The $6.75 Million Dollar Laptop

/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

Dan Yost Chief Technology Officer of MyLaptopGPS brought attention to the Ponemon Institute, with sponsorship from PGP, has released their “Fifth Annual U.S. Cost of Data Breach Study.” As usual, the report is a treasure trove of great data (just like most people’s laptops are).

The average cost per breached data record rose $2 in 2009, to $204. That’s actually not too bad. The average cost of a breach was $6.75 million, compared to $6.65 million in 2008.

PC World has a good article to summarize, and thanks to lyger at DataLossDB for the pointer.

Not very many businesses are taking serious note of the fact that, on average, they have $6.75 million laptops walking around out there. For those who are, our hats are off.

Here’s an interesting excerpt:

“Overall, 42% of all cases in the Ponemon data-breach study involved third-party mistakes and flubs. In addition, more than 82% of the cases in the Ponemon study were organizations that had more than one data breach in 2009 involving the loss or theft of more than 1,000 records containing personal information. At about 40% of the companies that participated in the study, the chief information security officer (CISO) was in charge of managing the response related to the data breach.”

And how about the maximum data breach cost in the study? $31 million.

That’s a rather expensive laptop, and probably worth a few dollars to protect instead. (Note: the breach may actually have been the result of something other than a lost/stolen laptop, such as a network break-in).

The least expensive breach? $750,000. That beats $31 million, but $750k is still a pretty penny to pay, compared to protection.

Many thanks to Ponemon and PGP for another excellent study.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing laptop security on The Today Show

Is Chip and PIN the Future?

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

Chip and PIN is the name of a government-backed initiative in the United Kingdom to implement the EMV standard for secure payments.

There have been rumblings from Europe over the past year  about American based credit cards that solely rely on the magnetic strip not being accepted in the future due to security issues.  Australia recently stated they were getting rid of all magnetic strip based cards and going Chip and PIN within the next few years.

Meanwhile ZDNet reports Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards. As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

“Chip and PIN is fundamentally broken,” Professor Ross Anderson of Cambridge University told ZDNet UK. “Banks and merchants rely on the words ‘Verified by PIN’ on receipts, but they don’t mean anything.”

This new research has shown that a PIN still needs to be entered, but any PIN code would be accepted. That’s not good. The researchers who cracked the code stated that the ability for the badguy to do this in the future is probable due to the fact that the attack itself is “elementary”.  That’s got to warm the cockles of organized crime.

The US has not adopted CHIP and PIN and many argue it is due to the costs involved. With 213 million cardholders and 1.2 billion credit cards in the U.S., there’s no shortage of opportunity for carders to maintain their current pace. However, an investment in a flawed technology isn’t wise.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS or ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on NBC Boston

The State of Information Security Sucks

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community.

Enterprise networks are becoming hardened and they are still vulnerable. Some are being penetrated directly while others are accessed through 3rd parities such as their clients or end users. Unprotected networks are being sniffed out and data breaches continue.

The organizations that track these breaches are bored, frustrated, hate the industry and offer no good news. Innovation isn’t happening fast enough and new laws and regulations aren’t effective in solving the problems.

PCI and all those who fall under its requirements are chasing their tail. Infighting continues and rumblings of lawsuits against PCI persist.

Law enforcement is getting better at investigating and catching the badguy, but there are far more of them then there are of us.

Between the TJX breach and the Heartland hack there were as many as 224 million credit and debit card numbers hacked. The criminals penetrated the networks “in broad daylight” so to speak, which means they didn’t have much trouble getting in. The hacks may have occurred via unsecured wireless networks, SQL injections or via social engineering though a phishing email with infected links.

While IT security professionals and white-hat hackers are fighting the battle with newer, better, faster, more robust technologies to keep the bad-guy out, the bad guy still gets in via the path of least resistance, which may be human error, laziness or a zero-day attack consisting of  something we’ve never seen before. Often it is the former.

New stories keep coming out depicting small businesses losing hundreds of thousands of dollars via online banking hacks and the banks filing suit so they don’t have to pay it back.

I just spoke to 60 bankers at a conference in Las Vegas. Many of them professed to learning a lot. . No offense here, but I am of the belief that nothing I say should be in any way “new information” to anyone in the banking industry.

As we move closer to mobile banking and a dozen new ways to process credit cards we create new opportunity for the criminals and we haven’t tightened up existing vulnerabilities yet.

We are fragmented and all over the place with an incredible array of interdependent technologies that are set up with convenience in mind and security second.

Somebody please tell me to shut up.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

Fostering Awareness & Improving Security Education

/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

Financial institutions have the most to lose and the most to gain by improving security education of their clients and employees.

A while back  I appeared on a local TV show talking about phishing. Amazingly, still, not everyone knows what phishing is. A good friend saw the show and was shocked by what she learned….about her bank.

She received a phishing email and didn’t know what it was. The email asked her to update her account. It was confusing so she called her bank. She spent 20 minutes on the phone with a bank rep discussing her account and the bank could find no record of the communication or any issues with her account. At the conclusion of the call the bank rep said, “I don’t know why you received this email, your account information is in order.” Click.

That night she saw my phishing clip and wondered why the bank never mentioned a single word about phishing. Her bank failed her. They failed to educate her and therefore failed to protect her. She is no longer a client of that bank.

The mindset of financial institutions needs to change drastically when it comes to educating their clients about identity theft and security issues. Old school “sweep it under the rug” don’t discuss it because it will scare people school of thought is dead. People want, need and require information to protect themselves.

The game has changed. People are concerned for their personal security and are hungry to learn. The fact that you or anyone reads this blog is a testament to society as a whole wants to learn. Soccer moms are now security moms.  I’ve seen major industry players in the anti-virus space catering to these mommy bloggers and others because they understand the public is hungry for this. Banks, well, not so much.

Engage the public and they will respect you and want to do further business with you.

Linda McGlasson, Managing Editor at BankInfoSecurity.com interviewed me for a segment on this issue. Listen to the Podcast here It requires a login but its worth your time.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the lack of security in online banking on CBS Boston

Diploma Mills Facilitate Identity Theft

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

Diploma mills were born along with elearning institutions who are actually legitimate and accredited bodies. Degrees and diplomas issued by diploma mills are frequently used for fraudulent purposes, such as obtaining employment, promotions, raises, or bonuses on false pretenses. They can also be used as a form of fake ID when posing as someone else to gain employment, impersonation of a licensed professional or used to assist as a breeder document leading to “real” fake ID’s.

A fake diploma is an effective social engineering tool used to gain access to your corporate networks.

From Wikipedia “A diploma mill (also known as a degree mill) is an organization that awards academic degrees and diplomas with substandard or no academic study and without recognition by official educational accrediting bodies. The purchaser can then claim to hold an academic degree, and the organization is motivated by making a profit. These degrees are often awarded based on vaguely construed life experience. Some such organizations claim accreditation by non-recognized/unapproved accrediting bodies set up for the purposes of providing a veneer of authenticity.”

The diploma mills often model the names or accredited educational institutions. They may even take a portion of a universities name and make it a part of their own. Such modeling tactics involve using similar logos, color schemes, and designing their websites to mimic an Ivy League school, right down to the .edu web address.

Just like a legitimate college or university, diploma mills may actually require the student to purchase books, do homework and take tests.  However, the diploma mill may make it extremely easy for someone to pass. Students in many cases are able simply purchase a diploma no questions asked. Many of these organizations are nothing more than glorified print shops.

As an employer who requires a diploma as official entry to your organization, you must recognize the risks associated with accepting documents that are fake, designed to give the bad guy access to your networks.

Diploma mills and the documents they print can be difficult to detect. However, today, thanks to the Internet, many websites and organizations are publicly “outing” diploma mills.

When hiring and presented with a diploma, search out the name of the educational institution and see what comes up. More effective is to do a search of the name on the diploma then “diploma mill” in quotes. If you begin to see a trend of sites popping up referencing fraud then call your attorney. Someone who is likely to commit fraud of this nature, may cause even more problems when you decline their employment.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing fraud on Fox News

mCrimes Morph Into mBotnets

/in , , , , , /by

Robert Siciliano Identity Theft Expert

Botnets are robot networks of computers connected to the Internet that sit in our homes and offices. A botnet is generally banks of multiple PC’s from the 10’s to 10,000’s to millions. There are no hard numbers on botnets but last figure I saw was somewhere between 3-5 million. Another stat is 25 percent of all US based PC’s are on a botnet. That’s just insane.  Botnets PC’s are called Zombies. Zombies all generally share a virus in common that allows for a remote control component. The criminal hacker controls the zombies on the botnet via an IRC control server or via a peer to peer network.

The combined power of the zombies on the botnet allows the criminals to commit all kinds of crimes such as denial of service attacks, mass spam campaigns of blasting viruses to millions.

Often botnets are used to store stolen data or to host spoofed websites that collect that data.

Now comes “Sexy Space,” an infected text message containing a link that when clicked downloads a file making that phone part of an mBot. mBots are made up of “Zobiles”.  The download then infects the users contact list and in typical virus multiplication fashion, sends the Sexy Space text to them too.

It is believed that infected phones could then be used in similar ways as traditional zombies are.  The extra twist with a zobile is its ability to take pictures, video, and used as a covert audio listening device. It can also sniff out wireless connections to the Internet and gather additional data to be used to hack.

History indicates that we are at the forefront of an era in which criminal hackers develop tools and techniques to steal your money using your own cell phone. Fifteen years ago, cell phones were bulky and cumbersome, they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Calls dropped every other minute. Clearly, cell phones have evolved since then. Today’s cell phone is a lot more than a phone. It’s a computer, one that rivals many desktops and laptops being manufactured today.

Never click on links in text messages unless you are 100 percent sure it’s a legitimate communication from a trusted source.

Follow your phones manufacturers and carriers recommendations on securing your phone. A search on “mobile phone security” turns up options/downloads/security to consider.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing mobile phone crimes and hacking on the Mike and Juliet Show

EFT Point of Sales Hackers Net $50 Million

/in , , , , , /by

Robert Siciliano Identity Theft Expert

Readers of these posts are familiar with ATM skimming. ATM skimming is a billion dollar problem and growing. A relatively new scam over the past few years is electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

Last year, legitimate EFTPOS devices at McDonald’s outlets across Perth Australia were replaced with compromised card-skimming versions, with 3500 customers cheated of $4.5 million. They actually replaced the entire device you see at the counter when you order your Big Mac!

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar scam was pulled off at the Stop and Shop Supermarket chain.

“One reason POS machines are so vulnerable is that nearly all of the estimated 12 million devices in the U.S. employ a 40-year-old magnetic stripe technology that industry experts say is largely defenseless against the high-tech wizardry available to fraudsters today. These experts say that thieves can buy skimming gadgetry on the open market. Right now you can walk into a computer store in Malaysia and buy one of these devices for about $200”

The solution to this type of crime may be with authenticating the card or the card holder. Today this is out of the hands of the consumer. There are a number of new technologies that if banks/retailers/industries adopt to identify the actual card/user at the POS or even online, then most, if not all, of the card fraud problems will be solved. There is a race going on right now to see who gets there first. In the next 1-5 years we may see new cards being issued such as “chip and pin” which are standard in Europe. Or no new cards at all but changes in the system that identifies a fraudulent card making the data useless to the thief, or a 2 card system that requires a second swipe of another authenticating card the hacker doesn’t have access to. We will see how this all plays out.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

Citizens Need to be More Involved in Cybersecurity

/in , , , , , /by

Robert Siciliano Identity Theft Expert

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” Somebody is saying to take personal responsibility and start doing things securely opposed to expecting it to all be done for you. What a revelation!

Just because everyone has access to the Internet, doesn’t mean they are using it securely. If a person decides to login, they should take some basic courses or read about how to login securely. And the education doesn’t stop there. New scams pop up every day and one has to be aware of their options. I write almost every day and there is never a shortage of topics for me to discuss.

The Internet can be a dangerous neighborhood with bad people around every corner. I got an email from a colleague today who is in the security business. He asked me if the email he received from Facebook to change his password was a fake or real. This is a smart guy, who obviously never heard of the Facebook phishing scam before.

NetworkWorld reports They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say. The awareness they call for has to go beyond simply “if you do not protect yourselves bad things will happen to you” and create a sense that cyber security is a civic duty. Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],”they say. “Cybersecurity must become a national civic responsibility.”

Frankly, we as citizens HAVE TO do something. Richard Clarke, the president’s cybersecurity adviser, recently wrote that the Department of Homeland Security “has neither a plan nor the capability” to protect the U.S.’s cyber infrastructure. He said companies and individuals “almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more.”

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in  Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

6. Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

How Banks Fail to Provide Effective Online Security

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

A Texas bank is suing one of its customers who was hit by an $800,000 online bank theft that could determine who is to be held responsible for protecting their online accounts from fraud.

Computerworld reports Romanian and Italian based criminal hackers launched numerous wire transfers out of the client’s back account. The bank recovered $600,000 of the $800,000.

The victim wanted all its money back and sued the bank to be reimbursed of the $200,000. The bank in turn filed a lawsuit requesting the bank certify it had adequate security that was considered “commercially reasonable”. The bank doesn’t want anything more than to be absolved of the $200,000.

The bank states all transfers originated from unauthorized wire transfer orders that had been placed by someone using valid Internet banking credentials belonging to the victim. How the victim’s credentials fell into he wrong hands has not been disclosed. It seems it was the victim’s lax security opposed to the banks. There are numerous ways this can happen. What is evident is there were wire transfers of various dollar amounts ranging from $2500.00 to $100,000 made to different accounts all overseas. The bases of the victim’s lawsuit are that the bank should have systems in place to detect such activity.

Small businesses and banks are losing money via attacks on their online banking accounts. It’s very simple: criminal hackers send an e-mail with a link to a malicious site or download to employees who handle their company’s bank accounts. These malicious links then steal the username and passwords the employees use to log in to their online banking accounts. Done.

So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it?  At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.

Here is a similar story being played out. I’m a big believer in taking action and making sure my systems are secure. And, the bank has some responsibility here too. I, we the public, have limitations on what we can do to be secure. I bet anything the bank will tighten up regardless of what the outcome of the lawsuit is because they have to see there is a weakness in their system. If they don’t, they are stupid.

I’ve been trying to transfer money from one bank account to another. My bank has made it difficult to do so. Painful even. It’s a customer service and a security issue. Ultimately they provide an option to do so and it requires paperwork, online authentication, phone calls and text messages. It’s not a matter of logging in and transferring money by entering another account. Even with my own login details I’m having a hard time transferring money.

Check to see how easy or difficult your bank makes it. Because if it’s easy peazy, that could be an issue if your PC is hacked.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in  Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

Targeted Injection Attacks on the Rise

/in , , , /by

Robert Siciliano Identity Theft Expert

In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language. Pronounced  ”Ess Que El” or ”Sequel”. The attackers shift in strategy focused on targeting high-profile websites, concluded Websense’s State of Internet Security report for the third and fourth quarter of 2009.

SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component.

Matt Chambers with Corporate IT Solutions says, “Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected. Applications typically take input information and send it to a database for storage and processing. We interact with these kinds of applications every day, whether it’s a signup form or a login page for a favorite networking site.”

Patrik Runald, senior manager of security research at Websense, told SCMagazineUS.com “The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into.”

The report says attackers increasingly launched targeted attacks, which often start with an email containing a malicious link. During the second half of 2009, 81 per cent of email contained a malicious link, the report states.

When an employee receives a spear phish, based on information gathered from the companie’s website, and that employee clicks that link, the link may download a program that disables the companies anti-virus and defeats all security measures. This is why one must never click links in the body of an email. There are hardly ever links in emails that can’t be worked around either in the favorite menus or via manually typing in the browser.

1.      NEVER click links in email. It’s shear laziness, naiveté or stupidity when someone clicks links in the body of an email today.

2.      Get yourself and ethical hacker to test your network and see what damage he can do before the bad guy does.

3.      Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

4.      Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

5.      Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC