Woman Chained Like a Dog, Man Killed

Back in August, 2016, Kala Brown and Charles Carver arrived to a 100-acre property in South Carolina for a cleaning job. Charles Carver never made it off the property, and Kala Brown spent more than two months in a metal shipping container, allegedly held captive by Todd Christopher Kohlhepp.

10DIn November of 2016, detectives were searching the property of Kohlhepp when they heard banging coming from the inside of a shipping container. When they opened it, they found Brown chained “like a dog.” According to Brown, she saw Kohlhepp shoot Carver, killing him, and then he took her hostage, chaining and locking her inside of the crate.

Carver’s body was found on the property, and Kohlhepp is suspected of being involved with six more murders.

Brown described her captivity as “hard,” and she said she remained chained for the duration of it. She also says that he did let her walk around a bit, and he fed her one time each day. She was finally found when authorities were searching the property after she was reported missing. Her cell phone was pinging on the property, but it took about two weeks before they could get a search warrant.

Police reported that they had no indication that there was foul play when they began searching. The cargo container was located on the middle of the property next to a garage. After finding the body of Carver, the investigators brought in cadaver dogs to search the property. Additionally, ATV’s, backhoes, and even a helicopter circled the property. The cadaver dogs picked up some scents, and the excavation of the property, began. The investigation found two more bodies, that of Meagan McCraw-Coxie and Johnny Coxie, who had gone missing in 2015.

Since his arrest, Kohlhepp has admitted to killing seven people in total.

Public records show that Kohlhepp is both a licensed pilot and real estate agent. He does, however, also have a record. As a teen in Arizona, he was convicted of kidnapping and crimes against children, and he spent some time in prison for these crimes. He is also on the sex offender registry in South Carolina. This is due to a kidnapping in 1986, which coincides with the incident in Arizona. In total, Kohlhepp served 14 years in prison. According to sources, Kohlhepp kidnapped a girl, aged 14, took her to his home, bound her with duct tape and raped her. He was released in 2001.

As is the case with many serial killers, most people who knew Kohlhepp were shocked by these allegations. One real estate agent that worked with Kohlhepp said that she had known him for a decade, and they had met in college. They had even been study partners for a statistics course. She was in disbelief when she heard that he had admitted the murders.

She also said that most people in the area knew that he was a registered sex offender. However, he told people that it was due to exaggerated charges after he and a girl had gone joyriding and the girl’s father, who was a local official, became angry.

Kohlhepp also had a second home in the area, and neighbors describe his as “private” but “pleasant.” He was also described as “a likable guy.”

All in all, Kohlhepp was charged with a total of seven counts of murder and two counts of kidnapping. He was also charged with three counts of possessing a weapon while committing a violent crime. The relatives of other victims will reportedly file wrongful death lawsuits against Kohlhepp, and Brown has said that she will file a civil lawsuit. Kohlhepp is due in court on January 17th.

Oh, and Jeffrey Lionel Dahmer, also known as the Milwaukee Cannibal, was an American serial killer and sex offender, who committed the rape, murder, and dismemberment of seventeen men and boys between 1978 and 1991. Apparently he was a likeable guy too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Shred your Boarding Pass

Apparently there are people who take pictures of their airplane boarding pass…and post it online. I’m dead serious. I’ve heard of toddlers getting excited over scraps of paper, but full-grown adults posting images of their boarding pass online? Don’t get me started.

2DLet’s just only say that this is incredulously absurd. Like, who cares about your bleepity bleep boarding pass, right? OK, you got bumped up to First class. SAVE IT. Well wait a minute. Fraudsters care.

Fraudsters also care about the boarding pass that’s left intact in a rubbish can or lying on a seat somewhere.

Few travelers know that the bar code on the boarding pass MAY contain that individual’s home address, e-mail address, name and contact number. All a crook needs is this basic information (revealed via bar code reader off his cell phone!) to get the fraud ball rolling.

  • Keep your boarding pass out of everyone’s sight except the airport employee who requests it.
  • After you no longer need it, tear it up and flush it down a toilet.
  • When you arrive to your hotel, don’t bring it with you to your hotel room and leave it sitting out in full view. Shred and destroy it prior.  Putting it in the hotel room trash isn’t enough. Realize that when you’re not in the room, maids and other hotel employees can gain access—and I can’t say it enough: You just never know who has a bar code reader app.
  • And for Heaven’s sake, don’t post images of it online, if for no other reason, this makes you come across as less interesting than a doorknob. In fact, don’t even think of taking a picture minus the bar code. You just never know with today’s technology what a crook could get off an image online.

Man, if you still don’t believe me about any of this, check out these two very short but alarming videos. You’ll be flabbergasted at how much information about you a techy thief could get off of your boarding pass! “If a hacker can find it, he can find YOU!”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Hot and Cold Reading Scams

Many so-called psychics are frauds. But so are some auto mechanics, lenders and roofers. There’s fraud in just about all lines of work.

1SWhat we do know is this: There’s not enough evidence to refute paranormal phenomena. Nor enough to prove it beyond a doubt.

And we also know this: There exist scams involving hot and cold readings.

I could give a scam reading to a flamboyant, colorfully-dressed woman (whom I’ve known for only a minute) with big hair, lots of costume jewelry and a supersonic laugh.

I could tell her she’s attracted to quiet, analytical, detail-oriented, very serious men whose eyes well up during sappy movies. She’ll pay me $100 for my “reading” and think I’m a psychic. What she doesn’t know is that I know that people with “sanguine” temperaments are attracted to the “melancholy” temperament.

I didn’t “read” her based on psychic abilities. I “read” her based on a book about temperaments I read years ago. Some people get really good at cold readings and make money off of this.

Hot Readings

You have an appointment with a woman. You find her Facebook page (because you got enough preliminary information to achieve this). You learn all about her. You look her up on LinkedIn too.

Come appointment (reading) time, you start telling her things about herself, flooring her. Scammers can cunningly extract information via other routes as well, but the bottom line is that the crook gets information ahead of time and pretends it’s only just coming up during the reading.

Cold Readings

The information is gleaned right on the spot—via skilled observational powers. Typically the cold-reader begins broadly, such as, “You’re very sad these days,” watching the customer’s body language and facial reactions, and then making deductions based on those.

The reading is very carefully worded to cover the possibility that the deductions are wrong. The scammer might say, “A person very dear to you is no longer around,” instead of the specific, “A person very dear to you has recently died.”  All possible reasons for the “loss” are covered with the ambiguous statement.

Cold readings to a large group are a joke, because the scammer will announce something that, by the law of averages, will apply to several people in the group. He then narrows it down from there.

There may be many honest, true psychics out there (some police departments use them for missing-persons cases believing if there wasn’t some fire to this smoke).

But beware of the scammers. Don’t pay someone to tell you something about your life that’s already on Facebook or evident in your clothing and mannerisms.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Is It Fraud or are You just Crazy?

What would you rather have happen to you? A Russian ring of hackers has infiltrated your computer and smartphone and is hell-bent on taking control of your finances, social media life, even the smart gadgets in your house…OR…you’ve just been diagnosed with paranoid psychosis, and in fact, nobody’s out to harm you at all.

12DIn a day and age where it’s become increasingly easy for hackers to hijack your credit card and bank accounts, spy on your baby by hacking into the baby-cam and spy on you via your laptop’s camera … the line between paranoia and real-life spying has become very muddled.

Unfortunately, there isn’t a day that goes by that someone contacts me completely convinced they are being spied on. Maybe they are, most likely they are not. Especially when they begin to explain how every device they own and seems to know everything about them and so on. The likelihood of a hacker having control over their TV is pretty small.

For example, 30 years ago if someone said, “Someone is watching me through my computer,” we’d just assume that person was delusional and needed some medication. Nowadays, we’re apt to immediately think, “Put tape on your laptop’s camera hole!”

So how can we weed out the crazies from the true victims? Just because your laptop has a camera hole doesn’t mean you can’t be imagining that your ex-spouse is spying on you through it.

Many claims of fraud or victimization are real, and many are deliberately made up for financial gain (e.g., faking back pain after a fender bender) or are the result of mental illness.

Sometimes, it’s obvious when the claim is fraudulent or the result of being “crazy.” In fact, the tip-offs that it’s mental illness at play are more obvious than when it’s fraud, since the con artist can be quite skilled.

A general rule of thumb is to look at the simplicity—or lack thereof—of the case. Is the claimed cause simple or convoluted?

For example, you hear a crash, race into the living room and see that your favorite vase—which is located near the bottom of the staircase—has been broken to smithereens. Near the vase is a basketball. At the top of the staircase are your two young sons with scared looks on their faces.

They cough up an explanation: “We were in the living room reading. The basketball was on the floor. A gust of wind blew through the window so hard that it tossed the basketball into the vase. We thought you’d blame us so we ran up the stairs.”

Common sense must be used in determining the most probable cause of an event. This holds for parents, claims adjustors, detectives and juries at a trial. The best judge views things through the lens of simplicity.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Can Hackers Use FraudFox VM to Defeat Your Fraud Prevention?

In the last few days, a number of tech magazines like Computerworld and PC Advisor have reported that FraudFox VM poses a threat to the security of online businesses—especially banks and payment services.

4DFraudFox VM is a special version of Windows with a heavily modified version of the Firefox browser that runs on VMware’s Workstation for Windows or VMware Fusion on OSX. It’s for sale on Evolution, the apparent successor to the Silk Road online contraband market, for 1.8 bitcoins, or about $390.

FraudFox VM was created to defeat device recognition, or fingerprinting, which is used in fraud prevention to assess the risk of a device connecting to a business. Web browsers are used to collect data like operating system version, time zone and IP address. Each of these characteristic can be used to assess risk and uncover possible fraud.

So how worried should your business—and customers—be about this new software? I sat down with Scott Waddell the Chief Technology Officer of iovation, the fraud prevention experts, to find out what the reality is behind the media headlines.

  1. How reliant are banks and financial institutions on this kind of technology to stop fraudulent transactions these days? Is fingerprinting used more for mobile than on desktop?
    Banks leverage device reputation solutions with great success in both fraud mitigation and risk-based authentication strategies. Of course, good security is all about layered defenses, so smart banks use these tools as part of a defense-in-depth strategy to avoid over-reliance on any one security technology.Device recognition is used on all Internet connected devices these days, mobile and desktop alike. Mobile transactions are the fastest growing segment being protected with these tools, but the majority still originate from desktop operating systems.
  2. Do you think this would be an effective method for cybercriminals to get around those defenses?
    FraudFox VM may be interesting for its purpose-built virtual machine packaging, but there’s really nothing new in the approach. Tools have been available to fraudsters for years to facilitate changing device parameters, manipulating JavaScript, blocking data collection, obscuring IP address and location, and so on. Many of these capabilities have even migrated into easy-to-use settings in the major web browsers to make testing easier for web developers.Device reputation solutions have evolved along with such tools and continue to provide great uplift in fraud catch in spite of them.

    From the reported attributes that FraudFox can change, it would be unable to evade native recognition tools (those embedded in native desktop apps) and it would stumble over transactional similarity scoring on the web that considers more device attributes along with tagged recognition. So the tendency at financial institutions would be to trigger step-up authentication to one-time passwords through out-of-band channels (SMS, mobile app, voice) that FraudFox could not intercept.

  3. Is possible to fake browser fingerprints manually or using other tools? Does this thing look like a good consolidation of other tools that people might use to defeat fingerprinting?
    As previously mentioned, there are other tools and techniques fraudsters use to evade recognition or to try to mimic the devices of their victims. These often stand out from actual browsers in ways that defeat their intended purpose. A couple years ago, the Gozi Prinimalka trojan attempted to duplicate device attributes of compromised systems much as FraudFox VM aims to do. However, its limitations made it ineffective against modern device reputation offerings that evaluate risk and reputation through multiple strategies including link analysis, profiling techniques, velocity rules, proxy and Tor unmasking, device attribute anomalies, and more.FraudFox VM seems to be relatively limited in its capabilities considering the variety of techniques sophisticated fraud mitigation tools bring to bear.
  4. Any other thoughts?
    It’s certainly interesting to see tools like this for sale on Evolution, which appears to be catering to fraudsters and identity thieves. All the more reason for online businesses to take advantage of collaborative technologies that bring the power of community to the fight against the increasingly organized economy of cybercrime.

