Hackers Target Small Business

/in /by

Big companies and big government get big press when their data is breached. And when a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often left in the dark, regardless of the various state laws requiring notification.

One reason for this is that smaller businesses tend not to keep customer names and contact information on file, and credit card companies discourage them from recording credit card data.

This is serious cause for concern. The Wall Street Journal reports that the majority of breaches impact small businesses:

“With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.”

If 95% of breaches affect small companies, it’s anyone’s guess how many times my or your credit card numbers have been compromised. I’ve received four new cards in the past three years as a result of major companies being breached. But I use credit cards at more than a hundred different retailers in a year. And it isn’t only credit card numbers that are stolen, but also usernames and passwords, Social Security numbers, email addresses, and more.

Check your credit card statements online weekly and refute any unauthorized charges. As long as you dispute charges within 60 days, federal laws limit your liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

Change up your passwords at least once every six months. If a business is hacked, they may not know for years, and can’t possibly notify you until it’s much too late.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

How Is All This Hacking Affecting My Identity?

/in /by

Without question, 2011 is the year for hackers of all kinds to get their 15 minutes of fame. But it feels like it’s lasting a lot longer than 15 minutes. With so many different breeds of hackers, each with their own agenda and an endless supply of potential targets, the media has certainly been more than willing to give them all the attention they could possibly want.

Major publications, including The Wall Street Journal, The New York Times, and Forbes, seem to have journalists working fulltime to cover the hacker chronicles. Significant players and events like Wikileaks, HB Gary, Anonymous, Lulz, IMF, Sony, RSA, Epsilon, the News of The World voicemail hacking scandal in Britain, and so many others have helped bring data security and identity theft issues to the forefront of the public’s attention. Much of the coverage has been sensationalist, but the reality is that we are indeed hemorrhaging information all over the place.

Initially, hackers went after sensitive personal data like Social Security numbers. Then they moved on to credit card numbers and bank account numbers, and then usernames and passwords. Military records have been breached, corporate emails have been exposed, and there have been targeted attacks on government records. At one point last year, the total number of records breached hovered around half a billion. But if we were to broaden the definition of what counts as a breached record, I’d guess that number would have to quadruple, at least.

No matter how you slice it, your information is at risk, whether it’s on your own PC or some other computer or database somewhere. It isn’t a matter of if but when you’ll receive a letter from some company saying they were breached and you are at risk.

In security, as in sports, is the best defense is a good offense. The worst thing you can do now is nothing.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (See Guarantee for details.) For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss the Epsilon breach on Fox News. (Disclosures)

Insider Identity Theft Still a Problem

/in /by

More than ten years ago, when I began speaking to organizations about personal security and identity theft, headlines often read “Utility Worker Steals Identities” or “Human Resource Officers Steal Identities” and even “Police Officer Steals Identities.” Back then the primary concern was insider identity theft, perpetrated by those who had direct access to victims’ data.

Ecommerce grew up, and more people started banking and shopping online. Black Friday turned into Cyber Monday, and companies like eBay and Amazon have made it easier than ever to find and inexpensively ship anything you might need. This has created many new opportunities for criminal hackers, and the result has been lots and lots of data breaches.

Headlines have shifted to “Bank Loses 1.2 Million Records to Hackers” or “Hackers Steal Over 100 Million Credit Card Numbers.” The stereotypical bad guy has become a mysterious criminal hacker, slipping into our PCs or our banks in the dead of night.

But just last month, a nurse was accused of stealing Social Security numbers and other sensitive information from patient files at several hospitals in Denver, Colorado. Prosecutors say the defendant opened credit cards in patients’ names and made purchases.

My point is that even today, the Human Resources director at some company may have a new boyfriend who happens to have a drug problem, and who needs her to steal your identity so that he can get a fix. The fundamental issue of identity theft hasn’t changed, and the people doing it are the same. Frequently, they are those on the inside, with direct access to your data.

It is important to observe basic security precautions to protect your identity. But when you provide information to businesses, its safety is beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features as well as live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Bill Would Remove Social Security Numbers From Medicare Cards

/in /by

The most basic advice for protecting your own identity is to protect your Social Security number. The obvious solution is simply never to disclose your number, but this is silly, since, depending on your age, you have probably provided it to hundreds of people, on hundreds of forms. It now sits in hundreds of databases, accessible to thousands, and possibly even available for sale.

40 million Medicare subscribers currently have their Social Security numbers printed on their Medicare cards. This means that their identities are at risk every time they hand over their cards, and in the event that any of their wallets are ever stolen.

The proposed “Social Security Number Protection Act” would resolve this issue by prohibiting Social Security numbers from appearing on Medicare cards or on any communications to Medicare beneficiaries, as well as requiring the Department of Health and Human Services to eliminate the unnecessary collection of Social Security numbers.

Social security numbers should certainly be removed from Medicare cards and any other cards, for that matter. But while this bill is a step in the right direction, it cannot protect any of those 40 million subscribers from future fraud.

Only identity theft protection, in combination with a credit freeze, will begin to protect citizens from the new account fraud associated with stolen Social Security numbers.

With more than 11 million victims last year alone, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Researchers Say Identity Theft Has Lasting Psychological Effects

/in /by

Identity theft victims don’t need Jessica Van Vliet, an assistant professor in counseling psychology at the University of Alberta, to tell them that they no longer feel safe when conducting everyday financial transactions, which most of us take for granted. But she did a study highlighting a fact that many of us in the industry have already known: identity theft makes a mess out of your life.

MedicalExpress.com reports, “Van Vliet recently conducted an exploratory study on the experiences of individuals who were victims of identity theft. Participants who recounted their experience during in-depth research interviews expressed a pervasive sense of vulnerability each time they use a credit card or a bank machine. Some participants also felt like they were being treated as criminals when they attempted to clear their names.”

Most of the identity theft victims felt they had been taking appropriate precautions to safeguard their personal information, and had no idea how their data fell into the wrong hands. The lack of specifics makes it difficult for victims to attain any closure and move forward. “No matter how well they monitor their financial records for the rest of their lives, they may still feel vulnerable,” Van Vliet says.

I’ve lost count of how many frantic emails and phone calls I’ve received from identity theft victims. These are people who have done all the right things to maintain a respectable position in society, only to be brought down by a vicious identity thief.

Over and over again I have stressed the importance of being proactive. You don’t want this happening to you. McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Cybercriminals Target Senior Citizens

/in /by

Cyber scams happen to the young and the old, the rich and the poor. It doesn’t matter how good or bad your credit is, or whether or not you have a credit card. Cybercriminals target everyone, regardless of how much or how little you rely on a computer.

The lowest of the lowlifes, however, tend to prey upon the weak and uninformed. And all too often, that means children or elderly.

Senior citizens are in a unique position because they often have money in the bank, plus access to additional lines of credit. They are less likely to be frequent Internet users, relative to younger generations, and are therefore less likely to be aware of the many scams that may be targeting them.

Many common scams take place using the telephone rather than the Internet, such as “grandparent scams,” in which victims receive calls from their supposed grandchildren, requesting money.

Online, beware of social media and dating scams. Not everyone who contacts you online is your friend, so be cautious before sharing personal information. Never, under any circumstances, should you send money on the basis an online relationship.

You’re most likely heard the term “phishing,” and have certainly received a fake email at some point. But scammers are getting better at creating targeted, personalized emails that include your name, email address, and even stolen account numbers. Never click any links within an email. Instead, go to your favorites menu or manually type the address into the address bar. If you suspect that an email might not be legitimate, hit delete.

Scammers are constantly searching for the information they need to take over your existing accounts, either by hacking into your own personal computer or by stealing data from your bank, credit card company, a government agency, or any other institution that keeps personal data on file. To prevent account takeover, keep your antivirus software updated, and pay close attention to all your bank statements. Refute any unauthorized transactions right away.

Bad guys love your Social Security number, because they can use it to open new credit accounts in your name. You’ve probably disclosed your Social Security number hundreds of times in your life, and can’t avoid disclosing it in the future. But you can protect yourself with identity theft protection and a credit freeze.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

 

Online Gamers Risk Credit Card Fraud

/in /by

The Sony Corporation has been providing consumers with stellar electronics since before the introduction of the Walkman. The past six months have been harsher for Sony, with attacks by hacktivists and numerous breaches of clients’ data.

Many recent breaches involved usernames, passwords, email addresses, and in some cases, credit card numbers. Each compromised data point is another opportunity for a criminal to steal your identity and make money at the expense of your good name.

If a company becomes aware that usernames and passwords have been compromised, they should notify users and prompt them to change their passwords. Users should change passwords every six months, regardless of whether a breach has occurred. Passwords should include upper and lowercase letters and numbers, and should not be used across two or more accounts. I have 700 different accounts and 700 different passwords.

Beware of spear phishing emails. When hackers get your email address from a breached gaming account, they will send emails that look like they are coming from the company that has been breached. Never click on links within an email. Instead, go to your favorites menu or manually type the correct address in the address bar.

Pay close attention to credit card accounts. I monitor my accounts weekly for all activity. Simply log in, look at each charge, and refute unauthorized charges immediately. A new free service called BillGuard scans your credit cards daily and alerts you to hidden fees, billing errors, forgotten subscriptions, scams, and fraud.

If you have provided a credit card number to your child for online gaming, beware of purchases they may make that you have previously approved. Many gaming sites try to upsell their users, and will charge the credit card on file. Spend some time with your child discussing appropriate online behavior, and look for parental controls that will send you email alerts when your child makes a purchase.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

 

Myth: Apple Products Don’t Get Viruses

/in /by

Have you ever bitten into an apple and found a worm? I have, and it’s yummy! Anyway, how many times have you heard, or even said, “I won’t get that computer virus because I have a Mac”?  While Mac users tend to feel somewhat insulated from viruses, it’s time for anyone who owns an Apple computer, iPhone, iPad, or other Apple device to listen up.

The growing popularity of Apple products has inspired cybercriminals to create viruses that will harm Macs. Until now, Macs have been immune to these threats, but McAfee Labs is seeing the very first wave of fake programs targeted at Mac users. In other words, there are an increased number of programs known as “scareware,” which claim to protect users from viruses, but users who attempt to install the supposed antivirus software are actually downloading malicious software. This malware can damage the user’s computer or compromise personal information, including banking details.

Mac users are also equally susceptible to phishing and other social engineering scams, if not more so, since they may have an inflated sense of security that can lead to riskier behavior.

It’s important for Mac users to be aware of these emerging threats and take the appropriate precautions.

To avoid becoming a victim, download Mac updates as soon as they’re available, so you’re protected from these latest threats.

Never download or click on anything from an unknown source.

When searching the web, use the safe search tool, which tells you if a site is safe to click on or not, right in your search results.

Keep your computer safe by installing security software.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself by visiting CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

 

What Identity Theft Protection Is and Is Not

/in /by

To all you security companies out there, listen up: “identity theft protection” has become an overused and abused marketing term, which is often used to sell a product or service that doesn’t actually protect users from identity theft. It’s like labeling food “natural” when we know it’s not “organic.” It’s incorrect at best and a lie at worst.

Every security company on the planet claims to protect identities. But a firewall is not identity theft protection. An encrypted thumb drive is not identity theft protection. Antivirus software is not identity theft protection. One could argue that phishing alerts count as identity theft protection, but not really. Do these tools protect your identity? Sort of.

A true identity theft protection service monitors your identity by checking your credit reports and scanning the Internet for your personal information. It looks out for your Social Security number, and if something goes wrong, an identity theft protection service has people who’ll work with you to resolve the problem.

I get an email every month confirming my identity’s health. This is what identity theft protection looks like:

“Dear Robert Siciliano,

No news is good news! Your credit reports from all three bureaus, Experian®, Equifax®, and TransUnion®, have been monitored daily for the past month. We’re pleased to let you know that there is no new activity reported. As a McAfee Identity Protection user, we’ll continue to monitor your credit report every day for your protection.

Remember, McAfee Identity Protection helps protect you from the financial loss and hassle associated with identity theft. Log in to your Protection Center and review your protection status any time. Just click here and enter the Username and Password you selected when you enrolled.

As always, you can get help from a dedicated Fraud Resolution agent if any suspicious activity should appear on any of your credit reports.

If you have any questions about McAfee Identity Protection, please call Customer Support at 1-866-622-3911.

Sincerely,

McAfee, Inc.”

That’s what identity theft protection is. Don’t get me started!

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Medical Temp Arrested For Identity Theft

/in /by

You’ve probably heard the phrase “a fox watching the henhouse.” Today, that applies to people on the inside of organizations who work in trusted positions, and who use those positions to steal client or employee information for their own personal gain.

As much as 70% of all identity theft is committed by individuals with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

In a doctor’s office in Stamford, Connecticut, police arrested a 42-year-old New York woman for using patients’ credit card numbers, which she accessed while working as a temporary hire. When patients paid by credit card, the temp would copy down the numbers and later make fraudulent charges.

An identity thief begins by acquiring a target’s personal identifying information, such as name, credit card number, Social Security number, birth date, home address, account information, etc. If the thief has access to a database, this information is typically there for the taking.

Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. box or the thief’s own address, where the new credit card or statement will be sent.

Protect yourself:

Currently, there is no way to prevent credit card fraud, or “account takeover.” Instead, check your statements diligently and refute unauthorized charges within 60 days, or two billing cycles. In most cases, your credit card company will quickly resolve the issue.

Protecting yourself from new account fraud begins with closely monitoring your credit files at each of the three major credit bureaus. However, you need to monitor your credit daily, which is nearly impossible on your own, and far from cost-effective. That’s where identity theft protection comes in.

To protect yourself from scams, consider subscribing to an identity theft protection service, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)