Preventing Card-Skimming Identity Theft

/in , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. The worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming can occur in a few different ways. The most common is when a store clerk takes your card and runs it through a device that copies the information from the magnetic strip. Once the thief has the credit or debit card data, he or she can place orders over the phone or online. Thieves can also copy the data on blank cards, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

The PCI Security Standards Council provides guidelines designed to help merchants securely store and transmit card account data and prevent it from falling into the hands of criminals. Retailers who fail to comply with PCI’s standards can be fined up to $500,000 by credit card providers such as Visa and MasterCard. PCI recently released a series of recommendations for the prevention of skimming scams. “Skimming is becoming a widespread problem. These are guidelines for what retailers should be looking at with their reader devices”, says Bob Russo, general manager of the PCI SSC. “We discuss different techniques for protecting those point-of-sale devices.”

The PCI Council’s “Skimming Prevention: Best Practices for Merchants” guidelines include a risk assessment questionnaire and self-evaluation forms to gauge susceptibility to these types of attacks and to determine where they need to shore up their defenses. The guidelines cover how to educate and protect employees who handle the point of sale devices from being targeted, as well as ways to prevent and deter compromise of those devices. They also detail how to identify a rigged reader and what to do about it, and how physical location of the devices and stores can raise risk.

Thieves can completely replace a merchant’s point of sale terminal with a device that is rigged to record or divert card data wirelessly, or simply store the data until the criminal comes back and removes it. (This is what happened to Stop and Shop.)

Criminals can also place a device on the face of an ATM, which appears to be a part of the machine.  It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder near the ATM, in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

A customer at a New York City bank discovered a skimming device on the face of an ATM, and went inside the bank to inform the branch manager. The manager, who had never seen an ATM skimmer and wasn’t sure what to do, took the skimmer and thanked him. The customer then remembered, from numerous reports about ATM skimming, that there is usually a second part to the ATM skimmer, the camera. In this case, he found it behind a small mirror that alerts the ATM user to beware of “shoulder surfers.” He brought the camera to the bank manager, who replied by saying, “Maybe we should shut that machine down, huh?” The bank manager contacted bank security, shut down the machine, and alerted other area banks.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader. This technology does not require any software adjustments be made to the ATM itself, and does not connect to or affect the ATM communications network. Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

You can protect yourself from these types of scams by paying attention to your statements and refuting any unauthorized transactions within 60 days. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or if the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Use strong PINs, with both upper and lowercase letters, as well as numbers. And invest in Intelius identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft expert, discusses ATM skimming on Fox News.

Credit/Debit Card Identity Theft Concerns Trump Terrorism

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

recent Unisys study found that, in the midst of the global financial crisis, American’s primary fear is credit and debit card fraud. 68% of those surveyed are extremely or very concerned about the security of their credit or debit card data, and 66% are extremely or very concerned about identity theft.

Compare that to 58% who are extremely or very concerned about terrorism and war, and 41% who fear the possibility of a serious health epidemic. If we actually had a pandemic, I’m sure the public would favor health concerns over money. But so be it.

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps when you hand it over to pay at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft, though I’ve always viewed it as simple credit card fraud.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to be protected by this $50 limit. After that, the maximum liability jumps to $500. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

3. Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.
·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

Another Identity Theft Ring Busted

/in , , , , , , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

The feds are getting better at busting criminals every day. Seventeen criminals, many from Eastern Europe, pilfered more than 95,000 stolen credit card numbers and $4 million worth of fraudulent transactions.

The New York Times reports the men were involved in a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

Several of the scammers — Viatcheslav Vasilyev, Vladimir Kramarenko, Egor Shevelev, Dzimitry Burak and Oleg Kovelin — were charged with corruption. Vasilyev, 33, and Kramarenko, 31, were arrested at their homes in Prague, have been extradited to Manhattan. Shevelev, 23, was arrested in Greece last year, is still awaiting extradition. Burak, 26, a citizen of Belarus and Kovelin, 28, a citizen of Moldova have not been arrested

Vasilyev and Kramarenko recruited work from home employees to advertise and sell electronics on eBay. When someone would purchase an item, the two men would pocket the buyer’s payment, give a cut to their recruit, then use a stolen credit card number to purchase the item from a retail store and send it to the buyer. In essence, they used eBay to obtain a legitimate buyer’s credit card number through a legitimate channel and didn’t actually “hack” anything. They simply set up pseudo-fake auctions that, in most cases, delivered the product, but also obtained the victim’s credit card number and then made fraudulent charges.

Burak and Shevelev were “carders” who sold stolen credit card information on a website called Dumpsmarket and, probably, in chat rooms. “Dumps” is a criminal term for stolen credit cards and “carders” are the scammers who buy and sell them. Kovelin was a criminal hacker who stole victims’ financial information via phishing emails and more than likely used the victims’ own account information against them.

Protect yourself:

  1. Check your credit card statements often, especially after using an online auction site. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Don’t just buy the lowest priced product on and auction site. Use auction sellers who have been approved my many and have a solid track record.
  3. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from a trusted source like eBay directly to their account because they have been actively engaging the fraudulent auctioneer. eBays system doesn’t recommend giving your credit card information outside their network in an email.
  4. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  5. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Identity Theft Speaker Robert Siciliano discusses a study done by McAfee on mules bilked in work-at-home scams on Fox News

Will a National ID Card Prevent Identity Theft?

/in , , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

In a word, no. A national ID card, on its own, will not prevent all forms of identity theft. In order for new account fraud to be entirely avoidable, a number of other factors would have to come into play, effectively establishing accountability through identity proofing. Effective identity proofing is also necessary in order to reliably prevent medical and criminal identity theft.

As you might have guessed, identity proofing simply means proving that individuals are who they say they are. Identity proofing often begins with personal questions, like the name of a first grade teacher or the make and model of a first vehicle, that only the actual person would be able to answer. Of course, this technique is not foolproof, and now that personal information is so readily available over the Internet, knowledge-based authentication is probably on its way to extinction. The next step is documentation, such as a copy of a utility bill or a mortgage statement. These types of identifying documents can be scavenged from the trash, but they are more effective proof when combines with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Identity scoring is another effective identity proofing method. An identity score is a system for tagging and verifying the legitimacy of an individual’s public identity. Identity scores are being used to prevent fraud in business and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including components such as personal identifiers, public and government records, Internet data, corporate data, predicted behavior patterns based on empiric data, self-assessed behavior patterns, and credit records.

USA Today reports that in the four years since Congress enacted the Real ID Act, which was intended to make it more difficult to obtain a fraudulent driver’s license, the act has languished due to opposition from several states. Real ID supporters say it will not only deter terrorism but also reduce identity theft, curb illegal immigration and reduce underage drinking, all by making the nation’s identification-of-choice more secure. Homeland Security Secretary Janet Napolitano is proposing the repeal of the Real ID Act.

The Real ID Act has many provisions that are forms of identity proofing along with the potential for biometrics across the board. When Indiana checked its six million drivers against a Social Security database, it ended up invalidating 19,000 licenses that didn’t match. When Indiana began using “facial recognition” technology to make its photos secure, the state caught a man who had 149 licenses with the same photo but different names.

Is Napolitano moving backwards or forwards? Do your research and decide for yourself.

Protect yourself from identity theft;

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name.

2. Invest in Intelius Identity Protect. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Identity Theft Speaker Robert Siciliano discussing identity theft on Fox News

Scammers Targeting Craigslist Users

/in , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Craigslist scams are in full force. Fox news reports scams targeting online car buyers. The crooks spend about a hundred dollars on a junk car and get a title. Then they steal a similar car and advertise it for sale on Craigslist. This is a form of auto identity theft too. They then take the VIN plate or vehicle identification number plate out of the junk car and put it inside the stolen car.

Meanwhile Fox News also reports adoptive parents are being scammed on Craigslist . A mother from Massachusetts was horrified when she saw an ad on Craigslist of her 7-month-old son up for adoption! Reports said that someone alerted the mother to her son’s photo on Craigslist.

The baby involved in this online adoption scam is named Jake. The ad, which involved his photo, said: “A CUTE BABY BOY READY FOR ADOPTION. HE IS VERY HEALTHY”. When the mother responded to the ad, she got a response saying her son was in an orphanage.

