Sarah Palin Victim of Social Media Identity Theft, LaRussa Drops Suit

/1 Comment/in , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Since the beginning of the presidential campaign, Sarah Palin has used Twitter and Facebook to communicate with the public. Impostors have taken every opportunity to jack her persona, even hacking into her personal email account.

Now, hackers and impostors are chiming in on Sarah Palin’s resignation. The Twitter profile for ExGovSarahPalin snags and reuses graphics, photos and tweets from Sarah Palin’s “Verified” Twitter acount, AKGovSarahPalin. This fake Palin account is still live as of this writing. In one tweet, a Palin impersonator invited followers to her home for a barbecue. Her security staff was reading these tweets and quickly dispatched security personnel to her home to intercept unwanted visitors.

Twitter has a “parody impersonation policy” that permits impersonation, as long as the parody is clear to readers. It’s puzzling to me that they would allow this, particularly in the case of the fake Sarah Palin account, which is plastered with Governor’s likeness.

Social media is not prepared for this type of use. And Twitter should rethink its policies.

Meanwhile, USA Today reports that St. Louis Cardinals manager Tony LaRussa, who has also fallen victim to social media identity theft and has sued Twitter, claiming damage resulting from “cybersquatting” and misappropriation of his name, has now dropped his lawsuit. One report mentions an out of court settlement that compensates LaRussa for his legal fees and includes a donation to his favorite charity. Twitter co-founder Biz Stone blogged a denial of such a settlement.

Financial identity theft is impossible to prevent 100% of the time, and so is social media identity theft. However, there are ways to lock down your name and protect yourself, or at least to mitigate the potential damage to your name and reputation.

As we spend more time online, meeting people, posting photos and offering glimpses into our personal lives, here are some action steps to keep Social Media Identity Theft at bay:

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
2. Set up a free Google Alerts for your name and get an email every time your name pops up online. Go to iSearch.com by Intelius and search your name and any variations of your name in what would be a screen name.
3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
4. Consider dropping a few bucks on Knowem.com and other sites like them. These online portals go out and register your name at what they consider the top social media sites. Their top is a great start. The user experience is relatively painless. There is still labor involved in setting things up with some of them. And no matter what you do, you will still find it difficult to complete the registration with all the sites. Some of the social media sites just aren’t agreeable. This can save you lots of time, but is only one part of solving the social media identity theft problem.
5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. This is a combination of online reputation management and search engine optimization for your brand: YOU.
6. If you ever stumble upon someone using your likeness in the social media, be very persistent in contacting the site’s administrators. They too have reputations to manage and if they see someone using your photo or likeness they would be smart to delete the stolen profile.
7. Despite all the work you may do to protect yourself, you still need the Intelius Identity Protect service I’m working with and recommend coupled with Internet security software.

Robert Siciliano, identity theft speaker, discusses scams.

Social Security Numbers Cracked, Creates Identity Theft Risk

/0 Comments/in , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researches had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” “Unless mitigating strategies are implemented, the predictability of SSNs exposes them to risks of identify theft on mass scales,” the researchers wrote.

While the researchers work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations and educational institutions. Networks are like candy bars – Social Security numbers can be hacked from outside the hard chocolate shell or from the soft and chewy inside.

The problem stems from that fact that our existing system of identification is seriously outdated and needs to be significantly updated. We rely on nine digits as a single identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. We will only begin to solve this problem when we incorporate multiple levels of authentication into our identification process.

The process of true and thorough authentication begins with “identity proofing.” Identity proofing is a solution that begins to identify, authenticate and authorize. Consumers, merchants, government don’t just need authentication. We need a solution that ties all three of these components together.

Jeff Maynard, President and CEO of Biometric Signature ID, provides a simple answer to a complicated issue in four parts:

Identify – A user must be identified when compared to others in a database. We refer to this as a reference identity. A unique PIN, password or username is created and associated with your credential or profile.

Authenticate – Authentication is different than verification of identity. Authentication is the ability to verify the identity of an individual based specifically on their unique characteristics. This is known as a positive ID and is only possible when using a biometric. A biometric can be either static or dynamic (behavioral). A static biometric is anatomical or physiological, such as a face, a fingerprint or DNA. A dynamic biometric is behavioral, such as a signature gesture, voice, or possibly gait. This explains why, when authentication solutions incorporate multiple factors, at least two of the following identifiers are required: something you have, such as a token or card, something you are, meaning a biometric identifier, and something you know, meaning a pin or password.

Verify – Verification is used when the identity of a person cannot be definitely established. These technologies provide real time assessment of the validity of an asserted identity. When we can’t know who the individual is, we get as close as we can in order to verify their asserted identity. PINs, passwords, tokens, cards, IP addresses, behavioral based trend data and credit cards are often used for verification. These usually fall into the realm of something you have or something youknow.

Authorize – Once the user has passed the identification test and authenticated their identity, they can make a purchase or have some other action approved. Merchants would love to have a customer’s authenticated signature to indicate his or her approval of a credit card charge. This is authorization.

Effective identification results in accountability. It is being achieved in small segments of government and in the corporate world, but not systematically. Unfortunately, we are years away from full authentication.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity Theft Speaker discussing identity theft

Identity Theft Expert; Fake IDs are as easy as 1,2,3

/1 Comment/in , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Do an online search for “fake ids” and you’ll be amazed to discover how easy it can be to obtain an ID allowing you to pose as someone else. Or how easy it can be for someone else to obtain an ID that will allow him or her to pose as you. Some websites peddle poor quality cards, others offer excellent quality, and many websites are simply scams.

The fact is, our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

Another glitch is the potential for individuals to completely alter their appearances. Men with facial hair can wreak havoc on the current system. This is sometimes done as a prank. In other cases, the individual is attempting to subvert the system to maintain a degree of anonymity. New technologies, such as facial recognition, should eventually resolve some of these problems, but they are still years away from being fully implemented.

In Indianapolis, Indiana, a man was able to obtain six different IDs. He accomplished this by visiting various different registries throughout the state and using borrowed names and stolen information. He obtained job applicant data from a failed body shop business he had owned. He used the false identities to open checking accounts at multiple banks and write fraudulent checks to himself.  He was caught while applying for his seventh ID, thanks to facial recognition software. But it is disturbing to know that he was able to acquire six different identities, all stolen from real people, without detection. It was a bank employee who eventually noticed that he had two different bank accounts under two different names. If the man hadn’t been so greedy, he would have gotten away with it.

In Indianapolis and other registries the daily photos are compared to millions of others already on file. The system constantly scans the data and presents cases that might match, requiring further investigation by registry employees.

Some of the requirements of improving facial recognition include not smiling for your picture or smile as long as you keep your lips together. Other requirements meant to aid the facial recognition software include keeping your head upright (not tilted), not wearing eyeglasses in the photo, not wearing head coverings, and keeping your hair from obscuring your forehead, eyebrows, eyes, or ears.

The fact is, identity theft is a big problem due to a systematic lack of effective identification and is going to continue to be a problem until further notice. In the meantime it is up to you to protect yourself. The best defense from new account fraud is identity theft protection.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name.

2. Invest in Intelius Identity Protect. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity Theft Speaker discussing identity theft

Judge Rules; It is legal to post Social Security numbers on Web sites

/1 Comment/in , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

B.J. Ostergren is a proud Virginian. She’s known as “The Virginia Watchdog,” but I like to call her “The Pit Bull of Personal Privacy.” She is relentless in her efforts to protect citizens’ privacy, and she is primarily concerned with the posting of personal information online. So in order to make this point, she finds politicians’ personal information on their own states’ websites, and republishes that information online.

Publicly appointed government employees known as Clerks of Courts, County Clerks or Registrars are responsible for handling and managing public records, including birth, death, marriage, court, property and business filings for municipalities. Every state, city and town has its own set of regulations determining how data is collected and made available to the public.

The Privacy Act of 1974 is a federal law that establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.

Over the years, many have interpreted this law to allow public information, including Social Security numbers, to be posted online. I’ve seen Social Security numbers for Jeb Bush, Colin Powell, former CIA Director Porter Goss, Troy Aiken, and Donald Trump, all published on the Internet.

Years ago, B.J. discovered that several states, including her home state of Virginia, were posting our records online, and she immediately saw how this could contribute to identity theft. She has downloaded as many as 22,000 Social Security numbers from deeds, mortgages, tax liens from the websites of circuit courts, registers of deeds and secretaries of state. She made a concerted effort to inform each agency that what they were doing was unethical, at the very least, and possibly even criminal. But she was often rebuked. That’s when she decided to fight back. When government agencies stopped listening, she started posting politicians’ personal information on her own website, “The Virginia Watchdog.” This certainly attracted the attention of officials, but it also created a backlash against her.

Some states resolved the issue by redacting the Social Security numbers, but Virginia did not. B.J. persisted in informing them of the problem and, as the Richmond Times Dispatch put it, “the state decided that the person who brought the problem to their attention was the problem.”

A 2008 Virgina state law prohibited disseminating information taken from public records, and thus, prohibited B.J. from posting publicly available information on her own website. So legally, it was okay for the County Clerk to do it, but nobody else was allowed. U.S. District Court Judge Robert E. Payne recently ruled that this 2008 state law is a violation of First Amendment rights. It’s a win for B.J., but this doesn’t resolve the initial privacy issue.

So how does this impact you? This means that while you can do everything possible to protect yourself from fraud and identity theft, your local government may be circumventing your security efforts by posting your personal data online. B.J.’s fight has led to the resolution of some issues and prompted some states to redact data, but the battle is far from over.

Visit B.J.’s site, The Virginia Watchdog, to become more informed about one woman’s quest to point out what’s wrong and to fight for what’s right.

Next, protecting yourself from new account fraud requires a credit freeze, or setting up your own fraud alerts. This provides an extra layer of protection. In most cases it prevents the opening of new credit.

Consider making an investment in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano Identity Theft Speaker discussing availability of Social Security numbers

Identity Theft Credit Card Security

/3 Comments/in , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when the identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps you simply hand it over when paying at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft. I’ve always viewed it as simple credit card fraud, rather than “identity theft” in its truest sense.

New account fraud, as it relates to credit cards, occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account and have the card sent to a different address. This is true identity theft. Once the identity thief receives the new card, he or she maxes it out and doesn’t pay the bill. Over time, the creditors track down the victim, blame him or her for the unpaid bills, and demand the owed funds. New account fraud destroys the victim’s credit and is a mess to clean up.

Victims of account takeover are likely to discover the fraud in numerous ways. They may notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim’s established spending habits. Credit card companies have anomaly detection software that monitors credit card transactions for red flags. For example, if you hand your credit card to a gas station attendant in Boston at noon, and then a card present purchase is made from a tiny village in Romania one hour later, a red flag is raised. Common sense says you can’t possibly get from Boston to Romania in one hour. The software knows this.

Victims of account takeover only wind up paying the fraudulent charges if they don’t detect and report the crime within 60 days. A 6o day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00. After 60 days, though, you are out of luck. So pay attention to your statements. As long as you do, account takeover should not hurt you financially.

But new account fraud is another story entirely – one that can and will hurt you if you don’t protect yourself. You may not be held financially responsible for the charges themselves, but you will pay in time, and time is money. In some cases you may pay lawyers or private investigators, or you may need to take time off from work, depending on how dire your credit situation becomes. Identity theft victims have been denied credit due to the unpaid debts in their names, and have missed opportunities to purchase homes as a result.

Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

Robert Siciliano Identity Theft Speaker discussing identity theft hackers