Credit Card Hackers Target Small Business

Robert Siciliano Identity Theft Speaker

Up until now, identity thieves have been hunting elephants. But that may soon change.

According to this study, small to medium size businesses (SMB’s) are the criminal hackers next target. This should come as no surprise, as large enterprise networks have gradually become better at defending themselves.

Over the past few years, criminal hackers have acted like hornets, attacking and swarming unassuming enterprise networks. Big business has responded by allocated billions of dollars in funding for technology and talent to thwart their sting.

In 2009, enterprise defense is the best it has ever been. It’s still lax, but now the path of least resistance has become SMB’s. Your mom and pop shops simply don’t have the resources, including deep pockets, to keep up.

Studies by the International Council for Small Business show that one fifth of small businesses aren’t even equipped with basic defenses, such as McAfee security software. Furthermore, as many as 60% don’t even have wireless encryption activated. What is most disturbing, but not surprising to this security analyst, is two thirds don’t have any type of security plan in place.

According to poll responses, these same SMB’s overwhelmingly believe that they aren’t targets, that only big businesses need to worry. However, this same study shows that 85% of fraud related to criminal hacks occurs within this exact group.

The National Retail Federation stated that Level 3 businesses are only 60% compliant and Level 4’s are even less secure.

PCI Compliance, a Visa based organization that regulates merchants in order to prevent credit card fraud, recognizes retailers at different levels. Level 1 retailers process 6,000,000 Visa transactions per year, Level 2 retailers process 1,000,000 to 6,000,000, Level 3 retailers process 20,000 to 1,000,000, and Level 4 retailers process fewer than 20,000.

Many security issues stem from the SMB’s lack of resources, coupled with their shift to online transactions and the handling and storage of their own data.

Some say that the responsibility of handling these transactions should be shifted back to the banks.

One additional recommendation for these Level 3 and 4s is to adopt a strategy in which the merchant never handles the credit data at all. The merchant would have an online shopping cart, but the credit card transaction would be diverted to the bank server, without ever being touched by the merchant.

I’m one of those Level 4 merchants and this is the strategy that I use. All orders are taken online and nobody aside from the bank handles client credit card data. PCI compliance is a breeze – no hiccups.

While this is practical for some SMB’s, it doesn’t work for others, so those retailers need to get their act together immediately, because criminal hackers are watching.

See identity theft speaker Robert Siciliano discuss data breaches here.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Prevention is a People Problem

Robert Siciliano Identity Theft Expert

Every week we learn of a new hack, another breach, credit cards stolen and another identity theft victim.

Many have blamed the bad guy or criminal hackers for all the problems we have in the security world. And while the bad guy is certainly a problem, they are a small part.

The people responsible for their own physical or computer security or the security of others are often the guilty.

You wonder why your credit card company sent you a new card? Because some baboon didn’t do his job and your were compromised.

Chances are we could look at 7 out of 10 data breaches and point to someone who didn’t properly flip a switch or lock a door.

Recent studies polling companies with 1000 or more employees when asked to define the most important measures for protecting confidential data, nearly half of all respondents said, “communicating and training users on confidential data security policies.”

And when asked to rate their organizations performance with regard to, “communicating and training users on confidential data security policies,” more than one-fourth of security professionals gave their organization a rating of either “fair” or “poor.”

North Americans ranked 24% as being “poor” while Europeans ranked 38%. I suspect the North Americans are just lying and are just as lax. I read the papers and see the data. Pleeeeze. I have my eye on you Focker.

Security is not entirely an IT problem. There are many “to-dos”, policies in place regarding physical security that must be observed. And if followed properly, would reduce many of the breaches we see.

One plain and simple example is dumpster diving. How prevalent are shredders? I’ve gone though 4. Besides the copy machine or your desk/laptop, a shredder should be the most used home/office appliance.

Here is an infuriating video of a dumpster diver here, also a security professional who spent 3 minutes in the dumpster of a local bank. He found a laptop, wire transfers and Social Security Numbers. That’s not an IT problem. That’s a stupid-lazy-people problem.

How is anyone supposed to feel secure and protect their identity when others are responsible for our security? The fact remains we are an open sore and idiots keep pouring salt in the wounds.

Robert Siciliano Identity Theft Speaker discussing Idiots who didn’t secure a wireless connection and exposed 45 million credit cards Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

A Day In The Life of A Scammer

Robert Siciliano Identity Theft Expert

How can I get you to believe me? What can I say or do to convince you I’m legit? What methods should I use to pull it off?

I don’t have a job. I’m essentially unemployed. However I do have a career. And it involves figuring out ways to get others to pay me. Every day I perform tasks to bring eye balls to what I’m offering, selling or trying to get. What is this vocation? Scammer.

I work all over the world, I travel and meet interesting people. I like what I do, every day is a new and exciting opportunity.

There’s a sucker born every minute. Today I’m looking for you. And I’ll find you.

All day, every day my one goal is to get you to part with your hard earned dollars and here is ONE DAYs worth of reports of my activities:

Scammers Hawk Man’s House On Craigslist

Man who owns a rental home in Dennisport found scammers offering up his home for rental on the Web site …

Online Scammers Creating Fake Local News to Attract Your Clicks …


Transferring money for someone else

If you agree to take part, the scammer could use your account details to clean out your savings.

Great way to steal an identity. But there are ways to protect yourself.

Scammers customize news to deliver you malware
The scammers are using IP address geolocation techniques to figure out what city the recipient lives in and are localizing the fake bomb news to that …

Scammers using Twitter To Get Your Information
The SC Department of Consumer Affairs is warning twitter users to be on the lookout for scams, particularly phishing scams.

Scammers target animal lovers in classified ads
This time, the scammers lure in their victims with the offer of cute pets to tug at their heartstrings. “A lot of them get placed online,”

Officials say scammers taking advantage of people seeking jobs in …
State officials are warning about scams affecting those seeking jobs during the current economic downturn. State officials are warning about scams …

Stimulus Money Scammers Target Families
As soon as the government’s big stimulus package was approved, scammers got on the internet and started trying to get their hands on the money. …

Art Dealers Accused of Rigging Appraisal
He was the consummate con man. He created this image that he had a huge collection of wonderful paintings. The impression given, and taken, was that he was …

Scams abound, costing locals tens of thousands The …
The victim is approached by the con man holding a wallet or bag containing cash. The con man shows the money to the victim and asks if it belongs to her, a way of breaking the ice to set up the scam…

More than 1000 women conned by rogue marriage agency
ONE woman was conned into offering her life savings, while another was duped into sleeping with a man by a rogue marriage agency specializing in foreign …

Lightning rod scam zaps local elderly couple
Officials fear the lightning rod installer may be scamming other elderly couples so they’re urging

Residents Effected By Scammers Washing Checks
“They take that check thats made out to CPL has your signature on … they wash off the amount and the to thats where it becomes check washing. …

I worked hard today. Its a hard way to make an easy living. But it was fun and always funny to see you get all bent out of shape when I read about you in the news. Tomorrow is another day, and another scam.

Robert Siciliano Identity Theft Speaker discussing Scams Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Identity Theft Expert; Cybersquatting Leads to Fraud

Robert Siciliano Identity Theft Expert

Ever click on a link from an email or while surfing and something just wasn’t right? The domain name in the address bar looked like a letter or two off? A misspell? Maybe it had a number tossed in there for good measure? This is either cybersqautting or typosquatting and its a problem.

Cybersquating is the act of procuring someone elses trademarked brand name online as a dot com or any other US based extension.

Cyber squatters squat for many reasons including impostering for fun, hoping to resell the domain, using the domain to advertise competitors wares, stalking, harassment or outright fraud.

Grabbing someone’s given name is also a form of cybersquatting and is happening in social networks and on Twitter. Twitter is affected by Twittersquatting where peoples names and an estimated top 100 brands have been hijacked.

There are also bunches of Kevin Mitnicks ( hacker) on Facebook that even prevented the Gent from accessing his own Facebook account. Facebook fixed the problem after Mitnick rightfully bitched then CNET made a call. Then Facebook listened. Facebook said “We are very aggressive in fostering and enforcing our real name culture and sometimes we make mistakes. But it’s rare, and it’s been fixed.”

Cybersquatting is also done maliciously for fraud. The Identity Thieves will jack a domain similar to that of a bank and create a spoofed site for phishing. Often if the domain isnt available, then the next best thing is Typosquatting. Annualcreditreport.com was a victim of that. More than 200 domains were snapped up right after the site launched.

This is just one more reason to protect yourself from identity theft.

Back in the day, I was accused of cybersquatting! Here. I wasn’t I swear! Back in the early 90’s with my IBM PS1 Consultant 3.1 Microsoft operating system and a rockin 150mb hard drive, I bought me up some domains as well. Some that I sold, others I regrettably gave up and one that will haunt me till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin then and now is my band, and as a fan I bought the domain as a keepsake. I would get emails from people globally like “I am Paulo from Brazil, I love the Led Zep!”

Then when Clinton passed a law later making cybersquatting illegal, I knew it was a matter of time. I had it for 5 years before anyone from the bands team of lawyers approached me on it. And when they did I didn’t know how to handle it. And my lawyer at the time even less so. Ultimately I gave it up without a fight on my part, but I’m sure the bands lawyers billed them for the 1 inch thick book of a lawsuit I was served with. Sorry dudes. My bad.

In this case the lawyers saw an opportunity to build a case against me, a fan that would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked and called them yelling to take it, I never wanted that.

One of few regrets. But I have a nice 1 inch thick book about me and the band and why I’m an idiot.

Anyways back to cybersquatting. A recent report from the NY Times sourced MarkMonitor, a domain name seller and company that protects brands names from misuse, tracked an 18 percent rise in incidence of cybersquatting.

Which means as a brand or individual (or band, eesh) get your name on social network sites or domain name NOW. Then get your kids names as well.

Because they may be Zeppelin famous and have to fight a twit like me.

Robert Siciliano Identity Theft Speaker discussing DNS issues Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Fake IDs, Fake Passports Easy To Make or Buy

Robert Siciliano Identity Theft Expert

Fake IDs aren’t just a tool to get in a bar, they are a significant threat to personal security and national security.

Who in their teens and college years didn’t have a fake ID? I did.

At 17, I was 23! That meant I could buy alcohol, go to bars and take others to “R” rated movies. It also meant I was a ROCK STAR. For a minute.

A friend of mine peeled apart Massachusetts IDs and melted crayons together to create colors that matched the IDs colors. He would apply the crayon to the face of the ID and alter the persons age. For example if you were born in 1968, he would color the left side of the 8 the same color as the ID making it a 3. 1963 gave you five extra years to party!!

Then he’d just seal it back up and voila! You were a ROCK STAR.

CNN reported the Government Accountability Office did a test. An investigator used a fake ID to get a real passport. Once he had the passport he bought an airline ticket and went through security. How stupid big is that hole in security?

Former DHS Secretary Chertoff said, and I agree; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

The problem here is the speed of technology has far outpaced the security of our identifying documents. Anyone with a computer, scanner, printer, laminators and for crying out loud CRAYONS can create breeder documents getting real IDs.

This makes it very difficult to prevent identity theft when anyone can be you any time.

What contributes to the problem is there are thousands of variations of birth certificates, dozens of social security cards and a couple hundred different drivers’ licenses in circulation. Very little security and no significant standards preventing counterfeiting. I’m sure plenty will argue this point with me, however the fact remains, fake IDs are everywhere.

Identity theft protection becomes very difficult.

While technology certainly exists to properly identify and authenticate through numerous technologies, privacy advocates and ignorant politicians will fight till the death to prevent their implementation for 2 reasons; 1. Cost, which is a naive argument. 2. Privacy issues.

Cost; spend whatever it takes to properly identify and authenticate. Privacy; is DEAD. Security is the issue we need to be concerned about. Manage out circumstances and tighten things up. The UAE has an “Identity Card” in place that is the best active solution I’m aware of.

There are hundreds of solutions being proposed every day, but cost and privacy continue to creep up. One argument some have is technologies such as RFID and biometrics are the equivalent to the Mark of The Beast. That just goes right over my head.

The Real ID Act has been passed, slammed and revisited. It is the first step towards effective authentication. Fight it as you might, its coming.

Robert Siciliano Identity Theft Speaker discusses Identity Theft and the rampant use of Social Security numbers Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Identity Theft Expert and MyLaptopGPS Note That Rise in Security Technology Spending Needs to Encompass Laptop Computers

(BOSTON, Mass. – March 13, 2009 – IDTheftSecurity.com) Research announced in March shows that IT spending on so-called Identity and Access Management (IAM) technologies is set to grow at a compound annual growth rate of nearly 30 percent. Widely televised and quoted personal security and identity theft expert Robert Siciliano observed that this IAM spending needs to encompass the security of portable computing assets. He directed organizations of all kinds to laptop tracking and data retrieval technology from laptop computer security firm MyLaptopGPS.

“Perhaps the easiest point of entry for identity thieves seeking to steal information is the mobile computing device,” said Siciliano. “Typically a cinch to steal, laptop computers are often home to valuable data. IT departments concerned with managing identities and access on their systems are therefore remiss to neglect their fleets of mobile computing equipment; smart organizations in fact restrict the use of their laptops — and track them.”

CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano leads Fortune 500 companies and their clients through presentations that explore security solutions for businesses and individuals. Author of “The Safety Minute: 01” and a longtime identity theft speaker, he has discussed data security and consumer protection on CNBC, NBC’s “Today Show,” FOX News Network, and elsewhere.

IAM known as “provisioning” recently accounted for approximately 60 percent of global IAM market revenue, according to a press announcement regarding an associated report by the industry research firm RNCOS. User provisioning, as defined by RNCOS, is a type of identity management software whereby users may be represented by multiple objects on multiple systems in a computer database.

This projected increase in IAM spending is in response to rising concern over identity theft and data breaches, RNCOS noted. For instance, during the six months immediately preceded February of 2009, the illegal trade of personal information in online chat rooms increased by approximately 25 percent, according to research from Affinion Security Center, whose press announcement noted a 50 percent year-over-year increase in identity theft complaints reported to the Federal Trade Commission in 2008.

“With an explosion in the use of mobile computing devices, sensitive data is bound to find its way onto them,” said MyLaptopGPS’ chief technology officer, Dan Yost, who invited readers to visit the MyLaptopGPS blog. “In other words, the spike in identity theft only makes sense. But the reality must change, and simple measures for laptop computer security can slow, even reverse, the trend.”

The theft rate for laptop computers equipped with MyLaptopGPS is just 0.4 percent, or 32 times lower than the average. Additionally, Yost pointed to SafeRegistry™, a comprehensive system from MyLaptopGPS for inventorying entire fleets of mobile computers, as well as a full line of highly renowned SafeTags™, which are police-traceable property tags designed to secure iPods™, cell phones, BlackBerry™ devices and other mobile property.

Yost’s expertise has been featured twice in CXO Europe. Furthermore, in December of 2008, he and Siciliano co-delivered a presentation titled “Information in the Modern Age: Maintaining Privacy in an Era of Medical Record Identity Theft” at the 4th Annual World Healthcare Innovation & Technology Congress in Washington, D.C., where Former U.S. Congressman Newt Gingrich delivered the keynote address.

Readers who belong to LinkedIn® are encouraged to join the MyLaptopGPS group there. Featured in Inc. Magazine and TechRepublic, MyLaptopGPS maintains the Realtime Estimated Damage Index (REDI™), a running tally of highly publicized laptop and desktop computer thefts and losses and these losses’ associated costs. A log of these high-profile laptop thefts is available at MyLaptopGPS’ website.

Readers may download a demo of MyLaptopGPS. They also have the opportunity to read one of two reports tailored to the type of organization they run.

MyLaptopGPS combines Internet-based laptop GPS tracking with other functionalities to secure mobile computing devices. A user launches MyLaptopGPS’ features remotely, protecting data even while the machine is in a criminal’s hands. Once connected to the Internet, the software silently retrieves and then deletes files from machines as it tracks the stolen or missing hardware — at once returning the data to its rightful owner and removing it from the lost mobile computing device.

YouTube video shows Siciliano on a local FOX News affiliate discussing the importance of securing mobile computing devices on college campuses, where laptop theft can run rampant. To learn more about identity theft, a major concern for anyone who’s lost a laptop computer or other mobile computing device to thieves, readers may go to video of Siciliano at VideoJug.

###

About MyLaptopGPS

Celebrating 25 years in business, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration since its founding in 1984. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS™, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS™’s rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services.

About IDTheftSecurity.com

Identity theft affects us all, and Robert Siciliano, CEO of IDTheftSecurity.com and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to educate Fortune 500 companies and their clients. A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” CNN, MSNBC, CNBC, “FOX News,” “The Suze Orman Show,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “The Howard Stern Show,” and “Inside Edition.” Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include ForbesUSA TodayEntrepreneur, Woman’s DayMademoiselleGood HousekeepingThe New York TimesLos Angeles Times,Washington TimesThe Washington PostChicago TribuneUnited Press InternationalReuters, and others. For more information, visit Siciliano’s Web site,blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

John Dunivan

MyLaptopGPS Media Relations

PHONE: (405) 747-6654 (direct line)

jd@MyLaptopGPS.com

http://www.MyLaptopGPS.com

Robert Siciliano, Personal Security Expert

CEO of IDTheftSecurity.com

PHONE: 888-SICILIANO (742-4542)

FAX: 877-2-FAX-NOW (232-9669)

Robert@IDTheftSecurity.com

http://www.idtheftsecurity.com

Brent Skinner

President & CEO of STETrevisions

PHONE: 617-875-4859

FAX: 866-663-6557

BrentSkinner@STETrevisions.com

http://www.STETrevisions.com

http://www.brentskinner.blogspot.com

Mom Was Wrong. Strangers Good. People We Know Bad.

Robert Siciliano Identity Theft Speaker

An axiom in business is that we buy from and do business with those who we know like and trust. In the 21st century we have seen CEOs, investment bankers, politicians and those in the highest positions of trust completely screw everyone who put them on their pedestal.

Madoff pleads guilty for orchestrating a 65 billion dollar Ponzi scheme and 3 rows of investors in attendance at his trial clapped, applauded and sang. These are people that bestowed an incredible amount of money in a man that is probably a psychopath.

What does this say about us as a species that trusts so much?

Charles Ponzi began his scheme 100 years ago and was caught 10 years later. The SEC stepped in and stopped him. The SEC didn’t stop Madoff. They allowed him to prosper, until his operation imploded.

Growing up most of us were schooled on “Stranger Danger” because our parents were also told not to talk to strangers. Strangers are “strange” therefore dangerous. At least that seemed to be the theory. Unfortunately I’ve seen all too often that people we know are sometimes the baddest apples in the bunch. Kids coaches, swim teacher, clergy etc.

In a Wall Street Journal article Bruce Schneier makes the point that people are over all good and generally honest. So approaching a stranger probably wouldn’t mean imminent danger. Basically true.

On the other hand if someone pursues or approaches you, they are essentially paying unwanted attention to you, or distracting you from the truth. Maybe getting ready to take advantage of you in some devious way.

We see this all the time when law enforcement sets up a 14 year old female named Dixey14 in a chatroom and she’s (or he) is quickly approached by 50 men with webcams snapping pictures of themselves. So in this sense talking to strangers is bad. Video Here

Nigerian identity theft 419 scams are based on one single principle to be successful; get to know your mark, get them to like you and they will trust you. Done. They start off a stranger, then become their victims night in shining armor coming to your emotional (and financial) rescue. Scambaiter video Here

I’ve talked over and over about insiders at a company maliciously hacking away at the network and stealing data. They aren’t strangers, they are the funny drunk dudes at the Christmas party.

You want to prevent being scammed? Prevent Data theft? Prevent identity theft? Prevent being hacked?

Do not exclusively rely on any one system to protect you. Don’t expect the government and their bazillion bureaucratic agencies to protect you. Don’t think law enforcement or any other authoritative agency will be there when a predator strikes.

All existing systems work often, and fail as much.

Security is about layers. The more layers of protection you have in place, the more difficult you make it for the bad guy to get access. Redundancy, predictive, proactive thinking.

Someone pour me a scotch. Single malt.

Oh, and I’m very excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Robert Siciliano Identity Theft Expert Discussing Bernie Madoff Con Man Here

Criminals Target ATMs to Steal Vital Personal Financial Information From Customers

Robert Siciliano Identity Theft Expert Speaker

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. Also, the worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming is a relatively low tech crime. It can occur in a few different ways. The most common is when a store clerk takes a wedge card skimmer

and runs your card through and skims the information off the magnetic strip.

Once the thief has the credit or debit card data they can place orders over the phone or online.

They can also rip the data from the wedge and burn to blank “white” cards. These white cards are effective at self checkouts or when the thief knows the clerk and they “sweetheart” the transaction. These white cards can also be pressed with foils to look like a legitimate credit card.

Then there is a more sophisticated skim. Thieves actually place a hard device on the face of the ATM that looks like the ATM. It’s almost impossible for a civilian to know the difference unless they have an eye for security, or the skimmer is of poor quality.

Often the thieves will mount a small pinhole camera on the side of the ATM in a brochure holder to extract the victims pin number.

Its not just ATMs that are potential marks, gas pumps are just as vulnerable. See video of me discussing Here and another article Here

ADT Unveils Anti-Skim Tool

ADT has a new technology that prevents ATM of skimming. I haven’t seen it yet, but it sounds promising. The ADT Anti-Skim™ ATM Security Solution helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

The ADT Anti-Skim ATM Security Solution:
• Helps protect the integrity of cardholders’ personal financial information during ATM transactions.
• Can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities.
• Requires no software adjustments to the ATM.
• Does not connect to or affect the ATM communications network.
• Has more than 40,000 successful ATM applications worldwide.

Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

Again, I haven’t seen it. But would like a first hand demonstration. ADT, Have your peeps call my peeps.

Robert Siciliano Identity Theft Expert discussing ATM skimming Here

Recession Turns IT Workers Into Hackers

Robert Siciliano Identity Theft Expert

What a nasty headline for an article.

From ABCnews.com the journalist roasts IT professionals on a spit. And the comments were all inspiring.

As the recession rears its ugly head, disgruntled ex employees are in the best position to drop a bomb in the companies network or suck all the data out with a few terabyte drives.

A recent study by McAfee and Purdue University put the tally of fraud, data loss and damage done at 1 trillion dollars. A thousand billion sounds like a lot of money.

To paraphrase some of the comments;

No matter how you look at it, when heads start to roll, most people that are about to be let go feel unjust and express hostility towards the employer (often, rightly so). These are the same people who were loyal company employees for years. Unfortunately, these are no win-win situations when it comes to the downsizing and companies should take proper actions to address it.

Your system admin is the gate keeper. Anyone who has access to sensitive data can potentially abuse the privilege. The loan officer, the loan processor, the secretary, the human resources gal two cubes down the hall, the cleaning people that take out our trash at night… Without proper controls in place anybody can be the bad guy. On the other hand, with adequate management these issues can be avoided, even when it comes to IT employees.

Manage your end points, your USB devices, your computer ports, your printers… Segregate your system administration roles. Tools are there. And who is going to implement them? Your IT guy. (thank you Sashimi11)

With the incredible amount of layoffs occurring, companies are bound to layoff an employee who will exact some revenge. Some say “Companies whose knee-jerk response is to cut costs by canning employees deserve some wrath”. But, in the end, the wrath doesn’t get you your job back. (thank you Patches777)

Most are working individuals, doing what they do best. All the while staying under the radar, and afraid, just like everyone else, of the threat of layoffs. The latter doesn’t mean an internal flip is switched and they bug out and start stealing trade secrets. (thank you kyleratliff)

On another note, as budgets are cut and IT pros are let go, the show must go on.

Bill Lynch of RazorThreat said to me “We are encountering lots of very frustrated CIO’s who are caught on the horns of a dilemma…their IT budgets and headcount are being slashed but their CEO’s are simultaneously demanding that they reassure them and the Board of Directors that they are not vulnerable to the same kinds of cyber attacks that have plagued some big firms lately.

They know they cannot afford to buy complex, expensive and difficult to deploy new security software and the people to manage them and yet they have to stand before the Board and profess that their networks are secure”.

The fact is, data breaches will continue and IT will often be to blame. There is a light at the end of the tunnel. There are numerous technologies that won’t break the bank and will keep the BOD happy. Companies have to consider numerous threats of theft and mayhem. Review security policies and who has access to what and why. In the end make sure employees are let go with dignity and respect.

Robert Siciliano Identity Theft Speaker discussing Credit Card Fraud Here

Neighborhood Identity Thieves From Hell

Robert Siciliano Identity Theft Expert Speaker

Keep your friends close and your enemies closer. Unfortunately your enemies could be living in your home or across the street. As the economy tanks, people get desperate and thieves victims become those in their lives.

With all the hullabaloo about criminal hackers and identity thieves organizing as webmobs from all over the world, people often forget that it’s the people in our lives that are the closest to us who often perpetrate these crimes.

Especially in tough times, identity thieves could be someone in your inner trusted circle. I’ve consulted on stories where the dad stole his child’s identity. Those closest to us at home or work have direct access to our data.

“Familiar” Identity theft happens because the thief goes through a process of rationalizing their ability to commit the crime. The process is often referred to as the “Fraud Diamond”.

First they have Incentive. They say “I want to or have a need to commit this crime”. Next is Opportunity. They see a hole or weakness in the system they can easily exploit. And of course Rationalization; “I have convinced myself it is worth the risks”. Lastly, Capability; they determine they are the right person for the job and can pull off the scam.

Here a local neighborhood was terrorized by a drug addicted mom and dad who had a penchant for technology and used their skills to feed their habit.

Much of the crimes they committed could have been prevented.

1. Get a credit freeze or fraud alert
2. Invest in a locking mail box
3. Shred all throwaway paper work
4. Turn off the paper
5. Turn on WPA security for your wireless network
6. Pay attention to all your statements and refute unauthorized charges
7. As a national spokesperson for uni-ball, I recommend using a uni-ball® pen, which contains Uni “Super Ink” formula, to write checks and sign important documents. This specially-formulated ink won’t wash out and protects against check washing. Those closest to you have access to your canceled checks and can rewrite to themselves.

Robert Siciliano Identity Theft Speaker Expert discussing family identity theft Here