Identity Theft Part 2 – 5 More Identity Theft Myths Unveiled

/in , , /by

#1 Publically available information is not valuable to an identity thief.

If I was an identity thief I’d start with the phone book. All information about you is of value to an identity thief. The bad guy gathers as much intelligence about you as possible. Once they get enough data to become you they are off and running. The breadcrumbs we leave behind and the information we post is all used to help them gather a complete profile.

#2 Shredding will protect me.

Shredding will keep some of your data out of the hands of a dumpster diver. But when your information is hacked because someone like your bank was hacked or your mortgage broker threw it away, you are vulnerable. While you should still shred, you should also invest in identity theft protection and a credit freeze.

#3 I don’t use the Internet, I pay in cash, my credit stinks, so I am safe.

Wrongo bongo. While you may not use the internet, others that have your information in their internet connected databases make it vulnerable. Using credit cards doesn’t mean your identity is at risk or using cash means you are any less at risk. Credit card fraud isn’t identity theft. It’s credit card fraud. Just call the credit cards issuing bank and refute the charges within 60 days and you are fine. Bad credit just means not all lenders will grant you credit. Everyone with a SSN, a pulse and even some who are dead are vulnerable.

#4 My privacy settings in social media sites are locked down, so I am safe.

Negative. The mere fact you are sharing personal identifying information of any kind with anyone online means you are at risk. Anyone who you are connected to is a potential leak, whether you know them or not. If you tell a secret to one person, you are vulnerable. If you tell it to 250 people, the secret is out. Never share information in social media that could be used to crack the code of a password reset.

#5 Shopping or banking online isn’t secure.

It all depends. More than likely the etailer or bank where you do business is more secure than your PC. It is often the consumer who is the path of least resistance to fraud. As long as your PC is secured with updated antivirus and spyware protection then you should be fine. Always look for httpS:// in the address bar. The “S” means it’s a more secure site.

Robert Siciliano personal security expert to Home Security Source presenting 20 slides on identity theft at 20 seconds each to the National Speakers Association. Disclosures.

Part 1 of Identity Theft – 5 Identity Theft Myths Unveiled

/in , , , /by

#1 You can’t protect yourself from identity theft.

Some, not all Identity theft is preventable. There are many things people can do to minimize their risk, both online and offline. Shred anything that has names and account numbers or any other data that can be used to con someone else into divulging even more information. Keep financial records protected and private in a locking file cabinet at home or protected PC. Opt out of junk mail. Invest in an identity theft protection service and get a credit freeze.

#2 Identity theft is only a financial crime.

There is also medical identity theft when someone poses as you to get medical attention, criminal identity theft when the thief commits crimes under your identity. There is also employment fraud when they use your SSN to get a job and identity cloning when the thief is simply trying to evade the law or others by posing as you in plain sight.

#3 Technology and computers are why identity theft is so big.

Certainly data breaches are responsible for some identity theft. However, low tech identity theft is the bigger problem. A lost or stolen wallet, checkbook, or a debit or credit card handed over to a clerk or information tossed in the trash are all the most prevalent ways your identity is jacked.

#4 Caller ID is safe.

Caller IDs are easily spoofed with technology that allows the bad guy to change what shows up on your handset. First, no matter who calls, never giver personal information over the phone if you stand to gain or lose something or if the caller states your data was lost in a computer crash. Always use the phonebook or look up the number online and call them back.

#5 Checking your credit report protects you from identity theft.

I’ve always though thought this was silly advice. Checking your credit report just tells you if your identity has been stolen. But you should still check your credit report as often as possible. Some identity theft protection services let you check it every day. I’d check it monthly if you have the option.

Robert Siciliano personal security expert to Home Security Source discussing identity theft on YouTube. Disclosures.

National Protect Your Identity Week is October 17-23

/in , , , /by

The first decade of the new millennium is almost over, another year has passed and by my estimates identity theft as we know it is not getting any better, it is getting worse. I’m a big believer in the fundamentals and some things just can’t be said any other way, and to remind you I’m taking a page from a post from an entire year ago because it is absolutely essential that you – the public, corporations, associations and government agencies, all take responsibility and do what is necessary to protect yourself, your clients and your constituents.

Identity theft isn’t going away any time soon and therefore it is essential that you consume as much information to educate yourself, inform others and prevent identity theft from happening under your watch. Like any problem that we may face in life, we do our best to find a speedy and efficient solution. However identity theft is one of those problems that acts like a 10 headed monster that we keep chopping the head off but it keeps growing a new head, a new leg and a new arm.

Because we are a persistent and resilient people, and we never ever give up, we will prevail. The National Foundation for Credit Counseling has created National Protect Your Identity Week from October 17-23 to create awareness and provide information. The solution requires a coordinated effort between every single citizen, company and government official to see the big picture and to do what’s right and put the necessary systems in place that prevent the bad guy from doing his job. The solutions are near. Some of them are already in place. It’s just a matter of everyone getting on the same page and coming to an agreement.

Understand there has always been, and will always be a criminal element looking to take from those who have. The bad guy (and gal) persistently looks for their next victim all day, every day. Your job is to become informed and know what it means to become a tougher target. And in the meantime those who are responsible on a higher level to protect us, and our critical infrastructures, methods of commerce, and ways in which we identify ourselves will continue to work on the big stuff. But they need you to be aware and alert and actively participate in the process. We are all in this together.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Become an expert in identity theft and information security. Be the go-to-person in your home or organization who has all the answers to the problem.

A number of national organizations are also putting their weight behind this initiative, joining the NFCC and BBB as Supporting PYIW Coalition Members.  This Coalition includes: American Bankers Association Education Foundation, American Financial Services Association Education Foundation, American Payroll Association, Consumer Action, Consumer Data Industry Association, Consumer Federation of America, Credit Union National Association, Federal Reserve Board, Federal Trade Commission, FICO, Foundation for Financial Planning, Identity Theft Assistance Center, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Association of Triads, National Council of La Raza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriffs’ Association, the Office of the Comptroller of the Currency and the Social Security Administration.

Robert Siciliano personal security expert to  Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

McAfee Reveals the Top Ten Most Dangerous Places to Leave Your Social Security Number

/in /by

Universities/Colleges are the Riskiest

Research conducted by Robert Siciliano, Identity Theft expert, on behalf of McAfee

Cases of identity theft are skyrocketing, and 32% of all ID theft victims had their social security number compromised according to Javelin’s 2010 Identity Fraud Survey Report.  In honor of National Identity Protection week, McAfee set out to reveal the most dangerous places to leave your social security number.

When your Social Security number is used to commit fraud, it feels very personal. It can take hundreds of hours and sometimes thousands of dollars to rectify this violation.

Criminals find these crucial nine digits on discarded files in dumpsters, inside an organizations’ file cabinets, in any of the hundreds of databases maintained by government, corporate, and educational institutions, or even in public records, which are freely accessible on the Internet.

Robert Siciliano, on behalf of McAfee,  analyzed data breaches published by the Identity Theft Resource CenterPrivacy Rights Clearinghouse and the Open Security Foundation that involved Social Security number breaches from January 2009 – October 2010 to reveal the riskiest places to lose your ID.

The top 10 most dangerous places to give out your Social Security number are:

#1 – Universities/Colleges (108)

#2 – Banking/Financial Institutions (96)

#3 – Hospitals (71)

#4 – State Governments (57)

#5 – Local Governments (44)

#6 – Federal Governments (33)

#7 – Medical Businesses (27) (Please note: These are businesses that concentrate on services and products for the medical field such as distributers of diabetes or dialysis supplies, medical billing services, pharmaceutical companies, etc.)

#8 – Non-Profit Organizations (23)

#9 – Technology Companies (22)

#10 (tied) – Medical Insurance and Medical Offices/Clinics (21)


Your Social Security Number is Your National ID

For the past 70 years, the Social Security number has become our de facto national ID. The numbers were first issued in the 1930s to track income for Social Security benefits. But functionality creep, which occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform, soon took effect.

Here we are, decades later, and the Social Security number has become the key to the kingdom. You’re forced to disclose your Social Security number regularly, and it appears in hundreds or even thousands of files, records, and databases, accessible to an untold number of people.

What’s the danger of it getting into the wrong hands? Anyone who does access your Social Security number can use it to impersonate you in a hospital, bank, or just about anywhere else.

Hackers are Getting the Key to your Credit

Any organization that extends any form of credit is going to need your name, address, date of birth, and Social Security number in order to verify your identity and run a credit check. This means hospitals, insurers, banks, credit card companies, car dealerships and other retailers, and even video rental stores.

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped.

When should you provide your Social Security number, and when should you refuse?

According to the Social Security Administration, you should:

1. Show your card to your employer when you start a job so your records are correct

2. Provide your Social Security number to your financial institution(s) for tax reporting purposes

3. Keep your card and any other document that shows your Social Security number on it in a safe place

4. DO NOT routinely carry your card or other documents that display your number

But beyond that they have no advice and frankly, no authority.

A federal law, 42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), enacted in 1996, determines when the numbers should be used. The law requires Social Security numbers to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

What happens when you refuse to give out your Social Security number?

–  Many people refuse, and quickly discover that this creates a number of hurdles that must be overcome in order to obtain services. A demand may be made that you, the customer, jump through a series of inconvenient hoops.

– Most customers are denied the service altogether, and from what we can tell, this is perfectly legal.

– When faced with either option, most people give up, and hand-over their number.

These organizations often state the Social Security number requirement in their terms of service, which you must sign in order to do business with them. They acquire this data for their own protection, since by making a concerted effort to verify the identities of their customers, they establish a degree of accountability. Otherwise, anyone could pose as anyone else without consequence.

Although I’d rather not, I frequently provide my Social Security number. But I do take steps to protect myself, or at least to reduce my vulnerability.

Tips To Protect Yourself:

1. In honor of National Protect Your Identity Week (October 17-23, 2010)check your credit report this week using a reputable firm such as, Experian, and set reminders every three months to review it again.

2. You can refuse to provide your Social Security number.

3. Invest in an identity protection service. Because there are times you cannot withhold your Social Security number, an identity protection service can monitor your bank information and your personal ID.  McAfee® Identity Protection (CounterIdentityTheft.com) will alert you, help prevent loss of personal information, allows unlimited checks of your credit, credit monitoring, scanning of the internet and identity fraud resolution.

4. Securely dispose of mail. The standard advice is to thoroughly shred preapproved credit card offers and anything that includes any account information. While this is good advice and should be heeded, it’s not going to protect you when your bank or mortgage company or utility provider tosses your information in a dumpster that is subsequently raided by identity thieves.

5. Opt out of junk mail and preapproved credit card offers. This is good advice and can be done at OptOutPrescreen.com. However, even if you opt out of new offers, others will still arrive. It’s inevitable. You also need to get a locking mailbox, but that still won’t fully protect you.

6. Lock down your PC. McAfee Total Protection™ software is the most comprehensive security tool to protect your computers data.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing Social Security Numbers as National IDs on Fox News. (Disclosures)

Mobile Phone Security Under Attack

/in , , , /by

As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for content creators’ latest innovations, which often require more and more device access. As applications and other content are more widely distributed, security breaches will be inevitable.

The speed of technological advancement and the demand for new products and services make mobile phones particularly vulnerable. In some countries, almost all banking takes place with the use of phones.

Spyware, which was created as a legitimate technology for PCs, further complicates matters. Spyware can track and record social networking activities, online searches, chats, instant messages, emails, keystrokes, websites visited, and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. When a PC or phone becomes infected with spyware, all the data on that PC or phone is immediately compromised.

Mobile phone spyware is relatively new, and is quickly grabbing headlines. As PCs shrink to the size of a smartphone, spyware continues to evolve. This software records nearly everything a person does on a phone. Some spyware programs can record everything in a video file that can then be accessed remotely.

Spyware can be installed on your cell phone remotely or directly. To protect your phone, never click on links in texts or emails, since these links may actually point toward malicious downloads. Keep your phone with you, don’t let it out of your sight, and don’t share it with others. Make sure your phone requires a password, as this makes it more difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the phone’s operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss mobile phone spyware on Good Morning America(Disclosures)

5 Sneaky Credit Card Scams

/in , /by

#1 Phone Fraud. The phone rings, a scammer poses as your banks fraud department. They may have your entire card number stolen from another source. They ask about a charge made and you deny the charge, but in order for the charge to be removed, they need your 3-4 digits CVV number off the front or back of the card. A variation may be they only have the last 4 digits found on a receipt or statement you threw away. They can also use the same ruse to get the full 16 digits from you.

