DoorDash Admits 4.9 Million Affected by Data Breach

DoorDash has admitted that it has been the victim of a data breach, which has affected about 4.9 million merchants and people.

In a recent blog post, DoorDash announced that it noticed some odd activity early in September from a third-party service. After looking into it, the company found that an unauthorized third party was accessing user data from DoorDash on May 4, 2019. DoorDash immediately took steps to stop any future access and to improve security.

Those who were affected by this breach joined DoorDash on April 5, 2018 or before. Those who joined after that specific date were not part of this breach. The company said it will contact those customers who were affected.

This breach involved data including email addresses, names, order history, delivery addresses, phone numbers, and encrypted passwords. In some situations, bank account numbers and the last four digits of payment cards were also released. Additionally, the driver’s license numbers of approximately 100,000 delivery people were accessed. Bank account information and full payment card numbers were not compromised.

This data is called PII or Personal Identifying Information that could be used to open new accounts, take over existing or “socially engineer” you. Going forward, as with all data breaches be on the lookout for scammy emails and phone calls. Be suspect every time the phone rings and make sure unless you are 100% sure, you aren’t clicking links in emails even if you recognize the sender.

DoorDash also said that it has added additional layers of security in order to protect the data of its customers, and it has improved the protocols that are used to get access to this data. The company has also told customers that it is a smart idea to change their passwords, even if they were not affected.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

YouTube’s Spoon Feeding Pedophiles Kids Home Videos

YouTube uses a recommendation algorithm to help people view things they’d like to see. Recently, the algorithm seemingly encouraged pedophiles (YouTube would have no way of knowing this) to watch videos of children playing at home, videos that the family members uploaded.

safr.me

Do your kids make digital purchases with you money?

A report from the New York Times detailed how YouTube had been exploiting minor children through the automated recommendation system. According to the report, researchers at the Berkman Klein Center for Internet and Society at Harvard were studying the influence of YouTube in Brazil. This was when they noticed the alarming issue. The experiment used a server, which followed YouTube recommendations a thousand or more times, which build a map of sorts in the process. The map is designed to show how YouTube users are guided as to what they may want to watch.

During the experiment, recommendations stemmed from sexually-themed videos, which is when researchers noticed that the system showed videos that were extreme or bizarre, placing more emphasis on youth. In some cases, a video of females discussing sex led to videos of women breastfeeding or wearing just underwear. Many times, the women mentioned their ages, which ranged from 19 to 16 years old.

Deeper into the experiment, YouTube started recommending videos where adults wore children’s clothing or solicited payment from ‘sugar daddies.’

With such softcore fetish recommendations already being showed, YouTube showed videos of children who weren’t fully clothed, many of them in Latin America or Eastern Europe.

These videos were usually home videos that had been uploaded by their parents. Many times, parents want to easily share videos and pictures of their children with family and friends. However, YouTube’s algorithm can learn that people who view sexually-exploited children want to see these family videos and may recommend them without knowledge.

One mother, Christine C., was interviewed by the Times about her 10-year-old child. The child uploaded a harmless video of her and a friend playing in the pool. The video was viewed over 400,000 times in just a few days. The mother said that her daughter was excited about the view count, which alerted Christine that something was amiss.

This is just one of many incidents that unfolded after YouTube publicly confronted its issues with pedophilia earlier in 2019. Back in February, YouTube had to disable comments on minor children’s videos because pedophiles were reportedly commenting on the videos in ways to signal other predators.

Studies have shown that the recommendation system on YouTube can create a rabbit-hole effect where the algorithm recommends more extreme content as time goes on. The company denied that reality or skirted the topic. However, in May, Neal Mohan, the chief product officer at YouTube, said that extreme content doesn’t drive more engagement or watch time than other content options.

YouTube hasn’t made many comments about the recommendation system or that it creates the rabbit hole effect. Instead, journalists and reporters are referred to a particular blog that explains how the company focuses on protecting minors and that its videos don’t violate any policies and are posted innocently.

The announcement also focuses on the recent steps taken by YouTube to disable comments for videos that feature or are uploaded by minors. Minors are also going to be restricted so that they cannot live-stream unless a parent is on the video. Along with such, the company plans to stop recommending videos that depict minors in risky situations.

Researchers believe that it would be best to block children’s videos or videos depicting children and not allow those videos in the recommendation system at all. However, YouTube reported to the Times that it doesn’t plan to do that because the automated system is one of the largest traffic drivers and could harm creators.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Gift Cards: The Newest Scam that You Should Be Aware of

Hackers are making a lot of money thanks to phishing attacks these days, and now they are also focusing on gift card scams. One of the most notorious scam groups, Scarlet Widow, which is out of Nigeria, has been boosting its efforts to scam people with gift cards since 2015. This group generally focuses on people in the UK and US and also is known for tax scams, romance scams, and rental cons.

Are you at risk of getting scammed by Scarlet Widow? The group generally focuses on medium to large US businesses and nonprofits including the United Way, Boy Scouts of American, and YMCA chapter. The scammers send emails to employees of these organizations, and though most people understand that the emails are, indeed, scams, it only takes one person to put your organization at risk.

The Targets

From November 2017 to the present, Scarlet Widow has targeted thousands of nonprofits and individuals. It also targets the education industry and tax industry. Scarlet Widow only succeeds by getting access to these organizations’ email accounts. They might put malware in the emails or use malicious phishing links. Either way, eventually, these people are going to be able to scam the organizations.

The Scam

Though traditional phishing scams work for Scarlet Widow, it is really focusing on the gift card scam these days. In October 2018, more than a quarter of people who have been scammed during the year said that they were victims of a gift card scam. Scammers love these because they can get the cash quickly, they can be anonymous, and it’s very difficult to reverse. All the scammers have to do is convince someone to buy a gift card, then send them a photo, and they can take the money that is on there.

Scarlet Widow generally focuses on Google Play and iTunes gift cards, but other scammers will ask for cards from places like Target, Walgreens, or CVS. You might think it sounds strange that these people could con others into paying for business services with gift cards but remember…these scammers are experts at manipulation. They will certainly come up with some story with a sense of urgency, and people fall for it all of the time. For instance, there was an administrator in Australia who sent a scammer $1,800 in iTunes gift cards. The email she got seemed as if it was from the head of the finance department, so she believed it was legitimate. However, it was just a scammer.

A security awareness training financial advisor client of mine was conned too. Actually it was his assistant. She received an email that looked like it was coming from him requesting 5 $500.00 Apple gift cards to send to their top 5 clients. She went right out to Walgreens, bought 5 cards and the instructions were to scratch off back to reveal the codes and email pictures of the cards and codes back to him. Which she did. And then the scammers disappeared.

Though there are limitations to scammers using gift cards, these nefarious groups will use any method they can think of to get more money funneling in. So, if you ever get a request from a contractor or organization leader asking for a gift card, use an extreme amount of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Medical Identity Theft: 12 Million Patients Breached

Quest Diagnostics is a US-based company that provides medical testing services, and announced that it used third-party billing collection companies that were hit by a severe data breach. In fact, about 11.9 million Quest customers were affected.

The compromised information could include personal data of the patients, including Social Security numbers, as well as medical and financial information. However, laboratory test results aren’t included in the breach.

What Happened?

The AMCA (American Medical Collection Agency) is a billing collection service provider and informed Quest Diagnostics that it had an unauthorized user who gained access to the AMCA system, which contained personal information that AMCA got from a variety of entities, including Quest. AMCA provides its collections services to Optum360, which is a Quest contractor. Both Optum360 and Quest are working with experts to investigate the issue.

The company also noted that it still doesn’t have much information about the data security incident at AMCA, and it doesn’t know for sure what data was compromised. However, the company no longer sends its collection requests to AMCA and won’t do so until the issue is resolved.

Quest filed an SEC filing, which revealed that the attackers gained access to the AMCA system between August 2018 and March 2019.

According to one data breach website, Gemini Advisory analysts first discovered the breach. The analysts noticed a CNP (Card Not Present) database, which had posted for sale on the dark web’s market. It figured out the data could have been stolen through the AMCA online portal. Gemini Advisory attempted to contact AMCA but received no response, so it contacted the US federal law enforcement agency.

A spokesperson for AMCA says that, upon receiving the information that there was a possible data breach from a compliance company that worked with other credit card companies, it conducted an internal investigation and took down its payments page online. The company also said it was investigating the breach with the help of an unnamed third-party forensics company.

The Quest breach targeted primarily financial data with personal information (SSNs). That kind of information is significantly more lucrative than health information, which isn’t really marketable by criminals, at least not yet. The financial information disclosed was comprehensive and included bank accounts and credit card numbers. Therefore, victims could get their identities stolen and have financial transactions completed in their name.

Users of the website or the company need to get a credit freeze and monitor their bank accounts and credit cards for any unusual activity and might want to freeze their credit reports so that no new credit lines can be taken out in their name.

Action needs to be taken now to freeze your information with the credit bureau and warn the credit bureaus that your financial information might have been compromised. Along with such, financial institutions usually have programs available to take corrective action, which can prevent your credit card or account from being used without permission if your account has been compromised.

The issue is that insurance and healthcare information doesn’t have such a centralized process, which makes it extremely tough to prevent the use of this information from someone who doesn’t have permission to use it.

The Cybersecurity evangelist of Thales, Jason Hart, chimed in with the fact that multi-factor encryption and authentication of the collected data might have saved the companies and victims from having problems.

The VP of innovation and global strategy at ForgeRock, Ben Goodman, noted that this is the second known breach for Quest in just three short years. As a public company, it could lead to a variety of serious repercussions with respect to brand reputation, shareholder trust, and stock prices. He also said that the exposed data might result in litigation. When First American Financial Corporation was breached, it took just a few days for the company to get hit with a class-action lawsuit when it exposed 885 million documents full of sensitive information just last week.

The CISO and Senior Director for Shared Assessments, Tom Garrubba, wants to see just how quickly the Office of Civil Rights (an overseer of HIPAA compliance), rushes in to get information about the breach and to determine if any negligence was there and if Quest is to blame (partially or fully).

Through the HIPAA Omnibus Rule, business associates must handle any data with the care provided to covered entities (outsourcers). Those business associates have to provide due diligence to the covered entity.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon.com author, CEO of Safr.Me, and the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

First American Financial Exposes 885 Million Mortgage Documents

Approximately 885 million digital documents have been exposed from mortgage deals that date back to 2003. First American Financial Corp is a provider of title insurance, as well as other services for the mortgage and real estate industries, and it allowed millions of records to be exposed according to one report.

The exposure is likely to put a variety of bank account statements and account numbers at risk, as well as Social Security numbers, tax records, wire transaction receipts, mortgage records, and driver’s license images. All of this information could be read through a web browser without getting authentication from anyone.

First American Financial Corp first learned of its designed defect on May 24 when one of the production applications made it possible for people to gain unauthorized access of its customer data. This information was provided to USA TODAY by the company in a written statement. It also said that privacy, security, and confidentiality are the top priorities for the company, and it is committed to protecting the information of its customers.

The statement also added that First American Financial Corp took action immediately to address the full situation and shut down the external access option for the application. It is currently evaluating the effects of the situation and if any issues were relating to customer information security. It also mentions that it hired an outsourced and unbiased forensic firm to ensure that there has been no unauthorized and meaningful access to its customer data.

Brian Krebs wrote the report and claims that he was contacted by Ben Shoval, a Washington state real estate professional, who said that he’d had no luck getting any response from the company about what he found out, which was that portions of its website had leaked hundreds of millions of customer records.

The initial report by Krebs claimed that Shoval learned that anyone that knew the URL for any valid document on the website could also view other documents by just modifying one or two digits in the link. Krebs then chose to confirm the findings of the real estate developer. He used to be a reporter for the Washington Post and was the first to report about another high-profile data breach because he determined that millions and millions of Facebook users had account passwords that were stored in plain-text format, which could be searched by over 20,000 Facebook employees.

Regardless of past reports, Kreb claims that this exposure issue is one of the worst he has seen because there are just so many individuals involved. Anyone who has ever gotten a document link by First American Financial Corp via email is likely to be a victim in this breach.

The chief data scientist from Rapid7 Labs, Bob Rudis, claims that this exposure is severe for First American, but it also highlights the need for a more comprehensive approach to securing the network and systems, especially for areas that house highly sensitive information.

He also says that anti-malware products, firewalls, and other security controls aren’t enough to reduce that unwanted exposure. Organizations need to think like a cyber-attacker to help them identify any areas of weakness before cybercriminals do it themselves.

The Director of Solution Engineering at CipherCloud, Tyler Owen, says that there has been a gross negligence by First American Financial Corp. He believes that everyone in the info security industry has become numb to these breaches and disclosures because they happen more and more frequently (about once a week). Regardless of the negative impacts and bad press for the company, organizations just aren’t putting enough emphasis on secure processes and data security.

The victims here are primarily the people who have had their data exposed because they have little to no recourse available to them.

The problem is that there is no information about who accessed the files over time, and no one has any concrete information about the misuse of the data because of the temporal exposure. It’s almost impossible to determine who leaked the information, who had access to it, who accessed it, and what they did with that ill-gotten information. If it were to, say, end up being sold on the dark web market, it might generate a lead, but nothing has surfaced so far.

If you believe you were part of the data breach, you should monitor your credit report and look for signs that someone has used your credit card without your permission. You can also freeze your credit report so that no new credit applications can be opened. Your financial organization is likely to have tools available to help you; utilize those tools to ensure that there is no activity on your accounts without your knowledge. It’s also helpful to listen for whatever information First American provides about the matter. That way, you’re well aware of something going amiss and can talk to the right people to seek restitution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon.com author, CEO of Safr.Me, and the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Two Common Government Employee Impersonation Scams: What to Watch For

One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.

All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.

How the Scams Work

These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.

To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.

The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.

Recognizing an IRS Scam

There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.

The IRS will NEVER:

  • Threaten to bring in local police for not paying your tax bill
  • Ask you to pay via a gift card or wire transfer
  • Demand that taxes are paid without question or the opportunity to appeal
  • Ask for debit or credit card numbers over the phone
  • Call about an unexpected refund
  • Call to collect money without first sending a tax bill

If you get a call from the “IRS” asking for any of this, hang up.

There are Social Security Administration Scams Out There, Too

The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.

Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.

One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.

Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.

You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.

There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.

Here’s some of the details about these scams that you need to know:

  • Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.
  • The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.
  • The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.

Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mass Shootings: Driven by Evil or a Desire for Celebrity Status?

If all a gunman, who opened fire and randomly killed nine people, wanted was 15 minutes of fame, he could have achieved this running naked into the field at a major league baseball game.

At least one criminologist believes that the driving force behind mass shootings is a desire for celebrity status. According to Adam Lankford, a criminologist at the University of Alabama, they want to be famous.

But this theory has holes. You don’t have to kill people to be famous, and since when are murderers treated like celebrities? Since when does celebrity treatment include prison food?

If it all came down to wanting to be famous, then why do these mass murderers always have troubled pasts, particularly a history of being victimized by bullying?

However, many criminologists do believe that most shooters are seeking infamy – even though, certainly, anyone who’s planning a shooting spree knows there’s a good chance they’ll get killed in the process – in which case, they won’t be alive to revel in their infamy.

In an attempt to prevent future mass shootings, the media has decided not to mention the killers’ names more than once, such as with the 2012 movie theatre slaughter in Colorado and the 2017 Las Vegas concert massacre.

This tactic has proved futile, given the shootings that occurred the first week of August 2019 in El Paso, Texas and Dayton, Ohio, plus many additional (smaller) shootings since 2012 and even 2017.

Nevertheless, supposedly the Sandy Hook Elementary School shooter kept a journal detailing decades of mass shooting events.

If a man has suffered a corrupt childhood and is seething with hatred towards people, feels no hope for his future and knows how to get an AK-47, or AR-15, do you really think that he cares whether or not his name is mentioned after a killing spree?

Sure, he’d like to gain a lot of notoriety – as long as he’s going to commit the deed. But notoriety isn’t the reason he wants to kill people.

Are killers born or made via childhood environment?

These killers may have come from “privileged backgrounds,” but a big house, a swimming pool in its backyard and tennis lessons can still be part of a childhood environment that’s conducive to creating a soulless, evil person who hates humans so much that he one day decides to shoot into a crowd.

We can argue till the cows come home whether or not years of bullying led to the Columbine massacre, or if while growing up El Paso murderer Patrick Crusius frequently heard his father rant that Mexicans didn’t deserve to live.

But at the end of the day, it really makes no sense that wanting to hear your name on CNN would make a well-adjusted man go on a homicidal rampage.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Woman Murdered after Man Tricks Her with Lost Puppy Ruse

This entire post is brutal and for some, hard to read. But if there is a woman or girl in your life that might benefit from being freaked out, read it, forward and share it.

We’ve all heard about the man approaching a child, showing her a picture of his “lost” puppy, asking the child to help him look for “Truman” or “Roxie.” The child goes off with the predator – never again seen alive.

You’d think that no ADULT could ever fall for this scheme. But at least one woman, 36, did. Now maybe Kimra Riley, mother of a toddler, had never heard of the lost puppy ruse.

But according to ID Channel’s “Swamp Murders: A Dark Place to Die,” there were several blaring red flags that Rodney O’Neal Hocker was a predator.

  • Take note of these red flags.
  • Teach them to your kids.
  • Teach them to YOURSELF!

In March 1996, Kimra’s decomposed body was discovered near the shore of the Tennessee River after being reported missing two months prior. Tied to the body were bricks. An autopsy revealed that she had been alive when forced into the water; she had drowned.

Lost Puppy Trick

The docudrama depicts Kimra telling her boyfriend she was headed to the Bama Club to meet a female friend. There, she ran into Rodney, who recognized her as his server at a diner several days prior.

After small-talk, he asked if she wanted to see his puppy which was in his truck outside.

  • RED FLAG: What adult asks a stranger in a building to come outside to see his puppy?
  • When in doubt: Ask yourself if it’s easy to imagine the man asking another man if he’d like to see this puppy!
  • What to do: Tell the stranger to bring the puppy inside “so everyone can see it.”

Kimra went to the parking lot with Rodney. Rodney, 27, said the puppy had escaped the back of his pickup truck. He asked if she’d like to get in his vehicle to help look for the alleged yellow lab.

  • RED FLAG: The man immediately wants to drive around to search for the puppy. If a puppy jumps out of a parked vehicle, the first place to look is the parking lot, on foot! A puppy won’t get far!
  • What to do: Run back inside the building. Never mind hurting the stranger’s feelings.

Once Kimra was in the truck, her fate was sealed. He stopped the vehicle, came onto her; she resisted. The investigation determined he had rammed her head into the windshield, incapacitating her. Sexual assault was suspected because her body had on only a shirt, but was too decomposed for a rape kit.

If You Love Puppies…

  • Don’t ever go off with ANYONE to see an unseen
  • Tell the suspicious individual that you get enough puppy fixes with your neighbors’ dogs.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Another Rideshare Rape is an Epidemic

Women should never take a ride from a stranger because it’s dangerous – unless she’s paying the driver???

Wrong, of course. Uber and Lyft drivers provide paid rides to strangers as requested via the Uber and Lyft apps.

As of August 2018 WhosDrivingyou.org tallied the number at almost 400 rapes and probably stopped recording the sexual assaults because it has become so common. A quick Google search for “rideshare rape” pulls almost 7K results.

YeT another rideshare rape allegedly happened this week when an intoxicated woman was overcome by her driver. And before you blame the victim, JUST SHUT UP.

Almost the Perfect Crime

  • The predator has no problem getting a woman into his vehicle.
  • There’s an easy explanation for her DNA in the vehicle: the ride service.
  • She might be intoxicated, which is a common reason for hiring a rideshare service, and intoxication means vulnerability and lack of credibility.

Has the rideshare industry created a monster?

What makes rape even easier to get away with is if the passenger passes out from intoxication.

But by no means does this mean a predator should feel confident he could get away with his crime, such as Uber driver John David Sanchez, who got 80 years for ride-related sex crimes.

A CNN investigation revealed that at least 31 Uber drivers have been convicted of crimes such as rape as well as forcible touching.

On the other hand, CNN reported the case of an Uber driver who was accused by his fare of sexual assault. He claimed it was consensual; the charges were dropped.

CNN also reported that many of the women who were sexually assaulted by the over 100 accused drivers had been drinking or were drunk at the time of the alleged crimes.

A similar investigation of Lyft by CNN also revealed numerous sexual assault accusations.

What can a woman do?

  • Use Uber, Lyft (or a taxi service) only as a last resort, i.e., you can’t find someone you know to transport you.
  • Make sure you’re not impaired by any substances. This is a two-edged sword because an impaired person should not drive, either. If you’re convinced ahead of time you’ll be impaired, then arrange for a trusted friend to drive you home. If you can’t find someone, then reconsider your plan on getting wasted; is it worth it?
  • Arrange to use rideshare services with a companion.
  • Hire only female drivers.
  • Under no circumstances let a driver into your home.
  • Make sure your phone has a one-touch emergency alert button that will activate first responders who can home in on your location.

Don’t assume that just because someone works for Uber or Lyft that they’re safe. Though these companies do background checks, you have to consider that some predators have a clean record because they haven’t been caught (yet).

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

6 More Places to Put Your Identity on Lock Down

If you have been thinking about a credit freeze, you probably should know that the process is designed so that a creditor cannot see your credit report unless you specifically allow it. This process blocks any potential creditors from viewing or pulling your file, which makes it much more difficult for an identity thief to apply for new credit using your name or information. For links to freeze your credit at the 3 major bureaus go to How to Freeze My Credit.  However, there have been reports of people complaining of having accounts opened in their name while having credit freezes. So, if you already have a credit freeze at Experian, Trans Union, and Equifax, you also might want to consider freezing at the following companies, too:

Innovis Credit Freeze

Innovis is the 4th credit bureau you need to freeze with. The process is similar to the big three and its free. Go here to freeze your Innovis Credit Freeze.

National Consumer Telecommunications and Utilities Exchange or NCTUE

One place you should contact to freeze your credit through is the National Consumer Telecommunications and Utilities Exchange, or NCTUE. Many mobile phone companies, for instance, get credit inquiries done through this organization, so hackers can still open mobile phone accounts in your name, even if your credit is locked down elsewhere via the 3 major bureaus.

In general, only mobile phone companies use NCTUE, but there are other companies, like water, power, and cable companies that also use it. You can contact NCTUE to freeze your credit by calling them and giving them your Social Security number. You will also have to verify a few other details, but the system is automated, so it’s very easy. If the system can verify your identity, your credit report through this organization will be frozen. You can also get your NCTUE credit report and risk score by calling their 800-number 1-866-349-5355 or try to do it online here NCTUE Freeze but some say this links form doesn’t work well.

ChexSystems

You should also place a security alert with ChexSystems. This is a system that is used by banks to verify the worthiness of customers who are requesting new savings and checking accounts. When you request a freeze through this organization, it is only applied to your ChexSystems consumer report. If you want to freeze your credit at other companies, you must do it directly through them. For ChexSystems, you can do it here: ChexSystems Security Freeze.

Opt-Out Prescreen

You can additionally opt out of any pre-approved credit offers by calling 1-888-5-OPT-OUT or you can go online and visit the website Optoutprescreen.com.

myE-Verify Self-Lock via the Department of Homeland Security

The fourth organization you should freeze your credit with is called Self Lockvia the Department of Homeland Security. This freeze helps to protect you from any employment-related fraud. When you lock your Social Security number through this tool, it will stop anyone from using your Social Security number to get a job, which is another scam. If a Social Security number that has been locked is entered into the system, it will result in a mismatch, which will flag the number as fake. It’s easy to lock and unlock your identity through Self Lock, and each time you do it, it remains locked for a year. Once that year is over, you can choose to renew the lock, too. You can learn more online at the Self-Lock Freeze.

Social Security Administration

Finally, if you want to prevent any type of Social Security fraud, you should set up an account at the Social Security Administration. There are a number of Social Security scams designed to siphon your benefits or sensitive information. Your telephone may ring followed by and automated message saying your Social Security number has been “suspended” because of some suspicious activity or be threatened with arrest if you don’t call the telephone number provided in the automated message. Simply by setting up the account you can prevent someone else from setting it up as you and posting as you. Also you can check in with then SSA should you received any calls, emails or mail to determine the communications legitimacy. You can do it online,Social Security Administration Set-up.

Here’s your Freeze to-do checklist.

  1. NCTUE Freeze
  2. ChexSystems Security Freeze.
  3. com.
  4. Self-Lock Freeze.
  5. Social Security Administration Set-up
  6. How to Freeze My Credit.
  7. Innovis Credit Freeze.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.