Your Social Security number IS in the Hands of Criminals

Over the years criminals occasionally contact me to tell me about their exploits and often ask how they can get into the “security awareness” business. Everyone wants to be a Frank Abagnale (Catch Me If You Can movie). These crimes are often sociopaths and incapable of functioning normally without eventually resorting to the easy money crimes. I’ve seen it first hand many many times. Anyway, one time an identity thief emailed me my own SSN, basically flexing his muscles and showing me how cool he is.

Honestly, I’m not worried that my SSN is out there. I do things to make it useless to the thief. Read on.

A hacking group called USDoD claimed to have acquired 2.9 billion personal records from National Public Data, a background check company, in April 2024. The stolen data reportedly included names, Social Security numbers, and addresses of individuals from the US, UK, and Canada, potentially encompassing a vast majority of these populations.

Initially, the hackers attempted to sell this sensitive information on the dark web for $3.5 million. However, on August 6, a hacker associated with another group leaked 2.7 billion records, which were partially verified by Bleeping Computer. The hacker also claimed to possess an even larger dataset.

The Social Security number (SSN) has a rich history dating back to 1936. Here are the key points about its historical background:

Origins and Initial Purpose

The SSN was first introduced in November 1936 as part of President Franklin D. Roosevelt’s New Deal Social Security program. Its original purpose was to track individuals’ earnings history for Social Security entitlement and benefit computation.

Early Implementation

Within three months of its introduction, 25 million SSNs were issued.

  • On November 24, 1936, 1,074 post offices were designated as “typing centers” to process Social Security cards.
  • The first SSN was officially announced to be assigned to John David Sweeney, Jr. of New Rochelle, New York, though this was not actually the lowest number issued.

Expansion of Usage aka “Functionality Creep”

Over time, the use of SSNs expanded significantly beyond its original purpose:

  • In 1943, Executive Order 9397 required federal agencies to use SSNs in new record systems to identify individuals.
  • In 1961, the Civil Service Commission adopted the SSN as the identifier for federal employees.
  • In 1962, the IRS began using SSNs as official taxpayer identification numbers.

Widespread Adoption

The 1960s saw a dramatic increase in SSN usage due to the computer revolution:

  • Government agencies and private organizations began using SSNs extensively for record-keeping and business applications.
  • Usage spread to state and local governments, banks, credit bureaus, hospitals, and educational institutions.

Legislative Changes

Several legislative changes further expanded SSN use:

  • In the 1970s, laws were passed requiring SSNs for federal benefit programs and authorizing states to use SSNs for various purposes.
  • The 1980s saw requirements for SSNs in areas such as military draft registration, commercial driver’s licenses, and food stamp program administration.

Modern Usage

Today, the SSN has become a de facto national identification number used for taxation and various other purposes, far beyond its original scope. However, concerns about privacy and identity theft have led to some efforts to limit its use in recent years.

Protecting Your Information

Given the extensive nature of this breach, it’s crucial to take proactive steps to safeguard your personal information:

  1. Monitor Your Credit Reports: Regularly check your credit reports for any signs of fraudulent activity or suspicious transactions.
  2. Credit Freeze: Immediately contact the credit bureaus and request a freeze on your accounts.
  3. Update Security Measures: This incident serves as a reminder to strengthen your online security. Consider updating your passwords and implementing two-factor authentication for your accounts.
  4. Stay Vigilant: Assume that your personal information may be compromised and remain alert for any signs of identity theft or fraud.

By taking these precautions, you can better protect yourself against potential misuse of your personal information in the wake of this massive data breach.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Protecting Your Social Security Number

Many people wonder if it is safe in certain situations to give out their Social Security number. We sure are asked for it a lot, but do you have to give it? When is it necessary? Here is some perspective:

One of the best rules you can live by is this: just because a person asks for your Social Security number, it doesn’t mean you have to give it. But also remember there are situations where you will not be provided various services unless you get it out.

You might feel that you have to, though, and freely give it. This could be a huge mistake, though. There are many times when you want to, though, and you should, but you have to do it with discretion.

Here’s the thing. Some of the people and organizations that ask for your Social Security number really have no business asking. Even when they ask for the last four digits of your SSN, don’t give that out, either, unless you know that the company already has it on file.

Really, when the IRS is involved, or other government agencies, or it is something financial that’s credit driven, such as getting a loan, you likely need to give out your Social Security number. In other cases, like applying for a job, you can tell a business you are not comfortable giving your number unless you are hired, and then they would need it for tax purposes.

I give out my Social Security number when required, with a little scrutiny, but in the end, I’m not worried about identity theft due to the fact that I have ID theft protection and a credit freeze which in most cases makes my Social Security number useless to a thief.

Tips to Protect Your Social Security Number

Here are some tips you can use to protect your Social Security number:

  • Don’t put your SSN on any written application or document. If your application is denied because of this, ask them if it’s really necessary, otherwise, give them your SSN.
  • Ask your bank if they absolutely require your SSN to verify your identity. There are other options they can use. But the Patriot Act might require it.
  • Consider extending your ID theft protection to include your children’s SSNs. Teach them to never give it out.
  • If you are at the doctor’s office, find out if you can use another number, such as the account number for your insurance.
  • Don’t send your SSN via email. If someone wants it, call them and give it to them verbally. Even then, don’t give the number out unless you know without a doubt that it’s legitimate.
  • You should get a statement from the Social Security Administration concerning your account each year. If your income is too high, someone else is probably using your number.
  • Don’t keep your Social Security card in your wallet. Instead, memorize the number and keep the card at home.
  • Don’t ever use your SSN as a password for anything.
  • If, for any reason, your SSN is in your PC, make sure the document is encrypted or password-protected.
  • Before you throw away any paperwork that has your SSN on it, black it out, and then shred the documents.

Really, all you have to do is have some common sense when it comes to your Social Security number. For instance, if you are applying for credit, it makes sense that they would need this. If you are getting a gym membership, unless they are granting a credit, they don’t need it.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

If Your Social Security Card is Stolen, This is What You Should Do

Back in the 1930s when Social Security numbers were first introduced, they were not meant to be used as we use them today. However, if you are like most people, you use your SS number constantly; it might be at the bank, the doctor’s office, or somewhere else. You need to use a SS number to get a job, to open a credit or bank account, and even to get married. Since we use this number so often, what happens if your card is stolen or lost? This is what to do:

Put a Fraud Alert on your Credit Report

First, you want to put a fraud alert on your credit report by contacting all three major credit bureaus. When you do this, lenders and creditors use very strict guidelines when they screen any application with your information on it. These alerts last for a year, but you can get an extension when that year has passed.

Freeze Your Credit

If you want to get even more secure, think about freezing your credit. When doing so, you cannot use your credit for things like refinancing or opening a new credit line until you lift the freeze, which is good, because neither can a criminal.

Consider ID Theft Protection

If you can afford a couple of hundred dollars a year, you should consider ID theft protection. This ensures that your credit is monitored 24/7 by a team of experts who can also help to restore your credit if someone steals it.

Watch Your Credit Report

Even if you freeze your credit or get a fraud alert, that doesn’t mean that you are all in the clear. Thieves can definitely steal your identity in alternative ways. So, it is very important that you watch your credit closely. You can get a free report online at AnnualCreditReport.com or with some identity theft protection plans you can get access to credit reports once a month.

Be Smart When Online

Finally, there are some tips and tricks out there that cybercriminals use that people fall for all of the time:

  • Don’t click on any link in email, even if you think it’s from someone you know. At least call them to see if the link is legit.
  • Don’t open emails that look sensational or have a subject with a sense of urgency.
  • Don’t go in and click around on emails in your spam folder.
  • If you can use two-factor authentication, do it.
  • Use an antivirus program on all of your computers.
  • Shred personal documents before you throw them out. This is especially the case if they have personal information like a Social Security number or account number.
  • Only use long-hard-to-guess passwords for all of your accounts.
  • Don’t give out your Social Security number unless it is totally necessary.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Have You Heard of a “Credit Profile Number?” It’s a Fake Social Security Number

Cyber criminals are always trying to keep one step ahead of the crowd, and now there is another scam that you should be aware of. It’s called “synthetic identity theft,” and it is when a bad guy takes some of a victim’s personal information, and then they make up the rest. These people also will use fake Social Security numbers, which are known as “credit profile numbers,” or CPN.

Thanks to this type of identity theft, however, we can see that our credit system is very vulnerable. Essentially, it tells us that it is very easy to create a credit file by using this information, and once they do, they can get a loan or credit card with the information of their victims.

Of course, this practice is illegal, but cyber criminals don’t care, and there is really no way of distinguishing a fake Social Security number from a real one. Social Security numbers are randomly generated, and it makes it very difficult for a lender to notice when a fake one comes in. Technically, these lenders could contact the Social Security Administration, SSA, but most of them don’t take that step. Why? Because the SSA requires a signature from the owner of the SSN, and lenders are too lazy to do this.

A better idea would be to create a way to allow lenders to check to see if a Social Security number is real, but as of now, without the lender making significant financial investments in additional fraud prevention technologies, this is not a possibility. Lenders do, however, have their own tools for fraud-detection, but these fakes still fall through the cracks way more often than they should.

This practice has also made the job of a fraudster easier because they know that this is a system that is very vulnerable. It’s simply a numbers game, the more synthetic identities or CPNs submitted in applications for credit, the more likely they are to get approved. It is true that most lenders don’t accept credit applications from people who don’t have a credit history, which would be the case of a “credit profile number, but some do, and the more often they try to apply for credit or a loan, the better the odds are that they will be successful. Though the lender probably won’t give the applicant a lot of credit, this number can rise the more often it is used.

If there is one takeaway here, it is that you should be aware of any and all scams that are targeting your finances and identity. Take steps now to keep your personal and private information safe.

At a minimum, get yourself a credit freeze and consider investing in identity protection services. These layers of protection make you a tougher target.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

What Happens if Your Social Security Number Gets Stolen?

It might be surprising to know that when Social Security numbers were first given out in the 1930s, that they were not used as a form of identification. However, whether you know it or not, most of us use our SSN every day, from visiting our doctor’s office to doing banking transactions. Your Social Security number is likely being accessed by humans and computers on a daily basis.

Social Security numberYour Social Security number is a form of verification, authentication, and it is even used as a password. Simply having it, simply knowing it, and entering it, verifies and authenticates its holder. However, it shouldn’t be like that at all.

You need your Social Security number to apply for a job, to open credit cards, and even to get married. Since we use this number so often, you might be wondering what happens if it gets stolen. Here’s what you should do:

Fraud Alert – The first thing to do is to get in contact with one of the three major credit bureaus. That one bureau then contacts the other two bureaus. You must put a fraud alert on your report. When you do this, a creditor or lender hopefully will use much stricter guidelines when they get a credit application. Keep in mind that these alerts only last for 365 days, but you can get an extension. Also keep in mind that this is not a full proof plan, the lender may not enable these stricter guidelines at all.

Credit Freezes – You should also consider freezing your credit. When this happens, you cannot use your credit to refinance or open a new line of credit until you go through the unfreezing process. Keep your credit frozen, and then unthaw it when you need it. Getting a credit freeze is a pretty simple process, it does require a bit of effort and organization, however it is a great way to protect your identity from new account fraud, we will discuss this in more detail and future posts.

Get ID Theft Protection – You should also think about getting ID theft protection. This can be an investment for some, but it also ensures that there is someone monitoring your credit 24/7. Identity theft protection services don’t actually protect you from much in the way of new account fraud, account take over, credit card fraud, criminal identity theft, tax related identity theft, medical related identity theft, but nothing else does either. However, what identity theft protection service does do is monitor your credit and there is an insurance component that kicks in and activates “identity theft expert restoration agents” that fix stolen identities. These people can get you back on track quickly if your identity is stolen.

Keep an Eye on Your Credit – If around 90 days have passed, and you don’t see anything weird on your credit report, don’t think that this automatically mean you are safe. A thief can use your info in other ways, too, so keep an eye on your credit report. Also keep in mind that your Social Security number can be used by a thief in perpetuity or until about six months after your perish. You can get a free copy online at AnnualCreditReport.com.

Be Cautious When Online – Finally, it is important that you make sure that you are using caution when online. Cybercriminal know every trick in the book, and people fall for them all of the time. Here are some things to remember:

  • Do not click on any email links. This is true even if it is from someone you know. Unless you are expecting it, do not click on anything in an email.
  • Do not open any email that is found in your spam folder.
  • Do not open emails that have sensational or exaggerated subject lines.
  • If you have the choice to use two-factor authentication, you should do it.
  • Have a firewall, an antivirus program, and anti-malware software.
  • Create a unique password for each account you have. Make sure that they are hard to guess, and don’t let them contain information like your name, pet’s name, etc.
  • Use a password manager.
  • Shred all of your documents that contain personal information before you put them into your garbage.
  • Don’t give your Social Security number out to anyone unless it is a total necessity.

Remember, if your credit is frozen and if you have identity theft protection combined, you have “multiple layers of security” and you can give your Social Security number out without much of a worry.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Your Uber Driver May be a Criminal

Do you Uber? If you do, you probably feel pretty safe getting into the car of a stranger. However, you might not be as safe as you think.

Most people take for granted that Uber does background checks on its drivers, but there are actually a number of shady drivers who have recently been accused of crime, and it’s definitely not the first time they have had run ins with law enforcement. Some of these people are accused of committing crimes against their passengers, and that’s where things really get scary.

CNN recently took a look at both Uber and Lyft and found that both companies approved hiring thousands of drivers who have criminal records. Uber responded to this report by saying it knows that there were some hiring mistakes in the past, but they have improved the way they hire, and in 2017, rejected more than 200,000 people because of issues on the background check. However, both companies are not keen to adopt more scrutiny in the screening process.

Several state and local law enforcement agencies are pushing the companies to put more focus on potential drivers. Right now, for instance, they don’t do any fingerprinting nor federal background checks. Instead, both Uber and Lyft use a third-party background check company. It uses the name and Social Security number of potential drivers to check the national sex offender database, local court records, and suspected terrorist databases. The goal is to get drivers on the road as soon as possible, and many of these checks are instant.

Currently, there are 43 states that require screening for rideshare services, but these laws don’t say that the companies have to use a specific company or screen in a certain way. Instead, 42 of these states allow rideshare companies to take responsibility for the screening. Only Massachusetts requires a company background check and an additional check, which is done by the state. Only New York City requires rideshare drivers to have fingerprinting done.

It’s also worth mentioning that just because a company does background checks that include fingerprinting, it isn’t always fool proof. The FBI system that is used for this has incomplete records and it is not meant to be used in this way.

As someone who uses Uber, it’s important that you keep all of this on the back of your mind before you take your next ride. Yes, there is some type of background check done, but don’t let that fool you; your Uber driver could still be a criminal.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Facebook Wants my Social Security Number!

WTH Facebook? Generally,  I don’t have a problem giving out my SSN. That might seem contrary to the advice I give, but frankly, our SSNs are everywhere and if my insurance company needs it, I’ll generally just question them on it, maybe resist a bit, and if they insist, and I need that insurance policy, I’ll cough it up.

facebook security

My identity in regards to “new account fraud” is protected via a credit freeze and I also have identity theft protection in place. So between the two, I’m pretty locked down. This is the advice I give everyone. So I’m generally not alarmed or concerned when asked for my SSN.

BUT, today friggin Facebook asked for it and of all the company’s or government agency’s on the planet to ask for this level of personal identifying sensitive information, Facebook is the world’s single most notorious abuser of privacy in the history of the world.

There have been countless breaches and privacy issues with Facebook and this is so over the top I can’t even believe they have the nuts to ask for a copy of my Social Security card.

Here’s how it played out….An email came in from Facebook subject line “Your sales are on hold”  with the message:

Hi Robert Siciliano: Security Awareness Fraud & Personal Security Expert,

When Robert Siciliano: Security Awareness Fraud & Personal Security Expert’s shop was set up, Robert Siciliano’s information was entered. To help keep Facebook secure, we need to confirm the identity of people representing a business on Facebook or Instagram.

Your sales have been temporarily put on hold until we can confirm Robert’s information. This is a standard process and should only take a few minutes to complete.

Once you confirm Robert’s information, you’ll be able to receive payments again.

Thanks,
The Facebook Team

WTH?!! OK, sure. So I sell my books on my Facebook page and e-commerce is involved. There’s a tax thing going on here. But they aren’t asking for my EIN or are engaging me in a formal process to vet my viability as a tax payer. They are asking for a copy of my SSN in the form of a scan to “verify” me!

I clicked a link on Facebook to see where this debacle would take me and see here:

So I clicked “Contact Us” to voice my frustration and my response was:

And I’ll repeat: “Screw off. I’m not sending Facebook a copy of my SSN card. WTH is wrong with you? What are my other options?

Stay tuned for how this BS turns out.

To be continued. Robert.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

New Phone Scam Scares with Social Security Sham

We all get scam phone calls, but the newest one is meant to scare. When you pick up the phone, you get a message that your Social Security number is suspended due to suspicious activity, and then prompts the victim to speak with an agent to get help.

The FTC makes something very clear: your Social Security number cannot be suspended for any reason, so any call that states your SSN is under suspension is a scam. What they are really trying to do is to trick you into giving them your actual Social Security number along with information such as your birthday and bank account number. 

This scam is just a tricky variation of a scammer’s trick that often works. In this case, they are trying to scare you first, and then offer to help…but in reality, these scammers are trying to steal your information.

Remember These Social Security Facts

If you get a call about your Social Security number, you should remember the following:

  • The Social Security Administration only calls from one number: 800-772-1213.
  • A Social Security Number cannot ever be suspended.
  • The Social Security Administration won’t ever threaten an arrest.
  • You will probably NEVER get a call from the SSA.

Also, of course, remember this: NEVER give your SSN to someone who contacts you that you don’t know.

The Scam

There are a few variations of this scam. The first is that they call and say that your SSN is suspended due to suspicious activity. They then say, if you want to know more about the case, press 1. When you do, of course, you are connected to an agent who is trained to get your information.

Another variation of this scam is a bit more aggressive. In this case, it states that law enforcement has suspended your Social Security number because of suspicious activity. You are advised to call a toll-free number immediately and verify your SSN. The scam also claims that if you do not call the number, an arrest warrant will be issued, and you, of course, would be arrested. Though not everyone will get one of these calls, if you do, you should definitely pay attention. Again, the SSA would never suspend a Social Security number, nor would it threaten to arrest you. It’s also good practice to never give you SSN to anyone who asks for it over the phone. Instead, hang up and go on with your day.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Protect You Frequent Flier Miles NOW

Social Security numbers and credit card numbers are not the only types of data that hackers are after. Now, they are looking at frequent flyer accounts, and they are stealing reward miles, and then selling them online.

How do Hackers Steal Frequent Flyer Miles?

As with other types of ID theft, hackers use info that they have illegally obtained to access frequent flyer accounts. With more data breaches happening than ever before, hundreds of millions of records are exposed, and thus, hackers have great access to the personal info they need to get into these accounts.

What do Hackers Do with Frequent Flyer Miles?

It is hard for hackers to use these miles on their own because often, the travel has to be booked in the name of the owner. However, it is very easy to transfer these miles to other accounts or to use the miles to purchase other rewards. Usually, no ID is needed for a transfer like this. This is also difficult to track because hackers use the dark web and VPNs to remain anonymous.

Hackers also sell these miles, and they catch a pretty penny. For airlines like British Airways, Virgin Atlantic, and Delta, they can get hundreds, or even thousands of dollars for their work.

In addition to transferring these miles from one account to another, hackers are also selling the account’s login information. Once someone buys this, they can now get into the owner’s account and do what they want with the miles.

Protecting Your Frequent Flyer Miles

There are some things that you can do to protect your frequent flyer miles. You should check your frequent flyer accounts regularly using your airlines mobile app. Change all your airline passwords and never re-use passwords and set up a different password for each account.

Other things that you can do include the following:

  • Protect your personal information by making sure every online account has a unique and difficult to guess password.
  • Use a dark web scan. This will show you if any personal information is out on the dark web.
  • If you do find that your miles have been stolen, it also is probable that your personal information has been compromised, too. Monitor your credit report and check it often for anything that looks odd. This is a big sign of an issue.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of the Social Security Administration Employee Scam

There is a new Social Security scam in the news, and you should definitely know about it. The Acting Inspector General of Social Security, released a statement that warns people of this new scheme. Basically, scammers are impersonating Social Security Administration employees.

The scam started out fairly small and localized, but now, people from across the country are reporting that they are getting calls from people stating that they are from the Social Security Administration. The caller attempts to get personal information from the person they call including address and banking information.

Here’s How the Scam Works

Almost all of these calls are coming from a 323 area code, but don’t think for a second they won’t change this up. The caller says that they are an SSA employee, and sometimes tells the victim that they are getting a cost of living adjustment, so their benefits will be higher. Many callers believe this, of course, so when the scammer asks them to verify things such as their name, their birthday, their Social Security number, and even the name of their parents, they gladly do it to get an increase in their benefits. Once the scammer gets the information, they then contact the SSA and change the victim’s account information so that the benefits now go into a different account. Then, they can collect the cash.

Currently, the Social Security administration does contact people by phone in certain cases. However, the person usually knows that they should be expecting a call. It is also possible that an SSA employee might ask a person to verify information. So, none of this really seems unusual to anyone who has dealt with the SSA.

What to Do if You Get a Call

Hang up. Plain and simple. If you get a call from the Social Security Administration, you should report it immediately to 1-800-269-0271. You can also report it online.

It is also very important to be cautious, and you should avoid giving any information, such as your bank account number or Social Security number, to anyone who calls you. To check if it is a legitimate call from the SSA, tell the person calling that you are worried about scams, and ask if you can call them back. A legitimate SSA employee should be perfectly fine with this. Then, look up the number yourself. Don’t call a number that they give, no matter what. Finally, you can also contact the Social Security Administration at 1-800-772-1213 if you have any question about any text, letter, email, or call that you get.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.