Posts

Synthetic Identity Theft hard to detect

A criminal can do a lot with “only” your Social Security number, says a report from darkreading.com. Okay, so he doesn’t have the name that goes with the number. Big deal—he’ll just make one up to go with it! This is called synthetic identity theft.

10DAnd this crime has proven worthwhile for the crooks. Nowadays, there’s an increased risk for this crime, says a report by ID Analytics. This is because thieves exploit new SSN randomization practices, says Dr. Stephen Coggeshall, author of the report, and chief analytics and science officer for ID Analytics.

In 2011, the SS Administration began issuing the numbers randomly rather than by pattern to help protect against ID theft. This change has backfired because it trips up anti-fraud technology that’s supposed to spot when a number, that was issued a few years ago, is linked to a phony identity.

The implementation of chip-and-pin cards will fuel the risk and growth of synthetic ID theft. Chip-and-pin point-of-sale transactions will inspire ID theft specialists to figure out new fraud tactics. And they will. They always will. They’re not dumb.

The ID Analytics report says that this crime goes undetected for long stretches because there’s no specific consumer victim. Like, who’s Alekksandreya Puytwashrinjeku? Or, who’s John Smith? Alekksandreya will open up small accounts just to get some credit going under “her” name. The next step is to apply for a big loan—that will never be paid.

The long-term nature of undetection allows the criminal to generate increasingly larger credit limits when compared to the typical ID theft case, says Coggeshall.

As you can see, there’s no actual consumer victim, but instead, the victims are the banks, along with the companies that offer the products that are illegally obtained by the fraudsters. The U.S. government is also a victim. The report explains that over a time period of three years, nearly 1.4 percent of tax returns seemed to be synthetic, costing the government $20 million.

You don’t hear much, if at all, about synthetic ID theft, but the report also points out that a credit card issuer did an analysis and discovered that over a three year period, about two percent of the total application volume consisted of this type of crime.

Still, an identity that incorporates identity theft protection is less likely to be victimized and more secure. And synthetic identity theft can sometimes be detected by a protection service.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Things You Can Do To Protect Your Identity

One of my favorite commercials is a guy working out with his personal trainer. The trainer asks him if he’s been eating his vegetables every day. When he replies, “When I can,” the trainer bops him on the head. He could have had a V8!

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Just like the man thought that eating his daily vegetables would be hard, sometimes protecting your identity seems like a chore. But it doesn’t have to be that way. Here are 7 “duh” steps you can take to protect your identity this holiday season and all year round.

  1. Inspect credit card statements. Make a habit of regularly looking through your credit card statements for strange looking activity. If you notice just one unauthorized charge, assume that someone out there will strike again, and again and again—unless you take immediate action and contact your credit card company.
  2. Shred documents with personal information. Thieves will rummage through your garbage and recycling searching for intact documents that show Social Security numbers, credit cards and bank account information, etc. The next best thing to a cross-cut shredder is scissors. Shear up anything that could be revealing, including credit card purchase receipts.
  3. Review your credit reports. At least once a year, review your credit reports from the three major bureaus. This way you’ll be able to spot any suspicious actions, such as a thief opening a credit card account in your name.
  4. Credit freeze. If you’ve been a victim of identity theft, you might want to consider putting a freeze on your credit.While this will prevent you from getting loans or credit cards until you unfreeze it, this will also block criminals from opening accounts in your name and smearing your credit.
  5. Limit accessibility. In addition to using a shredder or scissors, consider getting a safe where you can store sensitive documents and limit the number of credit cards you carry with you. Have a list of important phone numbers (e.g., bank, credit card companies) already made up, in the event that you need to contact them immediately upon realizing you have lost or someone has stolen your identity or your physical credit cards, wallet, etc. 
  6. Password protection. If your device is lost or stolen, will someone be able to simply pick it up and access all your data? They won’t if it is password protected. Don’t use your cat’s name as your password; rather create a complicated password with upper and lower-case letters and numbers.
  7. Use comprehensive security software. It is essential that all your digital devices have updated security software, like McAfee LiveSafe™ service that can safeguard your data and protect against identity theft.