The mother said the photo was taken from her family’s blog.  Ive said in the past when posting to social media sites don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.

The mother said her son wasn’t being harmed, but felt he was violated. She alerted the FBI and the scammer had also been removed on Yahoo.

I spoke with Jeffrey A. Kasky, Esq., renowned adoption expert from OneWorldAdoption.com. He said “Families who hope to adopt a child are frequently medically unable to have children for themselves.  As such, they look at adoption opportunities from an emotional rather than a logical perspective, and are therefore more vulnerable to scams. What would tug at your heartstrings more than thinking that this beautiful little boy was stuck in an orphanage halfway around the world?  “All you have to do is wire us $300 now, then more and more and more, and he can be yours…….”

Scammers are lower than that black smelly stuff in a sewer.

No matter what you are selling or buying you must know who you are dealing with on Craigslist. When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them! There’s no benefit to paranoia, but being a little guarded can prevent you from stumbling into a vulnerable situation.  Since predators use online classifieds to lure unsuspecting victims, you should find out as much as possible about strangers who contact you, or when you contact them. Use Google or iSearch.com to investigate names and email addresses and phone numbers.

Whenever possible, deal locally. People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash, that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

I- ID pre meeting. Get their name and cell phone number so you can use free iSearch.com and look for their name in social networks. If you see anything suspicious then cancel or check further Intelius.com

N- Never meet in private. Meet at a public location that involves lots of other people. The more eyeballs the better.

T- Trust your gut, and don’t discount any troubling feelings you might have about your meeting. If anything seems wrong, then it IS wrong. Cancel if necessary.

E- Enlist a friend Whenever possible, bring along a someone. There is strength in numbers. Predators thrive on isolation. By paring up, you reduce the chances of being attacked.

L- Look street smart. Don’t wear expensive jewelry nor provocative clothes. Scarves and loose fitting clothing give attackers something to grab. Wear shoes you can run and kick in

I- Intelius can help Using a product like Intelius.com allows you to do a criminal check before meeting.

Unaware creates risk. Unfortunately there is risk in meeting someone you don’t know.  Being guarded can keep you from getting into a vulnerable situation.

S- Stay in communication Make it known to your spouse or a friend where you are going and when you will be back. Have them on your cell phone while you are meeting.

Robert Siciliano Identity Theft Speaker discussing all kinds of scams on TBS Movie and a Makeover

Big Time Identity Theft Hackers Indicted

/in , , , , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

ABC news and a bazillion other outlets report that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin'” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity. Once a criminal, always a criminal.

Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company, Dave and Busters and TJX Corporation, which involved up to 45 million credit card numbers..

Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide.

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

The NY Times reports according to the indictment, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores and used a technique called “wardriving” to monitor wireless networks. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

Threat Level, by Wired magazine, reported that Gonzalez had lived a lavish lifestyle in Miami, once spending $75,000 on a birthday party for himself and complaining to friends that he had to manually count thousands of $20 bills when his counting machine broke.

Protect yourself;

1. You can’t prevent this type of credit card fraud from happening to you when the retailer isn’t protecting your data. Eventually credit card protection solutions will  be available. For now, protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

3. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing credit card data breaches and the sad state of cyber security on Fox News

10 Tips to Safety and Security in Online Matchmaking

/in , , , , , /by

Robert Siciliano Identity Theft Expert

My first passion has always been personal security as it relates to violence prevention. I got into this business 20 years ago as a result of violence in my own life and began to write, speak and train in self defense. Today is no different than back then, with the exception that there are many more ways for the bad guy to snare their victims.

Studies show online dating and matchmaking services in general are growing even in a recession. Many single men and women are logging in and attending speed dating sessions more than ever before. There are a couple of reasons for the increase in online dating. One, it is cheaper to join a service than it is to spend all kinds of money on a dinner and a bad blind date. Second, people want the comfort of being with someone in turbulent times. Having a companion to share in the fear, uncertainty and doubt can help people vent and find relief in each other.

However, in our never ending quest to Find Mr/Mrs Right, the one under-discussed, over looked and “it can’t happen to me” aspect of being on the dating scene is your personal security. Ive partnered with Intelius.com, a company that provides “DateCheck”, a background check to vet out and look for possible redflags in your potential mate.

