Credit card insecurity

Over the holidays, I did a huge portion of my shopping online.
This year, I noticed it wasn't enough to simply type my credit card number into the browser at J. Crew or GapKids or whatever secure site I was patronizing. They all wanted the three-digit security code off the back of my MasterCard as well. I gave it up willingly.
But a warning issued recently from the New York State Banking Department got me thinking twice. It cautioned about a new scam in which this code is the key.
Here's how it works: Scammers, who have already obtained your credit card number in other ways, call your house pretending to be the fraud and security department of your credit card company.

New York Daily News - Home - Credit card insecurity

As lawmakers dither, identity-theft victim remains trapped in long nightmare - Technology

NEW YORK As members of Congress continue to dither over legislation concerning data security, consumers' rights and identity theft nearly a full year after the ChoicePoint debacle, perhaps they should meet Raymond Lorenz.

In the early 1990s, someone ran amok using Lorenzo's identity. It was used to rack up tens of thousands of dollars in fraudulent credit card debt. It was given to the police after various traffic violations. And a man even used the name Raymond Lorenzo when he was arrested and indicted in 1991 in Suffolk County, New York, for, among other things, burglary, forgery and criminal possession of a weapon

As lawmakers dither, identity-theft victim remains trapped in long nightmare - Technology - International Herald Tribune

Spear phishers target eBay

Security researchers have uncovered a campaign of targeted spam messages that seek to defraud eBay sellers. Cybercrooks are targeting eBay sellers by sending forged auction inquires from what appears to be eBay's "Question from eBay Member" message portal, according to US-based security reseller Greenview Data, which markets the SpamStopsHere junk mail filtering service.
The junk mail messages seek to dupe account holders into following a "Respond Now" link button in the email which directs users to a fraudulent eBay login screen. Once the seller has entered their login information, fraudsters "hijack" the seller's account and steal their identity...

Spear phishers target eBay - Yahoo! News UK

Sad State of Data Security

How does this keep happening? Companies have been publicly humiliated, slapped with audits, and threatened with prosecution, but sensitive personal data continues to be compromised. The U.S. Department of Justice is the latest to demonstrate its information-security incompetence. The mistake: exposing Social Security numbers on its Web site.
It's the IT problem that just won't go away. From the time early last year that ChoicePoint Inc. admitted it had been duped into revealing personal data to identity thieves, dozens of other businesses, government agencies and schools have followed with their own admissions of ineptitude. In most cases, victims can't do much more than keep a watchful eye on their financial statements and credit reports -- and hope for the best. Not surprisingly, fraud is on the rise and consumer confidence is on the decline...

Sad State of Data Security

Mobile malware, phishing activities to surge in 2006

VIRUS writers have found a new playground: the extremely pervasive mobile phones.
According to the McAfee AVERT (Anti-Virus and Emergency Response Team) Labs, the rapid evolution of smartphone technology and the growing use of converged mobile devices will fuel the rise in the number of mobile malware in 2006.
Mobile phone viruses would be particularly prevalent this year as virus writers take advantage of the proliferation of mobile devices and the fact that users were less likely to install mobile security solutions, the antivirus firm said.
The perception that the threat of mobile malware was much less than that of its PC counterpart would encourage virus writers to come up with even more sophisticated threats, the McAfee AVERT Labs added.

Mobile malware, phishing activities to surge in 2006 - INQ7.net

Identity Theft Laws Elevate Security to the C-Level

What do Time Warner, Lexis-Nexis, ADP, and Bank of America all have in common? They all suffered breaches in customer data security in 2005, and the incidents all fueled calls for federal legislation that could lead to onerous security demands on organizations holding consumer information. Even if legislators show restraint in demanding new controls, it's time for corporations to create C-level security positions.
Security breaches now lead to high-profile public disclosures thanks to state laws such as California's Security Breach Information Act (SP 1386) and Washington's "Breach Disclosure" law (SB 6043), which require that consumers in those states be notified when their personal data is compromised. With other states eyeing similar bills, some in Congress say it's time for a nationwide approach-an outcome business might favor, too, as long as the law isn't too demanding.

