Government Officials Contributing to Identity Theft

Robert Siciliano Identity Theft Expert

Government officials are posting our Social Security numbers on the web, but corporations are required to keep them under lock and key.

Congressman Robert Wexler was recently targeted by a Ghanaian extortionist who supposedly obtained Wexler’s Social Security number, as well as his wife’s, from a public record posted at The Virginia Watchdog. Betty Ostergren, founder of The Virginia Watchdog, has spent the past seven years trying to put an end to the public exposure of our Social Security numbers, which are often posted online by elected or appointed state government officials. Virginia and other states apparently want this personal information online, since they have yet to pass any laws mandating the removal of Social Security numbers.

State officials posts these records online because they are public records. This is already happening in every state. Records containing extensive personal information are available on the Internet, and the elected officials that post this information put individuals at risk by failing to remove or black out Social Security numbers and other sensitive data.

The fact that Congressman Wexler and his wife were extorted should not be the big story. The big story should be the fact that these records, with Social Security numbers exposed, are made available on the Internet, thanks to elected officials.

Betty Ostergren recently found the same documents for one major U.S. corporation and their top brass on twelve different state government websites. The same list of Social Security numbers and home addresses for the top executives appeared on government websites in in Arizona, Colorado, Florida, Indiana, Iowa, Kentucky, Massachusetts, Michigan, Mississippi, New Hampshire, North Carolina, and South Dakota. And each year that the company filed a report within those states, the same 40+ Social Security numbers showed up on the documents, which are available to anyone in the world. (North Carolina did unsuccessfully attempt to redact the numbers.) The Social Security numbers of many top executives from many corporations are available on the Internet, on public records published on state websites. And so are the Social Security numbers of plain old Joe Shmoes, too. But most of them don’t realize it, and when their identities are compromised, they’ll wonder how their Social Security numbers got into the wrong hands.

We live in an ignorant country, where people pay more attention to sports and entertainment than the actions of our legislators.

Go to The Virginia Watchdog and read everything you can to become fully informed about the identity theft crisis fueled by public records.

1. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News

Florida Congressman Robert Wexler Targeted in Identity Theft Extortion

Identity Theft Expert Robert Siciliano

Sun Sentential reports that Congressman Robert Wexler, of Florida, was targeted by an extortionist who threatened to turn his Social Security number over to identity thieves. Wexler refused to give in to the extortionist’s demands, and reported the plot to the Secret Service and Capitol Police. Other members of Congress were targeted, as well. The alleged extortionist has been arrested and remains in custody in Ghana.

Wexler’s attorney, Pamela J. Marple, issued a statement:

“Congressman Wexler greatly appreciates the professionalism and ongoing assistance of the United States Secret Service and Capitol Police regarding a matter where he was targeted as a member of Congress and was the victim of crime involving extortion and attempted identity theft. This remains an ongoing legal matter that will be closely monitored.”

The Ghanaian telephoned Wexler this month while President Barack Obama was visiting Ghana, guarded by Secret Service agents. Wexler reported the matter to the Secret Service while they were in the country, which helped the investigation. The congressman, while understandably shaken that he was being extorted, should have already known that his Social Security number is out in the wild. Our Social Security numbers are in public records, databases, file cabinets, school records and, quite possibly, for sale on the Internet.

  1. Be aware that your Social Security number has already been compromised. Over the past five years, hundreds of millions of records have been stolen in major data breaches.
  2. Do everything you can to prevent your own data breaches by making sure to install and update Internet security software.
  3. Never use public PCs where spyware might be installed.
  4. Recognize that when using wireless in a hot spot, your personal information is available for the taking.
  5. Do a scan in the public records in your state to see if your Social Security number is posted anywhere.
  6. Invest in Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
  7. Get a credit freeze. Search “state credit freeze laws” online and lock down your credit to prevent new account fraud.

Identity theft speaker Robert Siciliano discusses Social Security numbers on Fox News.

