Identity Theft Is Easy Over P2P

/in , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

The Register reports that a Washington state man has been sentenced to more than three years in federal prison after admitting to using file-sharing program LimeWire to steal tax returns and other sensitive documents. He searched LimeWire users’ hard drives for files containing words such as “statement,” “account,” and “tax.pdf.” He would then download tax returns, bank statements, and other sensitive documents and use them to steal identities.

I did a story with a Fox News reporter and a local family who had four kids, including a 15-year-old with an iPod full of music, but no money. I asked her dad where she got all her music and he replied, “I have no idea.” He had no idea that his daughter had installed P2P software on the family computer and was sharing all their data with the world. The reporter asked me how much personal information I could find on the P2P network in five minutes. I responded, “Let’s do it in one minute.”

There are millions of PCs loaded with P2P software, and parents are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox.

One in eight applicants denied positions because of criminal history

/in , , , , /by

Identity Theft Expert Robert Siciliano

Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. If a rug installation company was to hire an installer, who eventually rapes and kills a client, then the rug installation company would be held libel for the animals actions. This example is one that happens all to often.

A background check may solve this problem in many situations. Withjust  a name and address a company can vet a new hire to see of that person has a criminal background and has ever committed a violent crime.

Church Executive Magazine reports one in eight background checks conducted on volunteers or prospective employees through LifeWay Christian Resources found a criminal history that might have kept an individual from working or volunteering at a church!

This is where people who are supposed to be held at a higher standard, but unfortunately predators have no boundaries.

“While most screenings returned clean records or only minor traffic offenses, in the report 450 churches requested more than 5,000 background checks on volunteers and prospective employees. LifeWay found 80 serious felony offenses and more than 600 people had some type of criminal history that may have disqualified them from volunteering or working at a church.”

“While vital, experts say sex-offender registries alone aren’t very effective in spotting sexual predators. They list only those convicted of a crime. Because victims typically are reluctant to come forward and with statutes of limitations on molestation laws in many states, only an estimated 10 percent of sexual predators are brought to justice.”

Robert Siciliano Identity Theft Speaker discussing background checks

Are Cookies An Invason Of Privacy Or Identity Theft Concern?

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

Ive taken lots of heat for my comments on a Fox News report that the Office of Management and Budget is considering reversing a nine year ban on using “cookies” to track users’ preferences and interests on federal websites. The shift in policy is being billed as a way for government to enter the 21st century and for federal agencies to use the same technology utilized on news sites, retail sites and social media networks.

My comments under fire involve some “scaremongering” and potential inaccuracies in relation to cookies and what they do.

“Without explaining this reversal of policy, the OMB is seeking to allow the mass collection of personal information of every user of a federal government website,” said Michael Macleod-Ball, acting director of the American Civil Liberties Union’s Washington Legislative office. “Until OMB answers the multitude of questions surrounding this policy shift, we will continue to raise our strenuous objections.”

A cookie is a small piece of text or code that is stored on your computer in order to track data. Cookies contains bits of information such as user preferences, shopping cart contents and sometimes user names and passwords. Cookies allow your web browser to communicate with a website. Cookies are not the same as spyware or viruses, although they are related. Many anti-spyware products will detect cookies from certain sites, but while cookies have the potential to be malicious, most are not.

A colleague sent me a note after reviewing my comments regarding cookies and stated:  “Cookies have been around since the mid-to-late ’90’s, and most people still don’t understand what they are or what they do. If you go to http://osvdb.org and do a search for “cookies”, you’ll see there have traditionally been tons of vulnerabilities surrounding them. From a privacy standpoint, they’re also a potential issue depending on how they’re used, but that really depends on a site’s environment. Saying that “cookies store passwords” isn’t really true in most cases based on evidence I’ve seen over the last several years. They might store session IDs or be manipulated to allow admin access to a site, sure… but that’s not true across the board for every (or even most) sites.”

However Informationweek reports Internet users are revealing information that identifies them through the use of social networking sites cookies.

What was said in the video in relation to what cookies do was more of an analogy than stating fact. I was trying to simply give a bit of perspective and explain what the privacy concerns may be. Its a complicated issue that has the ACLU and others up in arms.

The government tracks criminals using specially developed spyware that gathers a wide range of information, including IP and MAC addresses, operating systems, Internet browsers, open ports, running programs, user names, and recently visited URLs. This scares privacy advocates, for good reason.

But cookies are generally not invasive. They are typically used to produce usage statistics within a single site, or to produce anonymous user profiles across multiple sites, in order to determine which advertisements would be most relevant. Many websites become unusable if your browser does not accept cookies. Social networking sites are particularly dependent on cookies.

Federal government agencies have banned cookies in their own sites since 2000 in response to demands from privacy advocates. Some claim that the proposal to reverse the ban comes in response to Google’s recent lobbying efforts. Whitehouse.gov posts YouTube videos that contain Google’s third party cookies. The entire issue requires a bit more transparency for all those involved.

Advertisers have long known that cookies are useful for customizing the user experience. The government seems interested in taking advantage of this benefit as well. If that is the real motivation, it’s great. But privacy advocates aren’t happy, since the government tends to take a mile when given an inch.

There are a few fundamental ways to keep yourself secure. Browsers all give you the option of simply turning cookies off.  Make sure that yourInternet security software is updated, and install spyware removal software if it isn’t included in your basic security suite. Lock down your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers, and never share them. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. In most cases, this prevents new accounts from being opened in your name. Download CCleaner, a free system optimization, privacy and cleaning tool that removes unused files including cookies from your system, which frees up disk space and allows Windows to run faster. It also cleans traces of your online activities. And invest in Intelius identity theft protection. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses a proposal to allow the use of cookies on federal websites on Fox News, and again on Breitbart.tv.

Scams Happen to Smart People Who Do Stupid Things

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Most people are too smart to fall for a Nigerian 419 scam. But plenty of smart people fell for Bernie Madoff’s investment scams. Madoff was far more subtle than your average scammer. But in this day and age, people ought to be more alert to potential scams than ever before. And yet this wolf in sheep’s clothing was able to bilk so many investors. So it looks like we aren’t as savvy as we should be.

The root of the problem is the sheer number of scams. There are investment seminars, smoke and mirror charities, phishing emails and even text messages. I got a “phext” (phishing text message) from “r.yahoo.com” that said, “changed secret question, log in to update, or text HELP or to end STOP.” Naturally, this raised my suspicions, so I did an online search which led me to a forum discussion of this particular scam. Apparently, any response to this text message would have allowed hackers to access plenty of proprietary data.

A prominent security and privacy researcher emailed me to describe an attempted Craigslist scam:

“Robert, so, I registered on Craigslist and posted our above ground pool for sale. Within minutes got a reply from someone asking some basic questions (most of which could have been answered if they had read the advert). Their reply to my answers raised an immediate red flag. This individual claimed to be from Miami and was willing to write me a check for the full amount, plus shipping charges for their shipping company that would pick up the pool. In other words, I deposit a check (in context it seemed to be either a business or personal check, either way I would have had to wait for it to clear) and when it clears, I keep my asking price and give the difference to the shipping company when they arrive to pick up the pool.

I’ve ceased communication with this individual, but this just stinks to high heaven. First, if it is their own shipping company, why should I have to pay them? Second, no way I’m going to deposit this check into my account and risk having my bank info show up on their statement. Third, why would someone in Miami (above ground pools aren’t all that popular down there, it seems to me) want to pay to have a used above ground pool shipped all the way from New England? Fourth, I’m just nervous about stuff like that anyway.

Ever heard of/encountered that kind of situation before?”

This is an advanced fee scam! Now, since I am obsessively screaming about this stuff all day, I can see this coming from a mile away, as did my friend. But those who are less tuned in to the variety of potential scams might easily fall victim to this type of crime.

Financial troubles are forcing people to seek out new opportunities. When we are searching for jobs or attempting to sell our belongings online, or simply spending more time using social networking sites, we become more susceptible to the latest scams. But the biggest danger is our own egos and our complacency, as we foolishly believe that we are all too smart to become victims.

According to The Wall Street Journal, many scam victims are pretty smart. Three recent studies showed that victims of investment fraud tend to be better educated and have higher incomes than nonvictims, and that most have been investing for a decade or more. Because they are so confident in their own judgment, they fail to seek out professional advice.

Years ago, the Better Business Bureau conducted a test in which they planted a man dressed in normal street clothes outside a store during the holiday season. They gave the man a plastic pumpkin and a bell to ring. He spent twenty minutes ringing the bell, and during that time, people kept dropping money into the pumpkin. When the people were questioned, most believed that they had just donated to the Salvation Army, simply because the man was ringing a bell. Like Pavlov’s dogs, they opened their wallets.

Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. You need to take steps to protect your own identity, because while you are smart enough to inform yourself about these issues, you can’t prevent some company from stupidly compromising your sensitive personal data. Prevent new account fraud by getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in Intelius Identity Theft Protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.

Courts Force Tech Giant to Handover Bloggers ID

/in , , , /by

Robert Siciliano Identity Theft Expert

As a “blogger” I am held accountable for what I say. Bloggers are being sued and held libel for their comments. People who comment on blogs are now coming under fire.

For years I’ve put myself out there making a concerted effort to educate, inform and try help out mankind by informing people of their options to protect themselves from the bad guy. Despite my heart being in the right place, someone always finds it appropriate to criticize and disparage. I don’t hide under an anonymous chat name or obscure my identity with some faux persona. But my critics often do.

In this process I’ve always followed the creed, “Do what you love and the money will follow.” I bring this right to the forefront because I spend 70 hours a week doing what I love and I get paid to do it; some people don’t like that. I’ve had numerous vocations and finally with persistence and a slight amount of talent, I’ve managed to keep the lights on doing what I love. AND, anyone who questions my association with any product or service when I write about or promote them needs only to look at my website and see their logo splashed everywhere. I align myself with brands I believe in because they matter, and I hide nothing.

In the public eye, which I am, at a very small small level, I’m subject to criticism. I know this and put it out there every day despite that fact. Occasionally, someone will take issue with what I say or how I say it and question my credentials and attack me personally. As in the case of the model who was persecuted in an open forum and horrible things were said and accusations were made. She was quoted saying “Why should anybody let it go? If somebody attacks somebody on the street, you’re not going to let it go … why should I just ignore it?” Cohen told Good Morning America. “I couldn’t find one reason to ignore it.”

I come from the same school of thought. I come from the streets of Boston, or a proper suburb of Boston. I have my fair share of scars from various times of my life. I’m pretty sure I was suspended for fighting more than anyone in the history of my high-school. But as one grows older and hopefully wiser, they respond accordingly.

Today there is a certain amount of anonymity on the web and allows people to say what they want and not feel the repercussions of what may occur if they said something to ones face in the street. Most of the comments made deserve a swift appropriate response that would equate to a WWF Smackdown, deservedly.

Fortunately, there isn’t as much anonymity as people might think. For one, if you spew hatred and filth in comments or in a blog post, there is a good chance a court will hand over your identity to those who you’ve offended and you get to experience the lovely long, expensive process of being sued.  People don’t like lawyers for this reason. Frankly, I love lawyers and thank God for them. Mine protects me from all the trolls who like to take from those who have.

There are some great ways to expose the trolls who write the comments and spew the hate. Your IP address isn’t too far away, and generally gives your address away. Google of course does a great job of indexing the world’s data and mining for information via Google hacks that can reveal a lot about whom a person is and where they are. iSearch.com from Intelius.com is another great set of tools that allows a person to investigate chat handles, user names, email addresses and reverse search phone numbers. These are the exact same ways one vets out a potential date when meeting online or when considering hiring a nanny to watch your kids. These are the same steps a potential employer takes before hiring someone.

Once you find out enough data about them, all one needs to perform a full background check is a name and an address and then you have enough data to take the troll to court for any disparaging things they may say. You may not win in court, but the costs associated with going to court are enough to discourage anyone from opening their spew hole again.

These are some of the same processes a lawyer may go through when filing suit. They do a full investigation using these various tools including pulling data from your social networks too. So now what you post is not nearly as anonymous as you might think. Whatever companies you work for, who your boss is, your professor’s names, where you go to school, any academic degrees that you believe hold you higher than the rest and make you believe you can say anything, your families names and addresses, are all available to the public. And when you say and do things that hurt, well, you many end up at the wrong end of a law suit too.

Robert Siciliano Identity Theft Speaker discussing hate and vile comments on CNN

A Glorious Week of Identity Theft

/in , , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

If there was ever a week to get high, totally drunk, on information security and identity theft scammers and hackers, then this is it! Media outlets everywhere have been pumping out story after story of data breaches, identity theft, criminal hackers and indictments! Yeah team! For a criminal hacker groupie, this is Woodstock!

Dark reading reports Eight defendants were arraigned in a Brooklyn court for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford and seven other defendants. When identity theft defendants named Courtney, Gabe, Marsha, Saul and Ron are involved in a $22 million identity theft scheme, then you know it’s just a matter of time until someone named Britney or Brad will get busted too! It’s the identity theft apocalypse!

ABC News reports that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin’” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity.

Information week reports in the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year. Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

Cnet reports Rogue Facebook apps steal log-in data, send spam. Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims’ friends. So far, six malicious applications have been identified: “Stream,” “Posts,” “Your Photos,” “Birthday Invitations,” “Inbox (1),” “Inbox (2)” according to a blog post by Trend Micro researcher Rik Ferguson. The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called “sex sex sex and more sex!!!,” which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn’t appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

USA Today reports Hackers harness Twitter to do their dirty work.  A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities. Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed “Sninfs.”

The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, says Marc Fossi research and development manager at Symantec Security Response.

Protect yourself;

Don’t just sit back and get hacked. Arm yourself with anti-virus that runs automatically in the background and prevents “Courtney, Marsha and SoupNazi” from stealing your identity. Pick up McAfee’s Total Protection software and take control of your PC security.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing the sad state of cyber security on Fox News and check washing and campus security on ABC News.

Social Media Banned, Creates Identity Theft Risk

/in , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

The Marines recently banned soldiers from using social media sites such as MySpace, Facebook and Twitter. This is for two reasons. First, because they fear that these sites’ lack of security may allow malware to infiltrate government computers. And second, they’re concerned about the potential for leaked military data. Military personnel are often prohibited from informing friends and family of their locations or missions, regardless of whether they’re communicating with handwritten letters, email, or the telephone. These measures are necessary to prevent leaks that would impede the soldiers’ missions and safety.

It’s no surprise that they have now banned social media.  I recently reported on Sir John Sawers, the incoming head of MI6, the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. Military personnel should held to a higher standard. We are talking about national security here, and we can’t risk leaks that could jeopardize lives.

Anyone who thinks this is absurd need only look at sporting events for confirmation of why this type of communication should be banned. Every time I watch a baseball or football game, when I see the coaches talking to players, or the pitcher talking to the catcher, they cover their mouths with a hand, glove or paperwork. Why? Because there are thousands of “lip readers” watching the event who are happy to report on what was just said in order to give the opposing team an advantage. You’d think after all these years covering their mouths, lip readers would just give up. But no, that’s not the case at all. There’s always someone watching, waiting, hoping for someone to screw up so they can give the other team an advantage.

Today, social media gives scammers an advantage. Somebody is always watching and waiting for an opportunity. Social media is built on trusting relationships. Scammers can exploit that trust to gather information that could be used in password attacks. If you ever forget your password and have to reset it, the answers to several of the security questions might already be available in your profile. And in many cases, the default privacy settings leave profiles open to anyone.

Security professionals were able to create a virus called ZombieSmiles, which gains control of the victim’s browser and allows the hacker to access supposedly private data through the Facebook API, including friends, groups, wall postings and applications. Facebook applications allow a third party to access your data, which opens a Pandora’s box of possibilities for hackers. So if you send me a Facebook application and I refuse, it isn’t because I’m being rude, it’s because I think that the potential risks simply outweigh the benefits. No offense. I just don’t want my identity stolen.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discusses a Facebook Hack on CNN

Criminal Hackers Clean Out Bank Accounts Using Spear Phishing

/in , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let him keep the inheritance his wife had inherited from her deceased uncle Bamboo.

Phishing continues to become more sophisticated, more effective, and more prevalent. According to a recent study, a 52% increase in phishing scams occurred in July alone. Computerworld reports that basic phishing emails successfully led to corporate bank accounts being completely drained. Criminal hackers waited until Pennsylvania schools administrators were on vacation, then used simple  money transfers to liquidate over $440,000 between December 29 and January 2.

Much of the phishing that occurs today is “spear phishing,” in which the spammers concentrate on a localized target, generally an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including user names and passwords, credit card and bank account details, and Social Security numbers. The malicious software can attach itself to the victim’s web browser, where it waits for the victim to log into a bank site before launching. When the victim does log into his or her bank account, the software sets up new payees and transfers money to the criminal hacker.

In the school hack, the software added 42 people to its payroll during Christmas break and quickly began paying them. The issuing bank received 74 transfer requests during the four day period.

When consumers’ bank accounts are emptied, federal regulations limit their liability to $50, as long as the victim reports the theft within a set time frame. But things are a lot more complicated for corporations and other entities. Whether or not the victim is responsible for the missing cash varies from bank to bank.

Protect your yourself.

This is an easy fix, rule #1 – don’t click on links in an email if you aren’t 100 percent sure of its legitimacy. Whenever I receive an electronic statement from a bank or credit card company I always go to my “favorites” menu or type in the address manually to get to the entities website to check my statement. I’m only 99.9% sure its legit, so I just take the extra step to go to my favorites.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

3. Make sure your McAfee anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discusses phishing

College Students At Risk For Identity Theft

/in , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Why? Because they don’t care! September is National Campus Safety Awareness Month, and I’m teaming up with Uni-Ball pens to urge college students to protect their personal safety and security. Uni-Ball pens and the Identity Theft Resource Center surveyed 1,000 college students and 1,000 parents. This Campus Security Survey revealed that while about 74% of parents believe students are at a moderate to high risk for identity theft, and 30% of all identity theft victims are between 18 and 29, only 21% of students are concerned about identity theft.

It’s no surprise that most college students are indifferent when it comes to their personal and information security. When you are in your late teens or early twenties, you feel a sense of invincibility. However, once you have a few years under your belt, you begin to mature and gradually realize the world isn’t all about keg parties and raves. Hopefully if all goes well, you adopt some wisdom by the time you’re 30.

Here are a few more interesting statistics from the Campus Security Survey.

  • 89% of parents have discussed safety measures with their kids, yet kids continue to engage in risky behavior
  • 40% of students leave their apartment or dorm doors unlocked
  • 40% of students have provided their Social Security numbers online
  • 50% of students shred sensitive data
  • 9% of students share online passwords with friends
  • 1 in 10 have allowed strangers into their apartments
  • Only 11% use a secure pen (which can prevent check washing fraud) when write checks

College students have always been easy marks because their credit is ripe for the taking. Students’ Social Security numbers have traditionally been openly displayed on student badges, testing information, in filing cabinets and databases all over campus. Landlords and those involved in campus housing also have access to students identifying information.

The study concluded, “Students who ignore their own personal security are not only putting themselves at risk for identity theft, they are also putting their parents at risk. While getting established in the real world, it’s common practice among college students to use their parents’ names, bank account numbers and other personal information to co-sign loans and leases, write tuition and housing checks, register online to receive grades and more. So when online criminals strike, they are often manipulating parents’ personal data, not just the students’.” Any parent sending their children off to college should be concerned.

How to protect yourself:

  1. Lock your doors! The transient nature of college life means people are coming and going and thievery is more likely to happen. Just because you may come from a small town and do not lock your doors, that doesn’t make it okay at school.
  2. Limit the amount of information you give out. While you may have to give out certain private data, refuse whenever possible.
  3. Shred everything! Old bank statements, credit card statements, credit card offers and other account number bearing documents need to be shredded when no longer needed.
  4. Lock down your PCs. Make sure your Internet security software is up to date. Install spyware removal software. Lock down your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers. And never share passwords.
  5. Secure your signature. Use Uni-Ball gel pens to write rent checks and sign documents. They cost as little as $2 and contain Uni “Super Ink,” which is specially formulated to reduce document fraud and check washing, a popular form of identity theft.
  6. Be alert for online scams. Never respond to emails or text messages that are purportedly coming from your bank. Always log into your bank account manually via your favorites menu.
  7. Invest in Intelius Identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. In most cases, this prevents new accounts from being opened in your name.

Robert Siciliano, identity theft speaker, discusses identity theft protection and check washing on TBS’s Movie and a Makeover.

Identity Theft Attempt at Defcon

/in , , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Hackers hacked hackers at the annual Defcon conference in Las Vegas this past weekend. Defcon is a conference for hackers of all breeds. There are good guys, bad guys, those who are somewhere in between, plus law enforcement and government agents. All kinds of inventive people with an intuition for technology decend on Las Vegas to learn, explore, and hack.

At this year’s Defcon, someone planted a real, rigged, malicious ATM right outside the security office of the Riviera Hotel and Casino. For some reason, the area outside the security office doesn’t have any security cameras, which made it an easy place to attempt a scam. Scams like this are common in Las Vegas, due to the city’s transient nature and frantic pace. Everyone is looking for a quick buck, and what better place to pull of an ATM scam than Vegas?

ATM skimming comes in two flavors. In the first scenario, a device called a “skimmer” is placed on the face of an operational ATM. When a card is swiped, the skimmer records the data on the card, and a hidden camera generally records the PIN. Usually, money is dispensed. In the second scenario, a used ATM is rigged to record data, and placed in a public area. These ATMs are only semi-operational, and do not dispense cash. This is the type of ATM that was found in Las Vegas.

A conference attendee uncovered the scam when he attempted to use the machine and recieved an error message. Upon further investigation, a computer was discovered where the security camera should have been. The computer was recording all the victims’ details. That’s when the alarm was sounded and the area became a crime scene.

You can protect yourself from these types of scams by paying attention to your statements. Refute unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. (Of course, just outside the security office isn’t exactly the middle of nowhere, so always be alert.) Use strong PINs, with both upper and lowercase letters, as well as numbers. And invest in Intelius Identity Theft Protection and Prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing ATM skimming on Fox News