Lost and Stolen Wallets Lead To Identity Theft

A friend called me in a panic because she had lost her wallet, which contained her driver’s license, credit cards, debit card, store cards, and her Social Security card. (You should never carry your Social Security card or Social Security number in your purse or wallet.)

Anyway, she was freaked out and wanted to know what to do. There are certain things you can do now, before your wallet is lost or stolen, to mitigate future damage, and other things that should be done once a wallet is missing.

While you still have your wallet, thin it out as much as possible. If you have multiple credit cards, store cards, Social Security cards, insurance cards, and more, then, “Houston, we have a problem.” All these ancillary cards serve no purpose other than putting you at risk for new account fraud or account takeover.

Remove unnecessary cards and put them in a safe, or cut them up and cancel the accounts. I have a MasterCard and an American Express, and if everyone took American Express I’d only have one card. I also carry a Costco card, driver’s license, and a debit card to make deposits and get cash. That’s it.

Beyond that, no other card is needed, including insurance cards. Insurance cards only need to be carried the day of an appointment. They are not necessary in emergency situations.

Photocopy all the cards in your wallet (front and back) and keep them in a safe.

When your wallet is lost or stolen, pull out the photocopies of your cards. Call the credit card issuer to report the loss and request new cards.

Easy enough. However, there is one thing I’d recommend you do prior to losing your wallet — invest in an identity theft protection service.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (For details, see McAfee’s guarantee.) For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

How to Recover a Lost iPhone

You may be one of the millions and millions who own and love your iPhone. What I love about mine is the ability to work from anywhere and I can also view my home security cameras through an iPhone application.  ADT Pulse provides customers with anywhere, anytime access to their home via smart phones or personal computers, including an iPhone application.

But what if you lost your iPhone? Certainly you can just get another one, but what if you are within the timeframe that you can’t get a subsidized phone upgrade? You may have to spend hundreds and hundreds on an unsubsidized iPhone. Fortunately, you have a great option to recover a lost iPhone that works with your iPhone’s GPS

It’s easy. Activate Find My iPhone. This is a subscription based service ($99 annually) if your iPhone is a 3G or 3Gs. Find My iPhone is FREE if you have an iPhone 4.

Just enable Find My iPhone in the MobileMe settings on your iPhone or iPad. Then sign in to me.com from any computer or using the Find My iPhone app on another iPhone, iPad, or iPod touch to display its approximate location on a full-screen map.

When I did this the process was a little buggy because of my inability to connect my phone to the Me/Find My iPhone Account.  Once you log into Me.com with your Apple credentials, the same credentials you use to download an App on your iPhone, the phone should connect.

Find My iPhone locates your phone via a map and tells you an approximate location. It also allows you to send a message to who may have found the phone (like a number they should call to return it) and it overrides your vibrate setting and emits an alarm if you send a signal and are in range to listen for it. If all else fails Find My iPhone can wipe all your phones data remotely to help prevent identity theft.

Robert Siciliano personal security expert to Home Security Source discussing mobile phone spyware on Good Morning America.

The 12 Scams of Christmas and Other Attacks

Identity Thieves and Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information. As cybercriminals begin to take advantage of the holiday season, be cautious.

Scam I: Charity Phishing Scams

Hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations.

Scam II: Fake Invoices from Delivery Services

Cybercriminals often send fake invoices and delivery notifications appearing to be from Fed Ex, UPS or the U.S. Customs Service.

Scam III: Social Networking Scams

Cybercriminals send authentic-looking “New Friend Request” e-mails from social networking sites.

Scam IV: Fake Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Worms mask as Hallmark e-cards and more.

Scam V: “Luxury” Holiday Jewelry

Scam campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from brand names.

Scam VI: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Researchers predict online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While this is the season for giving, don’t give away your identity.  Cybercrooks promote fake gift card offers and other schemes with the goal of stealing consumers’ money and information, which is then sold to marketers or used for ID thefts.

Scam VII: Risky Holiday Searches

Hackers create fraudulent holiday-related websites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver.

