Archive for year: 2009

Robert Siciliano Identity Theft Speaker 2/11/09

“I am Mr. Ming Yang, I have an obscured business suggestion for you. Your services will be paid for. Contact mr_mingyang_desk45@hotmail.com”

Mr Yang sent me an email just now. He wants…my services…? Or something. He’s not my type. My type doesn’t have a filthy virus. Plus he is a dude.

Care for a dalliance? He’s all yours.

Great article here: Data scams have kicked into high gear as markets tumble

As the markets tank, criminals are releasing a barrage of scams. email scams of every kind, infecting peripherals, drive-by viruses and more. In September 2009 there were a record 31,000 viruses released daily. That’s EVERY DAY! Criminal hackers are taking full advantage of the down economy and the overall panic and confusion of the millions of people whose lifetime investments are tanking and others who’ve lost their jobs.

Organized criminals in the form of webmobs are well funded and out for blood. They are breaching your home PC when your kid installs a malicious program to play a game, they are going after mom and pop small businesses all the way up to major enterprise networks.

5 years ago criminal hackers would compromise your machine and wreak havoc. They’d delete your files or crash your machine. Not any more. They want your machine running smooth and efficient.

Your computer network is an asset to organized criminals. They utilize your computing power as a “botnet”, which is a robot network of computers connected to the internet sitting in your home or office. All computers connected to a botnet share something in common, usually a virus that allows for a remote control component and someone or a group of crackers controlling it. They use your PC to do the dirty work sending out more spam, offers and phish emails.

Often your PC would be used as a server to host spoofed websites designed to extract data from the not so savvy who become victimized.

Many of today’s problems stem from applications we use every day that are vulnerable to attack. In criminal hacker forums, viruses are bought and sold that will infect a web based banner advertisement that may incorporate Adobe Flash player. Once the ad is clicked, or not, all you have to do is launch the page in some cases, a piece of code, or malware infects your PC and you become a zombie PC.

Running anti-virus, keeping your operating systems critical security patches updated, firewalls, updating your applications and not being stupid can prevent most attacks.

Here is an appearance discussing an attack on peripherals on Fox News

Robert Siciliano is and Identity Theft Expert and CEO of IDTheftSecurity.com he is a business builder, strategic marketer, security analyst, published author, television news correspondent. Delivers presentations on identity theft protection and personal security. Works with Fortune 1000, IT and startups. Launching, branding, messaging, representation, m&a facilitator, SEO and media. Current private equity projects include dynamic biometrics, credit card platform multi-factor authentication, security investigations and telemarketing fraud mitigation. Connect with him on LinkedIn

Identity Theft Speaker Robert Siciliano www.IDTheftSecurity.com

Me Mum calls me last night. Shes asks “Robby, Do I have a Paypal Account?” (Yes, my mom calls me robby) I say “Why do you ask?” Shes says “Paypal sent me an email and I need to update my account”

Shes 60. Been online for 5 years. Knows about as much as most “baby boomers” know about the Internet. And shes the mom of a dude thats been on CNN MSNBC FOX News and a bazillion publications on information security and identity theft prevention.

She does not have stupid written on her forehead. Shes just as naive, kind and cordial as most of her peers. She reached out to me because a piece of my advice to millions of others rubbed off on her.

I’m telling you, call your mother right now and tell her not to respond to any emails or phone calls or snailmail that are from anyone but her closest friends. I’m receiving more emails from victims and seeing more news now of people getting scammed than in any time in my adult life. It will get worse, it wont get better, and somebody you love will get scammed if you dont inform them of whats up.

Many agree. Another blogger added a very pertintnet comment to a recent post;
“With the Russian economy evaporating we can only expect a resurgence in scams coming from there, and in fact everywhere. With the public image of banks never worse and religious leaders announcing fatwa’s encouraging the cyber-attack of western commerce, I expect 2009 will see new records for fraud exploits. Perhaps not in value, because of diminished wealth of the victims, but certainly in the number of attacks.”

Yup. Cold War 2.0

Its Tax Time for Scammers in the USA. And I’m getting a flood of emails from scammers posing as the IRS. They are taking a low tech tact. They are including Word Docs that the victim fills out and faxes back. I sacrificed my security and went against my own rule and opened the attachments in the last one. I scanned them first and so far I think I’m good. And please dont send me comments telling me I have stupid written….

The attachments and note came equipped with a real fax number with an area code from the Bronx, New York USA. Cant blame the Nigerians or Russians for this one. Unless of course they live in NY ;)~

Make sure Mum has McAfee or another no brainer anti-virus provider on her PC automatically updating with every phish filter running.

See below.

DOC 1

Sir/Madam,

Our records indicate that you are a non-resident alien. As a result, you are exempted from United States of America Tax reporting and withholdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.

Therefore, you are to authenticate the following by completing form W-4100B2, and return to us as soon as possible through the fax number: +1-646- 519-7245.

If you are a USA Citizen and resident, please complete form W-4100B2 and fax it to us, please indicate “USA Citizen/Resident” on the form and return it to us.

When completing form W-4100B2, please follow the steps below

1. We need you to provide your permanent address if different from the current mailing address on your Form W-4100B2 , you must indicate if a non-USA resident, your country of origin to support your non-resident status (if your bank account or other financial dealing has a USA address for mailing purpose).

2. If any joint account holder are now USA residents or Citizen, or in any way subject to USA tax reporting laws, Please check the box in this section.

3. Please complete 1 through 19 and have all account holders, sign and date the form separately and fax it to the above-mentioned number.

Please, complete Form W-4100B2 ‘attached” and return to us within 1 (one) week from the receipt of this letter by faxing it, to enable us update your records immediately if your account or any other financial benefits are not rectified in a timely manner, it will be subject to USA tax reporting and back up withholding (if back up withholding applies, we are required to withhold 30% of the interest paid to you).

We appreciate your cooperation in helping us protect your exempt status and also update our records.

Sincerely,

Laura Stevens
IRS .Public Relations.

_____________________________________________________________________
DOC2

FORM W-4100B2 (US Tax Recertification)
Request for Recertification of Foreign Status
W-4100B2 Certificate of Foreign Status of Beneficial Owner
(Substitute form) For United States Tax Withholding
Part I Identification of Beneficial Owner
(JAN-APRIL. 2009)
1. Name of individual or organization that is the beneficial owner
2. Sex: □ male □ female
3. Type of beneficial owner □ Individual □ Corporation □ Complex Trust
□ Simple Trust □ Grantor Trust □ Central Bank of issue
□ Government □ International organization
□ Tax-exempt organization □ Private foundation
4. Date of Birth
5(a). Nationality: 5(b). Place of Birth:
6(a). Country of permanent Residence 6(b). Passport No.
7. Mother’s Maiden Name:
8(a). Spouse Name: 8(b). Spouse date of Birth:
9.Permanent resident address (street, apt, or suite no, or rural route).
Do not use a P.O.box or In-care of address
City or town, state or province, include postal code where appropriate
10. Mailing address (if different from above)
City or town, state or province, include postal code where appropriate
11. Social Security Number □SSN or ITIN □EIN
12. Profession: 13.Day time phone/ fax Number
14.(a) Bank Name(s):
15. Account number(s):
16. Branch Address:
17. Date Account(s) was opened:
18. How often do you come to USA and when did you arrive last?
19. ATTACH PHOTOCOPY OF PASSPORT OR US DRIVERS LICENCE FOR PROPER IDENTIFICATION
Part II Certification of Beneficiary Owner
Under penalties of perjury, I decided that I have examined the information on this form to the best of my knowledge and believe it is true, correct and complete.
I furthermore certify under penalties of perjury that:
. I am the beneficial owner (or am authorized to sign for the beneficial owner) of all the income to which this form relate.
. The beneficial owner is not a U.S person.
. The income to which this form relates is not effectively connected with the conduct of a trade or business in the United States or is effectively connected but
subject to tax under an income tax treaty, and
. For broker transaction or barter exchanges, the beneficial owner is an exempt foreign person as defined in the instructions.
Furthermore, I authorized this form to be provided to any withholding agent that has control, receipt or custody of the income of which I am the beneficial owner or withholding agent that can disburse or make payments of the income of which I am the beneficial owner.
The Internal Revenue Service does not require your consent to any provisions of this document other than the Certifications required to establishing your status as a non-U.S person and, if applicable, obtain a reduced rate of withholding.

Sign Here ____________________________________________________________
(Signer #1) signature of beneficial owner or individual authorized to sign for beneficial owner Date

Sign Here ____________________________________________________________
(Signer #2) signature of beneficial owner or individual authorized to sign for beneficial owner Date SEND FAX TO: +1-646- 519-7245

Heres a video of fraud around Tax Day
http://www.youtube.com/watch?v=wSyPQnXNido

Identity Theft Speaker Robert Siciliano www.IDTheftSecurity.com Article here;Are You Addicted to Information Insecurity?

Ben Rothke writes a great article that ties in addiction and information Insecurity, thats IN-security. Face it, you may be an addict. You might have an addiction to something like sugar, nicotine, alcohol, sex, gambling, addicted emotionally to another person , or even carbohydrates. Try not eating a baked flour based food for a few days and you’ll go through withdrawals. Ben states, and we all know that addictive activities produce beta-endorphins in the brain, which gives the person a feeling of being high. In this piece it seems that high is being connected to being lazy and taking the easy road. I think he makes the correlation.

At times we do take “pleasure” in in-action. We get a moment of “high” a sense of “relief”, and that is the beta-endorphins in the brain giving you a high five for in-action. But like any addiction it will eventually hurt you in one way or another.

We have been addicted to in-action. And we are fat and lazy and losing to the criminal hackers.

I often encounter people who just cant seem to get anything done. They are all addicted to in-action. And I see it in their personality’s in other areas of their lives. Organizations have to be responsible to not promote a culture of in-action addicts.
They must address security purely and organically with no additives or chemicals. They must systematically address each aspect of insecurity and execute strategic processes to avoid getting hit.

Consider criminal hackers disciplined, lean mean fighting machines that have no addictions (appease me) and thats what we are up against.

Here is another example of a long list of data breaches

Robert Siciliano www.IDTheftSecurity.com featured on link; E! THS Investigates: Dating Nightmares

True Hollywood Stories Investigates probes the dark side of dating in all its forms – the cyber hook-ups, sexual secrets, swindling suitors, psychopathic Prince Charmings, and deranged stalkers.

Thursday, Feb 5 5:00 pm eastern

Roberts Internet Movie Database resume Here and Here