Debit Cards at Risk for Identity Theft

Robert Siciliano Identity Theft Expert

There are 437,000,000 debit cards in circulation, and their use is on the rise. Criminal hackers are paying attention. Credit cards offer some measure of protection, but when a debit card is compromised, the stolen money is taken directly from the victim’s bank account.

Federal laws limit cardholder liability to $50.00 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. Debit card fraud victims must notify the bank within two days in order to maintain this $50.00 limit. After that, the maximum liability jumps to $500.00. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

There are a few known scams that can make you vulnerable to debit card fraud.

There’s the bait and switch. When making a purchase online, you may be prompted to make an additional purchase that appears to be a one time fee, but is actually an ongoing monthly debit that is nearly impossible to cancel. That’s when canceling your card is the only way out. While this isn’t technically criminal hacking, it is very slimy marketing. The best way to protect yourself from this one is to always read the fine print before making an online purchase. Just be smart.

Unless you have been living in a cave, you’ve probably received a phishing email at some point. Criminal hackers, assisted by teams of psychologists and sociologists, are designing and selling phishing kits to one another. They know what makes you tick and they know what will convince you to click on a link. These people are professionals. There used to be a day when phish emails contained obvious misspellings and but now they are organized and sophisticated. And as more people go paperless and get their bank statements online, it is becoming more common for criminals to take advantage of that process, sending emails that appear to be statement notifications. If you think an email might be phishing, delete it immediately. And don’t click on links in emails. Either manually type the link into the address bar, or use your bookmarks menu.

According the the Secret Service, Skimming is one of the financial industry’s fastest growing crimes. The ATM Industry Association reports over one billion dollars in annual global losses from credit card fraud and electronic crime associated with ATMs. A skimmer is a hardware device that a thief places on the face of an ATM, which matches the machine itself. It’s almost impossible for a civilian to notice the difference unless the skimmer is of poor quality, or the civilian has a unique eye for security. Often, the thieves will mount a small pinhole camera somewhere near the ATM, perhaps in a brochure holder, to record the victim’s PIN. Gas pumps are equally vulnerable to this scam. Pay very close attention during ATM and gas pump transactions. If something seems wrong, it is wrong. Look for double stick tape, removable features on the face of the ATM, a card sticking inside the reader, or additional mirrors or brochure holders that could contain a small camera.

1. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing ATM skimming on Fox News Here and credit card fraud on CNBC Here

XX

Spying is Alive and Well…and Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Most people assume that corporate espionage is just James Bond stuff. However, according to USA Today, even small and medium businesses are at risk. Spying has been going on since the beginning of time, and it’s alive and well today. In most cases, spying starts because a person or entity needs or wants information that is otherwise kept confidential or private from prying eyes.

Most people have probably spied at some point in their lives. Maybe as children, rifling through siblings’ or parents’ closets and drawers. Or as teenagers, spying on a boyfriend or girlfriend in an attempt to determine why a first relationship wasn’t working out. Or as parents, hoping to protect children from themselves. Hopefully this type of behavior subsides as we grow older and learn to trust others. But some people find serious reasons to spy as adults. This behavior can eventually culminate in stalking, which is, of course, illegal and can end in tragedy.

There are plenty of tools to facilitate spying. There are more ways of gathering intelligence than ever before. An online search for “spy shop” or “spy store” turns up a vast collection of small wireless cameras, listening devices, software, and hardware that can help the customer collect enough data on their target to do some damage, or uncover sensitive information.

Spyware is commercially available software that can track keystrokes, emails, and instant messages. In the wrong hands, it can be quite damaging. Keycatchers are hardware devices that can be installed in the back of a PC in order to record raw data.

It is necessary to monitor childrens’ Internet use, but an open dialogue is equally important. If a person has suspicions about his or her spouse, that’s an entirely different scenario, requiring a different set of rules. Be aware that if you spy or cheat on a loved one, you ought to be prepared for the consequences.

Protecting yourself and your business from this type of spying is difficult, but possible. Always keep in mind that those on the “inside,” such as friends, family members, employees, or people who have special access and could potentially be paid off, like a cleaning person or a security guard, can access sensitive data.

  1. Make sure that there are no mysterious hardware devices attached to your computer.
  2. Sweep your home for audio recording devices. You can either hire someone to do this, or do an online search for a tool that will help you.
  3. Password protect the administrator account on your computer, to prevent unauthorized software installation.
  4. Run a spyware removal program.
  5. Never leave file cabinets unlocked, or paper work lying around.
  6. Shed any document that may contain sensitive data before throwing it out.
  7. Lock down your wireless connections, since they are often the path of least resistance.
  8. Don’t disclose too much personal information on social networks, since that makes it easy for people to spy on you.
  9. Know that identity thieves have access to all these tools as well, so protect yourself. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  10. And invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses mobile phone stalking and spying on The Tyra Banks Show

Child Identity Theft Victims

Robert Siciliano Identity Theft Expert

Jason Truxel was denied a mortgage because of bad credit. He had no idea that his credit scores were low, so he pulled his credit reports. He discovered a tremendous amount of debt, and accounts he had never opened. One such account showed that a credit card had been opened in his name when he was 13 years old. Jason found out the hard way that he was a victim of child identity theft. When Jason was a child, his father was convicted of credit card fraud. So he went to his father’s house and found a stack of credit cards with his name on them in a dresser drawer. When confronted, Jason’s dad said that Jason would never be able to prove anything. That’s a bad dad, if I’ve ever heard of one.

Diamond Daye is 11 years old. He’s going through the same problem. Except his mother is the identity thief. She’s 31, and owes thousands in rent and cell phone and cable bills.

Child identity theft is a growing problem. The Federal Trade Commission estimates that there are 500,000 new victims every year. The culprits are often parents, since they have direct access to their kids’ personal information. Irresponsible parents who have screwed up their own credit apply for credit in their childrens’ names, once they discover how easy it is. All a parent needs is a child’s Social Security number, and the fun begins. Creditors often fail to verify the applicant’s age, and simply accepts the application. Children rarely discover that they are victims of identity theft until they are adults, and are denied credit or employment because of their negative credit history. Sometimes the custodial parent discovers that his or her ex committed identity theft when the bill collector notices begin to arrive.

There’s not much a person can do to prevent child identity theft, other than regularly requesting fraud alerts and ensuring the credit hasn’t been issued under your child’s name.

What you should do to protect yourself and your children:

Protecting yourself from new account fraud requires a credit freeze, or setting up your own fraud alerts and in your childs’ name too. This provides an extra layer of protection. In most cases it prevents the opening of new credit.

Consider making an investment in Intelius Identity Theft Protection and Prevention. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano Identity Theft Speaker discussing availability of Social Security numbers on Fox News

A ‘Whac-A-Mole’ Approach to Preventing Identity Theft

Robert Siciliano Identity Theft Expert

Computerworld illustrates the current state of information security by citing a childhood arcade game: “If you’ve ever played the silly, maddening game known as “Whac-A-Mole,” you know what futility feels like. As you smack one mole with the mallet, up pops another one. Their speed and number escalates as you flail away, trying to keep up. At some point, you realize there’s no hope of winning.” That’s why I hated that game. I was attracted to it at first, because, like Barney Rubbles’ son Bam Bam, I liked hitting stuff with blunt instruments. But that only takes you so far. To win, you need skill and precision.

In today’s world of cyber security and identity theft prevention, it isn’t enough to chase the next mole and whack it with another patch, or shred your own data and hope that someone doesn’t hack your cell phone company. You need to understand the problem and proactively implement a solution.

In the late 90’s and early 2000’s, hackers hacked for challenge, fun, and fame. It made them popular among other hackers. Soon after, consumers began spending more time online. They used their PCs to shop, bank, and manage personal affairs. Now, hackers aren’t just wreaking havoc, deleting files, or making IT administrators miserable, they’re also stealing proprietary data. Now, the real game is illegal financial gain. Hackers’ motivations have changed, which means that you need to change your perceptions of what a computer is, and how to operate it. It’s no longer something to just play Solitaire, or a play where you socialize with friends. Now, it’s a cash register to a hacker. It’s a bank. And it should be treated and respected like a vault.

  1. Run Windows Update, or it may also be labeled “Microsoft Update,” on your PC. If you have Windows XP, you want “Service Pack 3” installed. You can also go to “Control Panel” and then “Security Center” and turn on automatic updates, so Microsoft will install the latest security upgrades automatically. If you have Vista, the process is similar, but you want “Service Pack 1.”
  2. Install antivirus software. Most PCs come bundled with software that runs for free for up to a year. Once it expires, you need to renew the license. If you don’t, every day that your software isn’t updated provides more opportunity for criminal hackers to turn your PC into a zombie that sends viruses to other PCs or sends spam shilling Viagra.
  3. Install anti-spyware software. Most antivirus providers define spyware as a virus now. However, it’s still best to run a spyware removal program once a month or so, to ensure that your PC is rid of software that could allow a criminal hacker to remotely monitor your data, keystrokes, and the websites you visit.
  4. Use Firefox. Internet Explorer is clunky, and the most frequently hacked software that exists. Mozilla’s Firefox is more secure.
  5. Secure your wireless. If you’re running an unsecured wireless connection at your home or office, anyone can jump on the network and access your files from up to 500 feet away. Your router should have instructions on how to set up WEP or WPA security. WPA is better. If this is a foreign language to you, you should either hire someone, or ask your 15 year old for help.
  6. Install a firewall. Microsoft’s operating system comes with a built-in firewall, but it isn’t especially secure. Go with a third party firewall that comes prepackaged with antivirus software.
  7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  8. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses criminal hackers targeting wireless devices on Fox News.

Social Media Privacy and Personal Security Issues

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

Identity Thieves Gather Data From Social Networks

Robert Siciliano Identity Theft Expert

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. Apparently, they see no reason to distrust. Generally, your “friends” are people who you “know, like and trust.” In this world, your guard is as down as it will ever be. You can be in the safety of your own home or office, hanging with people from all over the world, in big cities and little towns, and never feel that you have to watch your back.

PC World reports that a third of social networkers have at least three pieces of information posted on their pages that could lead to identity theft. Names, addresses, birth dates, mothers’ maiden names, kids’ names, pets’ names and phone numbers are among the various types of data that could help a criminal piece together your identity. Social networkers are simply making it too easy for thieves.

Almost 80% of those polled are concerned about privacy issues on social networks, yet almost 60% are unaware of what their privacy settings are and who can see their data. One third of social networkers admitted that they use the same password for all their social networking accounts.

Most social networks have privacy settings that many users never venture to manage. It is imperative to spend a few minutes and lock down your profiles so they can’t be seen by everyone in the world.

It is not unusual for a potential identity thief to “friend” a potential victim. The thief poses as someone the target may know, or someone who is known within the target’s social circle. Once the thief has been accepted as a friend, he or she is in the target’s inner circle and gains a great deal of insight into the target’s daily life.

People often try to “friend” me, and I can see that they are “friends” with people I know. But I don’t know them. And the mutual friends often tell me that they don’t know the person, but were “friends” with someone else they knew, and they accepted based on that! That’s nuts! Next thing you know, they are trolling through your “friends” and befriending people in your network, who accept based on their trust in you! Dizzy yet? The point is, stop the madness! Don’t allow these trolls into your life. Mom told you not to talk to strangers. I’m telling you not to “friend” strangers, because they could be scammers.

Scammers are watching. They know that once they are on Facebook, your guard goes way down.

Regardless of all this craziness protect your identity.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity theft speaker discusses Facebook scams on CNN

Web Based emails Insecurity Leads to Identity Theft

Robert Siciliano identity theft expert

I recently appeared on Fox and Friends to discuss email hacking. Dave Briggs, a FOX & Friends Weekend co-host, lost access to his Hotmail email account when hackers were able to guess either his password or his qualifying question. (He admitted that his password was not as strong as it should have been.) The hackers locked Briggs out of his own account and spammed all of his contacts with a fraudulent email that appeared to be written by Briggs himself, claiming that he was trapped in Malaysia and requesting that someone help him by transferring money via Western Union. Only after persistently contacting Hotmail administrators was Briggs able to regain control of his own email account.

Twitter was targeted by a similar hack, which led to a data breach. It is likely that the hacker guessed the answer to a Twitter employee’s security question and reset the employee’s password. On Wednesday, Twitter co-founder Biz Stone blogged, “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.”

And of course, Sarah Palin’s Yahoo email account was hacked into last year, during the presidential campaign. The hacker explained how easy it was in Wired.

Web-based email rocks! Since you’re no longer tethered to a PC-based client, you can access your email from anywhere. And all the data saved in your email account will be safe if your PC crashes. Many web-based email providers offer gigabytes of free storage and other useful tools like documents, RSS readers, and calendars. Life in the cloud is easier and more convenient. But is it secure?

PC Pro reported on a study run by Microsoft Research and Carnegie Mellon University, which measured the reliability and security of the questions that the four most popular webmail providers use to reset account passwords. AOL, Google, Microsoft, and Yahoo all rely on personal questions to authenticate users who have forgotten their passwords. The study found that the “secret questions” used by all four webmail providers were insufficiently reliable authenticators, and that the security of personal question appears much weaker than passwords themselves. Yahoo claims to have updated all their personal questions in response to this study, but AOL, Google, and Microsoft have yet to make any changed.

Once a hacker has your email address, he or she can simply go to the “forgot password” section of your email provider’s website and respond to a preselected personal question that you answered when signing up for the account. With a little research, the hacker has a good shot at finding the correct answer.

Some of the current questions could be answered using information found on a user’s social networking profile, or through a website like Ancestry.com or Genealogy.com. Some answers might be found in the user’s trash. Some questions seek opinions, rather than facts. For example, “Who is your favorite aunt?” requires an opinion in response, but if a hacker knew the names of all your aunts, he or she could enter them all one by one. Some questions would be more difficult to answer. Unfortunately, if you signed up for your web-based email account over a year ago, before these email hacks became more common, your questions may be even easier to answer.

Gmail’s current personal questions are:

  • What is your frequent flyer number?
  • What is your library card number?
  • What was your first phone number?
  • What was your first teacher’s name?
  • Write my own question

Yahoo’s current personal questions are:

  • What is the first name of your favorite uncle?
  • Where did you meet your spouse?
  • What is your oldest cousin’s name?
  • What is your oldest child’s nickname?
  • What is the first name of your oldest niece?
  • What is the first name of your oldest nephew?
  • What is the first name of your favorite aunt?
  • Where did you spend your honeymoon?

I suggest that you check out the “forgot password” section on your own web-based email account, to see your current personal question. If it’s easy to answer, or would only require a little research to solve, update the question with one that you create based on opinion, as opposed to fact. And keep in mind that most people list “pizza” as their favorite food and “liver” as their least favorite. So be creative. You should also beef up your password. Combine uppercase and lowercase letters, as well as numbers. Don’t use consecutive numbers, and never use names of pets, family members, or close friends.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Tweets Link to Identity Theft

Identity Theft Expert Robert Siciliano

“Misty Buttons” just started following me on Twitter. She’s curvaceous, bodacious and isn’t getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I’m going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne’er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That’s more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn’t just obvious Twitter porn that you need to watch out for. It’s also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor’s Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

  1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  2. Install anti-virus protection and keep it updated.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.