Ghosting Identity Theft Scams

There are generally 2 types of financial identity theft. New account fraud and account takeover.

New account fraud Identity theft can occur when someone opens a new credit card in your name, maxes it out, and doesn’t pay the bill.

Account takeover Identity theft can also occur when a bad guy gets your information, uses it to take over your existing credit or bank accounts, and drains your funds.

But then there is “ghosting”. ID fraud happens when new accounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers.

Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number.

When a creditor issues credit based on these invented numbers and reports that information to the credit bureaus, the Social Security numbers become active identifiers that other creditors will recognize in the future. The thieves, now equipped with functional Social Security numbers, can use them to open numerous new accounts.

That first creditor who issued credit to a ghost identity with a newly created Social Security number may have had someone on the inside of the credit issuing organization submitting fraudulent payment or loan information in order to legitimize the fake number.

Businesses who issue credit may unknowingly facilitate these scams if they have employees on the inside who manipulate the system. Never leave employees unsupervised without some form of redundant checks and balances system in place. At least run Social Security numbers through the Social Security Administrations Verification Service to prevent Identity theft. Business scams like these eat at the foundation of credit and cost companies and consumers billions a year.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Do You Have A False Sense of Cybersecurity for Mobile?

Nearly three-quarters of Americans have never installed data protection applications or security software on their mobile devices to prevent data loss or defend against viruses and malware. 72% of us have unsecured smartphones, to be exact, even though we are using them more frequently in our digital lives.

A recent survey shows that 44% of Americans use smartphones to access the Internet, and 75% say they access the Internet more frequently on their device today than they did one year ago.

Digital research firm comScore found that close to 32.5 million Americans accessed banking information via mobile device at the end of the second quarter of 2011, a 21% increase from in the fourth quarter of 2010. Approximately 24% of consumers store computer or banking passwords on their mobile devices, according to Consumer Reports’ 2011 State of the Net Survey. More than half of smartphone users do not use any password protection to prevent unauthorized device access. And according to Gartner, 113 mobile phones are lost every minute in the U.S. alone.

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

Protect yourself:

Use mobile security software and keep it current. Having complete mobile security protection like that offered in McAfee Mobile Security is a primary safety and security measure.

Automate software updates. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

Protect all devices that connect to the Internet. Along with computers, smartphones, gaming systems, and other web-enabled devices also need protection from viruses and malware.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

5 Online Security Tips For Valentines Day

For some, Valentines means they might be lonely. I’ve been there, and I know many who are there now. That loneliness can distort your perspective in a way that trumps common sense. This leads people to make badly considered decisions that only worsen their circumstances. Unfortunately, scammers use this raw emotion as leverage on online dating websites and social media.

These scammers are like loneliness relief valves. In a way, they provide a different perspective by making baseless promises that they never intend to fulfill. In the end, victims end up emptying their bank accounts.

The key to be safe and secure is awareness of yourself and your emotions and the intentions of others who contact you.

Don’t be an online dating statistic. Follow these tips:

#1 Look for red flags. If you are contacted online and they make no reference to you or your name, it may be a “broadcast” scam going to others.

#2  If they immediately start talking about marriage and love and showing immediate affection run really fast.

#3  Anyone asking for money for any reason is a con-man. Never under any circumstances wire money, send checks, cash etc.

#4 When communicating with someone online and it seems it takes days for them to respond, this may be a sign they are married.

#5 When communicating with a potential mate via online dating or even in the physical world, please do not give up any information to them until you are entirely sure they are “good”.

Robert Siciliano personal and home security specialist to ADT Home Security Source discussingGPS Dating Security on Good Morning America.

Barefoot Bandit Gets 7 Years

You may recall the story about Colton Harris Moore who as a teenager was busted for committing over 100 burglaries in the Pacific Northwest. He stole cars, speedboats and airplanes and is known as the “Barefoot Burglar” because he kicked off his shoes running from the police through the woods.