Fraudsters will always look for new ways to commit cybercrimes. However, a strategic, multi-layered approach to fraud prevention is the best defense.

Student Financial Aid Fraud is a big Problem

Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.

9DWith a database, the Education Department flags applicants who’ve applied for federal Pell grants—applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.

The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.

This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.

It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.

A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.

Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.

The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid—without the applicant ever being within a mile of the campus.

Application Red Flags

The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.

  • Large financial aid refunds or disbursements
  • Attendance at several other colleges
  • A large student loan balance but no degree

Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.

Data Red Flags (according to the AACC)

  • Several registrations coming from similar locations out of state
  • Several uses of the same PO box, physical address or IP address
  • Multiple uses of the same computer and/or bank account
  • The emergency contact is the same person for multiple registrants.
  • Certain courses getting a fast increase in number of enrollees
  • Frequent communication from similar individuals or locations

Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.

To combat this fraud, Finaid.org notes:

  1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
  2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
  3. Conduct 100 percent verification.
  4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
  5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
  6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.

There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.

This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:

  • Unique way someone moves the mouse, finger or stylus upon logging in
  • Length, direction angle, speed, stroke height, of the

The password is created with BioSig-ID™. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.

With these unique patterns, BSI software can distinguish the user from everyone else. If the person who registered for the account is NOT the same person who is attempting access, they are stopped – avoiding any potential cheating or financial aid fraud.

Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Oversharing on Social Media Common Amongst 50+

Thanks to social media, societal norms have undergone a seismic shift in the past five years. What was once considered private or even taboo is not only fair game, it’s expected. But this can have serious consequences from the ending of friendships to exposure to physical harm.

I’ve talked about the concept of TMI or too much information and how social networking and mobile devices have made sharing so much easier and faster than ever before. But we all need to seriously think about some hard consequences of sharing too much personal information. Thinks about it…is that friend really a friend if you haven’t seen them in 25 years?

McAfee’s Fifty Plus Booms Online study found despite the fact that social networks have a reputation among the younger generation as a hub for drama among friends, this is also the case among other demographics—even in the 50-and-over age group. According to respondents, 16% of those who are active on social networks have had a negative experience, with almost 20% of those resulting in ending a friendship.

Further, the study finds that even though 88% consider themselves tech-savvy, they are still engaging in dangerous online behavior, such as sharing personal information with people they have never met in person. Even though 75% of them believe that social networks can expose them to risks such as fraud and identity theft, 52% have shared their email address, 27% their mobile phone number and 26% their home address. All things that open them up to possible exploitation and even physical harm.

They are also using their mobile devices to share information. Nearly one in four (24%) mobile users have used their device to send personal or intimate text messages, emails or photos to someone and yet over 30% do not have basic password protection on their mobile devices and almost half do not have any security software on their mobile devices.

financial-fraud

And because these boomers (and all of us) are spending more time online─with 97% of them going online daily and spending an average of 5 hours a day online─ we all must be aware of the concerns that exist with the increased use of mobile devices for everyday tasks and social networking and what information we may be sharing.

Here’s some tips to help us stay protected:

  • Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so be careful what you share online or via your mobile device.
  • Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.
  • Put a PIN on it—Make sure you have your smartphone and tablet set to auto-lock after a certain time of unused and make sure it requires a PIN or passcode to unlock it. This is especially helpful to protect any information you do not want seen should your device be lost or stolen.
  • Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.
  • Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.
  • Turn off the GPS (Global Positioning Service) function on your smartphone camera—If you are going to be sharing your images online, you don’t want people to know the exact location of where you are.
  • Use comprehensive security on all your device Enjoy a safe online experience no matter what you do or where you are. McAfee LiveSafe™ service protects all your PCs, Macs, smartphones and tablets and can help you secure your data and keep your identity private with its many different features, including a secure data vault, password manager, and protection from phishing scams and malware.

