How to Protect You Frequent Flier Miles NOW

Social Security numbers and credit card numbers are not the only types of data that hackers are after. Now, they are looking at frequent flyer accounts, and they are stealing reward miles, and then selling them online.

How do Hackers Steal Frequent Flyer Miles?

As with other types of ID theft, hackers use info that they have illegally obtained to access frequent flyer accounts. With more data breaches happening than ever before, hundreds of millions of records are exposed, and thus, hackers have great access to the personal info they need to get into these accounts.

What do Hackers Do with Frequent Flyer Miles?

It is hard for hackers to use these miles on their own because often, the travel has to be booked in the name of the owner. However, it is very easy to transfer these miles to other accounts or to use the miles to purchase other rewards. Usually, no ID is needed for a transfer like this. This is also difficult to track because hackers use the dark web and VPNs to remain anonymous.

Hackers also sell these miles, and they catch a pretty penny. For airlines like British Airways, Virgin Atlantic, and Delta, they can get hundreds, or even thousands of dollars for their work.

In addition to transferring these miles from one account to another, hackers are also selling the account’s login information. Once someone buys this, they can now get into the owner’s account and do what they want with the miles.

Protecting Your Frequent Flyer Miles

There are some things that you can do to protect your frequent flyer miles. You should check your frequent flyer accounts regularly using your airlines mobile app. Change all your airline passwords and never re-use passwords and set up a different password for each account.

Other things that you can do include the following:

  • Protect your personal information by making sure every online account has a unique and difficult to guess password.
  • Use a dark web scan. This will show you if any personal information is out on the dark web.
  • If you do find that your miles have been stolen, it also is probable that your personal information has been compromised, too. Monitor your credit report and check it often for anything that looks odd. This is a big sign of an issue.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of the Social Security Administration Employee Scam

There is a new Social Security scam in the news, and you should definitely know about it. The Acting Inspector General of Social Security, released a statement that warns people of this new scheme. Basically, scammers are impersonating Social Security Administration employees.

The scam started out fairly small and localized, but now, people from across the country are reporting that they are getting calls from people stating that they are from the Social Security Administration. The caller attempts to get personal information from the person they call including address and banking information.

Here’s How the Scam Works

Almost all of these calls are coming from a 323 area code, but don’t think for a second they won’t change this up. The caller says that they are an SSA employee, and sometimes tells the victim that they are getting a cost of living adjustment, so their benefits will be higher. Many callers believe this, of course, so when the scammer asks them to verify things such as their name, their birthday, their Social Security number, and even the name of their parents, they gladly do it to get an increase in their benefits. Once the scammer gets the information, they then contact the SSA and change the victim’s account information so that the benefits now go into a different account. Then, they can collect the cash.

Currently, the Social Security administration does contact people by phone in certain cases. However, the person usually knows that they should be expecting a call. It is also possible that an SSA employee might ask a person to verify information. So, none of this really seems unusual to anyone who has dealt with the SSA.

What to Do if You Get a Call

Hang up. Plain and simple. If you get a call from the Social Security Administration, you should report it immediately to 1-800-269-0271. You can also report it online.

It is also very important to be cautious, and you should avoid giving any information, such as your bank account number or Social Security number, to anyone who calls you. To check if it is a legitimate call from the SSA, tell the person calling that you are worried about scams, and ask if you can call them back. A legitimate SSA employee should be perfectly fine with this. Then, look up the number yourself. Don’t call a number that they give, no matter what. Finally, you can also contact the Social Security Administration at 1-800-772-1213 if you have any question about any text, letter, email, or call that you get.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

All of us have cell phones these days, and if you are like the vast majority of the population, you access everything from social media to banking information right from your mobile phone. However, if you do this, which everyone does, you are putting yourself in the position to get hacked. With only your mobile phone number and a couple other pieces of information, a hacker can get into these accounts and your life could drastically change.

How does this work? If a hacker already has your mobile phone number, they can get other information, such as you address, birthday, or even the last four digits of your Social Security number, through social engineering schemes via email or on social. Once they have this information, it’s like handing your phone over to them and letting them do as they please, including accessing your accounts.

The scam may not even begin with you, it may begin with the mobile phone companies themselves. There have been many incidents where the carriers are scammed into handing over troves of personal identifying information to scammers posing as the victim. In many cases the phone companies are even allowing the scammers to get phones with the actual victims phone number by transferring everything to a new phone the perpetrator charges to the victims account.

Here are some things that you can do to keep your mobile phone number safe:

Use Your Passcode – You can and should put a passcode on your phone, you should definitely do it. This isn’t totally foolproof, but does give you an extra level of protection.

Add a Passcode – Your mobile carriers online account should have an additional second passcode to make any changes to your account. This additional passcodes works with both the web and calling customer service. Nothing happens unless this additional passcode is presented.

Disable Online Access to Any Mobile Phone Account – This is frustrating, of course, but it certainly can protect you. If you need to change your account, you should go to the store or call your provider.

Use Google Voice – Google Voice is an excellent choice for many, and you can even forward your current number to your Google Voice number. This helps to mask any call you make, which means no one can have access to your real number.

Access Your Cell Phone Account with a Carrier-Specific Email Address – Most of us use our email addresses and phone numbers to access our online accounts. However, you should really have three separate emails. One should be your primary email address, one should be only for sensitive accounts, like your bank or social media accounts, and one for your mobile phone carrier. This means, even if your main email is hacked, the hackers cannot get into your other accounts.

Talk to Your Carrier – Consider asking your carrier to make a note in your account to require a photo ID and special passcode before any changes are made. Though it’s possible that a hacker could pose as you with a fake ID, the chances are quite low that this would happen.

Use Complex Passwords – One of the best ways to protect online accounts is to use complex passwords. Or at least a different password for every account. You should also use a password manager. If you don’t, make sure your passwords are very random and very difficult to guess like “58&hg#Sr4.”

Do Not Be Truthful – You also might want to lie when answering your security questions. These are easy to guess or discover. For instance, it’s probably easy to find out your mother’s maiden name. So, make it up…just make sure you remember it!

Don’t Use Your Phone Number for Important Accounts – Also, make sure that you aren’t using your phone number for any important account. Instead, use that Google Voice number. 

Use a Password Generator – This is part of two factor authentication. Protect yourself by using a one time password generator, as part of a two-factor authentication process. It may be your mobile or they look like keyfobs and produce a new password very frequently. The only way to get the password is to access the generator or your mobile.

Use a Physical Security Key – You should also think about using a physical security key. To use one, you must enter your password into the computer, and then enter a device into the computer’s USB port. This proves that you are the account owner. So, even if a hacker gets your password, they must also have the physical security key to access the account.

Think About Biometrics – Finally, to really protect your accounts, when available, use biometrics. You can buy biometric scanners that read your fingerprints, your iris, or even recognize your voice. When you use these, you cannot access any account until you scan your finger, eye, or speak.

Yes, it’s true that some of these seem time consuming, it is much more time consuming to have to deal with getting hacked or a stolen identity. So, take these steps to remain as safe as possible.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Your Social Security Card Gets Stolen: Now What?

You might be shocked to know that when Social Security numbers were first given in the 1930s, the intention was never to use them as a form of identification. However, most of us use our Social Security numbers all of the time, from doing transactions at the bank to visiting our doctor’s office.

You need your SSN to apply for jobs, to open credit cards, and even to marry the love of your life. Since we use this number of often, what happens if you lose your card, it gets stolen or it’s leaked in a big data breach? Here’s what to do:

Contact the 3 Credit Bureaus – The first thing you should do is to contact one of the three major credit monitoring bureaus. You have to put a fraud alert on your credit report. By doing this, a lender or creditor uses much stricter guidelines when they receive an application for credit. These alerts only last for 90 days, but you can also get an extension when that 90 days passes.  But there’s better:

Freeze Your Credit – Another step that is even more secure is to freeze your credit. When this happens, you can’t use your credit to open a line of credit or refinance until you go through a simple “thaw” or unfreeze process. Keep your credit frozen for the remainder of your life and thaw when needed.

Get Identity Theft Protection – Also, consider getting identity theft protection. This might be a bit of an investment for some people, but it also ensures that someone is monitoring your credit all day, every day. These experts can also quickly get you back on track if your identity is stolen.

Watch Your Credit – If 90 days has passed, and you don’t see anything strange on your credit report, that doesn’t mean that you are safe. Thieves can use your information in other ways, too, so you should continue to watch your credit report. You can get a free credit report each year at AnnualCreditReport.com

Use Caution When Online – Finally, make sure that you are being careful when browsing the internet. Cybercriminals are sneaky, and people fall for their tricks quite often. Here are some things to keep in mind:

  • Don’t click on any link you get in an email. This is the case even if you believe that it’s from someone you know. Unless you’ve just signed up for a website and you need to confirm your email address.
  • Don’t open any email that is in the spam folder.
  • Don’t open any email that has a subject line that is exaggerated or sensational.
  • If you can use two-factor authentication with your online accounts, you should.
  • Use an antivirus program, anti-malware software, and a firewall.
  • Create a different password for each account. Make sure they are difficult to remember and stay away from those containing your name, date of birth, or even 123456.
  • Use a password manager.
  • Shred your personal documents before throwing them in the garbage. This is especially important if the document contains information like your SSN or an account number.
  • Don’t give your SSN out to anyone unless it is totally necessary, such as on a job application or when applying for a loan or credit card.

I give out my SSN all the time. But, I omit it from applications often. And if the applications administrator says “we can’t process your request without the SSN”, I may briefly question them, but inevitably give them my SSN. I have a credit freeze and identity theft protection. I’m not worried.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Stolen Social Security number? Don’t Worry!

Just when you think it was safe to believe your Social Security number can’t get stolen…news breaks of the Anthem data breach. Over 80,000,000 patient records were compromised, including SSNs and home addresses. Like a meteor striking the earth, a disastrous ripple effect is underway, with patients getting hit up with phishing e-mails.

1PIf you ever suspect your SSN has been stolen, some suggest contacting the IRS and Social Security Administration and notify them of your situation. The thief can do bad things with your number, but if you contact these agencies, can you really protect yourself from that? I’m not sure these agencies can really do anything based on the volume of fraud happening today.

So what should you do to guard against ID theft while you’re still ahead?

Your credit report should have a fraud alert placed on it. This way, lenders and creditors will be stricter about identifying you as the authentic applicant. Thus, a thief will probably flunk these extra steps. Contact either Equifax, Experian or Transunion and they’ll place the 90-day fraud alert. You can also ask for an extension. Consider re-establishing the fraud alert every 90 days. The fraud alert will net you a copy of your credit report. Examine it carefully.

Watch your credit like a hawk. If nothing happens during those 90 days, this doesn’t mean you’re in the clear. A thief may act after 90 days, or, just as a baseline good practice, you should still always monitor your credit. Self-monitoring your credit involves either buying your credit report as often as you’d like or getting it free, quarterly at AnnualCreditReport.com.

Credit freeze. A more secure measure is to freeze your credit, but this means you too can’t do anything like apply for a refinance on your house until it’s “thawed”. But if you don’t foresee needing to do that or open new lines of credit in the near future, then you’ll get more peace of mind with a credit freeze.

If an unforeseen need to apply for a loan surfaces, you can unfreeze your credit. Just keep good notes regarding the user/pass and web address to quickly thaw your credit. A credit freeze/thaw requires a one-time fee of $5-$15.00. Cheap and effective.

Identity theft protection. This is a no brainer. For $100-$300 annually for an individual or family of 4, your identity is being monitored 24/7 by professionals who will also restore your identity in the event of loss. Check with the companies Terms of Service and their features/benefits to determine what the will and will not protect against.

Be smart. Though some hackers are amazingly ingenious and subtle with their schemes, other tricks are so obvious that it’s astounding that anyone who’s smart enough to use a computer could fall for them.

A college degreed professional can be so caught up in the latest trash or tragic news about a very high profile celebrity that they could be lured right into the palm of a ruthless scammer: The bait is a link to an exclusive interview with the celebrity’s mother. Hah! Click the link, and you’ll become the mouse in a trap.

  • Never click links inside e-mails, even if it seems that the sender is from someone you know.
  • Don’t even bother opening e-mails with sensationalistic subject lines like “Exclusive Video of Bruce Jenner in Mini Skirt.”
  • When using various online accounts, see if they offer two-factor authentication; then use it.
  • Use different passwords for all of your accounts, and make them long and unique, not “123Kitty.”
  • Use antivirus and anti-malware and keep them updated; also use a firewall.
  • Shred all personal documents before putting them in the rubbish.

Never give out your SSN except for job applications, loan applications, credit card applications and other “big stuff.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

SSN and Its Afterlife

What’s one billion? That’s about the number of possible permutations of the Social Security number. Which begs the question: What happens to an SSN when someone kicks the bucket?

8DCurrently, SSN’s are never repeated when they’re issued by the Social Security Administration. As of June 2011, the SSA made the issuance entirely random (previously, for example, the first three numbers were determined by place of birth).

With nearly a billion permutations, there’s no point in any number surviving the holder’s death and being reissued. Now in theory, the combinations will eventually run out, because eventually, a billion people will have been born in the United States. But this isn’t exactly in the near future. Why worry?

Nevertheless, some people like to plan way ahead. Maybe this scenario can be mitigated with a 10-digit number. Maybe numbers will stay at nine but be recycled. But for now, your number is as unique as your DNA. But, unlike DNA, a SSN can be used fraudulently.

The three credit bureaus maintain a list of the deceased based on data from the Social Security Administration’s Death Master File Index. Sometimes it takes months for bureaus to update their databases with the Social Security Administration’s Death Master File Index.

Here’s how to avoid identity theft of the deceased:

  • Report the death yourself by calling the Social Security Administration at 1-800-772-1213.
  • Contact the credit bureaus directly to report a death and request the information to be recorded immediately.
  • Right now, before anyone perishes, get the person a credit freeze. Upon death (as in life), the person’s Social Security number will be useless to the thief.
  • Invest in identity theft protection. This is a layer of security that monitors one’s information, including Social Security number, in the wild. Have it activated for six months to a year after death.
  • The Identity Theft Resource Center suggests, “Immediately notify credit card companies, banks, stockbrokers, loan/lien holders and mortgage companies of the death. The executor or surviving spouse will need to discuss all outstanding debts. If you close the account, ask them to list it as: ‘Closed. Account holder is deceased.’ If there is a surviving spouse or other joint account holder, make sure to notify the company the account needs to be listed in that surviving person’s name alone. They may require a copy of the death certificate to do this, as well as permission from the survivor.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Colorado Supreme Court: Using a Stolen Social Security Number is Not Identity Theft

I feel like my head is going to explode.

The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.”

The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment. The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he “did not assume a false or fictitious identity or capacity,” and “did not hold himself out to be another person.” The court found the defendant’s use of a false Social Security number “irrelevant,” since the number was provided to fulfill “a lender requirement, not a legal requirement.”

Justice Nathan Coats dissented, writing, “The defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes” was “precisely the kind of conduct meant to be proscribed as criminal.”

This is yet another example of the lack of justice in the judicial system. The justices erred by failing to understand what identity theft really entails, especially when considering the distinction between a “lender requirement” and a “legal requirement.” Whether or not a Social Security number is legally required in order to obtain credit, it is still a legal identifier in many circumstances.

42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), a federal law enacted in 1996, determines when the numbers should be used. This law requires a Social Security number to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can also be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

“Synthetic identity theft” occurs whenever an identity is partially or entirely fabricated. This commonly involves the use of a real Social Security number in combination with a name and birth date that are not associated with the number. This type of fraud is more difficult to track because the evidence does not appear on the victim’s credit report or on the perpetrator’s credit report, but rather as a new credit file or subfile. Synthetic identity theft is a problem for creditors, who grant credit based on false records. It can also create complications for individual victims if their names become associated with synthetic identities, or if their credit scores are impacted by negative information in an erroneous subfile.

With this decision, the Colorado Supreme Court has fundamentally upset the balance of law, effectively opening a Pandora’s box of problems. This saga is far from over.

Since the law won’t protect you, at least in this scenario, consider investing in McAfee Identity Protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, plus access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims onThe Morning Show with Mike and Juliet. (Disclosures)

Leaked Social Security Numbers Put “Personal Security and Safety at Risk”

Allen West, a Republican Congressional candidate, is speaking out after a mailing from the Florida Democratic Party releases his Social Security number and his wife’s federal employee number. “It’s an attack against me and I think it shows the weakness of the character of Ron Klein and definitely the Florida Democratic party, to put a person’s personal security and safety at risk,” said West, “And also affects my family as well.”

The Florida Democratic Party responded by stating, “We apologize for the oversight of not redacting this information from the public record included in the mailer,” and by offering West two years of identity theft monitoring, but West says he will not accept their money.

Meanwhile, in Virginia, a judge has ruled it is legal to post Social Security numbers on websites. Every city, state, and town has its own set of regulations determining the collection and management of public records, including birth, death, marriage, court, property, and business filings. Many of these documents include Social Security numbers. And many are posted on the Internet.

The Privacy Act of 1974 is a federal law that establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information in federal record systems.

Back in 1974, identity theft wasn’t an issue, so having your Social Security number on your driver’s license, school ID, and most other documents wasn’t a big deal. Then someone figured out how to use a Social Security number to pose as someone else, and from there, identity theft became big business.

When a judge rules that it’s okay to post Social Security numbers online, and a politician states that a similar act “puts a person’s personal security and safety at risk,” it’s clear that we have a systemic problem, one which the government is unlikely to solve.

It is important to observe basic security precautions to protect your identity. But you have no control over the security of your personal information when it is stored in government and corporate databases.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features as well as live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visithttp://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national IDs on Fox News. (Disclosures)

IRS Fully Reliant on Social Security Numbers

On the Policy, Practice & Procedures page of their website, the IRS addresses the public’s concern regarding Social Security numbers on checks:

Complete Social Security Numbers (SSN) on Checks or Money Orders Remitted to IRS

Issue: Tax Professionals and clients have concerns about taxpayers putting their full SSN on checks remitted to IRS in payment of a balance due. Page 74 of the Form 1040 instructions directs taxpayers to put their full SSN on checks.

Response: The SSN Elimination and Reduction program is presently working on mid-to-long-term solutions to address the use of SSNs on checks remitted to IRS in payment of a balance due. To ensure payments are posted to the correct account, we encourage taxpayers to include their SSNs on checks and money orders submitted to the IRS. IRS processes millions of returns and payments each year, including many from taxpayers with the same or similar names. If you are concerned about providing the SSN, you may consider using the Electronic Federal Tax Payment System. EFTPS is a secure alternative to mailing a check.”

Essentially, if you want to be sure that you’re properly credited for any money paid to the IRS, and avoid being labeled a tax evader, you don’t have much of a choice about including your Social Security number on checks and money orders.

The IRS sent 201 million notices to taxpayers during the fiscal year 2009, and most of those mailings included Social Security numbers. Social Security numbers may also appear in more than 500 computers systems and 6,000 internal and external forms. According to the Treasury Department Inspector General, “this is because Social Security numbers are used to associate correspondence and documents with taxpayer accounts.”

The IRS is currently in the process of reviewing their current reliance on Social Security numbers as primary account numbers for all citizens. Some have suggested that we may eventually switch to barcodes, but if this transition ever does take place, it isn’t likely to happen anytime soon.

At present, the IRS, along with many other government agencies and corporations, relies on Social Security numbers and will do so for years to come. This continued reliance will inevitably result in additional data breaches and therefore, more stolen identities.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first, providing live access to fraud resolution agents who work with victims to help restore their identities. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Identity Theft – Common Consumer Errors

The major problem that consumers face today is a fundamental lack of understanding of what identity theft actually is. Most people think of identity theft as when someone uses your credit card without your permission. Fraudulent credit card use is certainly a multibillion dollar problem, but it’s only one small part of the identity theft threat. A comprehensive understanding of what identity theft and what it is not empowers citizens to make informed decisions about how they should protect themselves.

People who have been victimized by identity theft often have a difficult time functioning as a result of their circumstance. Some deal with minor administrative annoyances whiles others suffer financial devastation and legal nightmares.

No one is immune to identity theft:

A woman contacted me who was previously a very successful real estate agent and the president of her local real estate group. She had climbed the ranks from sales to broker/owner and oversaw dozens of employees. A former boyfriend stole her Social Security number and his new girlfriend used it to assume her identity. Over the course of five years the ex-boyfriend and his new girlfriend traveled the world on stolen credit and destroyed the real estate agent’s ability to buy and sell property. Her real estate license was suspended and her life was turned upside down.

Awareness is key:

Do you carry your Social Security number or a Social Security card in your wallet? Do you provide this number to anyone who asks for it? The most commonly dispensed advice in response to these questions is: don’t carry the card and don’t give out the number. But in reality, there are many times when you have to use your Social Security number. Because this number is our primary identifier, we have to put it at risk constantly. Refusing to disclose your Social Security number under any circumstances is like refusing to eat because the food might be bad for you. There are always risks. The key is managing those risks and making smarter decisions.

Do you know what ATM skimming is? Have you seen a skimmer? Have you been phished? Would you know what a fraudulent auction looks like? Do you put your name on a “stop delivery list” when you travel? Do you know how to update the critical security patches in your computer’s operating system? Do you know if the doctor’s office your child just went to has done background checks on all the employees who handled your and your child’s Social Security number? Most people struggle to answer questions like these.

We live in a technologically dependant time and we rely on all these tools and modes of communication, and most people do not understand the risks. The good news is, I do. And McAfee does. And what we do is keep you informed of your options, so that you know how to protect yourself and your family.

The most important thing you can do right now is not worry about this stuff. But you do need to take some time to educate yourself.

Download McAfee’s eGuide,“What You Need to Know to Avoid Identity Theft.”

Take five minutes to assess your risk of identity theft. Fill out the Identity Theft Risk Assessment Tool to get your “risk profile.”