June 2012 - Page 2 of 3

Identity Thief Gets 4 Years in Club Fed

June 18, 2012/in iovation /by Robert Siciliano

Four years and six months doesn’t seem like a particularly severe sentence for a thief in Washington state who stole 15 people’s identities, including four police officers, created fake driver’s licenses, washed checks, and used “mules” to steal sensitive documents, make purchases with stolen credit, and sell the merchandise. The thief’s attorneys described him as a “38-year-old drug addict who has had medical and mental setbacks and was living in a motel.” I don’t know what his mental setbacks are, but all the meth he was doing may have been a contributing factor.

I spoke about this very case at the Merchant Risk Council’s 2012 MRC Annual e-Commerce Payments & Risk Conference in Las Vegas. I shared the stage with Detective Adam Haas, who investigated the case, and Jon Karl, from device reputation leader iovation, to discuss was “How Device Associations Helped Law Enforcement Tie Multiple ID Theft Cases Together.”

The thief in this case stole tax records and Social Security numbers from mailboxes and used the stolen information to take over victim’s credit accounts and to create counterfeit checks and fake driver’s licenses, which he used to purchase expensive items as local stores. He sold many of the stolen items on eBay or Craigslist, or simply exchanged them directly for drugs. After being arrested and released pending trial, the thief fled, posted “catch me if you can” on his MySpace page, and continued committing the same crimes. In January, he pled guilty to bank fraud and aggravated identity theft.

Kirkland police detectives received a great deal of assistance from Portland-based iovation. iovation’s ReputationManager 360 service was used to track down the fraudulent credit applications at various retail chains, which originated from a group of computers that iovation linked together within their vast network of more than 950 million unique devices. In addition to nabbing the thief, they were able to help identify other victims within the state who were not yet aware they had been impacted.

In a statement, the Detective commented, “The online digital bread crumbs sniffed out by iovation were critical in tying everything together, leading to a much bigger crime ring than we originally suspected.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses organized criminal hackers on Good Morning America. (Disclosures.)

Mobile Wallets—How I Make Mobile Payments Securely

June 16, 2012/in mcafee /by Robert Siciliano

Some say there will be a day when the wallet you carry in your pocket or purse will become obsolete. The plan is to eliminate all our credit cards, store cards, and IDs and use our mobile phones as our primary means of commerce and identification. The technology behind mobile wallet or mobile POS (point of sale) basically turns your smartphone into a smart debit or credit card. Soon you will be able to pay for almost anything via your mobile device.

When mobile wallets and mPOS become more common, thieves will certainly look for ways to empty them. For instance, it’s possible for attackers to use technologies that allow them to “eavesdrop” on your payments or steal and transmit your credentials by extending the range of the wireless signal. Your data may also be manipulated or corrupted by an attacker.

So how do I conduct safe mobile payments?

Pay attention to your credit card statements to check that you are paying for what you actually purchased.

Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read to app’s privacy policy on what data of yours it is accessing and sharing.

Don’t do any mobile transactions over unsecured Wi-Fi connection. It’s much more secure to use your mobile data network.

Keep your mobile software current. This includes the latest updates for your operating system, mobile browser and mobile security software like McAfee Mobile Security.

Using your phone to pay for things simply by tapping it or swiping it at a store’s checkout terminal may sound like a convenience of the future, but it’s already here and you need to be prepared for this.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Preparing for Your Summer Vacation Overseas

June 16, 2012/in just ask gemalto /by Robert Siciliano

If you plan to travel abroad this summer, you should be aware that your usual credit or debit card may not work overseas. In other countries, particularly in Europe, EMV or “chip and PIN” cards are standard. Many merchants will not or cannot accept U.S. cards with magnetic stripes, which could put you in a difficult position when you need gas or have to buy a train ticket.

But proper planning can prevent travel headaches:

Cash is king. No matter where you are in the world, everyone accepts cash. While cash can be a security risk, so is not having any. Exchange some currency at your local bank before you leave, since you might need some foreign money the moment you step off the plane. But exchange the bulk of your money once you have arrived at your destination to get the best rates.

Traveler’s checks are still a good option. Traveler’s checks are now available in the form of an EMV debit card. American Express, Visa, AAA, and Wells Fargo are just a few of the institutions that offer traveler’s checks.

Carry photo ID. When paying with a regular credit card, always have a valid ID available. A merchant who is accustomed to accepting EMV cards may feel skittish about your regular credit card, and may require that you present a photo ID.

Train station kiosks require EMV. Many people travel on trains, especially when touring foreign countries. Purchasing tickets can be difficult, as most rail stations have ticket kiosks that require an EMV card (or cash only). Most train stations do also have a manned ticket booth that will accept cash, but be warned that the lines are often very long. Buying online ahead of time is also an option.

Gas pumps also require EMV. In the late hours of the evening, or early in the morning it is not uncommon for a gas station to be unattended, but with self-service pumps left open. However, these pumps generally only accept EMV cards. This is when planning ahead is essential. If you know you will be traveling all night, get gas ahead of time, or you may end up searching for a gas station with an attendant in the wee hours.

Toll roads are tricky. In a Fodors.com forum discussing European toll roads, one user advises, “In France, sometimes a US credit card works, and sometimes it won’t. If it won’t and you have a line of cars behind you all honking their horns, it won’t be a good scene. The credit card toll booths that I’ve seen don’t take cash as an alternative. The credit card machine ‘eats’ your ticket, so backing up (even if there are not cars behind you) won’t work. We had to have an attendant close her toll booth, come over to ours, take our cash, and then we got going.”

So, all that being said, carry cash, try to travel during the day, and be aware of your options are at night.

Read more personal stories and advice at www.GetFluentC.com.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How EMV Impacts International Travel

June 13, 2012/in just ask gemalto /by Robert Siciliano

In the United States, credit and debit cards rely on magnetic stripe technology. The magnetic stripe is the black, brown, gold, or silver band on the back of your credit or debit card. Tiny, iron-based magnetic particles in this band store your account number. When the card is swiped through a “reader,” the data stored on the magnetic stripe is accessed. Card readers and magnetic stripe technology are inexpensive, readily available and vulnerable to fraud.

The other, more secure type of credit card is called “EMV,” which stands for Europay, MasterCard, and Visa. According to the Smartcard Alliance, “EMV is an open-standard set of specifications for smart card payments and acceptance devices. EMV chip cards contain embedded microprocessors that provide strong transaction security features and other application capabilities not possible with traditional magnetic stripe cards.”

If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard.

The Smartcard Alliance explains:

“U.S. travelers are reporting troubles using their magnetic stripe cards while traveling. Aite Group has estimated that 9.7 million U.S. cardholders experienced magnetic stripe card acceptance issues when they traveled internationally in 2008, costing banks $447 million in lost revenue. The most common areas where travelers may face issues are at unmanned kiosks for tickets, gasoline, tolls and/or parking, and in rural areas where shop owners do not know how to accept magnetic stripe cards.”

To avoid payment problems, follow these steps:

Ask your bank if they offer an EMV card. Most major banks do, including Bank of America, Chase, Citibank, U.S. Bank, and Wells Fargo.
Pay in cash.
Don’t expect your debit cards to work at payment terminals. Yes, your debit card requires a PIN, but that doesn’t make it an EMV card. You should be able to use your debit card to get cash from ATMs.
Inform your bank you will be traveling, otherwise they may flag your card for fraud.
Visit GetFluentC.com to share your story and learn more.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

OSHA First Aid Kit for Small Businesses

June 13, 2012/in ADT Home Security systems /by Robert Siciliano

OSHA’s Occupational Safety and Health Standards business regulations requires first aid kits for certain types of businesses. However no matter the nature of your business, it is not unreasonable to have a basic first aid kit on hand.

The following first aid kit list sets forth the minimally acceptable number and type of first-aid supplies for first-aid kits required for loggers, and frankly, it doesn’t seem like much. I have more than this in my first aid kit in my house!

The contents of the first-aid kit listed should be adequate for small work sites, consisting of approximately two to three employees. When larger operations or multiple operations are being conducted at the same location, additional first-aid kits should be provided at the work site or additional quantities of supplies should be included in the first-aid kits:

OSHA First Aid Kit List:

1. Gauze pads (at least 4 x 4 inches).

2. Two large gauze pads (at least 8 x 10 inches).

3. Box adhesive bandages (band-aids).

4. One package gauze roller bandage at least 2 inches wide.

5. Two triangular bandages.

6. Wound cleaning agent such as sealed moistened towelettes.

7. Scissors.

8. At least one blanket.

9. Tweezers.

10. Adhesive tape.

11. Latex gloves.

12. Resuscitation equipment such as resuscitation bag, airway, or

pocket mask.