For more tips on protecting your identity, check out the Intel Security Facebook page or follow them on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Identity Theft of the Dead affects the Living

You don’t have to be living to have your identity stolen. Every year in America there’s 2.5 million cases of ID theft involving the deceased. And while your first reaction might be “So what, I’ll be dead and I won’t care”, you need to keep in mind that identity theft of the dead often significantly affects the living. How can this be prevented or at least, minimized?

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Shut Down Social Media

Though it’s hard to do, closing down the decedent’s Facebook page will contribute to preventing ID theft.

Contact the Social Security Administration

This agency has a “death master file” of the SS numbers of deceased people that should be rendered inactive. This way a thief can’t use the number. Don’t wait for a funeral director to do this (though that’s their job); do it yourself for faster results.

Obits

When composing an obituary, people should post very little information. Crooks actually read these in search of a possible ID theft victim. The information to leave out includes names of survivors, complete addresses and professional history.

Receiving Bills

If a decedent’s identity has been hijacked, a survivor may begin receiving bills in that person’s name…and eventually, calls from collection agencies. “The problem isn’t so much financial — it’s emotional,” says Maria Cordeiro with the Chubb Group of Insurance Companies in an article from business-news.thestreet.com. You may have to be dragged through the pain of proving that your deceased loved-one is, in fact, no longer around.

How do you fix this problem?

  • Get all the needed documentation together, because you’ll need to send it out to any entity that requires it for proof.
  • Obtain a credit report prior to the person’s death. Of course, this works in cases of a diagnosed terminal condition versus accident. Once you have the person’s credit report, then six months after death, obtain another for comparison, says Cordeiro. The decedent’s name and SSN, six months later, should be in the death master file.
  • Do some credit monitoring. This is easier than obtaining a credit report for someone who’s dead.
  • Do a credit freeze. For a small fee, the credit report gets frozen shut, preventing a thief from opening a new account.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Security is Everyone’s responsibility

In the movies, the good guys always get the bad guys. In cyber reality, no such thing exists.

1DA survey of 5,000 IT security professionals turns up the following:

  • 63% doubt they can stop data breaches.
  • 69% think threats slip through the cracks of their security systems.
  • 57% believe their company lacks protection from advanced attacks.
  • 80% think their company’s leaders fail to connect the dots between a data breach and potential profit loss.

A survey of customers shows:

  • 59% are quite concerned about credit and debit card information theft.
  • 57% are very concerned about ID theft.
  • About 60% believe that a data breach involving their credit card or personal details would make them less likely to conduct business at a store or bank they usually use.

That last point leads to reputation smearing and loss of customer trust. But what about customer responsibility when it comes to security breaches? The “blame the customer” mentality seems more appropriate in the workplace when employees bring to work their own devices to assist in their jobs. This lets the data-breach cat out of the bag.

Though a significant percentage of employees have admitted (in surveys) to having a security problem with their device, a remarkably small percentage of these users felt compelled to report this to their boss. A very statistically significant number of employees who bring their devices to work haven’t even signed a formal contract that outlines security procedures. The bottom line is that taking security seriously is a rare find among employees who do the BYOD thing.

Another survey turned up an unsettling result: 76% of the 700+ consumers (who were affected by a breach) who were surveyed experienced stress from the event—but more than half didn’t even take steps to prevent ID theft afterwards.

Maybe this complacency can be in part explained by the fact that the losses from breaches are mostly absorbed by the companies involved.

The consumer, customer and employee need to step up to the plate and do their fair share of taking security measures seriously, rather than sitting back and letting businesses and banks take the entire burden.

It’s like getting attacked by a shark. Is the shark entirely to blame if the swimmer jumped into water near a sign that says “Beware of Sharks”? Then again, someone has to take the responsibility of putting the sign there in the first place…

All entities must pull together, stop finger pointing and accusing, and try to get a step ahead of the real villains.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Criminal Identity Theft?

Identity theft gets all kinds of buzz in the news. It’s not hard to see why—in 2012, over 16.6 million Americans were victims of identity theft. What most people don’t know is that identity theft is much more than just stealing your credit card number. In other posts, I discussed how thieves use your identity to get free healthcare or your child’s identity to apply for credit. Today, I want to introduce you to another kind of identity theft—criminal identity theft—where the criminal uses your identity to make you look like the criminal.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Criminal identity theft involves impersonation and it’s the worst kind of identity theft and the hardest to clean up. You don’t want to end up like Jason Bateman’s character Sandy Patterson, in the movie Identity Thief, where his identity was stolen and used by another individual and he finds out because he owes a bunch of money and has a warrant out for his arrest.

Basically, a thief takes over your identity and assumes it as his or her own. But instead of using your identity to access your bank account or apply for a credit card, the thief uses your identity to commit crimes and get off scot-free.. How? They can give your personal information (like your name, identification number, or date of birth) to law enforcement officials during an investigation or an arrest. They could also use your information to create fake identification for themselves.

Criminal identity theft can lead to a very nasty headache for you. A thief could get caught for a traffic violation or a misdemeanor and sign the citation with your name. Then you get stuck paying those annoying fees and fines. If a thief uses your name when getting arrested for a crime, you could end up with a criminal record, which could affect your ability to get a job or buy property. Another case is when the thief commits a crime using your identity, and then a warrant is issued for your arrest.  But instead of looking for the criminal, they are looking for you—you could have a warrant out for your arrest and not even know it!

Criminal identity theft can have some pretty drastic consequences. Here’s some ways to protect yourself from this dastardly form of identity theft:

  • Shred all sensitive documents. This can prevent thieves from getting their hands on your personal information.
  • Report missing identification cards. Most criminal identity thieves get your information from stealing your driver’s license or other personally identifiable information (PII) like Social Security numbers or Identification cards. If you report a missing driver license, your state might flag your license number and in the event that another driver is pulled over by law enforcement and presents your license as their own they could be questioned for further information
  • Get a background check on yourself. If you feel like someone may be impersonating you, get a background check done. This can be done via online services or by a private investigator.
  • Check State and National criminal databases. Search your name in criminal databases like the FBI’s National Crime Information Center (NCIC) database to see if you have a criminal record.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

2 Ways to Prevent Military Identity Theft

You’d think that servicemen and women would be better protected than civilians from identity theft, but their risk is higher, since their Social Security numbers are used so often and also abroad. In Iraq, it’s painted on their laundry bags!

2DOhio wants to introduce a bill to stifle military ID theft.

When a military individual has damaged credit and accumulated debt, they are subjected to disciplinary action. ID theft can delay or cancel a military person’s deployment and lead to revocation of security clearances.

The FTC says that ID theft among service individuals is on the rise. Last year, 22,000 filed complaints of ID theft. In Ohio, this crime jumped 20 percent between 2012 and 2013.

The proposed Ohio bill would raise the penalties for ID theft against active-duty members and their spouses. The bill would also allow the victims to file civil actions against the thieves.

New Jersey is also considering a bill that would increase the penalty for ID theft of veterans. New York and Illinois have already passed stronger penalties. North Carolina bans the release of military discharge documents.

All along, the SSN was printed on a service member’s military ID card, which was used all over the place. In 2008, the Department of Defense began removing the numbers. In 2012, they implemented removal of the SSNs from the card barcodes. These changes won’t be completed till 2017.

What can military personnel do to protect against ID theft?

Two things that service members can do is get active duty alerts and security freezes, but it would be simpler to use these tools one at a time.

The active duty alert, which is free, is done one year at a time after contacting one credit bureau. You can remove this at any time.

