead of us), while advertisers haven't been asked to do anything. Advertisers are clearly benefiting from behavioral marketing, and its time they disclosed what type of behavioral marketing they participate in, and allow customers to opt-out. How they do this is open for discussion: Tag each

A majority of business executives believe that they have a right to know what their employees are doing on social-networking sites, but most workers say it's none of their bosses' business, according to a new survey by Deloitte. The survey was conducted in April with about 2,000 U.S. adults. Of the 500 respondents with managerial job titles (vice president, CIO, partner, board member, etc.), 299, or 60%, agreed that businesses have a right to know how employees portray themselves or their companies on sites like Facebook and MySpace. But 53% of employee respondents said their profiles are none of their employers' business, and 61% said that they wouldn't change what they were doing online even if their boss was monitoring their activities. That disagreement, says Sharon Allen, chairman of Deloitte's board and the sponsor of the survey, is one that companies need to address, particularly as these sites have become part of younger workers' lives. "It does, in fact, tee up the challenging debate or discussion that needs to take place to try to resolve both of their concerns," she said. Few businesses are having that conversation, according to the survey, though many executives indicated that it was on their minds. When asked what their company's policy was regarding social-networking use, roughly a quarter (26%) of employees said they knew of specific guidelines as to what they could and couldn't post. Similar numbers said their office didn't have a policy or they didn't know if their company had a policy - 23% and 24%, respectively.

A Swiss insurance worker lost her job after surfing popular social network site Facebook while off sick, her employer said Friday. The woman said she could not work in front of a computer as she needed to lie in the dark but was then seen to be active on Facebook, which insurer Nationale Suisse said in a statement had destroyed its trust in the employee. "This abuse of trust, rather than the activity on Facebook, led to the ending of the work contract," it said. The unnamed woman told the 20 Minuten daily she had been surfing Facebook in bed on her iPhone and accused her employer of spying on her and other employees by sending a mysterious friend request which allows access to personal online activity. Nationale Suisse rejected the accusation of spying and said the employee's Facebook activity had been stumbled across by a colleague in November, before use of the social network site was blocked in the company.

On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account. The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws. "This is something new to us, fortunately, but we have responsibilities under Maine statute to report these things to our customers and employees," said the company's president, John Peters, in an interview with Security Fix. At least 44 other states and the District of Columbia have similar data breach notification laws. Sometime prior to September, attackers planted keystroke logging malware on Downeast's computer systems, and stole the credentials the company uses to manage its bank accounts online. Then, on or around Sept. 2, the hackers used that access to initiate a series of sub-$10,000 money transfers out of the company's account to at least 20 individuals around the United States who had no prior business with Downeast Energy. This type of crime is impossible without the cooperation of so-called "money mules," willing or unwitting individuals typically hired via Internet job search Web sites to act as "local agents" or "financial agents" responsible for moving money on behalf of a generic-sounding international corporation, legal experts say.The mules are then instructed to withdraw the cash and wire it via Western Union or Moneygram to fraud gangs overseas, typically in Eastern Europe.

"Madison Avenue has joined forces with Internet companies in a last-ditch attempt to stop privacy regulations over the $29 billion online-ad industry. The industry is finalizing an ad campaign to educate consumers about how digital advertising works, creating an icon that would appear on Web pages or ads alerting consumers if their activity is being tracked and deploying new technologies to police the Web for illegal activities. At issue is the practice of tracking consumers' Web activities - from the searches they make to the sites they visit and the products they buy - for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers' Web activities and creating a simple way consumers can opt out of being tracked. Meanwhile, scrutiny in Washington continues to build. Lawmakers and regulators have broadened their scope beyond the Internet and are starting to examine privacy practices for a wider swath of media and technologies, from mobile phones and newfangled interactive TV commercials to telephone pitches and the advertisements consumers receive in their mailboxes."

"The number of fraudulent IRS websites taken down in 2008 soared to 3,030, up more than 240 percent from 2007, according to a GAO analysis of Internal Revenue Service data, suggesting a sharp increase by criminals to draw unassuming taxpayers to faux tax agency websites to steal identities and money. In a Government Accountability Office audit, made public Thursday, the GAO credited the IRS for implementing programs to prevent, detect and resolve identity theft, but said the tax agency needs to do a better job in assessing the effectiveness of its initiatives. And, as it relates to potential online abuse, the IRS should be more consistent in enforcing security controls. "

Links to information about the companies that are watching what you click and browse.

Who's watching while you visit that job hunting, porn or shopping site?