Protect your USPS Mail from Getting Stolen

USPSID stands for U.S. Postal Service Informed Delivery. It is a good thing to sign up for because it informs you of your expected deliveries.

But there’s a problem: Someone ELSE could pose as you and sign up for this service, getting your mail before you have a chance to.

In fact, it has already happened. Crooks have signed up as other address owners and collected their mail.

This can lead to credit card fraud if some of that mail includes new credit cards or credit card applications.

And what if the mail includes a check? The thief could find a way to get it cashed. What a thief could do with your mail is limited only by his or her imagination.

Krebsonsecurity.com reports that seven crooks in Michigan used the USPS to, not surprisingly, apply for credit cards via those applications that we all get.

Then they waited for the new cards to arrive. They knew just when they’d arrive, too, and planned to raid the owner’s mailbox on that date. Of course, the owners never even knew that the cards were applied for.

The crooks obtained the cards and spent a total of about $400,000. Needless to say, they didn’t bother stealing the bills.

Though a key on your mailbox will surely help, you can add an extra layer of protection by emailing eSafe@usps.gov to opt out of the service. This will prevent anyone from using it in your name.

KrebsOnSecurity reports that this email address may be inactive. So at least have your mailbox fashioned with a lock – even if you do get a response from that email address.

Another thing you can do is get a credit freeze, though this doesn’t guarantee 100 percent that a thief won’t be able to sign up your address with the USPS, but the freeze will prevent new credit cards being opened in your name.

What Else Can You Do?

  • Check your existing credit card statements every month for any odd or unfamiliar charges and report them immediately even if the amount is small.
  • Contact credit reporting agencies (Equifax, Experian and TransUnion) and sign up for alerts to any changes in your credit report.
  • Can’t be said enough: Get a locking mailbox, there’s simply too much sensitive information not to.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

 

How the FBI hacks You

In a recent Wired.com expose’, they expose how the FBI has been secretly hacking civilian computers for about 20 years, but thanks to Rule 41, their ability to hack has been expanded.

11DNevertheless, effective record keeping for these hacking incidents doesn’t exist. For instance, search warrants that permit hacking are issued using elusive language, and this makes it difficult to keep track of when the feds hack.

Also, it’s not required for the FBI to submit any reports to Congress that track the FBI’s court-sanctioned hacking incidents—which the FBI would rather term “remote access searches.”

So how do we know this then? Because every so often, bits of information are revealed in news stories and court cases.

Carnivore

  • Carnivore, a traffic sniffer, is the FBI’s first known remote access tool that Internet Service Providers allowed to get installed on network backbones in 1998.
  • This plan got out in 2000 when EarthLink wouldn’t let the FBI install Carnivore on its network.
  • A court case followed, and the name “Carnivore” certainly didn’t help the feds’ case.
  • Come 2005, Carnivore was replaced with commercial filters.

The FBI had an issue with encrypted data that it was taking. Thanks to the advent of keyloggers, this problem was solved, as the keylogger records keystrokes, capturing them before the encryption software does its job.

The Scarfo Case

  • In 1999 a government keystroke logger targeted Nicodemo Salvatore Scarfo, Jr., a mob boss who used encryption.
  • The remotely installed keylogger had not yet been developed at this time, so the FBI had to break into Scarfo’s office to install the keylogger on his computer, then break in again to retrieve it.
  • Scarfo argued that the FBI should have had a wiretap order, not just a search warrant, to do this.
  • The government, though, replied that the keylogger technology was classified.

Magic Lantern

  • The Scarfo case inspired the FBI to design custom hacking tools: enter Magic Lantern, a remotely installable keylogger that arrived in 2001.
  • This keylogger also could track browsing history, passwords and usernames.
  • It’s not known when the first time was that Magic Lantern was used.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Hacking 2015 and Beyond

2015 brings us no closer to putting the lid on hackers as any other year has. The crime of Criminal hacking will prove to be as big as ever in the new year. Here’s what we have to look forward too:

4DBank Card Breaches

There will always be the bank card thieves, being that stealing data from magnetic stripe cards is relatively easy to pull off and there are different ways to do so. This includes tampering with card swiping devices, then retrieving the stolen data later on when nobody’s around.

