The First Step to Secure Your Data

Your personal information and data are literally everywhere for criminals to target, and there isn’t much you can do to keep it from spreading. You use your email credentials on countless websites, you use your credit card number with countless vendors, and, believe it or not, your Social Security number is shared rapidly immediately after you’re born.

It’s almost impossible to give out your personal information nowadays. However, criminals know this, and they lurk around the same places that your information is used. You need to take action to secure your information so you are less of a target. Let me show you one simple step you can take today that will create one layer of security and improve your defenses.

There is one specific action you can take to secure your information, and after you do it, you’ll be much less likely to be targeted because criminals tend to take the path of least resistance. That said, if you DON’T do this action today, you ARE the path of least resistance.

All you have to do is set up a credit freeze. There are four major credit bureaus in the United States, and you need to get a credit freeze with them. Just use your preferred search engine and look for Experian credit freeze, Equifax credit freeze, TransUnion credit freeze, and Innovis credit freeze. You should freeze your credit with all four, but you should still review your annual credit reports. More importantly, you should dispute discrepancies with the appropriate bureau AND the lender. Getting a credit freeze won’t gum up your credit score or make it so you can’t use credit. You are able to “thaw” the frozen credit as needed and then freeze it again. You can literally do this in a single day. Then you’ll want to put more layers of defense in place to become an even harder target than the other guy.

A credit freeze will secure your information, but setting up multiple layers of defenses is really what will make you a hard target. Criminals are constantly probing defenses, and even while technology advances, crimes against your data are usually ahead of the curve. You don’t need to know everything about security, but you do need to take on the responsibility of protecting yourself. I’ve created a free guide that will make you a pseudo expert on your own security, and if you follow it’s simple steps, you will have more layers of defense than the average person. If you want to create even more layers of defenses, bring this guide to my next webinar, and I will walk you through each step so you can rest assured that you are creating a smart, secure, safer “me.”

How to be a Grandma Identity Thief Murderer

Lois Riess is a woman from Minnesota who police say shot her husband, went on the run, and then killed a woman in order to take on her identity.  Here are some shocking facts about her:

Riess Looked Like her Victim 

The woman Lois Riess killed, Pamela Hutchinson, looked like her. This is why Pamela lost her life. When the body was found, police said her ID, credit cards, cash, and car was gone. Police put out an arrest warrant for Riess, and then started hunting for her. Police say the women did not know each other.

Lois Riess Allegedly Killed Her Husband, Too

Pamela Hutchinson wasn’t the only one who has allegedly died at Riess’ hand. Lois’ husband, David Riess, is also dead. He was found in the couple’s Minnesota home with several gunshot wounds after two weeks of not showing up at work. David’s car was missing, as was $11,000 out of his business account. It is believed that Lois used the same gun to kill both of her victims. Though Lois originally took the couple’s Cadillac, it was found abandoned in Florida several days later.

Pamela Hutchinson and David Riess

Though she was killed in Fort Myers, Pamela Hutchinson didn’t live there; she lived in Bradenton, FL. She was in Fort Myers to spread the ashes of her husband who had recently passed away.

David, Lois’ husband, owned a commercial worm farm. He was a Navy veteran and loved boating, fishing, hunting, and spending time with his grandkids.

Lois Riess was a Gambler, and She Had an Interesting Nickname

According to reports, Lois Riess was a gambler, and had an addiction to gambling that eventually destroyed her family. It is said that she stole more than $100,000 from her sister, and had the nickname, “Losing Streak Lois.”

Lois Took a Road Trip After the Killings

After killing Pamela, detective believe that Lois left Florida and traveled through Alabama, Mississippi, Louisiana, and Texas. She was driving Pamela’s car, which she took after shooting the woman.

Before Lois was even captured, she was charged with the murder of both her husband, David, and Hutchinson. She is facing a first degree murder charge in Florida along with grand theft auto, grand theft, and criminal use of personal identification. She faces the death penalty if found guilty. As for the alleged murder of her husband, David, in Minnesota, murder charges are pending, so it’s likely that she will face two counts of first degree murder when all is said and done in this case.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Bank Tellers stealing Identities

Ever consider the possibility that a person gets a job as a bank teller…for the sole purpose of stealing a patron’s identity?

