Merchant Credit Card Transaction Monitoring

Robert Siciliano Identity Theft Expert

Security professionals  intuitively think proactively. Our job  is to predict and prevent what the bad guy will do next. My job specifically is to instill this mindset into you, the consumer,  SMB or large corporate enterprise.

Bob Russo, General Manager and Rockstar of the PCI Security Standards Council reminds us all in this Business Week article that it’s not all about prevention. Sage advice below.

“Many businesses are familiar with the PCI Security Standards Council’s requirements, yet many card fraud incidents go undiscovered for long periods of time. In fact, according to Verizon’s 2009 Data Breach Investigations Report, 75% of compromises were discovered at least weeks after the compromise.

Data security is not all about prevention; it also requires detection and monitoring. In the event of a breach or card fraud, proper monitoring can detect and eliminate additional fraud quickly. Thus, with the holiday season in full swing, it’s a great time to reconsider your company’s log management and monitoring. Consider the following tips:

1. Ensure your organization keeps timely, accurate, and unaltered records of what has taken place within the cardholder data environment (who, what, when, and how) to protect it in the event of a data compromise and resulting investigation.

2. Monitoring also can include physical surveillance. Closed-circuit monitoring of POS terminals can detect suspicious or fraudulent behavior.

3. Even when you are at your busiest, you simply cannot afford to overlook monitoring as a primary detector of card fraud and the trigger to eliminating ongoing criminal activity.”

And my advice. For your own good, protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano identity theft speaker discussing holiday scams on Foxes Mike and Juliet Show

10 Tips to Secure Online Holiday Shopping

Robert Siciliano Identity Theft Expert

UK officials shut down an amazing 1200 online retailers who scammed millions from unsuspecting shoppers. Most of the sites originated from identity thieves in Asia who tricked victims into believing they were legitimate sites.  Victims then lost money by entered their credit card data, sending checks or giving up banking details.

The sites sold high end designer items from Tiffany & Co, Ugg and jewelry. In some cases the victims actually received the items, but were counterfeit. Like Mom said, if it’s too good to be true it probably is. Of course nobody running the fake sites has been caught.

Criminals set up fake websites and then go through the same process legitimate eTailers do in regards to search engine optimization, search engine marketing and online advertising via adwords. They use key words to boost their rankings on Internet searches to show up along side legitimate sites. These same processes are also being used to infect unsuspecting users with malware.

Many victims who end up on scam sites generally get there via phish emails with offers for high end products for little money.

  1. It’s easy enough to avoid spoofed websites where phishing is the gateway. Common sense says any time you receive an offer via an email automatically be suspect. The same goes with offers via tweets and messages received in any social media. Scammers are committing social media identity theft every day.
  2. If you aren’t familiar with the eTailer don’t even bother clicking the links, especially if it’s a too good to be true offer.
  3. If it’s a known site sending the email and you decide to click links, make sure the address you end up at is in fact the actual domain of the eTailer. Beware of cybersquatting and typosquatting which may look like the domain of the legitimate eTailer.
  4. When placing an order always look for HttpS is the address bar signifying it’s a secure page. Scammer generally won’t take the time to set up secure sites. Note the closed padlock in your browser to back up the HttpS.
  5. Beware of emails coming for eBay scammers. I’m getting 10 a day. The fact is it’s difficult to tell a real from a fake. If you are seeking deals on eBay go right to the site and don’t bother responding to emails. If there is a deal you see in an email search it on eBay.
  6. Whenever you decide to make an eBay purchase look at the eBayers history. eBay is set up on the honor system and if the eBayer is an established seller with great feedback then they should be legitimate.
  7. Don’t worry about credit card fraud. But do pay close attention to your statements. Check them every two weeks online and refute unauthorized charges within 2 billing cycles, otherwise you will pay for an identity thieves gifts.
  8. Don’t use a debit-card online. If your debit card is compromised thats money out of your bank account. Credit cards have more protection and less liability.
  9. Avoid paying by check online/Mailorder. In person is OK. But to an unfamiliar virtual site is not. Once the money is taken from your account and you don’t receive the goods, you are going to have a difficult if not impossible task of getting it back. Use a uniball gel pen that prevents check-washing.
  10. Do business with those you know like and trust. I for one am guilty of buying from eTailers who have the best deals. But I only buy low ticket items from them, generally under $50.00. It’s best to buy high ticket items from eTailers that also have a brick and mortar locations.

Robert Siciliano identity theft speaker discussing holiday scams on Foxes Mike and Juliet Show

Holiday Temps Make The Best Identity Thieves

Robert Siciliano Identity Theft Expert

This is the absolute best time of the year to be a dishonest temporary worker. Holiday hustle and bustle overwhelms managers and supervisors and they can’t possibly see everything their employees are doing. It has been said that only 10% of employees are honest, 10% of employees will always steal and 80% will steal based on circumstances. Hiring temps during the holidays becomes the perfect storm for employee theft.

Estimates reveal that 40-50% of all business losses are due to employee theft. Employers need to first vet potential hires so as not to invite a thief into the workplace.

Prescreening

  • Either use a prescreening service or become a master interviewer. Watch for incongruities.
  • Resumes are often “false advertising,” sometimes including outright lies. Look for red-flags and exaggerations.
  • Appearance is telling. To be disheveled and unkempt at an interview is a reflection of one’s character.
  • Interviewees who are well-spoken and ace the interview process may have had lots and lots of jobs.
  • Use employment applications, and check and verify everything.
  • Background checks are only one small, but necessary, element of the screening process.
  • Criminal records checks are insufficient and do not detect employee theft unless prosecuted and convicted.
  • Juvenile convictions do not show on a criminal records check.
  • Drug and alcohol testing.
  • Reference checks.
  • Credit reports.
  • Physical exams.

Hire honest people.

Honest people live by the golden rule, “Do as to others as you would have them do unto you.” Honest people see stealing as demeaning. Honest people believe in karma. Honest people think of the consequences of their actions over a lifetime, not just in the moment. Hire honest people.

Perception is reality.

Assume that after an apparently honest person has been hired, there is still potential for stealing to begin. Orientation is the first place to discourage this behavior. Policies must be openly discussed. Employees are shown aspects of loss prevention and physical security in place. They are further told incidences of theft will be prosecuted under the fullest extent of the law. They are reminded that previous employees were caught and the expenses in fines and to lawyers in a criminal defense cost far more than the goods or cash that were stolen. In Singapore, Iran, Saudi Arabia, they put an average of 500 people a year to death for various nonviolent crimes. That’s perception equaling reality.

Understand the theft probability equation.

Chance of getting caught + consequences of action taken = Level of risk & probability of theft.

  • Low risk: high probability of theft
  • High risk: low probability of theft
  • A reputation for non-action breeds theft. If you fire thieves without prosecution, you will hire thieves in the future.

Increase technology to reduce threats.

ComputerWorld suggests bolstering physical security around temporary cash registers and handheld scanners. It’s easy to install a card-skimming device on a satellite register. Install additional video cameras to monitor the use of such devices.

Review log data daily. System and transaction logs can reveal a lot of information about the security of a payment system. Check them daily for red flags.

Implement “hard” firewall policies. Use a white list of known good addresses to preclude the possibility of card and payment data going anywhere outside the enterprise firewall except to your payment processor.

For your own good, protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

Robert Siciliano identity theft speaker discussing holiday scams on Foxes Mike and Juliet Show

Sponsored Broadcast Radio

Broadcast Radio Sponsored by McAfee

06.30.10 WVOL TJ Graham Show Audio HERE

06.22.10 KXYL Morning Big Show with Mike Cope and Jesse Jones Audio HERE

06.22.10 KERN 1180 AM www.Moneywiseguys.com Brian Wiley, Garro L Ellis Audio HERE

06.11.10 Panama Fox News 1270am Audio HERE

06.11.10 Rick Hamada KHVH 830AM Audio HERE

06.10.10 Adeline’s Chronicles AM 1060 WBIXBoston Radio Audio HERE

Broadcast Radio Sponsored by Intelius.com

The following spots are examples of getting the word out to empower people to secure their personal security.