So…really, please, come on now, can we all just tone it down a notch? And one more thing: Please protect your devices—I mean ALL your devices.

Follow @McAfeeConsumer for live online safety updates and tips and use hashtag #BabyBoomers to join the discussion on Twitter or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Is Your Facebook Friend a Fed, or Sex Offender?

When you think about it, Facebook is weird. Where else in the world do you call people who you don’t know your friends? I probably have about 10-15 friends. Most are acquaintances and the others 400 are total strangers.

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust.” In this world, your guard is as down as it will ever be. You are in the safety of your own home or office hanging with people all over the world in big cities and little towns and never have to watch your back.

Reports of sex offenders on social media abound. Do you know who your child is befriending?

Many of the “strangers” came into my life as a result of what I do, and I appreciate and accept them for connecting. But I know plenty of other people who don’t write or do media and might be in college, and have 2000 friends! And they know 5 of them! Social media is weird.

Employers, potential employers and others will often friend someone for the sole purposes of getting a solid profile of that person to determine if they want to hire them. Now the AP reportsU.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.”

I don’t think there is anything wrong with this; it’s a good thing actually. There is a question of legality and whether or not government agents can pose as someone else and lie, which often violates the terms and conditions of the sites themselves.

But the fact remains, there are bad people out there and they need looking after. And if it means an FBI agent posing as someone to catch the bad guy, I’m all for it. So next time you get a friend request from a stranger, they might be someone checking up on you. Guilty conscience? Hope not.

Robert Siciliano personal security expert to Home Security Source discussing social media security on Fox Boston.

Carders, Dumps, and Identity Theft

Robert Siciliano Identity Theft Expert

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US.

WE DO NOT SELL DUMPS

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders”. “Carders” are the people who buy, sell, and trade stolen credit card data online. This video provides an example of an online forum where stolen data is bought and sold. Gonzalez pleaded guilty to his crimes and will be serving the next fifteen years in jail. He and his gang used a combination of schemes that have caused a significant increase in counterfeit fraud.

Hackers rely on a variety of techniques to obtain credit card data. One such technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs. Others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

Gonzalez and his gang used another, more advanced technique known as an “SQL injection.” SQL stands for “Structured Query Language.”  The term refers to a virus that infects an application by exploiting a security vulnerability. WordPress, a blogging platform, is an example of a commonly used application that has been found vulnerable to these types of attacks. There are hundreds of other applications that can fall victim to an SQL injection.

IBM Internet Security Systems discovered 50% more web pages infected in the last quarter of 2008 than in the entire year of 2007. In 2005, a now defunct third party payment processor called CardSystems suffered an SQL injection, compromising a reported 40 million credit cards.

While Gonzalez has gone down, carders are still very active. A group of white hat hackers that calls itself War Against Cyber Crime recently succeeded in breaking into Pakbugs.com, a Pakistan-based carder forum, and published a list of members’ login details and email addresses. Pakbugs.com has since dropped offline.

With 213 million cardholders and 1.2 billion credit cards in the U.S., there’s no shortage of opportunity for carders to maintain their current pace. When a carder uses one of your existing credit cards, it’s called “account takeover.” When they use your personal information to open up new credit accounts in your name, it’s called “new account fraud” or “application fraud.”

1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

3. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

Identity Theft Is Easy Over P2P

Robert Siciliano Identity Theft Expert

Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

The Register reports that a Washington state man has been sentenced to more than three years in federal prison after admitting to using file-sharing program LimeWire to steal tax returns and other sensitive documents. He searched LimeWire users’ hard drives for files containing words such as “statement,” “account,” and “tax.pdf.” He would then download tax returns, bank statements, and other sensitive documents and use them to steal identities.

I did a story with a Fox News reporter and a local family who had four kids, including a 15-year-old with an iPod full of music, but no money. I asked her dad where she got all her music and he replied, “I have no idea.” He had no idea that his daughter had installed P2P software on the family computer and was sharing all their data with the world. The reporter asked me how much personal information I could find on the P2P network in five minutes. I responded, “Let’s do it in one minute.”

There are millions of PCs loaded with P2P software, and parents are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox.