Fixing a Credit Report after being hacked

First off, how NOT to fix a hacked credit report: signing on with a service that promises to correct the problem in a jiffy—a “sounds too good to be true” advertisement. A company that claims they will 100% fix your bad credit by removing negative information from your credit report is a bit scammy. In fact, whatever a credit repair company CAN legally do, you yourself can do.

Tips to Know Ahead of Time3D

  • If a company takes action against you, you’re entitled to a free credit report if you request it within 60 days of being notified.
  • Experian, Equifax and TransUnion are required to provide you, free of charge, your credit report every year.
  • It’s free to question anything on your credit report.
  • Credit reporting agencies are required to investigate your disputes, if valid, within 30 days.

Credit Reporting Agency

  • Send the reporting company a document explaining your issues. Include copies of documents for evidence.
  • Your mailed packet (use certified mail) should include an itemized list of your disputes and associated details.
  • The agency will send your material to the entity that provided the information in question. This entity must investigate the issues, then provide feedback to the credit reporting agency, and that includes corrections in your report if it’s deemed that the suspicious information was, in fact, inaccurate.
  • You will then hear back from the reporting agency: an updated report (free) and the results in writing. The agency will send a copy of the revised report, at your request, to anyone in the previous 24 months who had received the erroneous one.


  • Inform them in writing of your dispute.
  • Include copies of all evidencing documents.

Repairing errors and getting rid of accurate but negative information are not the same thing. Time heals wounds; you’ll need to let time (usually seven years) completely get rid of the bad stuff.

Should you decide to use a credit repair company, know that it’s against the law for them to lie about their services or charge you before they’ve done their job. By law they must provide a contract explaining your rights and their services, plus many other details including total cost.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Hacking 2015 and Beyond

2015 brings us no closer to putting the lid on hackers as any other year has. The crime of Criminal hacking will prove to be as big as ever in the new year. Here’s what we have to look forward too:

4DBank Card Breaches

There will always be the bank card thieves, being that stealing data from magnetic stripe cards is relatively easy to pull off and there are different ways to do so. This includes tampering with card swiping devices, then retrieving the stolen data later on when nobody’s around.

The U.S. is moving towards replacing the magnetic stripe with chip ‘n PIN technology, but this will take time and money. Another issue is poor implementation of this technology, which makes a hacker’s job easier. It will be a while before efficiently implemented Chip and PIN technology rules the U.S.; expect lots of more bank card breaches.

Nation-State Attacks

Governments hacking governments was big in 2014 and it’s expected to continue rising. Criminals engaging in this type of threat involve interference with encryption and gaining entry to systems via “back doors,” kind of like how a robber gets into one’s home by removing a screen in the back of the house. One of the tools to accomplish this cyber assault is called a RAT which is a form of malware, and it’s predicted that this tool will be used even more (among others) to invade government and private company networks.

Data Destruction

It’s incomprehensible to the average Joe or Jane how someone (usually a team, actually) could wipe out data on the other side of the world, but it’s happened, such as with computers in South Korea, Iran and Saudi Arabia.

And this was on a large scale: banks, media companies and oil companies. Even if all the data is backed up, there’s still the monumental issue of rebuilding systems. And it’s no picnic trying to make sure that the saved data doesn’t carry malware residue that can reinfect a rebuilt system.


Special malware (ransomware) can block a user from accessing data or a corporation from accessing its system, until money is paid to the hacker. This happened to the Sony company (data was stolen but also deleted), but the motives aren’t crystal clear. A cyber extortion requires a skilled attack, and don’t be surprised if this happens to more big companies.

Critical Infrastructure

This type of hack hasn’t really occurred big-scale in the U.S. yet, but experts believe it’s only a matter of time before it does. Cyber criminals will carry out a critical infrastructure attack, infecting networks and gaining control of them, all designed to shut down electricity, disrupt communications and poison water among other disrupting activities.

Third-Party Breaches

A third-party breach means hacking into entity “A” to get to “B.” An example is Target: Hackers got into the HVAC company that Target was contracted with to access Target’s network. Bigger third-party breaches have occurred, and experts have no reason to believe they’ve stopped, even though tighter security has been implemented (and busted through by hackers, not surprisingly).

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Credit Card Fraud isn’t the same as Identity Theft

Just as important as taking down the decorations, throwing out all the debris from opened gifts and getting the house back in order after the holiday activities, is that of scrutinizing your credit card statements.

2CWhy? To make sure that all the purchases on there were made by you and only you. The holiday season means more credit card use = more identity theft. In this case, it’s “account takeover.”

The crook gets your credit (or debit) card information in one of several ways: digging through trash to get credit card information; tampering with ATMs; hacking; and perhaps the thief is the person you gave the card to to pay for your restaurant meal.

Yet another way the thief could get you is to obtain a new credit card line—using your name, address and Social Security number. He maxes out his new card and doesn’t pay the bill. One day you get a call from a collection agency, along with knowledge that your credit has been ruined. This is called “new account fraud”

Account takeover can be discovered via unauthorized charges on your statements, or the thief’s spending habits may alert the company (via its anomaly detection software) to something suspicious, such as a lot of spending halfway across the globe one hour after you purchased something in your home town.

You have 60 days to report suspicious activity to save yourself from paying the unpaid bills. The zero liability policy protects you. The most you’ll pay out is $50. But if you delay reporting the fraudulent activity, you’re screwed.

Thus, you must make time to just sit down and look over every charge on your statements, even if this means that the only time you have to do it is when you’re on the toilet. But you DO have time. You have time to read someone’s drivel on Facebook or something about Duchess Kate’s hair…you certainly have time to read your card statements every month.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

13 ways Protect your Credit Cards from Fraud

Here are a number of ways you can protect your credit cards from fraud.

2C1. Keep a sharp eye on your credit card accounts. Read through the purchases for every monthly statement to see if any unfamiliar or odd items show up. Don’t just skip past small purchases; a charge for $9.95 could still be fraudulent. A crook knows you’re less likely to pay attention to small numbers. Consider checking your statements online weekly or even better, download your banks mobile app and check them daily.

2. Immediately contact your bank. By law, credit card companies have to give you 60 days to refute unauthorized charges. And with “zero liability policies”  fraudulent charges are often squashed as long as a year later. However the sooner you contact the bank upon suspecting fraudulent activity, the more likely the credit card issuer will reverse the fraudulent charges. The compromised account should be closed and a new card and account issued and opened, respectively.

3. Credit card monitoring services. These are free or fee based and often included in identity theft protection services and will keep an eye on your credit score as well as inquiries for new credit, and balance charges.

4. Implement activity alerts. Your accounts should have these; the alerts can come via e-mail or text for various card related activity, such as based on amount or frequency. You can text messages for every card present (in person) and card not present (online) transaction.

5. Go virtual. If your bank offers it, use a virtual credit card number online. These are card numbers that change every time you use them.

6. Skimming awareness. Credit card skimming is when a thief sabotages the card reader (such as an ATM’s), allowing him to get your card’s data. Look for signs of tampering like loose parts on the keypad or a camera looking down on the console. Conceal the keypad with your other hand when you enter your PIN. A skimmer can also use a handheld device and skim your card right in his hand. Be very careful whom you give your card to for a purchase.

7. Don’t save. That is, your credit card information with an online merchant. Instead, manually enter it every time you shop. The hassle of this means more security.

8. Financial tracking apps. These are free and can alert the cardholder to odd activity, such as an unusually large purchase. I like Mint by Intuit. BillGuard is great too.

9. Be alert. In addition to unauthorized charges showing on your card’s statement, be on the lookout for strange bank account withdrawals, collection notices for debts you’ve never heard of, being rejected for credit applications, among other red flags.

10. Shop securely on Wi-Fi. Use an encrypting software such as Hotspot Shield VPN. VPN is virtual private network and will prevent snoops and crooks from spying on your online activities.

11. Use reputable sites. Make purchases only from reputable sites you’ve already shopped at or otherwise trustworthy sites like eBay (check sellers ratings) and Amazon.

12. Updates. Set your computer’s or device’s critical security patches to automatically update; these patches help correct newly-discovered vulnerabilities. And speaking of updates, make sure you update your antivirus and your browser to the latest version, to correct vulnerabilities.

13. HTTPS.  The HTTPS at the beginning of the browser before the URL, means that the site is secure. Never input your credit card number on a site that does not have the HTTPS in the URL field. The HTTPS means there’s encryption on that particular page.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Credit Card Fraud Security Bleak

The U.S. is no Superpower when it comes to card payments: the card hacking headquarters of the world.

2CDon’t count on credit card fraud going away too soon. After all, Americans practically sleep, eat and breathe credit card use. And it’s those doggone magnetic strips on the cards that keep getting consumers, retailers, banks and the card companies in a fix. The strips make it so easy for hackers—and they know it.

It’s high time that the U.S. switch to encrypted chips in the cards—ready to be launched soon, but security experts aren’t breathing easy yet. The squabbling among banks, card companies and retailers over who’s responsible for protecting consumers isn’t helping, either.

Recently Congress demanded that the financial and retail industry leaders come up with plans for securing customer data. And they’d better act soon or consumer trust in these cards that drive the U.S. economy will take a big dive.

“This has the potential for people to question the viability of our payment system,” points out Venky Ganesan, venture capitalist with Menlo Ventures. Cards are the bread and butter of America, responsible for about 70 billion payments last year, worth $4 trillion (Nilson Report).

Only 11 percent of merchants are sufficiently compliant with the credit card security standards, says a study from Verizon Enterprise Solutions.

The magnetic strip, as innocuous as it appears to the typical consumer, stores that consumer’s personal financial information. Most other nations ditched this “antiquated” system years ago, using instead the EMV: based on chip technology, securing payment transactions.

The payments industry, however, has named 2015 as a deadline to get the chip technology going. But all things considered, that’s still a long ways off. And retailers are whining over the many billions of dollars it will take to replace point-of-sale technology.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Credit Card Theft increasing for Banks and Retailers

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

2CThe list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

  • Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
  • 76 percent of breaches were due to stolen or weak account credentials.
  • In 2013 alone, 40 percent of the top breaches were recorded.
  • Insider mistakes or threats accounted for 31 percent of insiders.
  • Social engineering was responsible for 29 percent of breaches.
  • Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

Lost and Stolen Wallets Lead To Identity Theft

A friend called me in a panic because she had lost her wallet, which contained her driver’s license, credit cards, debit card, store cards, and her Social Security card. (You should never carry your Social Security card or Social Security number in your purse or wallet.)

Anyway, she was freaked out and wanted to know what to do. There are certain things you can do now, before your wallet is lost or stolen, to mitigate future damage, and other things that should be done once a wallet is missing.

While you still have your wallet, thin it out as much as possible. If you have multiple credit cards, store cards, Social Security cards, insurance cards, and more, then, “Houston, we have a problem.” All these ancillary cards serve no purpose other than putting you at risk for new account fraud or account takeover.

Remove unnecessary cards and put them in a safe, or cut them up and cancel the accounts. I have a MasterCard and an American Express, and if everyone took American Express I’d only have one card. I also carry a Costco card, driver’s license, and a debit card to make deposits and get cash. That’s it.

Beyond that, no other card is needed, including insurance cards. Insurance cards only need to be carried the day of an appointment. They are not necessary in emergency situations.

Photocopy all the cards in your wallet (front and back) and keep them in a safe.

When your wallet is lost or stolen, pull out the photocopies of your cards. Call the credit card issuer to report the loss and request new cards.

Easy enough. However, there is one thing I’d recommend you do prior to losing your wallet — invest in an identity theft protection service.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. (For details, see McAfee’s guarantee.) For additional tips, please visit

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)