Frequently Asked Questions About Identity Theft

I remember my teachers always telling me there are no stupid questions. When it comes to identity theft, this is especially true. The more you know about identity theft, the better prepared you will be to prevent it from happening to you. Here are some commonly asked questions about identity theft.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813What is identity theft?

Identity theft is when a person pretends to be you to access money, credit, medical care, and other benefits. They acquire your identity by stealing and using your personal information like government ID number or bank account number. Once they have this information, identity thieves can really wreak havoc on your life; for example, they can clear out your bank account. They can also impersonate you in order to get a job or commit a crime. It can take a long time to clean up the mess.

Does identity theft only have to do with stealing money or credit?

No, financial identity theft, using your personal information to access your money or credit, is not the only type of identity theft, although it is the most common. There are other kinds of identity theft identity theft. Medical identity theft is when someone uses your information to receive medical care. Criminal identity theft is when someone takes over your identity and assumes it as his or her own. They can then give your name to law enforcement officers and voilà—you have a criminal record.

What are some things I can do to protect my identity online?

  • Be choosy. Be careful when sharing personal information online. Just because a website is asking for your information doesn’t mean it’s necessary to provide it to them. Ask who wants the information and why. Also, limit the amount of information you share on social media. Does everyone need to know the year you were born?
  • Think twice. Use caution when clicking on links and opening email attachments. If the link or attachment is from someone you don’t know, don’t open it.
  • Use secure Wi-Fi. When shopping or banking online, make sure you are using a secure wireless connection.
  • Permanently delete files from your PC. Putting your files in the recycle bin isn’t enough. Your device will still have the files and therefore, are accessible to identity thieves. Use security software, like McAfee LiveSafe™ service, that includes a digital shredder to make sure those files are truly wiped from your PC.
  • Install security software. Make sure all your devices have comprehensive security software like McAfee LiveSafe that protects all your PCs, Macs, tablets and smartphones.

What are things I can do to protect my identity offline?

  • Shred. Use a cross-cut shredding machine, or scissors to shred old credit card statements, offers, receipts, etc., to prevent dumpster divers from obtaining your information and creating accounts in your name.
  • Have a locked mailbox. This will keep thieves from stealing your mail, especially bank statements and credit card offers.
  • Secure your files. Get a fire-proof safe to store sensitive documents including credit cards you hardly use.
  • Keep an eye on your bank and credit card statements. Look for questionable activity.
  • Be careful when using ATMs. When you insert your ATM card into a compromised machine or run your credit card through a phony card reader, you could become a victim of skimming. Skimming is where a hacker illegally obtains information from the magnetic strip on the back of your credit or ATM card. This information can then be used to access your accounts or produce a fake credit card with your name and details on it.

How do I know if my identity has been stolen?

This list is not comprehensive but gives you a good idea on what to look out for.

  • You receive a bill for a credit card account that, though in your name, is not yours. This probably means a thief opened the account in your name.
  • You’re no longer receiving your usual snail mail or email statements. Contact the issuer to find out why.
  • Unfamiliar purchases on your credit card, even tiny ones (crooks often start out with small purchases, and then escalate). Challenge even a $4 purchase.
  • You receive a credit card or store card without having applied for one. If this happens, immediately contact the company.
  • Your credit report has suspicious information, like inquiries for credit that you didn’t make.
  • Collectors are calling you to collect payments you owe, but you owe nothing.
  • Your credit score is high (last time you checked), but you were denied credit for a loan or new credit card. A thief can easily ruin a credit rating.

If my identity is stolen, what should I do?

Finding out that your identity has been stolen can be stressful. First, take a deep breath then follow these initial steps.

  • Contact your local or national law enforcement agency. File a report that your identity has been stolen.
  • Call your bank and credit card companies. Notify them of fraudulent activity. They may be able to reimburse you for any money lost or close any unauthorized accounts.
  • Check with credit reference agencies. Ask them to set up a fraud alert. Also, check to see if anyone has tried to get credit using your name.
  • Keep records. Keep track of all conversations and paperwork, the more detailed the better. Organize your data into one centralized place. This can be used as evidence for your case and can help you resolve the mess that identity theft can create.

To learn more about how you can protect yourself from identity theft, check out the Intel Security Facebook page or follow @IntelSec_Home on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

7WBut, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software likeMcAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Sheriff’s office offers Home Security Tips

Here’s good advice from a sheriff’s office about how to protect your house.

1SBurglars and home invaders don’t give a flying hoot if you keep thinking, “It can’t happen to me and this is a safe neighborhood.” In fact, the issue isn’t how safe your neighborhood is or how watchful your neighbors are. The issue is how easy it is to simply break into your home.

Think of the other safety precautions you take daily even though the odds of an unfortunate outcome are very small, such as making sure you take your vitamins, or making sure not to miss brushing your teeth before bedtime. Yet you leave your garage door open because you think your neighborhood is safe? What the…?!

Keep your garage door closed. A threat may not be imminent, but any passer-by may actually be a thief scouting around to see who has the goods, and he sees some real goodies in your garage; he’ll make a note of your address for a later crime.

Don’t leave boxes that contained expensive items sticking out of garbage cans. Did you know that burglars love to see what’s poking out of garbage cans? Trash cans are the windows to the soul of your house.

Religious thumpers. Savvier burglars will go door to door pretending to represent a religion—they may even have a bible on hand—but their goal is to feel you out. I’m not suggesting that you shout at them to get lost and slam the door so hard that it shakes the frame. But if you present as wishy washy and unable to say “No thank you,” this tells the burglar you’re easy prey.  It’s better to talk through the door opposed to opening it.

Petition supporters. The burglar may be pretending to sell something or collect signatures for some strange petition.

Product sales. Another scam is for the burglar to name a date and time they’ll be back to deliver a product if you show an interest in it. They’re hoping you’ll say, “I won’t be home then; can you stop by another time?” The crook will be sure to show up at the time you won’t be home—to rob you cold.

Alarm company employee. If someone’s at your door claiming to be from your alarm company (if you have one), or some alarm company (if you don’t), this IS a ruse to find out if you have an alarm system that works—even if he’s wearing an outfit with the company’s name. Alarm companies don’t send people out in the field for unsolicited visits to homeowners.

Secure all entrances. Don’t just layer up the security of your front door. What about a porch door in the back? What about windows to your basement?

Makes sure valuables are not visible through your first-floor windows. This is another way thieves case houses.

Before leaving for out of town, contact the local police and request a vacation patrol check of your house. Be sure to indicate whether or not anyone is expected to be there such as someone to mow the lawn.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Can an App really act as a Bodyguard?

In the event of an attack, new smartphone applications can be used to send an alarm to a pre-chosen person. And the potential victims location can then be tracked.

1SDBut is this faster and more secure than a woman whipping out pepper spray and blasting a drunken buffoon who has her cornered in a parking garage at night?

No.

Apps meant for personal security are simply one layer of protection but in no way should be relied upon for personal protection. I mean, come on!!!! IT’S AN APP!!!!!!!

For the iPhone and Android, one such app is called STOP-ATTACK. This can be programmed to call 9-1-1. Once this app is activated it will record video and audio that gets sent to a cloud. This way, you’ll have evidence of who was on top of whom or if someone really did reach into their pocket and pull out a metallic-looking object.

The threatening person won’t even know he’s being recorded. STOP-ATTACK also has an alarm and light that, once triggered, might scare off the perpetrator. It can be activated without actually logging into your phone if your device normally requires a security code. You get all this for $3.99 per year.

Will STOP-ATTACK actually stop an attack? NO. The name is misleading.

Others are out there (e.g., StaySafe, Circle of 6, Panic and Guardly), but the bottom line is that there’s really no reason not to have one—even if you’re a big brute. Women concerned about assault represent one slice of the pie. Muggings over smartphones are getting more common, and often, victims are men.

Like with the can of mace, the potential victim needs to be prepared to handle the smartphone’s security feature very quickly, even slyly, before the perpetrator can grab it—whether he just wants the phone or wants to commit assault. So if the phone is in a woman’s purse while she’s walking around town alone past midnight, it does no good.

Nevertheless, an application like this adds a layer of security to the user. The user needs to insert some human factor into the equation when a threat arises. If a woman senses danger, and she must dig into the deep crevasses of her purse to locate her smartphone…she could have already bolted from danger or leveled a right hook into the would-be assailant’s temple. A trained woman can debilitate an attacker with proper training. But please, DO NOT rely on an app to protect you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Hackers for Hire both Good and Bad

Ever see those public bulletin boards with all the business cards on them? Don’t be surprised if you spot one that says “Hacker•for•Hire.” These are hackers who will, for a nice juicy fee, hack into your wife’s Facebook account to see if she’s cheating on you.

4DHowever, there’s at least one hackmaking site that matches hackers to clients who want to infiltrate a network for personal gain or even revenge. The site, Hacker’s List, is a good idea, certainly not the first of its kind; the site’s founders (who wish to remain anonymous) get a piece of the pie for each completed job. Kind of sounds like one of those freelance job sites where someone bids on a posted job. The client must put the payment in escrow prior to the job being carried out. This pretty much guarantees payment to the hacker.

The site began operation in November. Imagine the possibilities, like business people getting a complete list of their competitors’ clients, customers, prices and trade secrets. And yes, a college student could hire a hacker for changing a grade. Makes you kind of wish you were skilled at hacking; what a freaking easy way to make a lot of money.

Is a site like this legal? After all, cracking into someone’s personal or business account is illegal. The site has a lengthy terms of service that requires agreement from users, including agreeing not to use the service for illegal activity. The verdict isn’t out if Hacker’s List is an illegal enterprise, and further complicating this is that many of the job posters are probably outside the U.S.

Hacker’s List was carefully developed, and that includes the founders having sought legal counsel to make sure they don’t get in trouble.

Hiring hackers can easily occur beyond an organized website where jobs are posted and bid on. And there’s no sign of this industry slowing down. The line of demarcation between good hackers and bad is broad and blurry, beginning with legitimate businesses hiring hackers to analyze the companies’ networks for any vulnerabilities.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Password Security vulnerable to Trickery

There’s only one entrance to the house: a steel door two feet thick. If someone from the outside touched the door—even with a battering ram—they’ll get an electric shock. No bad guys could get through, right?

2DWell, suppose the bad guy tricks the homeowner into opening the door…and once open, the bad guy strangles the homeowner. Do you see what happened? All that security is worthless if the homeowner can be tricked. And the same goes for passwords. You can have the longest, strongest, most gibberish password around…but if you allow yourself to be skunked by a hacker…it’s over.

Think you can’t get skunked? A hacker could post a link to a “video” claiming it’s Taylor Swift with a 50 pound weight gain—anything to get you to click—and you end up downloading a virus to your computer.

Or maybe you get suckered into giving your credit card number and the three-digit code on its back to some site to “re-verify your credentials” because your account has been “compromised” – says an e-mail supposedly from the company you have the account with. Instead it’s a phony e-mail sent by a hacker.

Security begins by not falling for these ruses but also by not having crummy passwords.

First ask yourself if it’s super easy to remember any of your passwords. If it is, chances are, they contain actual names of people…or pets…in your life. If you have your pet and its name plastered all over your Facebook page, for instance…a hacker will figure that your password contains the name.

Another way to easily remember—and type—passwords is to use keyboard sequences. Maybe you use the same password for 14 accounts: 123kupkake. Is this easy for a hacker to crack? Depending on the level of sophistication of the hacker and the tools he possess, maybe. Imagine a hacker cracking this with his software. He’ll get into all your accounts if you have the same password.

There are many password manager services out there to help you create a strong, long password, though randomly hitting keys on your keyboard will produce the same result. But the password manager will grant you a single password to get into all your accounts, sparing you the drudgery of having to remember 14 long passwords of jumbled characters.

Another layer of security is to try to only register with online accounts that have two-factor authentication. For instance, see if your bank offers this (many actually don’t). Two-factor makes it next to impossible for someone to hack into your account.

Strong and long passwords—all different for all of your accounts; a password manager; two-factor authentication; and what else? Don’t be suckered into giving up your private information!

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Hacking Humans: How Cybercriminals Trick Their Victims

Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money.

11DThe fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a heck of a lot of people out there who are easily duped into giving over their money. I’m riled because many of these emails (we all get them) scream “SCAM!” because their subject lines are so ridiculous, not to mention the story of some befallen prince that’s in the message

I bet there’s a dozen phishing emails sitting in your junk folder right now. Unfortunately, a lot of these scam emails find their way into your inbox as well.

McAfee Labs™ has declared that there’s over 30 million URLS that may be of a malicious nature. Malicious websites are often associated with scammy emails—the email message lures you into clicking on a link to the phony website.

Clicking on the link may download a virus, or, it may take you to a phony website that’s made to look legitimate. And then on this phony site, you input sensitive information like your credit card number and password because you think the site really IS your bank’s site, or some other service that you have an account with.

6 ways hackers get inside your head:

  1. Threatening you to comply…or else. The “else” often being deactivation of their account (which the scammer has no idea you have, but he sent out so many emails with this threat that he knows that the law of numbers means he’ll snare some of you in his trap).
  2. Getting you to agree to do something because the hacker knows that in general, most people want to live up to their word. That “something,” of course, is some kind of computer task that will compromise security—totally unknown to you, of course.
  3. Pretending to be someone in authority. This could be the company CEO, the IRS or the manager of your bank.
  4. Providing you with something so that you feel obligated to return the favor.
  5. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances.
  6. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust.

In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams, ruses, motivations and then simply hit delete. Whenever in doubt, pick up the phone and call the sender to confirm the email is legit.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Attention Lenovo PC Owners: Something’s Fishy with Your Computer

Does your Lenovo computer have Superfish VisualDiscovery adware (a.k.a. spyware) installed? It’s possible if you purchased a Lenovo PC any time in September of 2014 and thereafter.

13DThis Superfish software intercepts the Lenovo user’s traffic so that the user sees ads displayed that reflect their browsing habits. The problem with this targeted advertising scheme is that it comes with a vulnerability that makes it easy for hackers to attack.

Superfish enables targeted advertising by installing what’s called a trusted root CA certificate.

Browser-based traffic that’s encrypted gets intercepted, unscrambled and recrypted to one’s browser by a man-in-the-middle attack. Due to the trusted root CA, the user’s browser will not show any warnings that there’s something very fishy going on (i.e., an attack).

The private key of the Superfish software can be easily recovered. This enables a hacker to produce certificates for any website that’s trusted by a system that has the Superfish adware installed.

The hacker can then replicate websites, or spoof them, without the user ever knowing it because the browser won’t know it. The type of attack is called SSL spoofing.

Many Lenovo users, hence, have the perspective of, “How DARE Lenovo preinstall this software?!” Lenovo has received harsh backlash and has claimed they’ve discontinued these installations. But this doesn’t reverse the vulnerability of the PCs that already have the adware.

To find out if your Lenovo has this adware, see if it has an HTTP GET request to superfish.aistcdn.com. And then if it does, uninstall it, along with the root CA certificate—don’t just uninstall the adware only; that certificate is what gets the hackers in.

The Microsoft Windows certificate store, and the Firefox and Thunderbird certificate stores, can guide you in managing and deleting certificates.

Right now, the best thing to do is head to this site: https://lastpass.com/superfish/ and then this site: https://filippo.io/Badfish/ to confirm your device doent have the superfish. If both check out OK, you’re good.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.