How to Protect Your identity When Buying or Selling a Home

If you are in the process of buying or selling a home, at some point, you are going to have to disclose personal information when you go through the process. Because of this, a home buyer, especially, is much more likely to become a victim of identity theft.

Here are some ways to protect your identity when buying or selling a new home:

Ask if Communication is Secure

One thing to do is to make sure your mortgage and real estate professionals are using secure electronic communications. If they can’t articulate their security, such as they use two step verification, etc, then they aren’t generally secure. Otherwise, you should drop documents off in person.

Ask How Personal Info is Handled

Another thing to do is ask your lender how they will handle your personal info after the loan is complete. Are documents able to be stored securely? Will they be shredded when no longer needed?

Ask About Security Policies

You should also ask about the security policies of your lender and/or real estate professional. If they don’t have a security policy, they aren’t secure.

Get a Referral

Ask people you know for referrals for mortgage and real estate professionals. Verify that their licenses are current. Do business with those who others know, like and trust.

Choose a Real Estate Team That You Trust

Buying a new home takes a full team on both the sides of the buyer and the seller. So, you have to make sure that you trust them and that all of their credentials are up to date. You should also do your best to read reviews online.

Be Aware of Frauds

Fraudsters are always out there, and they take advantage of people looking to buy a home. For example, according to investigators, a California woman would offer to buy a home on behalf of the buyer because the buyer was under funded or an illegal immigrant. After the buyer provided the deposit, she would never be heard from again.So keep your eyes open as you go through the process.

Recognize Money Wire Scams

When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

Nearly 10,000 people reported being victims of this kind of fraud in When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back., the FBI report said. Real estate is only now tightening its belt and fighting back. The moment a wire transfer is requested via email, tell your agent or broker you want to meet them at the office to discuss. End of story.

Be Cautious on the Internet

During this process, you will be filling out a lot of forms and giving out a lot of your personal information. So, to help prevent any identity theft, you should only use a secure device on a secure network. You also have to make sure that you are using strong, varied passwords, and if you have to print out copies of documents, you should hide any account numbers or Social Security numbers.

Use Credit Monitoring or ID Theft Protection

When making a large purchase like a new home, you should make sure to have real time credit monitoring and identity theft protection.

Freeze or Lock Your Credit Until Making an Offer

You also might want to consider freezing or locking your credit until you are required to have your credit checked. Both options prevent a creditor from accessing your credit report, which stops a criminal from opening a new account.

Credit locks are available from consumer credit bureaus for a small fee, and you can lock or unlock your credit whenever you want. A credit freeze is free but slightly cumbersome. Go free and learn it.

Get a Copy of Your Credit Report

It’s also a good idea to get a credit report if you are going to finance a home. Checking this report will give you a good idea of what you can afford each month, and it will allow you to see if there are any mistakes or unusual behavior on the reports.

Stay Safe During the Closing Process Finally, remember that fraudsters are always out there, especially when people are using large sums of money. The Federal Trade Commission estimates that people lost about $1.48 billion to fraud last year, alone. So, it’s imperative that you keep yourself safe by avoiding things like phishing schemes, and if something sounds too good to be true, it probably is.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to be a Grandma Identity Thief Murderer

Lois Riess is a woman from Minnesota who police say shot her husband, went on the run, and then killed a woman in order to take on her identity.  Here are some shocking facts about her:

Riess Looked Like her Victim 

The woman Lois Riess killed, Pamela Hutchinson, looked like her. This is why Pamela lost her life. When the body was found, police said her ID, credit cards, cash, and car was gone. Police put out an arrest warrant for Riess, and then started hunting for her. Police say the women did not know each other.

Lois Riess Allegedly Killed Her Husband, Too

Pamela Hutchinson wasn’t the only one who has allegedly died at Riess’ hand. Lois’ husband, David Riess, is also dead. He was found in the couple’s Minnesota home with several gunshot wounds after two weeks of not showing up at work. David’s car was missing, as was $11,000 out of his business account. It is believed that Lois used the same gun to kill both of her victims. Though Lois originally took the couple’s Cadillac, it was found abandoned in Florida several days later.

Pamela Hutchinson and David Riess

Though she was killed in Fort Myers, Pamela Hutchinson didn’t live there; she lived in Bradenton, FL. She was in Fort Myers to spread the ashes of her husband who had recently passed away.

