Identity Theft Consumer Education is Paramount

Credit card companies, banks, financial advisors, retailers, hospitals, insurance companies, and just about every other industry and organization that deals with finances has been affected by identity theft.

All these entities have to deal with fraud at some level. For some it’s an occasional nuisance and for others it’s a part of their daily grind. Most have heavily invested in multiple layers of security, but all remain targets. Each has its own set of issues to overcome and each copes with the same underlying constant: the consumer is often the most vulnerable variable in the equation.

Joe and Sally Main Street generally offer the path of least resistance when a scam is launched. Everything from phishing emails, spoofed websites, un-patched or unprotected PCs, open wireless connections, lack of attention to statements, not shredding data, carrying too much information in a wallet, and overall lack of attention to personal security allows fraud to flourish.

Anne Wallace, president of the Identity Theft Assistance Center, explains that the risks are compounded by the increasing popularity of new technologies like mobile banking and social networking. “The crooks are ever-creative,” she says. “They’re always exploiting new schemes to extract information from consumers.” According to Wallace, ITAC members have an obligation to educate consumers about the security threats posed by emerging technology. “It’s so important to keep talking to people about the old threats, the new threats – on a recurring basis.”

I totally agree. Every institution that deals with identity theft has an obligation to effectively inform and educate their client base about how they can protect themselves from fraud.

Many of these organizations have policies that shift the burden of loss away from the consumers. This is a double-edged sword that does not stop fraud. I’m a big believer in personal responsibility. Whether fraud is the fault of the consumer or a larger entity, a resolution in the best interest of both parties should be sought. It is imperative, however, that the party responsible acknowledges that responsibility. This is how we learn from our mistakes, and how we will eventually overcome fraud. If all parties escape blame, only the scammer wins, and fraud flourishes.

For additional tips and identity theft education, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

Victim Rebuilds Life After Identity Theft

This story is about a victim of criminal identity theft. The victim is a trucker who discovered that his identity had been stolen when his commercial driver’s license was suspended because the thief who stole his identity had been busted for drinking and driving on four different occasions. Imagine.

The consequences of identity theft are often so overwhelming that the pressure affects every aspect of the victims’ lives. Sometimes the stress is so great that people just fall apart. In the case, the victim lost his license, his possessions, and his marriage.

After testifying against the identity thief, the victim, Earl Robert Hood, told the Associated Press, “It was just hard to sit there in that room with him, knowing what he’d done to me and my family. It’s not just me that it affected; it affected all four of my children, too. Because for two years, they didn’t have Christmas.” The victim went on to say the thief didn’t just steal his name; he stole his life. “I’ve lost everything,” he said. “It just completely wiped me out.”

When this victim’s commercial driver’s license was suspended, so was his ability to earn a living. With no money coming in, bills piled up and the downward spiral began.

Hood’s identity was stolen after he handed his personal information over to a potential employer. Job applications often require applicants to provide home addresses, copies of existing driver’s licenses, Social Security numbers, and, in some cases, birth certificates. This is more than enough information for an identity thief to assume a victim’s full identity.

Victims of identity theft are generally presumed guilty until proven innocent. In this case, the perpetrator committed crimes in multiple states, which further complicated the situation. It took years for this victim to recover his license, even after contacting his state’s Attorney General.

Identity theft can happen to anyone.  McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

P2P File Sharing On College Campuses

Peer-to-peer file sharing, or P2P, has become enormously popular on college campuses across the country because it allows students to easily exchange music and video files over the Internet. Tens of millions of people use P2P applications such as Limewire, eDonkey, and BearShare to fill their MP3 players and hard drives with all the music and movies they want, all for free. But even “free” has a cost.

In addition to violating copyright laws, there are other potential dangers when downloading files via P2P. For instance, hackers know that source files on P2P networks are not being validated, so it’s easy to trick you into downloading a virus or spyware instead of the Justin Beiber video you thought you were getting.

The other major issue is the simple fact that P2P programs share your data with all of the other P2P users in cyberspace. Because of this, there is a good chance you might unknowingly share your most precious and private data with the rest of the world.

During installation, P2P programs scan your hard drive, looking for files to share. If you do not exercise caution, your entire hard drive, including any confidential documents it may contain, could be left wide open for anyone to access.

Think about the files you have on your PC right now. Are you storing documents that have your passwords, Social Security number, or bank account information? If you have P2P software on your PC, you could be targeted for identity theft.

Digging through P2P networks for my own research, I’ve uncovered tax returns, student loan applications, credit reports, and Social Security numbers. I’ve found love letters, private photos, videos, and just about anything else that can be saved as a digital file.

P2P networks have even exposed details on a U.S. Secret Service safe house for the president and his family, and revealed blueprints for President Obama’s private helicopter. While you probably don’t have state secrets stored on your PC, you should still take care to keep your sensitive files safe.

Here are some tips to protect you from accidentally sharing data on a P2P network:

The smartest way to stay safe is not to install P2P software on your computer in the first place.

If you think a family member may have installed P2P software on their computer, check for new, unfamiliar applications. A look at your “All Programs Menu” will show nearly every program on your computer. If you see one you don’t recognize, do an online search to see if it is a P2P application.

Set administrative privileges on your computer to prevent the installation of new software without your knowledge.

Use comprehensive security software such as McAfee® Total Protection and keep it up to date.

Make sure your firewall is enabled, and if an application asks you to change your settings to enable access to the Internet, don’t allow it.

P2P file sharing can be tempting, but in most cases, the costly dangers just aren’t worth it.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

How Much for a Fake I.D.?

If you want a Puerto Rican identity, it’s about $6000 for a “tripleta,” which can be used to hide illegal immigrants. Other forms of identification vary in price. A United States passport can range from $950 to $1650 to as much as$5500.

In the U.S., we have as many as 200 different forms of identification circulating, including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer, and laminator.

McAfee Avert Labs researcher Francois Paget found and posted an ad showing U.S. identities for $650 each. It’s not incredibly difficult to buy fake IDs online, but will they pass muster with technologies that look for tampering? Unfortunately, many will.

An order form asks all the right questions:

“By placing your order, you must have read and agreed to our Terms of Service.

The order procedure is the following:

1. You send us all the necessary information (depending on the document you want to order). We receive and process your order and give you payment information.
2. You pay 50% upfront money for document(s) producing.
3. We start to produce your document(s). Time constraints are 2-7 days (depending on your order).
4. We send you scan/photos of your ready-made document(s). You check all the details and give us confirmation.
5. You send us the second half of amount and your delivery address. You will receive your document(s) in several days via UPS, FedEx, TNT Express, DHL or EMS (free of charge for you).”

Here in the U.S., we use numerical identifiers that have no physical connection to ourselves. Some documents contain pictures that may not look like us, especially if eye glasses, beards, hair coloring, hair growth, hair removal, or weight fluctuations are involved. Some identification documents don’t include a photo at all. This is not effective authentication. Worldwide, the system isn’t much more secure.

All this makes it easier to steal your identity. Once the bad guy has a few bits of information, he can easily become you.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News.(Disclosures)

College Students At Risk For Identity Theft

September is National Campus Safety Awareness Month. I helped Uni-Ball conduct a survey of 1,000 college students and 1,000 parents. The survey revealed that while about 74% of parents believe students are at a moderate to high risk for identity theft, and 30% of all identity theft victims are between 18 and 29, only 21% of students are concerned about identity theft.

It’s no surprise that most college students are indifferent when it comes to their personal and information security. When you are in your late teens or early twenties, you feel a sense of invincibility. However, once you have a few years under your belt, you begin to mature and gradually realize the world isn’t all about keg parties and raves.

Here are a few more interesting statistics:

  • 89% of parents have discussed safety measures with their kids, yet kids continue to engage in risky behavior
  • 40% of students leave their apartment or dorm doors unlocked
  • 40% of students have provided their Social Security numbers online
  • 50% of students shred sensitive data
  • 9% of students share online passwords with friends
  • 1 in 10 have allowed strangers into their apartments

College students have always been easy marks because their credit is ripe for the taking. Students’ Social Security numbers have traditionally been openly displayed on student badges, testing information, and in filing cabinets and databases all over campus. Landlords and others involved in campus housing also have access to students identifying information.

Any parent sending a child off to college should be concerned.

Limit the amount of information you give out. While you may have to give out certain private data in certain circumstances, you should refuse whenever possible.

Shred everything! Old bank statements, credit card statements, credit card offers, and any other documents containing account numbers need to be shredded when no longer needed.

Lock down your PC. Make sure your Internet security software is up to date. Install spyware removal software. Secure your wireless connection. Use strong passwords that include upper and lowercase letters as well as numbers. And never share passwords.

Be alert for online scams. Never respond to emails or text messages that appear to come from your bank. Always log into your bank account manually via your favorites menu.

When sending students back to school, consider protecting your family with a subscription to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on any of your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Killer Computer Viruses

When most people think about a virus, they think of a fever, chills, and maybe a potential pandemic. But when they think about a computer virus, they think of a headache, or worse, identity theft.

Unusually, one report claims that a computer virus played a role in the deadliest air disaster in Spanish history. Others refute this claim, arguing that a virus was not the cause.

USA Today reports, “Spanish newspaper El Pais cites a 12,000-page investigative report that outlines how a computer infection, spread via an infected USB thumb drive, may have been a contributing factor. The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline’s headquarters in Palma de Mallorca.”

Whether or not a virus contributed to the delay or cancellation of the flight’s departure, which led to the crash, this type of scenario is possible. Now and in the future, incidents like this may involve malicious technology.

Technology plays a role in many aspects of our lives, and when that technology is corrupted, the results can be disastrous. Consider the extent to which hospitals, banks, water treatment facilities, electrical grids, airports, gas stations, and even roads rely on technology.

Steve Stasiukonis, a penetration tester, describes how USB thumb drives can turn external threats into internal ones in two easy steps. After being hired to penetrate a network, he says, “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”

In this scenario, the USBs were dropped in a bank parking lot, then picked up by the employees and used to compromise the network. Fortunately for the bank, this was only a test of the network’s security.

Bad guys will use every possible mechanism to accomplish their goals. Do your best to increase your security intelligence. Regardless of your job description, security is everyone’s responsibility.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Good Morning America. (Disclosures)

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)

Almost 13 Million Records Breached in 2010…So Far

According to the Identity Theft Resource Center, there have been 371 data breaches that have exposed 12,871,065 records so far this year in the United States.

NetworkWorld reports that businesses suffered the most breaches, making up 35% of the total. Medical and healthcare services accounted for 29.1% of breaches. The government and military made up 16.2% of breaches. Banking, credit, and financial services experienced 10.5% of breaches, and 9.2% of breaches occurred in educational institutes.

Even if you are protecting your PC and keeping your critical security patches and antivirus definitions updated, there is always a chance that your bank or credit card company may get hacked. I’ve received three letters accompanied by three replacement cards from my credit card companies over the last few years.

Beyond that, if someone else’s database is hacked and your Social Security number is compromised, you may never know about it unless they send you a letter or if you discover that someone has opened new accounts in your name.

In many cases, if (and that’s a big “if”) a company finds out their records have been compromised, they might provide credit monitoring of some kind. Credit monitoring is definitely something you should take advantage of. However, I wouldn’t wait for your information to be hacked and a letter to come in the mail before you take responsibility for protecting yourself.

I did a radio show today and a man called in telling a story of how he got a letter from his bank, but they didn’t activate credit monitoring for almost six months after he received the letter. With millions of records being compromised every year, consider your data breached!

Don’t waste time by only handling identity theft reactively. Do something about it now.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing celebrity identity theft on CNBC. (Disclosures)