5 Insidious Forms of Auto Insurance Fraud

Insurance is intended to have your back in the event that something goes wrong, but some individuals have found loopholes in the system, effectively turning insurance companies into their own personal banks. These scammers have long been known to engage in “slip and falls,” claiming “whiplash,” and engaging in elaborate scams that can take years to uncover and cost insurance companies millions.

Auto insurance scams are some of the most prevalent in the insurance industry, allowing fraudsters to easily obtain policies and take advantage of the “he said, she said” nature of auto accidents.

Here are five major scams plaguing the industry:

1. Ghost brokers: Even in such a heavily regulated industry, scammers are able to pose as legitimate insurance agents, offering steep discounts on consumer policies that are, in fact, worthless.

2. Crash for cash: These are typically rear-end accidents in which the victims unintentionally crash into the scammers. “Crash for cash” scams often occur at roundabouts or rotaries, intersections, and highway on-ramps. See the UK’s top crash for cash hotspots.

3. Soft tissue scams: Scammers may collude with physical therapists, chiropractors, and doctors to fake back pain, neck pain, and other hard-to-prove injuries that can’t be detected on an X-ray.

4. Staging scams: Generally, in this type of scam two or more cars are involved in a preplanned “accident.” The participants have agreed ahead of time to split the proceeds from repairs and injuries.

5. Phantom victims: After either a staged or legitimate accident, people who were not present at the incident are included in the claim.

In most cases, scammers file their fraudulent insurance claims online. The criminals who perpetrate these sorts of online scams tend to repeat their trick over and over, generating a pattern that can easily be detected by iovation’s device reputation service. This service spots online evildoers by examining the computers, smartphones, and tablets being used to connect to a website. If a device is recognized as having previously committed financial crimes, or is a new device but exhibiting high-risk behavior, the website has the opportunity to reject the transaction, preventing losses to the business before they occur.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Redefining Privacy Today

Privacy is really -and only- what you say or do within your own home with the shades down that is (generally legal) and between you and your love-ones that is not being communicated, recorded, broadcasted or reproduced in any way online or in a public forum.

In the past 5 years we have learned that everything from the websites we visit, the apps we download, the social networks we belong to, and the mobile phones we carry, pretty much know everything about us down to the text messages we send and receive.

Privacy is a very hot topic and probably one of the most misunderstood since the turn of the century. Over the past decade a battle has been fought by three very distinctive groups and they are as follows:

#1 Privacy advocates: These are your everyday well meaning and well informed people all the way up to privacy professionals who, day in and day out preach the absolutes of privacy and why we need it. They are evangelists of the issues and tell anyone and everyone the importance of privacy whether they want to hear it or not.

#2 Sales, marketers, advertisers, SMB and big business who stand to gain from knowing every last details about what you like, don’t like, who your friends are, your income, and basically your over all demographics defined in 33 bits of data. They offer us all the free stuff we can consume online and build communities that tie us all together. They track us and sell our data and sell advertising targeted directly at you.

#3 The Cattle: These are your everyday people that just go with the herd and aren’t all that concerned about privacy but might care just a little bit. They are more concerned about living happily ever after with as little friction as possible. Ultimately they want to use all the services and websites we have today and don’t want to pay for them if they don’t have to.

Most people are in the herd, which is why privacy is becoming a very different ideal today than it was a decade ago. It’s perfectly OK to fight for your privacy and insist on it by those you do business with. But know that it’s often the decisions and choices we make, (like checking a little ‘I agree’ box) which is why we are where we are today.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

How Device Reputation Can Help Prevent Fraud in the Insurance Industry

Insurance companies, like banks and retailers, are forced to deal with a wide spectrum of fraud, which costs the industry and its customers billions of dollars each year. According to the Insurance Fraud Bureau, “Undetected general insurance claims fraud total £1.9billion a year adding on average £44 to the annual costs individual policyholders face, on average, each year.”

Savvy criminals who perpetrate insurance fraud have learned to mask their true identities when setting up policies online, regularly changing account information to circumvent conventional methods of fraud detection. Now, more than ever, insurance companies need to be wary of these schemes from the onset and deploy effective solutions to analyze information beyond that supplied by users.

By initiating the application process with a device reputation check provided by iovation Inc., insurance companies can stop fraud before it happens and avoid further checks and fees when a device is known to be associated with identity theft and other frauds.