13. Two elastic wraps.

14. Splint.

15. Directions for requesting emergency assistance.

Once an employee is injured, having the right first aid available can significantly reduce further injury of valued employees.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

June is Home Safety Month

June 13, 2012/in ADT Home Security systems /by Robert Siciliano

You may think all the corners of tables in my hope are protected with soft pillows and my kids are wrapped in bubble wrap. No, but there are few safety hazards and yes, my kids are wrapped in bubble wrap. We helicopter parent the heck out of them and I can’t think of any other way to be. Maybe they wash their hands too much, but is there such a thing?

The Centers for Disease Control (CDC) is there to raise parents’ awareness about the leading causes of injury and how they can be prevented.

Protect the Ones You Love

More than 9 million children between birth and age 19 are seen for injuries each year in U.S. emergency departments, and injuries are the leading cause of death among children in this age group.

Home Safety Month is an ideal time to learn about child safety and the top causes of child injury.

Burns

Install and maintain smoke alarms in your home.

Develop and practice a family fire escape plan.

Set your water heater’s thermostat to 120 degrees Fahrenheit or lower.

Use safe cooking practices, such as never leaving food unattended on the stove.

Drownings

Install a four-sided isolation fence, with self-closing and self-latching gates, around backyard swimming pools.

Learn cardiopulmonary resuscitation (CPR) and get recertified every two years.

Supervise young children at all times around bathtubs, swimming pools, and natural bodies of water.

Slips and Falls

Use playground equipment that is properly designed and maintained, and that has a soft landing surface material below.

Use home safety devices, such as guards on windows that are located above ground-level, stair gates, and guard rails.

Supervise young children at all times around fall hazards, like stairs and playground equipment.

Poisonings

Store medicines and other toxic products such as cleaning solutions in locked or childproof cabinets.

Put the poison control number, 1-800-222-1222, on or near every home telephone.

Dispose of unused, unneeded, or expired prescription drugs.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

What Does It Take To Be Digitally Secure?

June 13, 2012/in mcafee /by Robert Siciliano

Let’s get one thing straight: it’s no longer possible to deny that your life in the physical world and your digital life are one and the same. Meaning, while you are present here on the ground, you also exist online, whether you know it or like it or not. Coming to terms with this reality will help you make better decisions in many aspects of your life.

Get device savvy – Whether you’re using a laptop, desktop, Mac, tablet, or smartphone, learn about it. No excuses! No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

Get social – One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. You should think about what you post on social networks—don’t put anything on there that you wouldn’t want anyone you see. A good rule of thumb to follow is to be aware of all the information you have available online, and consider everything you post as public, even if you are using the strongest privacy settings available.

Manage your online reputation – Whether you are socially active or not, or whether you have a website or not, there are plenty of websites that know who you are, and either mention you or are listing your information in some fashion. Google yourself and see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence in your voice. And don’t let others use your name on a site—go ahead and secure your identity on a site, even if you don’t actively use it so someone else can’t take your identity and pose as you.

Get secure – There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Make sure you invest in software to protect all your devices—not just your PCs. With the power of smartphones, tablets and notebooks, it is critical to protect all these devices, not just your home computer. Software like McAfee All Access can provide a complete solution for protecting all your devices including PCs, Macs, smartphones and tablets as well as providing protection for your kids online.

Digital devices are a reality for most of us and while they provide a myriad of conveniences, they could also open us up to potential risks. By taking just a few simple precautions you can keep yourself safe online.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

U.S. Department of State Shares Red Flags to Identify Dating Scams

June 12, 2012/in iovation /by Robert Siciliano

Online dating scams have become a worldwide issue. A study presented at the annual meeting of the British Psychological Society in London found that people with strong romantic beliefs who idealize their romantic partners are most likely to fall victim to online dating scams. Meanwhile, the U.S. Department of State has posted an advisory warning Americans to “be alert to attempts at fraud by persons claiming to live outside of the U.S., professing friendship, romantic interest, and /or marriage intentions over the Internet.”

According to the State Department, the following red flags can be used to identify a potential romance scam:

The scammer and the victim meet online – often through Internet dating or employment sites.
The scammer asks for money to get out of a bad situation or to provide a service.
Photographs that the scammer sends of “him/herself” show a very attractive person. The photo appears to have been taken at a professional modeling agency or photographic studio.
The scammer has incredibly bad luck– often getting into car crashes, arrested, mugged, beaten, or hospitalized — usually all within the course of a couple of months. They often claim that their key family members (parents and siblings) are dead. Sometimes, the scammer claims to have an accompanying child overseas who is very sick or has been in an accident.
The scammer claims to be a native-born American citizen, but uses poor grammar indicative of a non-native English speaker. Sometimes the scammer will use eloquent romantic language that is plagiarized from the Internet.

Many dating sites and online communities have turned to device identification leader iovation Inc. for help. iovation works with global dating websites and social networks to protect their members from behind the scenes by eliminating scammers before they’ve had a chance to case harm. iovation has already prevented more than 50 million online scams, spam, solicitations, fake profiles and phishing attacks in their attempt to make the Internet a safer place to do business and interact.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on E! True Hollywood Story. (Disclosures.)

How Do I Protect Myself When Using Wi-Fi?

June 10, 2012/in mcafee /by Robert Siciliano

Wi-Fi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, even airplanes.

Wi-Fi wasn’t born to be secure; it was born to be convenient. Wireless networks broadcast messages using radio and are therefore more susceptible to eavesdropping than wired networks.

Today, with criminal hackers as sophisticated as ever, if you are using an open unsecured network on your mobile device, you risk exposing your data. There are many ways for hackers to see who’s connected on a wireless connection, and to gain access to your information including passwords, emails, and all the data on your device.

To protect yourself and your data when using Wi-Fi, you should:

Turn it off: the most secure Wi-Fi is one that is turned off. Disabling the Wi-Fi signal on your device prevents anyone from seeing your device and prevents your mobile from randomly connecting to just any available Wi-Fi.

Limit your use of hotspots: When you’re away from your home or work network, use a 3G or 4G data connection instead since most mobile phone providers encrypt the traffic between cell towers and your device.

Use a Wi-Fi connection is protected: Make sure you don’t see the message you are “connecting to an unsecured network.” You may also need a password or code to get access to the Wi-Fi connection.

Use a VPN: a Virtual Private Network (VPN) is one set up with encryption to protect your data from unauthorized access. A VPN may be available through your workplace or at home. A quick search in your mobiles application store will quickly result in numerous free and paid apps to go online in a VPN.

Only use https: Hypertext transfer Protocol (http) with Secure Sockets Layer (SSL, hence the S) is a more secure option set up by a website that knows security is essential. Look for https:// in the address bar signifying it’s a secure page. Even on an open unsecure wireless connection https is more secure.

If you do use public Wi-Fi, make sure not shop online or access your personal and financial sites. And remember to keep in mind that potentially anything you are doing online can be accessed by someone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft. (Disclosures)

Federal Investigators Bust Credit Fraud Ring

June 9, 2012/in iovation /by Robert Siciliano

A federal investigation dubbed “Operation Open Market” recently yielded 19 arrests in nine states, for crimes including identity theft and counterfeit credit card trafficking. The defendants allegedly participated in “Carder.su,” a Las Vegas-based transnational ring that bought and sold stolen personal and financial information and manufactured counterfeit IDs and credit and debit cards in order to commit fraud. This criminal organization has also been known to host online forums wherein members are encouraged to buy and sell counterfeit documents and stolen data.

Executive Director of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations James Dinkins commented, “The actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be understated.”

According to the Federal Financial Institutions Examination Council’s latest update, “Fraudsters use keyloggers to steal the logon ID, password, and challenge question answers of financial institution customers. This information alone or in conjunction with stolen browser cookies loaded on the fraudster’s PC may enable the fraudster to log into the customer’s account and transfer funds to accounts controlled by the fraudster, usually through wire or ACH transactions.”

The FFIEC recommends that financial institutions incorporate device identification into their layered security approach in order to thwart attacks like these, but smart financial institutions are going a step further by employing device reputation analysis approach.

iovation, an Oregon-based firm helping to fight cybercrime, offers device reputation, which builds on its complex device identification technology. It does this by offering real-time risk assessments which look at evidence of past fraud attacks, risk profiles, detects anomalies, and uncovers relationships between devices and accounts that have a history of working in collusion to stealing from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses the latest data breach on Good Morning America. (Disclosures.)