Do you realize how easy this would be?

  • No techy hacking skills required.
  • No gun required.

So we’ve all been instilled with fear of our bank getting data breached by Russian hacking rings, while that mousy looking teller with the sweet smile could be your greatest threat.

A nytimes.com article points out that a teller from Capital One had gained access to seven accounts and gave information to a co-thief who drew checks on these accounts.

Tellers can fake debit cards and wire unauthorized funds. They can also sell personal data to other thieves.

The nytimes.com article says that a teller was part of an ID theft ring that stole $850,000. The idea of tellers committing these thefts is very real. One teller even took photos with a cell phone of account data to cash phony checks. Another thief, who worked at a credit union, took loans out in customer’s names.

There are many ways that tellers can steal, including creating credit cards in customer’s names. Tellers may also be easily bribed by thieves to sell them customer information, as the tellers’ income isn’t that great, averaging about $25,000 a year.

The thieves, who bribe the tellers, don’t necessarily pay them with money. They may offer them luxuries that the teller can only dream of, such as flying in private jets and meeting famous athletes, says the nytimes.com report.

And if you think that banks require rigorous background checks for new teller  hires…think again. Furthermore, continues the article, savvy thief-tellers will keep their fraudulent withdrawals under $10,000, to keep below the detection radar. These sneaks can get away with this for years.

The general rule of thumb is that tellers have way too much access to customers’ data, and banks are lax at correcting this problem beyond simply reimbursing customers with their stolen money. The banks don’t want to invest the money and time in straightening out this problem, though a small number of banks have implemented tighter controls on tellers.

But what can we, the customer, do? We just have to keep our fingers crossed? The most effective way to prevent fraud is to do two things:

  1. Go over your accounts security controls with a bank advisor. Set up limits on transactions, require second signatures for large dollar amounts, and restrict money flow in any way that will cause financial harm.
  2. Set up alerts and notifications, so you, the account holder can become fully aware of every transaction of any kind.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Business Identity Theft: Beware of Identity Thieving Employees

Wow, a lawyer in Memphis got scammed by his secretary—she embezzled over $362,000 from him, says an article on wreg.com. Attorney Jerry Schatz hired Teresa Sumpter, 48, in July of 2013.

10DLittle did he know that his assistant would end up stealing checks from his trust account, forging her signature on them, and opening three credit cards—all in his name. And she named herself as an authorized user.

And what did this conniving little pill do with the stolen money? Sumpter bought several vehicles, paid some bills and purchased some miscellaneous things.

After her arrest she was charged with six counts of identity theft, two counts of forgery and two counts of theft of property.

So you see, the “bad guy” is sometimes a woman. It happens more often than you think, too. An article at sacbee.com tells the case of Natashia Adams Lugo, 31, whose dirty deeds of identity theft got her a sentence of almost 15 years in a state prison.

Lugo had been employed by Job Journal LLC. Then she was fired. So she decided to get some revenge by using her former employer’s bank checking and routing numbers to polish off $40,000 of personal debt. How could she not have known that her criminal act would easily be traced back to her?

Lugo also stole $17,200 from the Job Journal’s bank account to fund her child support account. Once again, the question blares: How could she have been dumb enough to commit a crime so traceable back to her? Some times these criminals aren’t so savvy, other times they are. Regardless, the employers usually never see the money again.

Prior to the Job Journal employment, Lugo had worked for Balanced Body, which fired her. You guessed it: After being fired, she used the company’s personal identifying information, as well as that from some of its patrons, to steal over $11,000.

Businesses need to beware of firing employees. But the logistics of protecting themselves from these kinds of crimes can be enormous. Big companies can’t close out their bank accounts and open new bank accounts every time someone is fired. Maybe small companies can, that hardly ever fire anyone, but the bottom line is that businesses just have to keep their fingers crossed whenever they give someone the pink slip.

The big thing is to hire forensics accountants to look at your books, frequently. Especially in family owned businesses. Sad, but true.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Identity Fraud Victim every two Seconds

Yes, identity fraud is SO common that someone becomes a victim every two seconds. The 2014 Identity Fraud Study, as reported on javelinstrategy.com, turned up some alarming results.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Though the dollar amount stolen had decreased over the year preceding the study, the number of victims had increased. People at highest risk were ages 35 to 44.

Account takeover—when the thief takes over a pre-existing account—made up 28 percent of ID fraud losses in 2013. But the greatest risk factor for becoming a victim of identity fraud is the data breach. In that year, 30 percent of people who were notified of a data breach became an ID fraud victim.

Identity fraud is associated with credit cards, but this type of crime can also involve hijacking someone’s PayPal account, or account on Amazon and eBay.

How to Protect Yourself

Javelin Strategy & Research, who conducted the study, recommends the following:

  • Never use public Wi-Fi (at least use a VPN)
  • Shred old sensitive documents.
  • Change the passwords on all of your accounts often.
  • See which accounts offer two-factor authentication, then set it up. This way you’ll know if an unauthorized person is trying to access your account.
  • Use anti-virus and anti-malware software for all of your devices.
  • Monitor your accounts every week. Use mobile apps to stay on top of them.
  • Use direct deposit for payroll checks.
  • Don’t permit your Social Security Number to be used as an authenticating factor, because it can’t be changed, like a username or password can. Ninety-six percent of major credit card issuers and 80 percent of the top 25 banks will permit access to an account via the SSN. You should inform the institution to notate that you will never provide this number to verify your identity.
  • Arrange for your financial institutions to send you alerts (e-mail, text, phone call) when anomalous activity occurs, such as a purchase made in two countries only a few hours apart, or any purchase over a certain amount. Ask about additional forms of fraud detection as well.
  • If you suspect fraud, immediately report it.

If you receive notification of a data breach, you’re at higher risk for fraud; crack down on monitoring your accounts.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode.

The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.”

The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he “did not assume a false or fictitious identity or capacity,” and “did not hold himself out to be another person.” The court found the defendant’s use of a false Social Security number “irrelevant,” since the number was provided to fulfill “a lender requirement, not a legal requirement.”

Justice Nathan Coats dissented, writing, “The defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes” was “precisely the kind of conduct meant to be proscribed as criminal.”

This is yet another example of the lack of justice in the judicial system. The justices erred by failing to understand what identity theft really entails, especially when considering the distinction between a “lender requirement” and a “legal requirement.” Whether or not a Social Security number is legally required in order to obtain credit, it is still a legal identifier in many circumstances.

42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), a federal law enacted in 1996, determines when the numbers should be used. This law requires a Social Security number to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can also be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

“Synthetic identity theft” occurs whenever an identity is partially or entirely fabricated. This commonly involves the use of a real Social Security number in combination with a name and birth date that are not associated with the number. This type of fraud is more difficult to track because the evidence does not appear on the victim’s credit report or on the perpetrator’s credit report, but rather as a new credit file or subfile. Synthetic identity theft is a problem for creditors, who grant credit based on false records. It can also create complications for individual victims if their names become associated with synthetic identities, or if their credit scores are impacted by negative information in an erroneous subfile.

With this decision, the Colorado Supreme Court has fundamentally upset the balance of law, effectively opening a Pandora’s box of problems. This saga is far from over.

Since the law won’t protect you, at least in this scenario, consider investing in McAfee Identity Protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, plus access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims onThe Morning Show with Mike and Juliet. (Disclosures)

7 Tips To Better Credit Card Security

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures



Top 5 Scams to Watch Out For

#1 Nigerian Scams: According to a Dutch study, victims of advanced-fee scams, which are also known as 419 scams or Nigerian scams, lost more than $9 billion in 2009, almost 50% more than the previous year. (This PDF contains the statistics from the study.)

While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams were launched from 69 other countries in 2009. Scammers are broadening their targets to include emerging Internet markets, rather than simply targeting English-speaking nations.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. The seller said he had recently moved to Miami, and couldn’t keep his dog due to his new living conditions. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.“

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2, 2010.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component, which gives the phisher full access to the user’s data, including user names and passwords, credit card and bank account details, and Social Security numbers.

Never, ever click on links in the body of an email. There is always a workaround.

Like mom said, if it sounds too good to be true, it probably is. And even if you will never fall for these scams, someone in your life might be a tad more naïve. So educate them.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss job scams on Fox News.(Disclosures)

Part 1 of Identity Theft – 5 Identity Theft Myths Unveiled

#1 You can’t protect yourself from identity theft.

Some, not all Identity theft is preventable. There are many things people can do to minimize their risk, both online and offline. Shred anything that has names and account numbers or any other data that can be used to con someone else into divulging even more information. Keep financial records protected and private in a locking file cabinet at home or protected PC. Opt out of junk mail. Invest in an identity theft protection service and get a credit freeze.

#2 Identity theft is only a financial crime.

There is also medical identity theft when someone poses as you to get medical attention, criminal identity theft when the thief commits crimes under your identity. There is also employment fraud when they use your SSN to get a job and identity cloning when the thief is simply trying to evade the law or others by posing as you in plain sight.

#3 Technology and computers are why identity theft is so big.

Certainly data breaches are responsible for some identity theft. However, low tech identity theft is the bigger problem. A lost or stolen wallet, checkbook, or a debit or credit card handed over to a clerk or information tossed in the trash are all the most prevalent ways your identity is jacked.

#4 Caller ID is safe.

Caller IDs are easily spoofed with technology that allows the bad guy to change what shows up on your handset. First, no matter who calls, never giver personal information over the phone if you stand to gain or lose something or if the caller states your data was lost in a computer crash. Always use the phonebook or look up the number online and call them back.

#5 Checking your credit report protects you from identity theft.

I’ve always though thought this was silly advice. Checking your credit report just tells you if your identity has been stolen. But you should still check your credit report as often as possible. Some identity theft protection services let you check it every day. I’d check it monthly if you have the option.

Robert Siciliano personal security expert to Home Security Source discussing identity theft on YouTube. Disclosures.

National Protect Your Identity Week is October 17-23

The first decade of the new millennium is almost over, another year has passed and by my estimates identity theft as we know it is not getting any better, it is getting worse. I’m a big believer in the fundamentals and some things just can’t be said any other way, and to remind you I’m taking a page from a post from an entire year ago because it is absolutely essential that you – the public, corporations, associations and government agencies, all take responsibility and do what is necessary to protect yourself, your clients and your constituents.

Identity theft isn’t going away any time soon and therefore it is essential that you consume as much information to educate yourself, inform others and prevent identity theft from happening under your watch. Like any problem that we may face in life, we do our best to find a speedy and efficient solution. However identity theft is one of those problems that acts like a 10 headed monster that we keep chopping the head off but it keeps growing a new head, a new leg and a new arm.

Because we are a persistent and resilient people, and we never ever give up, we will prevail. The National Foundation for Credit Counseling has created National Protect Your Identity Week from October 17-23 to create awareness and provide information. The solution requires a coordinated effort between every single citizen, company and government official to see the big picture and to do what’s right and put the necessary systems in place that prevent the bad guy from doing his job. The solutions are near. Some of them are already in place. It’s just a matter of everyone getting on the same page and coming to an agreement.

Understand there has always been, and will always be a criminal element looking to take from those who have. The bad guy (and gal) persistently looks for their next victim all day, every day. Your job is to become informed and know what it means to become a tougher target. And in the meantime those who are responsible on a higher level to protect us, and our critical infrastructures, methods of commerce, and ways in which we identify ourselves will continue to work on the big stuff. But they need you to be aware and alert and actively participate in the process. We are all in this together.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Become an expert in identity theft and information security. Be the go-to-person in your home or organization who has all the answers to the problem.

A number of national organizations are also putting their weight behind this initiative, joining the NFCC and BBB as Supporting PYIW Coalition Members.  This Coalition includes: American Bankers Association Education Foundation, American Financial Services Association Education Foundation, American Payroll Association, Consumer Action, Consumer Data Industry Association, Consumer Federation of America, Credit Union National Association, Federal Reserve Board, Federal Trade Commission, FICO, Foundation for Financial Planning, Identity Theft Assistance Center, Identity Theft Resource Center, Jump$tart Coalition for Financial Literacy, Junior Achievement USA, National Association of Triads, National Council of La Raza, National Crime Prevention Council, National Education Association Member Benefits, National Sheriffs’ Association, the Office of the Comptroller of the Currency and the Social Security Administration.

Robert Siciliano personal security expert to  Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.