One In Seven Social Security Numbers Are Shared

More than 20 million Americans have multiple Social Security numbers (SSNs) associated with their name in commercial records according to a new study announced in December from ID Analytics, Inc. The study found that rather than serving as a unique identifier, more than 40 million SSNs are associated with multiple people.

6.1 percent of Americans have at least two SSNs associated with their name.  More than 100,000 Americans have five or more SSNs associated with their name.

Dr. Stephen Coggeshall, chief technology officer, at ID Analytics said. “Most of these cases of duplication are likely due to simple data entry errors as opposed to deliberate falsification. Nevertheless, organizations expose themselves and their customers to risk if they solely rely on the SSN to verify an individual.”

ID Analytics analyzed 290 million Social Security numbers, and found that 1 in 7 are associated with more than one name. Anywhere from 3-4 million names are directly used to commit fraud.

MSNBC reported the same study showed 140,000 SSNs are connected to 5 or more people and 27,000 SSNs are connected to 10 or more people.

Some of these secondary SSNs are the result of typos where an administrator may incorrectly enter a digit and then that secondary SSN is now connected to a person’s credit going forward.

In other cases it is deliberate fraud. When the same person is shown using multiple Social Security numbers on purpose then a flag is raised.

Consumers often find out their SSN is compromised as a result of being denied credit or when bill collectors call them for non payment.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on (Disclosures)

Online Credit Applications Ripe For Fraud

We currently rely on easily counterfeited identification, and we transmit credit card applications using the phone, fax, Internet, or snail mail, all of which are relatively anonymous methods.

Fraudulent credit card applications are the most lucrative form of credit card fraud. Identity thieves love credit cards because they are the easiest accounts to open, and they allow thieves to quickly turn data into cash. Meanwhile, consumers don’t find out that credit cards have been opened in their names until they are denied credit or bill collectors start calling.

Identity thieves use any number of tricks to fool banks, retailers, and creditors into approving their online credit applications, extending credit that leaves the creditor on the line for losses.

It doesn’t need to be this way.

Instead of simply verifying the identification provided by fraudulent applicants, newer technologies allow creditors to verify the reputation of the computer or smartphone being used to submit the application. By instantly evaluating a device’s history for criminal activity, creditors can prevent fraudulent transactions.

“In addition to telling businesses that a single device has been involved in fraud, iovation can also determine if that device is associated with bad activity through its associations,” said, Jon Karl, VP of Corporate Development for iovation.  “Beyond fingerprinting and reputation, we provide our clients with early warnings about devices visiting their website in real-time, based on the behavior of devices and accounts associated with that device.”

Device fingerprinting and device reputation analysis help identify bad guys during the application process, allowing creditors to avoid more expensive solutions.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosure)

Lost or Stolen Mobile Can Lead to Identity Theft

We lose stuff. You put something down, you get distracted, you forget about it and it’s gone. Stuff falls out of pockets and bags all the time. I’m one of those people that’s so smart, I’m stupid and absent  minded when it comes to my stuff. Where’s my wallet, where my keys, where’s my phone? After 40+ years I have a system of where I put my stuff, but it’s far from perfect.

At Oktoberfest many smart stupid people lost stuff including 410 wallets, 4 wedding rings, 1 toaster, 1 set of dentures, 1 prosthetic leg and 320 mobile phones. I could easily be a one legged, toothless, ringless mess who lost his mobile and wallet.

That’d be me hoppin around trying to make a call worried if my wife would be more upset I lost my leg or ring. NO MORE OKTOBERFEST FOR YOU!

While wallets are problematic, phones are the biggest issue here. Number of phones left in taxis every 6 months = 3 per taxi. Number of phones stolen in London alone = 120,000 a year!!!

Your phones transmit almost 17 billion texts per day, then 52% of us store passwords on our phones, 87.5 million of us bank on our phones and I bet even more of us have naked pictures on there… of our pets.

Much of this loser-ness can lead to identity theft if that mobile falls into the wrong hands.

So what are your options for protecting your digital life extension?

Invest in a service that locates, locks, wipes and when you get a new phone, restores your data.

McAfee WaveSecure will:

# Remotely lock down your device. Wipe out important data stored on your mobile to protect your privacy

# Back up your data from your phone or remotely on the web. Access your data online from anywhere. Restore your data to a new phone

# Locate your lost phone and plot the locations on a map. Track SIM cards inserted and phone calls made to help get your lost phone back

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on (Disclosures)

Fake Cops Home Invasion — Respecting Vs. Trusting

We live in a society that has many rules. We need rules because without rule, we’d devolve into chaos. Those rules are often broken by those who believe they are above them or are simply so desperate that they need to break them to get their next fix.

Some of these rules are more “guidelines” than they are law. One rule that makes it difficult for us to see the truth sometimes is “respect authority”. Authority is generally granted to those in a trusted position and comes in many forms such as a teacher, coach, politician, priest and law enforcement.

