IRS Fully Reliant on Social Security Numbers

/in , /by

On the Policy, Practice & Procedures page of their website, the IRS addresses the public’s concern regarding Social Security numbers on checks:

Complete Social Security Numbers (SSN) on Checks or Money Orders Remitted to IRS

Issue: Tax Professionals and clients have concerns about taxpayers putting their full SSN on checks remitted to IRS in payment of a balance due. Page 74 of the Form 1040 instructions directs taxpayers to put their full SSN on checks.

Response: The SSN Elimination and Reduction program is presently working on mid-to-long-term solutions to address the use of SSNs on checks remitted to IRS in payment of a balance due. To ensure payments are posted to the correct account, we encourage taxpayers to include their SSNs on checks and money orders submitted to the IRS. IRS processes millions of returns and payments each year, including many from taxpayers with the same or similar names. If you are concerned about providing the SSN, you may consider using the Electronic Federal Tax Payment System. EFTPS is a secure alternative to mailing a check.”

Essentially, if you want to be sure that you’re properly credited for any money paid to the IRS, and avoid being labeled a tax evader, you don’t have much of a choice about including your Social Security number on checks and money orders.

The IRS sent 201 million notices to taxpayers during the fiscal year 2009, and most of those mailings included Social Security numbers. Social Security numbers may also appear in more than 500 computers systems and 6,000 internal and external forms. According to the Treasury Department Inspector General, “this is because Social Security numbers are used to associate correspondence and documents with taxpayer accounts.”

The IRS is currently in the process of reviewing their current reliance on Social Security numbers as primary account numbers for all citizens. Some have suggested that we may eventually switch to barcodes, but if this transition ever does take place, it isn’t likely to happen anytime soon.

At present, the IRS, along with many other government agencies and corporations, relies on Social Security numbers and will do so for years to come. This continued reliance will inevitably result in additional data breaches and therefore, more stolen identities.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore their identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

7 Tips To Better Credit Card Security

/in , , , , /by

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures


Live ATM Skimming Video Confiscated

/in , /by

ATM skimming, the top ATM-related crime, accounts for about $350,000 in fraud every day in the United States, exceeding a billion dollars a year.

An organization called EAST, or European ATM Security Team, posted seized video footage from a compromised ATM, depicting the installation of a camera and skimmer. The video shows how criminals collect cardholders’ PINs.  It also shows how easily cardholders can protect their PINs. This must-see video is simple, but says a lot. (You can watch more ATM skimming demonstrations on Extra TV.)

EAST explains, “while the vast majority of ATM transactions are completely secure, criminals do occasionally target cash machines to try to either steal cards (card trapping) or to copy cards (card skimming). In both cases, the criminals need to obtain the 4-digit cardholder PIN to allow for fraudulent cash withdrawal. The video shows criminals installing a micro camera above an ATM PIN pad and then placing a skimming device over the card reader throat. The scenes that follow show cardholders conducting transactions at the ATM and it’s easy to see that the criminals can’t obtain the PIN of those who cover their hand when entering it.”

To help combat this type of crime, ADT has introduced the ADT Anti-Skim ATM Security Solution, which helps prevent and detect skimming on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

When using an ATM, beware of skimming devices. The following cardholder security tips are courtesy of the LINK ATM Scheme.

– Protect your PIN by standing close to the ATM and shielding the key pad with your other hand.

– Check to see if anything looks unusual or suspicious about the ATM. If it appears to have anything stuck onto the card slot or key pad, do not use it. Cancel the transaction and walk away. Never try to remove suspicious devices.

– Be cautious if strangers offer to help you at an ATM, even if your card is stuck or you’re having difficulties. Don’t allow anyone to distract you.

– Where possible, use an ATM which is in clear view and well lit.

– Check that other people in the queue are a reasonable distance away from you.

– Keep you PIN secret. Never reveal it to anyone, even someone who claims to be calling from your bank or a police officer.

– Avoid opening you purse, bag or wallet when you’re in the queue. Put your money away immediately.

– Regularly check your account balance and bank statements, and report any discrepancies to your bank immediately.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss ATM skimming on Fox Boston. (Disclosures)

Caller ID: Tool for Scammers

/in , , /by

Most of us tend to trust the person on the other end of the telephone more than we trust an email in our inbox. However telephone scams continue to plague people and successfully empty the victims bank accounts.

Caller ID spoofing occurs when your phone rings and your caller ID displays a name and number that seem legitimate, but are, in fact, spoofed. The caller has masked his or her true name and number. Most people aren’t aware of caller ID spoofing, and therefore have no reason to question the phone call’s legitimacy.

Caller ID spoofing is often sold as a tool for law enforcement. It can provide a useful disguise if, for instance, a suspect has been withholding child support. But a civilian who suspects a spouse of infidelity might use caller ID spoofing to conduct his or her own investigation. On-call doctors who wish to keep their phone numbers private may need to provide spoofed numbers for clients.

The fraudulent uses for caller ID spoofing vastly outweigh the legitimate ones. Anyone can obtain this technology and pose as law enforcement, a lottery, a charity, a government agency, a credit card company, or anything else that might be lucrative. Abuses of caller ID spoofing have raised hackles with government officials.

Don’t automatically trust the information displayed by you caller ID.

No matter what your caller ID says, never give out personal information over the phone.

If a caller tells you you’ve won something or stand to lose something, tell them you’ll be happy to discuss if further, but that you’ll have to call them back. Then go online, search for a valid number, and call to confirm the details.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another databreach on Fox News. Disclosures

Google Ordered to Name Cyberstalker

/in , , /by

Stalking is about domination. It is one or more persons continually making efforts to control another person’s life and thoughts by paying unwanted attention. Stalking is when someone contacts you when you repeatedly request that they do not. They watch, follow, call, email, text, fax or continually send mail to you after you request they do not. Stalking is psychological terror. Celebrities and everyday people are potential victims of the stalker.

Stalkers become obsessive investigators, interrogators, intimidators and terrorists. Some stalking statistics report almost a million and a half people are being stalked by an ex-boyfriend, ex-girlfriend, ex-husband, ex-wife, estranged husband, estranged wife, secret admirer, or an infatuated mentally unstable individual.

Stalkers make you a prisoner in your own life. They make it known that they know where you have been, whom you have spoken to, what you have done and where you are going next. They insist that they cannot live without you and you cannot live without them.

With today’s technology, stalking has never been easier to stalk and it’s never been easier for stalkers to hide.

Until now.

Information week reports “A New York judge has ordered Google to reveal the identity of a cyberstalker who has anonymously posted video and messages on the Internet. The videos included sexual slurs and damaging information that could affect the woman’s reputation and career.

She was quoted saying “I don’t care about being called names. It was a safety issue. The Internet cannot become a safe haven for harassers and stalkers.”

And how right she is.

Cyberstalking is going away, but finally government and corporations are now thinking progressively and considering victims of these crimes and acting on their behalf accordingly.

Tips:

Set up Google alerts to keep you in tune to any postings of your name.

If something comes up that is in any way threatening report it to the police and develop a paper trail.

Every internet site has some form of “contact us” page that you can submit your concerns too.

If you do not get any response have a lawyer send a letter.

Dogs: this is also a good time to get a vicious dog. With little research a fully-grown Doberman, Pit-bull, German shepherd, Rottweiler or any other dog trained to kill can be a lifesaver. There are many outfits that will rent you a guard dog while you are in jeopardy.

Make sure you notify friends, family, neighbors, co-workers and local businesses who you are a customer of and acquainted with what your situation is and show photos of the stalker. Your circle of relationships might be a significant factor in staying safe.

Self Defense: knowing how to disable an attacker armed or unarmed should be a staple of everyday living. When you are being stalked you are essentially at war and need to understand the fundamentals of armed and unarmed combat. Once you have the tools to debilitate another human being, that’s when you decide if carrying a weapon is appropriate.

Home Security: if there was ever a time to install an alarm, it is when you are being stalked. Make sure it is monitored by local law enforcement and keep it on while you are home during the day and when you sleep at night. Wireless alarms can be installed quickly and there are no phone lines to cut.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Botnets Turn Your PC into A Zombie

/in , , /by

A botnet is a group of Internet-connected personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners. Since the infected PCs are controlled remotely by a single hacker, they are known as bots, robots, or zombies.

