Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)

Spies Among Us

The term “spy” conjures ideas about “foreign operatives,” “moles” and James Bond. You might envision forged IDs, fake passports and fraudulently issued government sponsored papers. When spies were recently exposed and caught in the United States, it was kind of surreal for me, since some of them lived right here in Boston.

Back in the day, spies used advanced covert technology, was always a hidden or shrunken version of something more common and accessible. Today, the same technology exists, and it’s cheap and mostly manufactured in China. Lighters, pens, just about any small, seemingly benign object you can think of can contain a video or audio recording device. Tiny flash or thumb drives are capable of storing gigabytes of data.

The eleven Russian spies who were recently nabbed used a lot of the same equipment that you and I use today, including laptops, flash memory cards, and cell phones, but with a twist. One of the spies would set up a laptop in a coffee shop on a regular basis, and the FBI noticed that on Wednesdays, a van driven by an official would go by. The FBI determined that when the van passed the coffee shop, there was a direct exchange of data via their wireless laptops. The discovery was made using commercially available WiFi sniffing technology. Apparently, the data was transferred in this way to avoid detection over the Internet.

The phones the spies used were prepaid mobile phones with no contract, which are often paid for with cash so the user can avoid detection. After a few uses they toss the phone and get a new number to avoid detection.

And the availability of fake identification makes it so easy to pose as someone else. Do an online search for “fake ids” and you’ll be amazed to discover how easy it can be to obtain an ID or passport. Or how easy it can be for someone else to obtain an ID that would allow him or her to pose as you. Some websites peddle poor quality cards, others offer excellent quality, and many websites are simply scams.

The fact is, most of our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner, and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

In the end, the spies were caught with a combination of high tech surveillance and gumshoe police work. The Boston Globe reports that in 2005, FBI agents found a password written on a piece of paper while searching the home of one of the spies. This allowed agents to decode more than a hundred messages between the spies and their government.

Unless we effectively identify who is who, using secure documentation, it’s spy business as usual.

Robert Siciliano, personal security expert adviser to Just Ask Gemalto, discusses Spies using fraudulent passports on Fox News. Disclosures

Do You Really Need Identity Theft Protection?

I see plenty of articles disclaiming any form of identity theft protection and the related expenses. They have titles like, “Identity Theft Protection Doesn’t Work,” or, “Poor Man’s Guide to Identity Theft Protection.” Most of these articles have some degree of merit, but they usually miss the point.

The fact is, you can’t protect yourself from all forms of identity theft, and the types that you can guard against require a Rain Man-like focus. One way or another, it’s going to cost you time or money or both.

Identity theft protection detractors say, “Why pay a monthly fee when all you have to do is…”

Securely dispose of mail. The standard advice is to thoroughly shred preapproved credit card offers and anything that includes any account information. While this is good advice and should be heeded, it’s not going to protect you when your bank or mortgage company or utility provider tosses your information in a dumpster that is subsequently raided by identity thieves.

Opt out of junk mail and preapproved credit card offers. This is good advice and can be done at OptOutPrescreen.com. However, even if you opt out of new offers, others will still arrive. It’s inevitable. You also need to get a locking mailbox, but that still won’t fully protect you.

Get a P.O. box. This won’t protect you at all. Anyone who recommends this tactic doesn’t understand how identity theft occurs.

Check your credit for free at AnnualCreditReport.com. This is an excellent way to stay on top of your credit reports and keep tabs on what accounts may be open under your name. However, it’s only good for one credit report per bureau per year. You should really check your credit report monthly, and that isn’t cheap.

Set fraud alerts. Fraud alerts are a great layer of protection, but they expire every 90 days, and most people don’t bother to renew. Plus, fraud alerts only serve as a guideline for creditors, who are not required to contact you before issuing credit.

Get a credit freeze. This is a great way to help prevent new account fraud. I recommend this. But by itself, a credit freeze is not enough.

These are all layers of prevention that will help, but by themselves or even in combination, they cannot provide the same degree of protection offered by a reputable, full-service, paid product.

To ensure peace of mind and protect your most valuable asset, your identity—subscribe to an identity protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft “pandemic” on CNBC. (Disclosures)

Man lived under stolen identity for more than a decade

Identity cloning generally encompasses all types of identity theft. In most cases, the thief is intentionally living and functioning as the victim. The thief’s motivation may be to hide from the law, evade child support, or skirt immigration.

A man lived a quiet life with a steady job. But he wasn’t who he claimed to be. He was an identity thief. The ruse was so elaborate that his own girlfriend said she was unaware of it.

His victim lived hundreds of miles away and for over a decade, he was unaware that his identity had been stolen. When the victim applied for a passport for the first time, he learned that someone else already had a passport under his name, and had since 1996.

Prosecutors aren’t even sure of the perpetrator’s real name. The man claims he’s a German national who entered the country under his real name in 1983 via Mexico. He even got a birth certificate and a driver’s license.

In cases of identity theft, generally, the goal is to commit financial fraud. Kind of like a smash and grab. The thief comes in, wreaks havoc, makes a mess, destroys your credit, and then moves on to another victim. But with identity cloning, the person may actually pay the bills and live a decent life.

In some cases, though, that person may also be a sex offender or have other recurring legal troubles. Either way, at some point, there is inevitably a mess that needs to be cleaned up. Some people spend hundreds of hours, thousands of dollars, and face years of aggravation.

Our systems of identification rely on antiquated paper and plastic documents, often without photographs, coupled with ubiquitous numeric identifiers. Since the beginning and especially today, all forms of documentation are easily counterfeited. This means anyone can simply copy, scan, manipulate, and print a document, obtain your digits, and become you.

This means that your identity is anything but safe and secure. It is entirely vulnerable to attack, and may already be compromised.

Your best option is to lock it down in a way that makes it difficult for an identity thief to use it undetected, and in some cases makes your identity useless to a thief. And if your identity is ever compromised, McAfee Identity Protection fraud resolution agents work with you to restore your stolen identity.

Identity Theft Targets Hispanic Community

Jose Marrero, who was born and lived his entire life in Puerto Rico, had no idea that someone else was using his name and Social Security number to charge thousands of dollars in Miami and Chicago. At least, not until the police showed up at his job to arrest him for car theft. Marrero told the Associated Press, “All of the information [on the warrant], all of it, the driver’s license, the Social Security, my address, was mine. I was shocked. I told them simply that it wasn’t me.”

In the U.S., a Puerto Rican’s identity is worth as much as $6,000, since it can be used to hide illegal immigrants. Like most personally identifying documents, Marrero’s were probably stolen from schools or church rectories.

Puerto Rican stolen identities have surfaced in immigration raids all over the country. “Birth certificates have become legal tender,” said Puerto Rico’s secretary of state. Here in the U.S. there are over 14,000 variations of the birth certificate. I personally have five versions of my own. That’s a stupid system.

Puerto Rico’s current solution is to void all existing birth certificates and have everyone reapply for new ones with better security, a plan that will make it harder to get fake documents in the future. But with millions of legal existing passports and driver’s licenses still valid, how is the real person identified?

The AP article states that the problem stems from the Puerto Rican tradition of requiring birth certificates to enroll in schools or to join churches, sports teams, or other groups. But the fact is, all Americans of every descent do the exact same thing. I remember having to bring my birth certificate with me to the YMCA summer camp. That’s why I have five, because we always needed duplicates for school, camp, even field trips!

Organized crime is likely involved in selling “tripletas,” consisting of a birth certificate, a Social Security card, and a driver’s license. Similarly, in criminal hacking communities, full sets of identifying information that can be used to steal an identity are packaged as “fullz” and sold for less than $100.

Victims face damaged credit, criminal records, and years of credit restoration. The time spent restoring one’s identity can potentially result in thousands of dollars in lost wages.

One victim, a 32-year-old married father of two whose credit has been ruined, told the AP that local authorities were dismissive: “They told me, ‘There are cases more important than that little case.’”

Not all identity theft can be prevented. However McAfee Identity Protection continually monitors your information and works to proactively protect you and will be there to assist you in the even your identity is compromised. Protect your most important asset, your identity.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing illegal immigrant identity theft on Fox news. (Disclosures)

School Directors Face Background Checks

When I see headlines like this I wonder what century we are in. You’d think in the year 2010 that background checks of school officials would have been implemented 20 years ago. In New Jersey background checks for school employees have been in place since 1986. But not for school officials.

Still to this day municipalities across the country are still determining who should or shouldn’t be checked.

A new bill in New Jersey would disqualify school board members from serving if they’ve been convicted of serious crimes. Further, it would require them to pay for the cost to get background checks themselves or with campaign money. The checks cost $80, according to the state Department of Education website.

It’s common sense to require background checks for school volunteers, coaches, teachers and even janitorial staff. So why would a school official be any different? Leaders are supposed to set examples. Leadership is stated as the process of social influence in which one person can enlist the aid and support of others in the accomplishment of a common task.

Currently there is no statute that prevents a person with a criminal conviction to become a school board official! Fortunately the bill was unanimously passed.

Citizens cannot rely on their governments to effectively police their officials. It is essential to all those concerned to always check up on someone history. Especially those in positions of trust.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. For more information see Intelius background checks to learn more. See him discussing background checks Court TV. (Disclosures)

What is that Facebook “Friends” Motivation?

Sandra Appiah is a curvy lady who wants to friend me. She friended two of my buddies and apparently they accepted because they showed as “2 Friends in Common”. I never automatically friend anyone, so I contacted each bud and neither knew who she was. Go figure.

What got my attention besides the fact that I don’t know her was that she had photos on her page on a bed, scantily clad with belts and Playboy bunny stuff in the room. Red flag anyone? But to my buds, they didn’t seem to see it the way I did.

I sent here a note, “Hi! Where did you learn of me?”

