New Identity Theft Virus Steals from Online Banking

Robert Siciliano Identity Theft Expert

A new kind of Trojan horse infiltrates your online bank account, and not only steals your log-in information, but also siphons funds directly out of your account. The virus is known as URLZone, is controlled by servers in the Ukraine, and it determines how much money to steal from a victim’s account depending on the initial balance, all in real time, while the user is logged in, displaying a fake balance so the victim isn’t aware that it’s happening. URLZone targets Firefox, Opera, and the last three versions of Internet Explorer. Currently, the virus is only targetting computers in Germany. But it’s only a matter of time until URLZone, the most sophisticated worm of its kind to date, spreads further.

Like most viruses today, URLZone generally infects a PC when the user clicks a link or visits an infected site. Once the virus is installed, it waits for the user to access an online banking website. That’s when it goes to work. While the user is banking online, the virus communicates with the bank’s server in the background. Transactions are being processed and the user doesn’t see any of it happening. Frankly, this doesn’t even sound possible to me. But it’s happening. The virus then erases its tracks by displaying a bank balance on the infected computer that doesn’t reflect the funds that have been stolen. The victim will only recognize a discrepancy in the balance when using an uninfected computer or an ATM, or receiving a paper statement. Or when the checks start to bounce.

A virus with the sophistication to hijack the victim’s browser, steal money during an online banking transaction, and then cover its own tracks by modifying the information displayed to the victim, all in real time, is not good, to say the least.

White hat hackers are struggling to stay one step ahead of the criminals, but black hat hackers are out in full force. There are more ways to compromise data today than ever before. From 2007 to 2008, the number of viruses quadrupled from 15,000 to nearly 60,000.

Recently, a couple’s bank account was compromised as a result of their own insecurity. The bank claimed no responsibility and held the couple accountable for the loss. Now they are suing the bank. Depending on how this case pans out, you may be held responsible for the loss if you’re hacked.

1. Make sure your anti virus up to date and set to run automatically.

2. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

3. Update your operating systems critical security patches automatically

5. Check your bank statements often, online, at least once a week.

6. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

High-Tech Harassment in Social Media

Robert Siciliano Identity Theft Expert

Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.

Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone’s camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.

In an even more shocking instance of high tech harassment, a hacker took over a woman’s Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, “My only friend is the handgun in the back of my closet,” and, “I don’t want a funeral or memorial, I want it to be like I never existed.” After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do “anything drastic.” By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.

In this incident, the victim was the mother of a Navy Seal who died in Iraq. It’s believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.

But this can happen to anybody.

  1. Strengthen your passwords; use upper/lower case, numbers and characters. Don’t use easily guessed words from the dictionary or pets, kids, birthdates etc.
  2. Don’t access social media from libraries, internet cafes or any public computers that could have spyware.
  3. Make sure your own PC has updated virus definitions and security patches. Don’t bother with all the 3rd party apps in social media. Many are risky.
  4. Don’t click on links in emails from “friends” asking you to download a video or see pictures. This is becoming a common ruse in social media.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses high tech harassment on the Mike ad Juliet Show on FOX

8 Ways to Prevent Business Social Media Identity Theft

Robert Siciliano Identity Theft Expert

There are hundreds, or maybe even thousands of social media sites worldwide such as FacebookMySpaceTwitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly.

Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has become a big target. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.

Computerworld reports that “Twitter is dead”. Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force. And history tells us that once they sink their teeth into something, they do not let go. Ever.

  1. Implement policies: Social media is a great platform for connecting with existing and potential clients. However without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.
  2. Teach effective use: Provide training on proper use and especially what not do to.
  3. Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  4. Limit social networks: In my own research I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
  5. Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
  6. Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  7. Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
  8. Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

New iPhone App Helps Vet a Potential Mate

Robert Siciliano Personal Security Expert

So you’re about to go on a date with a person you met briefly in the frozen food section of the supermarket who says to you “You better get out of this aisle because you’re so hot, you’re gonna melt all this stuff”. Flattered and hungry for companionship you immediately agree to go out on a date with Mr Cheeseball.

