Criminal Hackers Get to Momma and DaDa Via Children

/in , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits.

For the uninitiated Curious George is a little happy go lucky bumbling monkey that continually gets himself in a pickle. His curiosity almost kills the monkey in every episode. Thank heavens for “”The Man in the Yellow Hat” which is Georges keeper and occasional life saver. A 41 year old male knows this when he waits 38 years to spawn.

Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.

So here you are in your kitchen making a bunt cake. You continually glance over in amazement that a 3 year old, who cant color in the lines or spell or count above 20 or even tie her own shoes, but she can navigate through an inexhaustible gaming and learning website of PBSKids. She whacks away at the keyboard from morning till evening. So intensely she hacks that when it’s time to pull her away from the computer to maybe, ahh eat? She takes a fit because you caught her mid Sid The Science Kid.

Little do you know that while little miss Mitnick was tap tap tapping away, some frigging cheesebag was trying to rifle all your data via a Clifford The Big Red Dog JavaScript reliant puzzle.  Is there no shame? Boundaries? Apparently not.

It is not immediately evident how hackers compromised the site. They may have taken advantage of a known flaw and  exploited a SQL injection vulnerability.

Kids playing were met with a pop-up message requesting authentication to enter a username and password during a game. “But DaDa, I don’t know my words yet”.  From here, no matter what was entered they were directed to an error page that had malicious code. The JavaScript then loaded malware targeting flaws in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. If the affected computer was not up to date with all their critical security patches then they got the bug.

Lax security practices by consumers are giving scammers a base from which to launch attacks. USA Today reports IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily.

The key to identity theft protection and preventing your computer from becoming a zombie is to engage in every update for every browser, software and media player that you use, keeping your operating system updated and use anti-virus software such as McAfee Total Protection.

And if your 3 year old happens to engage a toothless criminal hacker from the Eastern Bloc and you haven’t been up to date, make sure you have a backup plan if your data is compromised.

1. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing soulless criminal hackers on Fox News

Liars Cons and Scammers: How to Recognize Them

/1 Comment/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

We talk about criminal hackers, scammers and con men as though they are mysterious creatures from the Twilight Zone. But while they are certainly interesting, fundamentally they are people. People who lie, and do it better than anyone else.

If only our noses grew every time we lied. Life would be so transparent. 

Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases, the attacker never comes face to face with the victim. But many times, con men do come into personal contact with victims. And when they do, there are a few telltale signs to look out for.

According to a University of Massachusetts study, 60% of participants lied at least once during an observed ten minute conversation.  Body language expert Carolyn Finch, a colleague of mine from New England, was a consultant and during the OJ Simpson trial and has appeared on numerous media outlets. She points out what to look for:

Face: Finch says when people lie, they smile with only the lower muscles in their face. A liar might try and fake a smile to look genuine or at ease. But a real smile uses the entire face, including the eyes.

Speech: A liar will speak hesitantly and pauses frequently when answering a question. A liar might also repeat words or stutter. “A person who is pausing is thinking,” said Finch. “The eyes go up and around and down to think about what they are going to say next.”

Nerves: Other indicators that the person is uncomfortable include nose rubbing or touching underneath the nose. And watch hands closely, which are an easy way to spot nervousness. “Sometimes there is tremor, definitely in the hands,” said Finch, who also noted the jaw might shake, too.

Eyes: Liars will make a concerted effort to keep your gaze so as not to arouse suspicion. However, Finch advises studying where there eyes go if, and when, they do break gaze.

If you ask someone to remember what they ate an hour ago, they might look up and to their left, which indicates “visual recall,” meaning they are accessing a part of their brain to remember a fact. Whereas if you ask them to think of what it must be like to live on the moon, they look to the upper right, which is called  indicates “visual construct,” meaning they are accessing a part of their brain to create a scenario. This is also what someone does when they lie.

Become an observer of the human condition. Study what makes people tick and what motivates them. Determine who is truthful and who lives a lie. Bad guys who want to take from you generally lie. Whether in person, online, or over the phone, you can sense a lie if you are tuned in. And that should help protect you from scammers and identity thieves.

There are numerous tools to protect you too. Intelius offers a Background Report and a DateCheck. Its unfortunately not enough to simply “trust” or even trust your gut. Its often necessary to make a small investment.