Scam VIII: Job-Related E-mail Scams

Scammers are preying on desperate job-seekers with the promise of high-paying jobs and work-from-home moneymaking opportunities.

Scam IX: Auction Site Fraud

Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.

Scam X: Password Stealing Scams

Thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging.

Scam XI: E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions.

Scam XII: Ransomware Scams

Hackers gain control of people’s computers then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible.

Protect yourself:

1.     Never Click on Links in E-Mails: Go directly to a company or charity’s website by typing in the address or using a search engine.

2.     Use Updated Security Software: Protect your computer from malware, spyware, viruses and other threats with updated security suites.

3.     Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected.

4.     Use Different Passwords: Never use the same passwords for multiple online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

5.     Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it.

6.     Get Identity Theft Protection: McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com. (Disclosures)

Typosquatting Scams in Social Media

Typosquatting, or URL hijacking, is a form of cybersquatting that targets Internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter or criminal hacker.

In a new twist, some typosquatters have begun using these domains to advertise deceptive promotions, offering gift cards or iPads to lure visitors.

“Twiter.com,” for example, redirects all the would-be Twitter users who missed one “t” to http://twitter.com-survey2010.virtuousads.com/survey.html. Notice that this copycat page’s URL begins with “http://twitter.com,” but clearly is not part of Twitter. Mistyping “youube.com” or “acebook.com” will send you to similar pages, which are designed to resemble YouTube and Facebook.

This scam benefits affiliate marketers who get paid when users click links and fill out forms. The shadiness of these sites, and the misleading techniques of their operators, indicates that any information you provide will most likely be misused, leading to annoyance and possibly fraud.

Typos are a common occurrence with no solution. But users who do find themselves on one of these alternate pages need to check the address bar and use common sense. Familiar colors, fonts, and logos may imply that you’re at the right website, but pay closer attention to be sure you’re not heading down a rabbit hole of spam and scams.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Please educate and protect yourself by visiting www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Miami Area Police Provide Burglary Prevention Tips

The FBI reports a burglary occurs in the United States every 15.4 seconds. That’s almost 4 property crimes a minute. Wow! A burglary can be in a home, park, car, parking lot, gym or place of work.

They state:

  • Most burglaries occur during the day when everyone’s at work or school.
  • Unlocked, unoccupied homes that are off the beaten path have the best escape routes and are big targets.
  • Auto break-ins are “crimes of opportunity”. If the bad-guy sees your stuff in the front or back seat they smash and grab.

Home security tips they offer:

  • Use solid steel or solid wood doors.
  • Trim shrubs to eliminate hiding spots.
  • Report suspicious activity in your neighborhood.
  • Start a neighborhood watch and get to know your neighbors.
  • Inform a few trusted neighbors of any travel plans to assist in the collection of newspapers and mail.
  • Install a home security system monitored by law enforcement and consider security cameras too.

Auto security tips they offer:

  • Lock you doors and take your keys. Sounds, like a no brainer, but you’d be surprised at how many don’t follow this simple rule.
  • Don’t leave valuables exposed. Put them in the trunk or take them with you.
  • Don’t leave papers that may have identity data visible.
  • Activate alarms, use antitheft wheel locks.
  • Carry your registration in your wallet and make photo copies that you keep at home.
  • Never leave your engine running and walk away from the car, even if it’s only for a minute.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston.

This Holiday Season, Beware of Phantom Websites

A “fly by night” business is one that quickly appears and disappears, without concern for the quality of their product or service, or for legal regulations. These untrustworthy businesses often operate fraudulently. On the Internet, a fly by night business is called a “phantom website.”

Phantom websites exist to collect personal and credit card information. They can appear online any time of the year, but the holidays are prime time. They imitate the look and feel of a legitimate website, and many simply copy the web code from well-known online retailers, right down to the names and logos. They may also purchase domain names that resemble those of legitimate retailers, “typosquatting” to take advantage of mistyped searches.

Criminals may direct you to phantom websites using advertisements, even on major search engines like Yahoo and Google. These links or clickable graphics can either send you to a phantom site, or they may even directly infect your computer with malware.

Hackers and scammers also rely on black hat SEO to get their phantom websites ranked on the first or second page of search results, using the same search engine optimization techniques as legitimate vendors.

However, these scammers also game the system using techniques like “link farms,” “keyword stuffing,” and “article spinning,” which are frowned upon by search engines. Using these techniques to lure visitors will get them banned within a month or two, but that’s plenty of time to establish an online presence and scam plenty of victims.

And of course, phishing is in season all year long. Scammers send emails offering deals too good to be true, in order to draw visitors to their phantom sites. They’ll often take advantage of major holidays and significant world events to create an enticing offer. These emails are designed to trick recipients into entering account credentials, which allows the scammers to take over existing accounts or open new ones.

Protect yourself from phantom websites by only doing business with legitimate online retailers you know, like, and trust. Go directly to their websites, rather than relying on search engines, which may lead you astray. But do use search engines to check out a company’s name and look for ratings sites where customers have posted their experiences with a particular company. If you can’t find anything aside from the company’s own website, be suspicious.

And, never click on links in unsolicited emails. Just hit delete.

Use SiteAdvisor or a similar service to scan for infected links.

And invest in identity theft protection, because when all else fails, it’s nice to have a service watching your back. McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com. (Disclosures)

Online Shoppers Concerned About Identity Theft

Shopping online is unquestionably more convenient and efficient than traditional commerce. But is it safer?

We face risk everywhere we go. We risk car accidents on the way to the mall. Muggers and thieves present a risk. Heck, you risk catching a cold from a sniffling salesclerk!

Similarly, shopping online creates another set of pitfalls, most of which involve financial loss, credit card fraud, or certain forms of identity theft.

According to a recent study conducted by the National Cyber Security Alliance, of almost 3500 United States adults surveyed, 64% have not made an online purchase from a specific website because of cybersecurity concerns. 60% said this was because they were unsure whether the specific website was secure. 51.4% worried about providing the requested information, and 48.4% felt a website requested more information than was necessary for the transaction.

When shopping online, you risk unintentionally visiting an infected website, which could infect your PC with keylogging spyware, which would be used to steal your stored data. Or, you might provide your credit card information to a legitimate online merchant that then falls victim to a data breach. Another risk is that you might order a particular product but receive something of lesser quality, or a different item entirely, and you may then have to contend with poor customer service.

Based on the potential risks, I don’t worry about shopping online. In most cases, you can protect yourself from keyloggers and malicious websites by running the newest version of your browser, keeping your antivirus software updated, and installing critical updates to your operating system.

To defend against credit card fraud, pay close attention your statements and refute any unauthorized transactions within 60 days.

The only way to avoid getting scammed by shady sites is do business only with trusted web merchants. It’s also a good idea to do an online search for the website or company’s name prior to making a purchase, since in many cases, review or opinion websites will provide background on a business’s reputation.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Cyber Monday on Fox.(Disclosures)

How to Prevent Door to Door Scams

A close friend called to tell me a man knocked on her door to sell her on repaving her driveway. In the process, he requested she invite him in to discuss it further and go over different options. The man was persistent and if my friend was anyone else, he may have gotten in. However, she is savvier than that and reminded him that her German Shepherd would not appreciate anyone coming in the house.

Call them con men, grifters, scammers, or thieves. Or simply call them liars. Lying is what they do best. Face to face, via email or over the phone they lie through their teeth. They do it casually and with such conviction that we have no reason not to believe them.

These people will stand in your doorway and, in some cases, keep you talking until you buy something or persist till they get into your home. Remember, whatever you tell them can be used against you.

For example, if they act as a home alarm salesman and find out you don’t have an alarm, they may break into your house. If you tell them who your home alarm is with, they may call you at a later date posing as that alarm company and request “updated credit card numbers”.

This “request” is best resolved by not answering any questions at all, or telling the person at the front door (while you speak to them through the locked door) you are not interested. No matter what, never give them Social Security or credit card numbers, or tell them whether or not you have a home alarm.

The key is to stop being so nice and SAY NO as quickly as possible and always do it through a locked door.

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Are You Protected From Zeus?

In Greek mythology, Zeus is the father of all gods and men. Today in the tech world, Zeus is the father of all computer viruses. The Zeus Trojan virus, which has been around since 2007, has been described as one of the most powerful, sophisticated, and evasive viruses ever. Many antivirus programs have had difficulty defeating it. Experts believe that millions of computers may have the virus without users having noticed.

Zeus behaves like many other viruses in that it may lure the PC user into clicking an infected link in the body of an email, then instantly downloads the virus, which quietly installs itself in the background. Sometimes that link may point to an infected website, which injects the virus in the form of a “drive-by download.” Once Zeus has been installed, it works as spyware, recording keystrokes as the user types.

Last month, the FBI broke up a hacking ring that had used the Zeus virus to steal more than $70 million. More than 100 people were charged or detained, including code writers in the Ukraine and “mule-network operators” throughout the United States, the United Kingdom, and Ukraine. The ring primarily targeted U.S. bank accounts, as well as some in the U.K., the Netherlands, and Mexico.

Zeus is designed to steal bank account login credentials. It has traditionally targeted PCs, but has now been updated to attack cell phones as well, with one version of the malware apparently “intercepting SMS confirmations sent by banks to customers, and defeating the fund transfer authorization codes.”

Protect yourself from this and other viruses by running free operating system updates from Microsoft. Click “Start,” then “All Programs,” and then scroll up the menu and select “Windows Update” or “Microsoft Update.”

You should also install antivirus software. Most PCs come bundled with antivirus software that is free for the first year or six months. Just renew the license whenever it expires. Most antivirus software categorizes spyware as a virus now, but it’s also a good idea to run a spyware removal program daily. You should also install a firewall. Microsoft’s operating system has one built in, but it is not sufficient. Use a third party firewall that comes prepackaged with antivirus software.

And don’t be a fool. Scammers consider you, the target, “simple minded.” They’ll use 1001 different techniques to trick you into divulging your data. They attempt to gain your trust by lying, sending misleading emails, or planting pop-up ads that try to convince you to download software for your own protection. Just hit delete.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. (Disclosures)

11 Tips to Secure Online Shopping

Here are 11 tips to have a safe online shopping experience during the holiday season:

  1. Avoid spoofed websites. Common sense says any time you receive an offer via an e-mail automatically be suspicious. The same goes with offers via tweets and messages received in any social media site.
  2. Don’t click the links in e-mails. Especially if it’s a too good to be true offer.
  3. Beware of cybersquatting and typosquatting which may look like the domain of the legitimate eTailer.
  4. Look for https:// in the address bar signifying it’s a secure page. Generally, scammers won’t take the time to set up secure sites. Note the closed padlock in your browser to back up the HttpS.
  5. Beware of e-mails coming for eBay scammers. If you are seeking deals on eBay, go right to the site and don’t bother responding to e-mails. Search deals on an e-mail directly on eBay.
  6. Look at the eBayers history. eBay is set up on the honor system. If the eBayer is an established seller with great feedback, they should be legit.
  7. Pay close attention to your statements. Check them every two weeks online and refute unauthorized charges within 2 billing cycles.
  8. Don’t use a debit-card online. If your debit card is compromised, that’s money out of your bank account. Credit cards have more protection and less liability.
  9. Avoid paying by check online/mail-order. Once the money is taken from your account and you don’t receive the goods, you are going to have a difficult, if not impossible, task of getting it back.
  10. Do business with those you know, like and trust. It’s best to buy high ticket items from eTailers that also have brick and mortar locations.
  11. Secure your PC. Update your critical security patches and anti-virus and only shop from a secured internet connection.

Robert Siciliano personal security expert to Home Security Source discussing
credit and debit card fraud on CNBC.