Uncategorized Archives - Page 11 of 17

email Addresses Hacked via a Botnet or Phished?

October 15, 2009/in Uncategorized /by Robert Siciliano

Recently Microsoft, Yahoo, Google, Comcast and Earthlink announced thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. One report suggests the emails phished could be up to a million victims.

Researchers parsed the hacked passwords and broke them down into categories based on their level of security. For example some of the passwords were very weak “111111” “123456” “1234567” “12345678” “123456789” made the top list. Many of the stolen passwords were people’s first names which of course could be kids, spouse etc. Obviously anyone who uses an insecure password like this is more likely to get hacked due to their laziness and less than sophisticated approach to security. 60% of the passwords contained either all numbers or all lowercase letters.

Always use a combination of upper case and lower case, numbers and characters that don’t actually spell anything. Use the first letters of phrases and plug a number in there with a character “Monday is the 1^st day of the week!” is Mit1dotw! Research in the data breach showed 6% of the passwords reflected this strong style.

There is however buzz in the IT security world that the data may have been leaked via a botnet. A botnet is a robot network of computers connected to the internet that all share a common technology, a virus/spyware that allows a criminal hacker to remotely access and control the machine. A botnet can be 10 PCs, 10,000 PC or many more. The infamous “conficker” is a botnet. Once a PC is infected the criminal hackers can use the botnet to commit crimes, store data and of course siphon data from the machines.

However while many of the passwords were weak, there were many passwords that were very strong. The argument is that based on the strength of many of the passwords it is unlikely that they were phished, and more likely hacked.

Regardless of the method of attack there are many things a computer user can do to prevent phishing and being part of a botnet.

When you receive any email from any “trusted source” asking you to login for ANY reason do not click links in the body of the email. Instead manually type the address or go to your favorites.
Use the most recent version of a web browser that has a built in phish filter. Phish filters warn you against clicking links on unauthorized websites.
Invest in anti-virus protection and make sure you have it set to automatically update your virus definitions. There are potentially thousands of new viruses every day. Going a week without anti-virus can make you vulnerable to attack.
Invest in Intelius Identity Protection and Prevention. Because when all else fails, its great knowing someone is watching your back.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Protecting email While Traveling From Identity Theft

July 29, 2009/in Uncategorized /by Robert Siciliano

You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

1. And you should always protect yourself from identity theft. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft. (Disclosures)

Robert Siciliano Identity theft speaker discusses wireless hacking on Fox News

Social Media Privacy and Personal Security Issues

July 25, 2009/1 Comment/in Anti-virus protection, Criminal Hackers, Data Breaches, Data Security, Identity Theft, identity theft expert, identity theft prevention, identity theft protection, identity theft speaker, social media identity theft, social networking, Uncategorized /by Robert Siciliano

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

Your identity is an illusion

April 20, 2009/1 Comment/in Uncategorized /by Robert Siciliano

Robert Siciliano Identity Theft Expert

Like it or not, you will soon be effectively identified. And by “soon,” I mean within the next 10 years. Big Brother, whatever that means, will have your “number.” Governments across the globe have been gearing up and introducing numerous technologies to identify, verify and authenticate.

Identity is a simple idea that has become a complex problem. It has become complex due to fraud. Fraud, motivated by money, easy credit, and the ease of account takeover. Because identity has yet to be effectively established, anyone can be you. “Identity has yet to be established” is a bold statement that really requires an entire blog post. I’ll explain briefly here and in detail another time.

We have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. We use “for profit” third party information brokers and the lowly vital statistics agency that works for each state to manage the data. All of these documents can be compromised by a good scanner and inkjet printer. This is not established identity. This is an antiquated treatment of identity and ID delivery systems. Identity has yet to be established.

Proper identification starts with government employees, who basically have little say in the matter. Small, specific segments of society such as airport employees, those of immediate concern to Homeland Security, are also first in line to be identified.