Background reports include, when available, a criminal and sex offender check, lawsuits, judgments, liens, bankruptcies, home value & property ownership, address history, phone numbers, relatives & associates, neighbors, marriage/divorce records and more.

A Date Check instantly gets the scoop on potential dates with an online background check which provides information on living situations, relatives, criminal convictions, professional information, bankruptcies, liens, address history, social network info and more. Date Check helps you follow up on your intuition with real facts.

In the meantime protect your identity too.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses Bernie Madoff, liar, on CBS Boston.

Couples Online Bank Account Hacked Leads to Identity Theft

/3 Comments/in , , , , , , , , /by

Robert Siciliano Identity Theft Expert

In 2007, a U.S. couple fell victim to identity theft when a criminal accessed their online bank account and stole $26,500 from a home equity credit line. The money was transferred to an Austrian bank that refused to return the funds to Citizens Financial Bank. So Citizens Financial informed the couple that they were liable for the loss. When the couple refused to pay, the bank notified the credit bureaus that their account was delinquent and threatened to foreclose on their home. So the couple sued the bank, claiming violations of the Electronic Funds Transfer Act and the Fair Credit Reporting Act, as well as accusing the bank of negligence.

Who should be held responsible? Well, the jury’s out. Literally.

Did the couple accidentally give their data to a phisher? Were they dumb, or was it just bad luck? Was their Internet security software up to date? Does that matter? Should the bank activate their zero liability policies and simply chalk it up to a loss? I’m a big believer in personal responsibility. However, if the bank offered a system that can be easily defeated then maybe they should take some responsibility.

White hat hackers are struggling to stay one step ahead of the criminals. There are more ways to compromise data today than ever before. Viruses quadrupled in one year, from just over 15,000 in 2007 to nearly 60,000 in 2008. Black hat hackers are out in full force.

In 2000, the white hats were supposedly about a year ahead of the black hats in technology, meaning that it should take about a year for the black hats to hack the white hats. Other research shows that by 2004, the black hats were about two weeks behind the white hats. And now here we are in 2009. In many cases, the black hats are years ahead of the white hats. The good guys are losing.

Many new viruses may already be on your hard drive, dormant, waiting for a signal to activate. They may be Trojans, waiting to strike when you log on to your online bank account.

We tend to have numerous viruses in our own bodies, which take control once our immune system is weak, or when they come into contact with one another. Similarly, your PC may have viruses lurking within. It’s easy for a PC to catch a virus when we simply visit a website, click on a link or download a program that we believe to be safe.

The technology of the criminal hacker has evolved, and is continuing to evolve faster than that of the white hats. This means you have to be on your game. Stay informed, and don’t let your guard down.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

3. Make sure your McAfee anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

Cybersquatting Leads to Identity Theft

/in , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Ever click on a link in an email or while browsing online, and something just wasn’t right? The domain name in the address bar was off by a letter or two? Or a word was misspelled? Maybe there was a number tossed in for good measure? This is either cybersquatting or typosquatting, and it’s a problem.

Cybersquatting is the act of procuring someone else’s trademarked brand name online, either as a dot com or any other U.S.-based extension. Cybersquatters squat for many reasons, including for fun, because they are hoping to resell the domain, they are using the domain to advertise competitors’ wares, stalking, harassment or outright fraud. Social media identity theft, or grabbing someone else’s given name on social networks, is another form of cybersquatting or, when it occurs on Twitter, Twitter squatting.

In particularly malicious cases of cybersquatting, identity thieves will use a domain similar to that of a bank in order to create a spoofed website for phishing. If the domain isn’t available, typosquatting is the next best option. After Annualcreditreport.com launched, more than 200 similar domains were quickly snapped up.

This is just one more reason to actively protect yourself from identity theft.

This week, Computerworld discussed the havoc that cybersquatting can have on a brand’s reputation. Sometimes, criminals copy a brand’s entire website in order to collect usernames and passwords from unwitting visitors. Then, the hackers will test those names and passwords on other websites. Cybersquatting increased by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor’s annual Brandjacking Index report.

Intellectual property owners can sue cybersquatters under the federal Anticybersquatting Consumer Protection Act, but it’s expensive and damages are limited to $100,000. They can try to shut down sites containing copyrighted content under provisions of the Digital Millennium Copyright Act, and in some cases, they might be able to pursue violators for trademark abuse under provisions of the Lanham (Trademark) Act.

I’ve written before about the time I was accused of cybersquatting. I wasn’t, I swear! It was the early 90’s, and I had an IBM PS1 Consultant 3.1 Microsoft operating system and a rockin’ 150 MB hard drive. I bought myself some domains. I sold some, others I regrettably gave up. And there was one that will haunt me ’till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin was and is my band, and as a fan, I bought the domain as a keepsake. I would get emails from people all over the world, saying things like, “I am Paulo from Brazil, I love the Led Zep!”

Then, when Clinton passed a law later making cybersquatting illegal, I knew it was only a matter of time. I had it for five years before anyone from the band’s team of lawyers approached me about it. And when they did, I didn’t know how to handle it. And my lawyer at the time, even less so. Ultimately, I gave it up without a fight, but I’m sure the band’s lawyers billed them for the one inch thick book of a lawsuit I was served with. Sorry, dudes. My bad.

In this case, the lawyers saw an opportunity to build a case against me, a fan who would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked out and called them, yelling that they could take it, that I never wanted that.

One of few regrets. But I have a nice one inch thick souvenir all about me and the band and why I’m an idiot.

Anyway, with cybersquatting on the rise, it makes sense to claim your name, your brand name, and your kids’ names on social networking sites and domain names as soon as possible. Just in case you get famous, you don’t want to have to fight a twit like me.

Protect your identity too.

  1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing stolen domain names on Fox News

Preventing Card-Skimming Identity Theft

/1 Comment/in , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. The worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming can occur in a few different ways. The most common is when a store clerk takes your card and runs it through a device that copies the information from the magnetic strip. Once the thief has the credit or debit card data, he or she can place orders over the phone or online. Thieves can also copy the data on blank cards, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

The PCI Security Standards Council provides guidelines designed to help merchants securely store and transmit card account data and prevent it from falling into the hands of criminals. Retailers who fail to comply with PCI’s standards can be fined up to $500,000 by credit card providers such as Visa and MasterCard. PCI recently released a series of recommendations for the prevention of skimming scams. “Skimming is becoming a widespread problem. These are guidelines for what retailers should be looking at with their reader devices”, says Bob Russo, general manager of the PCI SSC. “We discuss different techniques for protecting those point-of-sale devices.”

The PCI Council’s “Skimming Prevention: Best Practices for Merchants” guidelines include a risk assessment questionnaire and self-evaluation forms to gauge susceptibility to these types of attacks and to determine where they need to shore up their defenses. The guidelines cover how to educate and protect employees who handle the point of sale devices from being targeted, as well as ways to prevent and deter compromise of those devices. They also detail how to identify a rigged reader and what to do about it, and how physical location of the devices and stores can raise risk.

Thieves can completely replace a merchant’s point of sale terminal with a device that is rigged to record or divert card data wirelessly, or simply store the data until the criminal comes back and removes it. (This is what happened to Stop and Shop.)

Criminals can also place a device on the face of an ATM, which appears to be a part of the machine.  It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder near the ATM, in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

A customer at a New York City bank discovered a skimming device on the face of an ATM, and went inside the bank to inform the branch manager. The manager, who had never seen an ATM skimmer and wasn’t sure what to do, took the skimmer and thanked him. The customer then remembered, from numerous reports about ATM skimming, that there is usually a second part to the ATM skimmer, the camera. In this case, he found it behind a small mirror that alerts the ATM user to beware of “shoulder surfers.” He brought the camera to the bank manager, who replied by saying, “Maybe we should shut that machine down, huh?” The bank manager contacted bank security, shut down the machine, and alerted other area banks.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader. This technology does not require any software adjustments be made to the ATM itself, and does not connect to or affect the ATM communications network. Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

You can protect yourself from these types of scams by paying attention to your statements and refuting any unauthorized transactions within 60 days. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or if the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Use strong PINs, with both upper and lowercase letters, as well as numbers. And invest in Intelius identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft expert, discusses ATM skimming on Fox News.

Credit/Debit Card Identity Theft Concerns Trump Terrorism

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

recent Unisys study found that, in the midst of the global financial crisis, American’s primary fear is credit and debit card fraud. 68% of those surveyed are extremely or very concerned about the security of their credit or debit card data, and 66% are extremely or very concerned about identity theft.

Compare that to 58% who are extremely or very concerned about terrorism and war, and 41% who fear the possibility of a serious health epidemic. If we actually had a pandemic, I’m sure the public would favor health concerns over money. But so be it.