#2 Clever Clerk. You hand your card to a sales clerk, waiter or waitress and they have a card reading wedge device that looks like this. The device may be wrapped around a band on their ankle. They bend over and make it look like they are fixing a sock, once they swipe the card through, they can make charges on your card.

#3 The Loop. You’re at an ATM that isn’t cooperating. Some nice guy injects himself into the scene to help you. During the process he watches you enter your pin. After another attempt the ATM eats your card. After you leave all upset, he pulls the card from the ATMs card slot using a loop of VHS tape he jammed inside the machine.

#4 Risky Retailer. When searching for something on the web you come across a website with a great deal. In the process of ordering they inform you a discount is available along with a free trial of another product. Thinking you just made out on the deal you take the bait. Next thing you know your card is charged every month and the company makes it very difficult to cancel the charges.

#5 Cell Snap. While buying something at a store you swipe your card through the point of sale terminal. If you are using a debit card you also need to punch your PIN into the keypad. The guy one or two people behind you filmed the entire transaction including your PIN on his mobile phone.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Just One Day in the Boston Globe

/in , , , , , /by

Sometimes all you can do is shake your head and wonder how we have managed to get this far as a species. Scanning today’s paper I couldn’t help but notice the total mayhem that makes up one day of news. I bring this to your attention not to sensationalize or provide the “bad news” but to make you grateful for what you have and hopefully motivate you to go out and do something positive to help your community. It also might make you think twice about your personal safety.

October 6th 2010:

Hundreds mourn victim of Mattapan shootings

Simba Martin’s family huddled around his shiny, pewter-colored casket yesterday morning, their cries of grief filling the small red-brick church on Highland Street. Near the altar, a female relative shouted “why’’ repeatedly as she slumped in the embrace of a family member.

Death of Vt. woman is called a homicide

WATERBURY, Vt. — A body found in the woods Sunday by two bird hunters has been identified as that of a missing 78-year-old woman, and police called it a homicide yesterday.

Judge sets rules for N.H. slaying trial

CONCORD, N.H. — Three men who have acknowledged their roles in a deadly home invasion in which a woman and her daughter were stabbed and slashed dozens of times will be allowed to testify about the plot leading up it, a judge says.

Onetime serial arson suspect accused of setting office on fire

PLYMOUTH — A Brockton man who decades ago was a prime suspect in the torching of dozens of churches, VFW posts, and other buildings in the area south of Boston was accused yesterday of setting fire to a federal probation office Monday night.

Man allegedly stole more items from grandmother after theft

A Braintree grandmother’s house was robbed Monday afternoon, and police said that as they arrived to investigate, the victim’s grandson stole more items and tried to have a friend pawn them while blaming it on the original burglar.

1 student robbed, 1 nearly abducted

One Bay State College student was robbed and another was the victim of an attempted abduction in two separate incidents yesterday afternoon, police said. Boston police spokesman David Estrada said that at about 2:30 p.m. an 18-year-old student was walking out of a Subway restaurant on St. James Street when he was robbed by a man armed with a knife.

Man ordered held in statutory rape case

A 31-year-old Tewksbury man accused of raping a 14-year-old girl in August after sending her sexually charged text messages for a month pleaded not guilty yesterday, officials said.

Man sentenced for trying to lure teen

A Dorchester man already convicted of sex offenses against children was sentenced to up to five years in state prison and 10 years’ probation Monday for attempting to lure a 13-year-old girl who was on her way to school in 2009

Man convicted of killing three in 2007 Conn. home invasion

NEW HAVEN — A paroled burglar was convicted yesterday of killing a woman and her two daughters in a 2007 home invasion in an affluent Connecticut town and now could be sentenced to death.

Wow. Nuts! It can be a mad, mad, mad world sometimes. But being kind to someone takes less effort than being evil. Choose wisely. And please, think about home security and what systems need to be in place to protect your family.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Seminar to Feature ISECOM’s OSSTMM v3

/in /by

Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC.

Pete rarely gets to the US, so this is a unique opportunity for security professionals to have an open discussion with him about trust-based security models and how to apply sound logic to securing and testing web applications.

