The State of Information Security Sucks

Robert Siciliano Identity Theft Expert

The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community.

Enterprise networks are becoming hardened and they are still vulnerable. Some are being penetrated directly while others are accessed through 3rd parities such as their clients or end users. Unprotected networks are being sniffed out and data breaches continue.

The organizations that track these breaches are bored, frustrated, hate the industry and offer no good news. Innovation isn’t happening fast enough and new laws and regulations aren’t effective in solving the problems.

PCI and all those who fall under its requirements are chasing their tail. Infighting continues and rumblings of lawsuits against PCI persist.

Law enforcement is getting better at investigating and catching the badguy, but there are far more of them then there are of us.

Between the TJX breach and the Heartland hack there were as many as 224 million credit and debit card numbers hacked. The criminals penetrated the networks “in broad daylight” so to speak, which means they didn’t have much trouble getting in. The hacks may have occurred via unsecured wireless networks, SQL injections or via social engineering though a phishing email with infected links.

While IT security professionals and white-hat hackers are fighting the battle with newer, better, faster, more robust technologies to keep the bad-guy out, the bad guy still gets in via the path of least resistance, which may be human error, laziness or a zero-day attack consisting of  something we’ve never seen before. Often it is the former.

New stories keep coming out depicting small businesses losing hundreds of thousands of dollars via online banking hacks and the banks filing suit so they don’t have to pay it back.

I just spoke to 60 bankers at a conference in Las Vegas. Many of them professed to learning a lot. . No offense here, but I am of the belief that nothing I say should be in any way “new information” to anyone in the banking industry.

As we move closer to mobile banking and a dozen new ways to process credit cards we create new opportunity for the criminals and we haven’t tightened up existing vulnerabilities yet.

We are fragmented and all over the place with an incredible array of interdependent technologies that are set up with convenience in mind and security second.

Somebody please tell me to shut up.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

Fostering Awareness & Improving Security Education

Robert Siciliano Identity Theft Expert

Financial institutions have the most to lose and the most to gain by improving security education of their clients and employees.

A while back  I appeared on a local TV show talking about phishing. Amazingly, still, not everyone knows what phishing is. A good friend saw the show and was shocked by what she learned….about her bank.

She received a phishing email and didn’t know what it was. The email asked her to update her account. It was confusing so she called her bank. She spent 20 minutes on the phone with a bank rep discussing her account and the bank could find no record of the communication or any issues with her account. At the conclusion of the call the bank rep said, “I don’t know why you received this email, your account information is in order.” Click.

That night she saw my phishing clip and wondered why the bank never mentioned a single word about phishing. Her bank failed her. They failed to educate her and therefore failed to protect her. She is no longer a client of that bank.

The mindset of financial institutions needs to change drastically when it comes to educating their clients about identity theft and security issues. Old school “sweep it under the rug” don’t discuss it because it will scare people school of thought is dead. People want, need and require information to protect themselves.

The game has changed. People are concerned for their personal security and are hungry to learn. The fact that you or anyone reads this blog is a testament to society as a whole wants to learn. Soccer moms are now security moms.  I’ve seen major industry players in the anti-virus space catering to these mommy bloggers and others because they understand the public is hungry for this. Banks, well, not so much.

Engage the public and they will respect you and want to do further business with you.

Linda McGlasson, Managing Editor at BankInfoSecurity.com interviewed me for a segment on this issue. Listen to the Podcast here It requires a login but its worth your time.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the lack of security in online banking on CBS Boston

Diploma Mills Facilitate Identity Theft

Robert Siciliano Identity Theft Expert

Diploma mills were born along with elearning institutions who are actually legitimate and accredited bodies. Degrees and diplomas issued by diploma mills are frequently used for fraudulent purposes, such as obtaining employment, promotions, raises, or bonuses on false pretenses. They can also be used as a form of fake ID when posing as someone else to gain employment, impersonation of a licensed professional or used to assist as a breeder document leading to “real” fake ID’s.

A fake diploma is an effective social engineering tool used to gain access to your corporate networks.

From Wikipedia “A diploma mill (also known as a degree mill) is an organization that awards academic degrees and diplomas with substandard or no academic study and without recognition by official educational accrediting bodies. The purchaser can then claim to hold an academic degree, and the organization is motivated by making a profit. These degrees are often awarded based on vaguely construed life experience. Some such organizations claim accreditation by non-recognized/unapproved accrediting bodies set up for the purposes of providing a veneer of authenticity.”

