Identity Theft Strikes Local Couple – Again

When someone works under your name, it can cause lots of headaches and sometimes results in financial loss. One common loss is the time lost in clearing up the employment fraud, and as we know, time is money.

Lancasteronline.com reports that when a couple applied for public assistance at a local government office, they discovered that someone has used their personal information to obtain a job in Ohio.  In fact, their personal info, including Social Security Number (SSN), had been used several times between 2003 and 2009 to collect paychecks from various companies in Connecticut, New Jersey and Minnesota.

Why would someone work under your identity instead of their own?  They may use your SSN and identity for any number of reasons: running from the law, evading taxes, or an illegal immigrant seeking a job.

The Social Security Number is currently as our national identification card – even though it’s not supposed to be used for identification.  A 1998 NY Times article states: WASHINGTON— For many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identification.” That assurance rings hollow today. Congress has authorized so many uses of the nine-digit number, and Americans use it for so many unauthorized purposes, that it has just about become a national identifier.

Today your social security number is connected to everything.

Identity theft protection will not prevent employment fraud. However having a fraud resolution agent assist in identity theft restoration is an invaluable asset. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Survey Shows “Account Takeover Fraud” Drops

Account takeover happens when your existing bank or credit card accounts are infiltrated and money is siphoned out. A hacked account or stolen credit card is often to blame.

The drop in account takeover may be due in part to a few different things.

Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.

PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.

Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year.

Javelin reports “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

If device reputation was integrated at the “profile update / account update” website integration point, a flag would go up when:

– Too many devices are accessing the account (the business has a predetermined threshold)

– Too many countries are accessing the account (Ex: a United States account is being accessed from Ghana)

– A non-allowed country accesses the account (Your United States-only dating site just had devices from Russia and Romania trying to get into accounts, but it’s blocked automatically with customized business rules.)

It’s no secret that it’s often a few bad apples that upset the bunch. Here’s where the 90/10 rule applies. 90% of people are honest whereas maybe 10% aren’t. And it’s the 10% that do 90% of the stealing.  Device reputation knows who is good and who isn’t. Identity thieves are stopped cold and can’t use the hacked data to commit fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Donate To A Trusted Cause This Winter

Just appease me on this post. Please.

Can you call yourself a “philanthropist”? The definition of philanthropy is “a friend to humanity”.  Are you a friend to humanity? Are you? Think about it.

If you’ve never watched Schindlers List, or haven’t watched it in the past 10 years, do what you need to consume this great film right now and absorb its lessons.

No matter whom you are or what you do, your life to some degree has some repetition that involves some form of a grind that can detract from seeing what is most important.

In the northeast, we are going thru a winter unlike one I’ve seen since I was a kid. The news is filled with people complaining about winter.  Whatever.

If you’re “suffering” through a harsh winter, do what I’m doing, don’t fight it, build and ice skating rink in your back yard. And give all the coats in your closet that you don’t use to a homeless shelter.

When people complain, it is due 100% to a lack of perspective. Perspective is knowing that it could be worse, it’s embracing gratitude, it’s knowing that there are millions without, while you are with.

Tithing: paying forward and expecting nothing in return. Tithing contributes to philanthropy.  When was the last time you gave?  When was the last time you received an email to make a donation to whatever cause and you didn’t because things are too tight? No matter how tight, I can guarantee whatever cause that person was donating their time to was for people who are far more disadvantaged than you are.

Next time that email comes in or the call from a trusted source that needs a contribution, please give $25/50/100 or more, and make a difference. Humanity needs you.

Robert Siciliano personal and home security specialist to Home Security Source discussing sharing too much information online on Fox News.

Home Security Isn’t Conformity

In a recent post I discussed an opportunity I had working with a TV journalist on home security. When we discussed “signage” as a layer of protection I recommended he install some in addition to the existing home alarm that he has. A “Beware of Dog” sign is a favorite of mine.

He responded by saying he lived on a cul-de-sac and it’s really nice and there isn’t a lot of traffic or crime there. He further said he’d be the only one in the neighborhood with the sign and it wouldn’t look right.

I responded by saying “That’s the point. You don’t want to conform. You want to stick out like a sore thumb and say “YOU DON’T WANT TO ROB ME BECAUSE IT WILL BE VERY DIFFICULT AND YOU WILL GET CAUGHT OR POSSIBLY HURT!”

A home alarm, signage, security cameras, a dog, spiky fencing, etc, are all deterrents. And, when the bad guys come down your cul-de-sac, and they will, and they see 10 houses that are all nice and manicured and one of them sticks out like that sore thumb and says “FORGET THE DOG, BEWARE OF OWNER”, then they choose your neighbor instead of you.

