A couple of new financial scams

First up, real estate and title companies are getting hit, it sounds like malware performing a man in the middle attack. Clients who are transferring earnest money electronically where the destination bank info to where the money is being sent is changed, and said earnest money is being sent directly to the criminals: do not pass go, crooks collect $20,000. The key to preventing this would be to get the money guy to send the bank information via hard copy, take said hard copy to your bank, then have them verify the target account before transmitting.

http://krebsonsecurity.com/2014/04/phishers-divert-home-loan-earnest-money/


Next up: I've written about fraudulently-filed tax returns before. Well, it's hit doctors and clinicians pretty bad, several hundred have had their returns usurped. It looks like a big data aggregater was probably compromised, resulting in the lose of a lot of professional's information, probably someone on par with the American Medical Association, not that I'm saying it's the AMA, I don't see the AMA collecting things like SSNs and dependent info. Could have been some state boards that were hit, or maybe lots of clinics are using the same clinic management software and they got compromised at the vendor level. Time will tell what happened.

http://krebsonsecurity.com/2014/04/states-spike-in-tax-fraud-against-doctors/

Gotta love Yahoo's password change mechanism!

So Yahoo was affected by the Heartbleed bug and unsurprisingly seems not inclined to talk about it or force/suggest a password change. So I decided to change my password in advance.

My password methodology for certain accounts is to use a keyword plus a signifier, two words, let's call it A + B. I wanted to change it to C + A + B so it would be easy to remember. Yahoo said nyet, it's TOO CLOSE to my original password. The password change form asks you for your current password, then enter the new password twice. Your password is compared, in your device's memory, using some algorithm which didn't like my scheme. So I changed it to an expletive starting with an F, which Yahoo accepted. Then I did a second change from F... to C + A + B.

Mission finally accomplished.