Security Management reports that as of this month, all workers and mariners attempting to access secure maritime and port areas nationwide will have to flash a government-approved Transportation Worker Identification Credential (TWIC),biometric identification card before entry. As expected, the system is riddled with problems and complaints.

HSPD-12, or Homeland Security Presidential Directive 12, set universal identification standards for federal employees and contractors, streamlining access to buildings and computer networks, but not without some glitches.

Many privacy advocates scream in horror about a national ID. The fact is, we already have a national ID and it’s the Social Security number. While the Social Security number was never intended to be a national ID, it became one due to functionality creep. And it does a lousy job, because anyone who gets your SSN can easily impersonate you.

Privacy advocates and others who believe that there is or ever was true privacy are operating under an illusion. The issue here isn’t really privacy, its security. It’s managing our circumstances. Growing up, my mother was a privacy advocate. She advocated that privacy was a dead issue as long as I lived in her house. At any given time, she could rifle thorough my stuff if she even got a hint of glazed eyeballs.

I’ve always been fascinated with identification and what it means. Over the years, as I’ve dug deeper into information security and then identity theft, I have been floored by the ineffectiveness of the existing system. Numerous identity technologies use software or hardware as the delivery system. A Smartcard is a delivery system, it isn’t your identity. Identity may include biometrics and verification questions.

Then there is the issue of properly identifying a person. How? And what is the difference between authentication and verification? I’ve always used them interchangeably, so I asked an expert, Jeff Maynard, President and CEO of Biometric Signature ID, who is in the game of properly identifying his clients’ clients through dynamic biometrics, for his take on authentication vs. verification. There is a distinct difference. “Authentication is the ability to verify the identity of an individual based on their unique characteristics. This is known as a positive ID and is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of each are: Static – iris, fingerprint, facial, DNA. Dynamic – signature gesture, voice, keyboard and perhaps gait. Also referred to as something you are. Verification is used when the identity of a person cannot be definitely established. Technologies used provide real time assessment of the validity of an asserted identity. We don’t know who the individual is but we try to get as close as we can to verify their asserted identity. Included in this class are out of wallet questions, PINS, passwords, tokens, cards, IP addresses, behavioral based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.”

Identity proofing means proving identity, which, as I see it, is the foundation for identity and one of the most overlooked and under discussed aspects of identity amongst industry outsiders. This is a most fascinating topic. I will get into that soon.

Robert Siciliano, identity theft speaker, discusses Social Security numbers.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert; Cybersquatting Leads to Fraud

March 17, 2009/1 Comment/in facebook, hackers, identity theft expert, identity theft protection, identity theft speaker, twitter, Uncategorized /by Robert Siciliano

Robert Siciliano Identity Theft Expert

Ever click on a link from an email or while surfing and something just wasn’t right? The domain name in the address bar looked like a letter or two off? A misspell? Maybe it had a number tossed in there for good measure? This is either cybersqautting or typosquatting and its a problem.

Cybersquating is the act of procuring someone elses trademarked brand name online as a dot com or any other US based extension.

Cyber squatters squat for many reasons including impostering for fun, hoping to resell the domain, using the domain to advertise competitors wares, stalking, harassment or outright fraud.

Grabbing someone’s given name is also a form of cybersquatting and is happening in social networks and on Twitter. Twitter is affected by Twittersquatting where peoples names and an estimated top 100 brands have been hijacked.

There are also bunches of Kevin Mitnicks ( hacker) on Facebook that even prevented the Gent from accessing his own Facebook account. Facebook fixed the problem after Mitnick rightfully bitched then CNET made a call. Then Facebook listened. Facebook said “We are very aggressive in fostering and enforcing our real name culture and sometimes we make mistakes. But it’s rare, and it’s been fixed.”

Cybersquatting is also done maliciously for fraud. The Identity Thieves will jack a domain similar to that of a bank and create a spoofed site for phishing. Often if the domain isnt available, then the next best thing is Typosquatting. Annualcreditreport.com was a victim of that. More than 200 domains were snapped up right after the site launched.

This is just one more reason to protect yourself from identity theft.

Back in the day, I was accused of cybersquatting! Here. I wasn’t I swear! Back in the early 90’s with my IBM PS1 Consultant 3.1 Microsoft operating system and a rockin 150mb hard drive, I bought me up some domains as well. Some that I sold, others I regrettably gave up and one that will haunt me till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin then and now is my band, and as a fan I bought the domain as a keepsake. I would get emails from people globally like “I am Paulo from Brazil, I love the Led Zep!”

Then when Clinton passed a law later making cybersquatting illegal, I knew it was a matter of time. I had it for 5 years before anyone from the bands team of lawyers approached me on it. And when they did I didn’t know how to handle it. And my lawyer at the time even less so. Ultimately I gave it up without a fight on my part, but I’m sure the bands lawyers billed them for the 1 inch thick book of a lawsuit I was served with. Sorry dudes. My bad.

In this case the lawyers saw an opportunity to build a case against me, a fan that would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked and called them yelling to take it, I never wanted that.

One of few regrets. But I have a nice 1 inch thick book about me and the band and why I’m an idiot.

Anyways back to cybersquatting. A recent report from the NY Times sourced MarkMonitor, a domain name seller and company that protects brands names from misuse, tracked an 18 percent rise in incidence of cybersquatting.

Which means as a brand or individual (or band, eesh) get your name on social network sites or domain name NOW. Then get your kids names as well.

Because they may be Zeppelin famous and have to fight a twit like me.

Robert Siciliano Identity Theft Speaker discussing DNS issues Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Fake IDs, Fake Passports Easy To Make or Buy

March 16, 2009/in Identity Theft, identity theft expert, identity theft prevention, identity theft protection, identity theft speaker, national ID system, REAL ID Act, Social Security Numbers, Uncategorized, uniball /by Robert Siciliano

Robert Siciliano Identity Theft Expert

Fake IDs aren’t just a tool to get in a bar, they are a significant threat to personal security and national security.

Who in their teens and college years didn’t have a fake ID? I did.

At 17, I was 23! That meant I could buy alcohol, go to bars and take others to “R” rated movies. It also meant I was a ROCK STAR. For a minute.

A friend of mine peeled apart Massachusetts IDs and melted crayons together to create colors that matched the IDs colors. He would apply the crayon to the face of the ID and alter the persons age. For example if you were born in 1968, he would color the left side of the 8 the same color as the ID making it a 3. 1963 gave you five extra years to party!!

Then he’d just seal it back up and voila! You were a ROCK STAR.

CNN reported the Government Accountability Office did a test. An investigator used a fake ID to get a real passport. Once he had the passport he bought an airline ticket and went through security. How stupid big is that hole in security?

Former DHS Secretary Chertoff said, and I agree; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

The problem here is the speed of technology has far outpaced the security of our identifying documents. Anyone with a computer, scanner, printer, laminators and for crying out loud CRAYONS can create breeder documents getting real IDs.

This makes it very difficult to prevent identity theft when anyone can be you any time.

What contributes to the problem is there are thousands of variations of birth certificates, dozens of social security cards and a couple hundred different drivers’ licenses in circulation. Very little security and no significant standards preventing counterfeiting. I’m sure plenty will argue this point with me, however the fact remains, fake IDs are everywhere.

Identity theft protection becomes very difficult.

While technology certainly exists to properly identify and authenticate through numerous technologies, privacy advocates and ignorant politicians will fight till the death to prevent their implementation for 2 reasons; 1. Cost, which is a naive argument. 2. Privacy issues.

Cost; spend whatever it takes to properly identify and authenticate. Privacy; is DEAD. Security is the issue we need to be concerned about. Manage out circumstances and tighten things up. The UAE has an “Identity Card” in place that is the best active solution I’m aware of.

There are hundreds of solutions being proposed every day, but cost and privacy continue to creep up. One argument some have is technologies such as RFID and biometrics are the equivalent to the Mark of The Beast. That just goes right over my head.

The Real ID Act has been passed, slammed and revisited. It is the first step towards effective authentication. Fight it as you might, its coming.

Robert Siciliano Identity Theft Speaker discusses Identity Theft and the rampant use of Social Security numbers Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Criminals Target ATMs to Steal Vital Personal Financial Information From Customers

March 12, 2009/2 Comments/in Credit Card Fraud, Debit Cards, Identity Theft, identity theft expert, identity theft prevention, identity theft protection, identity theft speaker, Skimming Data, Uncategorized /by Robert Siciliano

Robert Siciliano Identity Theft Expert Speaker

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. Also, the worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming is a relatively low tech crime. It can occur in a few different ways. The most common is when a store clerk takes a wedge card skimmer

and runs your card through and skims the information off the magnetic strip.

Once the thief has the credit or debit card data they can place orders over the phone or online.

They can also rip the data from the wedge and burn to blank “white” cards. These white cards are effective at self checkouts or when the thief knows the clerk and they “sweetheart” the transaction. These white cards can also be pressed with foils to look like a legitimate credit card.

Then there is a more sophisticated skim. Thieves actually place a hard device on the face of the ATM that looks like the ATM. It’s almost impossible for a civilian to know the difference unless they have an eye for security, or the skimmer is of poor quality.

Often the thieves will mount a small pinhole camera on the side of the ATM in a brochure holder to extract the victims pin number.

Its not just ATMs that are potential marks, gas pumps are just as vulnerable. See video of me discussing Here and another article Here

ADT Unveils Anti-Skim Tool

ADT has a new technology that prevents ATM of skimming. I haven’t seen it yet, but it sounds promising. The ADT Anti-Skim™ ATM Security Solution helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

The ADT Anti-Skim ATM Security Solution:
• Helps protect the integrity of cardholders’ personal financial information during ATM transactions.
• Can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities.
• Requires no software adjustments to the ATM.
• Does not connect to or affect the ATM communications network.
• Has more than 40,000 successful ATM applications worldwide.

Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

Again, I haven’t seen it. But would like a first hand demonstration. ADT, Have your peeps call my peeps.

Robert Siciliano Identity Theft Expert discussing ATM skimming Here

Recession Turns IT Workers Into Hackers

March 11, 2009/in Anti-virus protection, chief information officer, Computer Hacking, computer security, Credit Card Fraud, Criminal Hackers, Data Security, hackers, Identity Theft, identity theft expert, identity theft prevention, identity theft protection, identity theft speaker, Uncategorized /by Robert Siciliano

Robert Siciliano Identity Theft Expert

What a nasty headline for an article.

From ABCnews.com the journalist roasts IT professionals on a spit. And the comments were all inspiring.

As the recession rears its ugly head, disgruntled ex employees are in the best position to drop a bomb in the companies network or suck all the data out with a few terabyte drives.

A recent study by McAfee and Purdue University put the tally of fraud, data loss and damage done at 1 trillion dollars. A thousand billion sounds like a lot of money.

To paraphrase some of the comments;

No matter how you look at it, when heads start to roll, most people that are about to be let go feel unjust and express hostility towards the employer (often, rightly so). These are the same people who were loyal company employees for years. Unfortunately, these are no win-win situations when it comes to the downsizing and companies should take proper actions to address it.

Your system admin is the gate keeper. Anyone who has access to sensitive data can potentially abuse the privilege. The loan officer, the loan processor, the secretary, the human resources gal two cubes down the hall, the cleaning people that take out our trash at night… Without proper controls in place anybody can be the bad guy. On the other hand, with adequate management these issues can be avoided, even when it comes to IT employees.

Manage your end points, your USB devices, your computer ports, your printers… Segregate your system administration roles. Tools are there. And who is going to implement them? Your IT guy. (thank you Sashimi11)

With the incredible amount of layoffs occurring, companies are bound to layoff an employee who will exact some revenge. Some say “Companies whose knee-jerk response is to cut costs by canning employees deserve some wrath”. But, in the end, the wrath doesn’t get you your job back. (thank you Patches777)

Most are working individuals, doing what they do best. All the while staying under the radar, and afraid, just like everyone else, of the threat of layoffs. The latter doesn’t mean an internal flip is switched and they bug out and start stealing trade secrets. (thank you kyleratliff)

On another note, as budgets are cut and IT pros are let go, the show must go on.

Bill Lynch of RazorThreat said to me “We are encountering lots of very frustrated CIO’s who are caught on the horns of a dilemma…their IT budgets and headcount are being slashed but their CEO’s are simultaneously demanding that they reassure them and the Board of Directors that they are not vulnerable to the same kinds of cyber attacks that have plagued some big firms lately.

They know they cannot afford to buy complex, expensive and difficult to deploy new security software and the people to manage them and yet they have to stand before the Board and profess that their networks are secure”.

The fact is, data breaches will continue and IT will often be to blame. There is a light at the end of the tunnel. There are numerous technologies that won’t break the bank and will keep the BOD happy. Companies have to consider numerous threats of theft and mayhem. Review security policies and who has access to what and why. In the end make sure employees are let go with dignity and respect.

Robert Siciliano Identity Theft Speaker discussing Credit Card Fraud Here

Neighborhood Identity Thieves From Hell

March 9, 2009/in Credit Freeze, Criminal Hackers, Identity Theft, identity theft expert, identity theft prevention, identity theft protection, identity theft speaker, Uncategorized, uniball /by Robert Siciliano

Robert Siciliano Identity Theft Expert Speaker

Keep your friends close and your enemies closer. Unfortunately your enemies could be living in your home or across the street. As the economy tanks, people get desperate and thieves victims become those in their lives.

With all the hullabaloo about criminal hackers and identity thieves organizing as webmobs from all over the world, people often forget that it’s the people in our lives that are the closest to us who often perpetrate these crimes.

Especially in tough times, identity thieves could be someone in your inner trusted circle. I’ve consulted on stories where the dad stole his child’s identity. Those closest to us at home or work have direct access to our data.

“Familiar” Identity theft happens because the thief goes through a process of rationalizing their ability to commit the crime. The process is often referred to as the “Fraud Diamond”.

First they have Incentive. They say “I want to or have a need to commit this crime”. Next is Opportunity. They see a hole or weakness in the system they can easily exploit. And of course Rationalization; “I have convinced myself it is worth the risks”. Lastly, Capability; they determine they are the right person for the job and can pull off the scam.

Here a local neighborhood was terrorized by a drug addicted mom and dad who had a penchant for technology and used their skills to feed their habit.

Much of the crimes they committed could have been prevented.

1. Get a credit freeze or fraud alert
2. Invest in a locking mail box
3. Shred all throwaway paper work
4. Turn off the paper
5. Turn on WPA security for your wireless network
6. Pay attention to all your statements and refute unauthorized charges
7. As a national spokesperson for uni-ball, I recommend using a uni-ball® pen, which contains Uni “Super Ink” formula, to write checks and sign important documents. This specially-formulated ink won’t wash out and protects against check washing. Those closest to you have access to your canceled checks and can rewrite to themselves.

Robert Siciliano Identity Theft Speaker Expert discussing family identity theft Here

Sponsored Broadcast Radio

email Addresses Hacked via a Botnet or Phished?

Protecting email While Traveling From Identity Theft

Your identity is an illusion

Identity Theft Expert; Cybersquatting Leads to Fraud

Criminals Target ATMs to Steal Vital Personal Financial Information From Customers

Recession Turns IT Workers Into Hackers

Neighborhood Identity Thieves From Hell

Contact Us

Social Media

EXPLORE