Part 1 of Identity Theft – 5 Identity Theft Myths Unveiled

#1 You can’t protect yourself from identity theft.

Some, not all Identity theft is preventable. There are many things people can do to minimize their risk, both online and offline. Shred anything that has names and account numbers or any other data that can be used to con someone else into divulging even more information. Keep financial records protected and private in a locking file cabinet at home or protected PC. Opt out of junk mail. Invest in an identity theft protection service and get a credit freeze.

#2 Identity theft is only a financial crime.

There is also medical identity theft when someone poses as you to get medical attention, criminal identity theft when the thief commits crimes under your identity. There is also employment fraud when they use your SSN to get a job and identity cloning when the thief is simply trying to evade the law or others by posing as you in plain sight.

#3 Technology and computers are why identity theft is so big.

Certainly data breaches are responsible for some identity theft. However, low tech identity theft is the bigger problem. A lost or stolen wallet, checkbook, or a debit or credit card handed over to a clerk or information tossed in the trash are all the most prevalent ways your identity is jacked.

#4 Caller ID is safe.

Caller IDs are easily spoofed with technology that allows the bad guy to change what shows up on your handset. First, no matter who calls, never giver personal information over the phone if you stand to gain or lose something or if the caller states your data was lost in a computer crash. Always use the phonebook or look up the number online and call them back.

#5 Checking your credit report protects you from identity theft.

I’ve always though thought this was silly advice. Checking your credit report just tells you if your identity has been stolen. But you should still check your credit report as often as possible. Some identity theft protection services let you check it every day. I’d check it monthly if you have the option.

Robert Siciliano personal security expert to Home Security Source discussing identity theft on YouTube. Disclosures.

National Protect Your Identity Week is October 17-23

The first decade of the new millennium is almost over, another year has passed and by my estimates identity theft as we know it is not getting any better, it is getting worse. I’m a big believer in the fundamentals and some things just can’t be said any other way, and to remind you I’m taking a page from a post from an entire year ago because it is absolutely essential that you – the public, corporations, associations and government agencies, all take responsibility and do what is necessary to protect yourself, your clients and your constituents.

Identity theft isn’t going away any time soon and therefore it is essential that you consume as much information to educate yourself, inform others and prevent identity theft from happening under your watch. Like any problem that we may face in life, we do our best to find a speedy and efficient solution. However identity theft is one of those problems that acts like a 10 headed monster that we keep chopping the head off but it keeps growing a new head, a new leg and a new arm.

Because we are a persistent and resilient people, and we never ever give up, we will prevail. The National Foundation for Credit Counseling has created National Protect Your Identity Week from October 17-23 to create awareness and provide information. The solution requires a coordinated effort between every single citizen, company and government official to see the big picture and to do what’s right and put the necessary systems in place that prevent the bad guy from doing his job. The solutions are near. Some of them are already in place. It’s just a matter of everyone getting on the same page and coming to an agreement.

Understand there has always been, and will always be a criminal element looking to take from those who have. The bad guy (and gal) persistently looks for their next victim all day, every day. Your job is to become informed and know what it means to become a tougher target. And in the meantime those who are responsible on a higher level to protect us, and our critical infrastructures, methods of commerce, and ways in which we identify ourselves will continue to work on the big stuff. But they need you to be aware and alert and actively participate in the process. We are all in this together.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Become an expert in identity theft and information security. Be the go-to-person in your home or organization who has all the answers to the problem.

A number of national organizations are also putting their weight behind this initiative, joining the NFCC and BBB as Supporting PYIW Coalition Members.  This Coalition includes: American Bankers Association Education Foundation, American Financial Services Association Education Foundation, American Payroll Association, Consumer Action, Consumer Data Industry Association, Consumer Federation of America, Credit Union National Association, Federal Reserve Board, Federal Trade Commission, FICO, Foundation for Financial Planning, Identity Theft Assistance Center, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Association of Triads, National Council of La Raza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriffs’ Association, the Office of the Comptroller of the Currency and the Social Security Administration.

Robert Siciliano personal security expert to  Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Five Ways Identities Are Stolen Online

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

There are several motives for this type of theft, but the most prevalent is to steal identities. Your identity is your most valuable asset, but most consumers lack the time, knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments.

Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. As they say, the bigger they are, the harder they fall. Never click links in emails, even if they appear to come from a bank or other trustworthy source. Instead, type the address in manually or use a bookmark.

P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Obama’s helicopter plans, security details, and notes on Congressional depositions have all been leaked on government-controlled computers via P2P. You should set administrative privileges to prevent the installation of P2P software.

Social Networking: One of the easiest ways into a company’s networks is through social media. Social networking websites have grown too big, too fast, and can’t keep up with security. Criminals know exactly how to take advantage of this, so create policies and procedures that outline appropriate use, and beware of social networking scams.

Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Use antivirus software to protect your PC and your data.

Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. Every browser requires software to view PDFs and many websites either link to PDFs or incorporate Adobe Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss P2P file sharing on Fox News. (Disclosures)

7 Ways to Combat Scareware

You may have seen this before, it goes like this: a pop-up pops and it looks like a window on
your PC. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window
mimicking your PCs characteristics then tricking you into clicking on links. The scan tells you
that a virus has infected your PC. And for $49.95 you can download software that magically
appears just in time to save the day.

From that point on if you don’t download and install the software, your computer goes kooky
and pop-ups will invade you like bedbugs in New York City.

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking
on links and download their crappy software.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

#1 Use the most updated browser. Whether Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser.

#2 Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scareware.

#3 If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

#4 Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

#5 Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

#6 Employ the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

#7 Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Just hit the little red X in the upper right corner.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Half Billion Records Breached in 5 Years

In the late 90s and early 2000s, hacking had evolved from “phreaking” (hacking phone systems) to “cracking” (breaking into networks). At the time, hackers hacked for fun, for the challenge, and for fame and popularity within the hacking community. But soon enough, the public began spending more time online, shopping, banking, and managing personal affairs. Hackers are no longer wreaking havoc for its own sake, deleting files, or tormenting IT administrators. Now, they’re stealing proprietary data. Instead of fun and fame, today’s hackers are motivated by illegal financial gain.

Over the past five years, criminal hackers from all over the world have been targeting huge databases of Social Security and credit card numbers. The endgame for criminal hackers is identity theft. Once they obtain stolen data, their objective is to turn it into cash as quickly as possible. This either entails selling the data to identity thieves on black market forums, or using the information to create new accounts or to take over existing credit card accounts.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

So when a so-called “identity theft expert” claims that you can protect yourself from identity theft for free, simply by shredding documents, not giving out your Social Security number, locking your mailbox, and monitoring your online accounts, that person does not have the full picture. You should take all these precautions. But when almost everyone’s personal information has been stolen or compromised once or twice, as a result of breaches that are entirely out of our control, it’s clear that you simply can’t protect yourself on your own. This is why identity theft protection is a must.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Social Media is a Criminals Playground

Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone.

Twitter and Facebook have become the most popular sites for frolicking, and the most popular sites for identity thieves — the bullies in the playground. These criminal hackers make social media very dangerous. They are attacking these sites to get at you, the end user. Users’ computers can become infected after users click links that appear to be safe, but actually prompt a malicious download or lead to a spoofed website.

New worms and viruses are infecting social networking websites every day. As these sites expand, they adopt new technologies that sometimes create holes through which they can be attacked. Social networking websites’ open nature allows users to upload content including files that may contain “scripts,” or code, designed to infect the site. Participating in user-submitted surveys, quizzes, and other applications may result in spam or stolen data.

The websites themselves host millions of users and they simply can’t protect every user. New technology is developed at a rate that vastly outpaces the security necessary to keep those technologies bulletproof. Essentially, you’re on your own.

While it is rare for a user to post Social Security numbers, which can directly lead to identity theft, on a social networking website, these websites or their users’ actions can compromise PCs, which does ultimately lead to identity theft.

Always make sure to run antivirus software, such as McAfee Total Protection, and invest in McAfee Identity Protection, which monitors your Social Security number and several other parameters of your identity. Learn more about how to protect yourself at http://www.counteridentitytheft.com/.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Facebook scammers on CNN. (Disclosures)

Identity Theft Consumer Education is Paramount

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

On the Internet, FREE is a Dangerous Four Letter Word

The wild, wild web is like any major metropolitan city. There are high-class neighborhoods, retail districts, theater districts, business centers, popular social areas, seedy red-light districts (in Boston we called this the Combat Zone), and bad, bad, BAD neighborhoods.

Depending on where you go, you may pick up a virus or get bonked on the head.

The Internet is the same.

As more consumers seek out more free entertainment online, cybercriminals are shifting their attacks accordingly. McAfee recently conducted a series of studies determining that searching for celebrities like Cameron Diaz can increase your chances of infecting your PC. McAfee’s new “Digital Music & Movies Report: The True Cost of Free Entertainment” also confirmed that your PC is equally vulnerable when searching the word “free.” This report reveals the significantly increased risk of fraud when including “free” and “MP3” in the same search query. And when you add the word “free” to a search for ringtones, your risk increases by 300%.

Cybercriminals lure users with words like “free” in order to infect their PCs with malicious software, which is designed to take over the infected computer and allow hackers full access to private files, usernames, and passwords.

To stay safe, avoid searching for “free content.” Stick to legitimate, paid sites when downloading music and movies.

If a website is not well established, avoid clicking links in banner ads.

Use comprehensive security software to protect against the latest threats.

Use common sense: don’t click on links posted in forums or on fan pages.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green annotation in search results, warning users about potential risky sites ahead of time, and highlighting safe results.

Be aware that the more popular a topic, movie or artist is, the more risky the search results will be.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Victim Rebuilds Life After Identity Theft

This story is about a victim of criminal identity theft. The victim is a trucker who discovered that his identity had been stolen when his commercial driver’s license was suspended because the thief who stole his identity had been busted for drinking and driving on four different occasions. Imagine.

The consequences of identity theft are often so overwhelming that the pressure affects every aspect of the victims’ lives. Sometimes the stress is so great that people just fall apart. In the case, the victim lost his license, his possessions, and his marriage.

After testifying against the identity thief, the victim, Earl Robert Hood, told the Associated Press, “It was just hard to sit there in that room with him, knowing what he’d done to me and my family. It’s not just me that it affected; it affected all four of my children, too. Because for two years, they didn’t have Christmas.” The victim went on to say the thief didn’t just steal his name; he stole his life. “I’ve lost everything,” he said. “It just completely wiped me out.”

When this victim’s commercial driver’s license was suspended, so was his ability to earn a living. With no money coming in, bills piled up and the downward spiral began.

Hood’s identity was stolen after he handed his personal information over to a potential employer. Job applications often require applicants to provide home addresses, copies of existing driver’s licenses, Social Security numbers, and, in some cases, birth certificates. This is more than enough information for an identity thief to assume a victim’s full identity.

Victims of identity theft are generally presumed guilty until proven innocent. In this case, the perpetrator committed crimes in multiple states, which further complicated the situation. It took years for this victim to recover his license, even after contacting his state’s Attorney General.

Identity theft can happen to anyone.  McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

College Students At Risk For Identity Theft

September is National Campus Safety Awareness Month. I helped Uni-Ball conduct a survey of 1,000 college students and 1,000 parents. The survey revealed that while about 74% of parents believe students are at a moderate to high risk for identity theft, and 30% of all identity theft victims are between 18 and 29, only 21% of students are concerned about identity theft.

It’s no surprise that most college students are indifferent when it comes to their personal and information security. When you are in your late teens or early twenties, you feel a sense of invincibility. However, once you have a few years under your belt, you begin to mature and gradually realize the world isn’t all about keg parties and raves.

Here are a few more interesting statistics:

  • 89% of parents have discussed safety measures with their kids, yet kids continue to engage in risky behavior
  • 40% of students leave their apartment or dorm doors unlocked
  • 40% of students have provided their Social Security numbers online
  • 50% of students shred sensitive data
  • 9% of students share online passwords with friends
  • 1 in 10 have allowed strangers into their apartments

College students have always been easy marks because their credit is ripe for the taking. Students’ Social Security numbers have traditionally been openly displayed on student badges, testing information, and in filing cabinets and databases all over campus. Landlords and others involved in campus housing also have access to students identifying information.

Any parent sending a child off to college should be concerned.

Limit the amount of information you give out. While you may have to give out certain private data in certain circumstances, you should refuse whenever possible.

Shred everything! Old bank statements, credit card statements, credit card offers, and any other documents containing account numbers need to be shredded when no longer needed.

Lock down your PC. Make sure your Internet security software is up to date. Install spyware removal software. Secure your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers. And never share passwords.

Be alert for online scams. Never respond to emails or text messages that appear to come from your bank. Always log into your bank account manually via your favorites menu.

When sending students back to school, consider protecting your family with a subscription to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on any of your accounts. For additional tips, please visit http://www.counteridentitytheft.com