Mobile Phone Security Under Attack

As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for content creators’ latest innovations, which often require more and more device access. As applications and other content are more widely distributed, security breaches will be inevitable.

The speed of technological advancement and the demand for new products and services make mobile phones particularly vulnerable. In some countries, almost all banking takes place with the use of phones.

Spyware, which was created as a legitimate technology for PCs, further complicates matters. Spyware can track and record social networking activities, online searches, chats, instant messages, emails, keystrokes, websites visited, and programs launched. It can be the equivalent of digital surveillance, revealing every stroke of the user’s mouse and keyboard. When a PC or phone becomes infected with spyware, all the data on that PC or phone is immediately compromised.

Mobile phone spyware is relatively new, and is quickly grabbing headlines. As PCs shrink to the size of a smartphone, spyware continues to evolve. This software records nearly everything a person does on a phone. Some spyware programs can record everything in a video file that can then be accessed remotely.

Spyware can be installed on your cell phone remotely or directly. To protect your phone, never click on links in texts or emails, since these links may actually point toward malicious downloads. Keep your phone with you, don’t let it out of your sight, and don’t share it with others. Make sure your phone requires a password, as this makes it more difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the phone’s operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss mobile phone spyware on Good Morning America(Disclosures)

Five Ways Identities Are Stolen Online

Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion dollars in the last year.

There are several motives for this type of theft, but the most prevalent is to steal identities. Your identity is your most valuable asset, but most consumers lack the time, knowledge, and resources to protect their identities. Five of the most common ways identities are stolen online are through phishing scams, P2P file sharing, social networking, malicious websites, and malicious attachments.

Phishing: Phishing scams still work. Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. As they say, the bigger they are, the harder they fall. Never click links in emails, even if they appear to come from a bank or other trustworthy source. Instead, type the address in manually or use a bookmark.

P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Obama’s helicopter plans, security details, and notes on Congressional depositions have all been leaked on government-controlled computers via P2P. You should set administrative privileges to prevent the installation of P2P software.

Social Networking: One of the easiest ways into a company’s networks is through social media. Social networking websites have grown too big, too fast, and can’t keep up with security. Criminals know exactly how to take advantage of this, so create policies and procedures that outline appropriate use, and beware of social networking scams.

Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Use antivirus software to protect your PC and your data.

Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. Every browser requires software to view PDFs and many websites either link to PDFs or incorporate Adobe Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss P2P file sharing on Fox News. (Disclosures)

Half Billion Records Breached in 5 Years

In the late 90s and early 2000s, hacking had evolved from “phreaking” (hacking phone systems) to “cracking” (breaking into networks). At the time, hackers hacked for fun, for the challenge, and for fame and popularity within the hacking community. But soon enough, the public began spending more time online, shopping, banking, and managing personal affairs. Hackers are no longer wreaking havoc for its own sake, deleting files, or tormenting IT administrators. Now, they’re stealing proprietary data. Instead of fun and fame, today’s hackers are motivated by illegal financial gain.

Over the past five years, criminal hackers from all over the world have been targeting huge databases of Social Security and credit card numbers. The endgame for criminal hackers is identity theft. Once they obtain stolen data, their objective is to turn it into cash as quickly as possible. This either entails selling the data to identity thieves on black market forums, or using the information to create new accounts or to take over existing credit card accounts.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

So when a so-called “identity theft expert” claims that you can protect yourself from identity theft for free, simply by shredding documents, not giving out your Social Security number, locking your mailbox, and monitoring your online accounts, that person does not have the full picture. You should take all these precautions. But when almost everyone’s personal information has been stolen or compromised once or twice, as a result of breaches that are entirely out of our control, it’s clear that you simply can’t protect yourself on your own. This is why identity theft protection is a must.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Identity Theft Consumer Education is Paramount

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

Victim Rebuilds Life After Identity Theft

This story is about a victim of criminal identity theft. The victim is a trucker who discovered that his identity had been stolen when his commercial driver’s license was suspended because the thief who stole his identity had been busted for drinking and driving on four different occasions. Imagine.

The consequences of identity theft are often so overwhelming that the pressure affects every aspect of the victims’ lives. Sometimes the stress is so great that people just fall apart. In the case, the victim lost his license, his possessions, and his marriage.

After testifying against the identity thief, the victim, Earl Robert Hood, told the Associated Press, “It was just hard to sit there in that room with him, knowing what he’d done to me and my family. It’s not just me that it affected; it affected all four of my children, too. Because for two years, they didn’t have Christmas.” The victim went on to say the thief didn’t just steal his name; he stole his life. “I’ve lost everything,” he said. “It just completely wiped me out.”

When this victim’s commercial driver’s license was suspended, so was his ability to earn a living. With no money coming in, bills piled up and the downward spiral began.

Hood’s identity was stolen after he handed his personal information over to a potential employer. Job applications often require applicants to provide home addresses, copies of existing driver’s licenses, Social Security numbers, and, in some cases, birth certificates. This is more than enough information for an identity thief to assume a victim’s full identity.

Victims of identity theft are generally presumed guilty until proven innocent. In this case, the perpetrator committed crimes in multiple states, which further complicated the situation. It took years for this victim to recover his license, even after contacting his state’s Attorney General.

Identity theft can happen to anyone.  McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

How Much for a Fake I.D.?

If you want a Puerto Rican identity, it’s about $6000 for a “tripleta,” which can be used to hide illegal immigrants. Other forms of identification vary in price. A United States passport can range from $950 to $1650 to as much as$5500.

In the U.S., we have as many as 200 different forms of identification circulating, including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer, and laminator.

McAfee Avert Labs researcher Francois Paget found and posted an ad showing U.S. identities for $650 each. It’s not incredibly difficult to buy fake IDs online, but will they pass muster with technologies that look for tampering? Unfortunately, many will.

An order form asks all the right questions:

“By placing your order, you must have read and agreed to our Terms of Service.

The order procedure is the following:

1. You send us all the necessary information (depending on the document you want to order). We receive and process your order and give you payment information.
2. You pay 50% upfront money for document(s) producing.
3. We start to produce your document(s). Time constraints are 2-7 days (depending on your order).
4. We send you scan/photos of your ready-made document(s). You check all the details and give us confirmation.
5. You send us the second half of amount and your delivery address. You will receive your document(s) in several days via UPS, FedEx, TNT Express, DHL or EMS (free of charge for you).”

Here in the U.S., we use numerical identifiers that have no physical connection to ourselves. Some documents contain pictures that may not look like us, especially if eye glasses, beards, hair coloring, hair growth, hair removal, or weight fluctuations are involved. Some identification documents don’t include a photo at all. This is not effective authentication. Worldwide, the system isn’t much more secure.

All this makes it easier to steal your identity. Once the bad guy has a few bits of information, he can easily become you.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News.(Disclosures)

College Students At Risk For Identity Theft

September is National Campus Safety Awareness Month. I helped Uni-Ball conduct a survey of 1,000 college students and 1,000 parents. The survey revealed that while about 74% of parents believe students are at a moderate to high risk for identity theft, and 30% of all identity theft victims are between 18 and 29, only 21% of students are concerned about identity theft.

It’s no surprise that most college students are indifferent when it comes to their personal and information security. When you are in your late teens or early twenties, you feel a sense of invincibility. However, once you have a few years under your belt, you begin to mature and gradually realize the world isn’t all about keg parties and raves.

Here are a few more interesting statistics:

  • 89% of parents have discussed safety measures with their kids, yet kids continue to engage in risky behavior
  • 40% of students leave their apartment or dorm doors unlocked
  • 40% of students have provided their Social Security numbers online
  • 50% of students shred sensitive data
  • 9% of students share online passwords with friends
  • 1 in 10 have allowed strangers into their apartments

College students have always been easy marks because their credit is ripe for the taking. Students’ Social Security numbers have traditionally been openly displayed on student badges, testing information, and in filing cabinets and databases all over campus. Landlords and others involved in campus housing also have access to students identifying information.

Any parent sending a child off to college should be concerned.

Limit the amount of information you give out. While you may have to give out certain private data in certain circumstances, you should refuse whenever possible.

Shred everything! Old bank statements, credit card statements, credit card offers, and any other documents containing account numbers need to be shredded when no longer needed.

Lock down your PC. Make sure your Internet security software is up to date. Install spyware removal software. Secure your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers. And never share passwords.

Be alert for online scams. Never respond to emails or text messages that appear to come from your bank. Always log into your bank account manually via your favorites menu.

When sending students back to school, consider protecting your family with a subscription to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on any of your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)