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps when you hand it over to pay at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft, though I’ve always viewed it as simple credit card fraud.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to be protected by this $50 limit. After that, the maximum liability jumps to $500. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

1. Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

3. Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.
·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes
·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers
·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls
·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors
·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name
·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly
·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

Another Identity Theft Ring Busted

/in , , , , , , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

The feds are getting better at busting criminals every day. Seventeen criminals, many from Eastern Europe, pilfered more than 95,000 stolen credit card numbers and $4 million worth of fraudulent transactions.

The New York Times reports the men were involved in a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

Several of the scammers — Viatcheslav Vasilyev, Vladimir Kramarenko, Egor Shevelev, Dzimitry Burak and Oleg Kovelin — were charged with corruption. Vasilyev, 33, and Kramarenko, 31, were arrested at their homes in Prague, have been extradited to Manhattan. Shevelev, 23, was arrested in Greece last year, is still awaiting extradition. Burak, 26, a citizen of Belarus and Kovelin, 28, a citizen of Moldova have not been arrested

Vasilyev and Kramarenko recruited work from home employees to advertise and sell electronics on eBay. When someone would purchase an item, the two men would pocket the buyer’s payment, give a cut to their recruit, then use a stolen credit card number to purchase the item from a retail store and send it to the buyer. In essence, they used eBay to obtain a legitimate buyer’s credit card number through a legitimate channel and didn’t actually “hack” anything. They simply set up pseudo-fake auctions that, in most cases, delivered the product, but also obtained the victim’s credit card number and then made fraudulent charges.

Burak and Shevelev were “carders” who sold stolen credit card information on a website called Dumpsmarket and, probably, in chat rooms. “Dumps” is a criminal term for stolen credit cards and “carders” are the scammers who buy and sell them. Kovelin was a criminal hacker who stole victims’ financial information via phishing emails and more than likely used the victims’ own account information against them.

Protect yourself:

  1. Check your credit card statements often, especially after using an online auction site. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Don’t just buy the lowest priced product on and auction site. Use auction sellers who have been approved my many and have a solid track record.
  3. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from a trusted source like eBay directly to their account because they have been actively engaging the fraudulent auctioneer. eBays system doesn’t recommend giving your credit card information outside their network in an email.
  4. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  5. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Identity Theft Speaker Robert Siciliano discusses a study done by McAfee on mules bilked in work-at-home scams on Fox News

Will a National ID Card Prevent Identity Theft?

/in , , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

In a word, no. A national ID card, on its own, will not prevent all forms of identity theft. In order for new account fraud to be entirely avoidable, a number of other factors would have to come into play, effectively establishing accountability through identity proofing. Effective identity proofing is also necessary in order to reliably prevent medical and criminal identity theft.

As you might have guessed, identity proofing simply means proving that individuals are who they say they are. Identity proofing often begins with personal questions, like the name of a first grade teacher or the make and model of a first vehicle, that only the actual person would be able to answer. Of course, this technique is not foolproof, and now that personal information is so readily available over the Internet, knowledge-based authentication is probably on its way to extinction. The next step is documentation, such as a copy of a utility bill or a mortgage statement. These types of identifying documents can be scavenged from the trash, but they are more effective proof when combines with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Identity scoring is another effective identity proofing method. An identity score is a system for tagging and verifying the legitimacy of an individual’s public identity. Identity scores are being used to prevent fraud in business and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including components such as personal identifiers, public and government records, Internet data, corporate data, predicted behavior patterns based on empiric data, self-assessed behavior patterns, and credit records.

USA Today reports that in the four years since Congress enacted the Real ID Act, which was intended to make it more difficult to obtain a fraudulent driver’s license, the act has languished due to opposition from several states. Real ID supporters say it will not only deter terrorism but also reduce identity theft, curb illegal immigration and reduce underage drinking, all by making the nation’s identification-of-choice more secure. Homeland Security Secretary Janet Napolitano is proposing the repeal of the Real ID Act.

The Real ID Act has many provisions that are forms of identity proofing along with the potential for biometrics across the board. When Indiana checked its six million drivers against a Social Security database, it ended up invalidating 19,000 licenses that didn’t match. When Indiana began using “facial recognition” technology to make its photos secure, the state caught a man who had 149 licenses with the same photo but different names.

Is Napolitano moving backwards or forwards? Do your research and decide for yourself.

Protect yourself from identity theft;

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name.

2. Invest in Intelius Identity Protect. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Identity Theft Speaker Robert Siciliano discussing identity theft on Fox News

Scammers Targeting Craigslist Users

/in , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Craigslist scams are in full force. Fox news reports scams targeting online car buyers. The crooks spend about a hundred dollars on a junk car and get a title. Then they steal a similar car and advertise it for sale on Craigslist. This is a form of auto identity theft too. They then take the VIN plate or vehicle identification number plate out of the junk car and put it inside the stolen car.

Meanwhile Fox News also reports adoptive parents are being scammed on Craigslist . A mother from Massachusetts was horrified when she saw an ad on Craigslist of her 7-month-old son up for adoption! Reports said that someone alerted the mother to her son’s photo on Craigslist.

The baby involved in this online adoption scam is named Jake. The ad, which involved his photo, said: “A CUTE BABY BOY READY FOR ADOPTION. HE IS VERY HEALTHY”. When the mother responded to the ad, she got a response saying her son was in an orphanage.

The mother said the photo was taken from her family’s blog.  Ive said in the past when posting to social media sites don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.

The mother said her son wasn’t being harmed, but felt he was violated. She alerted the FBI and the scammer had also been removed on Yahoo.

I spoke with Jeffrey A. Kasky, Esq., renowned adoption expert from OneWorldAdoption.com. He said “Families who hope to adopt a child are frequently medically unable to have children for themselves.  As such, they look at adoption opportunities from an emotional rather than a logical perspective, and are therefore more vulnerable to scams. What would tug at your heartstrings more than thinking that this beautiful little boy was stuck in an orphanage halfway around the world?  “All you have to do is wire us $300 now, then more and more and more, and he can be yours…….”

Scammers are lower than that black smelly stuff in a sewer.

No matter what you are selling or buying you must know who you are dealing with on Craigslist. When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them! There’s no benefit to paranoia, but being a little guarded can prevent you from stumbling into a vulnerable situation.  Since predators use online classifieds to lure unsuspecting victims, you should find out as much as possible about strangers who contact you, or when you contact them. Use Google or iSearch.com to investigate names and email addresses and phone numbers.

Whenever possible, deal locally. People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash, that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

I- ID pre meeting. Get their name and cell phone number so you can use free iSearch.com and look for their name in social networks. If you see anything suspicious then cancel or check further Intelius.com

N- Never meet in private. Meet at a public location that involves lots of other people. The more eyeballs the better.

T- Trust your gut, and don’t discount any troubling feelings you might have about your meeting. If anything seems wrong, then it IS wrong. Cancel if necessary.

E- Enlist a friend Whenever possible, bring along a someone. There is strength in numbers. Predators thrive on isolation. By paring up, you reduce the chances of being attacked.

L- Look street smart. Don’t wear expensive jewelry nor provocative clothes. Scarves and loose fitting clothing give attackers something to grab. Wear shoes you can run and kick in

I- Intelius can help Using a product like Intelius.com allows you to do a criminal check before meeting.

Unaware creates risk. Unfortunately there is risk in meeting someone you don’t know.  Being guarded can keep you from getting into a vulnerable situation.

S- Stay in communication Make it known to your spouse or a friend where you are going and when you will be back. Have them on your cell phone while you are meeting.

Robert Siciliano Identity Theft Speaker discussing all kinds of scams on TBS Movie and a Makeover

Big Time Identity Theft Hackers Indicted

/1 Comment/in , , , , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

ABC news and a bazillion other outlets report that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin'” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity. Once a criminal, always a criminal.

Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company, Dave and Busters and TJX Corporation, which involved up to 45 million credit card numbers..

Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide.

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

The NY Times reports according to the indictment, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores and used a technique called “wardriving” to monitor wireless networks. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

Threat Level, by Wired magazine, reported that Gonzalez had lived a lavish lifestyle in Miami, once spending $75,000 on a birthday party for himself and complaining to friends that he had to manually count thousands of $20 bills when his counting machine broke.

Protect yourself;

1. You can’t prevent this type of credit card fraud from happening to you when the retailer isn’t protecting your data. Eventually credit card protection solutions will  be available. For now, protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

3. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing credit card data breaches and the sad state of cyber security on Fox News