The diploma mills often model the names or accredited educational institutions. They may even take a portion of a universities name and make it a part of their own. Such modeling tactics involve using similar logos, color schemes, and designing their websites to mimic an Ivy League school, right down to the .edu web address.

Just like a legitimate college or university, diploma mills may actually require the student to purchase books, do homework and take tests.  However, the diploma mill may make it extremely easy for someone to pass. Students in many cases are able simply purchase a diploma no questions asked. Many of these organizations are nothing more than glorified print shops.

As an employer who requires a diploma as official entry to your organization, you must recognize the risks associated with accepting documents that are fake, designed to give the bad guy access to your networks.

Diploma mills and the documents they print can be difficult to detect. However, today, thanks to the Internet, many websites and organizations are publicly “outing” diploma mills.

When hiring and presented with a diploma, search out the name of the educational institution and see what comes up. More effective is to do a search of the name on the diploma then “diploma mill” in quotes. If you begin to see a trend of sites popping up referencing fraud then call your attorney. Someone who is likely to commit fraud of this nature, may cause even more problems when you decline their employment.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing fraud on Fox News

mCrimes Morph Into mBotnets

Robert Siciliano Identity Theft Expert

Botnets are robot networks of computers connected to the Internet that sit in our homes and offices. A botnet is generally banks of multiple PC’s from the 10’s to 10,000’s to millions. There are no hard numbers on botnets but last figure I saw was somewhere between 3-5 million. Another stat is 25 percent of all US based PC’s are on a botnet. That’s just insane.  Botnets PC’s are called Zombies. Zombies all generally share a virus in common that allows for a remote control component. The criminal hacker controls the zombies on the botnet via an IRC control server or via a peer to peer network.

The combined power of the zombies on the botnet allows the criminals to commit all kinds of crimes such as denial of service attacks, mass spam campaigns of blasting viruses to millions.

Often botnets are used to store stolen data or to host spoofed websites that collect that data.

Now comes “Sexy Space,” an infected text message containing a link that when clicked downloads a file making that phone part of an mBot. mBots are made up of “Zobiles”.  The download then infects the users contact list and in typical virus multiplication fashion, sends the Sexy Space text to them too.

It is believed that infected phones could then be used in similar ways as traditional zombies are.  The extra twist with a zobile is its ability to take pictures, video, and used as a covert audio listening device. It can also sniff out wireless connections to the Internet and gather additional data to be used to hack.

History indicates that we are at the forefront of an era in which criminal hackers develop tools and techniques to steal your money using your own cell phone. Fifteen years ago, cell phones were bulky and cumbersome, they had to be carried in bags or briefcases. Then they became chunky, heavy bricks. Calls dropped every other minute. Clearly, cell phones have evolved since then. Today’s cell phone is a lot more than a phone. It’s a computer, one that rivals many desktops and laptops being manufactured today.

Never click on links in text messages unless you are 100 percent sure it’s a legitimate communication from a trusted source.

Follow your phones manufacturers and carriers recommendations on securing your phone. A search on “mobile phone security” turns up options/downloads/security to consider.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing mobile phone crimes and hacking on the Mike and Juliet Show

EFT Point of Sales Hackers Net $50 Million

Robert Siciliano Identity Theft Expert

Readers of these posts are familiar with ATM skimming. ATM skimming is a billion dollar problem and growing. A relatively new scam over the past few years is electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

Last year, legitimate EFTPOS devices at McDonald’s outlets across Perth Australia were replaced with compromised card-skimming versions, with 3500 customers cheated of $4.5 million. They actually replaced the entire device you see at the counter when you order your Big Mac!

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar scam was pulled off at the Stop and Shop Supermarket chain.

“One reason POS machines are so vulnerable is that nearly all of the estimated 12 million devices in the U.S. employ a 40-year-old magnetic stripe technology that industry experts say is largely defenseless against the high-tech wizardry available to fraudsters today. These experts say that thieves can buy skimming gadgetry on the open market. Right now you can walk into a computer store in Malaysia and buy one of these devices for about $200”

The solution to this type of crime may be with authenticating the card or the card holder. Today this is out of the hands of the consumer. There are a number of new technologies that if banks/retailers/industries adopt to identify the actual card/user at the POS or even online, then most, if not all, of the card fraud problems will be solved. There is a race going on right now to see who gets there first. In the next 1-5 years we may see new cards being issued such as “chip and pin” which are standard in Europe. Or no new cards at all but changes in the system that identifies a fraudulent card making the data useless to the thief, or a 2 card system that requires a second swipe of another authenticating card the hacker doesn’t have access to. We will see how this all plays out.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

Citizens Need to be More Involved in Cybersecurity

Robert Siciliano Identity Theft Expert

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” Somebody is saying to take personal responsibility and start doing things securely opposed to expecting it to all be done for you. What a revelation!

Just because everyone has access to the Internet, doesn’t mean they are using it securely. If a person decides to login, they should take some basic courses or read about how to login securely. And the education doesn’t stop there. New scams pop up every day and one has to be aware of their options. I write almost every day and there is never a shortage of topics for me to discuss.

The Internet can be a dangerous neighborhood with bad people around every corner. I got an email from a colleague today who is in the security business. He asked me if the email he received from Facebook to change his password was a fake or real. This is a smart guy, who obviously never heard of the Facebook phishing scam before.

NetworkWorld reports They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say. The awareness they call for has to go beyond simply “if you do not protect yourselves bad things will happen to you” and create a sense that cyber security is a civic duty. Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],”they say. “Cybersecurity must become a national civic responsibility.”

Frankly, we as citizens HAVE TO do something. Richard Clarke, the president’s cybersecurity adviser, recently wrote that the Department of Homeland Security “has neither a plan nor the capability” to protect the U.S.’s cyber infrastructure. He said companies and individuals “almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more.”

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in  Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

6. Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

How Banks Fail to Provide Effective Online Security

Robert Siciliano Identity Theft Expert

A Texas bank is suing one of its customers who was hit by an $800,000 online bank theft that could determine who is to be held responsible for protecting their online accounts from fraud.

Computerworld reports Romanian and Italian based criminal hackers launched numerous wire transfers out of the client’s back account. The bank recovered $600,000 of the $800,000.

The victim wanted all its money back and sued the bank to be reimbursed of the $200,000. The bank in turn filed a lawsuit requesting the bank certify it had adequate security that was considered “commercially reasonable”. The bank doesn’t want anything more than to be absolved of the $200,000.

The bank states all transfers originated from unauthorized wire transfer orders that had been placed by someone using valid Internet banking credentials belonging to the victim. How the victim’s credentials fell into he wrong hands has not been disclosed. It seems it was the victim’s lax security opposed to the banks. There are numerous ways this can happen. What is evident is there were wire transfers of various dollar amounts ranging from $2500.00 to $100,000 made to different accounts all overseas. The bases of the victim’s lawsuit are that the bank should have systems in place to detect such activity.

Small businesses and banks are losing money via attacks on their online banking accounts. It’s very simple: criminal hackers send an e-mail with a link to a malicious site or download to employees who handle their company’s bank accounts. These malicious links then steal the username and passwords the employees use to log in to their online banking accounts. Done.

So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it?  At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.

Here is a similar story being played out. I’m a big believer in taking action and making sure my systems are secure. And, the bank has some responsibility here too. I, we the public, have limitations on what we can do to be secure. I bet anything the bank will tighten up regardless of what the outcome of the lawsuit is because they have to see there is a weakness in their system. If they don’t, they are stupid.

I’ve been trying to transfer money from one bank account to another. My bank has made it difficult to do so. Painful even. It’s a customer service and a security issue. Ultimately they provide an option to do so and it requires paperwork, online authentication, phone calls and text messages. It’s not a matter of logging in and transferring money by entering another account. Even with my own login details I’m having a hard time transferring money.

Check to see how easy or difficult your bank makes it. Because if it’s easy peazy, that could be an issue if your PC is hacked.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in  Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

3 Nabbed in Massachusetts ATM Skimming Ring

Robert Siciliano Identity Theft Expert

Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals.

It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are. As a writer/blogger/speaker my primary motivation is to educate and inform, so the public and industry doesn’t get scammed.

Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe. Because many of them got scammed over the course of the past few weeks. I’m trying here people. All you have to do is pay attention.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Ultimately you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston

10 Ways to Manage Your Online Social Media Reputation

Robert Siciliano Identity Theft Expert

The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.


A colleague of mine is an adjunct professor of writing and communications at Boston University. He’s very intelligent and excellent at what he does. However if you were to look up his name on the web you would find some pretty horrible commentary on a professor ratings site from some of his former students, many of which flunked out of his class.


He of course, was devastated. I would be too. When awful things about you show up on the first page of search, that’s nothing to take lightly. Especially if you are submitting applications for jobs, schools, running for office or going out on date for that matter. Anyone who Googles you then sees the negativity.


Recently I was contacted by a consultant who specializes in marketing of consultants. OK, I’m listening. So I get the pitch and it sounded like a great deal. We hashed out all the terms and conditions, I checked her references and was ready to write a check. Then my security instinct kicked in. As soon as money is to leave my bank account and head towards another, I begin to think differently, its how I’m wired.  I did a search online of this consultant and the company she works for before I sent the check.


Immediately on the first page of search, reports from the Better Business Bureau, Complaints Board and the dreaded RipoffReport show up. There was also a blog set up by one very upset customer who felt slighted by this company. The blog was started over a year ago and he still contributes to it.  This company had 16 registered complaints with the BBB and only 10 were solved. Based on my research and what I had originally thought was a to good to be true offer in the first place, I chose not to do business with this company.


I know that companies with high volume and lots of customers are bound to upset someone. So there is certainly room for error. If you have a million clients and 1500 complaints, you’re doing pretty well.  Frankly, as a professional speaker I know that in most presentations I give that 5 percent of the room will absolutely loath me. They may not like my Boston accent, or I look like an ex-husband, or the bully who tortured them in school or simply because I’m breathing. But 95% want me to come back and teach them more. So you can’t please everyone.


Left unattended, the wild wild web and “search” is a relatively uncontrollable aspect of your reputation, unless of course you make and attempt to control it.


  1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
  2. Set up a free Google Alerts for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.
  3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
  4. Go to Knowem.com. This is an online portal that goes out and registers your name at what they consider the top 150 social media sites.
  5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. Bury bad stuff 20 deep. This is a combination of online reputation management and search engine optimization for your brand: YOU.
  6. Get a WordPress blog with your name in the address bar. Set up a Ping.fm account and blast your blog/Tweets to all your social media.
  7. Buy a domain name that is or is close to your real name and plaster your name in the HTML header so it comes up in search.
  8. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  10. Invest in Intelius identity theft protection and prevention. Intelius helps to protect your identity. They monitor your credit and they scan the net looking for your data. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

419 Scams Double, Over $9 Billion in Profits

Robert Siciliano Identity Theft Expert


A recent study by Dutch investigation firm Ultrascan shows we are half as smart (or twice as dumb) as we were in 2008 as advanced fee scams doubled in losses to over $9 billion. 419 Advance Fee Fraud Statistics 2009 (PDF)


It is believed that while the scams are known to be Nigerian in nature, coined after the 419 Nigerian code making them illegal, scams were launched from 69 other countries in 2009.  The reason for the jump in the amount of victims is due to a broader reach of the scammer. Scammers aren’t just targeting English speaking nations anymore. As people in developing countries get computers and a connection to the Internet, they become susceptible to the same old scam other countries got snagged by a decade ago.


Big targets have become China, India, South Korea, Vietnam, and others. Many of the scams of the past had an “insurance fee” pitch that required a percentage of money sent in order to insure so many millions made their way to another bank somewhere. This “investment” by the victim was supposed to get them a percentage of the big pot. Once the scammer got a hold of the victims, they would build a relationship with them, in many cases romantically, to get them emotionally involved in the ruse.


However in China, the Chinese get hooked by lottery scams. And in India, a culture of hard workers, people fall for student visa and job placement scams. The hook in all these scams is the victim believes an inbound communication to be legitimate. From there, the scammers will say and do anything to get the victims to wire money. But it usually doesn’t end there. Once they get a rube on the hook, they will come up with as many reasons as possible to completely drain the victim of all their money.


Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. They pull on emotional strings, they use greed, lust and many other human impulses to trigger us. Come on people; please just don’t be stupid, OK? And tell those in your life who are less than cognizant, just hit delete.

Protect your identity:


1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)


Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.