Beware of Facebook Dangers

Robert Siciliano Identity Theft Expert

Danger!! Hows that for a blog title that screams fear, uncertainty and doubt!? Fact is Facebook boast 400 million users and is in so many ways seems out of the control of its founder, and is looking dangerous. This is a company that has grown faster than fast and has a (very intelligent) 20 something CEO just out of puberty calling the shots. It seems the amount they (his Board? CIO? ) lets him run at the mouth that privacy is no big deal, shows an immature lack of control over this operation. Any company that wields this much power needs to be checked and balanced.

Their growing pains are publicly played out in numerous lawsuits and visceral rants by every possible pundit (like me) and privacy professional on the block.

Sure when you are that big there will always be someone who wants to take you down. But every week there is a new story about a security breach or a privacy violation. That tells me it’s more than growing pains or jealousy. There are serious management problems there resulting in reputation issues for the company and for the user, security issues.

DANGER, DANGER!

The 3rd party applications in the form of games and quizzes are sharing data that’s not meant to be shared. While the user may agree to the terms of service, they aren’t reading the fine print. Is it really in Facebooks interest to allow this?

Seems like every 2 weeks they change whatever privacy settings there are and the public gets more pissed off with each change. Why doesn’t someone inside this company have a clue what the public wants? What’s more obvious is they don’t care!

Criminals and scammers set up fake profiles of companies and individuals all day every day. These social media identity theft profiles are designed to get people to provide data for free gift cards or other offers that ultimately allow for financial fraud to occur. Is there no way they can more effectively police this?

Recently, the chat feature was made public. For a period of time users chats were available for anyone to see. They had to shut it down to calm the mess. How the heck does that happen? Don’t they have redundancy built in to prevent this?

Ads appearing on Facebook are sanctioned in some way by Facebook and some are malicious. When clicked they can infect your PC. You would think that a private company worth billions would have systems in place to prevent its users from getting hacked via ads placed on their own servers?

So now that I’m done throwing up, protect your identity. Because when it gets hacked on Facebook, don’t say I didn’t warn you.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Phishers Ties Up Victims Phones, Killing Notification

Identity Theft Expert Robert Siciliano

Many of today’s automated processes are designed with security and/or convenience in mind. For example, if a credit card companies’ anomaly detection software detects irregular spending on your credit card the software may freeze your account or call you to make sure you are infact the one making the charge. While this may help to secure you, it also may inconvenience you if you are traveling overseas and are declined or just in a hurry and trying to catch a flight.

These same technologies may or may not involve a human at different touch points during their activation periods. What’s happening today is the bad guys are figuring this out and they are determining when theses touch points occur and are tricking the system so they can move forward with their fraudulent activities.

In some cases when a money transfer may prompt an automated call alerting an account holder to the transaction the only requirement of the system is to make the call. The automated system doesn’t necessarily have to talk to a human and the human doesn’t need to do anything. This seems like a flawed system.

In the case of a Florida doctor a telephony denial-of-service attack flooded the victim’s phone with diversionary calls while the thieves drained the victim’s account. In some cases, the victim heard recordings from sex chat lines and in other calls he heard dead air when answering the phone. Sometimes he heard a brief advertisement or other recorded message.

Wired reports the doctor discovered that $399,000 had been drained from his Ameritrade retirement account. About $18,000 was transferred then $82,000-transfer followed two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000. The thieves withdrew the money in New York.

Most likely the initial compromise was via a phishing email that he responded to. Once he responded to the phish, the criminals began the process of setting up VOIP telephones systems to bombard his telephone lines so he couldn’t answer the phone to receive the alert.

Currently any financial institution that employees technology that automatically relies on the telephone system to notify account holders of a transaction is at risk.

If you mistakenly respond to a phish email and give up your data, knowingly or unknowingly, and find yourself being bombarded with a flurry of odd phone calls, it may be a sign you’re being scammed.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing criminal hackers on Fox News.

10 Ways To Prevent Phishing

Identity Theft Expert Robert Siciliano

The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche‖ phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and ―crimeware – malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts. Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.

Adapted from APWG

1. Be suspicious of any email with urgent requests for personal financial information. Call the bank if they need anything from you.

2. Spot a Phish: Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately

3. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.

4. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle

5. Avoid filling out forms in email messages that ask for personal financial information in emails

6. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.

7. The newer version of Internet Explorer version 7 and 8 includes this tool bar as does FireFox version 2

8. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate

9. If anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers

10. Ensure that your browser is up to date and security patches applied

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

New Facebook Phish Steals Passwords

I got an email from a colleague today:  Subject: “My Facebook account got hacked.

I wonder if you could give me some guidance here –

I received the following email from Facebook:

——————————————————————–

From: Facebook [XXXXXX@facebook.com]

Sent: Wednesday, March 17, 2010 5:58 AM

To: XXXXXXXXXXX

Subject: Security Warning From Facebook

Dear XXXXXXXXXX,

We have detected suspicious activity on your Facebook account and have temporarily suspended your account as a security precaution.

You can regain control of your account by logging into Facebook and following the on-screen instructions.

Please be sure to visit the Facebook Help Center (http://www.facebook.com/help/) for further information regarding these security issues and let us know if you need assistance.

Thanks,

Facebook Security Team

————————————————————————-

Reuters reports Hackers have long targeted Facebook users, sending them tainted messages via the social networking company’s own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.

Dave Marcus, McAfee’s director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

“With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that’s 40 million,” he said.

McAfee says:

Tip 1: Do not open the attachment. Promptly delete the Facebook scam email.

Tip 2: Consumers can protect their computer from this type of cybercrime by installing a complete security software suite that includes anti-virus, anti-spyware, and firewall protection.

Tip 3: Consumers should make sure they are running the most up-to-date security software and their subscription is active.

Tip 4: If consumers are unsure if their security software vendor has an update for this type of malware, McAfee recommends that they check for and install any available updates, then immediately run a full scan.

Robert Siciliano personal security expert to Home Security Source discussing Facebook hacking on CNN.

 

How to Prevent Phishing Scams

Robert Siciliano Identity Theft Expert

Recent reports abound of consumers email account being phished and American and Egyptian authorities arresting  dozens of people in an online fraud crackdown for phishing scams.  Its time to revisit the fundamentals of how to prevent phishing. Nobody can do this better than the Anti Phishing Work Group

Phishing Defined

Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social‐engineering schemes use spoofed e‐mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical‐subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords ‐ and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher‐controlled proxies used to monitor and intercept consumers’ keystrokes).

How to Avoid Phishing Scams

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
    • Phishers are now able to ‘spoof,’ or forge BOTH the “https://” that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
    • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ‘safe’ site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
  • Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login.htm?” Be aware of where you are going.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
    • The newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2
    • EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users – download at http://www.earthlink.net/earthlinktoolbar
  • Regularly log into your online accounts
    • don’t leave it for as long as a month before you check each account
  • Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
    • if anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers
  • Ensure that your browser is up to date and security patches applied
  • Always report “phishing” or “spoofed” e-mails to the following groups:
    • forward the email to reportphishing@antiphishing.org
    • forward the email to the Federal Trade Commission at spam@uce.gov
    • forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
    • when forwarding spoofed messages, always include the entire original email with its original header information intact
    • notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

In addition you must:1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News

Operation Phish Phry Nabs 100 Identity Thieves

Identity Theft Expert Robert Siciliano

US and Egyptian officials have charged 100 people with orchestrating a phishing scam that robbed a$1.5m from Bank of America and Wells Fargo customers.

53 criminals from CA, NV and NC were named in an indictment. This is the largest ever charged in a cybercrime case. Officials in Egypt nabbed another 47 people.

Egyptian criminals phished account numbers and accessed bank accounts. The Egyptians and the US phishers transferred money into mules accounts.

This is an example of the sophistication of criminal identity theft rings and organized global web mobs fully ramped up and knocking off victims by the thousands.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said the FBI in Los Angeles.

The New York Times recently reported the bust of a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

It’s great seeing criminals getting busted. And the fact remains there are lots more cybercriminals than there are law enforcement. But keep up the good work guys/gals!!

  1. Check your credit card statements often. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from what looks like a trusted source but is actually a phish.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing money mules on Fox News

Up to 1 Million email Accounts Phished for Identity Theft

Robert Siciliano Identity Theft Expert

Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised.

News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com. Internet users are urged to change their passwords regularly and ensure anti-virus software is up to date to protect themselves from fraudsters.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

Change passwords often. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases

Never click links in the body of an email that are coming from a bank, Paypal or any enterprise that may be leading to a request to enter data. Go to your favorites menu or manually type the address in.

Pay attention to phishing filters. Most updated browsers have built-in phish filters that toss up a red flag warning of a potential ruse.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Twitter Phishing Leads to Identity Theft

Identity Theft Expert Robert Siciliano

Twitter phishing is a growing problem and is spreading through a virus. Twitter accounts that have been hacked are spreading a link with a request to click on and download a video.

Some Twitter phishing involves Twitter porn. Today Ena Fuentes, who’s definitely a hot little number, started following me on Twitter and wants me to check out her new pics. Problem is Ena is probably controlled by a dude from some little village in an oppressed country who’s using dumb human libido to snare his intended victims.

The Register reports users who follow these links are invited to submit their login credentials via a counterfeit Twitter login page (screenshot via Sophos here). In the process they surrender control of their micro-blogging account to hackers, who use the access to send out a fresh round of phishing lures.

In the past, compromised accounts have sent pictures and links to spoofed websites. The new attacks mimick email address book attacks when the compromised account sends direct messages to the users followers. Twitter only allows direct messages to those who are following you.

When clicking links and downloading whatever intended multi media file, the unsuspecting victim may end up with a virus that spreads a keylogger and/or harvests user login details. Criminals know many internet users have the same passwords for multiple accounts.

Shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained by NextAdvisor:

“Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.”

How to protect yourself:

  1. Don’t just click on any link no matter where it’s coming from. Attackers understand a person is more likely to click a link from someone they know, like and trust. If someone direct messages you requesting you click something, their account may be in control of a criminal.
  2. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  3. Install McAfee anti-virus protection and keep it updated.
  4. Change up your passwords. Don’t use the same passwords for social media as you do for financial accounts.
  5. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  6. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing hacked accounts on Fox News

Another Identity Theft Ring Busted

Identity Theft Expert Robert Siciliano

The feds are getting better at busting criminals every day. Seventeen criminals, many from Eastern Europe, pilfered more than 95,000 stolen credit card numbers and $4 million worth of fraudulent transactions.

The New York Times reports the men were involved in a vast conspiracy known as the Western Express Cybercrime Group, which trafficked in stolen credit card information through the Internet and used it to create forged credit cards and to sell goods on eBay. They used digital currencies like e-gold and Webmoney to launder their proceeds.

Several of the scammers — Viatcheslav Vasilyev, Vladimir Kramarenko, Egor Shevelev, Dzimitry Burak and Oleg Kovelin — were charged with corruption. Vasilyev, 33, and Kramarenko, 31, were arrested at their homes in Prague, have been extradited to Manhattan. Shevelev, 23, was arrested in Greece last year, is still awaiting extradition. Burak, 26, a citizen of Belarus and Kovelin, 28, a citizen of Moldova have not been arrested

Vasilyev and Kramarenko recruited work from home employees to advertise and sell electronics on eBay. When someone would purchase an item, the two men would pocket the buyer’s payment, give a cut to their recruit, then use a stolen credit card number to purchase the item from a retail store and send it to the buyer. In essence, they used eBay to obtain a legitimate buyer’s credit card number through a legitimate channel and didn’t actually “hack” anything. They simply set up pseudo-fake auctions that, in most cases, delivered the product, but also obtained the victim’s credit card number and then made fraudulent charges.

Burak and Shevelev were “carders” who sold stolen credit card information on a website called Dumpsmarket and, probably, in chat rooms. “Dumps” is a criminal term for stolen credit cards and “carders” are the scammers who buy and sell them. Kovelin was a criminal hacker who stole victims’ financial information via phishing emails and more than likely used the victims’ own account information against them.

Protect yourself:

  1. Check your credit card statements often, especially after using an online auction site. Refute unauthorized charged within 60 days to be made whole by the issuing bank.
  2. Don’t just buy the lowest priced product on and auction site. Use auction sellers who have been approved my many and have a solid track record.
  3. Anytime you ever receive an email asking for personal information, credit information, banking etc, do not enter it. Just hit delete. Often victims will receive and email from a trusted source like eBay directly to their account because they have been actively engaging the fraudulent auctioneer. eBays system doesn’t recommend giving your credit card information outside their network in an email.
  4. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  5. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Identity Theft Speaker Robert Siciliano discusses a study done by McAfee on mules bilked in work-at-home scams on Fox News

Scams Happen to Smart People Who Do Stupid Things

Robert Siciliano Identity Theft Expert

Most people are too smart to fall for a Nigerian 419 scam. But plenty of smart people fell for Bernie Madoff’s investment scams. Madoff was far more subtle than your average scammer. But in this day and age, people ought to be more alert to potential scams than ever before. And yet this wolf in sheep’s clothing was able to bilk so many investors. So it looks like we aren’t as savvy as we should be.

The root of the problem is the sheer number of scams. There are investment seminars, smoke and mirror charities, phishing emails and even text messages. I got a “phext” (phishing text message) from “r.yahoo.com” that said, “changed secret question, log in to update, or text HELP or to end STOP.” Naturally, this raised my suspicions, so I did an online search which led me to a forum discussion of this particular scam. Apparently, any response to this text message would have allowed hackers to access plenty of proprietary data.

A prominent security and privacy researcher emailed me to describe an attempted Craigslist scam:

“Robert, so, I registered on Craigslist and posted our above ground pool for sale. Within minutes got a reply from someone asking some basic questions (most of which could have been answered if they had read the advert). Their reply to my answers raised an immediate red flag. This individual claimed to be from Miami and was willing to write me a check for the full amount, plus shipping charges for their shipping company that would pick up the pool. In other words, I deposit a check (in context it seemed to be either a business or personal check, either way I would have had to wait for it to clear) and when it clears, I keep my asking price and give the difference to the shipping company when they arrive to pick up the pool.

I’ve ceased communication with this individual, but this just stinks to high heaven. First, if it is their own shipping company, why should I have to pay them? Second, no way I’m going to deposit this check into my account and risk having my bank info show up on their statement. Third, why would someone in Miami (above ground pools aren’t all that popular down there, it seems to me) want to pay to have a used above ground pool shipped all the way from New England? Fourth, I’m just nervous about stuff like that anyway.

Ever heard of/encountered that kind of situation before?”

This is an advanced fee scam! Now, since I am obsessively screaming about this stuff all day, I can see this coming from a mile away, as did my friend. But those who are less tuned in to the variety of potential scams might easily fall victim to this type of crime.

Financial troubles are forcing people to seek out new opportunities. When we are searching for jobs or attempting to sell our belongings online, or simply spending more time using social networking sites, we become more susceptible to the latest scams. But the biggest danger is our own egos and our complacency, as we foolishly believe that we are all too smart to become victims.

According to The Wall Street Journal, many scam victims are pretty smart. Three recent studies showed that victims of investment fraud tend to be better educated and have higher incomes than nonvictims, and that most have been investing for a decade or more. Because they are so confident in their own judgment, they fail to seek out professional advice.

Years ago, the Better Business Bureau conducted a test in which they planted a man dressed in normal street clothes outside a store during the holiday season. They gave the man a plastic pumpkin and a bell to ring. He spent twenty minutes ringing the bell, and during that time, people kept dropping money into the pumpkin. When the people were questioned, most believed that they had just donated to the Salvation Army, simply because the man was ringing a bell. Like Pavlov’s dogs, they opened their wallets.

Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. You need to take steps to protect your own identity, because while you are smart enough to inform yourself about these issues, you can’t prevent some company from stupidly compromising your sensitive personal data. Prevent new account fraud by getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in Intelius Identity Theft Protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.