The security freeze, once in place, is indefinite unless you decide to remove it. It requires contacting three credit bureaus and is free online to North Carolina residents.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

3 Stupid Simple Tips to protect your Identity

For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. He doesn’t have your smartphone. So he’s at a dead-end.

The two-factor authentication means you’ll get a text message containing a six-digit number that’s required to log into your account from someplace in public or elsewhere. This will surely make a hacker quickly give up. You should use banks and e-mail providers that offer two-factor. Two factor in various forms is available on Gmail, iCloud, PayPal, Twitter, Facebook and many other sites.

Don’t recycle passwords. If the service for one of your accounts gets hacked, the exposed passwords will end up in the hands of hackers, who will invariably try those passwords on other sites. If you use this same password for your banker, medical health plan and Facebook…that’s three more places your private information will be invaded.

And in line with this concept of never reusing passwords, don’t make your multiple passwords sound schemed (e.g., Corrie1979, Corry1979, Corree1979) for your various accounts, because a hacker’s penetration tools may figure them out.

Use a password manager. With a password manager, you’ll no longer be able to claim not being able to remember passwords or “figure out” how to create a strong password as excuses for having weak, highly crackable passwords. You’ll only need to know the master password. All of your other passwords will be encrypted, penetrable only with the master password.

A password manager will generate strong passwords for you as well as conduct an audit of your existing passwords.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Identity thieves bombarding Call Centers

One out of 2,900 seems very small, but when there’s a total of 105 million…then this percentage stacks up in the end. It represents the frequency of calls from fraudsters made to call centers in an attempt to get customer account details so they could steal.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Many times these crooks will succeed by conning phone operators into altering personal details. The thieves will then commit ID theft, gaining access to customer information and even changing customer contact information so that the victims cannot receive alerts.

These clever cons spoofed their phone numbers to avoid detection, and used software to alter their voices, even the gender sound.

Research into the 105 million calls also unveiled that the fraudsters keyed in stolen Social Security numbers in succession until they got a bull’s-eye: a valid entry for an unnamed bank. They then tricked the victim into revealing personal data.

One expert says that if contact phone channels were monitored, this could predict criminal behavior two weeks prior to actual attacks. Many companies also believe that most attacks result from malware rather than social engineering: the tricking of victims into revealing sensitive data. The targets include the staff of the call centers, who are often conned into allowing these smooth-talking worms to get under any door.

When businesses focus on the theory that most of these problems are from malicious software, this opens up a huge door for the fraudsters to swagger their way in.

The crooks’ job is made even easier when companies assign fraud detection to a department that fails to effectively communicate with other departments.

Consumers would be smart to check in with various credit card and bank accounts “posing” as themselves to see just how easy or difficult it might be to gain access with what kind of “easy to guess” or ”easily found on social” information/questions that may be used to authenticate the caller. Then change those “out of wallet” or “knowledge based questions”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Identity proofing proves who You are

Identity proofing is proof of whom you are. Proving one’s identity starts with that person answering questions that only they themselves can answer (even if the answers are fictitious), such as their favorite movie, mother’s maiden name or name of their high school. Since most people provide real answers (that can be found online) rather than “Pointy Ear Vulcan Science Academy” as the name of their high school, this technique is on its way to the dogs.

8DMichael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

New Jersey suffered one of the biggest unemployment frauds, and to date, has identified over 300,000 people who attempted to fraudulently collect benefits via ID theft, among other improper schemes but also honest errors. However, New Jersey is turning things around.

It’s the only state that’s used identity proofing to fight unemployment benefit fraud, which mandates that job applicants verify a number of personal details through a quiz on New Jersey’s labor department’s website.

The use of billions of public records, collected by LexisNexis, verifies the details, to filter out imposters seeking unemployment benefits. The idea is for honest people to provide answers to questions: information that crooks can’t extract from googling.

This approach has rewarded New Jersey well, with nearly 650 cases of potential ID theft prevented. The state has also saved $65 million since May 2012 after blocking foreign IP addresses from gaining access to its unemployment system. Other states are following suit.

Improper payments (including for jobless benefits) have been occurring for years. Over $176 million in grants, to stop this problem, was issued by Washington in 2013 to 40 states. The errors in unemployment benefits payments on a national level have been about 10 percent for the past 10 years.

Businesses and government frequently must take the brunt of the fraud and waste despite an unemployment insurance system in place.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

15 ways to prevent Travel related Identity Theft

See if you’ve been employing the safeguards below to protect your identity while traveling.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813#1 Put snail mail on hold.

Crooks love to scavenge through overflowing mail boxes to seek out personal information to steal an identity. Prevent this by arranging the postal service to put a stop on your mail.

#2 Clean up, thin out.

It’s been said that the laws of physics are defied when a woman empties her purse. Before traveling, dump out anything and everything: drug prescriptions, old memos, business cards, even expired documents. A thief could use this information to steal your identity.

#3 Be cautious with public computers.

A public computer is a very fertile area for identity theft, and this includes the computer in your hotel’s lobby. Never save passwords or use the auto-save function for forms. When you’re done, delete the search history. Never visit your financial institutions’ sites either.

#4 Wireless means watch out.

Free public Wi-Fi means anyone can snatch your personal information out of the air because this kind of Wi-Fi does not include encryption (which scrambles data). Use Hotspot Shield on your PC, Mac, tablet and mobile to encrypt your wireless communications.

The ability to snag your private information requires only a basic knowledge of computers plus a simple plugin, and voila—this person can spy on your browser activities. Try to use only WEP, WPA and WPA2 networks. Otherwise, visit only secure websites (they have the “https” in their address).

#5 Keep your phone number private.

Other than giving it to reps for your airline and hotel reservations, keep it to yourself. If it gets out, a fraudster could use it to pull phone scams on you.

#6 Protect your smartphone.

If your mobile device is loaded with personal information, it should have a home-screen-locking password. This can even be a fingerprint scan, depending on the model. Androids need antivirus the same as PCs do.

#7 Beware of ATMs.

ATMs can be fake or skimmers can be installed. A phony ATM kiosk can be set up on a street corner, beckoning for you. You swipe your card, and your card information is stored for later pickup by the thief who put the kiosk there.

If you must use an ATM, use a bank’s during regular business hours. Protect yourself from skimmers by blocking the keypad with your other hand as you enter your PIN. But still check your statements because keypad overlays can be installed too. Shred receipts immediately.

#8 Pay with cash.

Though stolen cash can’t be replaced, it also won’t lead to identity theft. Limit credit card use to secure payment systems found at major retail outlets and airports. Be suspicious of clerks who want to leave your visual range to swipe your credit card. And just plain don’t use a debit card when traveling.

#9 Don’t use your passport for ID.

Instead use your driver’s license or international ID. If you rely only on a passport and it gets stolen, you’ll end up in a bind you’ll never forget. Have backups of both scanned and available online.

#10 Hotel scams

Never give out private information over your hotel room’s phone, even if the caller says they’re from the front desk and need to straighten something out. Instead, deal with them at the front desk so you know it’s not a scam.

#11 Lock up valuables.

This doesn’t just mean jewelry, but use your hotel room’s safe to lock up passports, airline information, credit cards, cash and electronic gadgets unless you’re using them. Better yet, take them with you, or better still only travel with valuables you absolutely need.

#12 Review credit card statements.

Check your statements every month for unauthorized charges so that they don’t pile up.

#13 Encrypt laptop/mobile data.

When traveling with digital devices make sure to use encryption software that makes your data useless to a thief.

#14 Install tracking software.

Mobile devices should have a lock/locate/wipe software that does just that in the even your device goes mobile without you.

#15 Get identity theft protection

Both identity theft protection and a credit freeze should be used by everyone traveling or not.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.