Tag Archives: rippoffreport

671 Percent Increase in Malicious Web Sites

Malicious websites grew 233% in the last six months and 671% in the last year, stares Websense Security Labs. This was partly because of the spread  Gumblar, Beladen and Nine Ball attacks which aimed to compromise trusted and known Web sites.

Web 2.0 sites are the worst effected target as 95% of blog comments, chat rooms and message boards are malicious.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web” said Websense Chief Technology Officer Dan Hubbard “and have heightened their attacks on popular Web 2.0 sites.”

The top 100 most visited Web properties, which are “Social Networking” or “Search” sites states Websense.

77% of sites with malicious code are legitimate sites have been compromised by fraudsters exploiting the inherent trust in a business.

61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims to malicious sites.

The term ”malicious” typically refers to links that have specific, hidden exploits that target a user’s computer.

The next million most visited sites are primarily current event and news sites and are more regionaland genre-focused.

37 percent of malicious Web attacks included data-stealing code, 57 percent of data-stealing attacks are conducted over the web in the first half of 2009.

85.6% of all unwanted emails contained links to spam and/or malicious Web sites and 57% of data-stealing attacks are conducted over the Web. In June virus infected emails rose 600% over May.

An analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs bi-annual “State of Internet Security” report.

Daily Websense® Security Labs™ Websense ThreatSeeker™ Network parses more than one billion pieces

of content and over 40 million websites hourly for malicious code and ten million emails. The Websense ThreatSeeker Network uses more than 50 million real-time data collecting systems.

YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks. Hate or militant content on Facebook and other popular Web 2.0 sites like YouTube, Yahoo! Groups and Google Groups.

Cyber terrorism (militancy and extremists Web sites)  increased 326 percent increase in increased 326% from January through May 2009 over the same period in 2008.

Websense tracks about15,000 hate and militancy sites, with 1,000 added in he first six months of this year.

78 percent of new Web pages discovered in the first half of 2009 with objectionable content (e.g. Sex, Adult Content, Gambling, Drugs)  and  69 percent of all Web pages with any objectionable content link served malicious content.

Sex, advertisements, business and economy, IT, and travel made up the most commonly

compromised categories of Web content. 50 percent of Web pages with a link categorized as “Sex” also have at least one malicious link.

The three most popular topics for spam remained shopping (28 percent), cosmetics (18.4 percent) and

medical (11.9 percent.)  However, over the last six months, education accounted 9.5 percent of spam.

and could be attributed to the recession.

“Spammers have been targeting the unemployed who are looking to re-train or gain qualifications to help their job prospects” states Websense.

Phishing Scams and your bank

phishing

“Your information security program is only as strong as your weakest link” said  Linda McGlasson of Bank Info Security.

“That weakest link is your customer or your employee sitting at a screen, deciding whether to click on that link that popped up in their instant messaging screen, or direct message box on Twitter, or visit that site that offers free ringtones (and malware as a bonus).“

Recently 10 US financial institutions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.

On September 28, 2009, the 1st Federal Credit Union of central Pennsylvania reported that it received calls from customers about text messages claiming that their cards were blocked.

Similarly on October 2 phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated. Inclded were instructions to call an 877 number to reactivate it. At least one customer lost several hundred dollars.

“Once he changed his PIN, somebody went in and withdrew the money,” said Richard Patterson, president of Greater Omaha Federal Credit Union.

A very convincing automated phone call phishing scam directly named the Liberty Bank.

“Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department” the recording, before liting an impressive array of details designed to sound official.

Customers who pressed “1” were asked to enter their credit/debit card number and personal identification number.

“There will be some losses,” Liberty Bank Vice President Jill Hitchman said. “Charges started showing up almost immediately after our customers gave away their card numbers.”

Of course, Liberty responsibly warns its customers to “never reply to email, pop-up messages or phone callers that ask for your personal or financial information. LIBERTY BANK WILL NEVER ask you to disclose your password or pin”.

Spam works because about one out of six respond to messages suspect are spam survey data by the Messaging Anti-Abuse Working Group, an anti-spam trade organization (MAAWG).

A record five million new malware threats were detected in third quarter of 2009 according to the Cloud Security firm, Panda Security. Trojans accounted for 71 percent of all new malware between July and September 2009s bots and other malware are morphing rapidly.

Globally 59% of computers are infected  states Panda.