Unfortunately, there always has been, there is, and there always will be bad guys looking for another target. You don’t need to be that target if you put systems in place to deter the bad guy.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

What is New Account Fraud?

As long as identity thieves continue to breach databases and steal Social Security numbers, new account fraud will plague the public.

New account fraud refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Variations on new account fraud include:

Utility fraud, in which the identity thief opens new utility accounts, such as gas, electric, phone, or cable, in the victim’s name, accounts for as much as 20% of all instances of identity theft.

Loan fraud accounts for approximately 10% of instances of identity theft. In order to obtain a loan of any kind, applicants are nearly always required to provide a Social Security number.

Credit card fraud is the most lucrative type of new account fraud, and the most prevalent, accounting for almost half of all identity theft cases. Simply put, identity thieves love credit cards because they are the easiest accounts to open, and they can quickly be turned into cash.

The availability of instant credit means instant identity theft. Identity thieves froth at the mouth when they obtain personal identification information and are in range of a major retailer.

An identity theft protection service can help mitigate the risk of new account fraud by monitoring your credit for new account activity, as well as by monitoring the Internet for your personal information.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place.

According to Scott Waddell, Vice President of Technology at iovation Inc., “iovation sees identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials.  What might typically look like one transaction to a single business is often a shotgun attack across our globally shared view.  One device may be opening a new credit card account, then going to an online retailer, then applying for instant credit all within minutes, and iovation can detect that through velocity triggers and shared experience across subscribers to alert the affected businesses and thwart the attacks. That’s great for the protected businesses and for the consumers who would otherwise be dealing with fraudulent charges made under their identities.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Social Security Numbers as National IDs on Fox News. (Disclosures)

Be Aware Online Daters – Romance Scams & Threats

With Valentine’s Day around the corner, many single people return to thoughts of finding love online.   But while your head is in the online clouds, you should know – and sorry to sound like a parent – that cyberscammers may be there with you looking to take advantage of your vulnerable heart.

To help you stay safe on Valentine’s Day and year-round, here is a look at some of the top romance scams and threats, followed by safety tips in honor of your heart:

1) Online Dating ScamsMillions of people use online dating sites to broaden their networks and meet potential mates, but not everyone on these sites are sincere—some are scammers hoping to lure you in with false affection, with the goal of gaining your trust, and eventually, your money.

2) Love Exploits—These threats have you looking for love in all the wrong places—like dangerous websites designed to steal your information. One recent example of this is the Koobface worm, which targeted Match.com users by sending messages that appeared to be from other users, inviting them to look at photos and videos on a Match.com look-a-like site. When users tried to log in to the malicious site, it recorded their usernames and passwords and attempted to install a Trojan.

3) Valentine’s Day Spam & eCards–Scammers know that the holidays are the perfect time to send out themed messages and eCards, knowing they will grab your attention. Spam messages with subject lines such as “The Perfect Valentine’s Day Gift” may contain a link to a dangerous website that asks for personal information. And, a message that appears to be an eCard from a loved one could actually download malware on your machine when you click on the link, leaving you with an infection, rather than affection.

In Honor of Your Heart – How To Stay Safe

  • When signing up for online dating, go with a well-known dating site and get referrals from friends on which sites they use
  • Design your dating profile with care—think about the image you want to project and NEVER, under any circumstance, post personal information, such as your full name, address and phone number
  • Vet potential dates by checking to see that their profile information matches other online information, such as their LinkedIn or Spokeo profile
  • If a potential date asks you for a loan or any financial information, immediately report them to the dating site
  • NEVER EVER click on links in emails or eCards from people you do not know – if you don’t trust it, DO NOT click it
  • To help protect you from malware, use a comprehensive security software, such as McAfee Total Protection, and keep it up-to-date

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing discusses Safe Personal Dating on Tyra. (Disclosures)

Beware Of 10 Tax-time Scams

We are approaching tax time. Scammers are ramped up and looking for your money. Learn these tax season scam tips and watch your back.

1. Text messaging scams or smishing a.k.a Phexting. Like phishing but texting. Criminal hackers have access to technology that generates cell phone numbers and access to mass text messaging services. They send texts that install keyloggers or direct you to websites that steal your data.

2. Tax preparer scams. Reports of tax preparers who tell their clients they have to pay back their stimulus checks, then pocket the money.

3. Basic phone scams. Using the telephone for scams is back. Scammers call your home posing as local fire dept collecting your personal information for their records in case there is an emergency.

4. Caller ID spoof. New technologies that allow anyone any time to mask what shows on your caller ID and pose as an official, lottery or authority to get you to reveal data or write checks.

5. Late payment scam. As people fall behind on their utilities or taxes, lists are created and available either internally or as public record. These lists fall into the wrong hands and thieves call you to collect.

6. Affinity fraud. The Madoff scandal has inspired a new generation of cons to adopt the Ponzi once again.

7. Advanced fee fraud. Now more than ever, if it seems too good to be true, it is. Desperate times mean desperate people are making bad decisions and getting taken to the cleaners.

8. Work at home scams. Millions of people laid off, millions looking for a job. There isn’t a newspaper in the country that doesn’t have a work at home scam ad.

9. Foreign lottery scams. The promise of money is overseas, not here at home and criminals are using the phone, email and snail mail to find their victims.

10. Identity Theft. Identity thieves raised the bar as it has gone up 22%. Watch your credit reports and look for and shut down accounts opened in your name you have not authorized.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

School Officials Warn of Identity Theft

In a small Maine town, local school officials buck state requirements and tell parents not to give out their child’s Social Security number.

The Bangor Daily reports “School departments across the state are required by a new state law to collect students’ Social Security numbers for all enrolled this fall. Parents, however, should know that they can decline”. Local school officials, worried about the possibility of identity theft, are encouraging parents not to provide their children’s Social Security numbers to the state so the students can be tracked as they leave school and get jobs.

“We’re required to ask but we’re encouraging parents not to tell,” Superintendent Daniel Lee said on Monday.

The SSNs are supposed to be used for a 12 year study that will track each students and their progress throughout school. This is a perfect example of “functionality creep” of the SSN.  Functionality creep occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform.  An alternative to relying on SSN to track the students, another identifier could be assigned.

It is precisely this type of expanding use of an individual’s SSN that puts their personal identity at risk. Each child who coughs up their SSN has to worry whether or not someone who has authorized or even unauthorized access to the data base may use that child’s primary identifier to open new credit.

McAfee Identity Protection includes proactive identity surveillance to monitor a child’s identity and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing child identity theft on NBC Boston (Disclosures)

Personal Security Signage Adds Layers Of Protection

Recently I had the pleasure of working with a journalist in the Boston area who is also a family man. We did a story on home security and the different options consumers have to protect themselves. I see him on TV all the time reporting on issues of crime, violence and death. Unquestionably he is on the front lines of what’s happening in our world.

In the course of our interaction we discussed many different aspects of personal security, all stuff he knows better than most.  When doing a story like this the journalist asks questions so the answerers will benefit the audience, but like many others personal security isn’t his vocation so some questions he really wanted to know the answers to.

It always surprises me that some people don’t know what I know, even if they deal with blood guts on a daily basis.

Anyway at one point we were discussing “layers of protection” and the subject of “signage” came up. I’ve always believed the more layers you put in place the more secure you’ll be. Signage is one small deterrent that can make a big difference. A sign saying your home is alarmed is one layer. Another saying “Beware of Dog” defiantly puts doubt in the mind of a bad guy.

He asked me if that really is a deterrent and I used a simple example like a NO PARKING sign. If you see a no parking sign, you are much less likely to park there because you fear of a ticket. If a bad guy sees an alarm sign, he may fear getting caught or when a “Beware of Dog” sign is posted, he may fear getting bit.

Depending on the dog, getting bit by a dog is worse than getting arrested. It’s all about layers.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on Fox Boston.

How Does Device Reputation Protect Me?

Device reputation spots online evildoers by examining the computer, smartphone, or tablet they are using to connect to any website. If a device is recognized as having previously committed some type of unwanted behavior, the website has the opportunity to reject the transaction, preventing damage before it occurs.

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Pedophiles who’d never approach a child on the street contact kids over the Internet. Sex offenders avoid the stigma of their label on dating sites and social media. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit.

All of this is made possible by the anonymity of the Internet.

As fraudsters develop more sophisticated schemes and collaborate in elaborate fraud rings, the threat of cybercrime increases. Online businesses are getting hit hard by fraud and abuse, and it’s critical that fraud protection solutions save them from significant losses and damaged reputations.

A device reputation service checks for suspect history, but also investigates for characteristics consistent with fraudulent users. And the best part is that it denies criminals, often even before their first attempt.

According to Greg Pierson, Founder and CEO of iovation, “Device reputation helps prevent identity thieves from monetizing the credentials that they have stolen.  At the same time we are protecting online businesses, we’re also protecting the consumer.”

Device-based fraud management and a shared device reputation infrastructure play a critical role in identifying online fraud and abuse. Neglecting to take advantage of these tools severely limits a business’s ability to prevent fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Scambaiting on Fox News. (Disclosures)