The U.S. is moving towards replacing the magnetic stripe with chip ‘n PIN technology, but this will take time and money. Another issue is poor implementation of this technology, which makes a hacker’s job easier. It will be a while before efficiently implemented Chip and PIN technology rules the U.S.; expect lots of more bank card breaches.

Nation-State Attacks

Governments hacking governments was big in 2014 and it’s expected to continue rising. Criminals engaging in this type of threat involve interference with encryption and gaining entry to systems via “back doors,” kind of like how a robber gets into one’s home by removing a screen in the back of the house. One of the tools to accomplish this cyber assault is called a RAT which is a form of malware, and it’s predicted that this tool will be used even more (among others) to invade government and private company networks.

Data Destruction

It’s incomprehensible to the average Joe or Jane how someone (usually a team, actually) could wipe out data on the other side of the world, but it’s happened, such as with computers in South Korea, Iran and Saudi Arabia.

And this was on a large scale: banks, media companies and oil companies. Even if all the data is backed up, there’s still the monumental issue of rebuilding systems. And it’s no picnic trying to make sure that the saved data doesn’t carry malware residue that can reinfect a rebuilt system.

Extortion

Special malware (ransomware) can block a user from accessing data or a corporation from accessing its system, until money is paid to the hacker. This happened to the Sony company (data was stolen but also deleted), but the motives aren’t crystal clear. A cyber extortion requires a skilled attack, and don’t be surprised if this happens to more big companies.

Critical Infrastructure

This type of hack hasn’t really occurred big-scale in the U.S. yet, but experts believe it’s only a matter of time before it does. Cyber criminals will carry out a critical infrastructure attack, infecting networks and gaining control of them, all designed to shut down electricity, disrupt communications and poison water among other disrupting activities.

Third-Party Breaches

A third-party breach means hacking into entity “A” to get to “B.” An example is Target: Hackers got into the HVAC company that Target was contracted with to access Target’s network. Bigger third-party breaches have occurred, and experts have no reason to believe they’ve stopped, even though tighter security has been implemented (and busted through by hackers, not surprisingly).

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Criminal Hackers Get to Momma and DaDa Via Children

Robert Siciliano Identity Theft Expert

I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits.

For the uninitiated Curious George is a little happy go lucky bumbling monkey that continually gets himself in a pickle. His curiosity almost kills the monkey in every episode. Thank heavens for “”The Man in the Yellow Hat” which is Georges keeper and occasional life saver. A 41 year old male knows this when he waits 38 years to spawn.

Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.

So here you are in your kitchen making a bunt cake. You continually glance over in amazement that a 3 year old, who cant color in the lines or spell or count above 20 or even tie her own shoes, but she can navigate through an inexhaustible gaming and learning website of PBSKids. She whacks away at the keyboard from morning till evening. So intensely she hacks that when it’s time to pull her away from the computer to maybe, ahh eat? She takes a fit because you caught her mid Sid The Science Kid.

Little do you know that while little miss Mitnick was tap tap tapping away, some frigging cheesebag was trying to rifle all your data via a Clifford The Big Red Dog JavaScript reliant puzzle.  Is there no shame? Boundaries? Apparently not.

It is not immediately evident how hackers compromised the site. They may have taken advantage of a known flaw and  exploited a SQL injection vulnerability.

Kids playing were met with a pop-up message requesting authentication to enter a username and password during a game. “But DaDa, I don’t know my words yet”.  From here, no matter what was entered they were directed to an error page that had malicious code. The JavaScript then loaded malware targeting flaws in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. If the affected computer was not up to date with all their critical security patches then they got the bug.

Lax security practices by consumers are giving scammers a base from which to launch attacks. USA Today reports IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily.

The key to identity theft protection and preventing your computer from becoming a zombie is to engage in every update for every browser, software and media player that you use, keeping your operating system updated and use anti-virus software such as McAfee Total Protection.

And if your 3 year old happens to engage a toothless criminal hacker from the Eastern Bloc and you haven’t been up to date, make sure you have a backup plan if your data is compromised.

1. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing soulless criminal hackers on Fox News

A ‘Whac-A-Mole’ Approach to Preventing Identity Theft

Robert Siciliano Identity Theft Expert

Computerworld illustrates the current state of information security by citing a childhood arcade game: “If you’ve ever played the silly, maddening game known as “Whac-A-Mole,” you know what futility feels like. As you smack one mole with the mallet, up pops another one. Their speed and number escalates as you flail away, trying to keep up. At some point, you realize there’s no hope of winning.” That’s why I hated that game. I was attracted to it at first, because, like Barney Rubbles’ son Bam Bam, I liked hitting stuff with blunt instruments. But that only takes you so far. To win, you need skill and precision.

In today’s world of cyber security and identity theft prevention, it isn’t enough to chase the next mole and whack it with another patch, or shred your own data and hope that someone doesn’t hack your cell phone company. You need to understand the problem and proactively implement a solution.

In the late 90’s and early 2000’s, hackers hacked for challenge, fun, and fame. It made them popular among other hackers. Soon after, consumers began spending more time online. They used their PCs to shop, bank, and manage personal affairs. Now, hackers aren’t just wreaking havoc, deleting files, or making IT administrators miserable, they’re also stealing proprietary data. Now, the real game is illegal financial gain. Hackers’ motivations have changed, which means that you need to change your perceptions of what a computer is, and how to operate it. It’s no longer something to just play Solitaire, or a play where you socialize with friends. Now, it’s a cash register to a hacker. It’s a bank. And it should be treated and respected like a vault.

  1. Run Windows Update, or it may also be labeled “Microsoft Update,” on your PC. If you have Windows XP, you want “Service Pack 3” installed. You can also go to “Control Panel” and then “Security Center” and turn on automatic updates, so Microsoft will install the latest security upgrades automatically. If you have Vista, the process is similar, but you want “Service Pack 1.”
  2. Install antivirus software. Most PCs come bundled with software that runs for free for up to a year. Once it expires, you need to renew the license. If you don’t, every day that your software isn’t updated provides more opportunity for criminal hackers to turn your PC into a zombie that sends viruses to other PCs or sends spam shilling Viagra.
  3. Install anti-spyware software. Most antivirus providers define spyware as a virus now. However, it’s still best to run a spyware removal program once a month or so, to ensure that your PC is rid of software that could allow a criminal hacker to remotely monitor your data, keystrokes, and the websites you visit.
  4. Use Firefox. Internet Explorer is clunky, and the most frequently hacked software that exists. Mozilla’s Firefox is more secure.
  5. Secure your wireless. If you’re running an unsecured wireless connection at your home or office, anyone can jump on the network and access your files from up to 500 feet away. Your router should have instructions on how to set up WEP or WPA security. WPA is better. If this is a foreign language to you, you should either hire someone, or ask your 15 year old for help.
  6. Install a firewall. Microsoft’s operating system comes with a built-in firewall, but it isn’t especially secure. Go with a third party firewall that comes prepackaged with antivirus software.
  7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  8. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses criminal hackers targeting wireless devices on Fox News.

Web Based emails Insecurity Leads to Identity Theft

Robert Siciliano identity theft expert

I recently appeared on Fox and Friends to discuss email hacking. Dave Briggs, a FOX & Friends Weekend co-host, lost access to his Hotmail email account when hackers were able to guess either his password or his qualifying question. (He admitted that his password was not as strong as it should have been.) The hackers locked Briggs out of his own account and spammed all of his contacts with a fraudulent email that appeared to be written by Briggs himself, claiming that he was trapped in Malaysia and requesting that someone help him by transferring money via Western Union. Only after persistently contacting Hotmail administrators was Briggs able to regain control of his own email account.

Twitter was targeted by a similar hack, which led to a data breach. It is likely that the hacker guessed the answer to a Twitter employee’s security question and reset the employee’s password. On Wednesday, Twitter co-founder Biz Stone blogged, “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.”

And of course, Sarah Palin’s Yahoo email account was hacked into last year, during the presidential campaign. The hacker explained how easy it was in Wired.

Web-based email rocks! Since you’re no longer tethered to a PC-based client, you can access your email from anywhere. And all the data saved in your email account will be safe if your PC crashes. Many web-based email providers offer gigabytes of free storage and other useful tools like documents, RSS readers, and calendars. Life in the cloud is easier and more convenient. But is it secure?

PC Pro reported on a study run by Microsoft Research and Carnegie Mellon University, which measured the reliability and security of the questions that the four most popular webmail providers use to reset account passwords. AOL, Google, Microsoft, and Yahoo all rely on personal questions to authenticate users who have forgotten their passwords. The study found that the “secret questions” used by all four webmail providers were insufficiently reliable authenticators, and that the security of personal question appears much weaker than passwords themselves. Yahoo claims to have updated all their personal questions in response to this study, but AOL, Google, and Microsoft have yet to make any changed.

Once a hacker has your email address, he or she can simply go to the “forgot password” section of your email provider’s website and respond to a preselected personal question that you answered when signing up for the account. With a little research, the hacker has a good shot at finding the correct answer.

Some of the current questions could be answered using information found on a user’s social networking profile, or through a website like Ancestry.com or Genealogy.com. Some answers might be found in the user’s trash. Some questions seek opinions, rather than facts. For example, “Who is your favorite aunt?” requires an opinion in response, but if a hacker knew the names of all your aunts, he or she could enter them all one by one. Some questions would be more difficult to answer. Unfortunately, if you signed up for your web-based email account over a year ago, before these email hacks became more common, your questions may be even easier to answer.

Gmail’s current personal questions are:

  • What is your frequent flyer number?
  • What is your library card number?
  • What was your first phone number?
  • What was your first teacher’s name?
  • Write my own question

Yahoo’s current personal questions are:

  • What is the first name of your favorite uncle?
  • Where did you meet your spouse?
  • What is your oldest cousin’s name?
  • What is your oldest child’s nickname?
  • What is the first name of your oldest niece?
  • What is the first name of your oldest nephew?
  • What is the first name of your favorite aunt?
  • Where did you spend your honeymoon?

I suggest that you check out the “forgot password” section on your own web-based email account, to see your current personal question. If it’s easy to answer, or would only require a little research to solve, update the question with one that you create based on opinion, as opposed to fact. And keep in mind that most people list “pizza” as their favorite food and “liver” as their least favorite. So be creative. You should also beef up your password. Combine uppercase and lowercase letters, as well as numbers. Don’t use consecutive numbers, and never use names of pets, family members, or close friends.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Tweets Link to Identity Theft

Identity Theft Expert Robert Siciliano

“Misty Buttons” just started following me on Twitter. She’s curvaceous, bodacious and isn’t getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I’m going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne’er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That’s more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn’t just obvious Twitter porn that you need to watch out for. It’s also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor’s Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

  1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  2. Install anti-virus protection and keep it updated.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.


ATM Fraud Increases Identity Theft Risk

Robert Siciliano Identity Theft Expert

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

A recent survey points towards ATM fraud rising 5-9 percent. Seventy percent of those poled experienced a jump between 2007 and 2008. Many of the large data breaches that have occurred over the past few years may have contributed to the fraud.

It’s simple enough to hack into a database and compromise cards and pins. It’s even easier to affix hardware to the face of an ATM machine and do the same. Once the data is compromised the identity thieves clone cards and turn the data into cash as quickly.

Bankinfosecurity.com recently published “7 Growing Threats to Financial Institutions”. This post is a play on that; “7 Growing Threats to You”

#1 Skimming; Hardware readily available online that is attached to the face of an ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, peoples names, pets names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

How to protect yourself;

First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.

1. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place. If your card sticks, odd looking configurations on the ATM, wires, two sided tape.
2. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
3. Don’t reply to phishing or phexting emails. Just hit delete.
4. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere.
5. Make sure your McAfee anti-virus is up to date.
6. Invest in Intelius identity theft protection and prevention. Because when all else fails its good to have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing ATM skimming

Social Network is Accused of Identity Theft

Robert Siciliano Identity Theft Expert

The state of New York, Office of the Attorney General plans to sue the social-networking site Tagged.com for allegedly using deceptive e-mails in order to gain new users.

It is alleged that the social-networking service stole the identities of more than 60 million Internet users by sending e-mails to people saying that members of the site had tagged them in photos but the photos did not exist and that Tagged raided their private accounts.

The e-mails that people received appeared to come from their friends via the website as an offer to look at the friends pictures and join in. It is believed that Tagged, would then illegally get access to those new users’ e-mail address books and send out more messages without those users’ knowledge. Tagged will be sued for deceptive e-mail marketing practices and invasion of privacy, the office said.

In a statement by their CEO he said “Simply put, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.”

I received the same emails from friends, people who were “duped”. I spoke to those people and understand it to be true that, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.

I don’t believe identities were stolen at any level and that anyone using terms such as “stolen Identity” or “identity theft” are grossly mistaken, but “email harvesting” and a degree of spam and questionable marketing may have occurred.

Here is exactly what happened. A person receives an email saying their friend wants to show them a picture. They have to visit the site, sign in, and register to view it. In that process they are asked for their user name and password from their web based email account to invite more friends to their new account. Many people have done this in Twitter, LinkedIn and Facebook. The lie told is there is no picture to be seen. That’s deceptive marketing, not identity theft.

Criminal hackers have been using the same ruse to get people to log in to a spoofed Facebook account for the past year. Once logged in the user is requested to download a file to watch a video. This download has a virus that allows a full takeover of their account. It almost looks like Tagged took a page out of the criminal hackers book using the same ruse, but without the virus or the spoofed site.

The fact is whenever you register for a social networking site you are asked to plug in your credentials and invite your address book. Doing this is not a bad thing, unless the company you are trusting is a bad corporate citizen. That said; don’t provide any website your log in credentials to your web based email account if you don’t believe them to be 100% legit. Further, when you have web based cloud accounts that contain email and also have proprietary documents or files within that account NEVER GIVE THAT DATA TO ANY COMPANY.

All that said, regardless, you should still protect yourself from real identity theft.

Here is how;
1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.
2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing social network is accused of identity theft.

Identity Theft Expert; Fake IDs are as easy as 1,2,3

Robert Siciliano Identity Theft Expert

Do an online search for “fake ids” and you’ll be amazed to discover how easy it can be to obtain an ID allowing you to pose as someone else. Or how easy it can be for someone else to obtain an ID that will allow him or her to pose as you. Some websites peddle poor quality cards, others offer excellent quality, and many websites are simply scams.

The fact is, our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

Another glitch is the potential for individuals to completely alter their appearances. Men with facial hair can wreak havoc on the current system. This is sometimes done as a prank. In other cases, the individual is attempting to subvert the system to maintain a degree of anonymity. New technologies, such as facial recognition, should eventually resolve some of these problems, but they are still years away from being fully implemented.

In Indianapolis, Indiana, a man was able to obtain six different IDs. He accomplished this by visiting various different registries throughout the state and using borrowed names and stolen information. He obtained job applicant data from a failed body shop business he had owned. He used the false identities to open checking accounts at multiple banks and write fraudulent checks to himself.  He was caught while applying for his seventh ID, thanks to facial recognition software. But it is disturbing to know that he was able to acquire six different identities, all stolen from real people, without detection. It was a bank employee who eventually noticed that he had two different bank accounts under two different names. If the man hadn’t been so greedy, he would have gotten away with it.

In Indianapolis and other registries the daily photos are compared to millions of others already on file. The system constantly scans the data and presents cases that might match, requiring further investigation by registry employees.

Some of the requirements of improving facial recognition include not smiling for your picture or smile as long as you keep your lips together. Other requirements meant to aid the facial recognition software include keeping your head upright (not tilted), not wearing eyeglasses in the photo, not wearing head coverings, and keeping your hair from obscuring your forehead, eyebrows, eyes, or ears.

The fact is, identity theft is a big problem due to a systematic lack of effective identification and is going to continue to be a problem until further notice. In the meantime it is up to you to protect yourself. The best defense from new account fraud is identity theft protection.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name.

2. Invest in Intelius Identity Protect. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity Theft Speaker discussing identity theft