Unfortunately, those given the responsibility of authority are human, and humans are flawed, and too often when put in a position of power and authority they abuse it or simply can’t’ handle it.

In the past 24 hours in the news, I’ve seen a teacher who fought a kid, a cop who lost his badge, a politician so full of himself he sent semi-clad pictures of himself to a woman not his wife, and a confession by clergy to stop abuse.

This brings me to my point:

Home invasion by three men dressed as cops: “The trio turned up at a house dressed as police officers and claiming to have a search warrant, all black clothing with bullet-proof vests, even pulled up to the home in a vehicle that had a red flashing light and a siren, police said. Once inside, they used plastic ties to handcuff the six occupants and locked them in a room in the basement, police said. The fake cops then ransacked the home in search of cash. Several hours later, when the bandits had fled, the victims managed to free themselves and set of a house alarm.”

It is important to respect the position of the title. Everyone deserves some respect until they don’t. But, to blindly trust the person behind the title/uniform/badge etc, can get you hurt.

To question authority is not to revolt, but to decide for yourself if they should be trusted. And if your home alarm is on all day while you are home as it should be, and someone knocks on the door for any reason, contact a supervisor to confirm the legitimacy of the visit.

Don’t just trust. Trust needs to be earned.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.

Identity Theft Strikes Local Couple – Again

When someone works under your name, it can cause lots of headaches and sometimes results in financial loss. One common loss is the time lost in clearing up the employment fraud, and as we know, time is money. reports that when a couple applied for public assistance at a local government office, they discovered that someone has used their personal information to obtain a job in Ohio.  In fact, their personal info, including Social Security Number (SSN), had been used several times between 2003 and 2009 to collect paychecks from various companies in Connecticut, New Jersey and Minnesota.

Why would someone work under your identity instead of their own?  They may use your SSN and identity for any number of reasons: running from the law, evading taxes, or an illegal immigrant seeking a job.

The Social Security Number is currently as our national identification card – even though it’s not supposed to be used for identification.  A 1998 NY Times article states: WASHINGTON— For many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identification.” That assurance rings hollow today. Congress has authorized so many uses of the nine-digit number, and Americans use it for so many unauthorized purposes, that it has just about become a national identifier.

Today your social security number is connected to everything.

Identity theft protection will not prevent employment fraud. However having a fraud resolution agent assist in identity theft restoration is an invaluable asset. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on (Disclosures)

Survey Shows “Account Takeover Fraud” Drops

Account takeover happens when your existing bank or credit card accounts are infiltrated and money is siphoned out. A hacked account or stolen credit card is often to blame.

The drop in account takeover may be due in part to a few different things.

Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.

PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.

Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year.

Javelin reports “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

If device reputation was integrated at the “profile update / account update” website integration point, a flag would go up when:

– Too many devices are accessing the account (the business has a predetermined threshold)

– Too many countries are accessing the account (Ex: a United States account is being accessed from Ghana)

– A non-allowed country accesses the account (Your United States-only dating site just had devices from Russia and Romania trying to get into accounts, but it’s blocked automatically with customized business rules.)

It’s no secret that it’s often a few bad apples that upset the bunch. Here’s where the 90/10 rule applies. 90% of people are honest whereas maybe 10% aren’t. And it’s the 10% that do 90% of the stealing.  Device reputation knows who is good and who isn’t. Identity thieves are stopped cold and can’t use the hacked data to commit fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Donate To A Trusted Cause This Winter

Just appease me on this post. Please.

Can you call yourself a “philanthropist”? The definition of philanthropy is “a friend to humanity”.  Are you a friend to humanity? Are you? Think about it.

If you’ve never watched Schindlers List, or haven’t watched it in the past 10 years, do what you need to consume this great film right now and absorb its lessons.

No matter whom you are or what you do, your life to some degree has some repetition that involves some form of a grind that can detract from seeing what is most important.

In the northeast, we are going thru a winter unlike one I’ve seen since I was a kid. The news is filled with people complaining about winter.  Whatever.

If you’re “suffering” through a harsh winter, do what I’m doing, don’t fight it, build and ice skating rink in your back yard. And give all the coats in your closet that you don’t use to a homeless shelter.

When people complain, it is due 100% to a lack of perspective. Perspective is knowing that it could be worse, it’s embracing gratitude, it’s knowing that there are millions without, while you are with.

Tithing: paying forward and expecting nothing in return. Tithing contributes to philanthropy.  When was the last time you gave?  When was the last time you received an email to make a donation to whatever cause and you didn’t because things are too tight? No matter how tight, I can guarantee whatever cause that person was donating their time to was for people who are far more disadvantaged than you are.

Next time that email comes in or the call from a trusted source that needs a contribution, please give $25/50/100 or more, and make a difference. Humanity needs you.

Robert Siciliano personal and home security specialist to Home Security Source discussing sharing too much information online on Fox News.

Home Security Isn’t Conformity

In a recent post I discussed an opportunity I had working with a TV journalist on home security. When we discussed “signage” as a layer of protection I recommended he install some in addition to the existing home alarm that he has. A “Beware of Dog” sign is a favorite of mine.

He responded by saying he lived on a cul-de-sac and it’s really nice and there isn’t a lot of traffic or crime there. He further said he’d be the only one in the neighborhood with the sign and it wouldn’t look right.

I responded by saying “That’s the point. You don’t want to conform. You want to stick out like a sore thumb and say “YOU DON’T WANT TO ROB ME BECAUSE IT WILL BE VERY DIFFICULT AND YOU WILL GET CAUGHT OR POSSIBLY HURT!”

A home alarm, signage, security cameras, a dog, spiky fencing, etc, are all deterrents. And, when the bad guys come down your cul-de-sac, and they will, and they see 10 houses that are all nice and manicured and one of them sticks out like that sore thumb and says “FORGET THE DOG, BEWARE OF OWNER”, then they choose your neighbor instead of you.

Unfortunately, there always has been, there is, and there always will be bad guys looking for another target. You don’t need to be that target if you put systems in place to deter the bad guy.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

What is New Account Fraud?

As long as identity thieves continue to breach databases and steal Social Security numbers, new account fraud will plague the public.

New account fraud refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Variations on new account fraud include:

Utility fraud, in which the identity thief opens new utility accounts, such as gas, electric, phone, or cable, in the victim’s name, accounts for as much as 20% of all instances of identity theft.

Loan fraud accounts for approximately 10% of instances of identity theft. In order to obtain a loan of any kind, applicants are nearly always required to provide a Social Security number.

Credit card fraud is the most lucrative type of new account fraud, and the most prevalent, accounting for almost half of all identity theft cases. Simply put, identity thieves love credit cards because they are the easiest accounts to open, and they can quickly be turned into cash.

The availability of instant credit means instant identity theft. Identity thieves froth at the mouth when they obtain personal identification information and are in range of a major retailer.

An identity theft protection service can help mitigate the risk of new account fraud by monitoring your credit for new account activity, as well as by monitoring the Internet for your personal information.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place.

According to Scott Waddell, Vice President of Technology at iovation Inc., “iovation sees identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials.  What might typically look like one transaction to a single business is often a shotgun attack across our globally shared view.  One device may be opening a new credit card account, then going to an online retailer, then applying for instant credit all within minutes, and iovation can detect that through velocity triggers and shared experience across subscribers to alert the affected businesses and thwart the attacks. That’s great for the protected businesses and for the consumers who would otherwise be dealing with fraudulent charges made under their identities.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Social Security Numbers as National IDs on Fox News. (Disclosures)

Be Aware Online Daters – Romance Scams & Threats

With Valentine’s Day around the corner, many single people return to thoughts of finding love online.   But while your head is in the online clouds, you should know – and sorry to sound like a parent – that cyberscammers may be there with you looking to take advantage of your vulnerable heart.

To help you stay safe on Valentine’s Day and year-round, here is a look at some of the top romance scams and threats, followed by safety tips in honor of your heart:

1) Online Dating ScamsMillions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.

2) Love Exploits—These threats have you looking for love in all the wrong places—like dangerous websites designed to steal your information. One recent example of this is the Koobface worm, which targeted users by sending messages that appeared to be from other users, inviting them to look at photos and videos on a look-a-like site. When users tried to log in to the malicious site, it recorded their usernames and passwords and attempted to install a Trojan.

3) Valentine’s Day Spam & eCards–Scammers know that the holidays are the perfect time to send out themed messages and eCards, knowing they will grab your attention. Spam messages with subject lines such as “The Perfect Valentine’s Day Gift” may contain a link to a dangerous website that asks for personal information. And, a message that appears to be an eCard from a loved one could actually download malware on your machine when you click on the link, leaving you with an infection, rather than affection.

In Honor of Your Heart – How To Stay Safe

  • When signing up for online dating, go with a well-known dating site and get referrals from friends on which sites they use
  • Design your dating profile with care—think about the image you want to project and NEVER, under any circumstance, post personal information, such as your full name, address and phone number
  • Vet potential dates by checking to see that their profile information matches other online information, such as their LinkedIn or Spokeo profile
  • If a potential date asks you for a loan or any financial information, immediately report them to the dating site
  • NEVER EVER click on links in emails or eCards from people you do not know – if you don’t trust it, DO NOT click it
  • To help protect you from malware, use a comprehensive security software, such as McAfee Total Protection, and keep it up-to-date

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing discusses Safe Personal Dating on Tyra. (Disclosures)