Spying is Alive and Well…and Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Most people assume that corporate espionage is just James Bond stuff. However, according to USA Today, even small and medium businesses are at risk. Spying has been going on since the beginning of time, and it’s alive and well today. In most cases, spying starts because a person or entity needs or wants information that is otherwise kept confidential or private from prying eyes.

Most people have probably spied at some point in their lives. Maybe as children, rifling through siblings’ or parents’ closets and drawers. Or as teenagers, spying on a boyfriend or girlfriend in an attempt to determine why a first relationship wasn’t working out. Or as parents, hoping to protect children from themselves. Hopefully this type of behavior subsides as we grow older and learn to trust others. But some people find serious reasons to spy as adults. This behavior can eventually culminate in stalking, which is, of course, illegal and can end in tragedy.

There are plenty of tools to facilitate spying. There are more ways of gathering intelligence than ever before. An online search for “spy shop” or “spy store” turns up a vast collection of small wireless cameras, listening devices, software, and hardware that can help the customer collect enough data on their target to do some damage, or uncover sensitive information.

Spyware is commercially available software that can track keystrokes, emails, and instant messages. In the wrong hands, it can be quite damaging. Keycatchers are hardware devices that can be installed in the back of a PC in order to record raw data.

It is necessary to monitor childrens’ Internet use, but an open dialogue is equally important. If a person has suspicions about his or her spouse, that’s an entirely different scenario, requiring a different set of rules. Be aware that if you spy or cheat on a loved one, you ought to be prepared for the consequences.

Protecting yourself and your business from this type of spying is difficult, but possible. Always keep in mind that those on the “inside,” such as friends, family members, employees, or people who have special access and could potentially be paid off, like a cleaning person or a security guard, can access sensitive data.

  1. Make sure that there are no mysterious hardware devices attached to your computer.
  2. Sweep your home for audio recording devices. You can either hire someone to do this, or do an online search for a tool that will help you.
  3. Password protect the administrator account on your computer, to prevent unauthorized software installation.
  4. Run a spyware removal program.
  5. Never leave file cabinets unlocked, or paper work lying around.
  6. Shed any document that may contain sensitive data before throwing it out.
  7. Lock down your wireless connections, since they are often the path of least resistance.
  8. Don’t disclose too much personal information on social networks, since that makes it easy for people to spy on you.
  9. Know that identity thieves have access to all these tools as well, so protect yourself. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  10. And invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses mobile phone stalking and spying on The Tyra Banks Show

Protecting email While Traveling From Identity Theft

You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

1. And you should always protect yourself from identity theft. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft(Disclosures)

Robert Siciliano Identity theft speaker discusses wireless hacking on Fox News

Child Identity Theft Victims

Robert Siciliano Identity Theft Expert

Jason Truxel was denied a mortgage because of bad credit. He had no idea that his credit scores were low, so he pulled his credit reports. He discovered a tremendous amount of debt, and accounts he had never opened. One such account showed that a credit card had been opened in his name when he was 13 years old. Jason found out the hard way that he was a victim of child identity theft. When Jason was a child, his father was convicted of credit card fraud. So he went to his father’s house and found a stack of credit cards with his name on them in a dresser drawer. When confronted, Jason’s dad said that Jason would never be able to prove anything. That’s a bad dad, if I’ve ever heard of one.

Diamond Daye is 11 years old. He’s going through the same problem. Except his mother is the identity thief. She’s 31, and owes thousands in rent and cell phone and cable bills.

Child identity theft is a growing problem. The Federal Trade Commission estimates that there are 500,000 new victims every year. The culprits are often parents, since they have direct access to their kids’ personal information. Irresponsible parents who have screwed up their own credit apply for credit in their childrens’ names, once they discover how easy it is. All a parent needs is a child’s Social Security number, and the fun begins. Creditors often fail to verify the applicant’s age, and simply accepts the application. Children rarely discover that they are victims of identity theft until they are adults, and are denied credit or employment because of their negative credit history. Sometimes the custodial parent discovers that his or her ex committed identity theft when the bill collector notices begin to arrive.

There’s not much a person can do to prevent child identity theft, other than regularly requesting fraud alerts and ensuring the credit hasn’t been issued under your child’s name.

What you should do to protect yourself and your children:

Protecting yourself from new account fraud requires a credit freeze, or setting up your own fraud alerts and in your childs’ name too. This provides an extra layer of protection. In most cases it prevents the opening of new credit.

Consider making an investment in Intelius Identity Theft Protection and Prevention. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano Identity Theft Speaker discussing availability of Social Security numbers on Fox News

A ‘Whac-A-Mole’ Approach to Preventing Identity Theft

Robert Siciliano Identity Theft Expert

Computerworld illustrates the current state of information security by citing a childhood arcade game: “If you’ve ever played the silly, maddening game known as “Whac-A-Mole,” you know what futility feels like. As you smack one mole with the mallet, up pops another one. Their speed and number escalates as you flail away, trying to keep up. At some point, you realize there’s no hope of winning.” That’s why I hated that game. I was attracted to it at first, because, like Barney Rubbles’ son Bam Bam, I liked hitting stuff with blunt instruments. But that only takes you so far. To win, you need skill and precision.

In today’s world of cyber security and identity theft prevention, it isn’t enough to chase the next mole and whack it with another patch, or shred your own data and hope that someone doesn’t hack your cell phone company. You need to understand the problem and proactively implement a solution.

In the late 90’s and early 2000’s, hackers hacked for challenge, fun, and fame. It made them popular among other hackers. Soon after, consumers began spending more time online. They used their PCs to shop, bank, and manage personal affairs. Now, hackers aren’t just wreaking havoc, deleting files, or making IT administrators miserable, they’re also stealing proprietary data. Now, the real game is illegal financial gain. Hackers’ motivations have changed, which means that you need to change your perceptions of what a computer is, and how to operate it. It’s no longer something to just play Solitaire, or a play where you socialize with friends. Now, it’s a cash register to a hacker. It’s a bank. And it should be treated and respected like a vault.

  1. Run Windows Update, or it may also be labeled “Microsoft Update,” on your PC. If you have Windows XP, you want “Service Pack 3” installed. You can also go to “Control Panel” and then “Security Center” and turn on automatic updates, so Microsoft will install the latest security upgrades automatically. If you have Vista, the process is similar, but you want “Service Pack 1.”
  2. Install antivirus software. Most PCs come bundled with software that runs for free for up to a year. Once it expires, you need to renew the license. If you don’t, every day that your software isn’t updated provides more opportunity for criminal hackers to turn your PC into a zombie that sends viruses to other PCs or sends spam shilling Viagra.
  3. Install anti-spyware software. Most antivirus providers define spyware as a virus now. However, it’s still best to run a spyware removal program once a month or so, to ensure that your PC is rid of software that could allow a criminal hacker to remotely monitor your data, keystrokes, and the websites you visit.
  4. Use Firefox. Internet Explorer is clunky, and the most frequently hacked software that exists. Mozilla’s Firefox is more secure.
  5. Secure your wireless. If you’re running an unsecured wireless connection at your home or office, anyone can jump on the network and access your files from up to 500 feet away. Your router should have instructions on how to set up WEP or WPA security. WPA is better. If this is a foreign language to you, you should either hire someone, or ask your 15 year old for help.
  6. Install a firewall. Microsoft’s operating system comes with a built-in firewall, but it isn’t especially secure. Go with a third party firewall that comes prepackaged with antivirus software.
  7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  8. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses criminal hackers targeting wireless devices on Fox News.

Social Media Privacy and Personal Security Issues

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

Identity Thieves Gather Data From Social Networks

Robert Siciliano Identity Theft Expert

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. Apparently, they see no reason to distrust. Generally, your “friends” are people who you “know, like and trust.” In this world, your guard is as down as it will ever be. You can be in the safety of your own home or office, hanging with people from all over the world, in big cities and little towns, and never feel that you have to watch your back.

PC World reports that a third of social networkers have at least three pieces of information posted on their pages that could lead to identity theft. Names, addresses, birth dates, mothers’ maiden names, kids’ names, pets’ names and phone numbers are among the various types of data that could help a criminal piece together your identity. Social networkers are simply making it too easy for thieves.

Almost 80% of those polled are concerned about privacy issues on social networks, yet almost 60% are unaware of what their privacy settings are and who can see their data. One third of social networkers admitted that they use the same password for all their social networking accounts.

Most social networks have privacy settings that many users never venture to manage. It is imperative to spend a few minutes and lock down your profiles so they can’t be seen by everyone in the world.

It is not unusual for a potential identity thief to “friend” a potential victim. The thief poses as someone the target may know, or someone who is known within the target’s social circle. Once the thief has been accepted as a friend, he or she is in the target’s inner circle and gains a great deal of insight into the target’s daily life.

People often try to “friend” me, and I can see that they are “friends” with people I know. But I don’t know them. And the mutual friends often tell me that they don’t know the person, but were “friends” with someone else they knew, and they accepted based on that! That’s nuts! Next thing you know, they are trolling through your “friends” and befriending people in your network, who accept based on their trust in you! Dizzy yet? The point is, stop the madness! Don’t allow these trolls into your life. Mom told you not to talk to strangers. I’m telling you not to “friend” strangers, because they could be scammers.

Scammers are watching. They know that once they are on Facebook, your guard goes way down.

Regardless of all this craziness protect your identity.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity theft speaker discusses Facebook scams on CNN

Web Based emails Insecurity Leads to Identity Theft

Robert Siciliano identity theft expert

I recently appeared on Fox and Friends to discuss email hacking. Dave Briggs, a FOX & Friends Weekend co-host, lost access to his Hotmail email account when hackers were able to guess either his password or his qualifying question. (He admitted that his password was not as strong as it should have been.) The hackers locked Briggs out of his own account and spammed all of his contacts with a fraudulent email that appeared to be written by Briggs himself, claiming that he was trapped in Malaysia and requesting that someone help him by transferring money via Western Union. Only after persistently contacting Hotmail administrators was Briggs able to regain control of his own email account.

Twitter was targeted by a similar hack, which led to a data breach. It is likely that the hacker guessed the answer to a Twitter employee’s security question and reset the employee’s password. On Wednesday, Twitter co-founder Biz Stone blogged, “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.”

And of course, Sarah Palin’s Yahoo email account was hacked into last year, during the presidential campaign. The hacker explained how easy it was in Wired.

Web-based email rocks! Since you’re no longer tethered to a PC-based client, you can access your email from anywhere. And all the data saved in your email account will be safe if your PC crashes. Many web-based email providers offer gigabytes of free storage and other useful tools like documents, RSS readers, and calendars. Life in the cloud is easier and more convenient. But is it secure?

PC Pro reported on a study run by Microsoft Research and Carnegie Mellon University, which measured the reliability and security of the questions that the four most popular webmail providers use to reset account passwords. AOL, Google, Microsoft, and Yahoo all rely on personal questions to authenticate users who have forgotten their passwords. The study found that the “secret questions” used by all four webmail providers were insufficiently reliable authenticators, and that the security of personal question appears much weaker than passwords themselves. Yahoo claims to have updated all their personal questions in response to this study, but AOL, Google, and Microsoft have yet to make any changed.

Once a hacker has your email address, he or she can simply go to the “forgot password” section of your email provider’s website and respond to a preselected personal question that you answered when signing up for the account. With a little research, the hacker has a good shot at finding the correct answer.

Some of the current questions could be answered using information found on a user’s social networking profile, or through a website like Ancestry.com or Genealogy.com. Some answers might be found in the user’s trash. Some questions seek opinions, rather than facts. For example, “Who is your favorite aunt?” requires an opinion in response, but if a hacker knew the names of all your aunts, he or she could enter them all one by one. Some questions would be more difficult to answer. Unfortunately, if you signed up for your web-based email account over a year ago, before these email hacks became more common, your questions may be even easier to answer.

Gmail’s current personal questions are:

  • What is your frequent flyer number?
  • What is your library card number?
  • What was your first phone number?
  • What was your first teacher’s name?
  • Write my own question

Yahoo’s current personal questions are:

  • What is the first name of your favorite uncle?
  • Where did you meet your spouse?
  • What is your oldest cousin’s name?
  • What is your oldest child’s nickname?
  • What is the first name of your oldest niece?
  • What is the first name of your oldest nephew?
  • What is the first name of your favorite aunt?
  • Where did you spend your honeymoon?

I suggest that you check out the “forgot password” section on your own web-based email account, to see your current personal question. If it’s easy to answer, or would only require a little research to solve, update the question with one that you create based on opinion, as opposed to fact. And keep in mind that most people list “pizza” as their favorite food and “liver” as their least favorite. So be creative. You should also beef up your password. Combine uppercase and lowercase letters, as well as numbers. Don’t use consecutive numbers, and never use names of pets, family members, or close friends.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Tweets Link to Identity Theft

Identity Theft Expert Robert Siciliano

“Misty Buttons” just started following me on Twitter. She’s curvaceous, bodacious and isn’t getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I’m going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne’er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That’s more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn’t just obvious Twitter porn that you need to watch out for. It’s also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor’s Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

  1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  2. Install anti-virus protection and keep it updated.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.


ATM Fraud Increases Identity Theft Risk

Robert Siciliano Identity Theft Expert

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

A recent survey points towards ATM fraud rising 5-9 percent. Seventy percent of those poled experienced a jump between 2007 and 2008. Many of the large data breaches that have occurred over the past few years may have contributed to the fraud.

It’s simple enough to hack into a database and compromise cards and pins. It’s even easier to affix hardware to the face of an ATM machine and do the same. Once the data is compromised the identity thieves clone cards and turn the data into cash as quickly.

Bankinfosecurity.com recently published “7 Growing Threats to Financial Institutions”. This post is a play on that; “7 Growing Threats to You”

#1 Skimming; Hardware readily available online that is attached to the face of an ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, peoples names, pets names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

How to protect yourself;

First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.

1. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place. If your card sticks, odd looking configurations on the ATM, wires, two sided tape.
2. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
3. Don’t reply to phishing or phexting emails. Just hit delete.
4. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere.
5. Make sure your McAfee anti-virus is up to date.
6. Invest in Intelius identity theft protection and prevention. Because when all else fails its good to have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing ATM skimming

Social Network is Accused of Identity Theft

Robert Siciliano Identity Theft Expert

The state of New York, Office of the Attorney General plans to sue the social-networking site Tagged.com for allegedly using deceptive e-mails in order to gain new users.

It is alleged that the social-networking service stole the identities of more than 60 million Internet users by sending e-mails to people saying that members of the site had tagged them in photos but the photos did not exist and that Tagged raided their private accounts.

The e-mails that people received appeared to come from their friends via the website as an offer to look at the friends pictures and join in. It is believed that Tagged, would then illegally get access to those new users’ e-mail address books and send out more messages without those users’ knowledge. Tagged will be sued for deceptive e-mail marketing practices and invasion of privacy, the office said.

In a statement by their CEO he said “Simply put, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.”

I received the same emails from friends, people who were “duped”. I spoke to those people and understand it to be true that, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.

I don’t believe identities were stolen at any level and that anyone using terms such as “stolen Identity” or “identity theft” are grossly mistaken, but “email harvesting” and a degree of spam and questionable marketing may have occurred.

Here is exactly what happened. A person receives an email saying their friend wants to show them a picture. They have to visit the site, sign in, and register to view it. In that process they are asked for their user name and password from their web based email account to invite more friends to their new account. Many people have done this in Twitter, LinkedIn and Facebook. The lie told is there is no picture to be seen. That’s deceptive marketing, not identity theft.

Criminal hackers have been using the same ruse to get people to log in to a spoofed Facebook account for the past year. Once logged in the user is requested to download a file to watch a video. This download has a virus that allows a full takeover of their account. It almost looks like Tagged took a page out of the criminal hackers book using the same ruse, but without the virus or the spoofed site.

The fact is whenever you register for a social networking site you are asked to plug in your credentials and invite your address book. Doing this is not a bad thing, unless the company you are trusting is a bad corporate citizen. That said; don’t provide any website your log in credentials to your web based email account if you don’t believe them to be 100% legit. Further, when you have web based cloud accounts that contain email and also have proprietary documents or files within that account NEVER GIVE THAT DATA TO ANY COMPANY.

All that said, regardless, you should still protect yourself from real identity theft.

Here is how;
1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.
2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing social network is accused of identity theft.