The insurance industry has an opportunity to work in tandem with merchants, banks, and others to share data that helps pinpoint the devices responsible for fraudulent activity. Shared device reputation intelligence makes this possible for the first time.
The insurance industry can utilize the established reputations of over 800 million devices in iovation’s device reputation knowledge base. While a computer applying for insurance on a site may be new for the first time, it is rarely new to iovation’s global client base. By assessing risk based on the device in real-time, an insurance company can better determine whether a particular device is trustworthy before a transaction has been approved or an account has been opened.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Woman Scammed of 400K

Police are warning elderly and those who have elderly parents that not all scams are done online. Some are executed using good ole’ snail mail and the telephone.

An “80-year-old woman received a letter in the mail claiming she had been awarded a large amount of money, but was required to pay fees and complete paperwork before the money would be released. According to police, the woman, without the knowledge of her children, started sending money. She started receiving notices indicating she would be awarded more money, and the scam went on for about a year. She sent about $400,000, police said.”

Scams like these are extremely easy and very lucrative for criminals. Elderly or those in your life that may be considered naïve are often the target because of their gullible nature. But other times it’s the time and culture they were raised in. There are numerous ways in which criminals pull at the heart strings of their victims to get them to open their bank accounts. Often it’s the same people who are targeted over and over again.

The most effective way to prevent these crimes from happening to all those concerned is to get better control over the release of funds from any of their financial accounts. Meaning if they have a big bank account set it up so two signatures are required for a check to be written. If the person is concerned they don’t want to be inconvenienced with every check they write then set up two accounts. One with a little money and one account with more funds effectively locked down.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

5 More Online Security Tips for Valentine’s Day

A scammer typically contacts a target and strives to project an image of someone who has it all together financially and socially, claiming to be a successful entrepreneur or something similar. Or scammers may claim to be facing adversity, claiming they are widowed, down on their luck, or, like many, simply lonely. This is a strategy that has worked in the past.

Follow these tips to prevent getting scammed:

#1 Unless this person becomes an actual significant other, never give out personal information like passwords, credit card numbers or Social Security numbers.

#2 Know that bad guys lie, a lot. And they will keep up the ruse until they have what they need or until you are in a vulnerable place. Pay attention to their intentions.

#3 Get their name, address, previous address, home phone, cell phone, place of birth, birth date, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number and do a background check.

#4 Go online and Google search every bit of information about them you have acquired. You want to know as much about this person as possible. Search name, phone, email and screen name. The goal is to look for truth and lies. If you see inconsistencies, or red flags that can’t be easily explained, run really fast.

#5 Never open attachments from anyone you don’t know well. And if you can avoid it, don’t click on links they send. Scammers will think nothing of sending you a virus to infect your PC and steal your identity.

Robert Siciliano personal and home security specialist toHome Security Source discussingInternet Predators on Fox Boston

Protect Privacy Shopping After Holiday Bargains

To my dismay, every time I buy something from a new online retailer, I have to register to create yet another user account, which means yet another password, and yet another company that may lose or sell my data or send me spam.

Fortunately, there are steps we can take in order to stay secure and protect our privacy:

1. Privatize your contact information by using a junk email address specifically for online purchases, and then forward purchase confirmations to your primary email. Use a Google Voice number when you don’t wish to give out your home or cell phone numbers.

2. Only provide personal information when absolutely essential, and provide the minimum of information needed to complete a transaction. When you do disclose this data, whether to make a purchase or for any other reason, first ensure that you know exactly who is requesting the information, and why they need it.

3. Create strong passwords using combinations of upper and lowercase letters, numbers, and symbols. Use long, strong, unique passwords for each individual account, and use a password manager to store those passwords in the cloud and allow access across various devices. Separate passwords for every account help to thwart cybercriminals. Never use the same password twice.

4. Own your online presence by setting any available privacy and security options according to your comfort level regarding information sharing. It’s okay to limit the information you share, and who you share it with. Keep an eye out for little boxes that need to be unchecked to avoid additional marketing communications.

5. Make an effort to keep yourself informed and current by checking trusted websites for the latest threats and newest ways to stay safe online. Encourage friends, family, and colleagues to be web-wise by sharing this information.

6. Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

Basic Security Tips When Providing Free Wi-Fi at Your Business

Wi-Fi: freedom to connect wherever and whenever. And there is no better Wi-Fi than free Wi-Fi, unless we are talking “secure Wi-Fi” which usually isn’t free. Wi-Fi is great for bringing in customers and it’s a great promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and just about anyplace with a store front, chairs and tables is offering free Wi-Fi.

But what about all the Wi-Fi security threats?

More and more internet savvy people realize that there is less and less anonymity on the web. This means that a criminal who operates from home or work can be detected via his IP address much easier. One way to avoid detection is to show up you’re your place of business and blend in with the connected crowd.

Criminals use free Wi-Fi for:

Pirating: Downloading stolen music, movies and software via Peer to Peer programs is big and costing the entertainment industry billions. The RIAA and MPAA don’t like this and will often crack down on whoever is connected to the IP address associated with the illegal downloading.

Child Porn: The long arm of the law is often spending time in chat rooms posing as the young and vulnerable and chatting it up with pedophiles who exchange in child pornography.  Wouldn’t be cool if the FBI to came knocking.

Hacking: Hackers will hack others on the free Wi-Fi network in order to steal usernames, passwords and account information.

Secure Wi-Fi

Creating a secure Wi-Fi that requires a user name and password to join. This may not prevent all kinds of e-crimes but it’s a start to improve your Wi-Fi network security. Charging even a dollar may get a credit card number on file and would mostly eliminate anonymity.

Web filtering: Your IT security vendor has tools similar to what a corporation may have in place that filters out known websites and prevents the sharing of Peer to Peer files.

Confirm you are on a business account: Many small businesses may set up under a personal account because it might be a bit cheaper. But that personal account doesn’t enjoy some of the protection and indemnities that a business account would.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

One in Three Massachusetts Residents’ Records Breached

Massachusetts has one of the most stringent data protection laws on the books. Businesses are required to disclose data breaches, and companies are now reporting when even a single individual’s information has been compromised.

Despite strict laws and security requirements, companies are continually being hacked in record numbers. And if major businesses still being hacked despite allocating significant resources to securing their data, you’re more than likely at least as vulnerable.

The Boston Globereports, “Personal information from nearly one out of three Massachusetts residents, from names and addresses to medical histories, has been compromised through data theft or loss since the beginning of 2010, according to statistics released yesterday by the office of Attorney General Martha Coakley.”

Facts:

  • Since January 2010, 1,166 data breach notices have been filed
  • 480 of those breaches occurred between January and August of 2011
  • 2.1 million residents were affected
  • 25% involved deliberate hacking of computer systems containing sensitive data

This is just Massachusetts. Every other state is experiencing the same thing. According to Juniper Research, in the past year, 90% of organizations have suffered from some form of data breach. Since the start of 2011, there have been 365 data loss incidents involving 126,727,474 records around the world.

Keeping PCs and Macs updated with antivirus and anti-spyware software is fundamental, as is updating all critical security patches. You should also have a two-way firewall monitoring incoming and outgoing traffic, and strong passwords that combine upper and lowercase letters, numbers, and preferably other characters.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

Ghosting Identity Theft Scams

There are generally 2 types of financial identity theft. New account fraud and account takeover.

New account fraud Identity theft can occur when someone opens a new credit card in your name, maxes it out, and doesn’t pay the bill.

Account takeover Identity theft can also occur when a bad guy gets your information, uses it to take over your existing credit or bank accounts, and drains your funds.

But then there is “ghosting”. ID fraud happens when new accounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers.

Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number.

When a creditor issues credit based on these invented numbers and reports that information to the credit bureaus, the Social Security numbers become active identifiers that other creditors will recognize in the future. The thieves, now equipped with functional Social Security numbers, can use them to open numerous new accounts.

That first creditor who issued credit to a ghost identity with a newly created Social Security number may have had someone on the inside of the credit issuing organization submitting fraudulent payment or loan information in order to legitimize the fake number.

Businesses who issue credit may unknowingly facilitate these scams if they have employees on the inside who manipulate the system. Never leave employees unsupervised without some form of redundant checks and balances system in place. At least run Social Security numbers through the Social Security Administrations Verification Service to prevent Identity theft. Business scams like these eat at the foundation of credit and cost companies and consumers billions a year.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Do You Have A False Sense of Cybersecurity for Mobile?

Nearly three-quarters of Americans have never installed data protection applications or security software on their mobile devices to prevent data loss or defend against viruses and malware. 72% of us have unsecured smartphones, to be exact, even though we are using them more frequently in our digital lives.

A recent survey shows that 44% of Americans use smartphones to access the Internet, and 75% say they access the Internet more frequently on their device today than they did one year ago.

Digital research firm comScore found that close to 32.5 million Americans accessed banking information via mobile device at the end of the second quarter of 2011, a 21% increase from in the fourth quarter of 2010. Approximately 24% of consumers store computer or banking passwords on their mobile devices, according to Consumer Reports’ 2011 State of the Net Survey. More than half of smartphone users do not use any password protection to prevent unauthorized device access. And according to Gartner, 113 mobile phones are lost every minute in the U.S. alone.

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

Protect yourself:

Use mobile security software and keep it current. Having complete mobile security protection like that offered in McAfee Mobile Security is a primary safety and security measure.

Automate software updates. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

Protect all devices that connect to the Internet. Along with computers, smartphones, gaming systems, and other web-enabled devices also need protection from viruses and malware.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)