Is That Portable Device a Data Hazard?

/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

According to a survey of London and New York City taxi companies last year revealed that more than 12,500 devices, such as laptops, iPods and memory sticks, are forgotten in taxis every six months. Portable devices that may have troves of sensitive data.

Recent reports of identity data including names, addresses, Social Security numbers on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan borrowed. A company spokesperson said the stolen information was on a portable media device. “It was simple, old-fashioned theft, it was not a hacker incident.” Lovely. That’s just ducky spokesboy.

The survey further reached out to 500 dry cleaners who said they found numerous USB sticks during the course of a year. Multiplying that by the number of dry cleaners they got a figure of approximately 9000 USBs lost and found annually.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that: USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

It’s not just lost portable devices that are an issue. Found ones can be scary too.

Dark reading reports an oldie but goodie from Steve Stasiukonis, a social engineering master, he says those thumb drives can turn external threats into internal ones in two easy steps.

When hired to penetrate a network he says “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.

The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems”

I did a program recently for a client where I presented in front of other security professionals. I had my laptop set up on the stage with my presentation loaded. The client was introducing me and asked if he could load a quick file onto my laptop to assist in his opening remarks. I inserted the drive for him and my anti-virus went NUTS! Seems his flash drive had a nice little virus on it. His boss, standing right next to him said “that’s why we are phasing out non-military grade security enabled flash drives as soon as we get back.”

I checked out BlockMaster SafeStick® 4.0 – a fast and user-friendly secure USB flash drive, which streamlines military-grade security and meets those standards to protect your data. The SafeStick hardware controller encrypts all data using AES256-bit encryption in CBC-mode. Encryption keys are generated on board at user setup, and all communications are encrypted. SafeStick is protected against autorun malware, and onboard active anti-malware is available. Once unlocked, SafeStick is as simple to use as a standard USB flash drive.

The one I got just plugs in, initializes, then launches a program requiring the user to set up a password. From that point on any time the user has to access the data, a password needs to be entered.

Flash drives can be a security mess. Organizations need to have policies in place requiring secure flash drives and never plugging a stray cat into the network.

Disclosures: I have no financial ties to BlockMaster. I just like this thing.

Robert Siciliano Identity Theft Expert discussing good ole fashion identity theft on Good Morning America.

Top 10 Cities for Cyber Crime

/in , , , /by

Robert Siciliano Identity Theft Expert

I love that dirty water, oh Boston you’re my home. Boston Legal, “Cheers,” Boston Bruins, Red Sox, Celtics, Chowda, Lobsta, Pahkin the Cah in Havad Yahd and home to the second worst ranking of cyber crime in America. Lovely! Seems whatever advice I give in Boston media, means squat. After all, I am a Proper Bostonian. Boston missed first place by a lousy 11 points. I blame the college kids. Boston has the highest concentration of college students on the planet. It’s their fault. Seattle took first place. What’s your excuse Seattle? Microsoft?

1. Seattle
2. Boston

3. Washington, D.C.

4. San Francisco

5. Raleigh, N.C.

6. Atlanta
7. Minneapolis
8. Denver
9. Austin, Texas

10. Portland, Ore.

Cities with high concentrations of “spam zombies” placed the highest. Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk. Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember frat boy, there is no honor among thieves.

The Boston Business Journal stated another factor is the Hub’s many unsecured WiFi hotspots — 53.6 per 100,000 residents — where cyber criminals may lurk, trolling for unwitting users. While high-profile or widespread computer attacks are relatively rare, small-scale attacks like these threaten even savvy computer users, the report noted.

Hey Top 10, pay attention:

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM Skimming on Fox Boston.

Report 1.8 Billion Cyber Attacks Per Month

/in , , , , , /by

You read that right. While the US government sits high on its perch, snipers are taking aim 60 million times a day. The Senate Security Operations Center alone receives 13.9 million of those attempts per day.

The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. We’d be living in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush.

“Like in the rest of the world, the attacks are increasingly targeted and using application flaws, including Office and Acrobat. “In the last five months of 2009, 87 Senate offices, 13 Senate committees and seven other offices were attacked by spear-phishing attacks, which appeared as e-mail messages to staffers, urging them to open infected attachments or click on bad links.” No matter how good their defenses are, nothing’s 100% effective. Some attacks get through.”

The Adobe Reader and Acrobat is a cross platform application that opens and its the Portable Document Format (PDF) ubiquitous on most PCs. Criminal hackers discovered a flaw that allows for an injection of hostile code into unprotected systems.  Studies show in the last quarter of 2009 as many as 80% of all web-based attacks were directed at PDFs.

Adobe Flash is also vulnerable software becoming standard on most PCs where multimedia is present. The Register reports Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1, as explained in a bulletin here.

Run Windows Update, Install Anti-Virus, Install Spyware Removal Software, Run Firefox, Secure Your Wireless, Install a Firewall, Use Strong Passwords.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Identity Theft Ring Busted on MSNBC

National Identity Card Focuses on US Workers & Immigrants

/in , , , , /by

Robert Siciliano Identity Theft Expert

The Wall Street Journal reports under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

There are too many forms of identification floating around right now that lack standards and overall security. The Social Security card is currently our national identification card that’s not supposed to be used for identification. From a NY Times article from 1998 it states: WASHINGTONFOR many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identification.” That assurance rings hollow today. Congress has authorized so many uses of the nine-digit number, and Americans use it for so many unauthorized purposes, that it has just about become a national identifier. Today your social is connected to everything.

Security Management reports that all workers and mariners attempting to access secure maritime and port areas nationwide will have to flash a government-approved Transportation Worker Identification Credential (TWIC), which includes a biometric identification card before entry. HSPD-12, or Homeland Security Presidential Directive 12, set universal identification standards for federal employees and contractors, streamlining access to buildings and computer networks. Then there is old and new versions of the passport, as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card.

Government has tried hard to create identification that will once and for all standardize the process under the REAL ID Act which is most likely going to be squashed under Homeland Security Secretary Janet Napolitano who is proposing the repeal of the Real ID Act.

“A person familiar with the legislative planning said the biometric data would likely be either fingerprints or a scan of the veins in the top of the hand. It would be required of all workers, including teenagers, but would be phased in, with current workers needing to obtain the card only when they next changed jobs, the person said.”

Many oppose biometrics and New Hampshire has even proposed legislation against it. My money is on biometrics creeping into our lives in the form of a national ID. Like it or not biometrics are coming.

Meanwhile, until there is assigned accountability, which means nobody can pose as you and work as you and open new accounts as you, protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News

Cell Phone Spying Nightmare: ‘You’re Never the Same’

/in , , , , , /by

Robert Siciliano Identity Theft Expert

Technology makes it easier to connect with the people in your life, but it can also enable others to connect to you without your knowledge.

The engine behind this is RATs, AKA “Remote Access Trojans. RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”.

Now RATs come to mobile phones. When somebody remotely activates your phone, you’re not going to know it and they can use that phone to monitor the conversations in the room you’re in. Your phone could be sitting next to you while you are watching TV, and somebody can actually log into your phone and can actually watch what you are watching on television.

Cell Phone Spying Software is Affordable and Powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50. Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

A virus, called “Red Browser,” was created specifically to infect mobile phones using Java. It can be installed directly on a phone, should physical access be obtained, or this malicious software can be disguised as a harmless download. Bluetooth infrared is also a point of vulnerability. Once installed, the Red Browser virus allows the hacker to remotely control the phone and its features, such as the camera and microphone. For all you techies who want to take a crack at decoding tricks for defeating SSL on mobile phones see Mobile Security Labs HERE.

If history is any indication of the future, mobile phones, just like computers, will soon be regularly hacked for financial gain. Prepare for mCrime in the form of credit card fraud, identity theft and data breaches.

To protect your mobile phone:

Spyware can be installed remotely or directly on the phone. Never click on links in a text or email that could contain a malicious link to a download.

Always have your phone with you and never let it out of your site or let anyone else use it.

Make sure your phone requires a password to have access. If your phone is password protected it will be difficult to install spyware.

If you suspect spyware on your phone re-install the phones operating system. This can be done by consulting your user manual or calling your carriers customer service to walk you through it.

And protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Mobile Phone Spying on Good Morning America

How to Spend More Money on Home Security

/in , , , , , /by

Lets face it, if you had it you’d spend it, and what better way than on your families security! In today’s high tech connected world a networked and remotely monitored home security system is the way to go.

Keyless Access: Door locks that require a pincode make it easier to access without fumbling for keys. Many keyless locks are smart and can be set to allow contractors limited one time PIN access.

Remote Control Alarms: For a few extra bucks you can add remote controls to an alarm system that allow you to activate or deactivate from the driveway or online.

Robot Cameras: New and very expensive robotic camera equipped technologies will roam your property taking full day and night video.

Remote Monitoring: Having someone monitor a video surveillance system 24/7/365 is close to having feet on the ground. These same systems come equipped with speakers used to yell at the trespassers.

Bullet Proof: If you’re especially concerned about flying bullets then installing bullet proof glass, doors and shoring up your walls with bullet proof steal is a must.

Panic or Safe Rooms: A safe room provides a space where you can survive a tornado, hurricane or home invasion with little or no injury.  Residents can hide out in a relatively bullet proof, well stocked room equipped with wireless communications and wait for law enforcement to show up.

16 or 32 Camera Surveillance System: Once you go beyond 8 cameras prices start to rise. However 16 or even 32 cameras will provide you with a birds eye view of every single nook and cranny of your home extending into your neighborhood.

Robert Siciliano personal security expert to Home Security Source discussing Self Defense on Fox Boston

Copy Machines Can Store Your Private Info

/in , , , , /by

Robert Siciliano Identity Theft Expert

Today, copy machines, fax machines and many printers are just like computers; they’re smart and they have hard drives or flash drives and can store data that can be extracted. Peripherals in the olden days, just like when dot-com was a significant part of a person’s stock portfolio, were dumb.

Because of the increased demand of networked technologies, manufacturers of all these peripherals met the demand and built them so they can be easily accessed by everyone in the office.  These same peripherals are often wireless too.

The issue here is that these devices, sometimes, but aren’t always treated with the same considerations as a computer would have.  PCs are often locked down, access is limited and the data might be encrypted. Worse, when someone upgrades to a new PC, the old PC’s data is supposed to be removed, reformatted etc. This procedure is often overlooked on a copier/printer/fax.

Consider what kind of data is copied at your doctors, banks, mortgage broker and accountants office. Generally, there might be personal identifying information that can be used to create a new accounts or take over exiting accounts.

Where do old peripherals go? Many of them head to warehouses to be resold. Others end up on eBay. A quick search on eBay results in 7845 copiers for sale and 1130 used ones. If I can buy an ATM off Craigslist with over 1000 credit and debit card numbers on it, how much data do you think we can get from used copiers?

All the more reason to protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing copy machine scams on CBS Boston

Biggest Botnet Goes Bust

/in , , , , , /by

Robert Siciliano Identity Theft Expert

News of the Spain based Mariposa botnet reveals close to 13 million Zombie PCs in more than 190 countries affected.  Further investigation determined half of the Fortune 1000 companies had PCs on the Bot. Three men have been arrested and a 4th is sought. The sole purpose of the Bot was to gather user names and passwords for banks and email services.

In an example of good vs. evil, whitehats vs. blackhats, representatives from US and Canadian based corporations, along with the FBI and Spain’s Guarda Civil took down the Boat after almost 10 months of investigations.

The Register reports Mariposa (Spanish for butterfly) botnet malware spread through P2P networks, infected USB drives, and via MSN links that directed surfers to infected websites. Once infected by the Mariposa bot client, compromised machines would have various strains of malware installed (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc) by the hackers to obtain greater control of infected systems”.

There are more than 70 types of malware, each doing something different, all in the name or stealing data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online. This crimeware doesn’t require the criminal hacker to be highly skilled.

The criminals in this operation ran the Bot through anonymous virtual private network servers which made it impossible for law enforcement to trace back to the ringleaders. But in December of 2009, the Bot was dismantled by authorities who targeted the Bot’s control centers.

When this event unfolded, the Bots controller, a man dubbed “Netkairo” used his home PC to try and regain control of the Bot which revealed his internet protocol address, which is connected to his home address. This led to his capture. Nice job guys! This is a great plot for a movie! I want to be the dude who sees Netkairo’s IP address and busts him in a high speed chase after he flips his car. Just sayin’.

The problem of Botnets persist. There could be thousands out there with untold millions of Zombie PCs infected.

Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk.

Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember, there is no honor among thieves.

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

THEREFORE:

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

AND:

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Botnets on CBS Radio.

Pay-at-the-Pump Skimming Using Bluetooth

/in , , , , /by

Robert Siciliano Identity Theft Expert

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM’s card slot. Then they install a small camera that shoots video of the pinpad which allows them to extract user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices, they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah, a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth’s range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What makes these devices even more sophisticated is that they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump.

This entire process allows the criminal to steal data on demand and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device, thereby lessening their chances of being caught.

You can’t protect yourself from this kind of skimmer by covering your PIN entry due to the fact that the device is the PIN pad. So if you use a device like this you may be screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Pay-at-the-Pump skimming on Fox News.

Hacking Humans Naiveté

/in , , , , /by

Robert Siciliano Identity Theft Expert

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. “There’s a sucker born every minute” is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how, and motivations why, a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the “how” is “social engineering”.

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports that pentesters, a.k.a ethical hackers, “regularly send client employees emails informing them that the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent.”

As the article points out, humans have a tendency to trust one another. It’s a survival instinct built on millions of years of evolution. “When one person saw that a group of his peers ate a particular berry and didn’t die, he ate the same fruit – and survived as a result.” That’s trust, and it’s exploitable.

This is where we throw around words like “naïve” and “sucker.” You don’t really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called “Hacks4Sale” (a site which Norton Internet Security deems unsafe, so go there at your own peril) which employs similar tactics, but they claim are for different reasons:

A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user’s computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others).

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don’t automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News.