And “her” response: “I am simply online looking for the Love of my life….someone to make my heart skip a beat…shake my whole being. A fairy tale that lasts a life time. Someone to adore and cherish….want to look at his face in the morning. That! A Man who is going to show me true love and passion. Respectful and serious intentions for a long relations and marriage. Trust is everything, honesty. Someone who I can share my day with and hold in my arms forever. THANKS HAVE A NICE DAY I HOPE YOU REPLY ME”

When she contacted me she had 12 friends. Now she has 18. All “dumb” dudes that have no idea that “she” is a scammer in an internet café in Nigeria. Why would anyone facilitate a scam by providing this scammer legitimacy by friending them?

Robert Siciliano personal security expert to Home Security Source discussing social media Facebook scammers on CNN. Disclosures.

10 Ways to Prevent Social Media Scams

The trouble with social media revolves around identity theft, brand hijacking and privacy issues.  The opportunity social media creates for criminals is to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams.

It was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire. Now it’s old news, but it’s still happening.

  • Register your full name and those of your spouse and kids on the most trafficked social media sites. If your name is already gone, include your middle initial, a period or a hyphen. You can do this manually or by using a very cost effective service called Knowem.com
  • Get free alerts. Set up Google alerts for your name and kids names and get an email every time someone’s name name pops up online. You want to see if someone is talking about you or using your name.
  • Discuss social media with your kids. Make sure they aren’t providing their “friends” with personal information that would compromise their security or your families.
  • Monitor what they do online. Don’t sit in the dark hoping they are acting appropriately online. Be prepared to not like what you see.
  • Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  • Lock down settings. Most social networks have privacy settings that need to be administered to the highest level.
  • Always delete emails you receive in social media from those who you don’t know. I’m messaged all the time by scammers and I’m sure you are too.
  • Don’t enter all the “25 most amazing things about you” or whatever other games that extract your personal information. Nothing good can come from that.
  • Always log off social media sites when you walk away from the PC. If you are ever at someone else’s home or on a public PC, this habit will save lots of aggravation. My sister-in-law, a Boston Bruins fan, left her Facebook open on the family PC. I changed her Facebook picture to the Philly Flyers and wrote Go Phillys! as her status. Bruins lost that night. I blame her.
  • Do not activate geolocation services that tell the world your every move. Nothing good can come out of allowing anyone in the world to stalk your every move.

Robert Siciliano personal security expert to Home Security Source discussing Facebook Jacking on CNN. Disclosures.

Choosing An Identity Protection Solution

When making a purchase, word of mouth is often the best way to arrive at a comfortable decision. But what do you do when the product is weighty and complex, as with a mortgage, mutual fund, or insurance policy? You go to the experts, who know the ins and outs of an offering.

My expertise is identity theft protection. And frankly, I’m confused by what many other companies are offering. I understand the gist of most of what they do, but what they are best at is smoke and mirrors. There is a fundamental lack of transparency in the identity protection industry.

Identity protection, first and foremost, needs to be transparent. You should know what you are getting and what it does and why it is a benefit to you.

Most identity theft protection services offer “monitoring.” But they don’t say what they monitor or how they monitor or what benefit that monitoring will provide you. Monitoring can mean searching the web with readily available free search engines, or it can mean searching for your data on a specific set of websites. Monitoring can also refer to credit monitoring, in which the provider has a relationship with one or more credit bureaus and alerts you if there is activity on your credit report.

These services also say they will help you recover from identity theft, but in the fine print they tell you that recovery is limited to what they protect if their service fails.

An identity theft protection service should inform you when your personally identifying information, such as your name, Social Security number, or credit or debit card number, are used to commit fraud or other crimes.

Identity theft protection should keep pace with the evolving criminal landscape and involve multiple layers of proactive monitoring, detection, automatic alerts, and an intuitive customer experience.

McAfee Identity Protection includes:

– Daily 3-bureau credit monitoring to detect potential financial fraud

– Identity surveillance capabilities to monitor the Internet, change-of-address databases and public records for inappropriate uses of your personal information

– Immediate notifications, via email, SMS text, or your McAfee online account, if any suspicious activity is detected

– Lost wallet protection to make it easy to safeguard your credit and debit card accounts by canceling lost or stolen cards on your behalf and ordering replacements

– Unlimited credit reports from Experian to help you to stay on top of your credit history

– Unlimited phone support from dedicated fraud resolution agents, who’ll work with you to help resolve any identity issues – even issues that occurred prior to your enrollment in McAfee Identity Protection

– A product guarantee of up to $1 million that covers you if you are victimized by identity theft while subscribed to McAfee Identity Protection.

McAfee hopes to educate consumers about identity theft so that they can make informed choices on the ways to protect themselves. McAfee has launched a new website dedicated to consumer education at http://www.counteridentitytheft.com/. The site includes a tool to help consumers access their risk for identity theft and make necessary adjustments.

Ultimately, you want to make an informed decision and invest in identity theft protection from a trusted provider. McAfee is one of the world’s largest and most trusted names in digital security. Protect your most important valuable asset — your identity — with McAfee Identity Protection.