What is Identity Theft?

/in /by

Identity theft occurs when someone takes your personally identifiable information (PII), and misuses it, abuses it, and adapts it to his or her own life, often for financial gain. When an identity thief does this, your good name is soiled—the name you have worked so hard to keep in good standing. Rectifying it can be as simple as a phone call, or it can be as difficult as having to prove your innocence to a jury of your peers.

Identity theft, also known as identity fraud, encompasses various types of crimes. The identifying factor is that a criminal has wrongfully acquired and adopted someone else’s personal data. This can include the victim’s name, Social Security Number, address, date of birth, credit card information, bank account number, or any other type of personal information.

When identity theft affects you, it can consume your time and ruin your credit. You become a liability for an employer or a college administrator. You may be perceived as someone who has bad credit as a result of your own doing. You have a black mark on your reputation. In short, it is the victims, not the criminals, who have a difficult time functioning in a credit-driven society.

What follows is a real-world example of this type of crime:

An 18-year-old man was driving in his vehicle, and he rolled through a stop sign. He was pulled over by a police officer who witnessed the offense. When the police officer checked his information, it was determined that there was a warrant out for his arrest for numerous prior violations. After his arrest and subsequent trip to the police station, they learned that his Social Security Number was tied to a man who was 49 years old. This young man learned that his identity had been stolen a number of years ago! The identity thief had opened up several businesses in the young man’s name while he was still a child. Identity theft is the only crime that I am aware of in which you are presumed guilty until proven innocent.

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. Disclosures.

Jailbreaking an iPad Exposes Vulnerabilities

/in /by

At the McAfee FOCUS conference in October of last year, members from McAfee Labs™ spoke about malware and other threats that affect security. One of the most popular events was when they brought an iPad on stage and did a live hack.

The researchers were able to remotely watch as a user accessed his email and even interacted with the device by accessing the iPad via an unprotected wireless Internet connection (like many of use in a café, airport or other public place).

The issue that made the iPad vulnerable has since patched, but the tools used in this hack were some that are also used to “jailbreak” a mobile phone or tablet.

Jailbreaking is the process of removing the limitations imposed by Apple and the associated carriers on devices running the iOS operating system. A jailbroken iPhone or iPad breaks Apple’s security and allows users to download applications, some of which are pirated from unofficial third party stores.

Similar to jailbreaking, rooting is the term used for this process of removing the limitations on any mobile phone or tablet running the Android OS.

Jailbreaking or rooting your mobile device may be desirable in some cases for some people, but what we all need to be aware of that by doing so, we are opening the device up to vulnerabilities which can be used for malicious purposes.

Here’s the link to the full paper that was written from this demo:http://www.mcafee.com/us/resources/white-papers/wp-apple-ipad-hack.pdf

The lesson we all can learn from this? We need to protect ourselves by:

Using strong passwords and locking our devices

Ensuring that anti-malware and anti-theft protection are in place on our mobile devices

Taking precautions when using public Wi-Fi connections

Being aware of what we do online and how it can make us vulnerable

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Vacation Rentals Are Scam Bait

/in /by

Although it’s been a mild winter people still get itchy to head out for a ski vacation or a tropical one. Many people are searching online classifieds like Craigslist, eBay, newspapers and real estate listings for vacation rentals.

The most suspect site is Craigslist. I’m fully engaged in Craigslist and continually receive scammy communications from supposed buyers. This means scammers are on the site as buyers and sellers full time.

Certainly there are plenty of legitimate ads for vacation rentals however many are suspect. I rented out an apartment I own in the past and a Craigslist scammer set up a duplicate ad with my photos and everything and cut my price in half.

If you choose to engage in a rental and a security deposit is required it is best that you visit the property and hand deliver a check. If you request to visit the property and are denied then the ad is more than likely fraud.

If the property is hundreds or thousands of miles away and visiting isn’t an option then there is a much higher risk. In these circumstances never wire money as there is very little recourse. Using a credit card is a little safer, but no guarantees.  Here is where the honor system comes in. Otherwise your best bet is to deal with a real travel site with positive reviews.

Google the person, their email, the title of the ad and/or property you are considering renting. If something negative pops up, beware. If the property address doesn’t exist, beware.

Your best bet is to search listings on local real-estate sites. A licensed Realtor is 1000 times safer than blindly using Craigslist.

Robert Siciliano personal and home security specialist toHome Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Don’t Let Location-Based Services Put You in Danger

/in /by

Location-based services utilize geo-location information to publish your whereabouts. In some cases, these services can also provide discounts or freebies as a reward for “checking in” at participating businesses and gathering “points.” These services can also be used to share photos and other media in real-time with your friends and followers.

Geo-location or geo-tagging can be used on PCs, but is primarily applicable to mobile phones. The geo-location software usually obtains its data from your device’s Internet protocol (IP) address or your global positioning System (GPS) longitude and latitude. Many of today’s social networking sites are now incorporating location-based services that allow users to broadcast their locations via smartphone.

Carnegie Mellon University has identified more than 80 location-sharing services that either lack privacy policies or collect and save user data for an indefinite period of time.

Some companies have even adopted the technology, which they’ve dubbed “GPS dating,” to connect singles with other local singles anywhere, any time. These dating services make it easy to find other users by providing photos and personal descriptions.

This technology is immensely useful to predators, thieves, and other criminals, since it makes it so simple to determine where you are, and where you are not. They can access a full profile of your itinerary, all day, every day. Someone who is paying unwanted attention to you can see your exact address each time you “check in.”

One of the most extreme examples of the dangers posed by GPS-locators is the issue of domestic abuse victims who seek safety at a shelter; volunteers have adopted a policy of removing batteries from women’s phones as soon as they arrive, so that abusers cannot track their victims to the shelter.

Thieves use geo-location to determine whether you are home or not, and then use that data to plan a burglary.

Stalkers who use the phone’s GPS are usually close to the victim—a family member or ex-boyfriend or girlfriend, for example—and use their personal access to manually turn on GPS tracking.

To protect yourself from broadcasting your location, you should:

Turn off your location services on your mobile phone or only leave it enabled for applications like maps. Most geo-location services are turned on by default.

Be careful on what images and information you are sharing on social networks and when. For example, it’s best to wait until you are home to upload those vacation photos.

Make sure you check your privacy settings on your social networking sites that you’re sharing information on to make sure you are only sharing information with your friends and not everyone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing GPS Dating Security on Good Morning America. (Disclosures)

Wireless Security:Wi-Fi Hacking Burglars Busted

/in /by

In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries. They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.

SeattlePIreported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated. Once a Wi-Fi network is located through wardriving, hackers can remotely watch for information that may reveal the network’s security setup and vulnerabilities”. Police said they used sophisticated electronic equipment to break through networks using a 12-year-old security algorithm — Wired Equivalent Privacy, or WEP protection.

Right out of a Mission Impossible movie these burglars hacked wireless networks and stole employee and client data. Their burglaries involved stealing laptops they used those laptops to crack payroll accounts and steal banking information. Once they turned the data into cash they turned the cash into prepaid debit cards.

Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.

Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious security vulnerabilities researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.

Small businesses would fare much better if they also installed a monitored security alarm system with cameras. It’s not enough to lock doors especially if there is thousands of dollars in technology waiting for a burglar to take it.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

5 Smart and Safe eBay Shopper Tips

/in /by

Shopping is for people with time and money. When I am a consumer, it’s because I need something, and not necessarily the biggest or the best something. I need something practical, safe, and smart. eBay allows consumers to search for exactly what they need, and can be a great place to find hard-to-get items.

Overall, eBay can be a good experience if you know what you are doing. But take it from me: knowing what you are doing takes time and focus. Don’t just jump on eBay and whip out your credit card. You may get burnt in more ways than one.

1. Avoid scams by looking at the sellers’ feedback ratings. A rating of one indicates that the seller is either a “newbie” or a criminal. Certainly, we all have to start somewhere. But personally, I draw the line at sellers with a feedback rating of at least 15, and I still check to see what they’ve bought and sold. If they’ve bought or sold 15 items at $1 each, that’s a red flag. Sellers with higher ratings are generally experienced professionals.

2. Search deeply before bidding. Check to see if the same item is available from a different seller, how the “Buy Now” price varies, and how much others are bidding. The highest bid may be much lower than the “Buy Now” price. Consider how much time is left to bid to help determine what the final sale price may be.

3. Walk before you run. If there are plenty of the item you want available but prices are all over the place, sit back and “Watch” a few to see where the final sales prices end up.

4. Set up alerts. I set up eBay alerts for any items I’m looking for. I receive messages with all the current items for sale, and then only the new ones being listed on eBay each day. This allows me to effectively manage my purchasing.

5. Use Auction Sniper. I never bid on eBay. The more your presence is known the more opportunities there are for criminals to contact you. Protect your identity with Auction Sniper, you bid anonymously the absolute highest dollar amount you’re willing to spend on that item, and walk away. Auction Sniper will snipe the bid for you in the last five seconds while people wonder where the heck you came from.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

McAfee Mobile Security Delivers at Mobile World Congress

/in /by

In Barcelona, Spain on Feb. 27, 2012 McAfee unveils its series of technology advancements that deliver upon its vision of providing comprehensive mobile security and privacy protection for devices, data and apps. McAfee® Enterprise Mobility Management (EMM™) 10.0, available now, includes significant security updates for enterprise customers to enable ‘bring your own device’ practices in the enterprise. With EMM 10.0, IT professionals will have improved control to identify, secure, and assign policies to both employee- and business-owned smartphones and tablets.

The concern for IT professionals is “BYOD” (Bring Your Own Device) which has become widely adopted to refer to mobile workers bringing their own mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity. Today, many consumers expect to be able to use personal smartphones and mobile devices at work, which is an IT concern. Many corporations that allow employees to use their own mobile devices at work implement a “BYOD policy” to help IT better manage these devices and ensure network security.”

Expanded Data Security, Application Security and Ease of Administration

McAfee EMM software gives enterprises the ability to offer their employees mobile device choice, while delivering secure and easy access to mobile corporate applications. New features and functionality include:

Expanded Data Security: Email “Sandboxing” for iOS and an integrated Secure Container for Android, available by Q2

Enhanced Application Security: Application Blacklisting for Android and iOS allows the administrator to define a set of applications and block access.

Ease of Administration: Bulk provisioning for Android and iOS

 Enhanced Protection for Consumers

McAfee® Mobile Security 2.0 for consumers, which offers an all-encompassing approach to mobile security and protects a user’s privacy when using smartphones and Android tablets. McAfee Mobile Security combines powerful anti-theft, antivirus, call and SMS filtering, web and app protection. It was also recently awarded with the LAPTOP Magazine Editors’ Choice award for best mobile security app.

McAfee can also be seen the week of Feb. 27 at Mobile World Congress in Barcelona, Spain at the Intel stand in Hall 8 B197 and at the RSA Conference in San Francisco, CA at McAfee booth #1117 or Intel booth #1324. Be sure if you are attending Mobile World Congress to stop by for a chance to win a Samsung Galaxy Tab!

 

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Identity Fraud: Stolen Puerto Rican IDs Filter In The Workplace

/in /by

In the U.S. identity brokers allegedly sold Social Security cards and corresponding Puerto Rico birth certificates for prices ranging from $700 to $2,500 per set, since it can be used to hide illegal immigrants and gain employment. Puerto Rican stolen identities have surfaced in workplace immigration raids all over the country. “Birth certificates have become legal tender,” said Puerto Rico’s secretary of state.

Fifty individuals were recently charged in an indictment unsealed in Puerto Rico with conspiracy to commit identityfraud in connection with their alleged roles in a scheme to traffic the identities of Puerto Rican U.S. citizens and corresponding identity documents. The charges are the result of an extensive identity theft investigation led by U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), in partnership with other federal, state and local law enforcement agencies.

According to the indictment, from at least April 2009 to December 2011, conspirators in 15 states and Puerto Rico, a U.S. territory, trafficked the identities of Puerto Rican U.S. citizens, corresponding Social Security cards, Puerto Rico birth certificates and other identification documents to undocumented aliens and others residing in the United States.

Businesses hiring illegal immigrants with stolen IDs face possible insider fraud among other legal and liability issues.  One way too effectively vet whether the person being hired is who they say they are, regardless of what documentation they produce is to pull their credit report. Often a credit report will have current and previous addresses. If the job candidate can’t tell you the last few places they lived that’s a red flag. You can also ask them various “knowledge based questions”. The credit report might also help the employer to track down a current phone number and simply call the person whose identity is associated with the credit report.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Protecting Your Customer Data from Hackers

/in /by

Criminal hackers hack for fun, fame, revenge, trade secrets, or terror, but mostly they hack for financial gain. According to a data breach study, based on 75 incidents in the second half of 2010, 13% of web hacking cases involved leaked client data leading to financial fraud. (The top two reasons hackers attacked websites were site defacement at 15% and site downtime at 33%.)

Once customer information is hacked, it can be used to open new accounts or to take over existing accounts. It often takes only a few hackers to crack a system containing millions of customerrecords. These thieves will then broker and sell the information to other hackers.

The victims find and repair the vulnerabilities in their systems, but the damage has already been done. The individuals whose data has been compromised face an uphill, ongoing battle to protect themselves from financial fraud.

Protecting small business customer data starts with network securitybasics including:

Software: Antivirus, antiphishing, antispyware. Total protection “all access” suites of protection and full disk encryption

Hardware: Routers, firewall security appliances

Physical security: Commercial grade solid core doors, security alarm systems, security cameras.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing  ADT Pulse on Fox News. Disclosures

 

SXSWi Sneak-Peek: First Look At Gemalto’s Mobile Idea/Next Lounge

/in /by

South by Southwest Interactive (SXSWi), March 9-13, 2012 in Austin, Texas is an incubator of cutting-edge technologies. The event features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable line up of special programs showcasing the best new websites, video games, and startup ideas the community has to offer. From hands-on training to big-picture analysis of the future, SXSW Interactive has become the place to experience a preview of what is unfolding in the world of technology.

Gemalto, a digital security leader, will be hosting the Mobile IDEA/NEXT Lounge on the 6th floor of the Hilton throughout SXSW Interactive. The lounge will serve as a hub for those attendees interested in learning, engaging, and sharing in discussions around all aspects of mobility—from the mobile phone to the cloud—and the digital security solutions they necessitate.

There will be a ton of talks and events happening each day in the IDEA/NEXT Lounge. From daily talks and influencer podcasts to daily happy hour panel discussions, the Lounge will be a hub of activity. Even with all that planned, Gemalto wants to hear from SXSW Interactive attendees. Feedback can be sent via Twitter to @JustAskGemalto or @Gemalto_NA.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures