Beware Online Auction Fraud & Identity Theft

Robert Siciliano Identity Theft Expert

Scammers often set up pages on auction sites during the holiday season. Consumers should be aware of deals that are obviously too good to be true. Most too good to be true online deals bite unsophisticated shoppers or “newbies” to the online auction world. The victim either gets goods that are inferior, counterfeit or they never get anything and still get charged.

My spouse needed some skin care products and went online to eBay to make a purchase. She’s a newbie at this and doesn’t have a lot of experience. She called me over to help complete the transaction and was all happy she found her products so cheap. She told me the other companies were charging almost double so she doubled her order because she was saving so much. I looked at the seller “feedback” that others are supposed to give and it seems my spouse was the first ever buyer.

I told her I didn’t feel comfortable with the purchase that she should wait a day to see what happens. She begrudgingly agreed with me. The next day she logged on to complete her purchase and she saw a message stating: “The eBayer has been suspended from eBay because our records indicate the account was involved in activities that violate our terms” or something like that.

If it seems like online fraud, it is.

Scams can happen inside or outside the auction’s website.eBay recommends being aware of “spoofed” emails.

Stay safe online by protecting yourself from spoof (fake) emails and Web sites. Spoof emails and Web sites can be a major problems for unsuspecting Internet users. Claiming to be sent by a well-known company, spoof emails direct users to Web sites asking for personal information such as a credit card number, Social Security number, or account password. Most “legit” websites will never ask you for such personal information when making a simple purchase. Because it’s so difficult to tell when an email or Web site is a spoof, eBay recommends that you:

1. Download and use eBay Toolbar with Account Guard, a feature that indicates whether you are on the real eBay or Paypal Web sites, or are on a potential spoof site.

2. Learn about spoof protection by taking eBay’s spoof tutorial.

3. Never enter sensitive personal information (such as your password or credit card, bank account, and Social Security numbers) in an email.

Avoid online scams and identity theft by looking for “Feedback” internally on eBays website

1. Buy with confidence by reviewing a seller’s eBay feedback.

2. Before you bid or buy on eBay, it’s important to know your seller. Always look at your seller’s feedback ratings, score and comments first to get an idea of their reputation within the eBay marketplace.

3. Each comment and rating – whether positive, neutral or negative – is an opportunity to understand the history and experience of a seller, a chance to form your own opinions, and a visual cue to help you make a smart buying decision.

Two men were recently arrested when they pocketed the buyer’s payment, then used the buyer’s credit card number and then made fraudulent charges. You can’t be too careful here.

In most cases I recommend using PayPal for online auctions to help prevent online identity theft. If you use your credit card, make sure to check your statements frequently and refute unauthorized charges immediately.

Online buying can help make life easier. Make sure you follow these tips when making online purchases to help protect your identity.

Robert Siciliano is a personal security and identity theft expert for HomeSecuritySource.com See him in action discussing holiday scams on Fox’s Mike and Juliet show. (Disclosures)

*Content expressed in Home Security Source does not represent the thoughts and opinions of ADT Security Services, Inc. unless explicitly indicated.1

The Feast of the 7 Phishes

Robert Siciliano Identity Theft Expert

Being a “Siciliano” and having roots in Italy, namely Sicily, the little island at the bottom of the boot, we have a tradition where we celebrate “the vigil” (La Vigilia), with a Feast of the Seven Fishes (festa dei sette pesci).

It’s a day of cooking, eating and enjoying your favorite beverage in substantial quantity. I do the cooking and start serving at noon. I generally cook to order and serve lobster, mussels, little neck clams, scallops, squid, also known as calamari, a white fish, sword fish, and a small fish called “smelt”. Funny name, but tasty. Everything is prepared either fried, white sauce or red gravy. It’s a yummy day.

Tis also the season for scamming everyone and anyone who is duped into responding to a “phish” email. Phishing is when you receive an email that looks like it’s a legitimate communication from a bank, retailer, government agency or some other entity informing you that you’ve won something or stand to lose something if you don’t respond.

Around the holidays scammers are in full force and sending lots of emails that look like they are coming from legitimate retailers but are in fact fake and meant to lure you into entering your personal information.

Here are the 2009 7 Phishes to look out for, pulled directly from my inbox:

1. Great Holiday Deals!: “Find out some new facts about the original Swiss things! Leather wallets, authentic jewelry and Swiss watches – are the main details in your life.” Click the link and go to a fraud based retailer that sends you fake goods.
2. Official Viagra Reseller: “There’s no better time of the year to show your lover how much you care. Gift them a years subscription to Viagra!” OMG! They didn’t just say that! It’s a fake, don’t bother.
3. Give Credit Repair for Xmas and Have a prosperous New Year!: “Log in now and get your loved one an updated credit score and start 2010 off looking better financially than ever.” This also means giving some scammer your spouse’s social security number. Not a good idea.
4. Gift Yourself a Russian Bride for the Holidays: “Wide choice of fine Russian girls for any taste are available here.” They first ask you for a deposit to start the “searching for a bride”. Once you wire money anywhere overseas in response to an email kiss it goodbye.
5. Lose That Holiday Ham!: “I lost 17 pounds drinking coffee in time for New Years Eve! You can too!” Do I even need to explain?
6. Bankcard Account Suspention: “We have disabled your account to inactivity. If you plan to go shoping (typo) for your families you should contact us now.” Two typos and bad English. Need I say more?
7. Have a Happier New year with a new Job!: “Shipping managers needed now. Start your own home based business with no money and no inventory.” And become a shipping mule for organized criminals.

Robert Siciliano is a personal security and identity theft expert for HomeSecuritySource.com See him in action discussing holiday scams on Fox’s Mike and Juliet show. (Disclosures)

*Content expressed in Home Security Source does not represent the thoughts and opinions of ADT Security Services, Inc. unless explicitly indicated.

Sponsored Broadcast Radio

Broadcast Radio Sponsored by McAfee

06.30.10 WVOL TJ Graham Show Audio HERE

06.22.10 KXYL Morning Big Show with Mike Cope and Jesse Jones Audio HERE

06.22.10 KERN 1180 AM www.Moneywiseguys.com Brian Wiley, Garro L Ellis Audio HERE

06.11.10 Panama Fox News 1270am Audio HERE

06.11.10 Rick Hamada KHVH 830AM Audio HERE

06.10.10 Adeline’s Chronicles AM 1060 WBIXBoston Radio Audio HERE

Broadcast Radio Sponsored by Intelius.com

The following spots are examples of getting the word out to empower people to secure their personal security.

05.30.10 Staci Bockmann MyGreatKid Radio Show Audio HERE

05.28.10 Guy T Wehman The Nightbeat Nation Audio HERE (TBA)

05.28.10 Mike Kakuk am800cklw The Morning Drive Audio HERE

05.26.10  Dave & Bill, the hosts of CHWRadio In the CyberHood Audio HERE

05.17.10 Rob McConnell, “The ‘X’ Zone Radio Show Audio HERE

05.14.10 WBNW Money Matters Radio Network Audio HERE

04.23.10 Brian Novak with NewsTalk 1480WHBC Audio HERE

04.02.10 BusinessMatters Thomas White Social Media Security Audio HERE

03.27.10 SupertalkWFHG.com Barbara McFaddin, Identity Theft Audio HERE

03.25.10 YOUR MONEY SHOW Identity Theft, Audio HERE

03.23.10 KWAVE Michael David Public Affairs, Identity Theft Audio HERE

03.22.10 KORN Let’sTalk Host: Jena O’Conor Audio HERE

03.22.10 Michael Ray Dresser Cell Spying Audio HERE

03.22.10 WBNW Money Matters Midday Edition with Chuck Nilosek, Identity Theft Audio HERE

03.21.10 Marcus Edwardes Identity Theft Audio HERE

3.16.10 Michael Ray Dresser Cell Spying Audio HERE

3.14.10 America Tonight Kate Delaney Audio HERE

03.11.10 KBUR Steve Hexom Morning Show Census Scams Audio HERE

03.10.10 WZGC Jimmy Baron Identity Theft & Cell Spying HERE

03.08.10 WRXK Stan and Haney Identity Theft Audio HERE

03.08.10 WZTA Clear Channel Rhett Palmer Identity Theft and Personal Security Audio HERE

03.08.10 Michael Ray Dresser Cell Spying Audio HERE

03.04.10 WNJC Brian Greenberg, Identity Theft Audio HERE

03.04.10 KDRO Charlie Thomas, Identity Theft Audio HERE

03.02.10 WTOP Botnets Audio HERE

03.01.10 Michael Ray Dresser Online Reputation Management Audio HERE

02.26.10 The Rick Dees Top 40 Audio HERE

02.25.10 KNEWS The Mark Christopher Show Audio HERE

01.23.10 Michael Ray Dresser “P2P file sharing risks” Audio HERE

02.22.10 Peter Anthony Holder Audio HERE

02.22.10 KORN Jena O’Connor Audio HERE

02.18.10 FMTalk1011 Allan Handelman Audio HERE

02.15.10 Michael Ray Dresser, Dresser After Dark Audio HERE

02.15.10 America Tonight Kate Delaney Audio HERE

02.09.10 Michael Ray Dresser, Dresser After Dark Audio HERE

02.02.10 WHK The ADVOCATE Audio HERE

02.01.10 WYDE Lee Davis Show Audio HERE

02.01.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.30.10 Real Wealth Show Kathy Fettke Audio HERE

01.30.10 KWYR Marsha Raye Audio HERE

01.29.10 Fox News Radio KTRH Audio HERE

01.29.10 Fox News Radio WSBA Audio HERE

01.29.10 Fox News Radio KCOL Audio HERE

01.29.10 Fox News Radio KFBK Audio HERE

01.29.10 Fox News radio KURV Audio HERE

01.25.10 American Medical Association XM Radio Audio HERE

01.25.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.25.10 KSCO Rosemary Chalmers Morning Show Audio HERE

01.23.10 WNJC The Lee and Brian Show Audio HERE

01.22.10 WFLO AM/FM, Elliott Irving Audio HERE

01.22.10 KDKA Radio Mike Romigh Morning Talk Audio HERE

01.21.10 WLEN Jerry Hayes  Audio HERE

01.20.10 2GB Jason Morrison Australia Audio HERE

01.19.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.18.10 KAHI Popp Off Host: Mary Jane Popp Audio HERE

01.17.10 Mens Dugout Dr. Tara Grace Perry Audio HERE

01.15.10 Lori Wilk: Business Identity Risks in 2010 Audio HERE

01.11.10 Michael Ray Dresser, Dresser After Dark Audio HERE

01.04.10 WTXY Robby Kendall 1540 WTXY1540.com Audio HERE

01.04.10 WTKK Jim & Margery show on 96.9 Boston Talks Audio HERE

12.30.9 KDKA Radio Mike Romigh Night Talk Host Audio HERE

12.18.9 Simon Barrett BloggerNews Audio HERE

12.9.9 KBUR Steve Hexom Morning Show Audio HERE

12.7.9 WOON Midday Show Host: Don Burnelle Audio HERE

12.6.9 Golden Radio Network/ABC RADIO America Tonight Audio HERE

12.5.9 WRDU Dave and Carmen Clear Channel Audio HERE

12.4.9 Fox KURV McAllen, TX Audio HERE

12.4.9 Fox  WHJJ Providence, RI Audio HERE

12.4.9 Fox  KFTK St. Louis, MO Audio HERE

12.4.9 Fox WREC Memphis, TN Audio HERE

12.4.9 KIDO Boise, ID Audio HERE

12.4.9 Fox  WTAG Worcester, MA Audio HERE

12.4.9 KOA Denver, CO Audio HERE

12.4.9 KPAY Chico, CA Audio HERE

12.3.9 Lori Wilk: Identity Theft What You Need To Know Audio HERE

12.2.9 Montel Williams. Montel Accross America Audio HERE

email Addresses Hacked via a Botnet or Phished?

Robert Siciliano Identity Theft Expert

Recently Microsoft, Yahoo, Google, Comcast and Earthlink announced thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. One report suggests the emails phished could be up to a million victims.

Researchers parsed the hacked passwords and broke them down into categories based on their level of security. For example some of the passwords were very weak “111111”  “123456” “1234567” “12345678” “123456789” made the top list. Many of the stolen passwords were people’s first names which of course could be kids, spouse etc. Obviously anyone who uses an insecure password like this is more likely to get hacked due to their laziness and less than sophisticated approach to security. 60% of the passwords contained either all numbers or all lowercase letters.

Always use a combination of upper case and lower case, numbers and characters that don’t actually spell anything. Use the first letters of phrases and plug a number in there with a character “Monday is the 1st day of the week!” is Mit1dotw! Research in the data breach showed 6% of the passwords reflected this strong style.

There is however buzz in the IT security world that the data may have been leaked via a botnet. A botnet is a robot network of computers connected to the internet that all share a common technology, a virus/spyware that allows a criminal hacker to remotely access and control the machine. A botnet can be 10 PCs, 10,000 PC or many more. The infamous “conficker” is a botnet. Once a PC is infected the criminal hackers can use the botnet to commit crimes, store data and of course siphon data from the machines.

However while many of the passwords were weak, there were many passwords that were very strong.  The argument is that based on the strength of many of the passwords it is unlikely that they were phished, and more likely hacked.

Regardless of the method of attack there are many things a computer user can do to prevent phishing and being part of a botnet.

  1. When you receive any email from any “trusted source” asking you to login for ANY reason do not click links in the body of the email. Instead manually type the address or go to your favorites.
  2. Use the most recent version of a web browser that has a built in phish filter. Phish filters warn you against clicking links on unauthorized websites.
  3. Invest in anti-virus protection and make sure you have it set to automatically update your virus definitions. There are potentially thousands of new viruses every day. Going a week without anti-virus can make you vulnerable to attack.
  4. Invest in Intelius Identity Protection and Prevention. Because when all else fails, its great knowing someone is watching your back.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Protecting email While Traveling From Identity Theft

You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

1. And you should always protect yourself from identity theft. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft(Disclosures)

Robert Siciliano Identity theft speaker discusses wireless hacking on Fox News

Social Media Privacy and Personal Security Issues

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

Your identity is an illusion

Robert Siciliano Identity Theft Expert

 

Like it or not, you will soon be effectively identified. And by “soon,” I mean within the next 10 years. Big Brother, whatever that means, will have your “number.” Governments across the globe have been gearing up and introducing numerous technologies to identify, verify and authenticate.

Identity is a simple idea that has become a complex problem. It has become complex due to fraud. Fraud, motivated by money, easy credit, and the ease of account takeover. Because identity has yet to be effectively established, anyone can be you. “Identity has yet to be established” is a bold statement that really requires an entire blog post. I’ll explain briefly here and in detail another time.

We have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. We use “for profit” third party information brokers and the lowly vital statistics agency that works for each state to manage the data. All of these documents can be compromised by a good scanner and inkjet printer. This is not established identity. This is an antiquated treatment of identity and ID delivery systems. Identity has yet to be established.

Proper identification starts with government employees, who basically have little say in the matter. Small, specific segments of society such as airport employees, those of immediate concern to Homeland Security, are also first in line to be identified.

Security Management reports that as of this month, all workers and mariners attempting to access secure maritime and port areas nationwide will have to flash a government-approved Transportation Worker Identification Credential (TWIC),biometric identification card before entry. As expected, the system is riddled with problems and complaints.

HSPD-12, or Homeland Security Presidential Directive 12, set universal identification standards for federal employees and contractors, streamlining access to buildings and computer networks, but not without some glitches.

Many privacy advocates scream in horror about a national ID. The fact is, we already have a national ID and it’s the Social Security number. While the Social Security number was never intended to be a national ID, it became one due to functionality creep. And it does a lousy job, because anyone who gets your SSN can easily impersonate you.

Privacy advocates and others who believe that there is or ever was true privacy are operating under an illusion. The issue here isn’t really privacy, its security. It’s managing our circumstances. Growing up, my mother was a privacy advocate. She advocated that privacy was a dead issue as long as I lived in her house. At any given time, she could rifle thorough my stuff if she even got a hint of glazed eyeballs.

I’ve always been fascinated with identification and what it means. Over the years, as I’ve dug deeper into information security and then identity theft, I have been floored by the ineffectiveness of the existing system. Numerous identity technologies use software or hardware as the delivery system. A Smartcard is a delivery system, it isn’t your identity. Identity may include biometrics and verification questions.

Then there is the issue of properly identifying a person. How? And what is the difference between authentication and verification? I’ve always used them interchangeably, so I asked an expert, Jeff Maynard, President and CEO of Biometric Signature ID, who is in the game of properly identifying his clients’ clients through dynamic biometrics, for his take on authentication vs. verification. There is a distinct differenceAuthentication is the ability to verify the identity of an individual based on their unique characteristics. This is known as a positive ID and is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of each are: Static – iris, fingerprint, facial, DNA. Dynamic – signature gesture, voice, keyboard and perhaps gait. Also referred to as something you are. Verification is used when the identity of a person cannot be definitely established. Technologies used provide real time assessment of the validity of an asserted identity. We don’t know who the individual is but we try to get as close as we can to verify their asserted identity. Included in this class are out of wallet questions, PINS, passwords, tokens, cards, IP addresses, behavioral based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.”

Identity proofing means proving identity, which, as I see it, is the foundation for identity and one of the most overlooked and under discussed aspects of identity amongst industry outsiders. This is a most fascinating topic. I will get into that soon.

Robert Siciliano, identity theft speaker, discusses Social Security numbers.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself.  Check out uniball-na.com for more information. 

Identity Theft Expert; Cybersquatting Leads to Fraud

Robert Siciliano Identity Theft Expert

Ever click on a link from an email or while surfing and something just wasn’t right? The domain name in the address bar looked like a letter or two off? A misspell? Maybe it had a number tossed in there for good measure? This is either cybersqautting or typosquatting and its a problem.

Cybersquating is the act of procuring someone elses trademarked brand name online as a dot com or any other US based extension.

Cyber squatters squat for many reasons including impostering for fun, hoping to resell the domain, using the domain to advertise competitors wares, stalking, harassment or outright fraud.

Grabbing someone’s given name is also a form of cybersquatting and is happening in social networks and on Twitter. Twitter is affected by Twittersquatting where peoples names and an estimated top 100 brands have been hijacked.

There are also bunches of Kevin Mitnicks ( hacker) on Facebook that even prevented the Gent from accessing his own Facebook account. Facebook fixed the problem after Mitnick rightfully bitched then CNET made a call. Then Facebook listened. Facebook said “We are very aggressive in fostering and enforcing our real name culture and sometimes we make mistakes. But it’s rare, and it’s been fixed.”

Cybersquatting is also done maliciously for fraud. The Identity Thieves will jack a domain similar to that of a bank and create a spoofed site for phishing. Often if the domain isnt available, then the next best thing is Typosquatting. Annualcreditreport.com was a victim of that. More than 200 domains were snapped up right after the site launched.

This is just one more reason to protect yourself from identity theft.

Back in the day, I was accused of cybersquatting! Here. I wasn’t I swear! Back in the early 90’s with my IBM PS1 Consultant 3.1 Microsoft operating system and a rockin 150mb hard drive, I bought me up some domains as well. Some that I sold, others I regrettably gave up and one that will haunt me till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin then and now is my band, and as a fan I bought the domain as a keepsake. I would get emails from people globally like “I am Paulo from Brazil, I love the Led Zep!”

Then when Clinton passed a law later making cybersquatting illegal, I knew it was a matter of time. I had it for 5 years before anyone from the bands team of lawyers approached me on it. And when they did I didn’t know how to handle it. And my lawyer at the time even less so. Ultimately I gave it up without a fight on my part, but I’m sure the bands lawyers billed them for the 1 inch thick book of a lawsuit I was served with. Sorry dudes. My bad.

In this case the lawyers saw an opportunity to build a case against me, a fan that would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked and called them yelling to take it, I never wanted that.

One of few regrets. But I have a nice 1 inch thick book about me and the band and why I’m an idiot.

Anyways back to cybersquatting. A recent report from the NY Times sourced MarkMonitor, a domain name seller and company that protects brands names from misuse, tracked an 18 percent rise in incidence of cybersquatting.

Which means as a brand or individual (or band, eesh) get your name on social network sites or domain name NOW. Then get your kids names as well.

Because they may be Zeppelin famous and have to fight a twit like me.

Robert Siciliano Identity Theft Speaker discussing DNS issues Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Fake IDs, Fake Passports Easy To Make or Buy

Robert Siciliano Identity Theft Expert

Fake IDs aren’t just a tool to get in a bar, they are a significant threat to personal security and national security.

Who in their teens and college years didn’t have a fake ID? I did.

At 17, I was 23! That meant I could buy alcohol, go to bars and take others to “R” rated movies. It also meant I was a ROCK STAR. For a minute.

A friend of mine peeled apart Massachusetts IDs and melted crayons together to create colors that matched the IDs colors. He would apply the crayon to the face of the ID and alter the persons age. For example if you were born in 1968, he would color the left side of the 8 the same color as the ID making it a 3. 1963 gave you five extra years to party!!

Then he’d just seal it back up and voila! You were a ROCK STAR.

CNN reported the Government Accountability Office did a test. An investigator used a fake ID to get a real passport. Once he had the passport he bought an airline ticket and went through security. How stupid big is that hole in security?

Former DHS Secretary Chertoff said, and I agree; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

The problem here is the speed of technology has far outpaced the security of our identifying documents. Anyone with a computer, scanner, printer, laminators and for crying out loud CRAYONS can create breeder documents getting real IDs.

This makes it very difficult to prevent identity theft when anyone can be you any time.

What contributes to the problem is there are thousands of variations of birth certificates, dozens of social security cards and a couple hundred different drivers’ licenses in circulation. Very little security and no significant standards preventing counterfeiting. I’m sure plenty will argue this point with me, however the fact remains, fake IDs are everywhere.

Identity theft protection becomes very difficult.

While technology certainly exists to properly identify and authenticate through numerous technologies, privacy advocates and ignorant politicians will fight till the death to prevent their implementation for 2 reasons; 1. Cost, which is a naive argument. 2. Privacy issues.

Cost; spend whatever it takes to properly identify and authenticate. Privacy; is DEAD. Security is the issue we need to be concerned about. Manage out circumstances and tighten things up. The UAE has an “Identity Card” in place that is the best active solution I’m aware of.

There are hundreds of solutions being proposed every day, but cost and privacy continue to creep up. One argument some have is technologies such as RFID and biometrics are the equivalent to the Mark of The Beast. That just goes right over my head.

The Real ID Act has been passed, slammed and revisited. It is the first step towards effective authentication. Fight it as you might, its coming.

Robert Siciliano Identity Theft Speaker discusses Identity Theft and the rampant use of Social Security numbers Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Criminals Target ATMs to Steal Vital Personal Financial Information From Customers

Robert Siciliano Identity Theft Expert Speaker

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. Also, the worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming is a relatively low tech crime. It can occur in a few different ways. The most common is when a store clerk takes a wedge card skimmer

and runs your card through and skims the information off the magnetic strip.

Once the thief has the credit or debit card data they can place orders over the phone or online.

They can also rip the data from the wedge and burn to blank “white” cards. These white cards are effective at self checkouts or when the thief knows the clerk and they “sweetheart” the transaction. These white cards can also be pressed with foils to look like a legitimate credit card.

Then there is a more sophisticated skim. Thieves actually place a hard device on the face of the ATM that looks like the ATM. It’s almost impossible for a civilian to know the difference unless they have an eye for security, or the skimmer is of poor quality.

Often the thieves will mount a small pinhole camera on the side of the ATM in a brochure holder to extract the victims pin number.

Its not just ATMs that are potential marks, gas pumps are just as vulnerable. See video of me discussing Here and another article Here

ADT Unveils Anti-Skim Tool

ADT has a new technology that prevents ATM of skimming. I haven’t seen it yet, but it sounds promising. The ADT Anti-Skim™ ATM Security Solution helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

The ADT Anti-Skim ATM Security Solution:
• Helps protect the integrity of cardholders’ personal financial information during ATM transactions.
• Can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities.
• Requires no software adjustments to the ATM.
• Does not connect to or affect the ATM communications network.
• Has more than 40,000 successful ATM applications worldwide.

Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

Again, I haven’t seen it. But would like a first hand demonstration. ADT, Have your peeps call my peeps.

Robert Siciliano Identity Theft Expert discussing ATM skimming Here