Compliance Pipeline Identity Theft Laws Elevate Security to the C-Level

Financial institutions set dubious record for ID theft

A final flurry of computer security breaches marked the end of 2005 -- an unfortunate but not surprising end to a record year for potential identity-theft activity.From banks and hospitals to government agencies, almost 100 breaches were reported in 2005, including a half-dozen in December alone, according to the Privacy Rights Clearinghouse, a nonprofit watchdog group in California.Major institutions such as Bank of America and the Federal Deposit Insurance Corp. were victimized, as were little-known data-technology outfits such as Georgia-based ChoicePoint and CardSystems Solutions Inc.


Financial institutions set dubious record for ID theft - OrlandoSentinel.com: Business

Evonne Williams sentenced

A Cicero woman will spend 2 to 4 years in state prison after pleading guilty to the identity theft of 16 people. Prosecutors say Evonne Williams had access to credit card information through her employer, Padcare, INC. in DeWitt. In addition to prison time, Williams must pay just under $16,000 in restitution and receive treatment for a drug problem.

News 10 Now 24 Hour Local News TOP STORIES Evonne Williams sentenced

Attack Vulnerability Worries Windows Users

"Current WMF activity has already risen to levels similar to that of the emerging zero-day attacks against Internet Explorer in the fall of 2003," said Ken Dunham, senior engineer at iDefense. "In that situation, attacks skyrocketed over a one month period, which is highly likely for the existing WMF attacks in early 2006."

E-Commerce News: Security : Attack Vulnerability Worries Windows Users

An investigation into anti-spyware

A report by Mark Russinovich has raised serious concerns about the seedier side of anti-spyware. He investigated a number of programs that claimed to be spyware removal tools, and found that some of them not only do a poor job of detecting spyware, but may in fact be hazards themselves.

An investigation into anti-spyware

Windows PCs face 'huge' virus threat

Computer security experts were grappling with the threat of a new weakness in Microsoft's Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the world's biggest software company, whose Windows operating system is a favourite target for hackers

Windows PCs face 'huge' virus threat - Financial Times - MSNBC.com

Top 10 tips to keep that new computer spyware-free

Got a new computer for Christmas? Are you worried about all the spyware horror stories you've read? You should be. I've heard varying numbers, but it's said that putting an unprotected computer on a high-speed connection results in getting infected within a few minutes. I just read that the time is getting longer, but that's not much comfort. By all means you should have a router if you're on a high speed connection. A router provides some protection, but is only the beginning. Ok, now the new machine is booted up the first time and ready to go. It's on the net. In this order, here's what to do....

Top 10 tips to keep that new computer spyware-free Spyware Confidential ZDNet.com

New Attacks 'Spear' Credit Union CEOs

Malicious hackers are targeting CEOs of U.S. credit unions with phishing e-mails that try to take advantage of a recently patched Internet Explorer hole to compromise systems used by the credit unions, according to the Credit Union Information Security Professionals Association, a group of IT professionals who work at credit unions.

New Attacks 'Spear' Credit Union CEOs

Westpac targeted in latest spam attack -

OPINION
REVIEWS
RESOURCES
IT JOBS
Westpac targeted in latest spam attack
Email
Print
Normal font
Large font
January 4, 2006 - 11:21AM
AdvertisementAdvertisement
Australia is again being bombarded by a series of 'phishing' attacks by fraudsters sending malicious spam to email users, this time designed to steal personal banking details from Westpac customers.
But despite the high volume of fraudulent email being reported by customers, banks said there had been relatively little financial loss.
The latest spate of phishing attacks take the form of an official looking email that asks recipients to confirm security details for an account at one of three Australian banks.

Westpac targeted in latest spam attack - Breaking - Technology - smh.com.au

Local residents warned of phishing scam

It's called phishing, but it's not fun for consumers who find themselves on the end of the hook.Recently, Jefferson City citizens have been targets of the practice.Relying on fake e-mails, phishing is an Internet scam featuring links to what appears to be a bonafide Central Bank Web site. Complete with the official-looking dogwood logo, the e-mails warn that online home banking and bill paying services will be deactivated if the customer doesn't respond with the "requested information" soon.One woman recently was suckered. She reported the loss first to the bank and later to Jefferson City police.

Jefferson News Tribune

Phishing By The Numbers: 41,000 Blocked Sites in 2005

The Netcraft Toolbar has blocked more than 41,000 confirmed phishing URLs since its launch last Dec. 28. The volume of URLs increased throughout the year, from about 3,000 per month in June to 5,000-plus in September and more than 8,000 in October and November. With a year's worth of data in hand, an analysis of attacks illustrates common patterns and practices in the operation of phishing scams.

IT Observer Phishing By The Numbers: 41,000 Blocked Sites in 2005

EBay Users Hit by Mass Phishing Attacks

Popular online auction site eBay was the target for 96 percent of all UK phishing attacks in December, according to security specialists Fortinet.
Fraudsters seem to have anticipated the Christmas rush to use eBay to buy presents -- and sell unwanted ones -- and are targeting eBay users in a widespread assault.
Guillaume Lovet, Threat Response team leader at Fortinet, said: "One of the easiest and quickest ways to make money on the Internet is setting up an auction on eBay for a [bogus] item, cashing the money, then disappearing.


EBay Users Hit by Mass Phishing Attacks - NewsFactor Network

Computer security breaches raise identity theft concerns

Ames, Ia. — Karen Scoggin thought she could block identity thieves if she refused to carry credit cards.

Now she has to worry about how many people have their hands on her Social Security number.

Scoggin, who works at the Iowa State University Book Store, was one of about 3,000 ISU employees whose personal data might have been viewed by hackers who infiltrated two computers earlier this month.

DesMoinesRegister.com

Texas expands spyware lawsuit against Sony BMG

AUSTIN (AP) - Texas Attorney General Greg Abbott expanded his lawsuit against Sony BMG Music Entertainment on Wednesday, alleging that a second form of anti-piracy technology used by the label violates the state's spyware and deceptive trade practices laws.
Abbott sued Sony BMG in November, saying the world's second-largest music label surreptitiously included spyware on millions of CDs through technology known as XCP. That technology, included on 52 Sony BMG titles, could leave computers vulnerable to hackers, he said.

MercuryNews.com | 12/21/2005 | Texas expands spyware lawsuit against Sony BMG

Basic Rules Plus Common Sense Add Up to Security

For some people, the worst gift ever would be a new computer with an Internet connection. One embittered user wrote in October to say that he was "so frustrated with hackers, virus, Trojans, worms, constant upgrades, security patches, etc, etc." that he was going to suspend his Internet account.

I'm guessing that a new laptop wasn't on his wish list this year.


Basic Rules Plus Common Sense Add Up to Security

Internet users now part of phishing harvest

It takes just seconds, a few taps on the keyboard, a few clicks of the mouse, and Jason Thomas has launched a computer bug that harvests e-mail addresses. After a minute, he aborts the program and unveils the list of addresses he's collected. "It's very easy to do," he said. "And I'm no techie by any stretch of the imagination."

This is how phishing usually begins, with your e-mail address. Next comes an automated e-mail, sent by a spam generator, which instructs you to visit a fake Web site and "update your credit billing information" or "verify your PayPal login."

Then, if the scammer is lucky and you're not computer savvy, you hand over your name, credit-card number, and other personal data – a valuable bundle of information that's sold on the black market to someone who wants to steal your identity and your line of credit.


Northwest Herald - Online

Seniors urged to beware of newest phone scam

AUGUSTA (Dec 24): Maine Attorney General Steven Rowe, AARP Maine and TRIAD are warning senior consumers about potential fraud and identity theft by scam artists hoping to take advantage of the new Medicare-Part D Prescription Drug Benefit.

Beginning Jan. 2, 2006, the new, voluntary benefit will become available to Maine seniors with Medicare. Eighteen Medicare-approved private companies in Maine will provide this coverage, but there are already scams being reported across the country where someone offering to sell a benefit card contacts seniors either by telephone or in person.

VillageSoup - Government News - VillageSoup

Names leave no clus as to location

It's common knowledge that identity theft is a growing problem. But who would have expected it to rear its ugly head in high school sports.

Yet here we are with some of the newer co-ops and consolidations bearing names that provide nary a hint of their location.

Try Central Prairie on for size. Likewise, Dakota Prairie, the North Star Bearcats and the Northern Lights. One of those appellations narrows things down to one of two states. The other two merely cut the possibilites down to anywhere in the northern hemisphere.
Bismarck Tribune Online - Bismarck, ND

Christmas ruined by card fraudsters

A family of five had their Christmas ruined after they became the latest victims of identity card theft.

Debbie and Steven Grimshaw were unable to give each other Christmas presents after their account was cleaned out by crooks cloning credit cards.

The couple, who have three children under six, were devastated their festive funds had been taken and confused as to how the details were copied.

Norwich Evening News 24

Shredders -- Let it rip

NEW YORK (MONEY Magazine) - Everyone's been warned about identity theft. The idea that some hacker can snoop around your hard drive, obtain some account numbers and passwords, and clean out your funds has Americans reaching for the nearest Internet-security software.

However, it is far less likely that someone is going to break into your computer than it is that someone will sift through your garbage to get the same information.

One of the best ways to foil trash-picking identity thieves is to shred all sensitive documents before throwing them out. But which shredder to buy?


MONEY Magazine: Spend Tech: Shredders -- Let it rip - Oct. 21, 2005

Millions risk ID theft by failing to take action

MILLIONS of people are putting themselves at risk from identity theft by failing to take basic precautions to guard against the crime, research showed today.

One in four admits to not shredding personal documents, despite the fact that these could be used by criminals to apply for credit in their name.

Edinburgh Evening News - Business - Millions risk ID theft by failing to take action

Want to keep your computers functioning? Here are some tips:

It's the information technology manager's mandate to keep the computers and network running. Yet small business owners often get in his way. The following is a holiday wish list from tech support pros.

Practice safe computing.

Neil Fishman was in the home office of a client with a slow PC. Fishman is suspicious. He was here for the same problem the week before.

Fishman finds Internet worms, most likely from e-mail attachments. He finds 72 incidents of spyware, or software loaded when a user visits certain Web sites, including the online gambling sites the dad frequents.

Want to keep your computers functioning? Here are some tips: South Florida Sun-Sentinel

Rootkits, cybercrime and OneCare

The year in IT security
By John Leyden
Published Tuesday 27th December 2005 08:02 GMT
Get breaking Security news straight to your desktop - click here to find out how
2005 in review The year 2005 in net security will likely be remembered as the year of the Sony rootkit DRM controversy. In other ways the last 12 months continued the trend of profit becoming a primary driver for the creation of computer viruses. The last 12 months also witnessed a number of high-profile cybercrime prosecutions, including the sentencing of NetSky author Sven Jaschan.


Rootkits, cybercrime and OneCare | The Register

NAB customers baited in email scam [

ONLINE fraudsters have targeted National Australia Bank customers over Christmas with a flood of hoax emails designed to trick account holders into revealing their internet banking details.

NAB has called for help from the Federal Police's Australian High Tech Crime Centre to track the source of tens of thousands of hoax emails sent to internet users.

Known as "phishing", this type of scam is a major contributor to Australia's $1.2 billion online crime industry being operated by sophisticated organised crime networks, according to the Australian Computer Emergency Response Team (AusCERT), which tracks viruses, hacker attacks and online fraud.


The Sunday Mail QLD: NAB customers baited in email scam [27dec05]

Will Smith identity thief sent back to prison

PITTSBURGH - A man who stole actor Will Smith's identity to run up credit card debts is going back to prison for two years for violating probation, a judge ruled Tuesday.
Senior U.S. District Judge Alan N. Bloch concluded that Carlos Lomax, 45, formerly of Duquesne, was "not amenable" to probation, according to defense attorney Mark Lancaster.
Lomax has an earlier identity-theft conviction involving former Atlanta Hawks basketball player Steve Smith, now a TV commentator for the team.
Lomax was on probation after serving time for that crime - he ran up $81,000 on an American Express card in the basketball player's name - when he was arrested in the Will Smith case.

AP Wire | 12/27/2005 | Will Smith identity thief sent back to prison

Firms seek a US identity-theft law

Some of the companies facing criticism for letting consumer data fall into the hands of identity thieves are among the biggest backers of proposed federal rules to safeguard personal information.
The reason: The companies fear even tougher state rules.

Bills introduced in Congress after lapses at ChoicePoint Inc., LexisNexis, and elsewhere would supersede the growing number of state laws, many of which impose stricter standards on data brokers, banks, and credit reporting agencies. Rigorous disclosure requirements in California's 2003 law -- the first in the nation -- brought many of the breaches to light



Firms seek a US identity-theft law - The Boston Globe

New laws target identity theft

On Jan. 1 new Illinois legislation may provide more help to victims of identity theft.

Gov. Rod Blagojevich has signed four new laws offering a wider range of consumer protection. The laws will help victims recover from identity theft faster and better protect their personal information.

Identity theft is one of the fastest growing crimes in the country. Last year alone, identity thieves cost Illinois consumers more than $550 million. On average, victims will spend about 600 hours and $1,500 repairing their credit.

Blagojevich hopes the new laws will help people protect their assets and their credit.


Beloit Daily News

Computer age allows criminals to cash in on identity theft

After enjoying tacos with friends at a beachfront restaurant in Cabo San Lucas, Kelly O'Haire of Novato paid with her credit card, and before long, her $25 lunch tab turned into an $18,000 medical bill.
By the time O'Haire returned home from the long weekend, someone had charged to her account thousands of dollars in medical services at a clinic in Chihuahua, Mexico. She suspects her credit card number was stolen at the restaurant.


Marin Independent Journal - News - Marin

Top 10 tricks causing spyware epidemic

Spyware tricks have become increasingly devious, making spyware and adware stick to machines longer, more difficult to remove and sometimes impossible to see with ordinary methods. In the spyware tricks series I wrote about seeing installations with multiple resuscitators, increasing numbers of randomly named files, even randomly named folders. Internet Explorer security settings are being changed by spyware and hosts files are being hijacked. We've recently seen installations of keyloggers and spam bots along with your garden variety of adware. Now add rootkits to that list. Let's look back at the top 10 tricks of 2005…

10. Spyware spread through Windows Media files as described by Ben Edelman, Eric Howes and Ed Bott in January. The Windows Media Player flaw that allowed the exploit involved DRM and has since been patched by Microsoft.



� Top 10 tricks causing spyware epidemic | Spyware Confidential | ZDNet.com

FTC says spam is on the decline; not all agree - The Boston Globe

WASHINGTON -- Those annoying ''spam" e-mails for Viagra or low-rate mortgages that clog computer users' mailboxes appear to be on the decline, federal regulators said yesterday

The Federal Trade Commission said the antispam law that took effect two years ago has helped curb unsolicited e-mail. Its report also credits advances in technology, such as better spam filters.

The report was met with some skepticism. ''For us, we have not seen one single instance where spam has actually gone down," said Jordan Ritter, cofounder of Cloudmark, an e-mail security firm in San Francisco.


FTC says spam is on the decline; not all agree - The Boston Globe

Teaching teens about ID theft

Applying for a job at an electronics store two years ago, Zach Friesen was stunned to learn that the store manager was turning him down because of his terrible credit record.

"I looked at him and said, 'I've never had credit in my life. What are you talking about?'" the 19-year-old recalled.

Someone had rung up about $40,000 worth of bills related to a houseboat purchase under Friesen's name -- when he was 7 years old. The fraud went undetected for a decade, and only when he applied for the job did Friesen discover that he was a prime target for identity thieves, who are increasingly focusing on young people.


Teaching teens about ID theft

Protecting your identity

Yvonne Williams tapped into 16 credit card accounts. She was able to obtain this information through her work at Pad Care Inc.

Since then, Pad Care Inc. has stepped up its procedures, and officials say the issue of identity theft as a whole has other companies on alert.

News 10 Now | 24 Hour Local News | TOP STORIES | Protecting your identity

For students, lessons on ID theft

Montclair State University students are learning how to lessen their chances of falling victim to identity theft.

A workshop Tuesday was the first of several scheduled to inform students about the importance of using extreme care with their personal information.

The sessions are in response to an electronic blunder by a university staff member who mistakenly posted the names and Social Security numbers of 9,800 undergraduates on the Internet. The confidential information was online for at least four months.

"Protecting yourself ahead of time is the best way to go," said Madhu M. Medapalli of PNC Bank, who led the workshop with a colleague.


North Jersey Media Group providing local news, sports & classifieds for Northern New Jersey!

Holiday shoppers, beware

Yes, it is time to dig deep into your wallets and fork over some cash to spread mirth and merriment this holiday season.

And there could be no easier way to buy gifts than to do so online, right? But if you do not take prudent steps, bad things could happen. Keep reading.

Forrester Research predicts that online holiday shopping will increase a whopping 25 percent this year, with 2.5 million households making online purchases for the first time. Meanwhile, online privacy watchdog group Truste reports that 78 percent of Internet users in the United States will conduct some of their shopping online
Holiday shoppers, beware | Perspectives | CNET News.com

Anti-spyware Battles Rootkits with Rootkit Tactics

Anti-spyware software companies are adding features to their products that spot rootkits and other malicious programs that operate at the Windows "kernel," or core processing center.

The new kernel-mode features are a response to new, sophisticated spyware.

However, they have raised warnings from security analysts about instability in Windows and conflicts with anti-virus programs that also work at the kernel level.

Aluria Software of Lake Mary, Fla., became the latest anti-spyware vendor to add kernel-mode features.



Anti-spyware Battles Rootkits with Rootkit Tactics - Yahoo! News

Feds Flop At Stopping Spam

The Federal Trade Commission is expected shortly to issue a report on the effectiveness of the CAN-SPAM Act, passed by Congress to combat unsolicited junk e-mail, but experts tell United Press International's The Web ahead of the report that spam continues to rapidly proliferate.
"The CAN-SPAM Act has been largely ineffective," said Edward Naughton, an intellectual-property law partner with the firm of Holland & Knight, based in Boston. "Most of the data, and my own experience, indicates that the volume of spam has increased since the statute became effective

Feds Flop At Stopping Spam

New Virus Marks New Strategy

Dec. 14, 2005 — There's a new worm making its way around America Online that has opened a new front in the war to keep hackers from invading, disturbing and destroying personal computers.

It's an Internet worm attacking users of AOL's instant messaging software, sending unsuspecting users a message encouraging them to click on a link.

"What we continually say to users is 'don't ever click on a link you receive in an IM without asking the sender what it is and why they're sending it to you,'" said Krista Thomas, a spokeswoman for AOL.


ABC News: New Virus Marks New Strategy

Fake virus phishing scam targets McAfee:

Anti-virus firm McAfee has been targeted by a phishing scam that purports to be a warning from the company about a new virus called Kongo31.XRW, which does not exist.
The phishing scam was discovered by rival anti-virus form F-Secure, which published the information on its Web site and said it had warned McAfee about the e-mail.

Fake virus phishing scam targets McAfee: ZDNet Australia: News: Software

Central Blood Bank Modifies Donor Identification Policy to Help Protect Against Identity Theft:

PITTSBURGH, Dec. 15 /PRNewswire/ -- As part of a proactive effort to protect blood donors against the threat of identity theft, beginning December 12 Central Blood Bank will no longer request donors to present full Social Security numbers as valid forms of identification. Central Blood Bank will continue to utilize the last four digits of the Social Security number as one way to verify identification.

Central Blood Bank Modifies Donor Identification Policy to Help Protect Against Identity Theft: Financial News - Yahoo! Finance

Identity Theft Victims Could Be Treated As Criminals

WASHINGTON -- A growing concern about identity theft is that victims could be treated as criminals, which happened to one Maryland woman.

Nicolle Robinson, of San Antonio, assumed the identity of Nicole Robinson, of Maryland, turning the latter's life upside down.

"In three months she totaled up $36,000, computers, personal loans, department store accounts," Nicole Robinson said.

The Texas imposter did it from thousands of miles away by stealing her Maryland namesake's Social Security number off her health insurance identification from a database.
nbc4.com - News - Identity Theft Victims Could Be Treated As Criminals

Meth addicts' other habit: Online theft

EDMONTON, Alberta — Hot on the trail of identity thieves, veteran Edmonton Police Service detectives Al Vonkeman and Bob Gauthier last winter hustled to a local motel, a cinder-block establishment where rooms rent by the hour.

Twice before police had descended on locations in Edmonton and Calgary, 200 miles away, chasing down a tip about someone accessing a dial-up Internet account linked to an e-mail folder full of stolen identity data. Each time, the user logged off and vacated the premises before police arrived.

This time the motel's manager told the detectives that the phone in Room 24 was in use. As Vonkeman and Gauthier prepared to bust down the door, out strolled a garrulous drug addict, 25, whom they'd arrested before, followed by a younger man — a 21-year-old computer whiz — both sky-high on methamphetamine

USATODAY.com - Meth addicts' other habit: Online theft