Last summer he signed a movie deal to make $1.3 million with 20th Century Fox. However he won’t earn any money from this, as all the funds will go to restitution.

After 2 years of running, he was busted in a chase that involved police, boats and bullets. Most of these stories usually end up in the perpetrator being dead. But this now 20 year old will live to tell another tale, from prison.  He was recently sentenced to 7 years in state prison and pleaded guilty to numerous charges including burglary and identity theft.

In sentencing the judge was quoted saying “This case is a tragedy in many ways, but it’s a triumph of the human spirit in other ways, I could have been reading about the history of a mass murderer. I could have been reading about a drug abusive, alcoholic young man. That is the triumph of Colton Harris-Moore: He has survived.”

He survived and left many victims behind. He destroyed thousands of dollars in cars, airplanes and boats. He stole everything from food to cash and jewelry, electronics and clothing. As “romantic” as his story is, the victims of his crimes will never feel the same way again in their own homes.

Lock your doors and windows

Install a monitored alarm system. Consider ADT Pulse.

Give your home that lived in look

Leave the TV on LOUD while you are gone

Install timers on your lights both indoor and outdoor

Close the shades to prevent peeping inside

Use defensive signage

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

75 Million Unique Malware Samples By 2012

Imagine your body being targeted by 75 million viruses. That is exactly what’s happening to your digital devices. Laptops, desktops, netbooks, notebooks, Macs, iPads, iPhones, BlackBerrys, Androids, and Symbian mobile phones are all being targeted. The most recent threats report from McAfee Labs reveals a grim outlook and a variety of threats.

Mobile: Android has become the most popular platform for new malware, and this past quarter, was targeted exclusively by all new forms of mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of viruses, but Android is clearly today’s main target.

Malware: Rootkits, or stealth malware, are one of the nastiest threats we face. They are designed to evade detection, and thus are able to lurk on a system for prolonged periods. Fake AV, also known as fake alert or rogue security software, has bounced back strongly from previous quarters, while AutoRun and password-stealing Trojans remain at relatively constant levels. Mac malware continues to show a bit of growth as well.

Spam: Although spam volume has decreased significantly, McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” Much like malware, total numbers are dropping but the severity of the threat and sophistication of the technique remain high.

Social engineering: Subject lines used for social engineering spam messages vary depending on geography and language. Bait can include holidays or sporting events, and often differs by month or season. Attackers have shown remarkable insight into what works for specific people at specific times.

Spam botnets: New spam botnet infections continued steadily from February through August of 2011, but dropped somewhat in September.

Bad URLs: Website URLs, domains, subdomains, and particular IP addresses can be “bad” or malicious, either because they are used to host malware, phishing websites, or potentially unwanted programs.

Phishing websites: McAfee identified approximately 2,700 phishing URLs per day during the second quarter of 2011, a slight decrease from the same period in 2010, when they counted 2900 per day.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

How to encrypt your email with PGP

Pretty Good Privacy (PGP) “is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.”

Say you have a manufacturing plant in China that makes a one of a kind widget and you have a U.S patent that you don’t want other companies stealing. Every so often you must send an email back and forth to your man of the ground in Beijing to update the specs and ways in which that product is to be created.  You know that if your emails are intercepted that it’s just a matter of time before a cheap knockoff comes on the market and kills your business. So, you better learn how to encrypt email.

This is where PGP email encryption comes in.

#1 There are PGP key generators online and others available in purchased or open source software. To create a PGP key you will plug in your email address and provide a password. Your security vendor can point you in a direction. Or go here to generate a PGP key.

#2 PGP keys are public and private. Your public key is posted to your website or contained in your email. People use this key to send you encrypted emails. The private key is kept private. My public key looks like this:












#3 When receiving an encrypted email you plug in your private key that looks a lot like a public key and include the password.

Find here a cool free online tool that generates PGP keys for fun and lets you see how PGP email encryption is done.

Caution: I’m not sure of what’s going on in the background of this site so I can’t recommend using this key generator for ongoing secure use.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures