Twitter Is a Security Mess

Robert Siciliano Identity Theft Speaker Expert

Mischievous Hack attacks on Twitter are increasing and it seems there is no end in sight. While twitters developers are working to make it more secure, the open nature of the application fuels mischievous and even criminal hacking.

Twitter is microblogging. In 140 characters or less you tell your followers what you are doing or point them towards something that may enhance their lives. Most Tweeple are twits and say nothing of value. Their tweets are mundane and serve no benefit to anyone.

If you don’t use Twitter thats OK. But there is a chance you eventually will. Many thought they’d never use Facebook, but millions do. Micro blogging is a weird phenom that makes sense to many, and not at all to most.

Users can get tweets via email, on your phone or via SMS texts. People have sent tweets while giving birth, in the crowd watching the Obama inauguration, celebrating New Years, and just about anything you can think of.

I’m on Twitter. I spend my energies informing my readers about security. The most effective tweets have a pithy title related to an article, blog post or TV appearance. All security related.

Since Twitters inceptions hundreds of 3rd party applications have been built around Twitter. Apps that enhance, manage or are just for fun. Much of twitters technology is an open book which has allowed hackers both good and bad to build these apps, and of course wreak havoc.

One such hack is using a Twitter accounts mobile phone number to spoof messages to the users followers.

Other Twitter hacks have included full account take over where messages were sent to all followers of Obama, Britney Speakers, Fox and a CNN anchor.

Recent studys also show that Twittersquating, when brand names are hijacked is also a problem on Twitter

So if you decide to Twitter, know that its not very secure and be cautious about plugging your mobile number into the system.

Robert Siciliano Identity theft Speaker Expert discussing Scams Cons and Schemes Here

Identity Theft Tax Time Scams

Identity Theft Speaker Expert Robert Siciliano

We are approaching tax time. Scammers are ramped up and looking for your money. Learn these tips and watch your back. Protect and prevent Identity Theft.

1. Text messaging scams or Phexting Like phishing but texting); Criminal hackers have access to technology that generates cell phone numbers and access to mass text messaging services. They send texts that install keyloggers or direct you to websites that steal your data.

2. Tax Preparer Scams; Reports of tax preparers who tell their clients they have to pay back their 2008 stimulus checks, then pocket the money

3. Basic Phonescams; Using the telephone for scams is back. Scammers call your home posing as local fire dept collecting your personal information for their records in case their is an emergency

4. Caller ID Spoof; New technologies that allow anyone any time to mask what shows on your caller ID and pose as an official, lottery or authority to get you to reveal data or write checks.

5. Late Payment Scam; As people fall behind on their utilities or taxes, lists are created and available either internally or as public record. These lists fall into the wrong hands and thieves call you to collect.

6. Affinity Fraud; The Madoff scandal has inspired a new generation of cons to adopt the Ponzi once again

7. Advanced Fee Fraud; Now more than ever if it seems to good to be true it is. Desperate times mean desperate people are making bad decisions and getting taken to the cleaners

8. Work at Home Scams; Millions of people laid off, millions looking for a job. There isnt a newspaper in the country that doesnt have a work at home scam ad.

9. Foreign lottery scams; The promise of money is overseas, not here at home and criminals are using the phone, email and snail mail to find their victims.

10. Identity Theft; Identity theives raised the bar in 2008 and ID Theft went up 22%. It will go up again in 2009.

11. Check Washing; Checks lost, stolen, pulled from the rubbish, stolen from your home or the entity you wrote it to are equal to cash when they are written with a pen that the ink washes out of.

Check washing is almost a billion dollar problem. I’ll have a video for you soon on this.

Uni-ball pens makes a cool pen that prevents “check washing”. Check washing is using household chemicals that literally wash the ink out of the paper, but the thief will leave your signature in place or do other things to reissue the check and get themselves paid.

Uni-ball pens with Uni-Super Ink help prevent identity theft,” Says Steve Gradman, who is senior brand manager of uni-ball. Their goal is to help ease the minds of individuals when writing sensitive materials – from legal and medical documents to checks and tax forms. It’s a simple, inexpensive pen, but it packs a lot of punch when it comes to identity theft prevention.”

As an advocate for uni-ball, I will happily be sharing many more exciting product offerings designed to help your business and your family protect yourselves! Have a question about identity theft, Email me!”

Who knew a pen packed a punch! Cool! I say if you can stop “check washing” with a pen for a few bucks then thats a smart investment.

I got a pen (a few actually, a couple in the home office, one in the kitchen, one in the car, 2 in my laptop bag because I’m always losing them when I travel.) I’ve known about check washing but haven’t seen lots of reports on it, because banks don’t like talking about it and the victims are embarrassed by it. So its not often reported in the media.

I found him on Twitter if you tweet.

When a scammer tries to wash or lift the inked information written on the document, the ink remains “trapped” within the fibers of the paper, thereby discouraging the efforts of identity thieves.

THIEVES INITIATE NEW IDENTITY THEFT SCAMS IN TIME FOR TAX SEASON

uni-ball® teams with Identity Theft Resource Center and Identity Theft Expert Robert Siciliano to Warn Consumers of Latest Scams and Offer Anti-Theft Solutions 

Oak Brook, Ill. – March 4, 2009 – Tax time scams are at an all-time high, according to Robert Siciliano, well-known identity and security theft expert and author of the book “The Safety Minute: How to Take Control of Personal Security and Prevent Fraud.”  As economic pressures continue to increase, Siciliano says criminal activities such as sophisticated, organized theft, including the number of new scams intended to trick consumers this tax season, are expected to rise as well. 

“More than 155 million tax forms were filed last year,” said Siciliano, “the majority of them without incident.1  But people need to understand that thieves are inventing new ways to steal identities each and every day.  And since tax time is a key period when we see a spike in identity theft, it’s crucial that we get the word out now and educate people about the latest scams.”  

As part of the its ongoing campaign to elevate awareness about the growing threat of identity theft, uni-ball®, a leading brand of pens, many of which contain specially formulated ink that helps prevent check fraud, is working with the Identity Theft Resource Center (ITRC) and Siciliano to help stop identity thieves in their tracks.   As CEO of IDTheftSecurity.com, Siciliano has seen first-hand the brute blow identity theft delivers to its victims, and has helped scores of them dig out from the financial and emotional turmoil of being scammed.  

Together, the ITRC, Siciliano and uni-ball are issuing the following warnings, asking consumers to be on high alert during tax time for these identity theft scams and more:

·         Professional Thieves and Targeted Attacks.  The ITRC anticipates an increase in more sophisticated ways to “mine” information, sometimes by organized crime groups. Cybercrime, which includes transporting or selling large amounts of personal information from one group both nationally and internationally, will continue and expand. Part of this trend includes “skimming” (duplicate scanning of credit cards or debit cards), and the use of fake fronts on payment scanners and ATM machines. 

uni-ball® teams with Siciliano to promote simple anti-theft solutions during tax season – Add One

·         Tax Preparer Scams.  Most recently, there are reports of tax preparers telling clients they must pay back their 2008 stimulus payments and then pocketing the money.  Not all professional tax preparers have your best interest at heart, according to the ITRC.  Make sure you do research and choose your tax preparer wisely.

·         Check Fraud. As it becomes more difficult to get new lines of credit, identity thieves may be increasingly drawn to commit check fraud. These crimes may take the form of stolen checks, using checks thrown into the trash by unknowing consumers, or a type of identity theft known as “check washing.” Check washing occurs when checks or other tax-related documents are stolen from the mail or by other means and the ink is erased using common household chemicals, allowing thieves to endorse checks to themselves.   This is where something as simple and inexpensive as a uni-ball pen can help.  Select Uni-ball pens contain specially formulated gel ink (trademarked Uni-Super Ink™) that is absorbed into the paper’s fibers and can never be washed out. 

·         Late Payment Scam.  As people fall behind on their utilities or taxes, lists are created and available either internally or as public record. These lists can fall into the wrong hands and thieves call unassuming people to collect.

  • Text Messaging Scams: Phexting.  Criminal hackers have access to everything these days, including the technology that generates cell phone numbers, as well as access to mass text messaging services. Once the data is secured, they are able to send text messages that install keyloggers (a method of capturing and recording user keystrokes) or direct you to Web sites that steal personal data.

·         Internet Scams: Phishing.  Phony e-mails that try to trick customers into giving out personal information are the hottest, and most disturbing, new scam on the Internet. “Phishing” frauds attempt to make Internet users believe they are receiving email from a specific, trusted source, or that they are securely connected to a trusted Web site, when that is not the case.  This scam is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card, bank fraud or other forms of identity theft.

“Identity theft is a giant octopus,” said Siciliano.  “Educate yourself on the many facets of the problem and learn your options to defend yourself from each leg of this monster.  Doing something as simple as paying attention to the pen you use could save you thousands of dollars and endless hours of headaches.  Personally, I never write checks or sign important documents without using a uni-ball gel pen with specially formulated Uni-Super Ink.”  

“Uni-ball pens with Uni-Super Ink help prevent identity theft,” said Steve Gradman, senior brand manager of uni-ball.  “Our goal is to help ease the minds of individuals when writing sensitive materials – from legal and medical documents to checks and tax forms.  It’s a simple, inexpensive pen, but it packs a lot of punch when it comes to identity theft prevention.

uni-ball®teams with Siciliano to promote simple anti-theft solutions during tax season – Add Two 

Many uni-ball pens, including the uni-ball 207 gel pen, the Jetstream, Jetstream RT and Vision Elite roller ball pens, use specially formulated inks that contain tiny color pigments.  This exclusive “Super Ink™” helps prevent document and check fraud by absorbing into the paper fibers. When an individual tries to wash or lift the inked information written on the document, the ink remains “trapped” within the fibers of the paper, thereby discouraging the efforts of identity thieves.

Identity theft rose 22 percent in 2008, and Siciliano predicts it will go up again in 2009.   “Now is the time to become educated in order to prevent this offensive crime,” he said.

 For more information on how to protect yourself this tax season, visit www.uniball-na.com

### 

1 http://www.irs.gov/newsroom/article/0,,id=188359,00.html 

About uni-ball®

uni-ball® is a world leader in providing an optimal writing experience, offering writing instruments with superior functionality and affordability.  From the JetStream® pen’s smooth write to the intense color and superior performance of the uni-ball 207 gel pen, the brand allows one to enjoy the ultimate in writing performance coupled with a distinctive, contemporary style.  Newell Rubbermaid Office Products, marketer and distributor of uni-ball® pens in North America, is a worldwide leader in the manufacturing and marketing of writing instruments, art products and office organization and technology products, including such well known brands as Paper Mate®, Sharpie®, DYMO® Parker®, Waterman®, EXPO®, uni-ball®, and Rolodex®, among others. Visit www.uniball-na.com for more information.

About Robert Siciliano

Robert Siciliano “The Lifesaver” is an expert on personal security and identity theft. He has 25 years of experience in self-defense, security work, martial arts and white collar crimes.  An author, sought after media personality and identity theft speaker, Robert has been seen on the Today Show, CBS Early Show, CNN, MSNBC, FOX, CNBC, USA Today, Forbes, Good Housekeeping, Readers Digest, Consumer Digest, Boston Globe, Washington Post, Chicago Tribune, ABC News.com, TechRepublic, Search Security, AP, UPI, Reuters, and Entrepreneur. Robert recently released his third book, “The Safety Minute: How to Take Control of Personal Security and Prevent Fraud”.

About the ITRC

The San Diego-based Identity Theft Resource Center (ITRC) is a non-profit (501(c) 3) organization established in December 1999, to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem.  

Identity Theft Expert and MyLaptopGPS: Recessionary Economic Circumstances Can Greatly Increase Effects of Laptop Computer Theft

(BOSTON, Mass. – March 2, 2009 – IDTheftSecurity.com) Amid conflicting research and predictions about the likelihood that organizations will invest in security technology this year, laptop computer security firm MyLaptopGPS today noted that the loss to thieves of mobile computing equipment can be financially catastrophic in a recessionary economy. Widely televised and quoted personal security and identity theft expert Robert Siciliano encouraged organizations everywhere to invest in MyLaptopGPS’ laptop GPS and data retrieval technology; such action can shield their budgets from the financial fallout that typically follows laptop theft.

“Recessions have a way of prompting action that will ultimately save money,” said Siciliano. “Paying attention to computer security and taking simple steps to improve it, such as employing a laptop GPS tool, are among the few activities that can truly deliver a return on investment in this regard. Just as smart organizations always tend to the security of their computer networks and mobile computing assets, the smartest organizations invest in these areas during economic downturns and thus avoid the financial catastrophe that data breaches not only bring, but also amplify when economic conditions are bad.”

CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano leads Fortune 500 companies and their clients through presentations that explore security solutions for businesses and individuals. Author of “The Safety Minute: 01” and a longtime identity theft speaker, he has discussed data security and consumer protection on CNBC, NBC’s “Today Show,” FOX News Network, and elsewhere.

Several factors not only exacerbate the pain of laptop theft during a recession, but also in fact might be causes. On Feb. 5, for instance, Forrester Research’s Theanalystview predicted that companies experiencing layoffs this year will want to invest in technology designed to secure or recover data-housing computer assets — any number of which can go missing along with the disgruntled former employees who still have access to them.

Even so, at least one industry sector is seeing cutbacks in security spending: “64 percent of retailers have cut security projects as a result of the economic downturn, and 36% expect budget cuts next year,” according to a Feb. 27th report by ComputerWeekly, which cited a recent Consumer Business Security Survey from Deloitte.

“In a recession, it’s all the more damaging to experience a several hundred thousand dollar data breach,” said MyLaptopGPS’ chief technology officer, Dan Yost, who invited readers to visit the MyLaptopGPS blog. “During economic downturns, organizations must very carefully nurture and protect what they already have because they just don’t have the resources to go out and invest in new computer equipment. This is where an incredibly low theft rate comes in handy — and saves money.”

The rate of laptop theft for computers equipped with MyLaptopGPS’ Internet-based laptop GPS tool is just 0.4 percent, or 32 times lower than the average. Additionally, Yost pointed to SafeRegistry™, a comprehensive system from MyLaptopGPS for inventorying entire fleets of mobile computers, as well as a full line of highly renowned SafeTags™, which are police-traceable property tags designed to secure iPods™, cell phones, BlackBerry™ devices and other mobile property.

Yost’s expertise has been featured twice in CXO Europe. Furthermore, in December of 2008, he and Siciliano co-delivered a presentation titled “Information in the Modern Age: Maintaining Privacy in an Era of Medical Record Identity Theft” at the 4th Annual World Healthcare Innovation & Technology Congress in Washington, D.C., where Former U.S. Congressman Newt Gingrich delivered the keynote address.

Readers who belong to LinkedIn® are encouraged to join the MyLaptopGPS group there. Featured in Inc. Magazine and TechRepublic, MyLaptopGPS maintains the Realtime Estimated Damage Index (REDI™), a running tally of highly publicized laptop and desktop computer thefts and losses and these losses’ associated costs. A log of these high-profile laptop thefts is available at MyLaptopGPS’ website.

Readers may download a demo of MyLaptopGPS. They also have the opportunity to read one of two reports tailored to the type of organization they run.

MyLaptopGPS combines Internet-based laptop GPS tracking with other functionalities to secure mobile computing devices. A user launches MyLaptopGPS’ features remotely, protecting data even while the machine is in a criminal’s hands. Once connected to the Internet, the software employs laptop GPS to silently retrieve and then delete files from machines as it tracks the stolen or missing hardware — at once returning the data to its rightful owner and removing it from the lost mobile computing device.

YouTube video shows Siciliano on a local FOX News affiliate discussing the importance of securing mobile computing devices on college campuses, where laptop theft can run rampant. To learn more about identity theft, a major concern for anyone who’s lost a laptop computer or other mobile computing device to thieves, readers may go to video of Siciliano at VideoJug.

###

About MyLaptopGPS

Since 1984, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS™ has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS’ rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services for 25 years.

About IDTheftSecurity.com

Identity theft affects us all. Robert Siciliano, CEO of IDTheftSecurity.com and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients.

A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” CNN, MSNBC, CNBC, “FOX News,” “The Suze Orman Show,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “The Howard Stern Show,” and “Inside Editio
n.” Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Mademoiselle, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others.

Visit Siciliano’s Web site, YouTube page, and blog.

The media are encouraged to get in touch with any of the following individuals:

John Dunivan
MyLaptopGPS Media Relations
PHONE: (405) 747-6654 (direct line)
jd@MyLaptopGPS.com
http://www.MyLaptopGPS.com

Robert Siciliano, Personal Security Expert
CEO of IDTheftSecurity.com
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
http://www.idtheftsecurity.com

Brent Skinner
President & CEO of STETrevisions
Zoominfo profile
LinkedIn profile
Brent Skinner’s Blog
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com
http://www.STETrevisions.com

Keyword Tags:
identity theft, laptop gps, laptop theft

Scammers Are your Friend On Facebook

Robert Siciliano Identity Theft Speaker Expert

Facebook is a trusted site where 20 something’s up to 60 something’s gather to keep tabs on each others daily activities, hard party nights and reminisce with old flames they sought out and re-friended. Some Friends we know well, others in passing -but are still happy to make the connection. We all want lots of friends (at least on Facebook).

In a lighter sense, Facebook is much of what life is or should be. It’s a place to go where you can just be you, bygones be bygones, be with the people in your past and present and hold onto memories that make up who you are.

It’s a place that is generally free of judgment, and social clicks. In Facebook the nerds hang with the cool kids, the dirtbags with the jocks and the hot chics with the geeks. Everyone is cool on Facebook.

This all adds up to a problem.

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust”. In this world, your guard is as down as it will ever be. You are in the safety of your own home or office hanging with people all over the world in big cities and little towns and never have to watch your back.

All this is why Facebook is the next big mess of the Internet. Scammers are watching. They know that once they are on Facebook, your guard is way way down.

I don’t share that trust that most people have. I’m a bit more business on Facebook than others. I’m not all that Friendly. Kind of a stiff. I’m also a security dude, not so trusting. Even my cousin messaged me and said “Robby you’re all business”. I apologize to all. I’m just not ready to share my daily routine with everyone just yet. If ever.

Read This

And by Jason Kincaid This

Watch This

If you have time read This

And smarten up.

Then Friend me Here (at your own risk)

Robert Siciliano Identity Theft Speaker Expert discussing people scammed on Facebook Here

Identity Theft Crime Victims Bill of Rights

Robert Siciliano Identity Theft Expert Speaker

A consortium of a number of companies in the identity theft prevention space have banded together to create a “Bill of Rights” for victims of identity theft. A Bill of Rights would provide victims of identity theft the needed leverage in response to a breach of their information that leads to numerous forms of identity theft. The consortium has some work to do to get the attention of legislators before it becomes law. This is certainly a noble effort that if passed will provide significant relief to victims.

I speak to victims on a weekly basis and the stresses of being victimized takes its toll. When a thief is functioning in society as you, fraudulently, irresponsibly and of course illegally, they tarnish every aspect of your life. There is an overwhelming sense of helplessness for many victims due to the notion that they are guilty until proven innocent. While this will in essence “take an act of congress” to become law, a good faith implementation of the bill by industry and government would certainly provide needed relief to those affected.

The Santa Fe Group, a financial services consulting firm, and The Santa Fe Group Vendor Council, a consortium of leading service providers to the financial services industry, today released the first comprehensive Bill of Rights for victims of identity theft. The Bill of Rights calls for consistent processes for handling identity crime incidents in addition to amendments to privacy legislation and regulation so victims can more easily access and correct their personal information records.

The five basic rights address the need for legislation that enables individual victims of identity theft to access and correct personally identifiable information (PII) records. The Bill of Rights white paper, titled Victims’ Rights: Fighting Identity Crime on the Front Lines, is now available.

The Identity Crime Victims Bill of Rights advocates improved protection and support for victims and includes:
• Assessment of the nature and extent of the crime that removes the procedural “Catch-22s” when validating identity
• Full restoration of victims’ identities to pre-theft status, including the ability to expunge records
• Freedom from harassment from collection agencies, law enforcement and others
• Prosecution of offenders and accountability for businesses that fail to reasonably secure personal information
• Restitution that includes repayment for financial losses and expenses

The white paper effort was led by the Identity Management Working Group of The Santa Fe Group Vendor Council chaired by Rick Kam, President of ID Experts

“Despite new additions to the Fair and Accurate Credit Transaction Act of 2003 (FACT), such as free credit reports and the ability to place fraud alerts after identity theft, victims are still subject to inconsistent and unfair treatment from state and federal agencies, law enforcement and businesses,” said Rick Kam, President of Portland-based ID Experts, a leader in data breach prevention and remediation. “We created the Bill of Rights to empower victims by granting them the same rights as victims of other crimes.”

According to Javelin Strategy and Research, 9.9 million Americans were victimized by identity crimes in 2008, an increase of 22% from 2007, with annual costs to consumers and businesses of more than $49 billion. In their journey to recover their identities, victims face a disjointed maze of privacy laws and information sources. Law enforcement processes are not always in place, and organizations often won’t share evidence with victims. As a result, a victim’s life can be disrupted for years.

“Victim empowerment is key to thwarting identity crime,” said Catherine A. Allen, Chairman and CEO of The Santa Fe Group. “With the Identity Crime Victims Bill of Rights, we’ve launched a national call to action, laying the groundwork for meaningful and much-needed legislation while building awareness of the issue in the media and among consumers and businesses. Our intent is that victims of all types of identity crime be provided with the same rights afforded to them via the FACT Act for resolving credit issues.”

Robert Siciliano Identity Theft Expert Speaker discusses identity theft victims Here and Here

Your Online Bank Account’; Criminal Hackers Hacking It

Robert Siciliano Identity Theft Speaker Expert

Why hack your online bank? Because thats where the money is!

White Hat Hackers (good guys) probably never anticipated whats happening. There are more viruses out there than ever. Black Hat Hackers (bad guys) are in full force. Back in the year 2000 some have said the white hats were about a year ahead of the black hats in technology. Meaning it would take about a year for the bad guys to crack the white hats stuff.

Others research shows by 2004 the black hats were about 2 weeks behind the white hats. Here we are in 2009. In many cases the black hats are years ahead of the white hats. The good guys are losing. Badly.

Many of the new viruses sit on your hard drive dormant, waiting to be “woken up” when they are signaled. Many of these Trojans are designed to sniff out when you are banking online. They sit and wait, then stike when you log on.

Consider that in our own bodies we already have numerous viruses that come alive when our immune system is down or when its woken up by coming on contact with another. Your PC is no different, there’s often something lurking in there. We get viruses on our PC simply by visiting a website, clicking on a link or downloading a program we think is clean, and many many more ways.

Studies show the amount of viruses quadrupled from over 15,000 in 2007 to almost 60,000 in 2008. The problem is the technology of the criminal hacker has evolved and is further evolving faster than the white hats. This means you have to be on your game. Don’t let your guard down and stay informed.

Basic stuff, again – basic;

Run Windows Update; Or it may be called “Microsoft Update” on your PC. This is a free update to your operating system that Microsoft provides. There are two ways to access this. Either click “Start” then “All Programs”, scroll up the menu and look for the link “Windows Update or Microsoft Update”. Click on it. Your browser (Internet Explorer) by default will launch taking you right to Microsoft’s Windows Update web page and will begin the process of looking at your PC and checking to see what security patches you don’t have. Follow the prompts and click “Express” and let it lead you in the direction it wants. The goal here’s for XP is to end up with “Service Pack 3” installed. Or go to “Control Panel” and seek out “Security Center”. And click “Turn on Automatic Updates” and let Microsoft do this automatically. In Vista the process is similar and your goal is “Service Pack 1”

Install Anti-Virus; Most PCs come with bundled anti-virus that runs for free for 6 months to a year. Then you just re-up the license. If you don’t, then every day that the anti-virus isn’t updated, is another opportunity for criminal hackers to turn your PC into a Zombie that allows your computer to be a Slave sending out more viruses to other PCs and turning your PC into a Spambot selling Viagra. You can also install a different anti-virus program for a fee or free. McAfee is great, Symantec is loosening their grip on the “bloatware” and getting better. Avast is free and good, but free scares me. Free means you have to manually scan your PC and most people don’t do manual very well. Theres also a paid version.

Install Spyware Removal Software; Most anti-virus providers define spyware as a virus now. However it is best to run a spyware removal program monthly to make sure your PC is rid of software that may allow a criminal hacker to remotely monitor you’re keystrokes, websites visited and the data on your PC. I like Lavasofts Ad-Aware Free www.lavasoft.com. There are plenty of good ones.

Run Firefox or Chrome; Microsofts Internet Explorer is clunky and the most hacked software on the planet. Mozillas Firefox is less hacked and more secure. The jury is still out on Googles Chrome browser, but it’s sweet! Maintain the default settings keep the pop-up blockers and phishing filters on.

Secure Your Wireless; If you are running an unsecured wireless connection at home or the office, anyone can jump on your network from 300-500 feet away and access your files. Serious. The router has instruction on how to set up WEP or WPA security. WPA is more secure. If this is a foreign language to you, then hire someone or get your 15 year old to do it.

Install a Firewall; Microsoft’s operating system comes with a built in firewall. But it is not very secure. Go with a 3rd party firewall that is prepackaged with anti-virus software.

Use Strong Passwords; Little yellow stickys on your monitor with your passwords isn’t good. Use upper case, lower case, alpha-numeric passwords that you change up every 6 Months.

PLEASE, you other security dudes or dudets, chime in. We need your guidance too.

Robert Siciliano Identity Theft Expert discussing online banking Here

Bankers Warned; Massive Credit Card Processor Breached

Robert Siciliano Identity Theft Expert

Hackers have breached another huge payment processor. Who? As of this writing they aren’t saying. A statement issued by the Community Bankers Association of Illinois states “Visa announced that an unnamed processor recently reported that it discovered a data breach. The processors name has been withheld pending completion of the forensic investigation” The Open Security Foundation posted a notice on its website Here

CBAI report here and highlights below

According to VISA officials, the breach affected all card brands. Evidence indicates that the account number, PAN and expiration dates were stolen. No cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers or other personal information were involved in the breach.

An increase in card-not-present fraud suggests some BIN number have been targeted by criminals.

VISA officials reported that while the number of accountholders affected is undetermined, it appears to be fewer than those affected by the recent Heartland Payment Systems breach, but a significant number nonetheless. And unlike the Heartland breach, where thieves also captured Track 2 data, officials reiterated that no personal information was taken in this most recent event.

The status of the processor’s PCI compliance is unknown at this time. Bankers. MORE TO COME….”

Why not go after processors, thats where all the data is!

Visa and MasterCard are in the process of notifying affected banks about what they say is a “major compromise”. So far this is not related to the Heartland Payment Systems breach where an expected 100 million cards have been compromised. Or it may be, we don’t know.

Initial reports say the criminal hackers planted malware, or malicious software on the processors servers. Malware of this type generally has some type of remote control component that allows a criminal hacker to remotely access the server and divert data underground.

Visa reached out to all affected banks on February 12th when they conducted a conference call disclosing the severity of the issue. Apparently the compromise occurred from February of 2008 till August 2008 the past few weeks.

At this point neither Visa or MasterCard haven’t disclosed which processor has been compromised nor have they disclosed the size of the breach.

Whether the unknown processor was compliant or not has also not been revealed.

Check your credit and banking statements carefully. Scrutinize every charge and refute any unauthorized charges within 30-60 days. Call your bank/credit card company immediately if you see any fraudulent activity.

Robert Siciliano Identity Theft Speaker Expert discussing another ugly data breach Here.

Recycle Your Phone? Sell it on eBay? Lose it? Still Have Your Data On It?

Robert Siciliano Identity Theft Speaker – Expert

Cell phones are the invention of the 20th century. Its a computer and a phone. Its as cool as the invention of the wheel. Its the single most effective communication tool since the land line.

Millions of cell phones are sold every year. Many are lost, stolen, millions more end up on eBay, recycled or tossed in the trash. Many of these phones still have enough data on them to commit identity theft or, in the wrong hands, make your life miserable.

A study done in December by Regenersis, a UK based recycler, tested a sampling of 2000 cell phones. They learned 99% had personal identifying data such as banking info, credit card data, personal emails, contacts, text messages, pictures, music, videos, calendar entries, notes, mailing lists, to-do lists, automatic log-ins for Twitter, LinkedIn, Facebook and more.

Studies show cell phones are replaced on average of every 18 months. Over the past 4-5 years Blackberrys, iPhones and countless other smartphone/PDAs have flooded the market. All of these devices technologies are upgraded within 6 months and the user wants the latest and greatest.

What kind if data is on your phone today? If it fell in the wrong hands would someone have access to all your social network sites? Usernames and passwords? Customer data? Corporate secrets?

Someone recently bought a Blackberry off eBay and scored phone numbers for Hollywood producers, writers and movie stars Natalie Portman, Julianne Moore and Jude Law. Not a huge deal, but in the wrong hands problematic for the affected.

What if someone got the names, addresses and emails for everyone in your life? Not good.

Its not just cell phones that often contain data. Thumbdrives, MP3 players, are also problematic. Credant Technologies surveyed 500 dry cleaners who said they found numerous USB sticks during the course of a year. Multiplying that by the number of dry cleaners and got a figure of approximately 9000 USBs lost and found annually.

To protect yourself, consider some of the tips below, and this is not a complete list. Please feel free to add in comments.

Don’t store data that will be considered a “data breach” if lost, stolen, sold, recycled.

On phones have strong password protection. Lock it up.

Remove your sim card upon selling.

Reformat the phones operating system multiple times. This generally wipes off the data, but there are programs that do it more thoroughly. There is no universal way to reformat. It is different with every phone/manufacturer/operating system.

Robert Siciliano Identity Theft Expert discussing cell phone security Here

Phishing Attacks Rise Dramatically in 2008

Robert Siciliano Identity Theft Expert – Speaker

Stupid people get hooked by phishers. You have to be a complete idiot to get sucked into a scam email that has typos making requests that are geared toward naïve simple minded pea brain fools. Right? Yes? No? So why have phishing attacks risen dramatically in 2008? That’s 66% higher than in 2007.

Have we gotten dumber or are the attackers getting smarter?

RSA concluded that phishing attacks rose to an unprecedented 15,002 in April of 2008. Millions of people in mainly english speaking nations receiving ruse after ruse. 68% of US bank brands attacked. Less than 7% UK brands experiencing less than attacks.

However the UK takes the title for the most exploits as the most phished country in the world equating to 40% of the 135,426 cases detected by RSA.

This seems to be due to the UKs system allowing fraudulent transfers fast enough “real-time” to avoid detection. Criminals like real time fast cash.

Much of the success of phishers is that they are in fact getting smarter using “flax flux” attacks. *Fast flux is a technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. *Thank you Wikipedia.

Tonight I spent 2 hours on the phone in a webinar with a startup reviewing a fully functional toolbar that makes 54 checks to determine the validity of a website checking for phishing, pharming etc. All any bank needs to do is adopt the technology and require their clients to adopt it in the sign-in process. In most cases problems solved.

And do you know what we labored over in this call? How to get all the banks clients to install a simple toolbar that would protect them and the bank.

Why is this so difficult?

Robert Siciliano Identity Theft Expert discussing Scambaiter in video Here