1. Look for red flags. If you are contacted online and they make no reference to you or your name, it may be a “broadcast” scam going to others. If they immediately start talking about marriage and love and showing immediate affection run really fast. Anyone asking for money for any reason is a con-man. When communicating with someone online and it seems it takes days for them to respond, this may be a sign they are married.

2. When communicating with a potential mate via online dating or even in the physical world, please do not give up all your information to them until you are entirely sure they are “good”. That can take weeks, but it’s worth the wait. Bad guys lie, a lot. And they will keep up the ruse until they have what they need or until you are in a vulnerable place. So be discreet and keep your personal information private.

3. Read books on self defense and personal security. Watch instructional videos on self defense techniques. Take a self defense course. The single most effective self defense offering on the planet is a program called “Impact Model Mugging”. Search it online and find one near you. Drive 500 miles if you have to, but take this course and bring your sons and daughters with you. In this case knowledge certainly is power.

4. You’ve heard this before and it requires revisiting: meet your date in a populated place and drive yourself. And do it at least the first 5 times. The goal here is you want to get to know the energy of this person and what makes them tick. If simple stuff irritates them or they make racist or offensive jokes or exhibit behaviors not conducive to “healthy”, move on.

5. Do not consume alcohol when meeting, even with food. Alcohol lowers our inhibitions and makes us accept behaviors that aren’t appropriate. Don’t accept drinks from anyone under any condition unless you see the drink being poured and it goes straight to your hands. Slipping drugs in drinks happens every day.

6. Be direct about going ‘dutch’ in regards to paying for dinner. While this may seem extreme to some, studies show an large percentage of males still believe that when they buy a woman dinner that she “owes” him sex.

7. Take lots of pictures of them with your mobile phone and tell them you are emailing everyone in your life to show them who you are with and where you are.

8. Get as much information about them. You ask all the questions. Get their name, address, previous address, home phone, cell phone, place of birth, birthdate, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number.

9. Go online to iSearch.com and Google and search every bit of information about them you have acquired. You want to know as much about this person as possible. Search name, phone, email and screen name. As you “mine” this data, the deeper you dig the more you will find. The goal is to look for truth and lies. If you see inconsistencies, or red flags that can’t be easily explained, run really fast.

10. Go online to Intelius.com and perform a “Date Check”. With a name and birth date you can do a comprehensive background check that will tell you if they have been convicted of a crime, gone bankrupt, are being sued and if they are married.

A background check is an entirely necessary tool that alerts you to any red flags or inconsistencies in their dialog with you. Performing a background check is inexpensive, quick and smart.

Robert Siciliano discussing self defense on Fox

Identity Theft Is Easy Over P2P

/in , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

The Register reports that a Washington state man has been sentenced to more than three years in federal prison after admitting to using file-sharing program LimeWire to steal tax returns and other sensitive documents. He searched LimeWire users’ hard drives for files containing words such as “statement,” “account,” and “tax.pdf.” He would then download tax returns, bank statements, and other sensitive documents and use them to steal identities.

I did a story with a Fox News reporter and a local family who had four kids, including a 15-year-old with an iPod full of music, but no money. I asked her dad where she got all her music and he replied, “I have no idea.” He had no idea that his daughter had installed P2P software on the family computer and was sharing all their data with the world. The reporter asked me how much personal information I could find on the P2P network in five minutes. I responded, “Let’s do it in one minute.”

There are millions of PCs loaded with P2P software, and parents are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox.

One in eight applicants denied positions because of criminal history

/in , , , , /by

Identity Theft Expert Robert Siciliano

Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. If a rug installation company was to hire an installer, who eventually rapes and kills a client, then the rug installation company would be held libel for the animals actions. This example is one that happens all to often.

A background check may solve this problem in many situations. Withjust  a name and address a company can vet a new hire to see of that person has a criminal background and has ever committed a violent crime.

Church Executive Magazine reports one in eight background checks conducted on volunteers or prospective employees through LifeWay Christian Resources found a criminal history that might have kept an individual from working or volunteering at a church!

This is where people who are supposed to be held at a higher standard, but unfortunately predators have no boundaries.

“While most screenings returned clean records or only minor traffic offenses, in the report 450 churches requested more than 5,000 background checks on volunteers and prospective employees. LifeWay found 80 serious felony offenses and more than 600 people had some type of criminal history that may have disqualified them from volunteering or working at a church.”

“While vital, experts say sex-offender registries alone aren’t very effective in spotting sexual predators. They list only those convicted of a crime. Because victims typically are reluctant to come forward and with statutes of limitations on molestation laws in many states, only an estimated 10 percent of sexual predators are brought to justice.”

Robert Siciliano Identity Theft Speaker discussing background checks

Are Cookies An Invason Of Privacy Or Identity Theft Concern?

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

Ive taken lots of heat for my comments on a Fox News report that the Office of Management and Budget is considering reversing a nine year ban on using “cookies” to track users’ preferences and interests on federal websites. The shift in policy is being billed as a way for government to enter the 21st century and for federal agencies to use the same technology utilized on news sites, retail sites and social media networks.

My comments under fire involve some “scaremongering” and potential inaccuracies in relation to cookies and what they do.

“Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government website,” said Michael Macleod-Ball, acting director of the American Civil Liberties Union’s Washington Legislative office. “Until OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections.”

A cookie is a small piece of text or code that is stored on your computer in order to track data. Cookies contains bits of information such as user preferences, shopping cart contents and sometimes user names and passwords. Cookies allow your web browser to communicate with a website. Cookies are not the same as spyware or viruses, although they are related. Many anti-spyware products will detect cookies from certain sites, but while cookies have the potential to be malicious, most are not.

A colleague sent me a note after reviewing my comments regarding cookies and stated:  “Cookies have been around since the mid-to-late ’90’s, and most people still don’t understand what they are or what they do. If you go to http://osvdb.org and do a search for “cookies”, you’ll see there have traditionally been tons of vulnerabilities surrounding them. From a privacy standpoint, they’re also a potential issue depending on how they’re used, but that really depends on a site’s environment. Saying that “cookies store passwords” isn’t really true in most cases based on evidence I’ve seen over the last several years. They might store session IDs or be manipulated to allow admin access to a site, sure… but that’s not true across the board for every (or even most) sites.”

However Informationweek reports Internet users are revealing information that identifies them through the use of social networking sites cookies.

What was said in the video in relation to what cookies do was more of an analogy than stating fact. I was trying to simply give a bit of perspective and explain what the privacy concerns may be. Its a complicated issue that has the ACLU and others up in arms.

The government tracks criminals using specially developed spyware that gathers a wide range of information, including IP and MAC addresses, operating systems, Internet browsers, open ports, running programs, user names, and recently visited URLs. This scares privacy advocates, for good reason.

But cookies are generally not invasive. They are typically used to produce usage statistics within a single site, or to produce anonymous user profiles across multiple sites, in order to determine which advertisements would be most relevant. Many websites become unusable if your browser does not accept cookies. Social networking sites are particularly dependent on cookies.

Federal government agencies have banned cookies in their own sites since 2000 in response to demands from privacy advocates. Some claim that the proposal to reverse the ban comes in response to Google’s recent lobbying efforts. Whitehouse.gov posts YouTube videos that contain Google’s third party cookies. The entire issue requires a bit more transparency for all those involved.

Advertisers have long known that cookies are useful for customizing the user experience. The government seems interested in taking advantage of this benefit as well. If that is the real motivation, it’s great. But privacy advocates aren’t happy, since the government tends to take a mile when given an inch.

There are a few fundamental ways to keep yourself secure. Browsers all give you the option of simply turning cookies off.  Make sure that yourInternet security software is updated, and install spyware removal software if it isn’t included in your basic security suite. Lock down your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers, and never share them. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. In most cases, this prevents new accounts from being opened in your name. Download CCleaner, a free system optimization, privacy and cleaning tool that removes unused files including cookies from your system, which frees up disk space and allows Windows to run faster. It also cleans traces of your online activities. And invest in Intelius identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses a proposal to allow the use of cookies on federal websites on Fox News, and again on Breitbart.tv.