Beware of Job and eWork at Home Scams

Pandemics can be quite stressful. There are millions of people out of work, and there we really don’t know when the economy will truly bounce back. Those who are out of work are seeking other jobs, at least temporarily, and many are looking for jobs that they can do from home…right from Google.

jobsSince people have been losing their jobs, searches for terms like “laid off,” “unemployment benefits,” and “unemployed” have skyrocketed. Though some people are finding legitimate search results, others are falling for sites that are scams, and Google is allowing these sites to stay.

We have often used Google search data to determine what type of economic anxiety people are feeling, and this is certainly true right now.

Google makes its money through advertising, so it’s not totally surprising that these sites are allowed to stay on. When people are searching for information on unemployment, advertisers are seeing this, and are able to determine where they should market. This includes those working for predatory companies, who are targeting people who are unemployed.

One such example is “unemploymentcom.com.” This is a site that seems, at first, like it might be a good resource for someone who is unemployed. While there are some legitimate links there, in general, the site is trying to get people to sign up for “site profiles” and other things. It also urges people to sign up for access to your credit score…for a fee, and it absolutely sells all of the data it gets to other organizations.

When you look at the privacy policy of this website, you can see that it is owned by OnPoint Global, a conglomerate, which claims it has around 11 million people filling out unemployment surveys each month. However, what people doing this don’t realize is that the information the site is collecting is likely being complied into a package for advertisers, which also includes any other public information they can find about the person filling out the survey.

Keep in mind that it is not just the pages for people looking for information on unemployment that we are talking about. It can really be anything similar, like “unemployment insurance.” Some of these searches can even lead you to sites that can hijack your browser. Other sites simply collect as much data as they can, and then sell the information to marketers.

Everyone who is out there scared and unemployed are still considered to be consumers to these companies, and they still are seen as people who have money to spend. So, Google is still pushing sites like these to the top of search results, and still making a pretty penny from clicks. So, do yourself a favor and start being aware of the ads you are clicking, and better yet…don’t click them at all.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Vault Apps Facilitate Lying Kids and Cheating Spouses

If you have a kid who uses a smartphone, or even a spouse who might not be totally honest with you, they might be using apps to keep things hidden from you. Basically, these apps offer space where people can hide things like photos, videos, and other files, and you would never know by looking at their phone.

appsKnown as vault apps, since they serve as a vault for storage, some examples are Ky-Calc, Calculator Percent, and Calculator Vault. When you open any of these, it looks like a calculator…you can even use them as a calculator. However, when a secret code is entered, the user can store “secrets.” Consider Ky-Calc. it has a folder for image storage, a secret internet browser, and even keeps a separate contact list.

Though you probably don’t want your kid hiding things from you, at the end of the day, that’s child’s play compared to the real danger that is hiding behind these apps. Yes, they are popular among teens and cheating spouses, but they are also popular among predators. These bad people will engage with teens or even younger children, online, and then ask them to download an app like this. They can easily communicate without you ever noticing.

Here is some more information about vault apps that every parent, or of course spouse, should know:

  • Vault apps aren’t as safe as someone using them might think. You can still take a screen shot and share it with someone else.
  • These apps look and act just like any similar app. Generally, they are calculators, and even work like calculators, but are ultimately unlocked with a secret code.
  • If you look at someone’s phone and you see more than one calculator app on it, there is probably something funny going on. All mobile smart phones come with a calculator.
  • These apps are very easy to find, and they are generally free. You can find them by searching “photo vault,” “ghost apps,” “hidden apps,” or more, in the App Store or Google Play Store.
  • You also might be surprised to hear that teens often compete amongst their peers to see what type of content they can hide on these apps.
  • Almost all teens who use mobile phones know about these apps. You shouldn’t be surprised if kids as young as 12, and sometimes even younger, are using them.

As a parent, and even as a spouse, you should be digging into your family’s phones. There should be open and honest discussions about this, and it should not be considered taboo, especially when it comes to a loved one. With children, they should not expect any privacy until the age of 18. With a spouse, trust is a fundamental requirement. And if there’s a lack of trust, it is generally because something is going on wrong.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Covid-19 Remote Desktop Has Significant Risks

Are you newly working from home? Or are you an old pro? Either way, it is likely you are using some form of remote desktop protocol. Those of us who have been working home as our primary means of earning a living, know these tools very well and are accustomed to eliminating the various distractions in our home environment in order to get the job done. There are some precautions to be aware of.

None of us think that we are going to get hacked, even though we have seen time and time again that it is very possible. Even the largest companies in existence have been hacked, and small businesses are even more at risk. You can add even more to this risk if you use a software called Remote Desktop.

Basically, Remote Desktop allows you to access computers remotely in your home or office and give network access to employees who are working remotely. However, when you give or have this access, you are opening up your network to hackers. Thousands of companies and individuals have fallen victim to this, and just one successful hack can be devastating to a small business.

Remote Desktop: What is It?

Remote Desktop, or RDP, is a very common software. In fact, if you have Microsoft Windows, you probably have this software and don’t even realize it. Though it is a very powerful tool for businesses, it is also not very secure.

Criminals know this, of course, and they have created a huge variety of tools to hack into this software. When they get access to the network, criminals can access company information and then take things like log-ins and passwords. Once they have this, they can buy and sell them so that other criminals can use them to access your network. Once they are in, they can do almost anything.

Are You at Risk?

There are estimates that there are over three million companies that theoretically have access to Remote Desktop. Most of them are small businesses and many manage their own IT services in house. If you are a small business and you have an in-house IT department, you could definitely fit into this category. What’s more is that hackers tend to target these businesses, too. Any company that has RDP access enabled is a target of hackers.

What Can You Do About It?

Hopefully at this point you are wondering what you can do to protect your business from hackers who like to access networks through RDP.

  • If you aren’t using remote desktop, then the first thing you should do is to remove Remote Desktop from your network.
  • Make sure to update your operating systems critical security patches which will inevitably update any software around remote desktop protocol.
  • Update all software that could allow remote desktop to be vulnerable
  • Make sure your wireless connections are encrypted which generally means password-protected.
  • If you have a good reason for keeping it, you can also choose to restrict access by setting up a virtual private network, or VPN.
  • Additionally, you can create a firewall to restrict its access
  • Setting up multi-factor authentication is also a good idea if you want to keep this software.
  • Just be aware that none of these solutions are fool proof except totally deleting the software.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Creating an Effective Business Continuity Plan

Most of us have no idea when a disaster is about to strike, and even if we do have a little warning, it’s very possible that things can go very wrong.

This is where you can put a business continuity plan to good use. What does this do? It gives your business the best odds of success during any disaster.

What Exactly is Business Continuity?

Business continuity, or BC, generally refers to the act of maintaining the function of a business as quickly as possible after a disaster. This might be a fire, a flood, or even a cyber-attack. With this plan in place, you can refer to it for specific instructions and procedures that need to be done following these disasters.

Some people believe that a disaster recovery, or DR, plan is the same as a BC plan, but that’s not the case. A DR plan focuses specifically on the IT side of things. In fact, the DR plan is one part of a full BC plan.

Think of your own organization. Do you have a plan in place to get sales up and running immediately? What about HR? Manufacturing? Customer service? If your physical business was leveled in a tornado, how would your CS reps handle calls from customers? If you have no idea, you probably need to think about a BC plan.

Why Having a BC Plan Matters

It doesn’t matter if you have a small business or large corporation, it’s very important that you remain competitive. It is imperative that you keep your current customers while also bringing in new ones…and there is no better test for you than a disaster.

Making sure that your IT capabilities are restored is critical, and there are a number of solutions available. You can certainly rely on your IT team to do this, but what about the rest of the company functions? The future of your company depends on you getting back on track quickly. If not, you can see your value plummet and customer confidence tumble.

Your company can also experience losses. These include financial losses, but also legal losses, and, of course, your company’s reputation.

The Parts of a BC Plan

If your business doesn’t have any type of BC plan in place, you should start by assessing all of your business processes. Take a look at and point out all of the vulnerable areas, and what your losses might be if you lose function in those areas for a day…a couple of days…a week, or even more.

Next, you want to start developing a course of action. There are six steps here, in general, including:

  • Step #1 – Identify what you need to do with this plan
  • Step #2 –Choose your key areas to focus on
  • Step #3 – Pick what functions are critical
  • Step #4 – Look for dependencies between different areas and functions of your business
  • Step #5 – Calculate how much downtime is acceptable for all critical functions
  • Step #6 – Make a plan to keep your company going

One of the best tools that you can have for a BC plan is a checklist that includes all of your equipment and supplies, the location of all of your backups, who should have the plan, and any contact information regarding emergency contacts, important personnel, and backup providers.

Remember, a disaster recovery plan is only one part of the BC plan, so if you don’t have a DR plan, this is a perfect time to do it. If you already have a DR plan, don’t assume that it’s going to work in with your BC plan. You need to make sure that all parts align together.

As you work to create this plan, think about meeting with people who have successfully gone through a disaster with success. They can give you some great insight and valuable information.

You Need to Test Your BC Plan

It is very important that you make sure your plan works before a disaster strikes, and the only way to do that is to test it. The best test, of course, is a real incident, but you can also create a controlled environment and test your plan.

You want to make sure that your BC plan is totally complete and that it will meet your needs in the event of a disaster. You don’t want to take the easy way out, either. Any testing you do should be a challenge for the plan. You also have to make sure that the objectives you have are able to be measured. If you just try to “get away with it,” you will have a weak plan and no success when a disaster strikes.

It is recommended that you test your BC plan a few times a year, especially if there have been any changes, such as a change in key personnel or new equipment. Doing things like walk-throughs and simulations can help everyone on your team practice, and make sure you are all ready should a disaster hit.

Always Review and Improve Your BC Plan

The efforts your put into testing your BC plan cannot be stressed enough. Once that is done, some organizations leave it and focus on other tasks. However, this is when things get stale.

Evolution is happening all of the time with both your personnel and your technology, so it’s imperative that your plan is updated to reflect that. So, you should, at least annually, bring your key personnel together to review the plan and point out any areas that might need modification. You also might want to get some feedback from your staff, too, which you can add to your plan. If you have different branches, make sure to include them in this, too.

Ensuring Your BC Plan is Supported

Having a casual attitude towards your BC plan is a sure-fire way to have it fail. Every BC plan must have the support of all staff from the CEO on down. Senior management, especially, must take a role in supporting the plan, as they can delegate to their teams. Additionally, the plan has better odds of staying fresh in the mid of everyone when it is a priority for management.

Finally, it is also very important that senior management promotes user awareness of the BC plan. After all, if your staff doesn’t know about it, how can they act during a disaster when every second of action counts? Plan distribution and training can help here, too, so consider some type of HR-led initiative to bring all employees onboard with it. This way, your staff will know how important a plan like this is, plus you make sure that they see it as a credible part of the business.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

The Smart Parent Guide to Digital Literacy

If you are the parent of a child or teen who uses the internet, here are some stats you need to know:

Stats About Teens and the Internet

  • Teens think that the internet is mostly private
  • They also think that they can make the best decisions for their life online
  • They believe they are safe online and that people are who they say they are
  • They don’t feel at risk if “friending” perfect strangers
  • They feel like since they are probably better at understanding technology, they can make better decisions than their parents about what’s best practice for online behavior

These are obviously naïve views of the digital world and if parents don’t fully explain why these views aren’t just wrong, but dangerous, then the parent is setting up their child for failure.

Make sure that you are keeping the lines of communication open with your kids about their internet use. Explain the risks involved and share stories of other teens who have found trouble online.

Internet Rules that Parents Should Consider

It is recommended by experts that parents set up rules for their kids in regards to internet use. Here are some:

  • Know every password that your kid has and use those passwords to check on their accounts.
  • Don’t let kids use social media, text friends, or chat online until they are in 9th or 10th grade, and never let kids use apps or sites that allow for anonymous communication.
  • There is NO reason why your 13 year old needs to be head deep in Snapchat or TikTok. NONE. Nothing good will come from it.
  • Give your kids a time limit for internet use
  • Don’t allow your kids to respond to messages from strangers, and never “friend” strangers.
  • Never give out any personal information, such as address or phone number, online.
  • Always be respectful and kind to others online; bullying should NEVER be allowed.
  • Do not allow your children to know your passwords.
  • Do not allow kids to use have access to their devices at all times. Have family time with no screens. i.e. game night, a walk to the local park, etc.
  • No phones in the bedroom. Buy laptops, not desktops. Laptops shouldn’t be allowed in the bedroom after homework is done.
  • No photos should be posted to an internet site without permission of parents.
  • Always check text messages, chat logs, or any other communication online, and make sure that kids understand that there will be consequences if they delete the messages.
  • Don’t allow kids to download any apps or software without your permission.

Don’t Make These Mistakes

  • Don’t give your child a traditional smart phone before 9th You can give them a feature-phone, that you have full access to, however.
  • Don’t give your child internet access that is unmonitored.
  • Don’t allow your kids to use the internet in closed rooms or in areas where you can’t see what they are doing.
  • Don’t allow them to play online games where chat is enabled, as these are common targets for sexual predators.

Just because other families are breaking most of these rules, doesn’t mean your family needs to. Don’t be cattle or sheep. Lead by example.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Young Kids Getting Sexually Exploited Online More Than Ever Before

An alarming new study is out, and if you are a parent, you should take note…children as young as 8-years old are being sexually exploited via social media. This is a definite downturn from past research, and it seems like one thing is to blame: live streaming.

Robert Siciliano Quora Breach

YouTube serves up videos of kids, in clothing, that pedophiles consume and share as if it is child porn. It’s gotten so bad that YouTube has had to disable the comments sections of videos with kids in them.

Apps like TikTok are very popular with younger kids, and they are also becoming more popular for the sexual predators who seek out those kids. These apps are difficult to moderate, and since it happens in real time, you have a situation that is almost perfectly set up for exploitation.

Last year, a survey found that approximately 57 percent of 12-year olds and 28% of 10-year olds are accessing live-streaming content. However, legally, the nature of much of this content should not be accessed by children under the age of 13. To make matters worse, about 25 percent of these children have seen something while watching a live stream that they and their parents regretted them seeing

Protecting Your Children

Any child can become a victim here, but as a parent, there are some things you can do to protect your kids. First, you should ask yourself the following questions:

  • Are you posting pictures or video of your children online? Do you allow your kids to do the same? A simple video of your child by the pool has become pedophile porn.
  • Do you have some type of protection in place for your kids when they go online?
  • Have you talked to your children about the dangers of sharing passwords or account information?
  • Do your kids understand what type of behavior is appropriate when online?
  • Do you personally know, or do your kids personally know, the people they interact with online?
  • Can your kids identify questions from others that might be red flags, such as “where do you live?” “What are your parents names?” “Where do you go to school?”
  • Do your kids feel safe coming to you to talk about things that make them feel uncomfortable?

It is also important that you, as a parent, look for red flags in your children’s behavior. Here are some of those signs:

  • Your kid gets angry if you don’t let them go online.
  • Your child become secretive about what they do online, such as hiding their phone when you walk into the room.
  • Your kid withdraws from friends or family to spend time online.

It might sound like the perfect solution is to “turn off the internet” at home, but remember, your kids can access the internet in other ways, including at school and at the homes of their friends. It would be great to build a wall around your kids to keep them safe, but that’s not practical, nor is it in their best interest. Instead, talk to your child about online safety and make sure the entire family understands the dangers that are out there.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Who Has Access to Your Personal Info? The Answer Might Surprise You

Are you aware that many people probably have access to your personal info? If you have ever gotten an apartment, have insurance, or applied for a job, someone has done a background check on you, and you might be shocked by what’s in there, including your debts, income, loan payments, and more. On top of this, there are also companies collecting information on you including:

  • Lenders
  • Employers
  • Government agencies
  • Volunteer organizations
  • Landlords
  • Banks/credit unions
  • Insurance companies
  • Debt collectors
  • Utility companies…and more

Thanks to the Fair Credit Reporting Act (FCRA), you can get a copy of these reports every year for a small fee, and they are free if there has been any type of adverse action against you. You can also get this information from certain organizations including the following:

Credit Agencies

Most people know the main credit reporting bureaus, Experian, TransUnion, and Equifax. The reports that these companies give you can include your loan and credit card payment history, how much credit you have, info from debt collectors, and other information.

Employment Screening

If you have applied for a job, you might have gone through employee screening. These employers have access to things like your salary history, credit history, education, and even criminal history.

Housing/Tenant Screening

If you have ever rented an apartment or home, your landlord might have done a background check, too. This might include prior evictions and other negative information.

Banking and Check Screening

Your bank also might have information on you, which could include your banking history, such as negative balances on your checking account or unpaid bills.

Medical Insurance

Finally, if you have medical insurance, your insurance company has probably also done a background check on you. These policies include life insurance, health insurance, long-term care insurance, critical illness insurance, or disability insurance.

Lifehacker and the Consumer Financial Protection Bureau’s 2019 report compiled a pretty amazing list below. Check it out.

The nice thing about these things, however, is that you have a right to access all of these reports, too. In most cases, these reports are free. You can ask these organizations what background check companies they are using, and then you might be able to request a free report. Again, if there is any negative information on these reports that cause you to, for instance, not be hired by an employer, you will automatically get a free copy of this report so you can see the derogatory information for yourself, and then take any steps you can to change it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Conference Invitation Scams

Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

Spotting a Scam

There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

  • The invitation has typos or bad grammar
  • The invitation seems very random or out of no where
  • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
  • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
  • Payment options don’t include credit cards
  • The invitation is overly flattering
  • There is a sense of urgency pushing you to send personal information
  • The greeting on the invitation is questionable, i.e. “Salutations.”
  • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
  • The conference is held in a different country, i.e. Asia or the Middle East
  • The landing page doesn’t have a physical address or landline number
  • The invitation sounds too good to be true

How Do These Scams Work?

In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

Protecting Yourself from Invitation Scams

Here are some tips and tricks that you can use to protect yourself from these types of scams:

  • If you get an email similar to ones described here, don’t respond.
  • You should investigate any invitation that you are not sure of.
  • Do not agree to send money, and only pay with a credit card.
  • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
  • Research the event and try to match up the information that you were given in the invitation email.
  • Copy and paste some of the email into Google to see if others have reported that this is a scam.

What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant.  Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Access that Old Email Account

Have you ever wondered if you could access your old email accounts? You might want to look for some old files, or maybe need information about an old contact. Whatever the reason, there is good and bad news when it comes to accessing old email accounts.

The best thing that you can do is to use the provider to find the old email account or old messages. All of the major providers, including Outlook, Gmail, Yahoo, and AOL, have recovery tools available. If the email address is from a lesser player in the email game, again, you might be out of luck.

First, Know the Protocol

Frankly, the next 3 paragraphs might be confusing. If they don’t make sense to you jump to Do You Remember the Service or Email Address?

The first thing you have to do is know the protocol your provider uses. There are two different protocols to consider when trying to access old messages: POP3 or IMAP.

POP3 protocols essentially download messages from a server to a device. IMAP just syncs your messages between your device and the server. Most email services default to an IMAP protocol, but it’s very possible that an older email account would have been set up to use POP3. If this is the case, and the provider deletes the messages off the servers when downloaded via POP3, this is not good news…those messages are gone. Even if you eventually get access to these accounts, if you have downloaded the messages to a computer or smartphone, they are gone from the server.

There is better news if you used IMAP…though, again, this is assuming nothing has been deleted. Some providers will delete accounts that are inactive for a certain amount of time. If the account is deleted, those messages are gone. Check the account deletion policy of the email provider to see if your account might still be active, and ultimately, accessible.

Do You Remember the Service or Email Address?

If you remember the email address and not the password, try the password reset link and if, and only if, you set up a backup email for recovery, then you’re on Golden Pond.

Now, what happens if you can’t remember what service you used or even the email address you used? There is still hope.

First, search for your name in the email account you use now. You might have sent something to yourself from an old account. Another option is this: if you remember the old provider, you can also search for that. You also might want to search your computer to see if there are old documents with your old email in there. You also might have set up a recovery email address or phone number that you can use to access the account.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect your USPS Mail from Getting Stolen

USPSID stands for U.S. Postal Service Informed Delivery. It is a good thing to sign up for because it informs you of your expected deliveries.

But there’s a problem: Someone ELSE could pose as you and sign up for this service, getting your mail before you have a chance to.

In fact, it has already happened. Crooks have signed up as other address owners and collected their mail.

This can lead to credit card fraud if some of that mail includes new credit cards or credit card applications.

And what if the mail includes a check? The thief could find a way to get it cashed. What a thief could do with your mail is limited only by his or her imagination.

Krebsonsecurity.com reports that seven crooks in Michigan used the USPS to, not surprisingly, apply for credit cards via those applications that we all get.

Then they waited for the new cards to arrive. They knew just when they’d arrive, too, and planned to raid the owner’s mailbox on that date. Of course, the owners never even knew that the cards were applied for.

The crooks obtained the cards and spent a total of about $400,000. Needless to say, they didn’t bother stealing the bills.

Though a key on your mailbox will surely help, you can add an extra layer of protection by emailing eSafe@usps.gov to opt out of the service. This will prevent anyone from using it in your name.

KrebsOnSecurity reports that this email address may be inactive. So at least have your mailbox fashioned with a lock – even if you do get a response from that email address.

Another thing you can do is get a credit freeze, though this doesn’t guarantee 100 percent that a thief won’t be able to sign up your address with the USPS, but the freeze will prevent new credit cards being opened in your name.

What Else Can You Do?

  • Check your existing credit card statements every month for any odd or unfamiliar charges and report them immediately even if the amount is small.
  • Contact credit reporting agencies (Equifax, Experian and TransUnion) and sign up for alerts to any changes in your credit report.
  • Can’t be said enough: Get a locking mailbox, there’s simply too much sensitive information not to.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.