Consumers’ and small businesses’ lax security practices are giving scammers a base from which to launch attacks. Hackers use botnets to send spam and phishing emails, and to deliver viruses and other malware.

A botnet can consist of as few as ten PCs, or tens or hundreds of thousands. Millions of personal computers are potentially part of botnets.

Spain-based botnet Mariposa consisted of nearly 13 million zombie PCs in more than 190 countries. Further investigation determined that the botnet included PCs from more than half the Fortune 1000. This botnet’s sole purpose was to gather usernames and passwords for online banking and email services.

There are more than 70 varieties of malware, and while they all operate differently, most are designed to steal data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online, and which does not require advanced hacking skills to operate.

The criminals in this operation ran the Mariposa botnet through anonymous virtual private network servers, making it difficult for law enforcement to trace back to the ringleaders.

The botnet problem persists. PCs that aren’t properly secured are at risk of being turned into zombies. Certain user behaviors can also invite attacks.

Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. Downloading pirated content from P2P (peer-to-peer) websites is also risky. Remember, there is no honor among thieves.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to XP SP3 or Windows 7. Make sure to set your antivirus software to update automatically. Keep your critical security patches up-to-date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Home Security Source: Knowledge Is Definitely Power

/1 Comment/in , , /by

Crime and violence are generally not fun topics to write about or read about. Discussing a bloody home invasion isn’t exactly inspiring, nor does it make good dinner time chat.

Events like these are only “entertaining” when fictionalized in TV and movies and make for a gripping arms length “who dunnit”.

However the fact is these things do happen and sweeping these issues under the rug is no longer an option. For as long as I can remember “personal security” was always one of those misunderstood issues that our parents didn’t have any answers for.

The extent of our safety and security training revolved around “look both ways when you cross the street” and “don’t talk to strangers”. And it pretty much stopped there. For years and years I sought out a comprehensive resource to keep me updated on all issues personal security, however there was none.

And then there was HomeSecuritySource.com. Home Security Source is one of the few online resources with solid information on home and personal safety with new content every day. It’s a community website with the goal to offer the latest information to help homeowners to keep their homes, valuables, and family safe.

Home Security Source is your one stop to learn all about home security.  It’s where you can find information about the latest news, security products, and any information that relates to your safety.  On top of our large (and growing!) information, we also provide local crime maps for your area.

And to top it off I’m contributing all my research from over 20 years alongside stellar industry professionals dedicated to their craft.

It’s important to understand our culture has always been one to trust others and see the good in people.

While this civility has prompted us to get along and live in relative harmony, it also created a negative side effect of people putting the proverbial bedtime “sheet over their heads” so the monsters wouldn’t get them. This head in the sand, “it can’t happen to me” mentality has allowed the bad guy an upper hand for decades.

A change in attitudes is reflected by the success of Home Security Source. People want to know the truth. They feel they need to know their options and how to protect themselves and their families.

Here is an idea on how HomeSecuritySource.com has grown:

When comparing September 2010 data to an average based in the first three months, it’s possible to see:

  • Visits increase of over  400%
  • Page Views increase of over  580%
  • Unique monthly visitors increase of over 480%
  • Over 800 sites have sent traffic to the site.  Thanks to our awesome team of writers, HomeSecuritySource.com is mentioned in popular news and informational  sites

Today more than ever the bad guy knows that you are watching him. His job isn’t as easy as it used to be. Citizens are empowered like never before with the knowledge and tools to take control of their lives and protect themselves and their families. Armed with the Home Security Source, knowledge is definitely power.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Spear Phishers Know Your Name

/in , /by

“Spear phishing” refers to phishing scams that are directed at a specific target. Like when Tom Hanks was stranded on the island in the movie Cast Away. He whittled a spear and targeted specific fish, rather than dropping a line with bait and catching whatever came by. When phishing attacks are directed at company officers or senior executives, it’s called “whaling,” appropriately enough. I don’t know who sits around and coins this stuff but it makes analogical sense.