Well maybe this wouldn’t be you, but someone you know.  Anyway, consider “Heavy Vetting B4 Heavy Petting”. The best way to find out about Gorgonzola is to do a quick search on him OR her. Coming soon to the iPhone, Android and Blackberry will be a mobile application  from http://www.intelius.com/mobile called Date Check.

Intelius launched Date Check at the DEMOfall09 conference and demonstrates how easy it is to “Look Up Before You Hookup”. Sound crazy? Not as crazy as some of the people I’m sure you’ve met on the scene. It’s easy enough to enter a person’s name, phone number or e-mail address, and the application does a basic background check. Saving you lots of possible wasted time or possibly compromising your personal security.

The application has a few handy features to help you narrow down what may be potential issues about your potential Prince Alarming.

“Sleaze Detector” gets records of sex offenses and criminal convictions. This is a handy tool to determine if your potential mate is a bad seed. Good information to know and help you make an informed decision. There are a half million registered sex offenders out there. That’s no joke.

“Net Worth” checks property and tax records. This is general information that helps you to determine if they are truthful or lying about assets.

“Living Situation” finds other people living at the same address. So if he’s one of the majority of married men subscribed to online dating services and he tells you he is single, you can call his bluff.

“Interests” scans social networks and other references. It’s always a good idea to check the social media sites a person is connected to. If you discover that the person is affiliated with a supremacy organization that likes to sacrifice the occasional chicken, it’s probably a good idea to run. Fast.

Date Check is a tool to help you make a better decision.

1. Read books on self defense and personal security. Watch instructional videos on self defense techniques. Take a self defense course. The single most effective self defense offering on the planet is a program called “Impact Model Mugging”. Search it online and find one near you. Drive 500 miles if you have to, but take this course and bring your sons and daughters with you. In this case knowledge certainly is power.

2. You’ve heard this before and it requires revisiting: meet your date in a populated place and drive yourself. And do it at least the first 5 times. The goal here is you want to get to know the energy of this person and what makes them tick. If simple stuff irritates them or they make racist or offensive jokes or exhibit behaviors not conducive to “healthy”, move on.

3. Do not consume alcohol when meeting, even with food. Alcohol lowers our inhibitions and makes us accept behaviors that aren’t appropriate. Don’t accept drinks from anyone under any condition unless you see the drink being poured and it goes straight to your hands. Slipping drugs in drinks happens every day.

4. Be direct about going ‘dutch’ in regards to paying for dinner. While this may seem extreme to some, studies show an large percentage of males still believe that when they buy a woman dinner that she “owes” him sex.

5. Get information about them. You ask all the questions. Get their name, address, previous address, home phone, cell phone, place of birth, birthdate, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number.

Robert Siciliano Personal Security Expert discusses dating security on E! True Hollywood Stories Investigates

Twitter Phishing Leads to Identity Theft

Identity Theft Expert Robert Siciliano

Twitter phishing is a growing problem and is spreading through a virus. Twitter accounts that have been hacked are spreading a link with a request to click on and download a video.

Some Twitter phishing involves Twitter porn. Today Ena Fuentes, who’s definitely a hot little number, started following me on Twitter and wants me to check out her new pics. Problem is Ena is probably controlled by a dude from some little village in an oppressed country who’s using dumb human libido to snare his intended victims.

The Register reports users who follow these links are invited to submit their login credentials via a counterfeit Twitter login page (screenshot via Sophos here). In the process they surrender control of their micro-blogging account to hackers, who use the access to send out a fresh round of phishing lures.

In the past, compromised accounts have sent pictures and links to spoofed websites. The new attacks mimick email address book attacks when the compromised account sends direct messages to the users followers. Twitter only allows direct messages to those who are following you.

When clicking links and downloading whatever intended multi media file, the unsuspecting victim may end up with a virus that spreads a keylogger and/or harvests user login details. Criminals know many internet users have the same passwords for multiple accounts.

Shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained by NextAdvisor:

“Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.”

How to protect yourself:

  1. Don’t just click on any link no matter where it’s coming from. Attackers understand a person is more likely to click a link from someone they know, like and trust. If someone direct messages you requesting you click something, their account may be in control of a criminal.
  2. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  3. Install McAfee anti-virus protection and keep it updated.
  4. Change up your passwords. Don’t use the same passwords for social media as you do for financial accounts.
  5. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  6. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing hacked accounts on Fox News

National Protect Your Identity Week Facilitates Identity Theft Protection and Education

Robert Siciliano Identity Theft Expert

A recent National Foundation for Credit Counseling (NFCC) survey conducted by Harris Interactive(R) revealed that 45 percent of all U.S. adults, roughly 101 million people, would feel at most risk for identity theft when making a purchase with a credit card that requires the card to be temporarily taken out of their sight, for example, at a restaurant.

By contrast, consumers are least fearful of falling victim to identity theft when using their credit card to make a purchase in person, for instance at a store. Only 21 percent of U.S. adults listed this as a concern, suggesting that consumers are comfortable as long as they can keep an eye on their card.

In an effort to provide consumers with identity theft education and protection, the NFCC announces its second annual National Protect Your Identity Week (PYIW), October 17-24. Joining the NFCC as a full partner this year is the Council of Better Business Bureaus (CBBB), combining the strength of two well-respected nonprofits behind this initiative.

A number of national organizations are also putting their weight behind this initiative, joining the NFCC and CBBB as Supporting PYIW Coalition Members. This Coalition includes: the American Bankers Association Education Foundation, AFSA Education Foundation, Consumer Action, Consumer Federation of America, Credit Union National Association, Federal Trade Commission, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Council of LaRaza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriff’s Association, Office of the Comptroller of the Currency, and the National Association of Triads. MSN Money is once again the national online media sponsor.

Consumers can find PYIW educational events in their area by going to www.ProtectYourIDNow.org. Hosted by a local member of the NFCC, BBB or other Coalition Member, consumers can take advantage of identity theft workshops, onsite shredding and credit report reviews. The Web site also includes identity theft prevention tips, videos, an interactive quiz to assess your risk of identity theft, and resources for victims.

A new feature this year on www.ProtectYourIDNow.org is a blog hosted by me. I will be providing insight, information and advice for consumers each day during PYIW and then weekly on the blog throughout the year on topics relevant to identity theft. The goal is to keep the public informed and not just one, but 10 steps ahead of the bad guys.

According to the non-profit Identity Theft Resource Center and other sources, identity theft can be sub-divided into five categories:

  • Business/commercial identity theft (using another’s business name to obtain credit)
  • Criminal identity theft (posing as another when apprehended for a crime)
  • Financial identity theft (using another’s identity to obtain goods and services)
  • Identity cloning (using another’s information to assume his or her identity in daily life)
  • Medical identity theft (using another’s information to obtain medical care or drugs)

We will be discussing these and many others issues of fraud on an ongoing basis.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

The Scourge of Medical Identity Theft

Robert Siciliano Identity Theft Expert

Medical identity theft can make you sick. As I once eloquently explained on CBS’s Early Show, if medical identity theft happens to you, “you’re screwed.” And it’s true.

Medical identity theft occurs when the perpetrator uses your name and, in some cases, other aspects of your identity, such as insurance information, to obtain medical treatment or medication or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Having somebody else’s ailments noted on your medical records can create a great deal of confusion, potentially even negatively impacting your own health or medical treatment.

As of last week, a new rule requires health care providers, health plans, and other entities covered by the the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals of any breaches of their medical information. A breach, in this case, is defined as, “the acquisition, access, use, or disclosure of protected health information in a manner not permitted [by the HIPAA Privacy Rule] that compromises the security or privacy of the protected health information.”

Most states have required corporations to disclose data breaches for the past few years. Ever since the ChoicePoint breach in 2005, states have been implementing notification laws. At the time, ChoicePoint was only required to notify California residents. Once word spread that residents of other states had also been compromised in the breach, ChoicePoint became the poster child for what not to do in response to a data breach.

Since health care facilities often handle and store some of the same sensitive personal information that corporations do, these facilities are now subject to similar regulations. But protecting yourself from medical identity theft isn’t as easy as protecting yourself from financial identity theft.

  1. Medical ID cards, insurance cards and medical statements that come in the mail can all be used to steal your medical identity. Install a locking mailbox to prevent your mail from being stolen.
  2. Don’t carry cards in your wallet unless absolutely necessary like when you have an actual appointment.
  3. Protect medical information documents. Shred all throw away documentation and lock it up when it’s in your home or office.
  4. Treat your medical identity similarly as you treat your financial identity by getting similar protections. If the thief can’t steal your financial identity then your medical identity may be less attractive. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

Robert Siciliano identity theft speaker discusses medical identity theft on the CBS Early Show

Task Force Surprises Registered Sex Offenders

Robert Siciliano Personal Security Expert

While information security is always top of mind, my first passion has always been personal security. There always has been, is, and always will be predators stalking their prey. Unfortunately this is the natural order of life. Predators are a part of many of life’s species. Growing up my dad sat me in front of the TV and made me watch documentaries on animal behavior. “In the animal world”, he pointed out, and then he specifically pointed towards the lion and said “there are predators and their natural prey”. The lion hunts and stalks other animals and kills, then eats them. He explained that it’s normal for the lion to kill, its OK, it might not be nice of the lion, but that’s just the way it is.

He went on to say that in the human world, it’s the exact same thing. That there are human beings that act exactly as the lion, and its normal. Its not OK, its not nice, buts that’s just the way it is. Lots to digest when you are 12.

The fact is, dad was right. And some humans even eat others. Some rape, some steal and some torture. And that’s just the way it is.

Some may know the story of the “Frog and the Scorpion”; Scorpion asks a frog to take him across the river on his back. Frogs like, no way dude you’ll kill me. Scorpion says “hey man, I won’t kill you, if I did I’d drown too” Frogs like, “OK man, sounds reasonable lets do it”. Frog gets halfway across the river and the scorpion stings him! Surprised, the frog asks why, because now they will both drown, scorpions says, “Stupid frog, I’m a scorpion, its what we do”.  Predators are predators by nature.

There are over 500,000 registered sex offenders in the US. There are thousands more that aren’t registered and many more that simply haven’t been caught.

Mercury News reports in a surprise visit to sex offenders Jose Gonzalez’s hotel room, the 49-year-old child molester was placed under arrest, headed back to jail for violating his parole. A team of officers from the Sexual Assault Felony Enforcement — or SAFE — Task Force had found alcohol and pornography in his room, two red flag items that are not allowed while the registered sex offender is on parole.

120 registered sex offenders were visited by six-member teams of the task force, from Palo Alto to Gilroy, and 21 of them were arrested. Some had violated the conditions of their parole or probation by having adult or child pornography, alcohol and drugs or a weapon. And some haven’t been arrested yet because they weren’t living where they said they were.

It unfortunate they cant just be kept in jail forever, executed or castrated. But this is the land of the free and the brave and we have rights. Event the child molesters have rights.

So here’s the deal. If you live in a house (which most if us do), chances are there are sex offenders near where you live and work. Its jot enough to know that there are bad guys out there looking for their next victims. It’s important to do something about it. Take a self defense class, bone up on your eye gouging, and teach those you love how to protect themselves. There are lots of screwy things going on out there. Remember, once a scorpion, always a scorpion.

Intelius offers some great resources to keep you informed. 2 products work great to keep you informed:

Property & Neighborhood Report

Research a home or neighborhood with a Property Report! Find home value, ownership info, sales history, property details, current & previous residents, phone numbers, area sex offenders, satellite & map images and more.

And a Neighborhood Watch

Neighborhood Watch helps you stay informed about those who live in close proximity to your family. This comprehensive 3-month service includes sex offender tracking, interactive maps & photos, and monitoring of up to three different addresses – such as your home, child’s school or daycare.

Robert Siciliano personal security expert discussing Serial Rapists on CBS Boston

Criminal Hackers Get to Momma and DaDa Via Children

Robert Siciliano Identity Theft Expert

I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits.

For the uninitiated Curious George is a little happy go lucky bumbling monkey that continually gets himself in a pickle. His curiosity almost kills the monkey in every episode. Thank heavens for “”The Man in the Yellow Hat” which is Georges keeper and occasional life saver. A 41 year old male knows this when he waits 38 years to spawn.

Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.

So here you are in your kitchen making a bunt cake. You continually glance over in amazement that a 3 year old, who cant color in the lines or spell or count above 20 or even tie her own shoes, but she can navigate through an inexhaustible gaming and learning website of PBSKids. She whacks away at the keyboard from morning till evening. So intensely she hacks that when it’s time to pull her away from the computer to maybe, ahh eat? She takes a fit because you caught her mid Sid The Science Kid.

Little do you know that while little miss Mitnick was tap tap tapping away, some frigging cheesebag was trying to rifle all your data via a Clifford The Big Red Dog JavaScript reliant puzzle.  Is there no shame? Boundaries? Apparently not.

It is not immediately evident how hackers compromised the site. They may have taken advantage of a known flaw and  exploited a SQL injection vulnerability.

Kids playing were met with a pop-up message requesting authentication to enter a username and password during a game. “But DaDa, I don’t know my words yet”.  From here, no matter what was entered they were directed to an error page that had malicious code. The JavaScript then loaded malware targeting flaws in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. If the affected computer was not up to date with all their critical security patches then they got the bug.

Lax security practices by consumers are giving scammers a base from which to launch attacks. USA Today reports IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily.

The key to identity theft protection and preventing your computer from becoming a zombie is to engage in every update for every browser, software and media player that you use, keeping your operating system updated and use anti-virus software such as McAfee Total Protection.

And if your 3 year old happens to engage a toothless criminal hacker from the Eastern Bloc and you haven’t been up to date, make sure you have a backup plan if your data is compromised.

1. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing soulless criminal hackers on Fox News

Liars Cons and Scammers: How to Recognize Them

Robert Siciliano Identity Theft Expert

We talk about criminal hackers, scammers and con men as though they are mysterious creatures from the Twilight Zone. But while they are certainly interesting, fundamentally they are people. People who lie, and do it better than anyone else.

If only our noses grew every time we lied. Life would be so transparent. 

Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases, the attacker never comes face to face with the victim. But many times, con men do come into personal contact with victims. And when they do, there are a few telltale signs to look out for.

According to a University of Massachusetts study, 60% of participants lied at least once during an observed ten minute conversation.  Body language expert Carolyn Finch, a colleague of mine from New England, was a consultant and during the OJ Simpson trial and has appeared on numerous media outlets. She points out what to look for:

Face: Finch says when people lie, they smile with only the lower muscles in their face. A liar might try and fake a smile to look genuine or at ease. But a real smile uses the entire face, including the eyes.

Speech: A liar will speak hesitantly and pauses frequently when answering a question. A liar might also repeat words or stutter. “A person who is pausing is thinking,” said Finch. “The eyes go up and around and down to think about what they are going to say next.”

Nerves: Other indicators that the person is uncomfortable include nose rubbing or touching underneath the nose. And watch hands closely, which are an easy way to spot nervousness. “Sometimes there is tremor, definitely in the hands,” said Finch, who also noted the jaw might shake, too.

Eyes: Liars will make a concerted effort to keep your gaze so as not to arouse suspicion. However, Finch advises studying where there eyes go if, and when, they do break gaze.

If you ask someone to remember what they ate an hour ago, they might look up and to their left, which indicates “visual recall,” meaning they are accessing a part of their brain to remember a fact. Whereas if you ask them to think of what it must be like to live on the moon, they look to the upper right, which is called  indicates “visual construct,” meaning they are accessing a part of their brain to create a scenario. This is also what someone does when they lie.

Become an observer of the human condition. Study what makes people tick and what motivates them. Determine who is truthful and who lives a lie. Bad guys who want to take from you generally lie. Whether in person, online, or over the phone, you can sense a lie if you are tuned in. And that should help protect you from scammers and identity thieves.

There are numerous tools to protect you too. Intelius offers a Background Report and a DateCheck. Its unfortunately not enough to simply “trust” or even trust your gut. Its often necessary to make a small investment.

Background reports include, when available, a criminal and sex offender check, lawsuits, judgments, liens, bankruptcies, home value & property ownership, address history, phone numbers, relatives & associates, neighbors, marriage/divorce records and more.

A Date Check instantly gets the scoop on potential dates with an online background check which provides information on living situations, relatives, criminal convictions, professional information, bankruptcies, liens, address history, social network info and more. Date Check helps you follow up on your intuition with real facts.

In the meantime protect your identity too.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Bernie Madoff, liar, on CBS Boston.