05.30.10 Staci Bockmann MyGreatKid Radio Show Audio HERE

05.28.10 Guy T Wehman The Nightbeat Nation Audio HERE (TBA)

05.28.10 Mike Kakuk am800cklw The Morning Drive Audio HERE

05.26.10  Dave & Bill, the hosts of CHWRadio In the CyberHood Audio HERE

05.17.10 Rob McConnell, “The ‘X’ Zone Radio Show Audio HERE

05.14.10 WBNW Money Matters Radio Network Audio HERE

04.23.10 Brian Novak with NewsTalk 1480WHBC Audio HERE

04.02.10 BusinessMatters Thomas White Social Media Security Audio HERE

03.27.10 SupertalkWFHG.com Barbara McFaddin, Identity Theft Audio HERE

03.25.10 YOUR MONEY SHOW Identity Theft, Audio HERE

03.23.10 KWAVE Michael David Public Affairs, Identity Theft Audio HERE

03.22.10 KORN Let’sTalk Host: Jena O’Conor Audio HERE

03.22.10 Michael Ray Dresser Cell Spying Audio HERE

03.22.10 WBNW Money Matters Midday Edition with Chuck Nilosek, Identity Theft Audio HERE

03.21.10 Marcus Edwardes Identity Theft Audio HERE

3.16.10 Michael Ray Dresser Cell Spying Audio HERE

3.14.10 America Tonight Kate Delaney Audio HERE

03.11.10 KBUR Steve Hexom Morning Show Census Scams Audio HERE

03.10.10 WZGC Jimmy Baron Identity Theft & Cell Spying HERE

03.08.10 WRXK Stan and Haney Identity Theft Audio HERE

03.08.10 WZTA Clear Channel Rhett Palmer Identity Theft and Personal Security Audio HERE

03.08.10 Michael Ray Dresser Cell Spying Audio HERE

03.04.10 WNJC Brian Greenberg, Identity Theft Audio HERE

03.04.10 KDRO Charlie Thomas, Identity Theft Audio HERE

03.02.10 WTOP Botnets Audio HERE

03.01.10 Michael Ray Dresser Online Reputation Management Audio HERE

02.26.10 The Rick Dees Top 40 Audio HERE

02.25.10 KNEWS The Mark Christopher Show Audio HERE

01.23.10 Michael Ray Dresser “P2P file sharing risks” Audio HERE

02.22.10 Peter Anthony Holder Audio HERE

02.22.10 KORN Jena O’Connor Audio HERE

02.18.10 FMTalk1011 Allan Handelman Audio HERE

02.15.10 Michael Ray Dresser, Dresser After Dark Audio HERE

02.15.10 America Tonight Kate Delaney Audio HERE

02.09.10 Michael Ray Dresser, Dresser After Dark Audio HERE

02.02.10 WHK The ADVOCATE Audio HERE

02.01.10 WYDE Lee Davis Show Audio HERE

02.01.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.30.10 Real Wealth Show Kathy Fettke Audio HERE

01.30.10 KWYR Marsha Raye Audio HERE

01.29.10 Fox News Radio KTRH Audio HERE

01.29.10 Fox News Radio WSBA Audio HERE

01.29.10 Fox News Radio KCOL Audio HERE

01.29.10 Fox News Radio KFBK Audio HERE

01.29.10 Fox News radio KURV Audio HERE

01.25.10 American Medical Association XM Radio Audio HERE

01.25.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.25.10 KSCO Rosemary Chalmers Morning Show Audio HERE

01.23.10 WNJC The Lee and Brian Show Audio HERE

01.22.10 WFLO AM/FM, Elliott Irving Audio HERE

01.22.10 KDKA Radio Mike Romigh Morning Talk Audio HERE

01.21.10 WLEN Jerry Hayes  Audio HERE

01.20.10 2GB Jason Morrison Australia Audio HERE

01.19.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.18.10 KAHI Popp Off Host: Mary Jane Popp Audio HERE

01.17.10 Mens Dugout Dr. Tara Grace Perry Audio HERE

01.15.10 Lori Wilk: Business Identity Risks in 2010 Audio HERE

01.11.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.04.10 WTXY Robby Kendall 1540 WTXY1540.com Audio HERE

01.04.10 WTKK Jim & Margery show on 96.9 Boston Talks Audio HERE

12.30.9 KDKA Radio Mike Romigh Night Talk Host Audio HERE

12.18.9 Simon Barrett BloggerNews Audio HERE

12.9.9 KBUR Steve Hexom Morning Show Audio HERE

12.7.9 WOON Midday Show Host: Don Burnelle Audio HERE

12.6.9 Golden Radio Network/ABC RADIO America Tonight Audio HERE

12.5.9 WRDU Dave and Carmen Clear Channel Audio HERE

12.4.9 Fox KURV McAllen, TX Audio HERE

12.4.9 Fox  WHJJ Providence, RI Audio HERE

12.4.9 Fox  KFTK St. Louis, MO Audio HERE

12.4.9 Fox WREC Memphis, TN Audio HERE

12.4.9 KIDO Boise, ID Audio HERE

12.4.9 Fox  WTAG Worcester, MA Audio HERE

12.4.9 KOA Denver, CO Audio HERE

12.4.9 KPAY Chico, CA Audio HERE

12.3.9 Lori Wilk: Identity Theft What You Need To Know Audio HERE

12.2.9 Montel Williams. Montel Accross America Audio HERE

MIT Says Handing Over Your Identity Data Protects You

Robert Siciliano Identity Theft Expert

Identity is a simple concept that has become a complex problem. It has become complex due to fraud. Fraud, motivated by money and the ease of obtaining credit and taking over an account. Because identity has yet to be effectively established, anyone can be you.

Currently, identity is generally established when a person provides a single source of data such as a Social Security number, password, credit card number and so forth. Complicating things further, in the U.S. we have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. We use “for profit” third party information brokers and the lowly vital statistics agency that works for each state to manage the data.

According to a new proposal in New Scientist, our digital identities will be more secure if they are based on data from our everyday life, culled from cell phones and online transactions. The idea comes from the Massachusetts Institute of Technology’s Human Dynamics Laboratory. The lab is a pioneer of “reality mining,” which is the practice of studying how people behave by using the crumbs of digital data our actions produce.

Reality mining is “what you do and who you do it with.” Or in MIT-over-my-head-speak: “Reality Mining defines the collection of machine-sensed environmental data pertaining to human social behavior. This new paradigm of data mining makes possible the modeling of conversation context, proximity sensing, and temporospatial location throughout large communities of individuals. Mobile phones are used for data collection, opening social network analysis to new methods of empirical (information gained by means of observation) stochastic (random) modeling.”

Even Google can’t define the word “temporospatial.” Find it. I dare you.

The research is based on the use of mobile phones to provide insight into individual and group behavior. They captured communication, proximity, location, and activity information from 100 subjects at MIT over a year. This data represents over 350,000 hours (~40 years) of continuous data on human behavior. Some of the research questions include:

  • How do social networks evolve over time?
  • How predictable are most people’s lives?
  • How does information flow?

The idea is to capture and harness all this information that represents “what you do and who you do it with.” Managing this would consist of the creation of a central body, supported by a combination of cellphone networks, banks and government bodies. The bank, being one of the supporters, could provide “slices” of data to third parties that want to check a person’s identity.

This is different than “who you are and what you know.” Currently, positive ID is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples static biometrics include your iris, fingerprint, face, and DNA. Dynamic biometrics include your signature gesture, voice, keyboard, and perhaps gait. Also referred to as something you are. Verification is used when the identity of a person cannot be definitely established. Technologies used provide real time assessment of the validity of an asserted identity. We don’t know who the individual is but we try to get as close as we can to verify his or her asserted identity. Included in this class are out of wallet questions, PINS, passwords, tokens, cards, IP addresses, behavioral based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.

Currently, identity isn’t established. There is no accountability. That’s why we have identity theft. Anyone can become you just by saying so. In the meantime, until the big heads at MIT figure this out, protect your identity.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

Robert Siciliano, identity theft speaker, discusses Social Security numbers on Fox News

Handwritten Signature is Stupid Authorization

Robert Siciliano Identity Theft Expert

Ever forge your husband’s signature? Wife’s? Parent’s? Client’s? Do you think the clerk behind the counter at Walmart is skilled in handwriting analysis? I’ve always viewed a signature as a totally ridiculous form of authentication and a total waste of my time. Signing my name has always been burden and a frustrating task.

Nobody seems to know when a handwritten signature became a form of authorization. From what I can gather, it seems the modern signature was born when kings signed declarations. Eventually, villagers began signing their names to acknowledge accountability. So the signature was born during a time when we had kings and queens, moats, wizards, and dragons. And we continue to rely on this today. Not too smart.

My signature has evolved from a time intensive, physically demanding, well thought out, legible spelling of my first name, middle initial, and last name, to a first initial, middle initial and last name, then to a quick scribe of what might look like an R, and S, and a squiggly line in place of my last name. Today, my signature tends to be a straight line. Who the heck came up with electronic signature pads? Stupid!

Between my driver’s license, credit cards, checks, e-signature pads, and whatever contracts I fill out on a yearly basis, my signature is completely different on each document. Total inconsistency.

I spoke with Robert Baier, a forensic document examiner and handwriting analysis expert, and told him about my inconsistent signatures. Between his facial expression, shaking head and other body language, and his verbal response, I got the message that this is a bad thing. Bob is what I call the “Document Whisperer.” He has savant-like talents and can size a person up by their signature. Which means I probably disturb Bob.

I don’t really care about a signature. I don’t know if it’s because I find handwritten signatures so ridiculous or because I’m lazy with this task. The fact is, a handwritten signature provides zero proactive security. The way I see it, signing your name to any document ultimately assigns liability. If someone signs your name to a check and you call the bank and say it wasn’t you, they look at the signature and determine whether it’s yours or not. From there they assign liability. That’s dumb.

Other than at the teller line, most banks don’t actually view signature cards until there’s a problem. Same with credit card issuers etc. There are a few companies that actually have given validity to the handwritten signature. One such company is Orbograph, an image-based fraud detection company north of Boston that actually looks at previous signatures and recognizes potential document fraud before loss occurs. If we are going to rely on signatures, this type of technology needs to be implemented everywhere.

Many smaller credit card purchases no longer require a hand written signature. Visa recently announced it would mandate a move to chip and PIN technology for all Australian Visa cardholders over the next four years, with signatures no longer accepted at the check-out by 2013. This means all card holders will have a password, as opposed to a signature.

Even though passwords aren’t all that secure to begin with, a signature is even less secure, unless of course we provide the signature some credibility by implementing image-based fraud detection system-wide, or putting guys like Bob in a booth in every business district on the planet to review the legitimacy of the signature. That ain’t happening. Yet we have plenty of coffee shops on every corner. Seems like our priorities are a bit skewed.

Because the system is insecure, you must protect your identity.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

Robert Siciliano identity theft expert discussing all kinds of security issues on TBS Movie and a Makeover

The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season Pt IV of IV

Robert Siciliano identity theft expert

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information

As cybercriminals begin to take advantage of the holiday season, McAfee, Inc. revealed the “Twelve Scams of Christmas” – the twelve most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.

Being that I’m on McAfee’s Consumer Advisory Board, I’m advising you to adhere to the following:

Previous first 3 of Twelve Scams of Christmas here. McAfee’s 3 more of Twelve Scams of Christmas below.

Scam X: Password Stealing Scams

Password theft is rampant during the holidays, as thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.

Scam XI: E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. Then they often sell this information through an underground online black market.

McAfee Labs believes cybercriminals are more actively scamming consumers with this tactic during the holidays since people are monitoring their purchases closely.

Scam XII: Your Files for Ransom – Ransomware Scams

Hackers gain control of people’s computers through several of these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user’s files ransom by demanding payment in exchange for getting them back.

McAfee advises Internet users to follow these five tips to protect their computers and personal information:

1. Never Click on Links in E-Mails: Go directly to a company or charity’s Web site by typing in the address or using a search engine. Never click on a link in an e-mail.

2. Use Updated Security Software: Protect your computer from malware, spyware, viruses and other threats with updated security suites. McAfee® Total Protection software provides fully-featured protection from current and emerging threats. It also comes built in with McAfee SiteAdvisor® technology, a safe search toolbar to warn consumers of a Web site’s safety rating as well as phishing protection. It uses intuitive red, yellow and green checkmarks to rate potentially dangerous Web sites when searched on Google, Yahoo! or Bing.

3. Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected so hackers cannot gain access to them and spy on online activity.

Also, remember to only shop on Web sites that begin with https://, instead of http://, and seek out Web sites with security trustmarks, like McAfee SECURE.

4. Use Different Passwords: Never use the same passwords for several online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

5. Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it. Cybercriminals are behind many of the seemingly “good” deals on the Web, so exercise caution when searching and buying.

If you think you may be a victim of cybercrime, visit McAfee’s Cybercrime Response Unit to assess your risks and learn what to do next at www.mcafee.com/cru.

Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

Invest in Intelius Identity Theft Protection and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Cyber Monday on Mike and Juliet

The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season Pt III of IV

Robert Siciliano identity theft expert

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information

As cybercriminals begin to take advantage of the holiday season, McAfee, Inc. revealed the “Twelve Scams of Christmas” – the twelve most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.

Being that I’m on McAfee’s Consumer Advisory Board, I’m advising you to adhere to the following:

Previous first 3 of Twelve Scams of Christmas here. McAfee’s 3 more of Twelve Scams of Christmas below.

Scam VII: Christmas Carol Lyrics Can Be Dangerous – Risky Holiday Searches

During the holidays, hackers create fraudulent holiday-related Web sites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver. Downloading holiday-themed files may infect one’s computer with spyware, adware or other malware. McAfee found one Christmas carol download site that led searchers to adware, spyware and other potentially unwanted programs.

Scam VIII: Out of Work – Job-Related E-mail Scams

The U.S. unemployment rate recently spiked to 10.2 per cent, the highest level since 1983. Scammers are preying on desperate job-seekers in the poor economy, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead of following through on the promised employment opportunity.

Scam IX: Outbidding for Crime – Auction Site Fraud

Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.

Stay tuned to part IV.

Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

Invest in Intelius Identity Theft Protection and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Viruses in Christmas Gifts on FOX News

The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season Pt I of IV

Robert Siciliano identity theft expert

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information

As cybercriminals begin to take advantage of the holiday season, McAfee, Inc. revealed the “Twelve Scams of Christmas” – the twelve most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.

“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity,” said Jeff Green, senior vice president of McAfee Labs. “These thieves follow seasonal trends and create holiday-related Web sites, scams and other convincing e-mails that can trick even the most cautious users.”

Being that I’m on McAfee’s Consumer Advisory Board, I’m advising you to adhere to the following:

McAfee’s 3 of Twelve Scams of Christmas

Scam I: Charity Phishing Scams – Be Careful Who You Give To

During the holiday season, hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the identities of donors.

Scam II: Fake Invoices from Delivery Services to Steal Your Money

During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from Federal Express, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details to credit back the account, or require users to open an online invoice or customs form to receive the package. Once completed, the person’s information is stolen or malware is automatically installed on their computer.

Scam III: Social Networking – A Cybercriminal “Wants to be Your Friend”

Cybercriminals take advantage of this social time of the year by sending authentic-looking “New Friend Request” e-mails from social networking sites. Internet users should beware that clicking on links in these e-mails can automatically install malware on computers and steal personal information.

Stay tuned to parts II, III & IV.

Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

Invest in Intelius Identity Theft Protection and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Christmas Holiday Scams on Mike and Juliet.

The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season Pt II of IV

Robert Siciliano identity theft expert

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information

As cybercriminals begin to take advantage of the holiday season, McAfee, Inc. revealed the “Twelve Scams of Christmas” – the twelve most dangerous online scams that computer users should be cautious of this holiday season. According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the top scams this year.

Being that I’m on McAfee’s Consumer Advisory Board, I’m advising you to adhere to the following:

Previous first 3 of Twelve Scams of Christmas here. McAfee’s 3 more of Twelve Scams of Christmas below.

Scam IV: The Dangers of Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season, McAfee Labs discovered a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions. Holiday-themed PowerPoint e-mail attachments are also popular among cybercriminals. Be careful what you click on.

Scam V: “Luxury” Holiday Jewelry Comes at a High Price

McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from Cartier, Gucci, and Tag Heuer. Cybercriminals even use fraudulent logos of the Better Business Bureau to trick shoppers into buying products they never receive.

Scam VI: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Forrester Research Inc. predicts online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While users shop and surf on open hotspots, hackers can spy on their activity in an attempt to steal their personal information. McAfee tells users never to shop online from a public computer or on an open Wi-Fi network.

Stay tuned to parts III & IV.

Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

Invest in Intelius Identity Theft Protection and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Black Friday and Cyber Monday on FOX Boston