Spear phishers target their victims in a number of ways.

They may select a specific industry, target specific employees with a specific rank, and pull a ruse that has been successful in the past. For example, a spear phisher might choose a human resources employee whose information is available on the company website. The phisher could then create an email that seems to come from the company’s favorite charity, assuming this information is also available online, requesting that the targeted employee post a donation link on the company’s intranet. If the target falls for the scam, the scammer has now bypassed the company’s firewall. When employees click on the malicious link, the company’s servers will be infected and antivirus software may be overridden.

Lawyers are popular targets, since they are often responsible for holding funds in escrow. A spear phisher might contact a lawyer by name, leading him or her to believe that the scammer is an American businessperson who needs help moving money while overseas.

I was recently targeted in a spear phishing scam, one aimed specifically at professional speakers. The scammers requested that I present a program in England, and once my fee was agreed upon, I was asked to get a “work permit,” which costs $850.

People who are not be targeted based on their professions may be targeted based on their use of social media. Facebook, Twitter and LinkedIn are known playgrounds for spear phishers, who obtain users’ email addresses and create email templates that mimic those sent by the social networking website. Scammers may even weave in names of your contacts, making the ruse appear that much more legitimate.

Knowing how spear phishers operate allows you to understand how to avoid being phished. Never click on links within the body of an email, for any reason. Bypass the links and go directly to the website responsible for the message. Any unsolicited email should be suspect. If you manage employees, test their ability to recognize a phishing email, show them how they got hooked, and then test them again.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. Disclosures

Top 5 Scams to Watch Out For

/in , , , /by

#1 Nigerian Scams: According to a Dutch study, victims of advanced-fee scams, which are also known as 419 scams or Nigerian scams, lost more than $9 billion in 2009, almost 50% more than the previous year. (This PDF contains the statistics from the study.)

While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams were launched from 69 other countries in 2009. Scammers are broadening their targets to include emerging Internet markets, rather than simply targeting English-speaking nations.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. The seller said he had recently moved to Miami, and couldn’t keep his dog due to his new living conditions. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.“

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2, 2010.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component, which gives the phisher full access to the user’s data, including user names and passwords, credit card and bank account details, and Social Security numbers.

Never, ever click on links in the body of an email. There is always a workaround.

Like mom said, if it sounds too good to be true, it probably is. And even if you will never fall for these scams, someone in your life might be a tad more naïve. So educate them.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss job scams on Fox News.(Disclosures)

25 of Americas Most Dangerous Neighborhoods

/in , , , , /by

What’s the point in even knowing what the most 25 dangerous neighborhoods are? For one thing, if you live in one, you may already have a sense of it, but it would be good to know you’re considered high risk and might want to take the extra precautions and batten down the hatches. Plus for those of you who think it can’t happen to you it may be one more reason you should LOCK YOUR DOORS.

If you plan to move, it is always good to understand the crime climate of the environment you are considering. Checking this list and also contacting the local authorities will help give you an idea of what is going on.

Another great way to determine crime climate is the police blotter. If the police blotter mentions lots of violent crimes vs. another town that mentions lots of cats stuck in trees then you know what to expect. For example in Wellesley Massachusetts, a few towns over from where I live the headline in the police blotter is (and I kid you not) “Escaped cow takes to Wellesley streets” Nice.

Otherwise if you travel on business or plan to send a kid to college, knowing the crime climate of any given neighborhood is a good idea.

Chicago took the number one spot. Cleveland second. Then a couple in Vegas, and Atlanta took 4 places and Ohio a few more. So that being said see the 25 Of Americas Most Dangerous Neighborhoods all HERE.

Every family must have a plan for home security and a home security alarm.

Consider a trained German shepherd as a protection dog as well.

Another consideration is a home safe-room also known as a “panic room” where families can hide out in a relatively bullet proof, well stocked room equipped with wireless communications and wait for law enforcement to show up.

Never talk to strangers via an open or screen door. Always talk to them through a locked door.

NEVER let children open the doors. Always require an adult to do it.

Install a 24-hour camera surveillance system. Security cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures