The First Step to Secure Your Data

Your personal information and data are literally everywhere for criminals to target, and there isn’t much you can do to keep it from spreading. You use your email credentials on countless websites, you use your credit card number with countless vendors, and, believe it or not, your Social Security number is shared rapidly immediately after you’re born.

It’s almost impossible to give out your personal information nowadays. However, criminals know this, and they lurk around the same places that your information is used. You need to take action to secure your information so you are less of a target. Let me show you one simple step you can take today that will create one layer of security and improve your defenses.

There is one specific action you can take to secure your information, and after you do it, you’ll be much less likely to be targeted because criminals tend to take the path of least resistance. That said, if you DON’T do this action today, you ARE the path of least resistance.

All you have to do is set up a credit freeze. There are four major credit bureaus in the United States, and you need to get a credit freeze with them. Just use your preferred search engine and look for Experian credit freeze, Equifax credit freeze, TransUnion credit freeze, and Innovis credit freeze. You should freeze your credit with all four, but you should still review your annual credit reports. More importantly, you should dispute discrepancies with the appropriate bureau AND the lender. Getting a credit freeze won’t gum up your credit score or make it so you can’t use credit. You are able to “thaw” the frozen credit as needed and then freeze it again. You can literally do this in a single day. Then you’ll want to put more layers of defense in place to become an even harder target than the other guy.

A credit freeze will secure your information, but setting up multiple layers of defenses is really what will make you a hard target. Criminals are constantly probing defenses, and even while technology advances, crimes against your data are usually ahead of the curve. You don’t need to know everything about security, but you do need to take on the responsibility of protecting yourself. I’ve created a free guide that will make you a pseudo expert on your own security, and if you follow it’s simple steps, you will have more layers of defense than the average person. If you want to create even more layers of defenses, bring this guide to my next webinar, and I will walk you through each step so you can rest assured that you are creating a smart, secure, safer “me.”

Criminal Hackers Had Their Best Year

Identity Theft Expert Robert Siciliano

The FBI reported that last year, organized criminals made double what was reported in 2008. Phishing emails containing the name and logo of the FBI were one of the top money makers for scam artists.

Successful scams included auction scams where products were bought and paid for but product was not delivered. Advanced fee scams also topped the list.

Scammers will say and do anything to get a person to part with their money.

Never automatically trust over the phone or via the internet. Unless the business is one that is well established online; don’t ever send money that you can’t get back. Never send money in response to an email or a phone call or even a classified ad. Money orders and wiring money have less security than a credit card does.

Anytime the transaction involves wiring money, that’s a dead giveaway. In any virtual transaction, I’d suggest using a credit card, but not without first checking the legitimacy of the business or the individual. A quick scan online of a company, individual, or even the nature of a transaction can often provide enough information to make an informed decision.

Scareware was also a big player. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Ransomeware on Fox Boston.

Why Everyone Should Learn to Be A Hacker

I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure.

Hacker isn’t a bad word and hacking isn’t a bad thing to do. It’s something that if everyone who plugs into a PC every day did, they’d be a heck of a lot more versed in the functionality and security of a computer.

The beauty of becoming a “do it yourself” (DIY) hacker is you don’t need to pay a dude to come to your home or office to fix your computer when it’s not working. Three hundred and twenty five years ago I used to pay someone to fix me. Now I can do most of it myself, and when I don’t know how to do it I look it up on Google. Chances are if you have had this problem, then thousands of others have too. There are a bazillion forums that you can go to and solve annoyances and real technology issues.

Once you start asking questions you begin to find people who know the answers. Next thing you know you are the person with the answers. Along the way you connect with people that are smarter than you are who actually do know code and how to really hack a system. Then keep this stable of experts on your contact list so when you are in a pinch, you reach out. But do your best to figure it out on your own first so you aren’t constantly bugging them. You’d be amazed at how capable you are once you invest the necessary time to learn this stuff.

Another great way to learn how to be a DIY hacker is through tech support of your new PC. Most computers come with a one year guarantee that includes phone support. Now many people complain about lousy support, but the hundred or so hours I’ve spent over the years with these people from all over the world has definitely upped my hack-abilities. Even when the tech support guy is wrong, you learn something.

Recently I got rid of all my old 5-6-8 year old PCs and upgraded all but one to Windows 7 boxes and couldn’t be happier. In the process, I had to go through a litany of changes that were always frustrating, but made me a better, smarter, faster DIY hacker. I’ve spent about 20 hours with tech support on the phone getting everything to work like it should and now I know how to do it myself when things go wrong.

“Why I want my daughter to be a hacker” is the title of a post that’s been making waves in the blogosphere. It doesn’t exactly make my point, but worth a read.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the identity theft on CNBC.

Google Hack Whacks Passwords

Code named Gaia after “Greek Goddess of Earth” a Google single sign on password system was hacked in December.

The NY Times reports “the intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.”

Google is a significant part of many individuals and businesses online activities. Millions rely on Google every day to be fast, functional and most important, secure. A breach such as this may erode the confidence of Google users, but for many, they have all their eggs in one basket.

The hack occurred when a Google employee in China received an instant message over Microsoft’s IM program, and clicked and infected the link. Once the Google employees computers were hijacked the criminal hackers obtained access to his files and credentials. This gave the bad guy’s access to Google.

Google has since added layers of encryption and beefed up security for its data centers and end users.

However, now is a good time to go through all your passwords and change them up.

I’ve said this multiple times. DON’T CLICK LINKS IN EMAILS AND INSTANT MESSAGES. These links are merely conveniences.  All you have to do is either go to whatever the link may be in your favorites menu or search out the site online. Spend the extra 30 seconds to leapfrog the links and go there manually.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing a Google hack on Shepard Smith with Fox News.

Stealing Identities of the Dead

Robert Siciliano Identity Theft Expert

Stealing the identity of the living is so 2009. Stealing the identity of the dead is so wrong, and so easy. It is made even easier by public records. A provision in federal law that reformed welfare in the 1990’s also created a loophole that could allow swindlers to obtain the Social Security numbers of the recently deceased.

In some state’s, Registry of Vital Records and Statistics include Social Security numbers on all certified death certificates. And anyone can obtain a death certificate from the registry for $18.

Wired reports Identity thieves filed for $4 Million in tax refunds using names of living and dead. A group of sophisticated identity thieves managed to steal millions of dollars by filing bogus tax returns using the names and Social Security numbers of other people, many of them deceased.

The thieves operated their scheme for at least three years from January 2005 to April 2008, allegedly filing more than 1,900 fraudulent tax returns involving about $4 million in refunds directed to more than 170 bank accounts. The conspirators used numerous fake IDs to open internet and phone accounts, and also used more than 175 different IP addresses around the United States to file the fake returns, which were often filed in bulk as if through an automated process.

The scam took advantage of the IRS’ quick turnaround in processing refunds for electronically filed returns. The IRS typically processes a refund request without verifying the taxpayer’s information — such as whether the taxpayer is alive — or confirming that the taxpayer is legitimately owed money.

Generally, a death is reported to the Social Security administration in a relative and timely fashion, but not always. As far as I can tell there is no form for merely “reporting a death” to the IRS. However, the IRS demands a final accounting, and it’s up to the executor or survivors to file the paperwork. When a taxpayer dies, a new taxpaying entity – the taxpayer’s estate – is born to make sure no taxable income falls through the cracks.

The 3 credit bureaus maintain a list of deceased based on the Social Security Administration’s data. However it can take a months for the bureaus to update their databases with information from the SSA. By contacting the credit agencies directly, you can report a death and have more confidence that the information will be used immediately.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.

1.5 Million Americans Have Been Victims of Medical Identity

Robert Siciliano Identity Theft Expert

The Smartcard Alliance has released an in-depth report called “Medical Identity Theft in Healthcare.

While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the digital age of healthcare upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budget. [2] In 2009, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk of exposure.

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

Identity theft prevention services generally will not protect you from medical identity theft. However, if your information is out there on the Net and being scanned constantly by the identity theft protection service, then your risk is lowered. Furthermore, I’m all about layers of protection. If your identity is protected from new account fraud via credit monitoring or credit freezes then the thief may use another identity that has less restrictions.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Medical Identity Theft on the CBS Early Show

Deputy Reports Finding Peek-a-boo Home Burglar in Closet

Turn up your Creep-o-meter for this one. In Florida, law enforcement arrested a man on a home burglary charge after a deputy spotted him sitting in a closet with a sheet over his upper body while his blue jeans and brown boots remained visible.

A relative of the homeowner notified local law enforcement when they received a call that a home security alarm was tripped. The deputy went to the home and noticed a window air-conditioned had been removed from a window and was an obvious point of entry.

The creep had a knife when they arrested him.

In the UK a couple was sleeping when a man broke into their home and went into their bedroom to steal the woman’s underwear. The intruder went into the kitchen and grabbed an 8 inch steak knife. The victims woke up to find the intruder with a knife inches from their faces. The boyfriend quickly responded and subdued the man until police arrived.

Down under in Australia a father-of-two feared for his family’s safety when a burglar broke into their home, wandering through the family’s bedrooms in search for “something to make quick money” with. While the home burglar was in the parents’ bedroom he unplugged the father’s mobile phone to steal it. When he did the phones light turned on and woke up the dad. Instantly the father sprung up and chased the burglar out of the house and through an open window. The father was quoted saying “I am really annoyed – it doesn’t worry me that he broke in …, but what’s a real worry is that this person was only two inches away from my head, from my wife, from my girls.”

His 9 year old daughter said “It’s creepy to know someone walked into your room and looked at you while you were asleep.”

People, PLEASE! Lock your doors and windows! In two of these examples the homeowners were sleeping with no home alarms and the intruder walked right in! With kids in the house! Install a home security system with motion detectors. PLEASE!

Robert Siciliano personal security expert to Home Security Source discussing personal and home security on Fox Boston.

10 Personal Safety and Security Tips

Fundamentals: Body language is 55% of communications. That’s your walk, posture, facial expressions and eye contact. Awareness is being alert to your surroundings at all times. Intuition is when the hair on the back of your neck stands on end. Voice tone and pitch equal 35% of communications. The way a person communicates physically and verbally can determine whether or not a predator deems you a good target.

Prevent Abductions: When returning to a parked car, scan the area around your car, be alert to suspicious activity. Be aware of vans. Abductors and rapist open up the side doors and pull in their victims.

Never Use Your Keys As A Weapon: Contrary to popular belief your keys are not a good weapon. Using your keys as a weapon can injure your hand, the keys can break, you lose your “key to safety”, and you lose access to your car and home which are safe havens. Unless it’s a LARGE key. Then it’s a good weapon.

Prevent Home Invasions: You tell your children not to talk to strangers, so why do you open the door to a total stranger? Home-invaders pose as delivery people, public workers, or people in distress. Install peepholes, talk through the door. Under no circumstances do you open the door unless you get phone numbers to call their superiors. If someone is in distress tell him or her you will call the police for them. Install security cameras and a home security system.

Safety On The Streets: One dollar bills and change in an easily accessible pocket. Then if someone tries to rob you, you can throw the “chump change” several feet away. The robber will draw his attention to it giving you time to escape. Do not fight over material items.

What To Do If Attacked: Fighting, running and screaming are all options. Remember: You are worth fighting for!

Safety In Your Car: In the event of a minor accident, stop only in a well-lit area. Carjackers often provoke such “accidents” just to get a victim to stop. DO NOT stop on a deserted, dark street. Drive to a police station or a gas station. Use a cell phone and call 911.

Home Safe Home: Consider a second line or a cell phone in your bedroom. That’s because burglars often remove a telephone from the receiver when they enter a home. Of course, an alarm system activated while you are sleeping will prevent a home burglar from getting this far. Newer home alarms have cellular options, a safeguard even if the phone lines are cut.

Vacation/Business Traveler Safety: Be suspicious of a call from the hotel desk just after checking in requesting verification of your credit card number “because the imprint was unreadable.” A thief may have watched you enter the hotel room and called from the guest phone in the lobby. Never open your hotel room to anyone.

Telephone Security: Never give personal information over the phone unless you initiate the call. Do not click on links in text messages asking you to update banking information. Set your mobile to require password access in case it’s lost or stolen.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

ID Theft Ring Gleaned Socials From Medical Records

Robert Siciliano Identity Theft Expert

Medical identity theft occurs when the perpetrator uses your name and in some cases other aspects of your identity, such as insurance information, to obtain medical treatment or medication or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Financial identity theft as it relates to new account fraud is when an identity thief gets the victim’s Social Security number and opens new financial accounts under the victim’s name. There’s very little protection from this due to a flawed system of open credit and lack of authenticating the actual “owner” of the SSN.

In Chicago, ABC News reports “Seven people have been arrested in an identity theft ring that allegedly used information stolen from victims’ medical records to obtain credit cards. The identities of more than 200 patients of a Chicago hospital were stolen. The information was stolen from the offices of the Northwestern Medical Faculty Foundation. That information led to $300,000 worth of goods and services being racked up on fraudulently.The suspects are even accused of using Facebook to post photos of themselves posing with stolen clothing and jewelry.”

One of the rings leaders alleged to have been a part of the group, is being held on $100,000 bond. Apparently her third run-in with the law.

Her mom said “That’s really not her. She is a good person. She do have a heart.” She “do”, huh? She do like to steal identities too. And she do like to buy her nice stuff with those stolen identities. The victims have to spend many hours cleaning up their good names. They may be denied loans in the process or jobs or insurance due to bad credit.

You do need to protect yourself from new account fraud and identity theft protection and a credit freeze is the best way. I did a spot on Good Morning America on this story below.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ID Theft Ring on Good Morning America

Self-revelation Can Help Assemble a Social Security Number

I am not done nor will I ever be done sounding that alarm, ringing that bell and informing you about how ridiculous social media is. I was asked in a radio interview today what it will take to get people to recognize they are sharing too much data. In a word, tragedy. When a home is broken into, they install a home security alarm. When someone is mugged, they take a self defense course. When planes fly into buildings, we get frisked. Being smart is understanding risk and being proactive.

Most people are smart enough to NOT give out a social security number on Facebook. However between what you say, your family, friends and colleagues say and post, your profile is becoming more complete every minute. Even your mom or wife posts her name as “First Maiden Last” because she saw someone else do it and it made sense to allow her old friends/flames to find her.

But today with all this personal information readily available there are now rumblings from academia that they have cracked the code and have assembled technologies to decipher all this information and turn it into hard decipherable data that leads to opening new accounts in your name.

The New York Times reportscomputer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number. So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.”

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

From this point on I’d suggest locking down social media profiles in a way that they are not publicly accessible. Prevent anyone (except those very close to you) from seeing and reading everything about your daily activities, who you associate with and all the names and contact information of all your friends and family.

Robert Siciliano personal security expert to Home Security Source discussing cracking the code and wireless security on Fox Boston.