“About 5 years ago, while searching for any existing methodologies, I stumbled across ISECOM and the Open Source Security Testing Methodology Manual. It changed the way my company and I engaged with clients at every angle,” Michael Menefee of WireHead Security recently wrote.

“As a security consultant, I’ve always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client’s network or business,” Menefee stated. “This would, of course, require both a data collection methodology as well as a reporting methodology in order to work properly.”

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics, and the test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

On the origins of the OSSTMM, Pete Herzog wrote that, “in the research for factual security metrics, factual trust metrics and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards. Risk stuck us into a never-ending game of cat and mouse with the threats.”

“Beginning with version 3, the OSSTMM is no longer just about security testing. The break-throughs we’ve had in security had us re-visit how we work with security. This includes risk assessments.”

Christoph Baumgartner, CEO of OneConsult GmbH in Switzerland – whose firm has been using the OSSTMM methodology since its inception – recently commented on the value proposition the methodology standard offers, stating that, “the most important aspect is that we have an easier time keeping our clients. Most of the companies and organizations which order security audits on a regularly basis are fairly well organized and have a strong interest in gaining and keeping an adequate level of security.”

“Having the attack surface metrics, the ravs, means that they can watch trends and keep a close eye on how changes in operations affect their security directly. I can definitely confirm that many of our clients who have to change the supplier for security policy reasons expect their future suppliers to apply the OSSTMM.”

OSSTMM was developed by the Institute for Security and Open Methodologies (ISECOM), a non-profit collaborative community established in January 2001.

ISECOM is dedicated to providing practical security awareness, research, certification and project support services for non-partisan and vendor-neutral projects to assure their training programs, standards, and best practices are truly neutral of national or commercial influence.

Be On The Pulse of Your Home Security

/in , , , , /by

Being on top of what is new and ahead of what is next in technology has always been my thing. I had a beeper the size of a pack of cigarettes and a mobile phone bigger than a shoe box.  I’m somewhat of a gadget geek. I like new and shiny. However, when it comes to all these new technologies I am far from a first adopter.

First adopters are the ones who camp out overnight, wait in line and generally spend lots of money on something not ready for prime time. Sometimes there are flaws with new technologies that need to be worked out before you should get involved in them. My suggestion is to always let others make the mistakes and learn from them, and then you benefit from what they went through.

When it comes to home security and home automation, there have been many innovations in these technologies, most of the mistakes have been made and lots of them have gone the way of the wooden nickel.  ADT has taken their time and carefully orchestrated the best of the best technology and combined home security and home automation and created ADT Pulse. This is a “ready for prime time” technology that has learned from everyone else’s mistakes.

ADT Pulse is a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home.

Connectivity and interactivity are driving the way people live and manage their homes.  ADT Pulse provides customers with anywhere, anytime access to their home via smart phones or personal computers, including an iPhone application to:

  • Arm and disarm their home security system.
  • Get notified of alarms and selected events via email and text messages as well as video clips.
  • View their home through cameras and watch secure real-time video or stored video clips of events from monitored areas of the home.
  • Access lights and appliances or set schedules to automate them.

All of these options have been around for years, but nobody has gotten them right until now. If you travel for business, have a vacation home, go away for the weekend or simply want to check in while you are at school or work, this technology is for you.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Five Ways Identities Are Stolen Online

/in , , , , /by

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

There are several motives for this type of theft, but the most prevalent is to steal identities. Your identity is your most valuable asset, but most consumers lack the time, knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments.

Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. As they say, the bigger they are, the harder they fall. Never click links in emails, even if they appear to come from a bank or other trustworthy source. Instead, type the address in manually or use a bookmark.

P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Obama’s helicopter plans, security details, and notes on Congressional depositions have all been leaked on government-controlled computers via P2P. You should set administrative privileges to prevent the installation of P2P software.

Social Networking: One of the easiest ways into a company’s networks is through social media. Social networking websites have grown too big, too fast, and can’t keep up with security. Criminals know exactly how to take advantage of this, so create policies and procedures that outline appropriate use, and beware of social networking scams.

Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Use antivirus software to protect your PC and your data.

Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. Every browser requires software to view PDFs and many websites either link to PDFs or incorporate Adobe Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss P2P file sharing on Fox News. (Disclosures)