Identity Theft Attempt at Defcon

/in , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Hackers hacked hackers at the annual Defcon conference in Las Vegas this past weekend. Defcon is a conference for hackers of all breeds. There are good guys, bad guys, those who are somewhere in between, plus law enforcement and government agents. All kinds of inventive people with an intuition for technology decend on Las Vegas to learn, explore, and hack.

At this year’s Defcon, someone planted a real, rigged, malicious ATM right outside the security office of the Riviera Hotel and Casino. For some reason, the area outside the security office doesn’t have any security cameras, which made it an easy place to attempt a scam. Scams like this are common in Las Vegas, due to the city’s transient nature and frantic pace. Everyone is looking for a quick buck, and what better place to pull of an ATM scam than Vegas?

ATM skimming comes in two flavors. In the first scenario, a device called a “skimmer” is placed on the face of an operational ATM. When a card is swiped, the skimmer records the data on the card, and a hidden camera generally records the PIN. Usually, money is dispensed. In the second scenario, a used ATM is rigged to record data, and placed in a public area. These ATMs are only semi-operational, and do not dispense cash. This is the type of ATM that was found in Las Vegas.

A conference attendee uncovered the scam when he attempted to use the machine and recieved an error message. Upon further investigation, a computer was discovered where the security camera should have been. The computer was recording all the victims’ details. That’s when the alarm was sounded and the area became a crime scene.

You can protect yourself from these types of scams by paying attention to your statements. Refute unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. (Of course, just outside the security office isn’t exactly the middle of nowhere, so always be alert.) Use strong PINs, with both upper and lowercase letters, as well as numbers. And invest in Intelius Identity Theft Protection and Prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing ATM skimming on Fox News

Debit Cards at Risk for Identity Theft

/in , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

There are 437,000,000 debit cards in circulation, and their use is on the rise. Criminal hackers are paying attention. Credit cards offer some measure of protection, but when a debit card is compromised, the stolen money is taken directly from the victim’s bank account.

Federal laws limit cardholder liability to $50.00 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to maintain this $50.00 limit. After that, the maximum liability jumps to $500.00. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

There are a few known scams that can make you vulnerable to debit card fraud.

There’s the bait and switch. When making a purchase online, you may be prompted to make an additional purchase that appears to be a one time fee, but is actually an ongoing monthly debit that is nearly impossible to cancel. That’s when canceling your card is the only way out. While this isn’t technically criminal hacking, it is very slimy marketing. The best way to protect yourself from this one is to always read the fine print before making an online purchase. Just be smart.

Unless you have been living in a cave, you’ve probably received a phishing email at some point. Criminal hackers, assisted by teams of psychologists and sociologists, are designing and selling phishing kits to one another. They know what makes you tick and they know what will convince you to click on a link. These people are professionals. There used to be a day when phish emails contained obvious misspellings and but now they are organized and sophisticated. And as more people go paperless and get their bank statements online, it is becoming more common for criminals to take advantage of that process, sending emails that appear to be statement notifications. If you think an email might be phishing, delete it immediately. And don’t click on links in emails. Either manually type the link into the address bar, or use your bookmarks menu.

According the the Secret Service, Skimming is one of the financial industry’s fastest growing crimes. The ATM Industry Association reports over one billion dollars in annual global losses from credit card fraud and electronic crime associated with ATMs. A skimmer is a hardware device that a thief places on the face of an ATM, which matches the machine itself. It’s almost impossible for a civilian to notice the difference unless the skimmer is of poor quality, or the civilian has a unique eye for security. Often, the thieves will mount a small pinhole camera somewhere near the ATM, perhaps in a brochure holder, to record the victim’s PIN. Gas pumps are equally vulnerable to this scam. Pay very close attention during ATM and gas pump transactions. If something seems wrong, it is wrong. Look for double stick tape, removable features on the face of the ATM, a card sticking inside the reader, or additional mirrors or brochure holders that could contain a small camera.

1. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing ATM skimming on Fox News Here and credit card fraud on CNBC Here

XX

Spying is Alive and Well…and Leads to Identity Theft

/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Most people assume that corporate espionage is just James Bond stuff. However, according to USA Today, even small and medium businesses are at risk. Spying has been going on since the beginning of time, and it’s alive and well today. In most cases, spying starts because a person or entity needs or wants information that is otherwise kept confidential or private from prying eyes.

Most people have probably spied at some point in their lives. Maybe as children, rifling through siblings’ or parents’ closets and drawers. Or as teenagers, spying on a boyfriend or girlfriend in an attempt to determine why a first relationship wasn’t working out. Or as parents, hoping to protect children from themselves. Hopefully this type of behavior subsides as we grow older and learn to trust others. But some people find serious reasons to spy as adults. This behavior can eventually culminate in stalking, which is, of course, illegal and can end in tragedy.

There are plenty of tools to facilitate spying. There are more ways of gathering intelligence than ever before. An online search for “spy shop” or “spy store” turns up a vast collection of small wireless cameras, listening devices, software, and hardware that can help the customer collect enough data on their target to do some damage, or uncover sensitive information.

Spyware is commercially available software that can track keystrokes, emails, and instant messages. In the wrong hands, it can be quite damaging. Keycatchers are hardware devices that can be installed in the back of a PC in order to record raw data.

It is necessary to monitor childrens’ Internet use, but an open dialogue is equally important. If a person has suspicions about his or her spouse, that’s an entirely different scenario, requiring a different set of rules. Be aware that if you spy or cheat on a loved one, you ought to be prepared for the consequences.

Protecting yourself and your business from this type of spying is difficult, but possible. Always keep in mind that those on the “inside,” such as friends, family members, employees, or people who have special access and could potentially be paid off, like a cleaning person or a security guard, can access sensitive data.

  1. Make sure that there are no mysterious hardware devices attached to your computer.
  2. Sweep your home for audio recording devices. You can either hire someone to do this, or do an online search for a tool that will help you.
  3. Password protect the administrator account on your computer, to prevent unauthorized software installation.
  4. Run a spyware removal program.
  5. Never leave file cabinets unlocked, or paper work lying around.
  6. Shed any document that may contain sensitive data before throwing it out.
  7. Lock down your wireless connections, since they are often the path of least resistance.
  8. Don’t disclose too much personal information on social networks, since that makes it easy for people to spy on you.
  9. Know that identity thieves have access to all these tools as well, so protect yourself. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  10. And invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses mobile phone stalking and spying on The Tyra Banks Show

Child Identity Theft Victims

/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Jason Truxel was denied a mortgage because of bad credit. He had no idea that his credit scores were low, so he pulled his credit reports. He discovered a tremendous amount of debt, and accounts he had never opened. One such account showed that a credit card had been opened in his name when he was 13 years old. Jason found out the hard way that he was a victim of child identity theft. When Jason was a child, his father was convicted of credit card fraud. So he went to his father’s house and found a stack of credit cards with his name on them in a dresser drawer. When confronted, Jason’s dad said that Jason would never be able to prove anything. That’s a bad dad, if I’ve ever heard of one.

Diamond Daye is 11 years old. He’s going through the same problem. Except his mother is the identity thief. She’s 31, and owes thousands in rent and cell phone and cable bills.

Child identity theft is a growing problem. The Federal Trade Commission estimates that there are 500,000 new victims every year. The culprits are often parents, since they have direct access to their kids’ personal information. Irresponsible parents who have screwed up their own credit apply for credit in their childrens’ names, once they discover how easy it is. All a parent needs is a child’s Social Security number, and the fun begins. Creditors often fail to verify the applicant’s age, and simply accepts the application. Children rarely discover that they are victims of identity theft until they are adults, and are denied credit or employment because of their negative credit history. Sometimes the custodial parent discovers that his or her ex committed identity theft when the bill collector notices begin to arrive.

There’s not much a person can do to prevent child identity theft, other than regularly requesting fraud alerts and ensuring the credit hasn’t been issued under your child’s name.

What you should do to protect yourself and your children:

Protecting yourself from new account fraud requires a credit freeze, or setting up your own fraud alerts and in your childs’ name too. This provides an extra layer of protection. In most cases it prevents the opening of new credit.

Consider making an investment in Intelius Identity Theft Protection and Prevention. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano Identity Theft Speaker discussing availability of Social Security numbers on Fox News

A ‘Whac-A-Mole’ Approach to Preventing Identity Theft

/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Computerworld illustrates the current state of information security by citing a childhood arcade game: “If you’ve ever played the silly, maddening game known as “Whac-A-Mole,” you know what futility feels like. As you smack one mole with the mallet, up pops another one. Their speed and number escalates as you flail away, trying to keep up. At some point, you realize there’s no hope of winning.” That’s why I hated that game. I was attracted to it at first, because, like Barney Rubbles’ son Bam Bam, I liked hitting stuff with blunt instruments. But that only takes you so far. To win, you need skill and precision.

In today’s world of cyber security and identity theft prevention, it isn’t enough to chase the next mole and whack it with another patch, or shred your own data and hope that someone doesn’t hack your cell phone company. You need to understand the problem and proactively implement a solution.

In the late 90’s and early 2000’s, hackers hacked for challenge, fun, and fame. It made them popular among other hackers. Soon after, consumers began spending more time online. They used their PCs to shop, bank, and manage personal affairs. Now, hackers aren’t just wreaking havoc, deleting files, or making IT administrators miserable, they’re also stealing proprietary data. Now, the real game is illegal financial gain. Hackers’ motivations have changed, which means that you need to change your perceptions of what a computer is, and how to operate it. It’s no longer something to just play Solitaire, or a play where you socialize with friends. Now, it’s a cash register to a hacker. It’s a bank. And it should be treated and respected like a vault.

  1. Run Windows Update, or it may also be labeled “Microsoft Update,” on your PC. If you have Windows XP, you want “Service Pack 3” installed. You can also go to “Control Panel” and then “Security Center” and turn on automatic updates, so Microsoft will install the latest security upgrades automatically. If you have Vista, the process is similar, but you want “Service Pack 1.”
  2. Install antivirus software. Most PCs come bundled with software that runs for free for up to a year. Once it expires, you need to renew the license. If you don’t, every day that your software isn’t updated provides more opportunity for criminal hackers to turn your PC into a zombie that sends viruses to other PCs or sends spam shilling Viagra.
  3. Install anti-spyware software. Most antivirus providers define spyware as a virus now. However, it’s still best to run a spyware removal program once a month or so, to ensure that your PC is rid of software that could allow a criminal hacker to remotely monitor your data, keystrokes, and the websites you visit.
  4. Use Firefox. Internet Explorer is clunky, and the most frequently hacked software that exists. Mozilla’s Firefox is more secure.
  5. Secure your wireless. If you’re running an unsecured wireless connection at your home or office, anyone can jump on the network and access your files from up to 500 feet away. Your router should have instructions on how to set up WEP or WPA security. WPA is better. If this is a foreign language to you, you should either hire someone, or ask your 15 year old for help.
  6. Install a firewall. Microsoft’s operating system comes with a built-in firewall, but it isn’t especially secure. Go with a third party firewall that comes prepackaged with antivirus software.
  7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  8. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses criminal hackers targeting wireless devices on Fox News.

Social Media Privacy and Personal Security Issues

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

ATM Fraud Increases Identity Theft Risk

/in , , , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

A recent survey points towards ATM fraud rising 5-9 percent. Seventy percent of those poled experienced a jump between 2007 and 2008. Many of the large data breaches that have occurred over the past few years may have contributed to the fraud.

It’s simple enough to hack into a database and compromise cards and pins. It’s even easier to affix hardware to the face of an ATM machine and do the same. Once the data is compromised the identity thieves clone cards and turn the data into cash as quickly.

Bankinfosecurity.com recently published “7 Growing Threats to Financial Institutions”. This post is a play on that; “7 Growing Threats to You”

#1 Skimming; Hardware readily available online that is attached to the face of an ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, peoples names, pets names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

How to protect yourself;

First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.

1. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place. If your card sticks, odd looking configurations on the ATM, wires, two sided tape.
2. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
3. Don’t reply to phishing or phexting emails. Just hit delete.
4. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere.
5. Make sure your McAfee anti-virus is up to date.
6. Invest in Intelius identity theft protection and prevention. Because when all else fails its good to have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing ATM skimming

Data Breaches; LexisNexis – FAA Hacked, Botnets Grow, Hackers Hold Data Ransom

/in , , , , , , , , , , , , , , /by

Identity Theft Expert

What a week. Just when it starts to get boring, criminal hackers put on a spectacular show.

Criminal hackers continue to step up to the plate. Security professionals are fighting, and sometimes losing, the battle. Here’s one week’s worth of hacks:

Lexis Nexis, which owns ChoicePoint, an information broker I recently blogged about that was hacked in 2005, was just hacked again this week. On Friday, LexisNexis Group notified more than 32,000 people that their information may have been stolen and used in a credit card scam that involved stealing names, birth dates and Social Security numbers to set up fake credit card accounts. The cybercriminals broke into USPS mailboxes of businesses that contained LexisNexis database information, according to a breach notification letter sent by LexisNexis to its customers. The U.S. Postal Inspection Service is investigating the matter. (Check your credit reports and examine        your credit card statements carefully!)

CNET reports that hackers broke into FAA air traffic control systems, too. The hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, for 48,000 current and former FAA employees. In a House Oversight and Government Reform Subcommittee testimony, it was stated, “FAA computer systems were hacked and, as the FAA increases its dependence on modern IP-based networks, the risk of the intentional disruption of commercial air traffic has increased.”

Computerworld reports that a hacker has threatened to expose health data and is demanding $10 million. Good for him, bad for the Virginia Department of Health Professions. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted  more than 8 million patient records and 35 million prescriptions and then deleted the original data. “Unfortunately for Virginia, their backups seem to have gone missing, too. Uh oh,” posted the hacker. Holding data hostage is nothing new, but it is      becoming increasingly common.

The Register reports that bot-herders have taken control of 12 million new IP addresses in the first quarter of 2009, a 50% increase since the last quarter of 2008, according to an Internet security report from McAfee. The infamous Conficker superworm has occupied all the headlines, and makes a big contribution to the overall figure of compromised Windows PCs, but other strains of malware collectively make a big contribution to this number. McAfee’s Threat Report notes that the US is home to 18% of botnet-infected computers.

While you can’t do much about others being irresponsible with your data, you can protect your identity, to a degree. Consider investing in identity theft protection and always keep your Internet security software updated.

Robert Siciliano, identity theft speaker, discusses Ransomware.

Identity Theft Expert; Organized Webmobs Focused on Cyber Crime

/in , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

New reports confirm what we have been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up financial institutions’ networks.

We’ve known for some time that the long-haired, lowly, pot-smoking, havoc-reeking hacker, sitting alone in his mom’s basement, hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial gain.

His contacts are global, many from Russia and Eastern Europe, and they include brilliant teens, 20-somethings, all the way up to clinical psychologists who are organized, international cyber criminals.

We are in the middle of a cold cyber crime war.

Their sole motivation is money and information and they either find their way inside networks due to flaws in the applications, or they work on their victims psychologically and trick them into entering usernames and passwords, or clicking links.

According to a new Verizon report, a staggering 285 million records were compromised in 2008, which exceeds total losses for 2004-2007 combined. As many as 93% of the breaches were targeted hacks occurring at financial institutions.

Hackers made $10 million by hacking RBS Worldpay’s system, then loading up blank dummy cards and gift cards, and sending mules to use them at ATMs. The entire scheme took less than one day to pull off.

Many of these hacks occur due to flaws in the design of web applications. The criminals send out “sniffers,” which seek out those flaws. Once they are found, the attack begins. Malware is generally implanted on the network to extract usernames and passwords. Once the criminals have full access, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

Meanwhile, criminal hackers have created approximately 1.6 million security threats, according to Symantec’s Internet Security Threat Report. 90% of these attacks were designed to steal personal information including names, addresses and credit card details. Almost every single American has had their data compromised in some way.

Unsuspecting computer users who do not update their PC’s basic security, including Windows updates, critical security patches or anti-virus definitions often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks.

The same study shows computer users were hit by 349 billion spam and phishing messages. Many were tricked into giving up personal information. It is common sense not to plug data into an email that appears to be from your bank, asking to update your account. Attacks directed towards mobile phones are also rising. “Phexting” is when a text message phishes for personal data. Just hit delete.

Much of the data stolen is out of your hands. So invest in identity theft protection, and keep your McAfee Internet security software updated.

Robert Siciliano, identity theft speaker, discusses criminal hackers who got caught.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Credit card fraud is Americans number one concern

/in , , , , , , , , , , , /by

Identity theft Expert Robert Siciliano

A recent study conducted by the Unisys Corporation shows that identity theft as it pertains to credit card fraud is Americans’ number one concern.

When people ask me, “How do I protect myself from credit card fraud?” I tell them, “Cancel the card, or never use it.” Because that’s the only way.

Personal security (as it pertains to violence) and national security have always been a concern. However, this new study shows that people are more concerned with fraud, and the risk of having their savings depleted by scammers. Not so hard to believe, what with the number of data breaches, and the Madoffs of the world fleecing their unsuspecting investors.

75% of Americans feel that the recession has increased their chances of being victimized by criminal hackers and thieves. Most are also concerned their “private” information on a corporate or bank network may be compromised.

FBI’s Internet Crime Complaint Center’s 2008 Annual Report determined that online fraud increased by 33.1% last year. Dollar losses resulting from online fraud increased to $265 million.

Overall, these concerns are valid, due to flaws in the system of issuing credit that facilitate new account fraud. Furthermore, account takeover requires nothing more than access to credit card numbers, which are available in hacked databases or susceptible every time you hand your card over to a gas station attendant.

Viruses in spam or phishing emails continue to plague consumers and as scammers get more sophisticated, the chances of getting hooked increase.

Banks and business will continue to feel the pressure as criminals target their clients’ data.

Credit card skimming at ATMs and gas pumps makes it impossible to protect yourself when you could essentially be handing your digits over to a criminal.

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. The worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Marite Ferrero, a blogger with Finextra, adds, “In Europe, the points of compromise are everywhere: ATM, gas pumps, parking, DVD rentals, movie tickets, food kiosks, tolls, buying metro tickets, and the list goes on… Because of chip and pin implementation, the proliferation of stand-alone terminals that accept chip and pin has provided a profitable playground for fraudsters.”

While the card holder is generally only responsible for the first $50.00 in losses, which is often waived by a “zero liability policy,” card holders who don’t pay attention to their statements often let these charges pass and eat them.

There are many technologies available to secure credit cards, such as “smart cards” and “chip and pin.” However, due to the nature of a credit card transaction, once the data leaves the card, it’s up for grabs. Whatever card security their may have been is now gone.

Check your credit and banking statements carefully. Scrutinize every charge and refute any unauthorized charges within 30-60 days. Call your bank or credit card company immediately if you see any fraudulent activity.

Invest in identity theft protection. Credit freezes or fraud alerts help prevent new account fraud. Protect your PC with McAfee, or other Internet security software.

Robert Siciliano, identity theft speaker, discusses credit card fraud.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.