David, Lois’ husband, owned a commercial worm farm. He was a Navy veteran and loved boating, fishing, hunting, and spending time with his grandkids.

Lois Riess was a Gambler, and She Had an Interesting Nickname

According to reports, Lois Riess was a gambler, and had an addiction to gambling that eventually destroyed her family. It is said that she stole more than $100,000 from her sister, and had the nickname, “Losing Streak Lois.”

Lois Took a Road Trip After the Killings

After killing Pamela, detective believe that Lois left Florida and traveled through Alabama, Mississippi, Louisiana, and Texas. She was driving Pamela’s car, which she took after shooting the woman.

Before Lois was even captured, she was charged with the murder of both her husband, David, and Hutchinson. She is facing a first degree murder charge in Florida along with grand theft auto, grand theft, and criminal use of personal identification. She faces the death penalty if found guilty. As for the alleged murder of her husband, David, in Minnesota, murder charges are pending, so it’s likely that she will face two counts of first degree murder when all is said and done in this case.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst Year for Identity Theft EVER!

Javelin Strategy & Research recently released its Identity Fraud Study, and it revealed that the number of identity theft victims rose by 8% in 2017 when compared to 2016. That’s almost 17 million people, which is a record high. Despite more information and industry efforts to make people aware of these practices, $16.8 billion was stolen due to ID theft in 2016.

The study also showed a shift in how ID theft fraud was being done. Credit card accounts were the most common targets for new account fraud, we also see that there is a big uptick in other accounts being targeted, including PayPal accounts and e-commerce merchant accounts. We can also see that more than 30% of consumers in the US were notified that their information was part of a data breach, which is 12% higher than the year before. Social Security numbers also seem to be a favorite of ID thieves, as are credit card numbers. We also see that due to these breaches, consumers are becoming less trusting when it comes to companies and financial institutions that are storing personal data.

The Trends

There were four noteworthy trends that were also found in this study:

  • There was a Record High Rate of Identity Fraud – The study shows that almost 7% of all consumers were victims of ID fraud. This was almost a million people from 2016. This was mostly due to more account takeovers and more instances of fraud.
  • Account Takeover Has Grown – One of the most shocking things found in this study is that account takeover has tripled when compared to 2016 and has reached a four-year high. This is a 120% increase. It was also noted that the average victim had to pay an average of $290 out of pocket to solve these issues, and consumers spent more than 62 million hours trying to work these issues out.
  • Scammers Target Online Shoppers – The study also shows that people who shop online are most at risk of becoming a victim of fraud.
  • Scammers are More Sophisticated – Finally, the study showed that fraudsters are more sophisticated than ever before, and they use more complex methods than ever before.

Finally, the Identity Fraud Study did something new this year, too. It looked at the way news of data breaches has affected consumers. About 63% of people who responded say that they were “very” or “extremely” concerned about becoming a victim of a data breach.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Tips for Preventing Embezzlement and Employee Theft

If you are a business owner, you might be concerned about employee theft. If you aren’t concerned, perhaps you should be.

There are a number of ways that an employee can steal:

  • Embezzlement money, inventory or materials
  • Skimming – Diverting funds
  • Stealing business opportunities, data or trade secrets
  • Fraudulent disbursements like check tampering or billing schemes
  • Larceny – absolute theft

It might surprise you to find out that employees who steal are not usually new employees. Instead, they are those who have worked for a business for a number of years. (Three years is the average.) So, what can you do to protect your company from employee theft? Here are some ideas:

Watch Your Staff

You should be aware of the signs of theft. These include:

  • A sudden devotion to their work and/or the company
  • Working late
  • Living above their salary
  • Drug or alcohol abuse
  • Evidence of gambling, bad check writing, or persistently asking to borrow money
  • A second job with materials available at your business
  • Strong objections to changes in inventory, financial, or supply procedures

Small businesses should always do background checks on any potential hire. Checking references is one thing, but to really understand who you are hiring, a full background check is best.

Supervise Employee Behavior

Research shows that employees are more likely to commit acts of fraud and theft when they don’t have a lot of supervision. You don’t have to supervise them constantly, but you should check on them often. It also is a good idea to have more than one person in charge of company finances.

Control All Business Receipts

Use pre-numbered sales slips and audit them frequently. This is especially the case with cash. You should not rely on a sales clerk to count and audit these receipts. Have another person do it.

Use Random Auditing

Start doing unannounced audits internally, and hire an outside company to do a yearly audit.

Use Purchase Orders

You should also use purchase orders and make sure that these are not handled by the same people over and over. It’s best to use pre-numbered purchase orders, and then always verify any orders coming in.

Keep Track of Business Checks

Use checks that are pre-numbered and make sure the amounts and recipient name is typed or in permanent ink. It’s best to produce checks from software, such as QuickBooks. If you have bank checks, make sure they are locked up.

Install Security Software on Computers

Start using security software on your computers that monitors employee activity, and restrict access to company records. You should also frequently change passwords and ensure that all of your security features are working.

Be Responsible with Accounts Receivable

Ensure that you are recording all of your incoming payments. Make sure incoming checks are marked as “deposit only.” Hire a forensics accountant at least bi-annually. Having a professional come in looking for discrepancies, or “cooked books” is worth every penny.

Use Security Systems with Inventory Management

Keep shipping and receiving as separate functions. Consider using security devices to monitor all inventory and merchandise that is coming in.

Install Security Cameras

Frankly, “trust” is overrated. It’s natural and normal to trust by default. As an “interdependent” species, humans can’t function without inherently trusting one another. But while most people can be trusted, the few that can’t need security cameras pointed at them all day.

Help Employees Report Theft by Their Co-Workers

You should make it as easy as possible for your staff to report theft or fraud by their co-workers. You want to make sure that you are doing this discretely, and you want to make sure that you don’t make it look like you don’t trust your staff.

What to Do if You Suspect Theft

If you have an employee who you think is stealing form you, here’s what you should do:

  • Use extreme caution when conducting your investigations and when making an accusation. If this turns out to be false, it could mean a lawsuit for you.
  • If you have a suspicion, investigate. If you can correctly identify the employee who is responsible, you should terminate their position immediately, revoke all network and building access and then consider contacting the authorities.
  • If theft is a complex or a large issue involving more than one employee, you should talk to a legal professional. They can help find experts who can help.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Understanding and Stopping Criminal Identity Theft

The definition of criminal identity theft is a crime where the criminal impersonates the victim in order to protect their innocence. This can lead to victims getting fines or even getting arrested and charged for crimes they did not commit.

How Does This Happen?

There are a number of ways that a criminal can pull this off, and it generally occurs when the thief steals someone’s identity. This is true and pure identity theft, often involving a drivers license with the thieves picture and the victims information. Once they have that, they are pretty much free to commit crimes in their victim’s name.

Stopping Criminal Identity Thieves

If you think that you are a victim of this crime, you should first get in touch with the police department where the charges are coming from. You should offer proof of your identity, and then fill out an impersonation report. The police will often take a photo, get your fingerprints, and run your ID info through their database. When they prove your innocence, warrants will be released. If you feel like this is a complicated situation, however, it is in your best interest to get a lawyer.

Did Someone Use Your Driver’s License?

If someone has stolen or used your driver’s license, take the following steps:

  1. Get your driver’s license record. You can get this from the DMV.
  2. Identify any inaccurate information from the report.
  3. Report any discrepancies.
  4. Discuss facial recognition with the DMV and if others photos are tied with your information.
  5. Clear all of the discrepancies. The DMV will do this for you after an investigation.

Signs That You Might be a Victim of Criminal Identity Theft

Sometimes you might not realize that you are a victim of criminal identity theft, but here are some signs:

  • Your Social Security Statement may have errors.
  • There will most likely be errors on background checks.
  • You might get fired and told your criminal record is the reason.
  • You might not get a job or apartment due to your false criminal record.

Preventing Criminal Identity Theft

There are some things you can do to make the chances lower that you will become a victim of criminal identity theft:

  • Keep your Social Security number and driver’s license safe and hidden when possible.
  • If you have to get a new credit card and/or driver’s license, make sure the numbers are different. You don’t just want the same number as the thief can still use it.
  • Get a credit freeze and consider identity theft protection.
  • Frankly, be as digitally secure as possible and manage paper records the best you can. But this is a hard crime to stop on your own.
  • Criminal identity theft happens when the victim has done nothing at all to secure their identity

Should You Be Worried About Criminal Identity Theft?

All of this sounds pretty scary, but there is only a very small chance that you would be held liable for any of these crimes. The bigger issue is that someone could victimize you for years, and you would never realize it. It could become a big headache, and it could also create a domino effect that could ultimately tarnish your good name. Preventing identity theft of all kinds is a start, and as long as you know how to fix it if it happens, you should be okay in the end. Don’t worry about it, but do something about it.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protecting Your Parents from Identity Theft

According to statistics, those who are 50-years old and older, like 65-85, are often targets of identity thieves. The bad guys have no issue taking advantage of your parents. They violate their trust, and understand that they are often naïve about the internet and scammy phone callls. Cyber criminals also know that older people have retirement money and more savings, and this money is ready for them to take. Here are some of the common scams that the bad guys use:

Common Scams Against Older People

  • The bad guys might send them an email saying that they are from the IRS, CIA, FBI, or even a bank. The email says that there is a problem that needs the recipient’s attention. The scammers then ask for information like their Social Security numbers, bank account information, and more.
  • Another scam is to pull on their heart strings. In this case, the scammer calls the person and claims to be someone they know, like a grandchild, who needs money wired because it’s an emergency.
  • Scammers also try to take advantage of people by using their home’s information. If they can access the deed of a person’s home, they can use other information, like their bank account number and Social Security number and can refinance the home. Then, of course, they get all of that money and the person living there is none the wiser.
  • Crooks also focus on people in retirement homes. They get a job at these homes, and then manipulate the residents to give them personal information.
  • They seek out the lonely. If your parent is single because of divorce or death they are a target. Loneliness often trumps common sense. There’s a level of desperation that predators seek out.

Preventing Scams Against Your Parents

You probably want to do all that you can to prevent this from happening. Here are some methods you can use:

  • Become the main guardian over the personal information and financial accounts of your parent’s. This way, when your parent is contacted by a suspicious person, they must go through you to get any information. Even information like your mother’s maiden name might be used to commit identity theft down the road. Make sure your parents know that they shouldn’t ever share personal information and any and all requests for any money must go through you. No matter how persistent the person on the phone or via email is.
  • Don’t ever share personal or identifying info on a social media site. Criminals will target your parents in “Grandparents Scams” posing as their grand children in distress using social profiles as research.
  • Make sure your parents know to check their credit card and bank accounts quite often. You should also set up text or email alerts about their accounts.
  • Get your parents a shredder. All bank statements and any other sensitive information should be put through the shredder. Crooks love to go through trash to find old statements and other information that they can use.
  • If your parents use Wi-Fi, show them how to use a VPN. Hotspots are not protected and scammers use them often.
  • When writing an obituary, don’t use any details that a crook could use to steal an identify. Sadly, the bad guys use this information in terrible ways.
  • Explain the importance of email safety. Phishing is very common, and even if an email looks safe and legitimate, no one, including you or your parents, should click a link in an email.
  • Help your parents understand that there is a difference between http and https. Tell them that if a website has http, it is not secure, so they shouldn’t share personal information.
  • You can also help your parents opt out of any unnecessary offers. Go to the website com and sign up.
  • Work with your parents to freeze their credit.

Stay Aware of Scammers

Do not allow your parents to be a scammer’s next victims. You can easily prevent this, and most importantly, your parents won’t have to go through the stress of rebuilding their credit and recovering their identity. One of the most important things that you can do is to be aware of these scams.

Protect the Identity of Your Parents

All of us are vulnerable to identity theft, and we can’t protect ourselves 100% of the time. However, by doing things like signing up for identity theft protection or doing a credit freeze can help to keep us all safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Do You Really Need Identity Theft Protection or is it a Waste of Money?

I see a ton of articles that say identity theft protection is not something you really need. These articles have titles like “ID Theft Protection Does Not Work,” or “The Poor Man’s Guide to ID Theft Protection.” Though some of these articles have a bit of merit, they totally miss the point.

Here’s the deal – You can’t protect yourself from every type of ID theft out there, and the types you can protect yourself against require a ton of focus. One way or the other, it will cost you money, time, and probably a bit of anxiety too.

Those who have elected not to invest in ID theft protection say they don’t need to pay for a service that they can take care of on their own. Why? Because they do the following:

Dispose of Their Mail, Securely – One thing that people do to protect their identity is to shred all of their mail. This is especially the case when it contains account information. However, this isn’t enough. Though you might do your part, there is no guarantee that your bank, mortgage company, or even electrical provider won’t toss paperwork with your information into a dumpster. At that point, it’s free for the taking.

Opt Out of Preapproved Credit Card Offers and Junk Mail – Yes, this is good advice. You can do it online at OptOutPrescreen.com. However, keep in mind that even if you do this, you will still get some offers.

Get a P.O. Box – I’m not sure why people think that getting and using a P.O. box will help to protect them from identity theft, but they do. Yes, this is a more secure way of getting your mail and in some cases will protect sensitive data. Unfortunately, this doesn’t help much.

Check Their Credit Report – Yes, you should always check your credit report. But, people who believe that checking their credit report can stop ID theft are mistaken. You can get a free credit report each year at AnnualCreditReport.com, but you really need to check more often than once every 12 months. Checking a credit report does not proactively protect your identity.

Set Up Fraud Alerts – People also set up fraud alerts and think they are fully protected from ID theft. Again, fraud alerts are great, but they expire after 90 days, and most people forget to renew the service. Additionally, these are only a guideline for your creditors, and they are not required to contact you if they issue credit.

Freeze Their Credit – These people also freeze their credit. This is a good thing to do, and I think it is fundamental to protecting your identity, but again, it doesn’t help to protect your ID from tax-related identity theft, criminal identity theft, account takeover or medical identity theft.

All of these things help, and are necessary in addition to a Protection Service, but people who stick with these and don’t get full service identity theft protection are putting themselves in a precarious position. Instead, it’s best to get a professional product, which offers better protection.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

The Equifax 2017 Exposed: What Half of America Needs to Do Right Now

Equifax has been hacked. As one of the three major credit bureaus in the United States, this is seriously bad. It is considered by many to be the worst security breach in the history of the internet. The extent (about 143 million Americans) and the sensitivity of the data is a rude awakening in a year when cyber has been in the center of the news.

What does this mean for you? It means that your Social Security number, and possibly even your driver’s license information, could be in the hands of hackers. Some are already calling this the worst breach of data in history.   

How Did This Happen?

On September 7th, Equifax announced that a security breach occurred that could impact as many as 143 million people. Though this isn’t the largest breach to occur, it could be the most devastating. The data that was accessed included Social Security numbers, address, birth dates, and driver’s license numbers. All of these can be used for identity theft.

Equifax also announced that the credit card numbers of more than 200,000 people were accessed, as were documents containing personal identifying information for more than 180,000 people. With this information, the hackers can commit credit card fraud. This isn’t as bad as identity theft, as credit card fraud is usually simple to fix, but these thieves could still open new credit card accounts in your name with your Social.

According to Equifax, the company discovered the data breach on July 29. Apparently, the hackers accessed the files from around mid-May all the way through July.

Richard F. Smith, the chairman and CEO of Equifax, admits that this is a “disappointing event” and that it “strikes at the heart” of the goals of the company. He also apologized to customers who work with Equifax and consumers. Boo hoo. I cry for you.

Why Did It Take So Long to Announce This?

You might be wondering why it took so long to announce that there was a data breach at Equifax. After all, the company discovered it on July 29, and didn’t announce it until September 7. Their Director of Social Media, has an answer. She said that as soon as the company discovered the breach, they stopped the intrusion. The company also hired a cybersecurity firm, which did a full investigation. This investigation was time consuming, and they wanted to have all of the information available before informing the public. Makes sense.

But Wait…There’s More

To add to this story, Bloomberg News announced that three executives from Equifax sold shares worth about $1.8 million. What’s shocking is that they did this AFTER the company discovered the breach. This will come back to bite them.

You can check to see if you are affected by the breach by using an online tool that Equifax has set up. FYI, I checked out my info, I’m a victim.

You should go there, enter your last name and the last six digits of your Social Security number, and the system will tell you if your information has been compromised. If it has, Equifax is offering a complimentary enrollment into the TrustedID program. However, there is language in the terms of service that may restrict your ability to have your day in court if you were to join a class action and the NY Attorney General is pissed. According to USA Today, a class action lawsuit has already been filed against Equifax. This class action suit seeks to secure all records associated with the breach and fair compensation for those who were affected.

Read the NYT.

You don’t have to have done any type of business with Equifax to be affected by this. If you have ever applied for a mortgage, loan, or credit card, the company likely has your information. The TrustedID program is going to be free for an entire year for anyone affected. It gives consumers the ability to lock and unlock their credit reports. They also get internet scans for their Social Security numbers and identity-theft insurance. You can also call Equifax at 866-447-7559.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Second Hand and Discarded Devices Lead to Identity Theft

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Inside the Business E-mail Compromise Scam

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.