Dumb Criminals – The Best Way to Get Caught? Call 911!

/in , , , , /by

In Daytona Beach, Florida, the dumb criminal capital of America, two Florida teenagers are facing charges after breaking into cars. Apparently one teen’s phone was programmed to call 911 and the phone was smarter than the teens and called (maybe accidentally) 911 to inform law enforcement of the crimes taking place.

Dispatchers from the police department listened in at the duo discussing the cars they were breaking into and the stuff that was worth taking. Seems some info was given that directed law enforcement to the parking lot of a local nightclub where the teens were apprehended. Karma man karma.

Meanwhile, another Cro-Magnon Mickey-the-dunce in Utah stole 2 phones from a convenience store. In the process he left a piece of paper with an address he was going to. So now cops had a lead. But it gets better. The store clerk reported the theft and gave a description of the man to police.

Moments later as Mickey was driving and looking for the address, he pulled over to ask a cop for directions. Immediately the cop recognized the address and the dunces description and arrested him. Karma man karma.

And in an amazing criminal history that spans 55 years, an 80-year-old woman, known as the “Beverly Hills Burglar,” gets three years for breaking into a medical building.  Her rap sheet was well known in Beverly Hills as she’s been to the clink in the past. She was quoted saying “I’m 80 years old,” she said. “I don’t think I’ll ever come back – except I’m going to die and be in the morgue.”

That’s amazing and sad all at the same time.

Lock up. Don’t be victimized. And don’t be dumb.

Home Safety Tips:

1. Install outdoor lighting on timers and motion sensors.

2. Make sure your home has a “lived in” look.

3. Use indoor timers for lights, TVs and automatic shades.

4. Install security cameras that can be remotely monitored.

5. Install a home alarm system monitored by an alarm company and the police.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Is That Portable Device a Data Hazard?

/in , , , , , , , /by

Robert Siciliano Identity Theft Expert

According to a survey of London and New York City taxi companies last year revealed that more than 12,500 devices, such as laptops, iPods and memory sticks, are forgotten in taxis every six months. Portable devices that may have troves of sensitive data.

Recent reports of identity data including names, addresses, Social Security numbers on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan borrowed. A company spokesperson said the stolen information was on a portable media device. “It was simple, old-fashioned theft, it was not a hacker incident.” Lovely. That’s just ducky spokesboy.

The survey further reached out to 500 dry cleaners who said they found numerous USB sticks during the course of a year. Multiplying that by the number of dry cleaners they got a figure of approximately 9000 USBs lost and found annually.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that: USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

It’s not just lost portable devices that are an issue. Found ones can be scary too.

Dark reading reports an oldie but goodie from Steve Stasiukonis, a social engineering master, he says those thumb drives can turn external threats into internal ones in two easy steps.

When hired to penetrate a network he says “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.

The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems”

I did a program recently for a client where I presented in front of other security professionals. I had my laptop set up on the stage with my presentation loaded. The client was introducing me and asked if he could load a quick file onto my laptop to assist in his opening remarks. I inserted the drive for him and my anti-virus went NUTS! Seems his flash drive had a nice little virus on it. His boss, standing right next to him said “that’s why we are phasing out non-military grade security enabled flash drives as soon as we get back.”

I checked out BlockMaster SafeStick® 4.0 – a fast and user-friendly secure USB flash drive, which streamlines military-grade security and meets those standards to protect your data. The SafeStick hardware controller encrypts all data using AES256-bit encryption in CBC-mode. Encryption keys are generated on board at user setup, and all communications are encrypted. SafeStick is protected against autorun malware, and onboard active anti-malware is available. Once unlocked, SafeStick is as simple to use as a standard USB flash drive.

The one I got just plugs in, initializes, then launches a program requiring the user to set up a password. From that point on any time the user has to access the data, a password needs to be entered.

Flash drives can be a security mess. Organizations need to have policies in place requiring secure flash drives and never plugging a stray cat into the network.

Disclosures: I have no financial ties to BlockMaster. I just like this thing.

Robert Siciliano Identity Theft Expert discussing good ole fashion identity theft on Good Morning America.

Is Your Facebook Friend a Fed, or Sex Offender?

/1 Comment/in , , , , , , /by

When you think about it, Facebook is weird. Where else in the world do you call people who you don’t know your friends? I probably have about 10-15 friends. Most are acquaintances and the others 400 are total strangers.

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust.” In this world, your guard is as down as it will ever be. You are in the safety of your own home or office hanging with people all over the world in big cities and little towns and never have to watch your back.

Reports of sex offenders on social media abound. Do you know who your child is befriending?

Many of the “strangers” came into my life as a result of what I do, and I appreciate and accept them for connecting. But I know plenty of other people who don’t write or do media and might be in college, and have 2000 friends! And they know 5 of them! Social media is weird.

Employers, potential employers and others will often friend someone for the sole purposes of getting a solid profile of that person to determine if they want to hire them. Now the AP reportsU.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.”

I don’t think there is anything wrong with this; it’s a good thing actually. There is a question of legality and whether or not government agents can pose as someone else and lie, which often violates the terms and conditions of the sites themselves.

But the fact remains, there are bad people out there and they need looking after. And if it means an FBI agent posing as someone to catch the bad guy, I’m all for it. So next time you get a friend request from a stranger, they might be someone checking up on you. Guilty conscience? Hope not.

Robert Siciliano personal security expert to Home Security Source discussing social media security on Fox Boston.

If You Want To Be an Identity Thief, Go To Jail

/in , , /by

Robert Siciliano Identity Theft Expert

Willie Sutton a famous thief when asked why he robbed banks he was quoted saying, Because that’s where the money is.” Where’s the money today? Identity Theft! What’s a great way to commit identity theft? Go to jail.  Prisons in eight states let convicts work in jobs that give them access to Social Security numbers and other personal information for the public, despite years of warnings that the practice should end, a federal audit finds.

In a related story all sex offenders convicted of pedophilia will be made swimming coaches at summer camps.

“Although we recognize there may be benefits in allowing prisoners to work while incarcerated, we question whether prisoners have a need to know other individuals’ Social Security numbers,” the audit says. “Allowing prisoners access to Social Security numbers increases the risk that individuals may improperly obtain and misuse (the data).”

States where prisoners have direct access to Social Security numbers: Alabama, Arkansas, Kansas, Nebraska, Oklahoma, South Dakota, Tennessee and West Virginia.

“In Kansas, where five prisons allow inmates to hold jobs processing data with personal identifying information, a prisoner was found last year to have stolen names, birth dates, and Social Security numbers while in a job making digital images of public records, the audit says. The data was found in a routine search of inmates when their shift is over”.

What we’ve got here is a failure to communicate. Some men you just can’t reach. And I’m not talking about the prisoners. Any government agency head that sees fit to put a felon in charge of personal identifying information that can lead to identity theft needs to be put on a chain gang himself. With incompetence like this its no wonder 10-12 million people are victims of identity theft every year.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.

National Identity Card Focuses on US Workers & Immigrants

/in , , , , /by

Robert Siciliano Identity Theft Expert

The Wall Street Journal reports under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

There are too many forms of identification floating around right now that lack standards and overall security. The Social Security card is currently our national identification card that’s not supposed to be used for identification. From a NY Times article from 1998 it states: WASHINGTONFOR many years, Social Security cards carried an admonition that they were to be used ”for Social Security and tax purposes — not for identification.” That assurance rings hollow today. Congress has authorized so many uses of the nine-digit number, and Americans use it for so many unauthorized purposes, that it has just about become a national identifier. Today your social is connected to everything.

Security Management reports that all workers and mariners attempting to access secure maritime and port areas nationwide will have to flash a government-approved Transportation Worker Identification Credential (TWIC), which includes a biometric identification card before entry. HSPD-12, or Homeland Security Presidential Directive 12, set universal identification standards for federal employees and contractors, streamlining access to buildings and computer networks. Then there is old and new versions of the passport, as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card.

Government has tried hard to create identification that will once and for all standardize the process under the REAL ID Act which is most likely going to be squashed under Homeland Security Secretary Janet Napolitano who is proposing the repeal of the Real ID Act.

“A person familiar with the legislative planning said the biometric data would likely be either fingerprints or a scan of the veins in the top of the hand. It would be required of all workers, including teenagers, but would be phased in, with current workers needing to obtain the card only when they next changed jobs, the person said.”

Many oppose biometrics and New Hampshire has even proposed legislation against it. My money is on biometrics creeping into our lives in the form of a national ID. Like it or not biometrics are coming.

Meanwhile, until there is assigned accountability, which means nobody can pose as you and work as you and open new accounts as you, protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News

Cell Phone Spying Nightmare: ‘You’re Never the Same’

/1 Comment/in , , , , , /by

Robert Siciliano Identity Theft Expert

Technology makes it easier to connect with the people in your life, but it can also enable others to connect to you without your knowledge.

The engine behind this is RATs, AKA “Remote Access Trojans. RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”.

Now RATs come to mobile phones. When somebody remotely activates your phone, you’re not going to know it and they can use that phone to monitor the conversations in the room you’re in. Your phone could be sitting next to you while you are watching TV, and somebody can actually log into your phone and can actually watch what you are watching on television.

Cell Phone Spying Software is Affordable and Powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50. Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

A virus, called “Red Browser,” was created specifically to infect mobile phones using Java. It can be installed directly on a phone, should physical access be obtained, or this malicious software can be disguised as a harmless download. Bluetooth infrared is also a point of vulnerability. Once installed, the Red Browser virus allows the hacker to remotely control the phone and its features, such as the camera and microphone. For all you techies who want to take a crack at decoding tricks for defeating SSL on mobile phones see Mobile Security Labs HERE.

If history is any indication of the future, mobile phones, just like computers, will soon be regularly hacked for financial gain. Prepare for mCrime in the form of credit card fraud, identity theft and data breaches.

To protect your mobile phone:

Spyware can be installed remotely or directly on the phone. Never click on links in a text or email that could contain a malicious link to a download.

Always have your phone with you and never let it out of your site or let anyone else use it.

Make sure your phone requires a password to have access. If your phone is password protected it will be difficult to install spyware.

If you suspect spyware on your phone re-install the phones operating system. This can be done by consulting your user manual or calling your carriers customer service to walk you through it.

And protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Mobile Phone Spying on Good Morning America

Bridal Scam Shows How Vulnerable We Are

/in , , , , /by

Robert Siciliano Identity Theft Expert

There are few more nuttier earthlings than the Bridezillas. Lovely women who go bonkers within 365 days of a wedding date. I blame the whole thing on Walt Disney.  The groom to-be generally wants it over as soon as possible more so because he can’t believe how much it costs. Then the entire wedding industry preys upon the delirious couple and sucks them dry of what amounts to the sum of a nice, nice car.

Been there done that. Luckily my Bride didn’t go all Zilla on me. But that didn’t stop us from spending what could’ve been a West Coast Chopper in me garage.  Pause….I’m nauseous….OK, I’m fine.  I remember the day we went for “food tasting. We ended up spending 5 figures on food. The single most expensive meal I’ll ever have. And we went out to eat after.

In Boston Mass, thousands of people were scammed by someone who modeled themselves after the weddings industry. They did exactly what the weddings industry does, but better.

Scammers set up a website advertising a bridal show luring brides and grooms to be and all potential vendors to sell them high priced stuff and services they don’t need.  The event was supposed to be held at one of the largest convention centers in Boston.

Scammers answered the phone, took orders, set up a Paypal account and even had preliminary discusssions with the function facility.

In the end 6000 people were bilked for hundreds of thousands of dollars. The beauty of this scam is that it was all done online with no exchange of tickets or anything tangible. The scammers were ghosts operating virtually using legitimate life events as the ruse, going so far as to market and sell the event and just decided not to show up the day of.

I can see if you are a couple and spend 20 bucks for tickets online and then get stiffed. I’d probably get bilked in the same scam. But if you were a vendor and had to drop 3 grand for booth space, print out custom brochures, order plane tickets, book a hotel etc.; that would hurt.

In the least it would be to the benefit of the potential vendor to vet out the event production company to make a determination as to their credibility. A website presence isn’t the sole determining factor. Are they a member of the Better Business Bureau? Have they laid down a deposit with the function facility? How many events have they already done and where?  Who else have they done business with in previous events? Before you go laying down hard cash, question authority. How much do you want to bet the scammer is a real wedding planner?

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Scamming the Scammers on Fox Boston.

Social Media Security in a Corporate Setting

/in , , , /by

Robert Siciliano Identity Theft Expert

The load isn’t getting any lighter for the IT manager.  While corporations are still trying to figure out the  long term marketing benefits of social media, the security issues faced are a right now a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze that will go away like Beanie Babies or talking Elmo. Social media is the 5th media that encompasses all forms of media and it can all be accessed on a mobile phone. The interconnectedness is in everything and deserves the marketing department’s attention and freaks out IT.

Part of the issue is social medias allure. We’ve been hearing more and more about internet addictions. Well, social media is part of that. Then there’s the disconnect between generations. Baby-boomers see the 9-5 day as work, work, work and there shouldn’t be any distractions i.e. fun. Younger generations are connected and don’t know how not to be.

Companies who eliminate access to social media open themselves up to other security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Computerworld reports “Part of the problem is that people’s comfort level with Facebook, Twitter and MySpace makes them easy marks for cybercriminals, who are jumping on social networking sites with gusto, dumping spam, launching phishing attacks, stealing identities and installing malware. The same people who have learned to be very wary of phishing attacks, enticing links and sales pitches for cheap Viagra in their inboxes allow themselves to be seduced on Facebook and Twitter.”

There is a serious disconnect between secure online behaviors and the playfulness of social media. Facebook is the adult version of Chuck E Cheeses, and who doesn’t lose their mind at Chucks? The problem is Timmy is five and likes to eat at Chuck E. Cheese. George is thirty-five and likes to eat there too. But George is a freak.

Bad guys are in social media and you CANNOT let your guard down.

Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.

Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

Biggest Botnet Goes Bust

/in , , , , , /by

Robert Siciliano Identity Theft Expert

News of the Spain based Mariposa botnet reveals close to 13 million Zombie PCs in more than 190 countries affected.  Further investigation determined half of the Fortune 1000 companies had PCs on the Bot. Three men have been arrested and a 4th is sought. The sole purpose of the Bot was to gather user names and passwords for banks and email services.

In an example of good vs. evil, whitehats vs. blackhats, representatives from US and Canadian based corporations, along with the FBI and Spain’s Guarda Civil took down the Boat after almost 10 months of investigations.

The Register reports Mariposa (Spanish for butterfly) botnet malware spread through P2P networks, infected USB drives, and via MSN links that directed surfers to infected websites. Once infected by the Mariposa bot client, compromised machines would have various strains of malware installed (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc) by the hackers to obtain greater control of infected systems”.

There are more than 70 types of malware, each doing something different, all in the name or stealing data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online. This crimeware doesn’t require the criminal hacker to be highly skilled.

The criminals in this operation ran the Bot through anonymous virtual private network servers which made it impossible for law enforcement to trace back to the ringleaders. But in December of 2009, the Bot was dismantled by authorities who targeted the Bot’s control centers.

When this event unfolded, the Bots controller, a man dubbed “Netkairo” used his home PC to try and regain control of the Bot which revealed his internet protocol address, which is connected to his home address. This led to his capture. Nice job guys! This is a great plot for a movie! I want to be the dude who sees Netkairo’s IP address and busts him in a high speed chase after he flips his car. Just sayin’.

The problem of Botnets persist. There could be thousands out there with untold millions of Zombie PCs infected.

Becoming a Zombie and part of a Botnet happens to PCs that aren’t properly secured, coupled with user behavior that invites attacks.

If you are surfing porn all day or gaming on distant websites in foreign countries then you are at a higher risk.

Downloading files from P2P sites or seeking software cracks or pirated content is also risky. Remember, there is no honor among thieves.

Computers that are old and have outdated unsupported operating systems like Wind 95/98/2000 are extremely vulnerable.

Systems using older outdated browsers such as IE 5, 6 or older versions of Firefox are the path of least resistance.

THEREFORE:

Update your operating system to XP SP3 or Wind 7. Make sure to have automatic updates for anti-virus. Don’t engage in risky web-based behaviors.

AND:

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Botnets on CBS Radio.

Pay-at-the-Pump Skimming Using Bluetooth

/in , , , , /by

Robert Siciliano Identity Theft Expert

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM’s card slot. Then they install a small camera that shoots video of the pinpad which allows them to extract user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices, they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah, a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth’s range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What makes these devices even more sophisticated is that they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump.

This entire process allows the criminal to steal data on demand and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device, thereby lessening their chances of being caught.

You can’t protect yourself from this kind of skimmer by covering your PIN entry due to the fact that the device is the PIN pad. So if you use a device like this you may be screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Pay-at-the-Pump skimming on Fox News.