Obviously we need to keep our viral security up to date. This is why Bank Info Security recommends regular, preferably quarterly, programs to remind their customers of secure banking practices.

The problem is that people are the weakest lin. Even normally cautious people may once in a while press a link they normally would ignore.

Since, most of us are not rocket scientists perhaps give oursleves a reality check. Perhaps we should put ourselves through a similar audit of our email and web habits.

People need to be trained to obtain a drivers license so perhaps we need to begin to train people in the rules of internet safety said Linda McGlasson.

She suggests the first very basic tips:

  • Keep your operating system up to date with the latest patches;
  • Update your anti-virus and anti-spyware regularly, if not daily;
  • Install a firewall on your PC;
  • Don’t click on links in emails that are from unknown origins (or known origins for that matter).

Malware Pandemic

A record five million new malware threats were detected in third quarter of 2009 according to the Cloud Security firm, Panda Security.
Trojans accounted for 71 percent of all new malware between July and September 2009. Adware (13 percent) and spyware (9 percent) have also all increased, while traditional viruses and worms have decreased to 2 percent of the total.

SAdly, thw weak lin is still the individual user who fails to apply basic net safety rules or applies commonsense when an impressive sounding phishing scam asks for bank details.

malware detected

PandaLabs has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
The global infection rate on computers rose to 59% states Panda Security. Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
“This is a clear sign that hackers are becoming more and more sophisticated,” said Corrons.
“Cybercriminals have found news ways to spread their creations, frequently exploiting the latest news stories to launch attacks through social networks, videos, and email. The huge amount of Trojans in circulation is due to the spectacular increase in the number of banker Trojans aimed at stealing user data.”
The global infection rate on computers rose to 59% states Panda Security.  Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

infected PCs

Cybercrime Hits Smaller Business

security1

Heartland Payment Systems, Radisson Hotels and Network Solutions have made news because of data breaches. In 2008 285 million records were compromised according to the 2009 Data Breach Investigations Report by the Verizon Business Investigative Response Team.

However, the Federal Deposit Insurance corporation (FDIC) reports that online crime is attacking small and medium sized businesses and fraudulently draining funds from their bank accounts.

In a recent podcast with Doug Johnson Senior Policy Analyst for the American Bankers Association noted that although it is hard “get a fix on the exact number” “law enforcement and institutions have really seen the exploit migrate from large businesses to small businesses”.

Smaller businesses may not be aware of this type of fraud or know how to protect themselves.

Johnson recommends authentication at the business customer level and educating customers about how to protect themselves.

“It starts very cagily by the fraudsters, mostly from Eastern Europe, doing some social intelligence associated with the business” said Johnson “ so they might know who the CFO is, or they might know who someone in HR is or what have you, or in IT.”

“Then they will send an email, which might be a Microsoft update for instance, or some other thing, which that particular individual would be aware of. The CFO might get something that purportedly is coming from the Better Business Bureau, for instance, things of that nature.”

In other words, an email that looks legitimate or expected may be a bait.

security-breach

Recently, the Rippoff Report pointed out that Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

As technology improves judging an email on visual clues can be problematic.  Businesses obviously need to avoid clicking links in these emails.

“I think that it is not unusual for business customers to in their busy day not even think about the emails that they are clicking on” he said.

Chris Novak, managing principal at Verizon Business Investigative Response Team describes online security as a “kind of cat and mouse game “ requiring vigilance over a continually evolving threat.

Mr Novak has investigated criminal and civil data breaches for over a decade.

“I think the biggest thing is the evolution of malware. We are seeing that the malware is getting more advanced, and the hackers — particularly the organized crime groups – they actually have development teams” he said.

“Some of the malware is purposely built just for one specific victim environment, and the hackers have the capability to do that.”

Novak expresses concern that people think there are just a few types of malware that viral protection can handle.

“Malware is evolving rapidly with added capabilities that may frighten some people he said.

“The key piece if really making sure that you stay up on the latest and greatest threat information to know what you need to do protect yourself.”

Fortunately the recent big name security breaches demonstrated that event monitoring and log analysis revealed what was happening in 82% of cases. To be effective this requires a combination of people, processes and technology.

Novak expressed concern that people have developed an over reliance on technology.

“The problem with a lot of that is, like most technology, it is pre-configured to understand certain things and detect certain threats, but for the most part it is based on what’s been programmed into and how it has been configured.”

“In a lot of cases, you need a backup to technology of those appliances with people resources that can look at it and kind of do sanity check on it and say ‘You know what, this doesn’t look right. Someone logged into their bank account 7000 times today, and that is probably a problem.’ Sometimes the technology picks up things like that, and sometimes it doesn’t.”

Data can be moved in and out of an environment so quickly, which is why monitoring is so important.

“The biggest breaches that we’ve ever investigated took place in 24-to-48 hours. That’s all the hacker needed, depending on how organized they were.”

Why Does Spam Work?

The cost of spam

Spam works because about one out of six respond to messages suspect are spam survey data by the Messaging Anti-Abuse Working Group, an anti-spam trade organization (MAAWG).

Although, about 17% admitted it was a mistake, curiosity seems to play into the hands of spammers. Twelve percent were interested in the product or service, and 13% don’t know why they acted on the message. Six percent “wanted to see what would happen.”

The survey of 800 people in the U.S. and Canada who admitted they were not ‘internet experts’ about 80 percent of users doubted their computers were at risk of ever being infected with a “bot.” This is alarming as covertly planted viruses capable of sending spam are responsible for generating much of today’s illegitimate email.

The problem is not limited to email spam. In a recent banking phishing spam atcacking LibertyBank, an automated phone message claimed”Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department.”

Customers who pressed “1” were asked to enter their credit/debit card number and personal identification number. Sadly people fell for it.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection” said MAAWG Chair Michael O’Reirdan.

“Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems.”

“Bots, or malware running on users’ computers without their knowledge, are responsible for generating up to 90 percent of spam and can also be used to steal personal information or take part in DDOS (distributed denial of service) attacks” states MAAWG.  cmsconnect.com  estimates the lost time to be nearly 50 hours per employee and almost $1000 per person per year.

Spam is now major bandwidth gobbling headache for service providers and the growing problem of bot infestations contributing to spam, identity theft and online fraud.

No longer is a spammer the seedy lone money grabbing sneak hiding in the attic. In 2007 “a flood of junk messages was thrown at the e-mail server of the [Estonian] Parliament, shutting it down.” This is why a CMS white paper reccommended country of origin email filtering to reduce spam 50-80%.

As spammers use automated systems to constantly collect email addresses, 24 hours a day and 365 days a year it sometimes seems you are doomed to receive a pile of email 95% promoting MLM and the rest suggesting have such a low IQ that you will give your bank details to a non entity at the north pole.

“Spam is also getting globalised as Brazil, Russia, India and China are among the biggest emerging broadband markets worldwide and as such offer a tremendous opportunity for cybercrime ” states Emirates Business 24/7.

Most  users are familiar with general email-based threats but not necessarily proactively protecting themselves sufficiently.

How will we stop spam when we are such easy targets? Even though 12% claimed they were “very” or “somewhat” experienced with Internet security opened spam before deleting it, while 11% called themselves inexperienced who also opened spam.

Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

About two-thirds considered themselves “very” or “somewhat” knowledgeable in Internet security. While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no preventative anti spam measures.

Yet, 12% of respondents who indicated they were “very” or “somewhat” experienced with Internet security opened spam before deleting it, compared with only 11% of respondents who called themselves inexperienced who did the same.

63 percent would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

Industry analyst Ferris Research, Inc., suggested network operators offer remote bot mitigation capabilities to differentiate their services from competitors. They also suggest refining spam filters based on the specific patterns revealed by the study.

For example, the MAAWG survey found that users between the ages of 24 and 44 are more likely to use email for banking and bill statements, so industry vendors might focus on preventing phishing spam for these consumers.

To combat bot infestations has released a series of strategies used by some of the largest ISP network operators or Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks (Version 1.0).

The report recommends:

  • While protecting users’ privacy, network operators can use tools to detect infected end-user computers, including DNS, scanning the IP space to identify vulnerable computers, and collecting IP traffic information for known command and control addresses.
  • Email, phone calls to customers, postal mail and walled gardens are common notification tools.. In-browser messages are considered to be among the most effective methods to alert customers but also can be technically challenging to implement.
  • ISPs need to maintain a well-publicized security portal that includes directions for end-user bot removal.

“Bots are a global affliction and these best practices are an important step in educating the industry on the appropriate processes to help protect consumers” said Michael O’Reirdan.

“We’re sharing the experiences of our global membership so that network operators everywhere can more aggressively tackle this problem”

Identity Fraud Rapidly Increasing

070124_myspace_account_id

With the rise and spread of globalisation, identity fraud has become one of the fastest growing crimes in the world reports the Australian government sponsored National Crime Prevention Program

“The misuse of false or stolen identities underpins terrorist and criminal activity” states the Australian Government Attorney-General’s Department.

“ It also undermines border and citizenship controls and efforts to combat the financing of crime and terrorism”.

International e-criminals have exploited the rapid change in internet access, telecommunications and technology. Simultaneously, Market deregulation has challenged the role of national boundaries and been a problem for regulators.

The criminals stored much of their data on computer servers in Latvia and Ukraine, and purchased blank debit and credit cards from confederates in China, which they imprinted with some of the stolen numbers for use in cash machines, investigators say.

[Global Trail of an Online Crime Ring – NYTimes.com

The scope of the problem was revealed in August 2009 when a former US government informant and two unnamed Russians were indicted for 130 million credit and debit card numbers.

The five corporate data breaches effected Heartland Payment Systems and retail chains 7-Eleven Inc and Hannaford Brothers Co between 2006 and 2008.

So if the big guys can’t protect your card details, what hope have you of protecting your digital identity?

The research body Gartner, stated that from mid-2005 until mid-2006, about 15 million Americans were victims of identity theft  related up over 50 percent from the 9.9 million in 2003.

Also, the Timesonline revealed that four million British identities are up for sale on the internet.

“Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs are available to the highest bidder” states the times.

Identity fraud in Australia has been estimated at $1.1 billion for 2001-02. However, this figure does not take into account the non-financial costs to organizations or victims, nor the amount of undetected identity fraud.

Yet According to ID-Theft Protect 90% of people do not check all the transactions on their bank or credit card statements.

“Internet users in Britain are more likely to fall victim to identity theft than their peers elsewhere in Europe and North America. In a recent survey of 6,000 online shoppers in six countries by PayPal and Ipsos Research, 14% of respondents in Britain said that they have had their identities stolen online, compared with only 3% in Germany.”

–          Where your identity is more likely to be stolen- Online fraud – The Economist

Types of Identity Theft

Financial identity theft

  1. The Victims account is accessed by a criminal who obtains unauthorized access details to your account and undertakes financial transaction in your name.
  2. A new account is created using false or a stolen identity. With a stolen ID a criminal may exploit the good someone’s good credit history to obtain funds or to obtain a checking account.

Identity cloning

A criminal who is ‘on the run’ from police may impersonate another person to conceal their true identity. This may continue for undetected for years and may not involve financial fraud. It is not in the criminals interest for the false ID to gain police attention.

A variation called Criminal Identity Theft occurs when a criminal, perhaps charged  by police, identifies himself under the assumed identity. A victim then find that their drivers license has been revoked, a warrant has been issued in their name or they fail a background check by performed by an employer.

This can cause a lot of long term problem. Not only do you need to clear identity from any false information, you may find you have an incorrect criminal record. Court records may have to expunged. Even after police and court records are corrected police may record your identity in case of false aliases. Data aggregators, organization like Acxiom and ChoicePoint that complie public record data for resale may still have incorrect data. This can result in backgroud checks giving false information.

Synthetic identity theft

Synthetic Identity Theft is the  complete or partial fabrication of an ID.Commonly a real social security or credit card number are combined with the name and birthdate of someone else.

Medical identity theft

Medical identity theft occurs medical service or products are purchases using a false ID.

“Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name” states the site www.fightidentitytheft.com

Social networking sites as a source of identity Fraud

The social network site Tagged was accused of sending e-mails to people saying that members of the site had tagged them in photos that did not exist. The state of New York, Office of the Attorney General alleges Tagged then raided their private accounts.

“This company stole the address books and identities of millions of people,” New York’s Attorney General, Andrew Cuomo said.

“Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their e-mail contacts for Tagged’s unethical – and illegal – behavior. This very virulent form of spam is the online equivalent of breaking into a home, stealing address books and sending phony mail to all of an individual’s personal contacts. We would never accept this behavior in the real world, and we cannot accept it online.”

Mr Coumo intends to sue the company “for deceptive e-mail marketing practices and invasion of privacy”.

Tagged CEO Greg Tseng stated “Simply put, it was too easy for people to quickly go through the registration process and unintentionally invite all their contacts.” He stated that “some complained that our invitation confirmation language was confusing” and that the company ‘hit the pause button’ on the testing the new registration process.

There is nothing new in sites asking you to invite your friends. Twitter, LinkedIn and Facebook do it all the time. Tagged is accused of deceptive marketing because there were no tagged images .

This technique has been used to more sinister effect. I was tricked into signing into what I believed was my web server account. I was then bombarded by several hundred megabytes of returned email messages for an email I had allegedly been sending.

Besides hurting my pride, it sorted out who my real friends were.

Giving away your identity is like handing over your credit card to a stranger.

What about your email? Identity Theft Expert, Robert Siciliano warns advises you be convinced a company is 100% legitimate before you hand over your login credentials.

“When you have web based cloud accounts that contain email and also have proprietary documents or files within that account never give that data to any company” he said.

  1. As discussed in What to Do If Your Credit Card Is Stolen? if you are effected immediately contact your credit and ID card providers.
  2. In the United States you follow the instructions for your state at consumersunion.org. Have your credit card frozen  or obtain a  “security freeze.” This will prevent new accounts from being opened in your name.
  3. You may consider an Identity Protection service like Intelius Identity Theft Protection.
  4. Monitor the benefits claimed on your service accounts and your health insurance providers.
  5. Correct erroneous and false information in your file
  6. Keep an eye on your credit report.

What to Do If Your Credit Card Is Stolen?

Credit card

Don’t panic! Your card is stolen, who knows how many charges have been placed on it and you know you need to protect yourself. But how?

According to the US Federal Trade Commission credit card fraud rose 21 % accounting for 35% of fraud complaints and cost the United Kingdom an estimated £535 million, (US$750–830 million) in 2006.

What do you do if your credit card or wallet is stolen?

There is no need to panic. Most credit cards offer protection from fraudulent charges made by unscrupulous thieves. Check your credit card statement and find the contact number provided for lost or stolen credit cards.

However, lets simplify a few  easy steps to lessen the trauma:

What to Do Now

Credit card security starts with the present- before there is a problem. Keep a record of all your credit cards, licenses, ID’s and Tax File numbers in a secure location. Also keep a copy of the credit card companies contact detailsso you can quickly ring in an emergency. Some suggest you photocopy both sides of your cards so there are no errors in transcribing the details.

You may want to revisit How To Protect yourself from Credit Card Fraud for a few helpful tips.

You may also consider joining a credit card registration service for an annual fee you can register all your cards. This way you only need to ring one company if you lose multiple card. Many registration services will also request replacement credit cards in your behalf. However these services can be costly, and the benefits vary between services. You must also ensure that the fee is always kept up to date.

Contact the Company Immediately

Contact the credit card company immediately. Most companies have a 24 hour toll free number to report lost cards. Record the name of each company representative you speak with along with the date and time of the call.

It is recommended you write a follow up letter explaining the incident and confirming the telephone contact. This doubly ensures there is a record of your communication on file. Include in the letter a summary of the telephone conversation, including your name, the name of the person you spoke too, account number, when you noticed that your card was missing,  and the date and time you first reported the missing card.

Although many credit card companies allow a 60-day grace period for reporting lost or stolen cards, the quicker you act the easier it is to gain control of the situation. As soon as you are sure the card is not sitting in your suit pocket call immediately.

The credit card company will prevent further charges being made on the card. However, if you have online bills or monthly utility charges linked to the account you may be able to have them continue if you notify the company in the first month while you wait for a new credit card. It is best you discuss this with the company and not assume your utilities will be paid.

If it is important to have the new cards as soon as possible, some companies may expedite delivery via courier at no charge. Reports suggest that some companies like Citibank and American Express may even contact you if suspicious charges are being made on your card to confirm if they were made by you.

The credit card company will probably contact you and review what recent charges were made by you. Many companies will require you to sign an affidavit stating that the charges were not made by you.

Contact Credit Reporting Agencies

Contact your national credit-reporting agencies to report the theft, and ask them to attach a ‘fraud alert’ to all your credit cards.

In the United States there are three agencies to contact:

Equifax: 1-800-525-6285

Experian (formerly TRW): 1-888-397-3742

Trans Union: 1-800-680-7289

For a list of international Credit Reporting Agencies click here.

stolen credit card

Contact other ID card providers

If your social security card, drivers license or other ID’s are missing contact the card providers to ensure your identity is not being used fraudulently.

Contact the Police

Finally, report the police in the jurisdiction or district where the  credit card was stolen to report the theft.

The ease at which a purchase can be swiped has made credit cards a major part of daily life. It is that ease which makes then a target for thieves.